From sle-security-updates at lists.suse.com Tue Jan 2 04:09:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Jan 2018 12:09:58 +0100 (CET) Subject: SUSE-SU-2018:0002-1: moderate: Security update for nodejs4 Message-ID: <20180102110958.2C2E0FD06@maintenance.suse.de> SUSE Security Update: Security update for nodejs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0002-1 Rating: moderate References: #1056058 #1066242 #1072322 Cross-References: CVE-2017-14919 CVE-2017-15896 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes: - Update to release 4.8.7 (bsc#1072322): * https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ * https://nodejs.org/en/blog/release/v4.8.7/ * https://nodejs.org/en/blog/release/v4.8.6/ * https://nodejs.org/en/blog/release/v4.8.5/ Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-2=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le x86_64): nodejs4-4.8.7-15.8.1 nodejs4-debuginfo-4.8.7-15.8.1 nodejs4-debugsource-4.8.7-15.8.1 nodejs4-devel-4.8.7-15.8.1 npm4-4.8.7-15.8.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs4-docs-4.8.7-15.8.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): nodejs4-4.8.7-15.8.1 nodejs4-debuginfo-4.8.7-15.8.1 nodejs4-debugsource-4.8.7-15.8.1 References: https://www.suse.com/security/cve/CVE-2017-14919.html https://www.suse.com/security/cve/CVE-2017-15896.html https://www.suse.com/security/cve/CVE-2017-3735.html https://www.suse.com/security/cve/CVE-2017-3736.html https://www.suse.com/security/cve/CVE-2017-3738.html https://bugzilla.suse.com/1056058 https://bugzilla.suse.com/1066242 https://bugzilla.suse.com/1072322 From sle-security-updates at lists.suse.com Tue Jan 2 04:10:54 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Jan 2018 12:10:54 +0100 (CET) Subject: SUSE-SU-2018:0003-1: moderate: Security update for php53 Message-ID: <20180102111054.71085FD06@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0003-1 Rating: moderate References: #1067441 #1069606 #1069631 Cross-References: CVE-2017-16642 CVE-2017-9228 CVE-2017-9229 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php53 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-13389=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-13389=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-13389=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-112.10.1 php53-imap-5.3.17-112.10.1 php53-posix-5.3.17-112.10.1 php53-readline-5.3.17-112.10.1 php53-sockets-5.3.17-112.10.1 php53-sqlite-5.3.17-112.10.1 php53-tidy-5.3.17-112.10.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.10.1 php53-5.3.17-112.10.1 php53-bcmath-5.3.17-112.10.1 php53-bz2-5.3.17-112.10.1 php53-calendar-5.3.17-112.10.1 php53-ctype-5.3.17-112.10.1 php53-curl-5.3.17-112.10.1 php53-dba-5.3.17-112.10.1 php53-dom-5.3.17-112.10.1 php53-exif-5.3.17-112.10.1 php53-fastcgi-5.3.17-112.10.1 php53-fileinfo-5.3.17-112.10.1 php53-ftp-5.3.17-112.10.1 php53-gd-5.3.17-112.10.1 php53-gettext-5.3.17-112.10.1 php53-gmp-5.3.17-112.10.1 php53-iconv-5.3.17-112.10.1 php53-intl-5.3.17-112.10.1 php53-json-5.3.17-112.10.1 php53-ldap-5.3.17-112.10.1 php53-mbstring-5.3.17-112.10.1 php53-mcrypt-5.3.17-112.10.1 php53-mysql-5.3.17-112.10.1 php53-odbc-5.3.17-112.10.1 php53-openssl-5.3.17-112.10.1 php53-pcntl-5.3.17-112.10.1 php53-pdo-5.3.17-112.10.1 php53-pear-5.3.17-112.10.1 php53-pgsql-5.3.17-112.10.1 php53-pspell-5.3.17-112.10.1 php53-shmop-5.3.17-112.10.1 php53-snmp-5.3.17-112.10.1 php53-soap-5.3.17-112.10.1 php53-suhosin-5.3.17-112.10.1 php53-sysvmsg-5.3.17-112.10.1 php53-sysvsem-5.3.17-112.10.1 php53-sysvshm-5.3.17-112.10.1 php53-tokenizer-5.3.17-112.10.1 php53-wddx-5.3.17-112.10.1 php53-xmlreader-5.3.17-112.10.1 php53-xmlrpc-5.3.17-112.10.1 php53-xmlwriter-5.3.17-112.10.1 php53-xsl-5.3.17-112.10.1 php53-zip-5.3.17-112.10.1 php53-zlib-5.3.17-112.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.10.1 php53-debugsource-5.3.17-112.10.1 References: https://www.suse.com/security/cve/CVE-2017-16642.html https://www.suse.com/security/cve/CVE-2017-9228.html https://www.suse.com/security/cve/CVE-2017-9229.html https://bugzilla.suse.com/1067441 https://bugzilla.suse.com/1069606 https://bugzilla.suse.com/1069631 From sle-security-updates at lists.suse.com Wed Jan 3 19:07:16 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 03:07:16 +0100 (CET) Subject: SUSE-SU-2018:0006-1: important: Security update for ucode-intel Message-ID: <20180104020716.D3E8CFD06@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0006-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ucode-intel fixes the following issues: The CPU microcode for Haswell-X, Skylake-X and Broadwell-X chipsets was updated to report both branch prediction control via CPUID flag and ability to control branch prediction via an MSR register. This update is part of a mitigation for a branch predictor based information disclosure attack, and needs additional code in the Linux Kernel to be active (bsc#1068032 CVE-2017-5715) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-7=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-7=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-7=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-7=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-7=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-7=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-7=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-7=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ucode-intel-20170707-13.8.1 ucode-intel-debuginfo-20170707-13.8.1 ucode-intel-debugsource-20170707-13.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20170707-13.8.1 ucode-intel-debuginfo-20170707-13.8.1 ucode-intel-debugsource-20170707-13.8.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20170707-13.8.1 ucode-intel-debuginfo-20170707-13.8.1 ucode-intel-debugsource-20170707-13.8.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): ucode-intel-20170707-13.8.1 ucode-intel-debuginfo-20170707-13.8.1 ucode-intel-debugsource-20170707-13.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20170707-13.8.1 ucode-intel-debuginfo-20170707-13.8.1 ucode-intel-debugsource-20170707-13.8.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20170707-13.8.1 ucode-intel-debuginfo-20170707-13.8.1 ucode-intel-debugsource-20170707-13.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20170707-13.8.1 ucode-intel-debuginfo-20170707-13.8.1 ucode-intel-debugsource-20170707-13.8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ucode-intel-20170707-13.8.1 ucode-intel-debuginfo-20170707-13.8.1 ucode-intel-debugsource-20170707-13.8.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Wed Jan 3 19:07:43 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 03:07:43 +0100 (CET) Subject: SUSE-SU-2018:0007-1: important: Security update for qemu Message-ID: <20180104020743.67A17FD0E@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0007-1 Rating: important References: #1052825 #1068032 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for qemu fixes the following issues: A new feature was added: - Support EPYC vCPU type (bsc#1052825 fate#324038) Also a mitigation for a security problem has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-9=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-9=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-9=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): qemu-2.9.1-6.9.2 qemu-block-curl-2.9.1-6.9.2 qemu-block-curl-debuginfo-2.9.1-6.9.2 qemu-block-iscsi-2.9.1-6.9.2 qemu-block-iscsi-debuginfo-2.9.1-6.9.2 qemu-block-ssh-2.9.1-6.9.2 qemu-block-ssh-debuginfo-2.9.1-6.9.2 qemu-debugsource-2.9.1-6.9.2 qemu-guest-agent-2.9.1-6.9.2 qemu-guest-agent-debuginfo-2.9.1-6.9.2 qemu-lang-2.9.1-6.9.2 qemu-tools-2.9.1-6.9.2 qemu-tools-debuginfo-2.9.1-6.9.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): qemu-block-rbd-2.9.1-6.9.2 qemu-block-rbd-debuginfo-2.9.1-6.9.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): qemu-kvm-2.9.1-6.9.2 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): qemu-ppc-2.9.1-6.9.2 qemu-ppc-debuginfo-2.9.1-6.9.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64): qemu-arm-2.9.1-6.9.2 qemu-arm-debuginfo-2.9.1-6.9.2 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ipxe-1.0.0-6.9.2 qemu-seabios-1.10.2-6.9.2 qemu-sgabios-8-6.9.2 qemu-vgabios-1.10.2-6.9.2 - SUSE Linux Enterprise Server 12-SP3 (x86_64): qemu-x86-2.9.1-6.9.2 - SUSE Linux Enterprise Server 12-SP3 (s390x): qemu-s390-2.9.1-6.9.2 qemu-s390-debuginfo-2.9.1-6.9.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): qemu-ipxe-1.0.0-6.9.2 qemu-seabios-1.10.2-6.9.2 qemu-sgabios-8-6.9.2 qemu-vgabios-1.10.2-6.9.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): qemu-2.9.1-6.9.2 qemu-block-curl-2.9.1-6.9.2 qemu-block-curl-debuginfo-2.9.1-6.9.2 qemu-debugsource-2.9.1-6.9.2 qemu-kvm-2.9.1-6.9.2 qemu-tools-2.9.1-6.9.2 qemu-tools-debuginfo-2.9.1-6.9.2 qemu-x86-2.9.1-6.9.2 - SUSE Container as a Service Platform ALL (x86_64): qemu-debugsource-2.9.1-6.9.2 qemu-guest-agent-2.9.1-6.9.2 qemu-guest-agent-debuginfo-2.9.1-6.9.2 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1052825 https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Wed Jan 3 19:08:15 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 03:08:15 +0100 (CET) Subject: SUSE-SU-2018:0008-1: important: Security update for kernel-firmware Message-ID: <20180104020815.E4555FD06@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0008-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: - Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715) This new firmware disables branch prediction on AMD family 17h processor to mitigate a attack on the branch predictor that could lead to information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-8=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-8=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-8=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-8=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-8=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-8=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-firmware-20170530-21.16.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-firmware-20170530-21.16.1 ucode-amd-20170530-21.16.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-firmware-20170530-21.16.1 ucode-amd-20170530-21.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-firmware-20170530-21.16.1 ucode-amd-20170530-21.16.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-firmware-20170530-21.16.1 ucode-amd-20170530-21.16.1 - SUSE Container as a Service Platform ALL (noarch): kernel-firmware-20170530-21.16.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Wed Jan 3 22:08:51 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 06:08:51 +0100 (CET) Subject: SUSE-SU-2018:0009-1: important: Security update for microcode_ctl Message-ID: <20180104050851.36A20FD06@maintenance.suse.de> SUSE Security Update: Security update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0009-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for microcode_ctl fixes the following issues: Added microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715) This new firmware disables branch prediction on AMD family 17h processor. Also the CPU microcode for Intel Haswell-X, Skylake-X and Broadwell-X chipsets was updated to report both branch prediction control via CPUID flag and ability to control branch prediction via an MSR register. This update is part of a mitigation for a branch predictor based information disclosure attack, and needs additional code in the Linux Kernel to be active (bsc#1068032 CVE-2017-5715) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-microcode_ctl-13390=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-microcode_ctl-13390=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-microcode_ctl-13390=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): microcode_ctl-1.17-102.83.6.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): microcode_ctl-1.17-102.83.6.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): microcode_ctl-1.17-102.83.6.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Thu Jan 4 04:09:27 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 12:09:27 +0100 (CET) Subject: SUSE-SU-2018:0010-1: important: Security update for the Linux Kernel Message-ID: <20180104110927.812B2FD06@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0010-1 Rating: important References: #1005778 #1005780 #1005781 #1012382 #1017967 #1039616 #1047487 #1063043 #1064311 #1065180 #1068032 #1068951 #1070116 #1071009 #1072166 #1072216 #1072556 #1072866 #1072890 #1072962 #1073090 #1073525 #1073792 #1073809 #1073868 #1073874 #1073912 #963897 #964063 #966170 #966172 Cross-References: CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 26 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / "SpectreAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor for available firmware or BIOS updates. As this feature can have a performance impact, it can be disabled using the "nospec" kernel commandline option. - CVE-2017-5754 / "MeltdownAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation" and "PTI" / "Page Table Isolation". This is only enabled by default on affected architectures. This feature can be enabled / disabled by the "pti=[on|off|auto]" or "nopti" commandline options. The following security bugs were fixed: - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The following non-security bugs were fixed: - Add undefine _unique_build_ids (bsc#964063) - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556). - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032). - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180). - bnxt_en: Do not print "Link speed -1 no longer supported" messages (bsc#1070116). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - carl9170: prevent speculative execution (bnc#1068032). - ceph: drop negative child dentries before try pruning inode's alias (bsc#1073525). - Check cmdline_find_option() retval properly and use boot_cpu_has(). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009). - cw1200: prevent speculative execution (bnc#1068032). - e1000e: Fix e1000_check_for_copper_link_ich8lan return value (bsc#1073809). - Fix unsed variable warning in has_unmovable_pages (bsc#1073868). - fs: prevent speculative execution (bnc#1068032). - genwqe: Take R/W permissions into account when dealing with memory pages (bsc#1073090). - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912). - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912). - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (bsc#1073912). - ipv6: prevent speculative execution (bnc#1068032). - iw_cxgb4: fix misuse of integer variable (bsc#963897,FATE#320114). - iw_cxgb4: only insert drain cqes if wq is flushed (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - kaiser: add "nokaiser" boot option, using ALTERNATIVE. - kaiser: align addition to x86/mm/Makefile. - kaiser: asm/tlbflush.h handle noPGE at lower level. - kaiser: cleanups while trying for gold link. - kaiser: disabled on Xen PV. - kaiser: do not set _PAGE_NX on pgd_none. - kaiser: drop is_atomic arg to kaiser_pagetable_walk(). - kaiser: enhanced by kernel and user PCIDs. - kaiser: ENOMEM if kaiser_pagetable_walk() NULL. - kaiser: fix build and FIXME in alloc_ldt_struct(). - kaiser: fix perf crashes. - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER. - kaiser: fix unlikely error in alloc_ldt_struct(). - kaiser: KAISER depends on SMP. - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID. - kaiser: kaiser_remove_mapping() move along the pgd. - kaiser: Kernel Address Isolation. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user. - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET. - kaiser: paranoid_entry pass cr3 need to paranoid_exit. - kaiser: PCID 0 for kernel and 128 for user. - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls. - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE. - kaiser: tidied up asm/kaiser.h somewhat. - kaiser: tidied up kaiser_add/remove_mapping slightly. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: vmstat show NR_KAISERTABLE as nr_overhead. - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user. - kvm: svm: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032). - net/mlx5e: DCBNL, Implement tc with ets type and zero bandwidth (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: mpls: prevent speculative execution (bnc#1068032). - nfs: revalidate "." etc correctly on "open" (bsc#1068951). - nfs: revalidate "." etc correctly on "open" (git-fixes). Fix References: tag. - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951). - nvme-fabrics: introduce init command check for a queue that is not alive (bsc#1072890). - nvme-fc: check if queue is ready in queue_rq (bsc#1072890). - nvme-fc: do not use bit masks for set/test_bit() numbers (bsc#1072890). - nvme-loop: check if queue is ready in queue_rq (bsc#1072890). - nvmet-fc: cleanup nvmet add_port/remove_port (bsc#1072890). - nvmet_fc: correct broken add_port (bsc#1072890). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qla2xxx: prevent speculative execution (bnc#1068032). - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives (bsc#1068032). - s390/qeth: add missing hash table initializations (bnc#1072216, LTC#162173). - s390/qeth: fix early exit from error path (bnc#1072216, LTC#162173). - s390/qeth: fix thinko in IPv4 multicast address tracking (bnc#1072216, LTC#162173). - s390/spinlock: add gmb memory barrier (bsc#1068032). - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (bsc#1068032). - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (bsc#1068032). - scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1064311). - scsi: lpfc: correct sg_seg_cnt attribute min vs default (bsc#1072166). - scsi: qedi: Limit number for CQ queues (bsc#1072866). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return "Illegal Request - Logical unit not supported" and processing should leave the timeout loop in this case. - scsi: ses: check return code from ses_recv_diag() (bsc#1039616). - scsi: ses: Fixup error message 'failed to get diagnostic page 0xffffffea' (bsc#1039616). - scsi: ses: Fix wrong page error (bsc#1039616). - scsi: ses: make page2 support optional (bsc#1039616). - sfc: pass valid pointers from efx_enqueue_unwind (bsc#1017967 FATE#321663). - thermal/int340x: prevent speculative execution (bnc#1068032). - udf: prevent speculative execution (bnc#1068032). - Update config files: enable KAISER. - usb: host: fix incorrect updating of offset (bsc#1047487). - userns: prevent speculative execution (bnc#1068032). - uvcvideo: prevent speculative execution (bnc#1068032). - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962). - x86/boot: Add early cmdline parsing for options with arguments. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: Reenable PARAVIRT. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032). - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032). - x86/mm: Add INVPCID helpers (bsc#1068032). - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032). - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032). - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032). - x86/mm: Fix INVPCID asm constraint (bsc#1068032). - x86/mm: If INVPCID is available, use it to flush global mappings (bsc#1068032). - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032). - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (bsc#1068032). - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (bsc#1068032). - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032). - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add "nospec" chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-12=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-12=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-12=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-12=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-12=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-12=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-12=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): kernel-default-debuginfo-4.4.103-6.38.1 kernel-default-debugsource-4.4.103-6.38.1 kernel-default-extra-4.4.103-6.38.1 kernel-default-extra-debuginfo-4.4.103-6.38.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.103-6.38.1 kernel-obs-build-debugsource-4.4.103-6.38.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.103-6.38.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.103-6.38.1 kernel-default-base-4.4.103-6.38.1 kernel-default-base-debuginfo-4.4.103-6.38.1 kernel-default-debuginfo-4.4.103-6.38.1 kernel-default-debugsource-4.4.103-6.38.1 kernel-default-devel-4.4.103-6.38.1 kernel-syms-4.4.103-6.38.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.103-6.38.1 kernel-macros-4.4.103-6.38.1 kernel-source-4.4.103-6.38.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-man-4.4.103-6.38.1 - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_103-6_38-default-1-4.5.1 kgraft-patch-4_4_103-6_38-default-debuginfo-1-4.5.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.103-6.38.1 cluster-md-kmp-default-debuginfo-4.4.103-6.38.1 dlm-kmp-default-4.4.103-6.38.1 dlm-kmp-default-debuginfo-4.4.103-6.38.1 gfs2-kmp-default-4.4.103-6.38.1 gfs2-kmp-default-debuginfo-4.4.103-6.38.1 kernel-default-debuginfo-4.4.103-6.38.1 kernel-default-debugsource-4.4.103-6.38.1 ocfs2-kmp-default-4.4.103-6.38.1 ocfs2-kmp-default-debuginfo-4.4.103-6.38.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-devel-4.4.103-6.38.1 kernel-macros-4.4.103-6.38.1 kernel-source-4.4.103-6.38.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kernel-default-4.4.103-6.38.1 kernel-default-debuginfo-4.4.103-6.38.1 kernel-default-debugsource-4.4.103-6.38.1 kernel-default-devel-4.4.103-6.38.1 kernel-default-extra-4.4.103-6.38.1 kernel-default-extra-debuginfo-4.4.103-6.38.1 kernel-syms-4.4.103-6.38.1 - SUSE Container as a Service Platform ALL (x86_64): kernel-default-4.4.103-6.38.1 kernel-default-debuginfo-4.4.103-6.38.1 kernel-default-debugsource-4.4.103-6.38.1 References: https://www.suse.com/security/cve/CVE-2017-17805.html https://www.suse.com/security/cve/CVE-2017-17806.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://bugzilla.suse.com/1005778 https://bugzilla.suse.com/1005780 https://bugzilla.suse.com/1005781 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1017967 https://bugzilla.suse.com/1039616 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1063043 https://bugzilla.suse.com/1064311 https://bugzilla.suse.com/1065180 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068951 https://bugzilla.suse.com/1070116 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1072166 https://bugzilla.suse.com/1072216 https://bugzilla.suse.com/1072556 https://bugzilla.suse.com/1072866 https://bugzilla.suse.com/1072890 https://bugzilla.suse.com/1072962 https://bugzilla.suse.com/1073090 https://bugzilla.suse.com/1073525 https://bugzilla.suse.com/1073792 https://bugzilla.suse.com/1073809 https://bugzilla.suse.com/1073868 https://bugzilla.suse.com/1073874 https://bugzilla.suse.com/1073912 https://bugzilla.suse.com/963897 https://bugzilla.suse.com/964063 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 From sle-security-updates at lists.suse.com Thu Jan 4 04:14:53 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 12:14:53 +0100 (CET) Subject: SUSE-SU-2018:0011-1: important: Security update for the Linux Kernel Message-ID: <20180104111453.15C86FD06@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0011-1 Rating: important References: #1013018 #1024612 #1034862 #1045479 #1045538 #1047487 #1048185 #1050231 #1050431 #1056982 #1063043 #1065180 #1065600 #1066569 #1066693 #1066973 #1068032 #1068671 #1068984 #1069702 #1070771 #1070964 #1071074 #1071470 #1071695 #1072457 #1072561 #1072876 #1073792 #1073874 Cross-References: CVE-2017-11600 CVE-2017-13167 CVE-2017-14106 CVE-2017-15115 CVE-2017-15868 CVE-2017-16534 CVE-2017-16538 CVE-2017-16939 CVE-2017-17450 CVE-2017-17558 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7472 CVE-2017-8824 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 13 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. This issue is addressed for the x86_64, the IBM Power and IBM zSeries architecture. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. This is done with help of Linux Kernel fixes on the Intel/AMD x86_64 and IBM zSeries architectures. On x86_64, this requires also updates of the CPU microcode packages, delivered in seperate updates. For IBM Power and zSeries the required firmware updates are supplied over regular channels by IBM. As this feature can have a performance impact, it can be disabled using the "nospec" kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation" and "PTI" / "Page Table Isolation". This update does this on the Intel x86_64 and IBM Power architecture. Updates are also necessary for the ARM architecture, but will be delivered in the next round of updates. This feature can be enabled / disabled by the "pti=[on|off|auto]" or "nopti" commandline options. The following security bugs were fixed: - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer. (bnc#1072876). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-7472: The KEYS subsystem in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). The following non-security bugs were fixed: - adm80211: return an error if adm8211_alloc_rings() fails (bsc#1048185). - autofs: fix careless error in recent commit (bsc#1065180). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - carl9170: prevent speculative execution (bnc#1068032). - ecryptfs: fix dereference of NULL user_key_payload (bsc#1013018). - eCryptfs: use after free in ecryptfs_release_messaging() (bsc#1013018). - fs/9p: Compare qid.path in v9fs_test_inode (bsc#1013018). - fs: prevent speculative execution (bnc#1068032). - isa: Prevent NULL dereference in isa_bus driver callbacks (bsc#1045538). - kabi: silence spurious kabi error in net/sctp/socket.c (bsc#1068671). - kaiser: add "nokaiser" boot option, using ALTERNATIVE. - kaiser: fix ldt freeing. - kaiser: Kernel Address Isolation. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: work around kABI. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - media: cx231xx-cards: fix NULL-deref at probe (bsc#1050431). - mm/madvise.c: fix madvise() infinite loop under special circumstances (bnc#1070964). - mm/mmu_context, sched/core: Fix mmu_context.h assumption. - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qeth: check not more than 16 SBALEs on the completion queue (bnc#1072457, LTC#148203). - s390: add ppa to system call and program check path (bsc#1068032). - s390/disassembler: correct disassembly lines alignment (bnc#1066973, LTC#161577). - s390/disassembler: increase show_code buffer size (bnc#1066973, LTC#161577). - s390: fix transactional execution control register handling (bnc#1072457, LTC#162116). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier. - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler. - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off(). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return "Illegal Request - Logical unit not supported" and processing should leave the timeout loop in this case. - scsi: zfcp: fix erp_action use-before-initialize in REC action trace (bnc#1066973, LTC#160081). - temporary fix (bsc#1068032). - udf: prevent speculative execution (bnc#1068032). - usb: host: fix incorrect updating of offset (bsc#1047487). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - uvcvideo: prevent speculative execution (bnc#1068032). - video: udlfb: Fix read EDID timeout (bsc#1045538). - watchdog: hpwdt: add support for iLO5 (bsc#1024612). - watchdog/hpwdt: Check source of NMI (bsc#1024612). - x86-64: Give vvars their own page. - x86-64: Map the HPET NX. - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add instruction padding. - x86/alternatives: Cleanup DPRINTK macro. - x86/alternatives: Make JMPs more robust. - x86/alternatives: Use optimized NOPs for padding. - x86/boot: Add early cmdline parsing for options with arguments. - x86, boot: Carve out early cmdline parsing function. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: disable vmstat accounting. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: propagate info to /proc/cpuinfo. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86: Make alternative instruction pointers relative. - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE. - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID. - x86/mm: Add INVPCID helpers. - x86/mm: Add the 'nopcid' boot option to turn off PCID. - x86/mm: Build arch/x86/mm/tlb.c even on !SMP. - x86/mm: Disable PCID on 32-bit kernels. - x86/mm: Enable CR4.PCIDE on supported systems. - x86/mm: fix bad backport to disable PCID on Xen. - x86/mm: Fix INVPCID asm constraint. - x86/mm: If INVPCID is available, use it to flush global mappings. - x86/mm/kaiser: re-enable vsyscalls. - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - x86/mm, sched/core: Turn off IRQs in switch_mm(). - x86/mm, sched/core: Uninline switch_mm(). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add "nospec" chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). - xen/kaiser: add "nokaiser" boot option, using ALTERNATIVE. - xen/KAISER: Kernel Address Isolation. - xen/kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - xen/kaiser: work around kABI. - xen/x86-64: Give vvars their own page. - xen/x86-64: Map the HPET NX. - xen/x86/alternatives: Add instruction padding. - xen/x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - xen/x86/mm: Enable CR4.PCIDE on supported systems. - xen/x86/mm/kaiser: re-enable vsyscalls. - xen/x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - xen: x86/mm, sched/core: Turn off IRQs in switch_mm(). - xen: x86/mm, sched/core: Uninline switch_mm(). - zd1211rw: fix NULL-deref at probe (bsc#1045479). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-20180109-13391=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-20180109-13391=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20180109-13391=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-20180109-13391=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-108.21.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-108.21.1 kernel-default-base-3.0.101-108.21.1 kernel-default-devel-3.0.101-108.21.1 kernel-source-3.0.101-108.21.1 kernel-syms-3.0.101-108.21.1 kernel-trace-3.0.101-108.21.1 kernel-trace-base-3.0.101-108.21.1 kernel-trace-devel-3.0.101-108.21.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-108.21.1 kernel-ec2-base-3.0.101-108.21.1 kernel-ec2-devel-3.0.101-108.21.1 kernel-xen-3.0.101-108.21.1 kernel-xen-base-3.0.101-108.21.1 kernel-xen-devel-3.0.101-108.21.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-bigmem-3.0.101-108.21.1 kernel-bigmem-base-3.0.101-108.21.1 kernel-bigmem-devel-3.0.101-108.21.1 kernel-ppc64-3.0.101-108.21.1 kernel-ppc64-base-3.0.101-108.21.1 kernel-ppc64-devel-3.0.101-108.21.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-108.21.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-108.21.1 kernel-pae-base-3.0.101-108.21.1 kernel-pae-devel-3.0.101-108.21.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.21.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.21.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.21.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.21.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.21.1 kernel-default-debugsource-3.0.101-108.21.1 kernel-trace-debuginfo-3.0.101-108.21.1 kernel-trace-debugsource-3.0.101-108.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.21.1 kernel-trace-devel-debuginfo-3.0.101-108.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.21.1 kernel-ec2-debugsource-3.0.101-108.21.1 kernel-xen-debuginfo-3.0.101-108.21.1 kernel-xen-debugsource-3.0.101-108.21.1 kernel-xen-devel-debuginfo-3.0.101-108.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.21.1 kernel-bigmem-debugsource-3.0.101-108.21.1 kernel-ppc64-debuginfo-3.0.101-108.21.1 kernel-ppc64-debugsource-3.0.101-108.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.21.1 kernel-pae-debugsource-3.0.101-108.21.1 kernel-pae-devel-debuginfo-3.0.101-108.21.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2017-13167.html https://www.suse.com/security/cve/CVE-2017-14106.html https://www.suse.com/security/cve/CVE-2017-15115.html https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16534.html https://www.suse.com/security/cve/CVE-2017-16538.html https://www.suse.com/security/cve/CVE-2017-16939.html https://www.suse.com/security/cve/CVE-2017-17450.html https://www.suse.com/security/cve/CVE-2017-17558.html https://www.suse.com/security/cve/CVE-2017-17805.html https://www.suse.com/security/cve/CVE-2017-17806.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2017-7472.html https://www.suse.com/security/cve/CVE-2017-8824.html https://bugzilla.suse.com/1013018 https://bugzilla.suse.com/1024612 https://bugzilla.suse.com/1034862 https://bugzilla.suse.com/1045479 https://bugzilla.suse.com/1045538 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1048185 https://bugzilla.suse.com/1050231 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1056982 https://bugzilla.suse.com/1063043 https://bugzilla.suse.com/1065180 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066569 https://bugzilla.suse.com/1066693 https://bugzilla.suse.com/1066973 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068671 https://bugzilla.suse.com/1068984 https://bugzilla.suse.com/1069702 https://bugzilla.suse.com/1070771 https://bugzilla.suse.com/1070964 https://bugzilla.suse.com/1071074 https://bugzilla.suse.com/1071470 https://bugzilla.suse.com/1071695 https://bugzilla.suse.com/1072457 https://bugzilla.suse.com/1072561 https://bugzilla.suse.com/1072876 https://bugzilla.suse.com/1073792 https://bugzilla.suse.com/1073874 From sle-security-updates at lists.suse.com Thu Jan 4 04:19:21 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 12:19:21 +0100 (CET) Subject: SUSE-SU-2018:0012-1: important: Security update for the Linux Kernel Message-ID: <20180104111921.7F3B6FD06@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0012-1 Rating: important References: #1012382 #1039616 #1047487 #1063043 #1064311 #1065180 #1068032 #1068951 #1071009 #1072556 #1072962 #1073090 #1073792 #1073809 #1073874 #1073912 #964063 #969470 Cross-References: CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 13 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / "Spec??reAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor on updated firmware or BIOS images regarding this issue. As this feature can have a performance impact, it can be disabled using the "nospec" kernel commandline option. - CVE-2017-5754 / "MeltdownAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation" and "PTI" / "Page Table Isolation". Note that this is only done on affected platforms. This feature can be enabled / disabled by the "pti=[on|off|auto]" or "nopti" commandline options. Also the following unrelated security bugs were fixed: - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The following non-security bugs were fixed: - Add undefine _unique_build_ids (bsc#964063) - Always sign validate_negotiate_info reqs (bsc#1071009, fate#324404). - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556). - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032). - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - carl9170: prevent speculative execution (bnc#1068032). - Check cmdline_find_option() retval properly and use boot_cpu_has(). - cw1200: prevent speculative execution (bnc#1068032). - e1000e: Avoid receiver overrun interrupt bursts (bsc#969470 FATE#319819). - e1000e: Fix e1000_check_for_copper_link_ich8lan return value (bsc#1073809). - Fix leak of validate_negotiate_info resp (bsc#1071009, fate#324404). - Fix NULL pointer deref in SMB2_tcon() (bsc#1071009, fate#324404). - Fix validate_negotiate_info uninitialized mem (bsc#1071009, fate#324404). - fs: prevent speculative execution (bnc#1068032). - genwqe: Take R/W permissions into account when dealing with memory pages (bsc#1073090). - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912). - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912). - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (bsc#1073912). - ipv6: prevent speculative execution (bnc#1068032). - kaiser: add "nokaiser" boot option, using ALTERNATIVE. - kaiser: align addition to x86/mm/Makefile. - kaiser: asm/tlbflush.h handle noPGE at lower level. - kaiser: cleanups while trying for gold link. - kaiser: Disable on Xen PV. - kaiser: do not set _PAGE_NX on pgd_none. - kaiser: drop is_atomic arg to kaiser_pagetable_walk(). - kaiser: enhanced by kernel and user PCIDs. - kaiser: ENOMEM if kaiser_pagetable_walk() NULL. - kaiser: fix build and FIXME in alloc_ldt_struct(). - kaiser: fix perf crashes. - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER. - kaiser: fix unlikely error in alloc_ldt_struct(). - kaiser: KAISER depends on SMP. - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID. - kaiser: kaiser_remove_mapping() move along the pgd. - kaiser: Kernel Address Isolation. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user. - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET. - kaiser: paranoid_entry pass cr3 need to paranoid_exit. - kaiser: PCID 0 for kernel and 128 for user. - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls. - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE. - kaiser: tidied up asm/kaiser.h somewhat. - kaiser: tidied up kaiser_add/remove_mapping slightly. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: vmstat show NR_KAISERTABLE as nr_overhead. - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032). - net: mpls: prevent speculative execution (bnc#1068032). - nfs: revalidate "." etc correctly on "open" (bsc#1068951). - nfs: revalidate "." etc correctly on "open" (git-fixes). Fix References tag. - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qla2xxx: prevent speculative execution (bnc#1068032). - Redo encryption backport to fix pkt signing (bsc#1071009, fate#324404). - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path Signoff the s390 patches. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (bsc#1068032). - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (bsc#1068032). - scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1064311). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return "Illegal Request - Logical unit not supported" and processing should leave the timeout loop in this case. - scsi: ses: check return code from ses_recv_diag() (bsc#1039616). - scsi: ses: Fixup error message 'failed to get diagnostic page 0xffffffea' (bsc#1039616). - scsi: ses: Fix wrong page error (bsc#1039616). - scsi: ses: make page2 support optional (bsc#1039616). - Thermal/int340x: prevent speculative execution (bnc#1068032). - udf: prevent speculative execution (bnc#1068032). - Update config files: enable KAISER. - usb: host: fix incorrect updating of offset (bsc#1047487). - userns: prevent speculative execution (bnc#1068032). - uvcvideo: prevent speculative execution (bnc#1068032). - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962). - x86/boot: Add early cmdline parsing for options with arguments. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: Reenable PARAVIRT. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032). - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032). - x86/mm: Add INVPCID helpers (bsc#1068032). - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032). - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032). - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032). - x86/mm: Fix INVPCID asm constraint (bsc#1068032). - x86/mm: If INVPCID is available, use it to flush global mappings (bsc#1068032). - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032). - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (bsc#1068032). - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (bsc#1068032). - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032). - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add "nospec" chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-11=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-11=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-11=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-11=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2018-11=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-11=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-11=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-11=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.103-92.56.1 kernel-default-debugsource-4.4.103-92.56.1 kernel-default-extra-4.4.103-92.56.1 kernel-default-extra-debuginfo-4.4.103-92.56.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.103-92.56.1 kernel-obs-build-debugsource-4.4.103-92.56.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.103-92.56.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.103-92.56.1 kernel-default-base-4.4.103-92.56.1 kernel-default-base-debuginfo-4.4.103-92.56.1 kernel-default-debuginfo-4.4.103-92.56.1 kernel-default-debugsource-4.4.103-92.56.1 kernel-default-devel-4.4.103-92.56.1 kernel-syms-4.4.103-92.56.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.103-92.56.1 kernel-macros-4.4.103-92.56.1 kernel-source-4.4.103-92.56.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-4.4.103-92.56.1 kernel-default-base-4.4.103-92.56.1 kernel-default-base-debuginfo-4.4.103-92.56.1 kernel-default-debuginfo-4.4.103-92.56.1 kernel-default-debugsource-4.4.103-92.56.1 kernel-default-devel-4.4.103-92.56.1 kernel-syms-4.4.103-92.56.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.103-92.56.1 kernel-macros-4.4.103-92.56.1 kernel-source-4.4.103-92.56.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): kernel-default-man-4.4.103-92.56.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_103-92_56-default-1-3.3.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.103-92.56.1 cluster-md-kmp-default-debuginfo-4.4.103-92.56.1 cluster-network-kmp-default-4.4.103-92.56.1 cluster-network-kmp-default-debuginfo-4.4.103-92.56.1 dlm-kmp-default-4.4.103-92.56.1 dlm-kmp-default-debuginfo-4.4.103-92.56.1 gfs2-kmp-default-4.4.103-92.56.1 gfs2-kmp-default-debuginfo-4.4.103-92.56.1 kernel-default-debuginfo-4.4.103-92.56.1 kernel-default-debugsource-4.4.103-92.56.1 ocfs2-kmp-default-4.4.103-92.56.1 ocfs2-kmp-default-debuginfo-4.4.103-92.56.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.103-92.56.1 kernel-macros-4.4.103-92.56.1 kernel-source-4.4.103-92.56.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.103-92.56.1 kernel-default-debuginfo-4.4.103-92.56.1 kernel-default-debugsource-4.4.103-92.56.1 kernel-default-devel-4.4.103-92.56.1 kernel-default-extra-4.4.103-92.56.1 kernel-default-extra-debuginfo-4.4.103-92.56.1 kernel-syms-4.4.103-92.56.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.103-92.56.1 kernel-default-debuginfo-4.4.103-92.56.1 kernel-default-debugsource-4.4.103-92.56.1 References: https://www.suse.com/security/cve/CVE-2017-17805.html https://www.suse.com/security/cve/CVE-2017-17806.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1039616 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1063043 https://bugzilla.suse.com/1064311 https://bugzilla.suse.com/1065180 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068951 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1072556 https://bugzilla.suse.com/1072962 https://bugzilla.suse.com/1073090 https://bugzilla.suse.com/1073792 https://bugzilla.suse.com/1073809 https://bugzilla.suse.com/1073874 https://bugzilla.suse.com/1073912 https://bugzilla.suse.com/964063 https://bugzilla.suse.com/969470 From sle-security-updates at lists.suse.com Thu Jan 4 07:08:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 15:08:19 +0100 (CET) Subject: SUSE-SU-2018:0015-1: moderate: Security update for libvorbis Message-ID: <20180104140819.EE5E2FD06@maintenance.suse.de> SUSE Security Update: Security update for libvorbis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0015-1 Rating: moderate References: #1059809 #1059811 Cross-References: CVE-2017-14632 CVE-2017-14633 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libvorbis fixes the following issues: - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-15=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-15=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-15=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-15=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-15=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-15=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-15=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libvorbis-debugsource-1.3.3-10.3.1 libvorbis-devel-1.3.3-10.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libvorbis-debugsource-1.3.3-10.3.1 libvorbis-devel-1.3.3-10.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libvorbis-debugsource-1.3.3-10.3.1 libvorbis0-1.3.3-10.3.1 libvorbis0-debuginfo-1.3.3-10.3.1 libvorbisenc2-1.3.3-10.3.1 libvorbisenc2-debuginfo-1.3.3-10.3.1 libvorbisfile3-1.3.3-10.3.1 libvorbisfile3-debuginfo-1.3.3-10.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libvorbis-doc-1.3.3-10.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libvorbis-debugsource-1.3.3-10.3.1 libvorbis0-1.3.3-10.3.1 libvorbis0-debuginfo-1.3.3-10.3.1 libvorbisenc2-1.3.3-10.3.1 libvorbisenc2-debuginfo-1.3.3-10.3.1 libvorbisfile3-1.3.3-10.3.1 libvorbisfile3-debuginfo-1.3.3-10.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libvorbis0-32bit-1.3.3-10.3.1 libvorbis0-debuginfo-32bit-1.3.3-10.3.1 libvorbisenc2-32bit-1.3.3-10.3.1 libvorbisenc2-debuginfo-32bit-1.3.3-10.3.1 libvorbisfile3-32bit-1.3.3-10.3.1 libvorbisfile3-debuginfo-32bit-1.3.3-10.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): libvorbis-doc-1.3.3-10.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libvorbis-debugsource-1.3.3-10.3.1 libvorbis0-1.3.3-10.3.1 libvorbis0-debuginfo-1.3.3-10.3.1 libvorbisenc2-1.3.3-10.3.1 libvorbisenc2-debuginfo-1.3.3-10.3.1 libvorbisfile3-1.3.3-10.3.1 libvorbisfile3-debuginfo-1.3.3-10.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libvorbis0-32bit-1.3.3-10.3.1 libvorbis0-debuginfo-32bit-1.3.3-10.3.1 libvorbisenc2-32bit-1.3.3-10.3.1 libvorbisenc2-debuginfo-32bit-1.3.3-10.3.1 libvorbisfile3-32bit-1.3.3-10.3.1 libvorbisfile3-debuginfo-32bit-1.3.3-10.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): libvorbis-doc-1.3.3-10.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvorbis-debugsource-1.3.3-10.3.1 libvorbis0-1.3.3-10.3.1 libvorbis0-32bit-1.3.3-10.3.1 libvorbis0-debuginfo-1.3.3-10.3.1 libvorbis0-debuginfo-32bit-1.3.3-10.3.1 libvorbisenc2-1.3.3-10.3.1 libvorbisenc2-32bit-1.3.3-10.3.1 libvorbisenc2-debuginfo-1.3.3-10.3.1 libvorbisenc2-debuginfo-32bit-1.3.3-10.3.1 libvorbisfile3-1.3.3-10.3.1 libvorbisfile3-32bit-1.3.3-10.3.1 libvorbisfile3-debuginfo-1.3.3-10.3.1 libvorbisfile3-debuginfo-32bit-1.3.3-10.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvorbis-debugsource-1.3.3-10.3.1 libvorbis0-1.3.3-10.3.1 libvorbis0-32bit-1.3.3-10.3.1 libvorbis0-debuginfo-1.3.3-10.3.1 libvorbis0-debuginfo-32bit-1.3.3-10.3.1 libvorbisenc2-1.3.3-10.3.1 libvorbisenc2-32bit-1.3.3-10.3.1 libvorbisenc2-debuginfo-1.3.3-10.3.1 libvorbisenc2-debuginfo-32bit-1.3.3-10.3.1 libvorbisfile3-1.3.3-10.3.1 libvorbisfile3-32bit-1.3.3-10.3.1 libvorbisfile3-debuginfo-1.3.3-10.3.1 libvorbisfile3-debuginfo-32bit-1.3.3-10.3.1 References: https://www.suse.com/security/cve/CVE-2017-14632.html https://www.suse.com/security/cve/CVE-2017-14633.html https://bugzilla.suse.com/1059809 https://bugzilla.suse.com/1059811 From sle-security-updates at lists.suse.com Thu Jan 4 07:08:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 15:08:59 +0100 (CET) Subject: SUSE-SU-2018:0016-1: moderate: Security update for libvorbis Message-ID: <20180104140859.D3F93FD06@maintenance.suse.de> SUSE Security Update: Security update for libvorbis ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0016-1 Rating: moderate References: #1059809 #1059811 Cross-References: CVE-2017-14632 CVE-2017-14633 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libvorbis fixes the following issues: - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libvorbis-13392=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libvorbis-13392=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libvorbis-13392=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvorbis-devel-1.2.0-79.20.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvorbis-1.2.0-79.20.3.1 libvorbis-doc-1.2.0-79.20.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libvorbis-32bit-1.2.0-79.20.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libvorbis-x86-1.2.0-79.20.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvorbis-debuginfo-1.2.0-79.20.3.1 libvorbis-debugsource-1.2.0-79.20.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libvorbis-debuginfo-32bit-1.2.0-79.20.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libvorbis-debuginfo-x86-1.2.0-79.20.3.1 References: https://www.suse.com/security/cve/CVE-2017-14632.html https://www.suse.com/security/cve/CVE-2017-14633.html https://bugzilla.suse.com/1059809 https://bugzilla.suse.com/1059811 From sle-security-updates at lists.suse.com Thu Jan 4 07:09:43 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 15:09:43 +0100 (CET) Subject: SUSE-SU-2018:0017-1: important: Security update for ImageMagick Message-ID: <20180104140943.648C0FD06@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0017-1 Rating: important References: #1052460 #1055053 #1055063 #1056550 #1057723 #1058422 #1063049 #1063050 Cross-References: CVE-2017-12563 CVE-2017-12691 CVE-2017-13061 CVE-2017-13062 CVE-2017-14042 CVE-2017-14174 CVE-2017-14343 CVE-2017-15277 CVE-2017-15281 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - security update (xcf.c): * CVE-2017-14343: Memory leak vulnerability in ReadXCFImage could lead to denial of service via a crafted file. CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. [bsc#1058422] - security update (pnm.c): * CVE-2017-14042: A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c and could lead to remote denial of service [bsc#1056550] - security update (psd.c): * CVE-2017-15281: ReadPSDImage allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file [bsc#1063049] * CVE-2017-13061: A length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. [bsc#1055063] * CVE-2017-12563: A Memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. [bsc#1052460] * CVE-2017-14174: Due to a lack of an EOF check (End of File) in ReadPSDLayersInternal could cause huge CPU consumption, when a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop.[bsc#1057723] - security update (meta.c): * CVE-2017-13062: Amemory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file [bsc#1055053] - security update (gif.c): * CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.[bsc#1063050] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-14=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-14=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-14=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-14=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-14=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-14=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-14=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-14=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-14=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.20.1 ImageMagick-debuginfo-6.8.8.1-71.20.1 ImageMagick-debugsource-6.8.8.1-71.20.1 libMagick++-6_Q16-3-6.8.8.1-71.20.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.20.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.20.1 ImageMagick-debuginfo-6.8.8.1-71.20.1 ImageMagick-debugsource-6.8.8.1-71.20.1 libMagick++-6_Q16-3-6.8.8.1-71.20.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.20.1 ImageMagick-debuginfo-6.8.8.1-71.20.1 ImageMagick-debugsource-6.8.8.1-71.20.1 ImageMagick-devel-6.8.8.1-71.20.1 libMagick++-6_Q16-3-6.8.8.1-71.20.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.20.1 libMagick++-devel-6.8.8.1-71.20.1 perl-PerlMagick-6.8.8.1-71.20.1 perl-PerlMagick-debuginfo-6.8.8.1-71.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.20.1 ImageMagick-debuginfo-6.8.8.1-71.20.1 ImageMagick-debugsource-6.8.8.1-71.20.1 ImageMagick-devel-6.8.8.1-71.20.1 libMagick++-6_Q16-3-6.8.8.1-71.20.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.20.1 libMagick++-devel-6.8.8.1-71.20.1 perl-PerlMagick-6.8.8.1-71.20.1 perl-PerlMagick-debuginfo-6.8.8.1-71.20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-71.20.1 ImageMagick-debugsource-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.20.1 libMagickWand-6_Q16-1-6.8.8.1-71.20.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.20.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.20.1 ImageMagick-debugsource-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.20.1 libMagickWand-6_Q16-1-6.8.8.1-71.20.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.20.1 ImageMagick-debugsource-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.20.1 libMagickWand-6_Q16-1-6.8.8.1-71.20.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.20.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.20.1 ImageMagick-debuginfo-6.8.8.1-71.20.1 ImageMagick-debugsource-6.8.8.1-71.20.1 libMagick++-6_Q16-3-6.8.8.1-71.20.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.20.1 libMagickWand-6_Q16-1-6.8.8.1-71.20.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.20.1 ImageMagick-debuginfo-6.8.8.1-71.20.1 ImageMagick-debugsource-6.8.8.1-71.20.1 libMagick++-6_Q16-3-6.8.8.1-71.20.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.20.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.20.1 libMagickWand-6_Q16-1-6.8.8.1-71.20.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.20.1 References: https://www.suse.com/security/cve/CVE-2017-12563.html https://www.suse.com/security/cve/CVE-2017-12691.html https://www.suse.com/security/cve/CVE-2017-13061.html https://www.suse.com/security/cve/CVE-2017-13062.html https://www.suse.com/security/cve/CVE-2017-14042.html https://www.suse.com/security/cve/CVE-2017-14174.html https://www.suse.com/security/cve/CVE-2017-14343.html https://www.suse.com/security/cve/CVE-2017-15277.html https://www.suse.com/security/cve/CVE-2017-15281.html https://bugzilla.suse.com/1052460 https://bugzilla.suse.com/1055053 https://bugzilla.suse.com/1055063 https://bugzilla.suse.com/1056550 https://bugzilla.suse.com/1057723 https://bugzilla.suse.com/1058422 https://bugzilla.suse.com/1063049 https://bugzilla.suse.com/1063050 From sle-security-updates at lists.suse.com Thu Jan 4 10:09:07 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 18:09:07 +0100 (CET) Subject: SUSE-SU-2018:0018-1: moderate: Security update for samba Message-ID: <20180104170907.EC8FAFD06@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0018-1 Rating: moderate References: #1016531 #1063008 Cross-References: CVE-2017-15275 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: - CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - s3/libads: fix seal/signed ldap connections so they are reused; (bsc#1016531). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-samba-13394=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-samba-13394=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-samba-13394=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-13394=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-13394=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-13394=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-94.8.1 libnetapi-devel-3.6.3-94.8.1 libnetapi0-3.6.3-94.8.1 libsmbclient-devel-3.6.3-94.8.1 libsmbsharemodes-devel-3.6.3-94.8.1 libsmbsharemodes0-3.6.3-94.8.1 libtalloc-devel-3.6.3-94.8.1 libtdb-devel-3.6.3-94.8.1 libtevent-devel-3.6.3-94.8.1 libwbclient-devel-3.6.3-94.8.1 samba-devel-3.6.3-94.8.1 samba-test-3.6.3-94.8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-94.8.1 libldb1-3.6.3-94.8.1 libsmbclient0-3.6.3-94.8.1 libtalloc2-3.6.3-94.8.1 libtdb1-3.6.3-94.8.1 libtevent0-3.6.3-94.8.1 libwbclient0-3.6.3-94.8.1 samba-3.6.3-94.8.1 samba-client-3.6.3-94.8.1 samba-krb-printing-3.6.3-94.8.1 samba-winbind-3.6.3-94.8.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-94.8.1 libtalloc2-32bit-3.6.3-94.8.1 libtdb1-32bit-3.6.3-94.8.1 libtevent0-32bit-3.6.3-94.8.1 libwbclient0-32bit-3.6.3-94.8.1 samba-32bit-3.6.3-94.8.1 samba-client-32bit-3.6.3-94.8.1 samba-winbind-32bit-3.6.3-94.8.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): samba-doc-3.6.3-94.8.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsmbclient0-x86-3.6.3-94.8.1 libtalloc2-x86-3.6.3-94.8.1 libtdb1-x86-3.6.3-94.8.1 libtevent0-x86-3.6.3-94.8.1 libwbclient0-x86-3.6.3-94.8.1 samba-client-x86-3.6.3-94.8.1 samba-winbind-x86-3.6.3-94.8.1 samba-x86-3.6.3-94.8.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ldapsmb-1.34b-94.8.1 libldb1-3.6.3-94.8.1 libsmbclient0-3.6.3-94.8.1 libtalloc2-3.6.3-94.8.1 libtdb1-3.6.3-94.8.1 libtevent0-3.6.3-94.8.1 libwbclient0-3.6.3-94.8.1 samba-3.6.3-94.8.1 samba-client-3.6.3-94.8.1 samba-krb-printing-3.6.3-94.8.1 samba-winbind-3.6.3-94.8.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libsmbclient0-32bit-3.6.3-94.8.1 libtalloc2-32bit-3.6.3-94.8.1 libtdb1-32bit-3.6.3-94.8.1 libtevent0-32bit-3.6.3-94.8.1 libwbclient0-32bit-3.6.3-94.8.1 samba-32bit-3.6.3-94.8.1 samba-client-32bit-3.6.3-94.8.1 samba-winbind-32bit-3.6.3-94.8.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): samba-doc-3.6.3-94.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-94.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-94.8.1 libldb1-3.6.3-94.8.1 libsmbclient0-3.6.3-94.8.1 libtalloc2-3.6.3-94.8.1 libtdb1-3.6.3-94.8.1 libtevent0-3.6.3-94.8.1 libwbclient0-3.6.3-94.8.1 samba-3.6.3-94.8.1 samba-client-3.6.3-94.8.1 samba-krb-printing-3.6.3-94.8.1 samba-winbind-3.6.3-94.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): samba-debuginfo-3.6.3-94.8.1 samba-debugsource-3.6.3-94.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-94.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): samba-debuginfo-x86-3.6.3-94.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-94.8.1 samba-debugsource-3.6.3-94.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-94.8.1 References: https://www.suse.com/security/cve/CVE-2017-15275.html https://bugzilla.suse.com/1016531 https://bugzilla.suse.com/1063008 From sle-security-updates at lists.suse.com Thu Jan 4 10:10:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 18:10:01 +0100 (CET) Subject: SUSE-SU-2018:0019-1: important: Security update for kvm Message-ID: <20180104171001.23AD2FD06@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0019-1 Rating: important References: #1026612 #1068032 Cross-References: CVE-2017-2633 CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for kvm fixes the following issues: Also a mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Security fixes have been applied: - CVE-2017-2633: Fix various out of bounds access issues in the QEMU vnc infrastructure (bsc#1026612) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-13393=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-60.6.1 References: https://www.suse.com/security/cve/CVE-2017-2633.html https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1026612 https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Thu Jan 4 10:10:47 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Jan 2018 18:10:47 +0100 (CET) Subject: SUSE-SU-2018:0020-1: important: Security update for qemu Message-ID: <20180104171047.D87D5FD06@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0020-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for qemu fixes the following issues: A mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-19=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): qemu-2.0.2-48.37.1 qemu-block-curl-2.0.2-48.37.1 qemu-block-curl-debuginfo-2.0.2-48.37.1 qemu-debugsource-2.0.2-48.37.1 qemu-guest-agent-2.0.2-48.37.1 qemu-guest-agent-debuginfo-2.0.2-48.37.1 qemu-lang-2.0.2-48.37.1 qemu-tools-2.0.2-48.37.1 qemu-tools-debuginfo-2.0.2-48.37.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): qemu-kvm-2.0.2-48.37.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le): qemu-ppc-2.0.2-48.37.1 qemu-ppc-debuginfo-2.0.2-48.37.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): qemu-ipxe-1.0.0-48.37.1 qemu-seabios-1.7.4-48.37.1 qemu-sgabios-8-48.37.1 qemu-vgabios-1.7.4-48.37.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): qemu-block-rbd-2.0.2-48.37.1 qemu-block-rbd-debuginfo-2.0.2-48.37.1 qemu-x86-2.0.2-48.37.1 qemu-x86-debuginfo-2.0.2-48.37.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): qemu-s390-2.0.2-48.37.1 qemu-s390-debuginfo-2.0.2-48.37.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Fri Jan 5 13:08:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Jan 2018 21:08:19 +0100 (CET) Subject: SUSE-SU-2018:0031-1: important: Security update for the Linux Kernel Message-ID: <20180105200819.AC585FD06@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0031-1 Rating: important References: #1012422 #1045205 #1050231 #1066569 #1066693 #1067678 #1068032 #1068671 #1070771 #1070781 #1071074 #1071470 #1071693 #1071694 #1071695 #1072561 #1072876 Cross-References: CVE-2017-11600 CVE-2017-13167 CVE-2017-15115 CVE-2017-15868 CVE-2017-16534 CVE-2017-16538 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-8824 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has three fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / "SpectreAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. This issue is addressed for the x86_64, IBM Power and IBM zSeries architecture. - CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. This is done with help of Linux Kernel fixes on the Intel/AMD x86_64 and IBM zSeries architectures. On x86_64, this requires also updates of the CPU microcode packages, delivered in seperate updates. For IBM Power and zSeries the required firmware updates are supplied over regular channels by IBM. As this feature can have a performance impact, it can be disabled using the "nospec" kernel commandline option. - CVE-2017-5754 / "MeltdownAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation" and "PTI" / "Page Table Isolation". This update does this on the x86_64 architecture, it is not required on the IBM zSeries architecture. This feature can be enabled / disabled by the "pti=[on|off|auto]" or "nopti" commandline options. The following security bugs were fixed: - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer. (bnc#1072876). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-17449: The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, did not restrict observations of Netlink messages to a single net namespace, which allowed local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system (bnc#1071694). - CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in the Linux kernel did not require the CAP_NET_ADMIN capability for new, get, and del operations, which allowed local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces (bnc#1071693). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). The following non-security bugs were fixed: - alsa: timer: Fix ioctl_lock mutex deadlock (bsc#1067678). - audit: Fix use after free in audit_remove_watch_rule() (bsc#1045205). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - carl9170: prevent speculative execution (bnc#1068032). - fs: prevent speculative execution (bnc#1068032). - kaiser: make kernel_stack user-mapped - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Convert cmp to cmpd in idle enter sequence (bsc#1070781). - powerpc/powernv: Remove OPAL v1 takeover (bsc#1070781). - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - ptrace: Add a new thread access check (bsc#1068032). - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier. - s390/spinlock: add ppa to system call path. - uas: Only complain about missing sg if all other checks succeed (bsc#1071074). - udf: prevent speculative execution (bnc#1068032). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - uvcvideo: prevent speculative execution (bnc#1068032). - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add "nospec" chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-24=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-24=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-24=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-24=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): kernel-default-3.12.74-60.64.69.1 kernel-default-base-3.12.74-60.64.69.1 kernel-default-base-debuginfo-3.12.74-60.64.69.1 kernel-default-debuginfo-3.12.74-60.64.69.1 kernel-default-debugsource-3.12.74-60.64.69.1 kernel-default-devel-3.12.74-60.64.69.1 kernel-syms-3.12.74-60.64.69.1 kernel-xen-3.12.74-60.64.69.1 kernel-xen-base-3.12.74-60.64.69.1 kernel-xen-base-debuginfo-3.12.74-60.64.69.1 kernel-xen-debuginfo-3.12.74-60.64.69.1 kernel-xen-debugsource-3.12.74-60.64.69.1 kernel-xen-devel-3.12.74-60.64.69.1 kgraft-patch-3_12_74-60_64_69-default-1-2.3.1 kgraft-patch-3_12_74-60_64_69-xen-1-2.3.1 - SUSE OpenStack Cloud 6 (noarch): kernel-devel-3.12.74-60.64.69.1 kernel-macros-3.12.74-60.64.69.1 kernel-source-3.12.74-60.64.69.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): kernel-default-3.12.74-60.64.69.1 kernel-default-base-3.12.74-60.64.69.1 kernel-default-base-debuginfo-3.12.74-60.64.69.1 kernel-default-debuginfo-3.12.74-60.64.69.1 kernel-default-debugsource-3.12.74-60.64.69.1 kernel-default-devel-3.12.74-60.64.69.1 kernel-syms-3.12.74-60.64.69.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-xen-3.12.74-60.64.69.1 kernel-xen-base-3.12.74-60.64.69.1 kernel-xen-base-debuginfo-3.12.74-60.64.69.1 kernel-xen-debuginfo-3.12.74-60.64.69.1 kernel-xen-debugsource-3.12.74-60.64.69.1 kernel-xen-devel-3.12.74-60.64.69.1 kgraft-patch-3_12_74-60_64_69-default-1-2.3.1 kgraft-patch-3_12_74-60_64_69-xen-1-2.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.69.1 kernel-macros-3.12.74-60.64.69.1 kernel-source-3.12.74-60.64.69.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.69.1 kernel-default-base-3.12.74-60.64.69.1 kernel-default-base-debuginfo-3.12.74-60.64.69.1 kernel-default-debuginfo-3.12.74-60.64.69.1 kernel-default-debugsource-3.12.74-60.64.69.1 kernel-default-devel-3.12.74-60.64.69.1 kernel-syms-3.12.74-60.64.69.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.69.1 kernel-macros-3.12.74-60.64.69.1 kernel-source-3.12.74-60.64.69.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.69.1 kernel-xen-base-3.12.74-60.64.69.1 kernel-xen-base-debuginfo-3.12.74-60.64.69.1 kernel-xen-debuginfo-3.12.74-60.64.69.1 kernel-xen-debugsource-3.12.74-60.64.69.1 kernel-xen-devel-3.12.74-60.64.69.1 kgraft-patch-3_12_74-60_64_69-default-1-2.3.1 kgraft-patch-3_12_74-60_64_69-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.69.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.69.1 kernel-ec2-debuginfo-3.12.74-60.64.69.1 kernel-ec2-debugsource-3.12.74-60.64.69.1 kernel-ec2-devel-3.12.74-60.64.69.1 kernel-ec2-extra-3.12.74-60.64.69.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.69.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2017-13167.html https://www.suse.com/security/cve/CVE-2017-15115.html https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16534.html https://www.suse.com/security/cve/CVE-2017-16538.html https://www.suse.com/security/cve/CVE-2017-17448.html https://www.suse.com/security/cve/CVE-2017-17449.html https://www.suse.com/security/cve/CVE-2017-17450.html https://www.suse.com/security/cve/CVE-2017-17558.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2017-8824.html https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1045205 https://bugzilla.suse.com/1050231 https://bugzilla.suse.com/1066569 https://bugzilla.suse.com/1066693 https://bugzilla.suse.com/1067678 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068671 https://bugzilla.suse.com/1070771 https://bugzilla.suse.com/1070781 https://bugzilla.suse.com/1071074 https://bugzilla.suse.com/1071470 https://bugzilla.suse.com/1071693 https://bugzilla.suse.com/1071694 https://bugzilla.suse.com/1071695 https://bugzilla.suse.com/1072561 https://bugzilla.suse.com/1072876 From sle-security-updates at lists.suse.com Mon Jan 8 07:07:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Jan 2018 15:07:49 +0100 (CET) Subject: SUSE-SU-2018:0036-1: important: Security update for qemu Message-ID: <20180108140749.B0309FD15@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0036-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for qemu fixes the following issues: This update for qemu fixes the following issues: A mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-27=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-27=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-27=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): qemu-2.6.2-41.31.1 qemu-arm-2.6.2-41.31.1 qemu-arm-debuginfo-2.6.2-41.31.1 qemu-block-curl-2.6.2-41.31.1 qemu-block-curl-debuginfo-2.6.2-41.31.1 qemu-block-rbd-2.6.2-41.31.1 qemu-block-rbd-debuginfo-2.6.2-41.31.1 qemu-block-ssh-2.6.2-41.31.1 qemu-block-ssh-debuginfo-2.6.2-41.31.1 qemu-debugsource-2.6.2-41.31.1 qemu-guest-agent-2.6.2-41.31.1 qemu-guest-agent-debuginfo-2.6.2-41.31.1 qemu-lang-2.6.2-41.31.1 qemu-tools-2.6.2-41.31.1 qemu-tools-debuginfo-2.6.2-41.31.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): qemu-ipxe-1.0.0-41.31.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): qemu-2.6.2-41.31.1 qemu-block-curl-2.6.2-41.31.1 qemu-block-curl-debuginfo-2.6.2-41.31.1 qemu-block-ssh-2.6.2-41.31.1 qemu-block-ssh-debuginfo-2.6.2-41.31.1 qemu-debugsource-2.6.2-41.31.1 qemu-guest-agent-2.6.2-41.31.1 qemu-guest-agent-debuginfo-2.6.2-41.31.1 qemu-lang-2.6.2-41.31.1 qemu-tools-2.6.2-41.31.1 qemu-tools-debuginfo-2.6.2-41.31.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): qemu-block-rbd-2.6.2-41.31.1 qemu-block-rbd-debuginfo-2.6.2-41.31.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): qemu-kvm-2.6.2-41.31.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.31.1 qemu-ppc-debuginfo-2.6.2-41.31.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64): qemu-arm-2.6.2-41.31.1 qemu-arm-debuginfo-2.6.2-41.31.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): qemu-ipxe-1.0.0-41.31.1 qemu-seabios-1.9.1-41.31.1 qemu-sgabios-8-41.31.1 qemu-vgabios-1.9.1-41.31.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): qemu-x86-2.6.2-41.31.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): qemu-s390-2.6.2-41.31.1 qemu-s390-debuginfo-2.6.2-41.31.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): qemu-2.6.2-41.31.1 qemu-block-curl-2.6.2-41.31.1 qemu-block-curl-debuginfo-2.6.2-41.31.1 qemu-debugsource-2.6.2-41.31.1 qemu-kvm-2.6.2-41.31.1 qemu-tools-2.6.2-41.31.1 qemu-tools-debuginfo-2.6.2-41.31.1 qemu-x86-2.6.2-41.31.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): qemu-ipxe-1.0.0-41.31.1 qemu-seabios-1.9.1-41.31.1 qemu-sgabios-8-41.31.1 qemu-vgabios-1.9.1-41.31.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Mon Jan 8 10:08:27 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Jan 2018 18:08:27 +0100 (CET) Subject: SUSE-SU-2018:0039-1: important: Security update for kvm Message-ID: <20180108170827.3A211FD10@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0039-1 Rating: important References: #1026612 #1068032 Cross-References: CVE-2017-2633 CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for kvm fixes the following issues: A security flaw mitigation has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Also a security fix has been applied: - CVE-2017-2633: Fix various out of bounds access issues in the QEMU vnc infrastructure (bsc#1026612) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kvm-13397=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kvm-13397=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kvm-1.4.2-53.14.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kvm-1.4.2-53.14.1 References: https://www.suse.com/security/cve/CVE-2017-2633.html https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1026612 https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Mon Jan 8 13:06:46 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Jan 2018 21:06:46 +0100 (CET) Subject: SUSE-SU-2018:0040-1: important: Security update for the Linux Kernel Message-ID: <20180108200646.D2EB8FD15@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0040-1 Rating: important References: #1010175 #1034862 #1045327 #1050231 #1052593 #1056982 #1057179 #1057389 #1058524 #1062520 #1063544 #1063667 #1066295 #1066472 #1066569 #1066573 #1066606 #1066618 #1066625 #1066650 #1066671 #1066693 #1066700 #1066705 #1067085 #1068032 #1068671 #1069702 #1069708 #1070771 #1071074 #1071470 #1071695 #1072561 #1072876 #1073792 #1073874 #1074033 #999245 Cross-References: CVE-2017-1000251 CVE-2017-11600 CVE-2017-13080 CVE-2017-13167 CVE-2017-14106 CVE-2017-14140 CVE-2017-14340 CVE-2017-15102 CVE-2017-15115 CVE-2017-15265 CVE-2017-15274 CVE-2017-15868 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16538 CVE-2017-16649 CVE-2017-16939 CVE-2017-17450 CVE-2017-17558 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7472 CVE-2017-8824 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 32 vulnerabilities and has 7 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please contact your CPU / hardware vendor for potential microcode or BIOS updates needed for this fix. As this feature can have a performance impact, it can be disabled using the "nospec" kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation" and "PTI" / "Page Table Isolation". This feature is disabled on unaffected architectures. This feature can be enabled / disabled by the "pti=[on|off|auto]" or "nopti" commandline options. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer was fixed. (bnc#1072876). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel didn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702 1069708). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695 1074033). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-7472: The KEYS subsystem in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). The following non-security bugs were fixed: - asm alternatives: remove incorrect alignment notes. - getcwd: Close race with d_move called by lustre (bsc#1052593). - kabi: silence spurious kabi error in net/sctp/socket.c (bsc#1068671). - kaiser: add "nokaiser" boot option, using ALTERNATIVE. - kaiser: fix ldt freeing. - kaiser: Kernel Address Isolation. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: work around kABI. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - mm/mmu_context, sched/core: Fix mmu_context.h assumption. - nfs: Remove asserts from the NFS XDR code (bsc#1063544). - ptrace: Add a new thread access check (bsc#1068032). - Revert "mac80211: accept key reinstall without changing anything" This reverts commit 1def0d4e1446974356bacd9f4be06eee32b66473. - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier (bsc#1068032). - sched/core: Add switch_mm_irqs_off() and use it in the scheduler. - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off(). - scsi: mpt2sas: fix cleanup on controller resource mapping failure (bsc#999245). - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175). - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175). - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175). - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175). - temporary fix (bsc#1068032). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - x86-64: Give vvars their own page. - x86-64: Map the HPET NX. - x86/alternatives: Add instruction padding. - x86/alternatives: Cleanup DPRINTK macro. - x86/alternatives: Make JMPs more robust. - x86/alternatives: Use optimized NOPs for padding. - x86/boot: Add early cmdline parsing for options with arguments. - x86, boot: Carve out early cmdline parsing function. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: disable vmstat accounting. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: propagate info to /proc/cpuinfo. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86: Make alternative instruction pointers relative. - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE. - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID. - x86/mm: Add INVPCID helpers. - x86/mm: Add the 'nopcid' boot option to turn off PCID. - x86/mm: Build arch/x86/mm/tlb.c even on !SMP. - x86/mm: Disable PCID on 32-bit kernels. - x86/mm: Enable CR4.PCIDE on supported systems. - x86/mm: fix bad backport to disable PCID on Xen. - x86/mm: Fix INVPCID asm constraint. - x86/mm: If INVPCID is available, use it to flush global mappings. - x86/mm/kaiser: re-enable vsyscalls. - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - x86/mm, sched/core: Turn off IRQs in switch_mm(). - x86/mm, sched/core: Uninline switch_mm(). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add "nospec" chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). - xen/kaiser: add "nokaiser" boot option, using ALTERNATIVE. - xen/KAISER: Kernel Address Isolation. - xen/kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - xen/kaiser: work around kABI. - xen/x86-64: Give vvars their own page. - xen/x86-64: Map the HPET NX. - xen/x86/alternatives: Add instruction padding. - xen/x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - xen/x86/mm: Enable CR4.PCIDE on supported systems. - xen/x86/mm/kaiser: re-enable vsyscalls. - xen/x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - xen: x86/mm, sched/core: Turn off IRQs in switch_mm(). - xen: x86/mm, sched/core: Uninline switch_mm(). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-20170109-13398=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20170109-13398=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-20170109-13398=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-20170109-13398=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.106.11.1 kernel-default-base-3.0.101-0.47.106.11.1 kernel-default-devel-3.0.101-0.47.106.11.1 kernel-source-3.0.101-0.47.106.11.1 kernel-syms-3.0.101-0.47.106.11.1 kernel-trace-3.0.101-0.47.106.11.1 kernel-trace-base-3.0.101-0.47.106.11.1 kernel-trace-devel-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.106.11.1 kernel-ec2-base-3.0.101-0.47.106.11.1 kernel-ec2-devel-3.0.101-0.47.106.11.1 kernel-xen-3.0.101-0.47.106.11.1 kernel-xen-base-3.0.101-0.47.106.11.1 kernel-xen-devel-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.106.11.1 kernel-bigsmp-base-3.0.101-0.47.106.11.1 kernel-bigsmp-devel-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.106.11.1 kernel-pae-base-3.0.101-0.47.106.11.1 kernel-pae-devel-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.106.11.1 kernel-trace-extra-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.106.11.1 kernel-default-base-3.0.101-0.47.106.11.1 kernel-default-devel-3.0.101-0.47.106.11.1 kernel-ec2-3.0.101-0.47.106.11.1 kernel-ec2-base-3.0.101-0.47.106.11.1 kernel-ec2-devel-3.0.101-0.47.106.11.1 kernel-pae-3.0.101-0.47.106.11.1 kernel-pae-base-3.0.101-0.47.106.11.1 kernel-pae-devel-3.0.101-0.47.106.11.1 kernel-source-3.0.101-0.47.106.11.1 kernel-syms-3.0.101-0.47.106.11.1 kernel-trace-3.0.101-0.47.106.11.1 kernel-trace-base-3.0.101-0.47.106.11.1 kernel-trace-devel-3.0.101-0.47.106.11.1 kernel-xen-3.0.101-0.47.106.11.1 kernel-xen-base-3.0.101-0.47.106.11.1 kernel-xen-devel-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.106.11.1 kernel-default-debugsource-3.0.101-0.47.106.11.1 kernel-trace-debuginfo-3.0.101-0.47.106.11.1 kernel-trace-debugsource-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.106.11.1 kernel-ec2-debugsource-3.0.101-0.47.106.11.1 kernel-xen-debuginfo-3.0.101-0.47.106.11.1 kernel-xen-debugsource-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.106.11.1 kernel-bigsmp-debugsource-3.0.101-0.47.106.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.106.11.1 kernel-pae-debugsource-3.0.101-0.47.106.11.1 References: https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-13167.html https://www.suse.com/security/cve/CVE-2017-14106.html https://www.suse.com/security/cve/CVE-2017-14140.html https://www.suse.com/security/cve/CVE-2017-14340.html https://www.suse.com/security/cve/CVE-2017-15102.html https://www.suse.com/security/cve/CVE-2017-15115.html https://www.suse.com/security/cve/CVE-2017-15265.html https://www.suse.com/security/cve/CVE-2017-15274.html https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16525.html https://www.suse.com/security/cve/CVE-2017-16527.html https://www.suse.com/security/cve/CVE-2017-16529.html https://www.suse.com/security/cve/CVE-2017-16531.html https://www.suse.com/security/cve/CVE-2017-16534.html https://www.suse.com/security/cve/CVE-2017-16535.html https://www.suse.com/security/cve/CVE-2017-16536.html https://www.suse.com/security/cve/CVE-2017-16537.html https://www.suse.com/security/cve/CVE-2017-16538.html https://www.suse.com/security/cve/CVE-2017-16649.html https://www.suse.com/security/cve/CVE-2017-16939.html https://www.suse.com/security/cve/CVE-2017-17450.html https://www.suse.com/security/cve/CVE-2017-17558.html https://www.suse.com/security/cve/CVE-2017-17805.html https://www.suse.com/security/cve/CVE-2017-17806.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2017-7472.html https://www.suse.com/security/cve/CVE-2017-8824.html https://bugzilla.suse.com/1010175 https://bugzilla.suse.com/1034862 https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1050231 https://bugzilla.suse.com/1052593 https://bugzilla.suse.com/1056982 https://bugzilla.suse.com/1057179 https://bugzilla.suse.com/1057389 https://bugzilla.suse.com/1058524 https://bugzilla.suse.com/1062520 https://bugzilla.suse.com/1063544 https://bugzilla.suse.com/1063667 https://bugzilla.suse.com/1066295 https://bugzilla.suse.com/1066472 https://bugzilla.suse.com/1066569 https://bugzilla.suse.com/1066573 https://bugzilla.suse.com/1066606 https://bugzilla.suse.com/1066618 https://bugzilla.suse.com/1066625 https://bugzilla.suse.com/1066650 https://bugzilla.suse.com/1066671 https://bugzilla.suse.com/1066693 https://bugzilla.suse.com/1066700 https://bugzilla.suse.com/1066705 https://bugzilla.suse.com/1067085 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068671 https://bugzilla.suse.com/1069702 https://bugzilla.suse.com/1069708 https://bugzilla.suse.com/1070771 https://bugzilla.suse.com/1071074 https://bugzilla.suse.com/1071470 https://bugzilla.suse.com/1071695 https://bugzilla.suse.com/1072561 https://bugzilla.suse.com/1072876 https://bugzilla.suse.com/1073792 https://bugzilla.suse.com/1073874 https://bugzilla.suse.com/1074033 https://bugzilla.suse.com/999245 From sle-security-updates at lists.suse.com Mon Jan 8 13:12:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Jan 2018 21:12:32 +0100 (CET) Subject: SUSE-SU-2018:0041-1: important: Security update for kernel-firmware Message-ID: <20180108201232.E31EFFD10@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0041-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: - Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715) This new firmware enables the Indirect Branch Control (IBC) feature on AMD family 17h processor to mitigate an attack on the branch predictor that could lead to information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-30=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-30=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-30=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): kernel-firmware-20160516git-10.8.1 ucode-amd-20160516git-10.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-firmware-20160516git-10.8.1 ucode-amd-20160516git-10.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-firmware-20160516git-10.8.1 ucode-amd-20160516git-10.8.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Tue Jan 9 04:13:43 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jan 2018 12:13:43 +0100 (CET) Subject: SUSE-SU-2018:0043-1: moderate: Security update for ImageMagick Message-ID: <20180109111343.DDB59FD16@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0043-1 Rating: moderate References: #1052460 #1055053 #1055063 #1056550 #1057723 #1058422 #1063049 #1063050 Cross-References: CVE-2017-12563 CVE-2017-12691 CVE-2017-13061 CVE-2017-13062 CVE-2017-14042 CVE-2017-14174 CVE-2017-14343 CVE-2017-15277 CVE-2017-15281 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-14343: Fixed a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file (bsc#1058422). - CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allowed remote attackers to cause a denial of service (memory consumption) via a crafted file (bsc#1058422). - CVE-2017-14042: Prevent memory allocation failure in the ReadPNMImage function in coders/pnm.c. The vulnerability caused a big memory allocation, which may have lead to remote denial of service in the MagickRealloc function in magick/memory.c (bsc#1056550). - CVE-2017-15281: ReadPSDImage in coders/psd.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file (bsc#1063049). - CVE-2017-13061: A length-validation vulnerability in the function ReadPSDLayersInternal in coders/psd.c allowed attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file (bsc#1055063). - CVE-2017-12563: A memory exhaustion vulnerability in the function ReadPSDImage in coders/psd.c allowed attackers to cause a denial of service (bsc#1052460). - CVE-2017-14174: coders/psd.c allowed for DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but did not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1057723). - CVE-2017-13062: A memory leak vulnerability in the function formatIPTC in coders/meta.c allowed attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file (bsc#1055053). - CVE-2017-15277: ReadGIFImage in coders/gif.c left the palette uninitialized when processing a GIF file that has neither a global nor local palette. If this functionality was used as a library loaded into a process that operates on interesting data, this data sometimes could have been leaked via the uninitialized palette (bsc#1063050). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13399=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13399=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13399=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.78.17.1 ImageMagick-devel-6.4.3.6-7.78.17.1 libMagick++-devel-6.4.3.6-7.78.17.1 libMagick++1-6.4.3.6-7.78.17.1 libMagickWand1-6.4.3.6-7.78.17.1 perl-PerlMagick-6.4.3.6-7.78.17.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.78.17.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.78.17.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.78.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.78.17.1 ImageMagick-debugsource-6.4.3.6-7.78.17.1 References: https://www.suse.com/security/cve/CVE-2017-12563.html https://www.suse.com/security/cve/CVE-2017-12691.html https://www.suse.com/security/cve/CVE-2017-13061.html https://www.suse.com/security/cve/CVE-2017-13062.html https://www.suse.com/security/cve/CVE-2017-14042.html https://www.suse.com/security/cve/CVE-2017-14174.html https://www.suse.com/security/cve/CVE-2017-14343.html https://www.suse.com/security/cve/CVE-2017-15277.html https://www.suse.com/security/cve/CVE-2017-15281.html https://bugzilla.suse.com/1052460 https://bugzilla.suse.com/1055053 https://bugzilla.suse.com/1055063 https://bugzilla.suse.com/1056550 https://bugzilla.suse.com/1057723 https://bugzilla.suse.com/1058422 https://bugzilla.suse.com/1063049 https://bugzilla.suse.com/1063050 From sle-security-updates at lists.suse.com Tue Jan 9 10:09:16 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jan 2018 18:09:16 +0100 (CET) Subject: SUSE-SU-2018:0051-1: important: Security update for kernel-firmware Message-ID: <20180109170916.08823FD26@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0051-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: - Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715) This new firmware enables the Indirect Branch Control (IBC) feature on AMD family 17h processor to mitigate an attack on the branch predictor that could lead to information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-37=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-firmware-20140807git-5.3.1 ucode-amd-20140807git-5.3.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Tue Jan 9 13:08:34 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jan 2018 21:08:34 +0100 (CET) Subject: SUSE-SU-2018:0053-1: moderate: Security update for CaaS Platform 2.0 images Message-ID: <20180109200834.45213FD16@maintenance.suse.de> SUSE Security Update: Security update for CaaS Platform 2.0 images ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0053-1 Rating: moderate References: #1003846 #1004995 #1009966 #1022404 #1025282 #1025891 #1026567 #1029907 #1029908 #1029909 #1029995 #1030623 #1035386 #1036619 #1039099 #1039276 #1039513 #1040800 #1040968 #1041090 #1043059 #1043590 #1043883 #1043966 #1044016 #1045472 #1045522 #1045732 #1047178 #1047233 #1048605 #1048861 #1050152 #1050258 #1050487 #1052503 #1052507 #1052509 #1052511 #1052514 #1052518 #1053137 #1053347 #1053595 #1053671 #1055446 #1055641 #1055825 #1056058 #1056312 #1056381 #1057007 #1057139 #1057144 #1057149 #1057188 #1057634 #1057721 #1057724 #1058480 #1058695 #1058783 #1059050 #1059065 #1059075 #1059292 #1059723 #1060599 #1060621 #1061241 #1061384 #1062561 #1063249 #1063269 #1064571 #1064999 #1065363 #1066242 #1066371 #1066500 #1066611 #1067891 #1070878 #1070958 #1071905 #1071906 Cross-References: CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 CVE-2017-12448 CVE-2017-12450 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12456 CVE-2017-12799 CVE-2017-12837 CVE-2017-12883 CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14974 CVE-2017-3735 CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 CVE-2017-6512 Affected Products: SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 29 vulnerabilities and has 57 fixes is now available. Description: The Docker images provided with SUSE CaaS Platform 2.0 have been updated to include the following updates: binutils: * Update to version 2.29 * 18750 bsc#1030296 CVE-2014-9939 * 20891 bsc#1030585 CVE-2017-7225 * 20892 bsc#1030588 CVE-2017-7224 * 20898 bsc#1030589 CVE-2017-7223 * 20905 bsc#1030584 CVE-2017-7226 * 20908 bsc#1031644 CVE-2017-7299 * 20909 bsc#1031656 CVE-2017-7300 * 20921 bsc#1031595 CVE-2017-7302 * 20922 bsc#1031593 CVE-2017-7303 * 20924 bsc#1031638 CVE-2017-7301 * 20931 bsc#1031590 CVE-2017-7304 * 21135 bsc#1030298 CVE-2017-7209 * 21137 bsc#1029909 CVE-2017-6965 * 21139 bsc#1029908 CVE-2017-6966 * 21156 bsc#1029907 CVE-2017-6969 * 21157 bsc#1030297 CVE-2017-7210 * 21409 bsc#1037052 CVE-2017-8392 * 21412 bsc#1037057 CVE-2017-8393 * 21414 bsc#1037061 CVE-2017-8394 * 21432 bsc#1037066 CVE-2017-8396 * 21440 bsc#1037273 CVE-2017-8421 * 21580 bsc#1044891 CVE-2017-9746 * 21581 bsc#1044897 CVE-2017-9747 * 21582 bsc#1044901 CVE-2017-9748 * 21587 bsc#1044909 CVE-2017-9750 * 21594 bsc#1044925 CVE-2017-9755 * 21595 bsc#1044927 CVE-2017-9756 * 21787 bsc#1052518 CVE-2017-12448 * 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 * 21933 bsc#1053347 CVE-2017-12799 * 21990 bsc#1058480 CVE-2017-14333 * 22018 bsc#1056312 CVE-2017-13757 * 22047 bsc#1057144 CVE-2017-14129 * 22058 bsc#1057149 CVE-2017-14130 * 22059 bsc#1057139 CVE-2017-14128 * 22113 bsc#1059050 CVE-2017-14529 * 22148 bsc#1060599 CVE-2017-14745 * 22163 bsc#1061241 CVE-2017-14974 * 22170 bsc#1060621 CVE-2017-14729 * Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] * Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] * Fix alignment frags for aarch64 (bsc#1003846) coreutils: * Fix df(1) to no longer interact with excluded file system types, so for example specifying -x nfs no longer hangs with problematic nfs mounts. (bsc#1026567) * Ensure df -l no longer interacts with dummy file system types, so for example no longer hangs with problematic NFS mounted via system.automount(5). (bsc#1043059) * Significantly speed up df(1) for huge mount lists. (bsc#965780) file: * update to version 5.22. * CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) * CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) * CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) * CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) * CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) * Fixed a memory corruption during rpmbuild (bsc#1063269) * Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) * file command throws "Composite Document File V2 Document, corrupt: Can't read SSAT" error against excel 97/2003 file format. (bsc#1009966) gcc7: * Support for specific IBM Power9 processor instructions. * Support for specific IBM zSeries z14 processor instructions. * New packages cross-npvtx-gcc7 and nvptx-tools added to the Toolchain Module for specific NVIDIA Card offload support. gzip: * fix mishandling of leading zeros in the end-of-block code (bsc#1067891) libsolv: * Many fixes and improvements for cleandeps. * Always create dup rules for "distupgrade" jobs. * Use recommends also for ordering packages. * Fix splitprovides handling with addalreadyrecommended turned off. (bsc#1059065) * Expose solver_get_recommendations() in bindings. * Fix bug in solver_prune_to_highest_prio_per_name resulting in bad output from solver_get_recommendations(). * Support 'without' and 'unless' dependencies. * Use same heuristic as upstream to determine source RPMs. * Fix memory leak in bindings. * Add pool_best_solvables() function. * Fix 64bit integer parsing from RPM headers. * Enable bzip2 and xz/lzma compression support. * Enable complex/rich dependencies on distributions with RPM 4.13+. libtool: * Add missing dependencies and provides to baselibs.conf to make sure libltdl libraries are properly installed. (bsc#1056381) libzypp: * Fix media handling in presence of a repo path prefix. (bsc#1062561) * Fix RepoProvideFile ignoring a repo path prefix. (bsc#1062561) * Remove unused legacy notify-message script. (bsc#1058783) * Support multiple product licenses in repomd. (fate#322276) * Propagate 'rpm --import' errors. (bsc#1057188) * Fix typos in zypp.conf. openssl: * CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) * CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) * Out of bounds read+crash in DES_fcrypt (bsc#1065363) * openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) perl: Security issues for perl: * CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a escape and the case-insensitive modifier. (bnc#1057724) * CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid escape. (bnc#1057721) * CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes for perl: * backport set_capture_string changes from upstream (bsc#999735) * reformat baselibs.conf as source validator workaround systemd: * unit: When JobTimeoutSec= is turned off, implicitly turn off JobRunningTimeoutSec= too. (bsc#1048605, bsc#1004995) * compat-rules: Generate compat by-id symlinks with 'nvme' prefix missing and warn users that have broken symlinks. (bsc#1063249) * compat-rules: Allow to specify the generation number through the kernel command line. * scsi_id: Fixup prefix for pre-SPC inquiry reply. (bsc#1039099) * tmpfiles: Remove old ICE and X11 sockets at boot. * tmpfiles: Silently ignore any path that passes through autofs. (bsc#1045472) * pam_logind: Skip leading /dev/ from PAM_TTY field before passing it on. * shared/machine-pool: Fix another mkfs.btrfs checking. (bsc#1053595) * shutdown: Fix incorrect fscanf() result check. * shutdown: Don't remount,ro network filesystems. (bsc#1035386) * shutdown: Don't be fooled when detaching DM devices with BTRFS. (bsc#1055641) * bash-completion: Add support for --now. (bsc#1053137) * Add convert-lib-udev-path.sh script to convert /lib/udev directory into a symlink pointing to /usr/lib/udev when upgrading from SLE11. (bsc#1050152) * Add a rule to teach hotplug to offline containers transparently. (bsc#1040800) timezone: * Northern Cyprus switches from +03 to +02/+03 on 2017-10-29 * Fiji ends DST 2018-01-14, not 2018-01-21 * Namibia switches from +01/+02 to +02 on 2018-04-01 * Sudan switches from +03 to +02 on 2017-11-01 * Tonga likely switches from +13/+14 to +13 on 2017-11-05 * Turks and Caicos switches from -04 to -05/-04 on 2018-11-04 * Corrections to past DST transitions * Move oversized Canada/East-Saskatchewan to 'backward' file * zic(8) and the reference runtime now reject multiple leap seconds within 28 days of each other, or leap seconds before the Epoch. util-linux: - Allow unmounting of filesystems without calling stat() on the mount point, when "-c" is used. (bsc#1040968) - Fix an infinite loop, a crash and report the correct minimum and maximum frequencies in lscpu for some processors. (bsc#1055446) - Fix a lscpu failure on Sydney Amazon EC2 region. (bsc#1066500) - If multiple subvolumes are mounted, report the default subvolume. (bsc#1039276) velum: * Fix logout issue on DEX download page * page doesn't exist (bsc#1066611) * Handle invalid sessions more user friendly * Fix undesired minimum nodes alert blink (bsc#1066371) wicked: - A regression in wicked was causing the hostname not to be set correctly via DHCP in some cases (bsc#1057007,bsc#1050258) - Configure the interface MTU correctly even in cases where the interface was up already (bsc#1059292) - Don't abort the process that adds configures routes if one route fails (bsc#1036619) - Handle DHCP4 user-class ids properly (bsc#1045522) - ethtool: handle channels parameters (bsc#1043883) zypper: * Locale: Fix possible segmentation fault. (bsc#1064999) * Add summary hint if product is better updated by a different command. This is mainly used by rolling distributions like openSUSE Tumbleweed to remind their users to use 'zypper dup' to update (not zypper up or patch). (bsc#1061384) * Unify '(add|modify)(repo|service)' property related arguments. * Fixed 'add' commands supporting to set only a subset of properties. * Introduced '-f/-F' as preferred short option for --[no-]refresh in all four commands. (bsc#661410, bsc#1053671) * Fix missing package names in installation report. (bsc#1058695) * Differ between unsupported and packages with unknown support status. (bsc#1057634) * Return error code '107' if an RPM's %post configuration script fails, but only if ZYPPER_ON_CODE12_RETURN_107=1 is set in the environment. (bsc#1047233) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-40=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE CaaS Platform ALL (x86_64): sles12-caasp-dex-image-2.0.0-3.3.11 sles12-dnsmasq-nanny-image-2.0.1-2.3.15 sles12-haproxy-image-2.0.1-2.3.16 sles12-kubedns-image-2.0.1-2.3.11 sles12-mariadb-image-2.0.1-2.3.15 sles12-openldap-image-2.0.0-2.3.11 sles12-pause-image-2.0.1-2.3.9 sles12-pv-recycler-node-image-2.0.1-2.3.10 sles12-salt-api-image-2.0.1-2.3.10 sles12-salt-master-image-2.0.1-2.3.10 sles12-salt-minion-image-2.0.1-2.3.14 sles12-sidecar-image-2.0.1-2.3.11 sles12-tiller-image-2.0.0-2.3.11 sles12-velum-image-2.0.1-2.3.13 References: https://www.suse.com/security/cve/CVE-2014-3710.html https://www.suse.com/security/cve/CVE-2014-8116.html https://www.suse.com/security/cve/CVE-2014-8117.html https://www.suse.com/security/cve/CVE-2014-9620.html https://www.suse.com/security/cve/CVE-2014-9621.html https://www.suse.com/security/cve/CVE-2014-9653.html https://www.suse.com/security/cve/CVE-2017-12448.html https://www.suse.com/security/cve/CVE-2017-12450.html https://www.suse.com/security/cve/CVE-2017-12452.html https://www.suse.com/security/cve/CVE-2017-12453.html https://www.suse.com/security/cve/CVE-2017-12454.html https://www.suse.com/security/cve/CVE-2017-12456.html https://www.suse.com/security/cve/CVE-2017-12799.html https://www.suse.com/security/cve/CVE-2017-12837.html https://www.suse.com/security/cve/CVE-2017-12883.html https://www.suse.com/security/cve/CVE-2017-13757.html https://www.suse.com/security/cve/CVE-2017-14128.html https://www.suse.com/security/cve/CVE-2017-14129.html https://www.suse.com/security/cve/CVE-2017-14130.html https://www.suse.com/security/cve/CVE-2017-14333.html https://www.suse.com/security/cve/CVE-2017-14529.html https://www.suse.com/security/cve/CVE-2017-14729.html https://www.suse.com/security/cve/CVE-2017-14745.html https://www.suse.com/security/cve/CVE-2017-14974.html https://www.suse.com/security/cve/CVE-2017-3735.html https://www.suse.com/security/cve/CVE-2017-3736.html https://www.suse.com/security/cve/CVE-2017-3737.html https://www.suse.com/security/cve/CVE-2017-3738.html https://www.suse.com/security/cve/CVE-2017-6512.html https://bugzilla.suse.com/1003846 https://bugzilla.suse.com/1004995 https://bugzilla.suse.com/1009966 https://bugzilla.suse.com/1022404 https://bugzilla.suse.com/1025282 https://bugzilla.suse.com/1025891 https://bugzilla.suse.com/1026567 https://bugzilla.suse.com/1029907 https://bugzilla.suse.com/1029908 https://bugzilla.suse.com/1029909 https://bugzilla.suse.com/1029995 https://bugzilla.suse.com/1030623 https://bugzilla.suse.com/1035386 https://bugzilla.suse.com/1036619 https://bugzilla.suse.com/1039099 https://bugzilla.suse.com/1039276 https://bugzilla.suse.com/1039513 https://bugzilla.suse.com/1040800 https://bugzilla.suse.com/1040968 https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1043059 https://bugzilla.suse.com/1043590 https://bugzilla.suse.com/1043883 https://bugzilla.suse.com/1043966 https://bugzilla.suse.com/1044016 https://bugzilla.suse.com/1045472 https://bugzilla.suse.com/1045522 https://bugzilla.suse.com/1045732 https://bugzilla.suse.com/1047178 https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1048605 https://bugzilla.suse.com/1048861 https://bugzilla.suse.com/1050152 https://bugzilla.suse.com/1050258 https://bugzilla.suse.com/1050487 https://bugzilla.suse.com/1052503 https://bugzilla.suse.com/1052507 https://bugzilla.suse.com/1052509 https://bugzilla.suse.com/1052511 https://bugzilla.suse.com/1052514 https://bugzilla.suse.com/1052518 https://bugzilla.suse.com/1053137 https://bugzilla.suse.com/1053347 https://bugzilla.suse.com/1053595 https://bugzilla.suse.com/1053671 https://bugzilla.suse.com/1055446 https://bugzilla.suse.com/1055641 https://bugzilla.suse.com/1055825 https://bugzilla.suse.com/1056058 https://bugzilla.suse.com/1056312 https://bugzilla.suse.com/1056381 https://bugzilla.suse.com/1057007 https://bugzilla.suse.com/1057139 https://bugzilla.suse.com/1057144 https://bugzilla.suse.com/1057149 https://bugzilla.suse.com/1057188 https://bugzilla.suse.com/1057634 https://bugzilla.suse.com/1057721 https://bugzilla.suse.com/1057724 https://bugzilla.suse.com/1058480 https://bugzilla.suse.com/1058695 https://bugzilla.suse.com/1058783 https://bugzilla.suse.com/1059050 https://bugzilla.suse.com/1059065 https://bugzilla.suse.com/1059075 https://bugzilla.suse.com/1059292 https://bugzilla.suse.com/1059723 https://bugzilla.suse.com/1060599 https://bugzilla.suse.com/1060621 https://bugzilla.suse.com/1061241 https://bugzilla.suse.com/1061384 https://bugzilla.suse.com/1062561 https://bugzilla.suse.com/1063249 https://bugzilla.suse.com/1063269 https://bugzilla.suse.com/1064571 https://bugzilla.suse.com/1064999 https://bugzilla.suse.com/1065363 https://bugzilla.suse.com/1066242 https://bugzilla.suse.com/1066371 https://bugzilla.suse.com/1066500 https://bugzilla.suse.com/1066611 https://bugzilla.suse.com/1067891 https://bugzilla.suse.com/1070878 https://bugzilla.suse.com/1070958 https://bugzilla.suse.com/1071905 https://bugzilla.suse.com/1071906 From sle-security-updates at lists.suse.com Tue Jan 9 13:21:09 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jan 2018 21:21:09 +0100 (CET) Subject: SUSE-SU-2018:0054-1: moderate: Security update for wireshark Message-ID: <20180109202109.B6471FD16@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0054-1 Rating: moderate References: #1044417 #1045341 #1056248 #1056249 #1056251 #1062645 #1070727 Cross-References: CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 CVE-2017-9617 CVE-2017-9766 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for wireshark to version 2.2.11 fixes several issues. These security issues were fixed: - CVE-2017-13767: The MSDP dissector could have gone into an infinite loop. This was addressed by adding length validation (bsc#1056248) - CVE-2017-13766: The Profinet I/O dissector could have crash with an out-of-bounds write. This was addressed by adding string validation (bsc#1056249) - CVE-2017-13765: The IrCOMM dissector had a buffer over-read and application crash. This was addressed by adding length validation (bsc#1056251) - CVE-2017-9766: PROFINET IO data with a high recursion depth allowed remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function (bsc#1045341) - CVE-2017-9617: Deeply nested DAAP data may have cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in the DAAP dissector (bsc#1044417) - CVE-2017-15192: The BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. (bsc#1062645) - CVE-2017-15193: The MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. (bsc#1062645) - CVE-2017-15191: The DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. (bsc#1062645) - CVE-2017-17083: NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. (bsc#1070727) - CVE-2017-17084: IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. (bsc#1070727) - CVE-2017-17085: the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. (bsc#1070727) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-13400=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-13400=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-13400=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsmi-0.4.5-2.7.2.1 portaudio-19-234.18.1 portaudio-devel-19-234.18.1 wireshark-devel-2.2.11-40.14.5 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libwireshark8-2.2.11-40.14.5 libwiretap6-2.2.11-40.14.5 libwscodecs1-2.2.11-40.14.5 libwsutil7-2.2.11-40.14.5 wireshark-2.2.11-40.14.5 wireshark-gtk-2.2.11-40.14.5 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsmi-0.4.5-2.7.2.1 libwireshark8-2.2.11-40.14.5 libwiretap6-2.2.11-40.14.5 libwscodecs1-2.2.11-40.14.5 libwsutil7-2.2.11-40.14.5 portaudio-19-234.18.1 wireshark-2.2.11-40.14.5 wireshark-gtk-2.2.11-40.14.5 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsmi-debuginfo-0.4.5-2.7.2.1 libsmi-debugsource-0.4.5-2.7.2.1 portaudio-debuginfo-19-234.18.1 portaudio-debugsource-19-234.18.1 wireshark-debuginfo-2.2.11-40.14.5 wireshark-debugsource-2.2.11-40.14.5 References: https://www.suse.com/security/cve/CVE-2017-13765.html https://www.suse.com/security/cve/CVE-2017-13766.html https://www.suse.com/security/cve/CVE-2017-13767.html https://www.suse.com/security/cve/CVE-2017-15191.html https://www.suse.com/security/cve/CVE-2017-15192.html https://www.suse.com/security/cve/CVE-2017-15193.html https://www.suse.com/security/cve/CVE-2017-17083.html https://www.suse.com/security/cve/CVE-2017-17084.html https://www.suse.com/security/cve/CVE-2017-17085.html https://www.suse.com/security/cve/CVE-2017-9617.html https://www.suse.com/security/cve/CVE-2017-9766.html https://bugzilla.suse.com/1044417 https://bugzilla.suse.com/1045341 https://bugzilla.suse.com/1056248 https://bugzilla.suse.com/1056249 https://bugzilla.suse.com/1056251 https://bugzilla.suse.com/1062645 https://bugzilla.suse.com/1070727 From sle-security-updates at lists.suse.com Tue Jan 9 13:22:22 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jan 2018 21:22:22 +0100 (CET) Subject: SUSE-SU-2018:0055-1: moderate: Security update for ImageMagick Message-ID: <20180109202222.9D5BEFD16@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0055-1 Rating: moderate References: #1042948 #1049373 #1051412 #1052252 #1052771 #1058082 #1072902 #1074122 #1074425 #1074610 Cross-References: CVE-2017-1000445 CVE-2017-1000476 CVE-2017-11449 CVE-2017-11751 CVE-2017-12430 CVE-2017-12642 CVE-2017-14249 CVE-2017-17680 CVE-2017-17882 CVE-2017-9409 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-1000476: A CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610). - CVE-2017-9409: The ReadMPCImage function in mpc.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1042948). - CVE-2017-1000445: A NULL pointer dereference in the MagickCore component might have lead to denial of service (bsc#1074425). - CVE-2017-17680: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17882) (bsc#1072902). - CVE-2017-17882: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17680) (bsc#1074122). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373). - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252). - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771). - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082). - Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-41=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-41=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-41=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-41=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-41=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-41=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-41=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-41=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-41=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.23.1 ImageMagick-debuginfo-6.8.8.1-71.23.1 ImageMagick-debugsource-6.8.8.1-71.23.1 libMagick++-6_Q16-3-6.8.8.1-71.23.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.23.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.23.1 ImageMagick-debuginfo-6.8.8.1-71.23.1 ImageMagick-debugsource-6.8.8.1-71.23.1 libMagick++-6_Q16-3-6.8.8.1-71.23.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.23.1 ImageMagick-debuginfo-6.8.8.1-71.23.1 ImageMagick-debugsource-6.8.8.1-71.23.1 ImageMagick-devel-6.8.8.1-71.23.1 libMagick++-6_Q16-3-6.8.8.1-71.23.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.23.1 libMagick++-devel-6.8.8.1-71.23.1 perl-PerlMagick-6.8.8.1-71.23.1 perl-PerlMagick-debuginfo-6.8.8.1-71.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.23.1 ImageMagick-debuginfo-6.8.8.1-71.23.1 ImageMagick-debugsource-6.8.8.1-71.23.1 ImageMagick-devel-6.8.8.1-71.23.1 libMagick++-6_Q16-3-6.8.8.1-71.23.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.23.1 libMagick++-devel-6.8.8.1-71.23.1 perl-PerlMagick-6.8.8.1-71.23.1 perl-PerlMagick-debuginfo-6.8.8.1-71.23.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-71.23.1 ImageMagick-debugsource-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.23.1 libMagickWand-6_Q16-1-6.8.8.1-71.23.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.23.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.23.1 ImageMagick-debugsource-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.23.1 libMagickWand-6_Q16-1-6.8.8.1-71.23.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.23.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.23.1 ImageMagick-debugsource-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.23.1 libMagickWand-6_Q16-1-6.8.8.1-71.23.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.23.1 ImageMagick-debuginfo-6.8.8.1-71.23.1 ImageMagick-debugsource-6.8.8.1-71.23.1 libMagick++-6_Q16-3-6.8.8.1-71.23.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.23.1 libMagickWand-6_Q16-1-6.8.8.1-71.23.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.23.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.23.1 ImageMagick-debuginfo-6.8.8.1-71.23.1 ImageMagick-debugsource-6.8.8.1-71.23.1 libMagick++-6_Q16-3-6.8.8.1-71.23.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.23.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.23.1 libMagickWand-6_Q16-1-6.8.8.1-71.23.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.23.1 References: https://www.suse.com/security/cve/CVE-2017-1000445.html https://www.suse.com/security/cve/CVE-2017-1000476.html https://www.suse.com/security/cve/CVE-2017-11449.html https://www.suse.com/security/cve/CVE-2017-11751.html https://www.suse.com/security/cve/CVE-2017-12430.html https://www.suse.com/security/cve/CVE-2017-12642.html https://www.suse.com/security/cve/CVE-2017-14249.html https://www.suse.com/security/cve/CVE-2017-17680.html https://www.suse.com/security/cve/CVE-2017-17882.html https://www.suse.com/security/cve/CVE-2017-9409.html https://bugzilla.suse.com/1042948 https://bugzilla.suse.com/1049373 https://bugzilla.suse.com/1051412 https://bugzilla.suse.com/1052252 https://bugzilla.suse.com/1052771 https://bugzilla.suse.com/1058082 https://bugzilla.suse.com/1072902 https://bugzilla.suse.com/1074122 https://bugzilla.suse.com/1074425 https://bugzilla.suse.com/1074610 From sle-security-updates at lists.suse.com Tue Jan 9 13:23:52 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Jan 2018 21:23:52 +0100 (CET) Subject: SUSE-SU-2018:0056-1: important: Security update for qemu Message-ID: <20180109202352.AD24BFD16@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0056-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for qemu fixes the following issues: A mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-39=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-39=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-39=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): qemu-ipxe-1.0.0-33.6.1 qemu-seabios-1.8.1-33.6.1 qemu-sgabios-8-33.6.1 qemu-vgabios-1.8.1-33.6.1 - SUSE OpenStack Cloud 6 (x86_64): qemu-2.3.1-33.6.1 qemu-block-curl-2.3.1-33.6.1 qemu-block-curl-debuginfo-2.3.1-33.6.1 qemu-block-rbd-2.3.1-33.6.1 qemu-block-rbd-debuginfo-2.3.1-33.6.1 qemu-debugsource-2.3.1-33.6.1 qemu-guest-agent-2.3.1-33.6.1 qemu-guest-agent-debuginfo-2.3.1-33.6.1 qemu-kvm-2.3.1-33.6.1 qemu-lang-2.3.1-33.6.1 qemu-tools-2.3.1-33.6.1 qemu-tools-debuginfo-2.3.1-33.6.1 qemu-x86-2.3.1-33.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): qemu-2.3.1-33.6.1 qemu-block-curl-2.3.1-33.6.1 qemu-block-curl-debuginfo-2.3.1-33.6.1 qemu-debugsource-2.3.1-33.6.1 qemu-guest-agent-2.3.1-33.6.1 qemu-guest-agent-debuginfo-2.3.1-33.6.1 qemu-lang-2.3.1-33.6.1 qemu-tools-2.3.1-33.6.1 qemu-tools-debuginfo-2.3.1-33.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le): qemu-ppc-2.3.1-33.6.1 qemu-ppc-debuginfo-2.3.1-33.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): qemu-block-rbd-2.3.1-33.6.1 qemu-block-rbd-debuginfo-2.3.1-33.6.1 qemu-kvm-2.3.1-33.6.1 qemu-x86-2.3.1-33.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): qemu-ipxe-1.0.0-33.6.1 qemu-seabios-1.8.1-33.6.1 qemu-sgabios-8-33.6.1 qemu-vgabios-1.8.1-33.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): qemu-2.3.1-33.6.1 qemu-block-curl-2.3.1-33.6.1 qemu-block-curl-debuginfo-2.3.1-33.6.1 qemu-debugsource-2.3.1-33.6.1 qemu-guest-agent-2.3.1-33.6.1 qemu-guest-agent-debuginfo-2.3.1-33.6.1 qemu-lang-2.3.1-33.6.1 qemu-tools-2.3.1-33.6.1 qemu-tools-debuginfo-2.3.1-33.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): qemu-kvm-2.3.1-33.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le): qemu-ppc-2.3.1-33.6.1 qemu-ppc-debuginfo-2.3.1-33.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): qemu-block-rbd-2.3.1-33.6.1 qemu-block-rbd-debuginfo-2.3.1-33.6.1 qemu-x86-2.3.1-33.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): qemu-ipxe-1.0.0-33.6.1 qemu-seabios-1.8.1-33.6.1 qemu-sgabios-8-33.6.1 qemu-vgabios-1.8.1-33.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): qemu-s390-2.3.1-33.6.1 qemu-s390-debuginfo-2.3.1-33.6.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Wed Jan 10 04:10:01 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Jan 2018 12:10:01 +0100 (CET) Subject: SUSE-SU-2018:0061-1: important: Security update for java-1_7_0-ibm Message-ID: <20180110111001.CCD53FD10@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0061-1 Rating: important References: #1070162 Cross-References: CVE-2016-10165 CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues: - Security update to version 7.0.10.15 (bsc#1070162): * CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_7_0-ibm-13401=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-13401=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr10.15-65.8.1 java-1_7_0-ibm-devel-1.7.0_sr10.15-65.8.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.15-65.8.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr10.15-65.8.1 java-1_7_0-ibm-plugin-1.7.0_sr10.15-65.8.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr10.15-65.8.1 java-1_7_0-ibm-alsa-1.7.0_sr10.15-65.8.1 java-1_7_0-ibm-devel-1.7.0_sr10.15-65.8.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.15-65.8.1 java-1_7_0-ibm-plugin-1.7.0_sr10.15-65.8.1 References: https://www.suse.com/security/cve/CVE-2016-10165.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2017-10281.html https://www.suse.com/security/cve/CVE-2017-10285.html https://www.suse.com/security/cve/CVE-2017-10293.html https://www.suse.com/security/cve/CVE-2017-10295.html https://www.suse.com/security/cve/CVE-2017-10345.html https://www.suse.com/security/cve/CVE-2017-10346.html https://www.suse.com/security/cve/CVE-2017-10347.html https://www.suse.com/security/cve/CVE-2017-10348.html https://www.suse.com/security/cve/CVE-2017-10349.html https://www.suse.com/security/cve/CVE-2017-10350.html https://www.suse.com/security/cve/CVE-2017-10355.html https://www.suse.com/security/cve/CVE-2017-10356.html https://www.suse.com/security/cve/CVE-2017-10357.html https://www.suse.com/security/cve/CVE-2017-10388.html https://bugzilla.suse.com/1070162 From sle-security-updates at lists.suse.com Thu Jan 11 07:06:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Jan 2018 15:06:49 +0100 (CET) Subject: SUSE-SU-2018:0065-1: important: Fixing security issues on OBS toolchain Message-ID: <20180111140649.94A77FD10@maintenance.suse.de> SUSE Security Update: Fixing security issues on OBS toolchain ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0065-1 Rating: important References: #1059858 #1069904 #796918 #827480 #891829 #938556 #967265 #967610 Cross-References: CVE-2016-4007 CVE-2017-14804 CVE-2017-9274 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This OBS toolchain update fixes the following issues: Package 'build': - CVE-2017-14804: Improve file name check extractbuild (bsc#1069904) - Fixed Dockerfile repository parsing Package 'obs-service-source_validator': - CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from a spec (bnc#938556). - CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection (bsc#967265) - Update to version 0.7. - Use spec_query instead of output_versions using the specfile parser from the build package (boo#1059858) - obs-service-source_validator: several occurrences of uninitialized value (bsc#967610) - hack for util-linux specfiles (bnc#891829) - fix dependency to gnupg2 for Fedora (bnc#827480) - exit if tmpdir creation fails (bnc#796918) Package 'osc': - Update to version 0.162.0. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-build-13404=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): osc-0.162.1-7.4.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): build-20171128-8.3.3 References: https://www.suse.com/security/cve/CVE-2016-4007.html https://www.suse.com/security/cve/CVE-2017-14804.html https://www.suse.com/security/cve/CVE-2017-9274.html https://bugzilla.suse.com/1059858 https://bugzilla.suse.com/1069904 https://bugzilla.suse.com/796918 https://bugzilla.suse.com/827480 https://bugzilla.suse.com/891829 https://bugzilla.suse.com/938556 https://bugzilla.suse.com/967265 https://bugzilla.suse.com/967610 From sle-security-updates at lists.suse.com Thu Jan 11 10:09:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Jan 2018 18:09:24 +0100 (CET) Subject: SUSE-SU-2018:0067-1: important: Security update for ucode-intel Message-ID: <20180111170924.7B7CBFD10@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0067-1 Rating: important References: #1075262 Cross-References: CVE-2017-5715 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode version 20180108 (bsc#1075262) The pre-released microcode fixing some important security issues is now officially published (and included in the added tarball). New firmware updates since last version (20170707) are avail for these Intel processors: - IVT C0 (06-3e-04:ed) 428->42a - SKL-U/Y D0 (06-4e-03:c0) ba->c2 - BDW-U/Y E/F (06-3d-04:c0) 25->28 - HSW-ULT Cx/Dx (06-45-01:72) 20->21 - Crystalwell Cx (06-46-01:32) 17->18 - BDW-H E/G (06-47-01:22) 17->1b - HSX-EX E0 (06-3f-04:80) 0f->10 - SKL-H/S R0 (06-5e-03:36) ba->c2 - HSW Cx/Dx (06-3c-03:32) 22->23 - HSX C0 (06-3f-02:6f) 3a->3b - BDX-DE V0/V1 (06-56-02:10) 0f->14 - BDX-DE V2 (06-56-03:10) 700000d->7000011 - KBL-U/Y H0 (06-8e-09:c0) 62->80 - KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80 - KBL-H/S B0 (06-9e-09:2a) 5e->80 - CFL U0 (06-9e-0a:22) 70->80 - CFL B0 (06-9e-0b:02) 72->80 - SKX H0 (06-55-04:b7) 2000035->200003c - GLK B0 (06-7a-01:01) 1e->22 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-50=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-50=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-50=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-50=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-50=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-50=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-50=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-50=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ucode-intel-20180108-13.11.1 ucode-intel-debuginfo-20180108-13.11.1 ucode-intel-debugsource-20180108-13.11.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ucode-intel-20180108-13.11.1 ucode-intel-debuginfo-20180108-13.11.1 ucode-intel-debugsource-20180108-13.11.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): ucode-intel-20180108-13.11.1 ucode-intel-debuginfo-20180108-13.11.1 ucode-intel-debugsource-20180108-13.11.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): ucode-intel-20180108-13.11.1 ucode-intel-debuginfo-20180108-13.11.1 ucode-intel-debugsource-20180108-13.11.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): ucode-intel-20180108-13.11.1 ucode-intel-debuginfo-20180108-13.11.1 ucode-intel-debugsource-20180108-13.11.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): ucode-intel-20180108-13.11.1 ucode-intel-debuginfo-20180108-13.11.1 ucode-intel-debugsource-20180108-13.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ucode-intel-20180108-13.11.1 ucode-intel-debuginfo-20180108-13.11.1 ucode-intel-debugsource-20180108-13.11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ucode-intel-20180108-13.11.1 ucode-intel-debuginfo-20180108-13.11.1 ucode-intel-debugsource-20180108-13.11.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1075262 From sle-security-updates at lists.suse.com Thu Jan 11 10:09:53 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Jan 2018 18:09:53 +0100 (CET) Subject: SUSE-SU-2018:0068-1: important: Security update for microcode_ctl Message-ID: <20180111170953.76D6BFD10@maintenance.suse.de> SUSE Security Update: Security update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0068-1 Rating: important References: #1075262 Cross-References: CVE-2017-5715 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Update to Intel microcode version 20180108 (bsc#1075262 CVE-2017-5715) - The pre-released microcode fixing some important security issues is now officially published (and included in the added tarball). Among other updates it contains: - IVT C0 (06-3e-04:ed) 428->42a - SKL-U/Y D0 (06-4e-03:c0) ba->c2 - BDW-U/Y E/F (06-3d-04:c0) 25->28 - HSW-ULT Cx/Dx (06-45-01:72) 20->21 - Crystalwell Cx (06-46-01:32) 17->18 - BDW-H E/G (06-47-01:22) 17->1b - HSX-EX E0 (06-3f-04:80) 0f->10 - SKL-H/S R0 (06-5e-03:36) ba->c2 - HSW Cx/Dx (06-3c-03:32) 22->23 - HSX C0 (06-3f-02:6f) 3a->3b - BDX-DE V0/V1 (06-56-02:10) 0f->14 - BDX-DE V2 (06-56-03:10) 700000d->7000011 - KBL-U/Y H0 (06-8e-09:c0) 62->80 - KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80 - KBL-H/S B0 (06-9e-09:2a) 5e->80 - CFL U0 (06-9e-0a:22) 70->80 - CFL B0 (06-9e-0b:02) 72->80 - SKX H0 (06-55-04:b7) 2000035->200003c - GLK B0 (06-7a-01:01) 1e->22 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-microcode_ctl-13406=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-microcode_ctl-13406=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-microcode_ctl-13406=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): microcode_ctl-1.17-102.83.9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): microcode_ctl-1.17-102.83.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): microcode_ctl-1.17-102.83.9.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://bugzilla.suse.com/1075262 From sle-security-updates at lists.suse.com Thu Jan 11 10:10:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Jan 2018 18:10:25 +0100 (CET) Subject: SUSE-SU-2018:0069-1: important: Security update for the Linux Kernel Message-ID: <20180111171025.B0884FD10@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0069-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 CVE-2017-5753 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown" attack. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-48=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-48=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2018-48=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.103-92.59.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (s390x): kernel-obs-build-4.4.103-92.59.1 kernel-obs-build-debugsource-4.4.103-92.59.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.103-92.59.1 kernel-macros-4.4.103-92.59.1 kernel-source-4.4.103-92.59.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): kernel-default-4.4.103-92.59.1 kernel-default-base-4.4.103-92.59.1 kernel-default-base-debuginfo-4.4.103-92.59.1 kernel-default-debuginfo-4.4.103-92.59.1 kernel-default-debugsource-4.4.103-92.59.1 kernel-default-devel-4.4.103-92.59.1 kernel-default-man-4.4.103-92.59.1 kernel-syms-4.4.103-92.59.1 - SUSE Linux Enterprise High Availability 12-SP2 (s390x): cluster-md-kmp-default-4.4.103-92.59.1 cluster-md-kmp-default-debuginfo-4.4.103-92.59.1 cluster-network-kmp-default-4.4.103-92.59.1 cluster-network-kmp-default-debuginfo-4.4.103-92.59.1 dlm-kmp-default-4.4.103-92.59.1 dlm-kmp-default-debuginfo-4.4.103-92.59.1 gfs2-kmp-default-4.4.103-92.59.1 gfs2-kmp-default-debuginfo-4.4.103-92.59.1 kernel-default-debuginfo-4.4.103-92.59.1 kernel-default-debugsource-4.4.103-92.59.1 ocfs2-kmp-default-4.4.103-92.59.1 ocfs2-kmp-default-debuginfo-4.4.103-92.59.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Fri Jan 12 07:07:52 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jan 2018 15:07:52 +0100 (CET) Subject: SUSE-SU-2018:0071-1: important: Security update for glibc Message-ID: <20180112140752.B829CFD15@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0071-1 Rating: important References: #1074293 Cross-References: CVE-2018-1000001 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2018-56=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-56=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-56=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): glibc-html-2.19-40.9.5 glibc-i18ndata-2.19-40.9.5 glibc-info-2.19-40.9.5 - SUSE OpenStack Cloud 6 (x86_64): glibc-2.19-40.9.5 glibc-32bit-2.19-40.9.5 glibc-debuginfo-2.19-40.9.5 glibc-debuginfo-32bit-2.19-40.9.5 glibc-debugsource-2.19-40.9.5 glibc-devel-2.19-40.9.5 glibc-devel-32bit-2.19-40.9.5 glibc-devel-debuginfo-2.19-40.9.5 glibc-devel-debuginfo-32bit-2.19-40.9.5 glibc-locale-2.19-40.9.5 glibc-locale-32bit-2.19-40.9.5 glibc-locale-debuginfo-2.19-40.9.5 glibc-locale-debuginfo-32bit-2.19-40.9.5 glibc-profile-2.19-40.9.5 glibc-profile-32bit-2.19-40.9.5 nscd-2.19-40.9.5 nscd-debuginfo-2.19-40.9.5 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): glibc-2.19-40.9.5 glibc-debuginfo-2.19-40.9.5 glibc-debugsource-2.19-40.9.5 glibc-devel-2.19-40.9.5 glibc-devel-debuginfo-2.19-40.9.5 glibc-locale-2.19-40.9.5 glibc-locale-debuginfo-2.19-40.9.5 glibc-profile-2.19-40.9.5 nscd-2.19-40.9.5 nscd-debuginfo-2.19-40.9.5 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): glibc-32bit-2.19-40.9.5 glibc-debuginfo-32bit-2.19-40.9.5 glibc-devel-32bit-2.19-40.9.5 glibc-devel-debuginfo-32bit-2.19-40.9.5 glibc-locale-32bit-2.19-40.9.5 glibc-locale-debuginfo-32bit-2.19-40.9.5 glibc-profile-32bit-2.19-40.9.5 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): glibc-html-2.19-40.9.5 glibc-i18ndata-2.19-40.9.5 glibc-info-2.19-40.9.5 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): glibc-2.19-40.9.5 glibc-debuginfo-2.19-40.9.5 glibc-debugsource-2.19-40.9.5 glibc-devel-2.19-40.9.5 glibc-devel-debuginfo-2.19-40.9.5 glibc-locale-2.19-40.9.5 glibc-locale-debuginfo-2.19-40.9.5 glibc-profile-2.19-40.9.5 nscd-2.19-40.9.5 nscd-debuginfo-2.19-40.9.5 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): glibc-32bit-2.19-40.9.5 glibc-debuginfo-32bit-2.19-40.9.5 glibc-devel-32bit-2.19-40.9.5 glibc-devel-debuginfo-32bit-2.19-40.9.5 glibc-locale-32bit-2.19-40.9.5 glibc-locale-debuginfo-32bit-2.19-40.9.5 glibc-profile-32bit-2.19-40.9.5 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): glibc-html-2.19-40.9.5 glibc-i18ndata-2.19-40.9.5 glibc-info-2.19-40.9.5 References: https://www.suse.com/security/cve/CVE-2018-1000001.html https://bugzilla.suse.com/1074293 From sle-security-updates at lists.suse.com Fri Jan 12 07:08:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jan 2018 15:08:19 +0100 (CET) Subject: SUSE-SU-2018:0072-1: moderate: Security update for gwenhywfar Message-ID: <20180112140819.57B3CFD06@maintenance.suse.de> SUSE Security Update: Security update for gwenhywfar ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0072-1 Rating: moderate References: #958331 Cross-References: CVE-2015-7542 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gwenhywfar fixes the following issues: Security issue fixed: - CVE-2015-7542: Make use of the system's default trusted CAs. Also remove the upstream provided ca-bundle.crt file and require ca-certificates so the /etc/ssl/certs directory is populated (bsc#958331). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-60=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-60=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-60=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-60=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-60=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-60=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gwenhywfar-debugsource-4.9.0beta-3.3.1 gwenhywfar-tools-4.9.0beta-3.3.1 gwenhywfar-tools-debuginfo-4.9.0beta-3.3.1 libgwengui-gtk2-0-4.9.0beta-3.3.1 libgwengui-gtk2-0-debuginfo-4.9.0beta-3.3.1 libgwenhywfar60-4.9.0beta-3.3.1 libgwenhywfar60-debuginfo-4.9.0beta-3.3.1 libgwenhywfar60-plugins-4.9.0beta-3.3.1 libgwenhywfar60-plugins-debuginfo-4.9.0beta-3.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): gwenhywfar-lang-4.9.0beta-3.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gwenhywfar-debugsource-4.9.0beta-3.3.1 gwenhywfar-tools-4.9.0beta-3.3.1 gwenhywfar-tools-debuginfo-4.9.0beta-3.3.1 libgwengui-gtk2-0-4.9.0beta-3.3.1 libgwengui-gtk2-0-debuginfo-4.9.0beta-3.3.1 libgwenhywfar60-4.9.0beta-3.3.1 libgwenhywfar60-debuginfo-4.9.0beta-3.3.1 libgwenhywfar60-plugins-4.9.0beta-3.3.1 libgwenhywfar60-plugins-debuginfo-4.9.0beta-3.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gwenhywfar-lang-4.9.0beta-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gwenhywfar-debugsource-4.9.0beta-3.3.1 gwenhywfar-devel-4.9.0beta-3.3.1 libgwengui-gtk2-0-4.9.0beta-3.3.1 libgwengui-gtk2-0-debuginfo-4.9.0beta-3.3.1 libgwengui-qt4-0-4.9.0beta-3.3.1 libgwengui-qt4-0-debuginfo-4.9.0beta-3.3.1 libgwenhywfar60-4.9.0beta-3.3.1 libgwenhywfar60-debuginfo-4.9.0beta-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gwenhywfar-debugsource-4.9.0beta-3.3.1 gwenhywfar-devel-4.9.0beta-3.3.1 libgwengui-gtk2-0-4.9.0beta-3.3.1 libgwengui-gtk2-0-debuginfo-4.9.0beta-3.3.1 libgwengui-qt4-0-4.9.0beta-3.3.1 libgwengui-qt4-0-debuginfo-4.9.0beta-3.3.1 libgwenhywfar60-4.9.0beta-3.3.1 libgwenhywfar60-debuginfo-4.9.0beta-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gwenhywfar-debugsource-4.9.0beta-3.3.1 gwenhywfar-tools-4.9.0beta-3.3.1 gwenhywfar-tools-debuginfo-4.9.0beta-3.3.1 libgwengui-gtk2-0-4.9.0beta-3.3.1 libgwengui-gtk2-0-debuginfo-4.9.0beta-3.3.1 libgwenhywfar60-4.9.0beta-3.3.1 libgwenhywfar60-debuginfo-4.9.0beta-3.3.1 libgwenhywfar60-plugins-4.9.0beta-3.3.1 libgwenhywfar60-plugins-debuginfo-4.9.0beta-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gwenhywfar-lang-4.9.0beta-3.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gwenhywfar-lang-4.9.0beta-3.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gwenhywfar-debugsource-4.9.0beta-3.3.1 gwenhywfar-tools-4.9.0beta-3.3.1 gwenhywfar-tools-debuginfo-4.9.0beta-3.3.1 libgwengui-gtk2-0-4.9.0beta-3.3.1 libgwengui-gtk2-0-debuginfo-4.9.0beta-3.3.1 libgwenhywfar60-4.9.0beta-3.3.1 libgwenhywfar60-debuginfo-4.9.0beta-3.3.1 libgwenhywfar60-plugins-4.9.0beta-3.3.1 libgwenhywfar60-plugins-debuginfo-4.9.0beta-3.3.1 References: https://www.suse.com/security/cve/CVE-2015-7542.html https://bugzilla.suse.com/958331 From sle-security-updates at lists.suse.com Fri Jan 12 07:08:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jan 2018 15:08:49 +0100 (CET) Subject: SUSE-SU-2018:0073-1: important: Security update for tiff Message-ID: <20180112140849.1F042FD15@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0073-1 Rating: important References: #1017690 #1069213 #960341 #969783 #983436 Cross-References: CVE-2014-8128 CVE-2015-7554 CVE-2016-10095 CVE-2016-5318 CVE-2017-16232 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for tiff to version 4.0.9 fixes the following issues: Security issues fixed: - CVE-2014-8128: Fix out-of-bounds read with malformed TIFF image in multiple tools (bsc#969783). - CVE-2015-7554: Fix invalid write in tiffsplit / _TIFFVGetField (bsc#960341). - CVE-2016-10095: Fix stack-based buffer overflow in _TIFFVGetField (tif_dir.c) (bsc#1017690). - CVE-2016-5318: Fix stackoverflow in thumbnail (bsc#983436). - CVE-2017-16232: Fix memory-based DoS in tiff2bw (bsc#1069213). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-59=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-59=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-59=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-59=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-59=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-59=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-59=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.7.1 tiff-debuginfo-4.0.9-44.7.1 tiff-debugsource-4.0.9-44.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.7.1 tiff-debuginfo-4.0.9-44.7.1 tiff-debugsource-4.0.9-44.7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libtiff5-4.0.9-44.7.1 libtiff5-debuginfo-4.0.9-44.7.1 tiff-4.0.9-44.7.1 tiff-debuginfo-4.0.9-44.7.1 tiff-debugsource-4.0.9-44.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.7.1 libtiff5-debuginfo-4.0.9-44.7.1 tiff-4.0.9-44.7.1 tiff-debuginfo-4.0.9-44.7.1 tiff-debugsource-4.0.9-44.7.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libtiff5-32bit-4.0.9-44.7.1 libtiff5-debuginfo-32bit-4.0.9-44.7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.7.1 libtiff5-debuginfo-4.0.9-44.7.1 tiff-4.0.9-44.7.1 tiff-debuginfo-4.0.9-44.7.1 tiff-debugsource-4.0.9-44.7.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libtiff5-32bit-4.0.9-44.7.1 libtiff5-debuginfo-32bit-4.0.9-44.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libtiff5-32bit-4.0.9-44.7.1 libtiff5-4.0.9-44.7.1 libtiff5-debuginfo-32bit-4.0.9-44.7.1 libtiff5-debuginfo-4.0.9-44.7.1 tiff-debuginfo-4.0.9-44.7.1 tiff-debugsource-4.0.9-44.7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libtiff5-32bit-4.0.9-44.7.1 libtiff5-4.0.9-44.7.1 libtiff5-debuginfo-32bit-4.0.9-44.7.1 libtiff5-debuginfo-4.0.9-44.7.1 tiff-debuginfo-4.0.9-44.7.1 tiff-debugsource-4.0.9-44.7.1 References: https://www.suse.com/security/cve/CVE-2014-8128.html https://www.suse.com/security/cve/CVE-2015-7554.html https://www.suse.com/security/cve/CVE-2016-10095.html https://www.suse.com/security/cve/CVE-2016-5318.html https://www.suse.com/security/cve/CVE-2017-16232.html https://bugzilla.suse.com/1017690 https://bugzilla.suse.com/1069213 https://bugzilla.suse.com/960341 https://bugzilla.suse.com/969783 https://bugzilla.suse.com/983436 From sle-security-updates at lists.suse.com Fri Jan 12 07:10:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jan 2018 15:10:02 +0100 (CET) Subject: SUSE-SU-2018:0074-1: important: Security update for glibc Message-ID: <20180112141002.346CDFD06@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0074-1 Rating: important References: #1051042 #1053188 #1063675 #1064569 #1064580 #1064583 #1070905 #1071319 #1073231 #1074293 Cross-References: CVE-2017-1000408 CVE-2017-1000409 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2018-1000001 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has three fixes is now available. Description: This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319] - An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231] - A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188] - A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905] - A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583] - A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-55=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-55=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-55=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-55=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-55=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-55=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-55=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-55=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-55=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-62.3.4 glibc-debugsource-2.22-62.3.4 glibc-devel-static-2.22-62.3.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): glibc-info-2.22-62.3.4 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-62.3.4 glibc-debugsource-2.22-62.3.4 glibc-devel-static-2.22-62.3.4 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): glibc-info-2.22-62.3.4 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): glibc-2.22-62.3.4 glibc-debuginfo-2.22-62.3.4 glibc-debugsource-2.22-62.3.4 glibc-devel-2.22-62.3.4 glibc-devel-debuginfo-2.22-62.3.4 glibc-locale-2.22-62.3.4 glibc-locale-debuginfo-2.22-62.3.4 glibc-profile-2.22-62.3.4 nscd-2.22-62.3.4 nscd-debuginfo-2.22-62.3.4 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): glibc-html-2.22-62.3.4 glibc-i18ndata-2.22-62.3.4 glibc-info-2.22-62.3.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): glibc-2.22-62.3.4 glibc-debuginfo-2.22-62.3.4 glibc-debugsource-2.22-62.3.4 glibc-devel-2.22-62.3.4 glibc-devel-debuginfo-2.22-62.3.4 glibc-locale-2.22-62.3.4 glibc-locale-debuginfo-2.22-62.3.4 glibc-profile-2.22-62.3.4 nscd-2.22-62.3.4 nscd-debuginfo-2.22-62.3.4 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): glibc-32bit-2.22-62.3.4 glibc-debuginfo-32bit-2.22-62.3.4 glibc-devel-32bit-2.22-62.3.4 glibc-devel-debuginfo-32bit-2.22-62.3.4 glibc-locale-32bit-2.22-62.3.4 glibc-locale-debuginfo-32bit-2.22-62.3.4 glibc-profile-32bit-2.22-62.3.4 - SUSE Linux Enterprise Server 12-SP3 (noarch): glibc-html-2.22-62.3.4 glibc-i18ndata-2.22-62.3.4 glibc-info-2.22-62.3.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): glibc-2.22-62.3.4 glibc-debuginfo-2.22-62.3.4 glibc-debugsource-2.22-62.3.4 glibc-devel-2.22-62.3.4 glibc-devel-debuginfo-2.22-62.3.4 glibc-locale-2.22-62.3.4 glibc-locale-debuginfo-2.22-62.3.4 glibc-profile-2.22-62.3.4 nscd-2.22-62.3.4 nscd-debuginfo-2.22-62.3.4 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): glibc-32bit-2.22-62.3.4 glibc-debuginfo-32bit-2.22-62.3.4 glibc-devel-32bit-2.22-62.3.4 glibc-devel-debuginfo-32bit-2.22-62.3.4 glibc-locale-32bit-2.22-62.3.4 glibc-locale-debuginfo-32bit-2.22-62.3.4 glibc-profile-32bit-2.22-62.3.4 - SUSE Linux Enterprise Server 12-SP2 (noarch): glibc-html-2.22-62.3.4 glibc-i18ndata-2.22-62.3.4 glibc-info-2.22-62.3.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): glibc-2.22-62.3.4 glibc-32bit-2.22-62.3.4 glibc-debuginfo-2.22-62.3.4 glibc-debuginfo-32bit-2.22-62.3.4 glibc-debugsource-2.22-62.3.4 glibc-devel-2.22-62.3.4 glibc-devel-32bit-2.22-62.3.4 glibc-devel-debuginfo-2.22-62.3.4 glibc-devel-debuginfo-32bit-2.22-62.3.4 glibc-locale-2.22-62.3.4 glibc-locale-32bit-2.22-62.3.4 glibc-locale-debuginfo-2.22-62.3.4 glibc-locale-debuginfo-32bit-2.22-62.3.4 nscd-2.22-62.3.4 nscd-debuginfo-2.22-62.3.4 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): glibc-i18ndata-2.22-62.3.4 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): glibc-i18ndata-2.22-62.3.4 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): glibc-2.22-62.3.4 glibc-32bit-2.22-62.3.4 glibc-debuginfo-2.22-62.3.4 glibc-debuginfo-32bit-2.22-62.3.4 glibc-debugsource-2.22-62.3.4 glibc-devel-2.22-62.3.4 glibc-devel-32bit-2.22-62.3.4 glibc-devel-debuginfo-2.22-62.3.4 glibc-devel-debuginfo-32bit-2.22-62.3.4 glibc-locale-2.22-62.3.4 glibc-locale-32bit-2.22-62.3.4 glibc-locale-debuginfo-2.22-62.3.4 glibc-locale-debuginfo-32bit-2.22-62.3.4 nscd-2.22-62.3.4 nscd-debuginfo-2.22-62.3.4 - SUSE CaaS Platform ALL (x86_64): glibc-2.22-62.3.4 glibc-debuginfo-2.22-62.3.4 glibc-debugsource-2.22-62.3.4 glibc-locale-2.22-62.3.4 glibc-locale-debuginfo-2.22-62.3.4 - OpenStack Cloud Magnum Orchestration 7 (x86_64): glibc-2.22-62.3.4 glibc-debuginfo-2.22-62.3.4 glibc-debugsource-2.22-62.3.4 glibc-locale-2.22-62.3.4 glibc-locale-debuginfo-2.22-62.3.4 References: https://www.suse.com/security/cve/CVE-2017-1000408.html https://www.suse.com/security/cve/CVE-2017-1000409.html https://www.suse.com/security/cve/CVE-2017-15670.html https://www.suse.com/security/cve/CVE-2017-15671.html https://www.suse.com/security/cve/CVE-2017-15804.html https://www.suse.com/security/cve/CVE-2017-16997.html https://www.suse.com/security/cve/CVE-2018-1000001.html https://bugzilla.suse.com/1051042 https://bugzilla.suse.com/1053188 https://bugzilla.suse.com/1063675 https://bugzilla.suse.com/1064569 https://bugzilla.suse.com/1064580 https://bugzilla.suse.com/1064583 https://bugzilla.suse.com/1070905 https://bugzilla.suse.com/1071319 https://bugzilla.suse.com/1073231 https://bugzilla.suse.com/1074293 From sle-security-updates at lists.suse.com Fri Jan 12 07:12:00 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jan 2018 15:12:00 +0100 (CET) Subject: SUSE-SU-2018:0075-1: important: Security update for glibc Message-ID: <20180112141200.A64C6FD06@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0075-1 Rating: important References: #1074293 Cross-References: CVE-2018-1000001 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-13409=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-13409=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-glibc-13409=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-glibc-13409=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-13409=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-13409=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.110.3.1 glibc-info-2.11.3-17.110.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.110.3.1 glibc-devel-2.11.3-17.110.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.110.3.1 glibc-i18ndata-2.11.3-17.110.3.1 glibc-info-2.11.3-17.110.3.1 glibc-locale-2.11.3-17.110.3.1 glibc-profile-2.11.3-17.110.3.1 nscd-2.11.3-17.110.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.110.3.1 glibc-devel-32bit-2.11.3-17.110.3.1 glibc-locale-32bit-2.11.3-17.110.3.1 glibc-profile-32bit-2.11.3-17.110.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.110.3.1 glibc-profile-x86-2.11.3-17.110.3.1 glibc-x86-2.11.3-17.110.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.110.3.1 glibc-devel-2.11.3-17.110.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.110.3.1 glibc-i18ndata-2.11.3-17.110.3.1 glibc-info-2.11.3-17.110.3.1 glibc-locale-2.11.3-17.110.3.1 glibc-profile-2.11.3-17.110.3.1 nscd-2.11.3-17.110.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): glibc-32bit-2.11.3-17.110.3.1 glibc-devel-32bit-2.11.3-17.110.3.1 glibc-locale-32bit-2.11.3-17.110.3.1 glibc-profile-32bit-2.11.3-17.110.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 i686): glibc-2.11.3-17.110.3.1 glibc-devel-2.11.3-17.110.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): glibc-html-2.11.3-17.110.3.1 glibc-i18ndata-2.11.3-17.110.3.1 glibc-info-2.11.3-17.110.3.1 glibc-locale-2.11.3-17.110.3.1 glibc-profile-2.11.3-17.110.3.1 nscd-2.11.3-17.110.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.110.3.1 glibc-debugsource-2.11.3-17.110.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): glibc-debuginfo-x86-2.11.3-17.110.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.110.3.1 glibc-debugsource-2.11.3-17.110.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): glibc-debuginfo-32bit-2.11.3-17.110.3.1 References: https://www.suse.com/security/cve/CVE-2018-1000001.html https://bugzilla.suse.com/1074293 From sle-security-updates at lists.suse.com Fri Jan 12 07:12:24 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jan 2018 15:12:24 +0100 (CET) Subject: SUSE-SU-2018:0076-1: important: Security update for glibc Message-ID: <20180112141224.B84C4FD06@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0076-1 Rating: important References: #1043984 #1074293 Cross-References: CVE-2014-9984 CVE-2018-1000001 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A buffer manipulation vulnerability in nscd has been fixed that could possibly have lead to an nscd daemon crash or code execution as the user running nscd. [CVE-2014-9984, bsc#1043984] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-54=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): glibc-2.19-22.24.5 glibc-debuginfo-2.19-22.24.5 glibc-debugsource-2.19-22.24.5 glibc-devel-2.19-22.24.5 glibc-devel-debuginfo-2.19-22.24.5 glibc-locale-2.19-22.24.5 glibc-locale-debuginfo-2.19-22.24.5 glibc-profile-2.19-22.24.5 nscd-2.19-22.24.5 nscd-debuginfo-2.19-22.24.5 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): glibc-32bit-2.19-22.24.5 glibc-debuginfo-32bit-2.19-22.24.5 glibc-devel-32bit-2.19-22.24.5 glibc-devel-debuginfo-32bit-2.19-22.24.5 glibc-locale-32bit-2.19-22.24.5 glibc-locale-debuginfo-32bit-2.19-22.24.5 glibc-profile-32bit-2.19-22.24.5 - SUSE Linux Enterprise Server 12-LTSS (noarch): glibc-html-2.19-22.24.5 glibc-i18ndata-2.19-22.24.5 glibc-info-2.19-22.24.5 References: https://www.suse.com/security/cve/CVE-2014-9984.html https://www.suse.com/security/cve/CVE-2018-1000001.html https://bugzilla.suse.com/1043984 https://bugzilla.suse.com/1074293 From sle-security-updates at lists.suse.com Fri Jan 12 10:09:08 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jan 2018 18:09:08 +0100 (CET) Subject: SUSE-SU-2018:0077-1: moderate: Security update for postgresql94 Message-ID: <20180112170908.B4EB9FD06@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0077-1 Rating: moderate References: #1062538 #1067844 Cross-References: CVE-2017-12172 CVE-2017-15098 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. This issue did not affect SUSE (bsc#1062538). Bug fixes: - Update to version 9.4.15 * https://www.postgresql.org/docs/9.4/static/release-9-4-15.html * https://www.postgresql.org/docs/9.4/static/release-9-4-14.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-postgresql94-13411=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-postgresql94-13411=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-postgresql94-13411=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-devel-9.4.15-0.23.10.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libecpg6-9.4.15-0.23.10.1 libpq5-9.4.15-0.23.10.1 postgresql94-9.4.15-0.23.10.1 postgresql94-contrib-9.4.15-0.23.10.1 postgresql94-docs-9.4.15-0.23.10.1 postgresql94-server-9.4.15-0.23.10.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpq5-32bit-9.4.15-0.23.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-debuginfo-9.4.15-0.23.10.1 postgresql94-debugsource-9.4.15-0.23.10.1 postgresql94-libs-debuginfo-9.4.15-0.23.10.1 postgresql94-libs-debugsource-9.4.15-0.23.10.1 References: https://www.suse.com/security/cve/CVE-2017-12172.html https://www.suse.com/security/cve/CVE-2017-15098.html https://bugzilla.suse.com/1062538 https://bugzilla.suse.com/1067844 From sle-security-updates at lists.suse.com Fri Jan 12 13:10:11 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jan 2018 21:10:11 +0100 (CET) Subject: SUSE-SU-2018:0079-1: moderate: Security update for mariadb Message-ID: <20180112201011.07860FD06@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0079-1 Rating: moderate References: #1039034 #1049399 #1049404 #1049417 #1054591 #1072665 Cross-References: CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for mariadb fixes several issues. These security issues were fixed: - CVE-2017-3636: Client programs had an unspecified vulnerability that could lead to unauthorized access and denial of service (bsc#1049399) - CVE-2017-3641: DDL unspecified vulnerability could lead to denial of service (bsc#1049404) - CVE-2017-3653: DML Unspecified vulnerability could lead to unauthorized database access (bsc#1049417) This non-security issues was fixed: - Add ODBC support for Connect engine (bsc#1039034) - Relax required version for mariadb-errormessages (bsc#1072665) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-64=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-64=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-64=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-64=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-64=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-64=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-64=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-64=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-64=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libmysqlclient_r18-10.0.32-29.10.1 libmysqlclient_r18-32bit-10.0.32-29.10.1 mariadb-debuginfo-10.0.32-29.10.1 mariadb-debugsource-10.0.32-29.10.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libmysqlclient_r18-10.0.32-29.10.1 libmysqlclient_r18-32bit-10.0.32-29.10.1 mariadb-debuginfo-10.0.32-29.10.1 mariadb-debugsource-10.0.32-29.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.32-29.10.1 libmysqlclient_r18-10.0.32-29.10.1 libmysqld-devel-10.0.32-29.10.1 libmysqld18-10.0.32-29.10.1 libmysqld18-debuginfo-10.0.32-29.10.1 mariadb-debuginfo-10.0.32-29.10.1 mariadb-debugsource-10.0.32-29.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libmysqlclient-devel-10.0.32-29.10.1 libmysqlclient_r18-10.0.32-29.10.1 libmysqld-devel-10.0.32-29.10.1 libmysqld18-10.0.32-29.10.1 libmysqld18-debuginfo-10.0.32-29.10.1 mariadb-debuginfo-10.0.32-29.10.1 mariadb-debugsource-10.0.32-29.10.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libmysqlclient18-10.0.32-29.10.1 libmysqlclient18-debuginfo-10.0.32-29.10.1 mariadb-10.0.32-29.10.1 mariadb-client-10.0.32-29.10.1 mariadb-client-debuginfo-10.0.32-29.10.1 mariadb-debuginfo-10.0.32-29.10.1 mariadb-debugsource-10.0.32-29.10.1 mariadb-errormessages-10.0.32-29.10.1 mariadb-tools-10.0.32-29.10.1 mariadb-tools-debuginfo-10.0.32-29.10.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.32-29.10.1 libmysqlclient18-debuginfo-10.0.32-29.10.1 mariadb-10.0.32-29.10.1 mariadb-client-10.0.32-29.10.1 mariadb-client-debuginfo-10.0.32-29.10.1 mariadb-debuginfo-10.0.32-29.10.1 mariadb-debugsource-10.0.32-29.10.1 mariadb-errormessages-10.0.32-29.10.1 mariadb-tools-10.0.32-29.10.1 mariadb-tools-debuginfo-10.0.32-29.10.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libmysqlclient18-32bit-10.0.32-29.10.1 libmysqlclient18-debuginfo-32bit-10.0.32-29.10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libmysqlclient18-10.0.32-29.10.1 libmysqlclient18-debuginfo-10.0.32-29.10.1 mariadb-10.0.32-29.10.1 mariadb-client-10.0.32-29.10.1 mariadb-client-debuginfo-10.0.32-29.10.1 mariadb-debuginfo-10.0.32-29.10.1 mariadb-debugsource-10.0.32-29.10.1 mariadb-errormessages-10.0.32-29.10.1 mariadb-tools-10.0.32-29.10.1 mariadb-tools-debuginfo-10.0.32-29.10.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libmysqlclient18-32bit-10.0.32-29.10.1 libmysqlclient18-debuginfo-32bit-10.0.32-29.10.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libmysqlclient18-10.0.32-29.10.1 libmysqlclient18-32bit-10.0.32-29.10.1 libmysqlclient18-debuginfo-10.0.32-29.10.1 libmysqlclient18-debuginfo-32bit-10.0.32-29.10.1 libmysqlclient_r18-10.0.32-29.10.1 libmysqlclient_r18-32bit-10.0.32-29.10.1 mariadb-10.0.32-29.10.1 mariadb-client-10.0.32-29.10.1 mariadb-client-debuginfo-10.0.32-29.10.1 mariadb-debuginfo-10.0.32-29.10.1 mariadb-debugsource-10.0.32-29.10.1 mariadb-errormessages-10.0.32-29.10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libmysqlclient18-10.0.32-29.10.1 libmysqlclient18-32bit-10.0.32-29.10.1 libmysqlclient18-debuginfo-10.0.32-29.10.1 libmysqlclient18-debuginfo-32bit-10.0.32-29.10.1 libmysqlclient_r18-10.0.32-29.10.1 libmysqlclient_r18-32bit-10.0.32-29.10.1 mariadb-10.0.32-29.10.1 mariadb-client-10.0.32-29.10.1 mariadb-client-debuginfo-10.0.32-29.10.1 mariadb-debuginfo-10.0.32-29.10.1 mariadb-debugsource-10.0.32-29.10.1 mariadb-errormessages-10.0.32-29.10.1 References: https://www.suse.com/security/cve/CVE-2017-3636.html https://www.suse.com/security/cve/CVE-2017-3641.html https://www.suse.com/security/cve/CVE-2017-3653.html https://bugzilla.suse.com/1039034 https://bugzilla.suse.com/1049399 https://bugzilla.suse.com/1049404 https://bugzilla.suse.com/1049417 https://bugzilla.suse.com/1054591 https://bugzilla.suse.com/1072665 From sle-security-updates at lists.suse.com Fri Jan 12 13:12:13 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Jan 2018 21:12:13 +0100 (CET) Subject: SUSE-SU-2018:0081-1: moderate: Security update for postgresql94 Message-ID: <20180112201213.98BD4FD06@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0081-1 Rating: moderate References: #1062538 #1067844 Cross-References: CVE-2017-12172 CVE-2017-15098 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. This issue did not affect SUSE (bsc#1062538). Bug fixes: - Update to version 9.4.15 * https://www.postgresql.org/docs/9.4/static/release-9-4-15.html * https://www.postgresql.org/docs/9.4/static/release-9-4-14.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-63=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-63=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-63=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-63=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): postgresql94-devel-9.4.15-21.13.1 postgresql94-devel-debuginfo-9.4.15-21.13.1 postgresql94-libs-debugsource-9.4.15-21.13.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): postgresql94-9.4.15-21.13.1 postgresql94-contrib-9.4.15-21.13.1 postgresql94-contrib-debuginfo-9.4.15-21.13.1 postgresql94-debuginfo-9.4.15-21.13.1 postgresql94-debugsource-9.4.15-21.13.1 postgresql94-server-9.4.15-21.13.1 postgresql94-server-debuginfo-9.4.15-21.13.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): postgresql94-docs-9.4.15-21.13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): postgresql94-9.4.15-21.13.1 postgresql94-contrib-9.4.15-21.13.1 postgresql94-contrib-debuginfo-9.4.15-21.13.1 postgresql94-debuginfo-9.4.15-21.13.1 postgresql94-debugsource-9.4.15-21.13.1 postgresql94-server-9.4.15-21.13.1 postgresql94-server-debuginfo-9.4.15-21.13.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): postgresql94-docs-9.4.15-21.13.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): postgresql94-9.4.15-21.13.1 postgresql94-debuginfo-9.4.15-21.13.1 postgresql94-debugsource-9.4.15-21.13.1 References: https://www.suse.com/security/cve/CVE-2017-12172.html https://www.suse.com/security/cve/CVE-2017-15098.html https://bugzilla.suse.com/1062538 https://bugzilla.suse.com/1067844 From sle-security-updates at lists.suse.com Mon Jan 15 07:17:03 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Jan 2018 15:17:03 +0100 (CET) Subject: SUSE-SU-2018:0100-1: moderate: Security update for openslp Message-ID: <20180115141703.1BE5CFD06@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0100-1 Rating: moderate References: #1001600 #974655 #980722 #994989 Cross-References: CVE-2016-4912 CVE-2016-7567 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for openslp fixes two security issues and two bugs. The following vulnerabilities were fixed: - CVE-2016-4912: A remote attacker could have crashed the server with a large number of packages (bsc#980722) - CVE-2016-7567: A remote attacker could cause a memory corruption having unspecified impact (bsc#1001600) The following bugfix changes are included: - bsc#994989: Removed convenience code as changes bytes in the message buffer breaking the verification code - bsc#974655: Removed no longer needed slpd init file Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-68=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-68=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-68=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-68=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): openslp-debuginfo-2.0.0-18.2.1 openslp-debugsource-2.0.0-18.2.1 openslp-devel-2.0.0-18.2.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openslp-2.0.0-18.2.1 openslp-debuginfo-2.0.0-18.2.1 openslp-debugsource-2.0.0-18.2.1 openslp-server-2.0.0-18.2.1 openslp-server-debuginfo-2.0.0-18.2.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): openslp-2.0.0-18.2.1 openslp-debuginfo-2.0.0-18.2.1 openslp-debugsource-2.0.0-18.2.1 openslp-server-2.0.0-18.2.1 openslp-server-debuginfo-2.0.0-18.2.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): openslp-32bit-2.0.0-18.2.1 openslp-debuginfo-32bit-2.0.0-18.2.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): openslp-2.0.0-18.2.1 openslp-32bit-2.0.0-18.2.1 openslp-debuginfo-2.0.0-18.2.1 openslp-debuginfo-32bit-2.0.0-18.2.1 openslp-debugsource-2.0.0-18.2.1 References: https://www.suse.com/security/cve/CVE-2016-4912.html https://www.suse.com/security/cve/CVE-2016-7567.html https://bugzilla.suse.com/1001600 https://bugzilla.suse.com/974655 https://bugzilla.suse.com/980722 https://bugzilla.suse.com/994989 From sle-security-updates at lists.suse.com Tue Jan 16 10:08:41 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Jan 2018 18:08:41 +0100 (CET) Subject: SUSE-SU-2018:0112-1: important: Security update for openssl Message-ID: <20180116170841.D56C3FCE4@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0112-1 Rating: important References: #1000677 #1001502 #1001912 #1004499 #1005878 #1019334 #1021641 #1022085 #1022271 #1027908 #1032261 #1055825 #1056058 #1065363 #990592 Cross-References: CVE-2016-2108 CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 CVE-2017-3735 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 10 fixes is now available. Description: This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-7056: ECSDA P-256 timing attack key recovery (bsc#1019334) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - CVE-2016-8610: remote denial of service in SSL alert handling (bsc#1005878) - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) Bug fixes: - support alternate root ca chains (bsc#1032261) - X509_get_default_cert_file() returns an incorrect path (bsc#1022271) - Segmentation fault in 'openssl speed' when engine library file cannot be found (bsc#1000677) - adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908) - Missing important ciphers in openssl 1.0.1i-47.1 on SLES12 SP1 (bsc#990592) - out of bounds read+crash in DES_fcrypt (bsc#1065363) - tracker bug for January 26th 2017 release (bsc#1021641) - patch for CVE-2016-2108 fails negative zero exploit (bsc#1001502) - Birthday attacks on 64-bit block ciphers aka triple-des (SWEET32) (bsc#1001912) - Include additional patch for CVE-2016-2108 (bsc#1004499) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-79=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-27.28.1 libopenssl1_0_0-debuginfo-1.0.1i-27.28.1 libopenssl1_0_0-hmac-1.0.1i-27.28.1 openssl-1.0.1i-27.28.1 openssl-debuginfo-1.0.1i-27.28.1 openssl-debugsource-1.0.1i-27.28.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-27.28.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.28.1 libopenssl1_0_0-hmac-32bit-1.0.1i-27.28.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): openssl-doc-1.0.1i-27.28.1 References: https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-7056.html https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2017-3731.html https://www.suse.com/security/cve/CVE-2017-3735.html https://bugzilla.suse.com/1000677 https://bugzilla.suse.com/1001502 https://bugzilla.suse.com/1001912 https://bugzilla.suse.com/1004499 https://bugzilla.suse.com/1005878 https://bugzilla.suse.com/1019334 https://bugzilla.suse.com/1021641 https://bugzilla.suse.com/1022085 https://bugzilla.suse.com/1022271 https://bugzilla.suse.com/1027908 https://bugzilla.suse.com/1032261 https://bugzilla.suse.com/1055825 https://bugzilla.suse.com/1056058 https://bugzilla.suse.com/1065363 https://bugzilla.suse.com/990592 From sle-security-updates at lists.suse.com Tue Jan 16 13:08:18 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Jan 2018 21:08:18 +0100 (CET) Subject: SUSE-SU-2018:0113-1: important: Security update for the Linux Kernel Message-ID: <20180116200818.66400FCE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0113-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 CVE-2017-5753 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown" attack. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-80=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-80=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2018-80=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): kernel-docs-4.4.103-94.6.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (s390x): kernel-obs-build-4.4.103-94.6.3 kernel-obs-build-debugsource-4.4.103-94.6.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-4.4.103-94.6.1 kernel-macros-4.4.103-94.6.1 kernel-source-4.4.103-94.6.1 - SUSE Linux Enterprise Server 12-SP3 (s390x): kernel-default-4.4.103-94.6.1 kernel-default-base-4.4.103-94.6.1 kernel-default-base-debuginfo-4.4.103-94.6.1 kernel-default-debuginfo-4.4.103-94.6.1 kernel-default-debugsource-4.4.103-94.6.1 kernel-default-devel-4.4.103-94.6.1 kernel-default-man-4.4.103-94.6.1 kernel-syms-4.4.103-94.6.2 - SUSE Linux Enterprise High Availability 12-SP3 (s390x): cluster-md-kmp-default-4.4.103-94.6.1 cluster-md-kmp-default-debuginfo-4.4.103-94.6.1 dlm-kmp-default-4.4.103-94.6.1 dlm-kmp-default-debuginfo-4.4.103-94.6.1 gfs2-kmp-default-4.4.103-94.6.1 gfs2-kmp-default-debuginfo-4.4.103-94.6.1 kernel-default-debuginfo-4.4.103-94.6.1 kernel-default-debugsource-4.4.103-94.6.1 ocfs2-kmp-default-4.4.103-94.6.1 ocfs2-kmp-default-debuginfo-4.4.103-94.6.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Tue Jan 16 13:08:58 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Jan 2018 21:08:58 +0100 (CET) Subject: SUSE-SU-2018:0114-1: important: Security update for the Linux Kernel Message-ID: <20180116200858.C74C3FCE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0114-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 CVE-2017-5753 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown" attack. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-81=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.72.1 kernel-macros-3.12.74-60.64.72.1 kernel-source-3.12.74-60.64.72.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-3.12.74-60.64.72.1 kernel-default-base-3.12.74-60.64.72.1 kernel-default-base-debuginfo-3.12.74-60.64.72.1 kernel-default-debuginfo-3.12.74-60.64.72.1 kernel-default-debugsource-3.12.74-60.64.72.1 kernel-default-devel-3.12.74-60.64.72.1 kernel-default-man-3.12.74-60.64.72.1 kernel-syms-3.12.74-60.64.72.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Tue Jan 16 13:09:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Jan 2018 21:09:29 +0100 (CET) Subject: SUSE-SU-2018:0115-1: important: Security update for the Linux Kernel Message-ID: <20180116200929.A9941FCE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0115-1 Rating: important References: #1045205 #1050231 #1066569 #1066693 #1068032 #1068671 #1070771 #1070781 #1071074 #1071470 #1071693 #1071694 #1071695 #1072561 #1072876 Cross-References: CVE-2017-11600 CVE-2017-13167 CVE-2017-15115 CVE-2017-15868 CVE-2017-16534 CVE-2017-16538 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-8824 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has one errata is now available. Description: The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / "SpectreAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. This issue is addressed for the x86_64, the IBM Power and IBM zSeries architecture. - CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. This is done with help of Linux Kernel fixes on the Intel/AMD x86_64 and IBM zSeries architectures. On x86_64, this requires also updates of the CPU microcode packages, delivered in seperate updates. For IBM Power and zSeries the required firmware updates are supplied over regular channels by IBM. As this feature can have a performance impact, it can be disabled using the "nospec" kernel commandline option. - CVE-2017-5754 / "MeltdownAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation" and "PTI" / "Page Table Isolation". This update does this on the x86_64 architecture, it is not required on the IBM zSeries architecture. This feature can be enabled / disabled by the "pti=[on|off|auto]" or "nopti" commandline options. The following security bugs were fixed: - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer. (bnc#1072876). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-17449: The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, did not restrict observations of Netlink messages to a single net namespace, which allowed local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system (bnc#1071694). - CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in the Linux kernel did not require the CAP_NET_ADMIN capability for new, get, and del operations, which allowed local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces (bnc#1071693). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). The following non-security bugs were fixed: - kvm: svm: Do not intercept new speculative control MSRs (bsc#1068032). - audit: Fix use after free in audit_remove_watch_rule() (bsc#1045205). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - carl9170: prevent speculative execution (bnc#1068032). - fs: prevent speculative execution (bnc#1068032). - kaiser: make kernel_stack user-mapped - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Convert cmp to cmpd in idle enter sequence (bsc#1070781). - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). Conflicts: series.conf - ptrace: Add a new thread access check (bsc#1068032). - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier. - s390/spinlock: add ppa to system call path. - uas: Only complain about missing sg if all other checks succeed (bsc#1071074). - udf: prevent speculative execution (bnc#1068032). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - uvcvideo: prevent speculative execution (bnc#1068032). - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add "nospec" chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-83=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-83=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.111.1 kernel-default-base-3.12.61-52.111.1 kernel-default-base-debuginfo-3.12.61-52.111.1 kernel-default-debuginfo-3.12.61-52.111.1 kernel-default-debugsource-3.12.61-52.111.1 kernel-default-devel-3.12.61-52.111.1 kernel-syms-3.12.61-52.111.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.111.1 kernel-xen-base-3.12.61-52.111.1 kernel-xen-base-debuginfo-3.12.61-52.111.1 kernel-xen-debuginfo-3.12.61-52.111.1 kernel-xen-debugsource-3.12.61-52.111.1 kernel-xen-devel-3.12.61-52.111.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.111.1 kernel-macros-3.12.61-52.111.1 kernel-source-3.12.61-52.111.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.111.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.111.1 kernel-ec2-debuginfo-3.12.61-52.111.1 kernel-ec2-debugsource-3.12.61-52.111.1 kernel-ec2-devel-3.12.61-52.111.1 kernel-ec2-extra-3.12.61-52.111.1 kernel-ec2-extra-debuginfo-3.12.61-52.111.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2017-13167.html https://www.suse.com/security/cve/CVE-2017-15115.html https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16534.html https://www.suse.com/security/cve/CVE-2017-16538.html https://www.suse.com/security/cve/CVE-2017-17448.html https://www.suse.com/security/cve/CVE-2017-17449.html https://www.suse.com/security/cve/CVE-2017-17450.html https://www.suse.com/security/cve/CVE-2017-17558.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2017-8824.html https://bugzilla.suse.com/1045205 https://bugzilla.suse.com/1050231 https://bugzilla.suse.com/1066569 https://bugzilla.suse.com/1066693 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068671 https://bugzilla.suse.com/1070771 https://bugzilla.suse.com/1070781 https://bugzilla.suse.com/1071074 https://bugzilla.suse.com/1071470 https://bugzilla.suse.com/1071693 https://bugzilla.suse.com/1071694 https://bugzilla.suse.com/1071695 https://bugzilla.suse.com/1072561 https://bugzilla.suse.com/1072876 From sle-security-updates at lists.suse.com Wed Jan 17 04:10:40 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jan 2018 12:10:40 +0100 (CET) Subject: SUSE-SU-2018:0117-1: moderate: Security update for rsync Message-ID: <20180117111040.3B2CBFCDD@maintenance.suse.de> SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0117-1 Rating: moderate References: #1066644 #1071459 #1071460 Cross-References: CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for rsync fixes the following issues: Security issues fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also did not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allowed remote attackers to bypass intended access restrictions" (bsc#1071460). - CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync, proceeded with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allowed remote attackers to bypass intended access restrictions (bsc#1071459). - CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check for a trailing '\\0' character in an xattr name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon (bsc#1066644). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-rsync-13416=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-rsync-13416=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): rsync-3.0.4-2.53.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): rsync-debuginfo-3.0.4-2.53.3.1 rsync-debugsource-3.0.4-2.53.3.1 References: https://www.suse.com/security/cve/CVE-2017-16548.html https://www.suse.com/security/cve/CVE-2017-17433.html https://www.suse.com/security/cve/CVE-2017-17434.html https://bugzilla.suse.com/1066644 https://bugzilla.suse.com/1071459 https://bugzilla.suse.com/1071460 From sle-security-updates at lists.suse.com Wed Jan 17 04:11:34 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jan 2018 12:11:34 +0100 (CET) Subject: SUSE-SU-2018:0118-1: moderate: Security update for rsync Message-ID: <20180117111134.2AF32FCDD@maintenance.suse.de> SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0118-1 Rating: moderate References: #1028842 #1062063 #1066644 #1071459 #1071460 Cross-References: CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for rsync fixes several issues. These security issues were fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also did not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allowed remote attackers to bypass intended access restrictions" (bsc#1071460). - CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync, proceeded with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allowed remote attackers to bypass intended access restrictions (bsc#1071459). - CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check for a trailing '\\0' character in an xattr name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon (bsc#1066644). This non-security issue was fixed: - Stop file upload after errors like a full disk (bsc#1062063) - Ensure -X flag works even when setting owner/group (bsc#1028842) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-84=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-84=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-84=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-84=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-84=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-84=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-84=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): rsync-3.1.0-13.7.1 rsync-debuginfo-3.1.0-13.7.1 rsync-debugsource-3.1.0-13.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rsync-3.1.0-13.7.1 rsync-debuginfo-3.1.0-13.7.1 rsync-debugsource-3.1.0-13.7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): rsync-3.1.0-13.7.1 rsync-debuginfo-3.1.0-13.7.1 rsync-debugsource-3.1.0-13.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rsync-3.1.0-13.7.1 rsync-debuginfo-3.1.0-13.7.1 rsync-debugsource-3.1.0-13.7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): rsync-3.1.0-13.7.1 rsync-debuginfo-3.1.0-13.7.1 rsync-debugsource-3.1.0-13.7.1 - SUSE CaaS Platform ALL (x86_64): rsync-3.1.0-13.7.1 rsync-debuginfo-3.1.0-13.7.1 rsync-debugsource-3.1.0-13.7.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): rsync-3.1.0-13.7.1 rsync-debuginfo-3.1.0-13.7.1 rsync-debugsource-3.1.0-13.7.1 References: https://www.suse.com/security/cve/CVE-2017-16548.html https://www.suse.com/security/cve/CVE-2017-17433.html https://www.suse.com/security/cve/CVE-2017-17434.html https://bugzilla.suse.com/1028842 https://bugzilla.suse.com/1062063 https://bugzilla.suse.com/1066644 https://bugzilla.suse.com/1071459 https://bugzilla.suse.com/1071460 From sle-security-updates at lists.suse.com Wed Jan 17 07:07:19 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jan 2018 15:07:19 +0100 (CET) Subject: SUSE-SU-2018:0119-1: moderate: Recommended update for libical Message-ID: <20180117140719.53224FD26@maintenance.suse.de> SUSE Security Update: Recommended update for libical ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0119-1 Rating: moderate References: #1015964 #1044995 #986631 #986632 #986639 #986642 #986658 Cross-References: CVE-2016-5823 CVE-2016-5824 CVE-2016-5825 CVE-2016-5826 CVE-2016-5827 CVE-2016-9584 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5823: The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bnc#986632) - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bsc#986639) - CVE-2016-5825: The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file. (bsc#986642) - CVE-2016-5826: The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function. (bsc#986658) - CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. (bsc#986631) - CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. (bnc#1015964) Bug fixes: - libical crashes while parsing timezones (bsc#1044995) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libical-13417=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libical-13417=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libical-13417=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libical-devel-0.43-1.10.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libical0-32bit-0.43-1.10.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libical0-0.43-1.10.6.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libical0-32bit-0.43-1.10.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libical-debuginfo-0.43-1.10.6.1 libical-debugsource-0.43-1.10.6.1 References: https://www.suse.com/security/cve/CVE-2016-5823.html https://www.suse.com/security/cve/CVE-2016-5824.html https://www.suse.com/security/cve/CVE-2016-5825.html https://www.suse.com/security/cve/CVE-2016-5826.html https://www.suse.com/security/cve/CVE-2016-5827.html https://www.suse.com/security/cve/CVE-2016-9584.html https://bugzilla.suse.com/1015964 https://bugzilla.suse.com/1044995 https://bugzilla.suse.com/986631 https://bugzilla.suse.com/986632 https://bugzilla.suse.com/986639 https://bugzilla.suse.com/986642 https://bugzilla.suse.com/986658 From sle-security-updates at lists.suse.com Wed Jan 17 07:08:42 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jan 2018 15:08:42 +0100 (CET) Subject: SUSE-SU-2018:0120-1: moderate: Security update for ncurses Message-ID: <20180117140842.DF463FCDD@maintenance.suse.de> SUSE Security Update: Security update for ncurses ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0120-1 Rating: moderate References: #1056127 #1056128 #1056129 #1056131 #1056132 #1056136 Cross-References: CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-86=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-86=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-86=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-86=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-86=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-86=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-86=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-86=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-86=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ncurses-debugsource-5.9-55.1 ncurses-devel-5.9-55.1 ncurses-devel-debuginfo-5.9-55.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ncurses-debugsource-5.9-55.1 ncurses-devel-5.9-55.1 ncurses-devel-debuginfo-5.9-55.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libncurses5-5.9-55.1 libncurses5-debuginfo-5.9-55.1 libncurses6-5.9-55.1 libncurses6-debuginfo-5.9-55.1 ncurses-debugsource-5.9-55.1 ncurses-devel-5.9-55.1 ncurses-devel-debuginfo-5.9-55.1 ncurses-utils-5.9-55.1 ncurses-utils-debuginfo-5.9-55.1 tack-5.9-55.1 tack-debuginfo-5.9-55.1 terminfo-5.9-55.1 terminfo-base-5.9-55.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libncurses5-5.9-55.1 libncurses5-debuginfo-5.9-55.1 libncurses6-5.9-55.1 libncurses6-debuginfo-5.9-55.1 ncurses-debugsource-5.9-55.1 ncurses-devel-5.9-55.1 ncurses-devel-debuginfo-5.9-55.1 ncurses-utils-5.9-55.1 ncurses-utils-debuginfo-5.9-55.1 tack-5.9-55.1 tack-debuginfo-5.9-55.1 terminfo-5.9-55.1 terminfo-base-5.9-55.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libncurses5-32bit-5.9-55.1 libncurses5-debuginfo-32bit-5.9-55.1 libncurses6-32bit-5.9-55.1 libncurses6-debuginfo-32bit-5.9-55.1 ncurses-devel-32bit-5.9-55.1 ncurses-devel-debuginfo-32bit-5.9-55.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libncurses5-5.9-55.1 libncurses5-debuginfo-5.9-55.1 libncurses6-5.9-55.1 libncurses6-debuginfo-5.9-55.1 ncurses-debugsource-5.9-55.1 ncurses-devel-5.9-55.1 ncurses-devel-debuginfo-5.9-55.1 ncurses-utils-5.9-55.1 ncurses-utils-debuginfo-5.9-55.1 tack-5.9-55.1 tack-debuginfo-5.9-55.1 terminfo-5.9-55.1 terminfo-base-5.9-55.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libncurses5-32bit-5.9-55.1 libncurses5-debuginfo-32bit-5.9-55.1 libncurses6-32bit-5.9-55.1 libncurses6-debuginfo-32bit-5.9-55.1 ncurses-devel-32bit-5.9-55.1 ncurses-devel-debuginfo-32bit-5.9-55.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libncurses5-32bit-5.9-55.1 libncurses5-5.9-55.1 libncurses5-debuginfo-32bit-5.9-55.1 libncurses5-debuginfo-5.9-55.1 libncurses6-32bit-5.9-55.1 libncurses6-5.9-55.1 libncurses6-debuginfo-32bit-5.9-55.1 libncurses6-debuginfo-5.9-55.1 ncurses-debugsource-5.9-55.1 ncurses-devel-5.9-55.1 ncurses-devel-debuginfo-5.9-55.1 ncurses-utils-5.9-55.1 ncurses-utils-debuginfo-5.9-55.1 tack-5.9-55.1 tack-debuginfo-5.9-55.1 terminfo-5.9-55.1 terminfo-base-5.9-55.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libncurses5-32bit-5.9-55.1 libncurses5-5.9-55.1 libncurses5-debuginfo-32bit-5.9-55.1 libncurses5-debuginfo-5.9-55.1 libncurses6-32bit-5.9-55.1 libncurses6-5.9-55.1 libncurses6-debuginfo-32bit-5.9-55.1 libncurses6-debuginfo-5.9-55.1 ncurses-debugsource-5.9-55.1 ncurses-devel-5.9-55.1 ncurses-devel-debuginfo-5.9-55.1 ncurses-utils-5.9-55.1 ncurses-utils-debuginfo-5.9-55.1 tack-5.9-55.1 tack-debuginfo-5.9-55.1 terminfo-5.9-55.1 terminfo-base-5.9-55.1 - SUSE CaaS Platform ALL (x86_64): libncurses5-5.9-55.1 libncurses5-debuginfo-5.9-55.1 libncurses6-5.9-55.1 libncurses6-debuginfo-5.9-55.1 ncurses-debugsource-5.9-55.1 ncurses-utils-5.9-55.1 ncurses-utils-debuginfo-5.9-55.1 terminfo-base-5.9-55.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libncurses5-5.9-55.1 libncurses5-debuginfo-5.9-55.1 libncurses6-5.9-55.1 libncurses6-debuginfo-5.9-55.1 ncurses-debugsource-5.9-55.1 ncurses-utils-5.9-55.1 ncurses-utils-debuginfo-5.9-55.1 terminfo-base-5.9-55.1 References: https://www.suse.com/security/cve/CVE-2017-13728.html https://www.suse.com/security/cve/CVE-2017-13729.html https://www.suse.com/security/cve/CVE-2017-13730.html https://www.suse.com/security/cve/CVE-2017-13731.html https://www.suse.com/security/cve/CVE-2017-13732.html https://www.suse.com/security/cve/CVE-2017-13733.html https://bugzilla.suse.com/1056127 https://bugzilla.suse.com/1056128 https://bugzilla.suse.com/1056129 https://bugzilla.suse.com/1056131 https://bugzilla.suse.com/1056132 https://bugzilla.suse.com/1056136 From sle-security-updates at lists.suse.com Wed Jan 17 10:09:44 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jan 2018 18:09:44 +0100 (CET) Subject: SUSE-SU-2018:0122-1: moderate: Security update for curl Message-ID: <20180117170944.E234FFCDD@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0122-1 Rating: moderate References: #1069222 #1069226 Cross-References: CVE-2017-8816 CVE-2017-8817 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code (bsc#1069226). - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function (bsc#1069222). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-88=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-88=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-88=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-88=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-88=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-88=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-88=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-88=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-88=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.11.3 curl-debugsource-7.37.0-37.11.3 libcurl-devel-7.37.0-37.11.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.11.3 curl-debugsource-7.37.0-37.11.3 libcurl-devel-7.37.0-37.11.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): curl-7.37.0-37.11.3 curl-debuginfo-7.37.0-37.11.3 curl-debugsource-7.37.0-37.11.3 libcurl4-7.37.0-37.11.3 libcurl4-debuginfo-7.37.0-37.11.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.11.3 curl-debuginfo-7.37.0-37.11.3 curl-debugsource-7.37.0-37.11.3 libcurl4-7.37.0-37.11.3 libcurl4-debuginfo-7.37.0-37.11.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcurl4-32bit-7.37.0-37.11.3 libcurl4-debuginfo-32bit-7.37.0-37.11.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.11.3 curl-debuginfo-7.37.0-37.11.3 curl-debugsource-7.37.0-37.11.3 libcurl4-7.37.0-37.11.3 libcurl4-debuginfo-7.37.0-37.11.3 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libcurl4-32bit-7.37.0-37.11.3 libcurl4-debuginfo-32bit-7.37.0-37.11.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): curl-7.37.0-37.11.3 curl-debuginfo-7.37.0-37.11.3 curl-debugsource-7.37.0-37.11.3 libcurl4-32bit-7.37.0-37.11.3 libcurl4-7.37.0-37.11.3 libcurl4-debuginfo-32bit-7.37.0-37.11.3 libcurl4-debuginfo-7.37.0-37.11.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): curl-7.37.0-37.11.3 curl-debuginfo-7.37.0-37.11.3 curl-debugsource-7.37.0-37.11.3 libcurl4-32bit-7.37.0-37.11.3 libcurl4-7.37.0-37.11.3 libcurl4-debuginfo-32bit-7.37.0-37.11.3 libcurl4-debuginfo-7.37.0-37.11.3 - SUSE CaaS Platform ALL (x86_64): curl-7.37.0-37.11.3 curl-debuginfo-7.37.0-37.11.3 curl-debugsource-7.37.0-37.11.3 libcurl4-7.37.0-37.11.3 libcurl4-debuginfo-7.37.0-37.11.3 - OpenStack Cloud Magnum Orchestration 7 (x86_64): curl-7.37.0-37.11.3 curl-debuginfo-7.37.0-37.11.3 curl-debugsource-7.37.0-37.11.3 libcurl4-7.37.0-37.11.3 libcurl4-debuginfo-7.37.0-37.11.3 References: https://www.suse.com/security/cve/CVE-2017-8816.html https://www.suse.com/security/cve/CVE-2017-8817.html https://bugzilla.suse.com/1069222 https://bugzilla.suse.com/1069226 From sle-security-updates at lists.suse.com Wed Jan 17 10:10:30 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Jan 2018 18:10:30 +0100 (CET) Subject: SUSE-SU-2018:0123-1: moderate: Security update for perl-XML-LibXML Message-ID: <20180117171030.CF8D5FCDD@maintenance.suse.de> SUSE Security Update: Security update for perl-XML-LibXML ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0123-1 Rating: moderate References: #1046848 Cross-References: CVE-2017-10672 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-XML-LibXML fixes the following issues: Security issue fixed: - CVE-2017-10672: Fix use-after-free that allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call (bsc#1046848). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-89=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-89=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-89=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-89=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-89=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-89=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): perl-XML-LibXML-2.0019-6.3.5 perl-XML-LibXML-debuginfo-2.0019-6.3.5 perl-XML-LibXML-debugsource-2.0019-6.3.5 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): perl-XML-LibXML-2.0019-6.3.5 perl-XML-LibXML-debuginfo-2.0019-6.3.5 perl-XML-LibXML-debugsource-2.0019-6.3.5 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): perl-XML-LibXML-2.0019-6.3.5 perl-XML-LibXML-debuginfo-2.0019-6.3.5 perl-XML-LibXML-debugsource-2.0019-6.3.5 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): perl-XML-LibXML-2.0019-6.3.5 perl-XML-LibXML-debuginfo-2.0019-6.3.5 perl-XML-LibXML-debugsource-2.0019-6.3.5 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): perl-XML-LibXML-2.0019-6.3.5 perl-XML-LibXML-debuginfo-2.0019-6.3.5 perl-XML-LibXML-debugsource-2.0019-6.3.5 - SUSE CaaS Platform ALL (x86_64): perl-XML-LibXML-2.0019-6.3.5 perl-XML-LibXML-debuginfo-2.0019-6.3.5 perl-XML-LibXML-debugsource-2.0019-6.3.5 References: https://www.suse.com/security/cve/CVE-2017-10672.html https://bugzilla.suse.com/1046848 From sle-security-updates at lists.suse.com Wed Jan 17 19:08:37 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jan 2018 03:08:37 +0100 (CET) Subject: SUSE-SU-2018:0127-1: moderate: Security update for mercurial Message-ID: <20180118020837.14BFEFCDD@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0127-1 Rating: moderate References: #1071715 Cross-References: CVE-2017-17458 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: - CVE-2017-17458: In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically. (bsc#1071715): Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mercurial-13420=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mercurial-13420=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-2.3.2-0.18.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-debuginfo-2.3.2-0.18.6.1 mercurial-debugsource-2.3.2-0.18.6.1 References: https://www.suse.com/security/cve/CVE-2017-17458.html https://bugzilla.suse.com/1071715 From sle-security-updates at lists.suse.com Wed Jan 17 19:09:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jan 2018 03:09:29 +0100 (CET) Subject: SUSE-SU-2018:0129-1: moderate: Security update for mercurial Message-ID: <20180118020929.64A24FCDD@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0129-1 Rating: moderate References: #1071715 Cross-References: CVE-2017-17458 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: - CVE-2017-17458: In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically. (bsc#1071715): Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-93=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-93=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): mercurial-2.8.2-15.6.1 mercurial-debuginfo-2.8.2-15.6.1 mercurial-debugsource-2.8.2-15.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): mercurial-2.8.2-15.6.1 mercurial-debuginfo-2.8.2-15.6.1 mercurial-debugsource-2.8.2-15.6.1 References: https://www.suse.com/security/cve/CVE-2017-17458.html https://bugzilla.suse.com/1071715 From sle-security-updates at lists.suse.com Thu Jan 18 07:07:29 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jan 2018 15:07:29 +0100 (CET) Subject: SUSE-SU-2018:0130-1: moderate: Security update for ImageMagick Message-ID: <20180118140729.8C725FD26@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0130-1 Rating: moderate References: #1047044 #1047898 #1050120 #1050606 #1051446 #1052468 #1052550 #1052710 #1052720 #1052731 #1052732 #1055065 #1055323 #1055434 #1055855 #1058640 #1059751 #1074123 #1074969 #1074973 #1074975 Cross-References: CVE-2017-10800 CVE-2017-11141 CVE-2017-11529 CVE-2017-11644 CVE-2017-11724 CVE-2017-12434 CVE-2017-12564 CVE-2017-12667 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13146 CVE-2017-13648 CVE-2017-13658 CVE-2017-14326 CVE-2017-14533 CVE-2017-17881 CVE-2017-18022 CVE-2018-5246 CVE-2018-5247 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973) - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969) - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720) - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065) - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446) - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731) - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732) - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323) - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044) - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434) - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898) - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120) - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468) - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550) - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710) - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640) - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606) - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855) - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751) - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-97=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-97=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-97=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-97=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-97=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-97=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-97=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-97=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-97=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.26.1 ImageMagick-debuginfo-6.8.8.1-71.26.1 ImageMagick-debugsource-6.8.8.1-71.26.1 libMagick++-6_Q16-3-6.8.8.1-71.26.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.26.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.26.1 ImageMagick-debuginfo-6.8.8.1-71.26.1 ImageMagick-debugsource-6.8.8.1-71.26.1 libMagick++-6_Q16-3-6.8.8.1-71.26.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.26.1 ImageMagick-debuginfo-6.8.8.1-71.26.1 ImageMagick-debugsource-6.8.8.1-71.26.1 ImageMagick-devel-6.8.8.1-71.26.1 libMagick++-6_Q16-3-6.8.8.1-71.26.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.26.1 libMagick++-devel-6.8.8.1-71.26.1 perl-PerlMagick-6.8.8.1-71.26.1 perl-PerlMagick-debuginfo-6.8.8.1-71.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.26.1 ImageMagick-debuginfo-6.8.8.1-71.26.1 ImageMagick-debugsource-6.8.8.1-71.26.1 ImageMagick-devel-6.8.8.1-71.26.1 libMagick++-6_Q16-3-6.8.8.1-71.26.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.26.1 libMagick++-devel-6.8.8.1-71.26.1 perl-PerlMagick-6.8.8.1-71.26.1 perl-PerlMagick-debuginfo-6.8.8.1-71.26.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-71.26.1 ImageMagick-debugsource-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.26.1 libMagickWand-6_Q16-1-6.8.8.1-71.26.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.26.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.26.1 ImageMagick-debugsource-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.26.1 libMagickWand-6_Q16-1-6.8.8.1-71.26.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.26.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.26.1 ImageMagick-debugsource-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.26.1 libMagickWand-6_Q16-1-6.8.8.1-71.26.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.26.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.26.1 ImageMagick-debuginfo-6.8.8.1-71.26.1 ImageMagick-debugsource-6.8.8.1-71.26.1 libMagick++-6_Q16-3-6.8.8.1-71.26.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.26.1 libMagickWand-6_Q16-1-6.8.8.1-71.26.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.26.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.26.1 ImageMagick-debuginfo-6.8.8.1-71.26.1 ImageMagick-debugsource-6.8.8.1-71.26.1 libMagick++-6_Q16-3-6.8.8.1-71.26.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.26.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.26.1 libMagickWand-6_Q16-1-6.8.8.1-71.26.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.26.1 References: https://www.suse.com/security/cve/CVE-2017-10800.html https://www.suse.com/security/cve/CVE-2017-11141.html https://www.suse.com/security/cve/CVE-2017-11529.html https://www.suse.com/security/cve/CVE-2017-11644.html https://www.suse.com/security/cve/CVE-2017-11724.html https://www.suse.com/security/cve/CVE-2017-12434.html https://www.suse.com/security/cve/CVE-2017-12564.html https://www.suse.com/security/cve/CVE-2017-12667.html https://www.suse.com/security/cve/CVE-2017-12670.html https://www.suse.com/security/cve/CVE-2017-12672.html https://www.suse.com/security/cve/CVE-2017-12675.html https://www.suse.com/security/cve/CVE-2017-13060.html https://www.suse.com/security/cve/CVE-2017-13146.html https://www.suse.com/security/cve/CVE-2017-13648.html https://www.suse.com/security/cve/CVE-2017-13658.html https://www.suse.com/security/cve/CVE-2017-14326.html https://www.suse.com/security/cve/CVE-2017-14533.html https://www.suse.com/security/cve/CVE-2017-17881.html https://www.suse.com/security/cve/CVE-2017-18022.html https://www.suse.com/security/cve/CVE-2018-5246.html https://www.suse.com/security/cve/CVE-2018-5247.html https://bugzilla.suse.com/1047044 https://bugzilla.suse.com/1047898 https://bugzilla.suse.com/1050120 https://bugzilla.suse.com/1050606 https://bugzilla.suse.com/1051446 https://bugzilla.suse.com/1052468 https://bugzilla.suse.com/1052550 https://bugzilla.suse.com/1052710 https://bugzilla.suse.com/1052720 https://bugzilla.suse.com/1052731 https://bugzilla.suse.com/1052732 https://bugzilla.suse.com/1055065 https://bugzilla.suse.com/1055323 https://bugzilla.suse.com/1055434 https://bugzilla.suse.com/1055855 https://bugzilla.suse.com/1058640 https://bugzilla.suse.com/1059751 https://bugzilla.suse.com/1074123 https://bugzilla.suse.com/1074969 https://bugzilla.suse.com/1074973 https://bugzilla.suse.com/1074975 From sle-security-updates at lists.suse.com Thu Jan 18 07:11:32 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jan 2018 15:11:32 +0100 (CET) Subject: SUSE-SU-2018:0132-1: moderate: Security update for ImageMagick Message-ID: <20180118141132.AC548FCDD@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0132-1 Rating: moderate References: #1042948 #1047044 #1047898 #1049373 #1050120 #1050606 #1051412 #1051446 #1052252 #1052468 #1052550 #1052710 #1052720 #1052731 #1052732 #1052771 #1055065 #1055323 #1055434 #1055855 #1058082 #1058640 #1059751 #1072902 #1074122 #1074123 #1074425 #1074610 #1074969 #1074973 #1074975 Cross-References: CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10800 CVE-2017-11141 CVE-2017-11449 CVE-2017-11529 CVE-2017-11644 CVE-2017-11724 CVE-2017-11751 CVE-2017-12430 CVE-2017-12434 CVE-2017-12564 CVE-2017-12642 CVE-2017-12667 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13146 CVE-2017-13648 CVE-2017-13658 CVE-2017-14249 CVE-2017-14326 CVE-2017-14533 CVE-2017-17680 CVE-2017-17881 CVE-2017-17882 CVE-2017-18022 CVE-2017-9409 CVE-2018-5246 CVE-2018-5247 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720). - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065). - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446). - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731). - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732). - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323). - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044) - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434). - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898). - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120). - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468). - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550). - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710). - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640). - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606). - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855). - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751). - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123). - CVE-2017-1000476: Prevent CPU exhaustion in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610). - CVE-2017-9409: Fixed a memory leak vulnerability in the function ReadMPCImage in mpc.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1042948). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373) - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252) - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771) - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082) - CVE-2017-1000445: Added a NUL pointer check in the MagickCore component that might have lead to denial of service (bsc#1074425). - CVE-2017-11751: Fixed a memory leak vulnerability in the function WritePICONImage in coders/xpm.c that allowed remote attackers to cause a denial of service via a crafted file (bsc#1051412). - CVE-2017-17680: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted xpm image file (bsc#1072902). - CVE-2017-17882: Fixed a memory leak vulnerability in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (bsc#1074122). - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973). - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13422=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13422=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13422=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.78.22.1 ImageMagick-devel-6.4.3.6-7.78.22.1 libMagick++-devel-6.4.3.6-7.78.22.1 libMagick++1-6.4.3.6-7.78.22.1 libMagickWand1-6.4.3.6-7.78.22.1 perl-PerlMagick-6.4.3.6-7.78.22.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.78.22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.78.22.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.78.22.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.78.22.1 ImageMagick-debugsource-6.4.3.6-7.78.22.1 References: https://www.suse.com/security/cve/CVE-2017-1000445.html https://www.suse.com/security/cve/CVE-2017-1000476.html https://www.suse.com/security/cve/CVE-2017-10800.html https://www.suse.com/security/cve/CVE-2017-11141.html https://www.suse.com/security/cve/CVE-2017-11449.html https://www.suse.com/security/cve/CVE-2017-11529.html https://www.suse.com/security/cve/CVE-2017-11644.html https://www.suse.com/security/cve/CVE-2017-11724.html https://www.suse.com/security/cve/CVE-2017-11751.html https://www.suse.com/security/cve/CVE-2017-12430.html https://www.suse.com/security/cve/CVE-2017-12434.html https://www.suse.com/security/cve/CVE-2017-12564.html https://www.suse.com/security/cve/CVE-2017-12642.html https://www.suse.com/security/cve/CVE-2017-12667.html https://www.suse.com/security/cve/CVE-2017-12670.html https://www.suse.com/security/cve/CVE-2017-12672.html https://www.suse.com/security/cve/CVE-2017-12675.html https://www.suse.com/security/cve/CVE-2017-13060.html https://www.suse.com/security/cve/CVE-2017-13146.html https://www.suse.com/security/cve/CVE-2017-13648.html https://www.suse.com/security/cve/CVE-2017-13658.html https://www.suse.com/security/cve/CVE-2017-14249.html https://www.suse.com/security/cve/CVE-2017-14326.html https://www.suse.com/security/cve/CVE-2017-14533.html https://www.suse.com/security/cve/CVE-2017-17680.html https://www.suse.com/security/cve/CVE-2017-17881.html https://www.suse.com/security/cve/CVE-2017-17882.html https://www.suse.com/security/cve/CVE-2017-18022.html https://www.suse.com/security/cve/CVE-2017-9409.html https://www.suse.com/security/cve/CVE-2018-5246.html https://www.suse.com/security/cve/CVE-2018-5247.html https://bugzilla.suse.com/1042948 https://bugzilla.suse.com/1047044 https://bugzilla.suse.com/1047898 https://bugzilla.suse.com/1049373 https://bugzilla.suse.com/1050120 https://bugzilla.suse.com/1050606 https://bugzilla.suse.com/1051412 https://bugzilla.suse.com/1051446 https://bugzilla.suse.com/1052252 https://bugzilla.suse.com/1052468 https://bugzilla.suse.com/1052550 https://bugzilla.suse.com/1052710 https://bugzilla.suse.com/1052720 https://bugzilla.suse.com/1052731 https://bugzilla.suse.com/1052732 https://bugzilla.suse.com/1052771 https://bugzilla.suse.com/1055065 https://bugzilla.suse.com/1055323 https://bugzilla.suse.com/1055434 https://bugzilla.suse.com/1055855 https://bugzilla.suse.com/1058082 https://bugzilla.suse.com/1058640 https://bugzilla.suse.com/1059751 https://bugzilla.suse.com/1072902 https://bugzilla.suse.com/1074122 https://bugzilla.suse.com/1074123 https://bugzilla.suse.com/1074425 https://bugzilla.suse.com/1074610 https://bugzilla.suse.com/1074969 https://bugzilla.suse.com/1074973 https://bugzilla.suse.com/1074975 From sle-security-updates at lists.suse.com Thu Jan 18 10:11:02 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Jan 2018 18:11:02 +0100 (CET) Subject: SUSE-SU-2018:0135-1: moderate: Security update for gd Message-ID: <20180118171102.3ACEDFCDD@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0135-1 Rating: moderate References: #1056993 Cross-References: CVE-2017-6362 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gd fixes one issues. This security issue was fixed: - CVE-2017-6362: Prevent double-free in gdImagePngPtr() that potentially allowed for DoS or remote code execution (bsc#1056993). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-100=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-100=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-100=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-100=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-100=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-100=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-100=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-100=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-100=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gd-32bit-2.1.0-24.3.4 gd-debuginfo-32bit-2.1.0-24.3.4 gd-debugsource-2.1.0-24.3.4 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gd-32bit-2.1.0-24.3.4 gd-debuginfo-32bit-2.1.0-24.3.4 gd-debugsource-2.1.0-24.3.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.1.0-24.3.4 gd-debugsource-2.1.0-24.3.4 gd-devel-2.1.0-24.3.4 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gd-debuginfo-2.1.0-24.3.4 gd-debugsource-2.1.0-24.3.4 gd-devel-2.1.0-24.3.4 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gd-2.1.0-24.3.4 gd-debuginfo-2.1.0-24.3.4 gd-debugsource-2.1.0-24.3.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gd-2.1.0-24.3.4 gd-debuginfo-2.1.0-24.3.4 gd-debugsource-2.1.0-24.3.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): gd-2.1.0-24.3.4 gd-debuginfo-2.1.0-24.3.4 gd-debugsource-2.1.0-24.3.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gd-2.1.0-24.3.4 gd-32bit-2.1.0-24.3.4 gd-debuginfo-2.1.0-24.3.4 gd-debuginfo-32bit-2.1.0-24.3.4 gd-debugsource-2.1.0-24.3.4 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gd-2.1.0-24.3.4 gd-32bit-2.1.0-24.3.4 gd-debuginfo-2.1.0-24.3.4 gd-debuginfo-32bit-2.1.0-24.3.4 gd-debugsource-2.1.0-24.3.4 References: https://www.suse.com/security/cve/CVE-2017-6362.html https://bugzilla.suse.com/1056993 From sle-security-updates at lists.suse.com Fri Jan 19 10:09:10 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 19 Jan 2018 18:09:10 +0100 (CET) Subject: SUSE-SU-2018:0140-1: important: Security update for xmltooling Message-ID: <20180119170910.0F3C4FD2E@maintenance.suse.de> SUSE Security Update: Security update for xmltooling ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0140-1 Rating: important References: #1075975 Cross-References: CVE-2018-0486 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xmltooling fixes the following issues: - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD (bsc#1075975) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-107=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-107=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-107=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-107=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-107=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libxmltooling-devel-1.5.6-3.3.2 xmltooling-debugsource-1.5.6-3.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libxmltooling-devel-1.5.6-3.3.2 xmltooling-debugsource-1.5.6-3.3.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libxmltooling6-1.5.6-3.3.2 libxmltooling6-debuginfo-1.5.6-3.3.2 xmltooling-debugsource-1.5.6-3.3.2 xmltooling-schemas-1.5.6-3.3.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libxmltooling6-1.5.6-3.3.2 libxmltooling6-debuginfo-1.5.6-3.3.2 xmltooling-debugsource-1.5.6-3.3.2 xmltooling-schemas-1.5.6-3.3.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libxmltooling6-1.5.6-3.3.2 libxmltooling6-debuginfo-1.5.6-3.3.2 xmltooling-debugsource-1.5.6-3.3.2 xmltooling-schemas-1.5.6-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-0486.html https://bugzilla.suse.com/1075975 From sle-security-updates at lists.suse.com Mon Jan 22 07:08:21 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Jan 2018 15:08:21 +0100 (CET) Subject: SUSE-SU-2018:0170-1: important: Security update for perl-XML-LibXML Message-ID: <20180122140821.09D60FD2E@maintenance.suse.de> SUSE Security Update: Security update for perl-XML-LibXML ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0170-1 Rating: important References: #1046848 Cross-References: CVE-2017-10672 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-XML-LibXML fixes the following issues: - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call (bsc#1046848) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perl-XML-LibXML-13426=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-perl-XML-LibXML-13426=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-perl-XML-LibXML-13426=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perl-XML-LibXML-13426=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-perl-XML-LibXML-13426=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-XML-LibXML-1.66-3.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): perl-XML-LibXML-1.66-3.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): perl-XML-LibXML-1.66-3.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-XML-LibXML-debuginfo-1.66-3.3.1 perl-XML-LibXML-debugsource-1.66-3.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): perl-XML-LibXML-debuginfo-1.66-3.3.1 perl-XML-LibXML-debugsource-1.66-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-10672.html https://bugzilla.suse.com/1046848 From sle-security-updates at lists.suse.com Mon Jan 22 07:08:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Jan 2018 15:08:49 +0100 (CET) Subject: SUSE-SU-2018:0171-1: important: Security update for the Linux Kernel Message-ID: <20180122140849.2BFE5FD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0171-1 Rating: important References: #1068032 Cross-References: CVE-2017-5715 CVE-2017-5753 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown" attack. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-20180111-13427=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20180111-13427=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-20180111-13427=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-3.0.101-0.47.106.14.1 kernel-default-base-3.0.101-0.47.106.14.1 kernel-default-devel-3.0.101-0.47.106.14.1 kernel-default-man-3.0.101-0.47.106.14.1 kernel-source-3.0.101-0.47.106.14.1 kernel-syms-3.0.101-0.47.106.14.1 kernel-trace-3.0.101-0.47.106.14.1 kernel-trace-base-3.0.101-0.47.106.14.1 kernel-trace-devel-3.0.101-0.47.106.14.1 - SUSE Linux Enterprise Server 11-EXTRA (s390x): kernel-default-extra-3.0.101-0.47.106.14.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): kernel-default-debuginfo-3.0.101-0.47.106.14.1 kernel-default-debugsource-3.0.101-0.47.106.14.1 kernel-trace-debuginfo-3.0.101-0.47.106.14.1 kernel-trace-debugsource-3.0.101-0.47.106.14.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://bugzilla.suse.com/1068032 From sle-security-updates at lists.suse.com Mon Jan 22 10:10:05 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Jan 2018 18:10:05 +0100 (CET) Subject: SUSE-SU-2018:0172-1: moderate: Security update for rsync Message-ID: <20180122171005.8521BFD2E@maintenance.suse.de> SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0172-1 Rating: moderate References: #1076503 Cross-References: CVE-2018-5764 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsync fixes one issues. This security issue was fixed: - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-rsync-13428=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-rsync-13428=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): rsync-3.0.4-2.53.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): rsync-debuginfo-3.0.4-2.53.6.1 rsync-debugsource-3.0.4-2.53.6.1 References: https://www.suse.com/security/cve/CVE-2018-5764.html https://bugzilla.suse.com/1076503 From sle-security-updates at lists.suse.com Mon Jan 22 10:10:44 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Jan 2018 18:10:44 +0100 (CET) Subject: SUSE-SU-2018:0173-1: moderate: Security update for procmail Message-ID: <20180122171044.92D03FD2E@maintenance.suse.de> SUSE Security Update: Security update for procmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0173-1 Rating: moderate References: #1068648 Cross-References: CVE-2017-16844 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for procmail fixes the following issues: - CVE-2017-16844: Heap-based buffer overflow in loadbuf function could lead to remote denial of service (bsc#1068648) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-118=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-118=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-118=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-118=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-118=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): procmail-3.22-269.3.5 procmail-debuginfo-3.22-269.3.5 procmail-debugsource-3.22-269.3.5 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): procmail-3.22-269.3.5 procmail-debuginfo-3.22-269.3.5 procmail-debugsource-3.22-269.3.5 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): procmail-3.22-269.3.5 procmail-debuginfo-3.22-269.3.5 procmail-debugsource-3.22-269.3.5 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): procmail-3.22-269.3.5 procmail-debuginfo-3.22-269.3.5 procmail-debugsource-3.22-269.3.5 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): procmail-3.22-269.3.5 procmail-debuginfo-3.22-269.3.5 procmail-debugsource-3.22-269.3.5 References: https://www.suse.com/security/cve/CVE-2017-16844.html https://bugzilla.suse.com/1068648 From sle-security-updates at lists.suse.com Mon Jan 22 10:11:22 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 22 Jan 2018 18:11:22 +0100 (CET) Subject: SUSE-SU-2018:0174-1: moderate: Security update for rsync Message-ID: <20180122171122.29193FD2E@maintenance.suse.de> SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0174-1 Rating: moderate References: #1076503 Cross-References: CVE-2018-5764 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsync fixes one issues. This security issue was fixed: - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-116=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-116=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-116=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-116=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-116=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-116=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-116=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): rsync-3.1.0-13.10.1 rsync-debuginfo-3.1.0-13.10.1 rsync-debugsource-3.1.0-13.10.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): rsync-3.1.0-13.10.1 rsync-debuginfo-3.1.0-13.10.1 rsync-debugsource-3.1.0-13.10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): rsync-3.1.0-13.10.1 rsync-debuginfo-3.1.0-13.10.1 rsync-debugsource-3.1.0-13.10.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): rsync-3.1.0-13.10.1 rsync-debuginfo-3.1.0-13.10.1 rsync-debugsource-3.1.0-13.10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): rsync-3.1.0-13.10.1 rsync-debuginfo-3.1.0-13.10.1 rsync-debugsource-3.1.0-13.10.1 - SUSE CaaS Platform ALL (x86_64): rsync-3.1.0-13.10.1 rsync-debuginfo-3.1.0-13.10.1 rsync-debugsource-3.1.0-13.10.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): rsync-3.1.0-13.10.1 rsync-debuginfo-3.1.0-13.10.1 rsync-debugsource-3.1.0-13.10.1 References: https://www.suse.com/security/cve/CVE-2018-5764.html https://bugzilla.suse.com/1076503 From sle-security-updates at lists.suse.com Tue Jan 23 07:07:33 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jan 2018 15:07:33 +0100 (CET) Subject: SUSE-SU-2018:0178-1: moderate: Security update for ncurses Message-ID: <20180123140733.63EAAFD2E@maintenance.suse.de> SUSE Security Update: Security update for ncurses ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0178-1 Rating: moderate References: #1056127 Cross-References: CVE-2017-13733 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ncurses-13430=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ncurses-13430=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ncurses-13430=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): ncurses-devel-5.6-93.15.1 tack-5.6-93.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): ncurses-devel-32bit-5.6-93.15.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libncurses5-5.6-93.15.1 libncurses6-5.6-93.15.1 ncurses-devel-5.6-93.15.1 ncurses-utils-5.6-93.15.1 tack-5.6-93.15.1 terminfo-5.6-93.15.1 terminfo-base-5.6-93.15.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libncurses5-32bit-5.6-93.15.1 libncurses6-32bit-5.6-93.15.1 ncurses-devel-32bit-5.6-93.15.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libncurses5-x86-5.6-93.15.1 libncurses6-x86-5.6-93.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ncurses-debuginfo-5.6-93.15.1 ncurses-debugsource-5.6-93.15.1 References: https://www.suse.com/security/cve/CVE-2017-13733.html https://bugzilla.suse.com/1056127 From sle-security-updates at lists.suse.com Tue Jan 23 07:07:59 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jan 2018 15:07:59 +0100 (CET) Subject: SUSE-SU-2018:0179-1: moderate: Security update for wireshark Message-ID: <20180123140759.24E8BFD2E@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0179-1 Rating: moderate References: #1074171 #1075737 #1075738 #1075739 #1075748 Cross-References: CVE-2017-17935 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for wireshark to version 2.2.12 fixes the following issues: - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of "\n" in file_read_line function could have lead to denial of service (bsc#1074171) This release no longer enables the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (bsc#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-13431=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-13431=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-13431=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-2.2.12-40.17.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libwireshark8-2.2.12-40.17.1 libwiretap6-2.2.12-40.17.1 libwscodecs1-2.2.12-40.17.1 libwsutil7-2.2.12-40.17.1 wireshark-2.2.12-40.17.1 wireshark-gtk-2.2.12-40.17.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwireshark8-2.2.12-40.17.1 libwiretap6-2.2.12-40.17.1 libwscodecs1-2.2.12-40.17.1 libwsutil7-2.2.12-40.17.1 wireshark-2.2.12-40.17.1 wireshark-gtk-2.2.12-40.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-2.2.12-40.17.1 wireshark-debugsource-2.2.12-40.17.1 References: https://www.suse.com/security/cve/CVE-2017-17935.html https://www.suse.com/security/cve/CVE-2018-5334.html https://www.suse.com/security/cve/CVE-2018-5335.html https://www.suse.com/security/cve/CVE-2018-5336.html https://bugzilla.suse.com/1074171 https://bugzilla.suse.com/1075737 https://bugzilla.suse.com/1075738 https://bugzilla.suse.com/1075739 https://bugzilla.suse.com/1075748 From sle-security-updates at lists.suse.com Tue Jan 23 10:09:43 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jan 2018 18:09:43 +0100 (CET) Subject: SUSE-SU-2018:0180-1: important: Security update for the Linux Kernel Message-ID: <20180123170943.669F5FD2E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0180-1 Rating: important References: #1012917 #1013018 #1024612 #1034862 #1045205 #1045479 #1045538 #1047487 #1048185 #1050231 #1050431 #1051133 #1054305 #1056982 #1063043 #1064803 #1064861 #1065180 #1065600 #1066471 #1066472 #1066569 #1066573 #1066606 #1066618 #1066625 #1066650 #1066671 #1066693 #1066700 #1066705 #1066973 #1067085 #1067816 #1067888 #1068032 #1068671 #1068984 #1069702 #1070771 #1070964 #1071074 #1071470 #1071695 #1072457 #1072561 #1072876 #1073792 #1073874 #1074709 Cross-References: CVE-2017-11600 CVE-2017-13167 CVE-2017-14106 CVE-2017-15102 CVE-2017-15115 CVE-2017-15868 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16538 CVE-2017-16649 CVE-2017-16939 CVE-2017-17450 CVE-2017-17558 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7472 CVE-2017-8824 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 26 vulnerabilities and has 24 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 realtime kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. This is done with help of Linux Kernel fixes on the Intel/AMD x86_64 architectures. On x86_64, this requires also updates of the CPU microcode packages, delivered in seperate updates. As this feature can have a performance impact, it can be disabled using the "nospec" kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation" and "PTI" / "Page Table Isolation". The following security bugs were fixed: - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-13167: An elevation of privilege vulnerability in the kernel sound timer was fixed. (bnc#1072876). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel did not ensure that an l2cap socket is available, which allowed local users to gain privileges via a crafted application (bnc#1071470). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16534: The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066693). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel allowed local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner) (bnc#1066569). - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-17558: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel did not consider the maximum number of configurations and interfaces before attempting to release resources, which allowed local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device (bnc#1072561). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-7472: The KEYS subsystem in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). The following non-security bugs were fixed: - Add upstream RT preemption points to block/blk-iopoll.c and net/core/dev.c - adm80211: return an error if adm8211_alloc_rings() fails (bsc#1048185). - alsa: core: Fix unexpected error at replacing user TLV (bsc#1045538). - alsa: hda/ca0132 - Fix memory leak at error path (bsc#1045538). - alsa: timer: Add missing mutex lock for compat ioctls (bsc#1045538). - asm alternatives: remove incorrect alignment notes. - audit: Fix use after free in audit_remove_watch_rule() (bsc#1045205). - autofs: do not fail mount for transient error (bsc#1065180). - autofs: fix careless error in recent commit (bsc#1065180). - blacklist.conf: Add PCI ASPM fix to blacklist (bsc#1045538) - blacklist.conf: Blacklisted commit 2b1be689f3aadcfe0 ("printk/console: Always disable boot consoles that use init memory before it is freed") - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - carl9170: prevent speculative execution (bnc#1068032). - dm bufio: fix integer overflow when limiting maximum cache size (git-fixes). - ecryptfs: fix dereference of NULL user_key_payload (bsc#1013018). - eCryptfs: use after free in ecryptfs_release_messaging() (bsc#1013018). - fnic: Use the local variable instead of I/O flag to acquire io_req_lock in fnic_queuecommand() to avoid deadloack (bsc#1067816). - fs/9p: Compare qid.path in v9fs_test_inode (bsc#1013018). - fs-cache: fix dereference of NULL user_key_payload (git-fixes). - fs: prevent speculative execution (bnc#1068032). [jkosina at suse.cz: hack around kABI; this should be done in separate patch in patches.kabi eventually] - isa: Prevent NULL dereference in isa_bus driver callbacks (bsc#1045538). - kabi fix for new hash_cred function (bsc#1012917). - kabi: silence spurious kabi error in net/sctp/socket.c (bsc#1068671). - kaiser: add "nokaiser" boot option, using ALTERNATIVE. - kaiser: fix ldt freeing. - kaiser: Kernel Address Isolation. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: work around kABI. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - lpfc: check for valid scsi cmnd in lpfc_scsi_cmd_iocb_cmpl() (bsc#1051133). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - media: cx231xx-cards: fix NULL-deref at probe (bsc#1050431). - mm/madvise.c: fix madvise() infinite loop under special circumstances (bnc#1070964). - mm/mmu_context, sched/core: Fix mmu_context.h assumption. - nfs: Fix ugly referral attributes (git-fixes). - nfs: improve shinking of access cache (bsc#1012917). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Correct instruction code for xxlor instruction (bsc#1064861, git-fixes). - powerpc: Fix emulation of mfocrf in emulate_step() (bsc#1064861, git-fixes). - powerpc/mm: Fix check of multiple 16G pages from device tree (bsc#1064861, git-fixes). - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister (bsc#1067888, git-fixes f2ab6219969f). - powerpc-rfi-flush.patch: disable due to boot failure - powerpc: Secure memory rfi flush (bsc#1068032). - pti: unbreak EFI (bsc#1074709). - ptrace: Add a new thread access check (bsc#1068032). - qeth: check not more than 16 SBALEs on the completion queue (bnc#1072457, LTC#148203). - Revert "mac80211: accept key reinstall without changing anything" - s390: add ppa to system call and program check path (bsc#1068032). - s390/disassembler: correct disassembly lines alignment (bnc#1066973, LTC#161577). - s390/disassembler: increase show_code buffer size (bnc#1066973, LTC#161577). - s390: fix transactional execution control register handling (bnc#1072457, LTC#162116). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier. - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler. - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off(). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return "Illegal Request - Logical unit not supported" and processing should leave the timeout loop in this case. - scsi: zfcp: fix erp_action use-before-initialize in REC action trace (bnc#1066973, LTC#160081). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - temporary fix (bsc#1068032). - udf: prevent speculative execution (bnc#1068032). - usb: host: fix incorrect updating of offset (bsc#1047487). - usb-serial: check for NULL private data in pl2303_suse_disconnect (bsc#1064803). - usb: uas: fix bug in handling of alternate settings (bsc#1071074). - uvcvideo: prevent speculative execution (bnc#1068032). - video: udlfb: Fix read EDID timeout (bsc#1045538). - watchdog: hpwdt: add support for iLO5 (bsc#1024612). - watchdog/hpwdt: Check source of NMI (bsc#1024612). - x86-64: Give vvars their own page. - x86-64: Map the HPET NX. - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add instruction padding. - x86/alternatives: Cleanup DPRINTK macro. - x86/alternatives: Make JMPs more robust. - x86/alternatives: Use optimized NOPs for padding. - x86/boot: Add early cmdline parsing for options with arguments. - x86, boot: Carve out early cmdline parsing function. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option (bsc#1065600). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: disable vmstat accounting. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: propagate info to /proc/cpuinfo. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86: Make alternative instruction pointers relative. - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305). - x86/mm/64: Fix reboot interaction with CR4.PCIDE. - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID. - x86/mm: Add INVPCID helpers. - x86/mm: Add the 'nopcid' boot option to turn off PCID. - x86/mm: Build arch/x86/mm/tlb.c even on !SMP. - x86/mm: Disable PCID on 32-bit kernels. - x86/mm: Enable CR4.PCIDE on supported systems. - x86/mm: fix bad backport to disable PCID on Xen. - x86/mm: Fix INVPCID asm constraint. - x86/mm: If INVPCID is available, use it to flush global mappings. - x86/mm/kaiser: re-enable vsyscalls. - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - x86/mm, sched/core: Turn off IRQs in switch_mm(). - x86/mm, sched/core: Uninline switch_mm(). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add "nospec" chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). - xen/kaiser: add "nokaiser" boot option, using ALTERNATIVE. - xen/KAISER: Kernel Address Isolation. - xen/kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - xen/kaiser: work around kABI. - xen/x86-64: Give vvars their own page. - xen/x86-64: Map the HPET NX. - xen/x86/alternatives: Add instruction padding. - xen/x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - xen/x86/mm: Enable CR4.PCIDE on supported systems. - xen/x86/mm/kaiser: re-enable vsyscalls. - xen/x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code. - xen: x86/mm, sched/core: Turn off IRQs in switch_mm(). - xen: x86/mm, sched/core: Uninline switch_mm(). - zd1211rw: fix NULL-deref at probe (bsc#1045479). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-rt-20180111-13432=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-rt-20180111-13432=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-69.14.1 kernel-rt-base-3.0.101.rt130-69.14.1 kernel-rt-devel-3.0.101.rt130-69.14.1 kernel-rt_trace-3.0.101.rt130-69.14.1 kernel-rt_trace-base-3.0.101.rt130-69.14.1 kernel-rt_trace-devel-3.0.101.rt130-69.14.1 kernel-source-rt-3.0.101.rt130-69.14.1 kernel-syms-rt-3.0.101.rt130-69.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-69.14.1 kernel-rt-debugsource-3.0.101.rt130-69.14.1 kernel-rt_debug-debuginfo-3.0.101.rt130-69.14.1 kernel-rt_debug-debugsource-3.0.101.rt130-69.14.1 kernel-rt_trace-debuginfo-3.0.101.rt130-69.14.1 kernel-rt_trace-debugsource-3.0.101.rt130-69.14.1 References: https://www.suse.com/security/cve/CVE-2017-11600.html https://www.suse.com/security/cve/CVE-2017-13167.html https://www.suse.com/security/cve/CVE-2017-14106.html https://www.suse.com/security/cve/CVE-2017-15102.html https://www.suse.com/security/cve/CVE-2017-15115.html https://www.suse.com/security/cve/CVE-2017-15868.html https://www.suse.com/security/cve/CVE-2017-16525.html https://www.suse.com/security/cve/CVE-2017-16527.html https://www.suse.com/security/cve/CVE-2017-16529.html https://www.suse.com/security/cve/CVE-2017-16531.html https://www.suse.com/security/cve/CVE-2017-16534.html https://www.suse.com/security/cve/CVE-2017-16535.html https://www.suse.com/security/cve/CVE-2017-16536.html https://www.suse.com/security/cve/CVE-2017-16537.html https://www.suse.com/security/cve/CVE-2017-16538.html https://www.suse.com/security/cve/CVE-2017-16649.html https://www.suse.com/security/cve/CVE-2017-16939.html https://www.suse.com/security/cve/CVE-2017-17450.html https://www.suse.com/security/cve/CVE-2017-17558.html https://www.suse.com/security/cve/CVE-2017-17805.html https://www.suse.com/security/cve/CVE-2017-17806.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2017-5754.html https://www.suse.com/security/cve/CVE-2017-7472.html https://www.suse.com/security/cve/CVE-2017-8824.html https://bugzilla.suse.com/1012917 https://bugzilla.suse.com/1013018 https://bugzilla.suse.com/1024612 https://bugzilla.suse.com/1034862 https://bugzilla.suse.com/1045205 https://bugzilla.suse.com/1045479 https://bugzilla.suse.com/1045538 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1048185 https://bugzilla.suse.com/1050231 https://bugzilla.suse.com/1050431 https://bugzilla.suse.com/1051133 https://bugzilla.suse.com/1054305 https://bugzilla.suse.com/1056982 https://bugzilla.suse.com/1063043 https://bugzilla.suse.com/1064803 https://bugzilla.suse.com/1064861 https://bugzilla.suse.com/1065180 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 https://bugzilla.suse.com/1066569 https://bugzilla.suse.com/1066573 https://bugzilla.suse.com/1066606 https://bugzilla.suse.com/1066618 https://bugzilla.suse.com/1066625 https://bugzilla.suse.com/1066650 https://bugzilla.suse.com/1066671 https://bugzilla.suse.com/1066693 https://bugzilla.suse.com/1066700 https://bugzilla.suse.com/1066705 https://bugzilla.suse.com/1066973 https://bugzilla.suse.com/1067085 https://bugzilla.suse.com/1067816 https://bugzilla.suse.com/1067888 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068671 https://bugzilla.suse.com/1068984 https://bugzilla.suse.com/1069702 https://bugzilla.suse.com/1070771 https://bugzilla.suse.com/1070964 https://bugzilla.suse.com/1071074 https://bugzilla.suse.com/1071470 https://bugzilla.suse.com/1071695 https://bugzilla.suse.com/1072457 https://bugzilla.suse.com/1072561 https://bugzilla.suse.com/1072876 https://bugzilla.suse.com/1073792 https://bugzilla.suse.com/1073874 https://bugzilla.suse.com/1074709 From sle-security-updates at lists.suse.com Tue Jan 23 10:19:44 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Jan 2018 18:19:44 +0100 (CET) Subject: SUSE-SU-2018:0181-1: moderate: Security update for libvpx Message-ID: <20180123171944.9ABB2FD2E@maintenance.suse.de> SUSE Security Update: Security update for libvpx ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0181-1 Rating: moderate References: #1075992 Cross-References: CVE-2017-13194 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvpx fixes one issues. This security issue was fixed: - CVE-2017-13194: Fixed incorrect memory allocation related to odd frame width (bsc#1075992). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2018-127=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2018-127=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-127=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-127=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-127=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-127=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-127=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-127=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-127=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libvpx-debugsource-1.3.0-3.3.1 libvpx1-32bit-1.3.0-3.3.1 libvpx1-debuginfo-32bit-1.3.0-3.3.1 vpx-tools-1.3.0-3.3.1 vpx-tools-debuginfo-1.3.0-3.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libvpx-debugsource-1.3.0-3.3.1 libvpx1-32bit-1.3.0-3.3.1 libvpx1-debuginfo-32bit-1.3.0-3.3.1 vpx-tools-1.3.0-3.3.1 vpx-tools-debuginfo-1.3.0-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.3.0-3.3.1 libvpx-devel-1.3.0-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.3.0-3.3.1 libvpx-devel-1.3.0-3.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libvpx-debugsource-1.3.0-3.3.1 libvpx1-1.3.0-3.3.1 libvpx1-debuginfo-1.3.0-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.3.0-3.3.1 libvpx1-1.3.0-3.3.1 libvpx1-debuginfo-1.3.0-3.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.3.0-3.3.1 libvpx1-1.3.0-3.3.1 libvpx1-debuginfo-1.3.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvpx-debugsource-1.3.0-3.3.1 libvpx1-1.3.0-3.3.1 libvpx1-32bit-1.3.0-3.3.1 libvpx1-debuginfo-1.3.0-3.3.1 libvpx1-debuginfo-32bit-1.3.0-3.3.1 vpx-tools-1.3.0-3.3.1 vpx-tools-debuginfo-1.3.0-3.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libvpx-debugsource-1.3.0-3.3.1 libvpx1-1.3.0-3.3.1 libvpx1-32bit-1.3.0-3.3.1 libvpx1-debuginfo-1.3.0-3.3.1 libvpx1-debuginfo-32bit-1.3.0-3.3.1 vpx-tools-1.3.0-3.3.1 vpx-tools-debuginfo-1.3.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-13194.html https://bugzilla.suse.com/1075992 From sle-security-updates at lists.suse.com Wed Jan 24 07:07:22 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Jan 2018 15:07:22 +0100 (CET) Subject: SUSE-SU-2018:0191-1: moderate: Security update for wireshark Message-ID: <20180124140722.478C8FD29@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0191-1 Rating: moderate References: #1074171 #1075737 #1075738 #1075739 #1075748 Cross-References: CVE-2017-17935 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for wireshark to version 2.2.12 fixes the following issues: - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of "\n" in file_read_line function could have lead to denial of service (bsc#1074171) This release no longer enables the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (bsc#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-134=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-134=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-134=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-134=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-134=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-134=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-134=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.2.12-48.18.1 wireshark-debugsource-2.2.12-48.18.1 wireshark-devel-2.2.12-48.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.2.12-48.18.1 wireshark-debugsource-2.2.12-48.18.1 wireshark-devel-2.2.12-48.18.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libwireshark8-2.2.12-48.18.1 libwireshark8-debuginfo-2.2.12-48.18.1 libwiretap6-2.2.12-48.18.1 libwiretap6-debuginfo-2.2.12-48.18.1 libwscodecs1-2.2.12-48.18.1 libwscodecs1-debuginfo-2.2.12-48.18.1 libwsutil7-2.2.12-48.18.1 libwsutil7-debuginfo-2.2.12-48.18.1 wireshark-2.2.12-48.18.1 wireshark-debuginfo-2.2.12-48.18.1 wireshark-debugsource-2.2.12-48.18.1 wireshark-gtk-2.2.12-48.18.1 wireshark-gtk-debuginfo-2.2.12-48.18.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark8-2.2.12-48.18.1 libwireshark8-debuginfo-2.2.12-48.18.1 libwiretap6-2.2.12-48.18.1 libwiretap6-debuginfo-2.2.12-48.18.1 libwscodecs1-2.2.12-48.18.1 libwscodecs1-debuginfo-2.2.12-48.18.1 libwsutil7-2.2.12-48.18.1 libwsutil7-debuginfo-2.2.12-48.18.1 wireshark-2.2.12-48.18.1 wireshark-debuginfo-2.2.12-48.18.1 wireshark-debugsource-2.2.12-48.18.1 wireshark-gtk-2.2.12-48.18.1 wireshark-gtk-debuginfo-2.2.12-48.18.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libwireshark8-2.2.12-48.18.1 libwireshark8-debuginfo-2.2.12-48.18.1 libwiretap6-2.2.12-48.18.1 libwiretap6-debuginfo-2.2.12-48.18.1 libwscodecs1-2.2.12-48.18.1 libwscodecs1-debuginfo-2.2.12-48.18.1 libwsutil7-2.2.12-48.18.1 libwsutil7-debuginfo-2.2.12-48.18.1 wireshark-2.2.12-48.18.1 wireshark-debuginfo-2.2.12-48.18.1 wireshark-debugsource-2.2.12-48.18.1 wireshark-gtk-2.2.12-48.18.1 wireshark-gtk-debuginfo-2.2.12-48.18.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark8-2.2.12-48.18.1 libwireshark8-debuginfo-2.2.12-48.18.1 libwiretap6-2.2.12-48.18.1 libwiretap6-debuginfo-2.2.12-48.18.1 libwscodecs1-2.2.12-48.18.1 libwscodecs1-debuginfo-2.2.12-48.18.1 libwsutil7-2.2.12-48.18.1 libwsutil7-debuginfo-2.2.12-48.18.1 wireshark-2.2.12-48.18.1 wireshark-debuginfo-2.2.12-48.18.1 wireshark-debugsource-2.2.12-48.18.1 wireshark-gtk-2.2.12-48.18.1 wireshark-gtk-debuginfo-2.2.12-48.18.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libwireshark8-2.2.12-48.18.1 libwireshark8-debuginfo-2.2.12-48.18.1 libwiretap6-2.2.12-48.18.1 libwiretap6-debuginfo-2.2.12-48.18.1 libwscodecs1-2.2.12-48.18.1 libwscodecs1-debuginfo-2.2.12-48.18.1 libwsutil7-2.2.12-48.18.1 libwsutil7-debuginfo-2.2.12-48.18.1 wireshark-2.2.12-48.18.1 wireshark-debuginfo-2.2.12-48.18.1 wireshark-debugsource-2.2.12-48.18.1 wireshark-gtk-2.2.12-48.18.1 wireshark-gtk-debuginfo-2.2.12-48.18.1 References: https://www.suse.com/security/cve/CVE-2017-17935.html https://www.suse.com/security/cve/CVE-2018-5334.html https://www.suse.com/security/cve/CVE-2018-5335.html https://www.suse.com/security/cve/CVE-2018-5336.html https://bugzilla.suse.com/1074171 https://bugzilla.suse.com/1075737 https://bugzilla.suse.com/1075738 https://bugzilla.suse.com/1075739 https://bugzilla.suse.com/1075748 From sle-security-updates at lists.suse.com Wed Jan 24 10:09:38 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Jan 2018 18:09:38 +0100 (CET) Subject: SUSE-SU-2018:0193-1: moderate: Security update for libexif Message-ID: <20180124170938.509D9FD29@maintenance.suse.de> SUSE Security Update: Security update for libexif ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0193-1 Rating: moderate References: #1055857 #1059893 Cross-References: CVE-2016-6328 CVE-2017-7544 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libexif fixes several issues. These security issues were fixed: - CVE-2016-6328: Fixed integer overflow in parsing MNOTE entry data of the input file (bsc#1055857) - CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-136=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-136=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-136=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-136=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-136=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-136=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-136=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.21-8.3.1 libexif-devel-0.6.21-8.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.21-8.3.1 libexif-devel-0.6.21-8.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libexif-debugsource-0.6.21-8.3.1 libexif12-0.6.21-8.3.1 libexif12-debuginfo-0.6.21-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.21-8.3.1 libexif12-0.6.21-8.3.1 libexif12-debuginfo-0.6.21-8.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libexif12-32bit-0.6.21-8.3.1 libexif12-debuginfo-32bit-0.6.21-8.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.21-8.3.1 libexif12-0.6.21-8.3.1 libexif12-debuginfo-0.6.21-8.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libexif12-32bit-0.6.21-8.3.1 libexif12-debuginfo-32bit-0.6.21-8.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libexif-debugsource-0.6.21-8.3.1 libexif12-0.6.21-8.3.1 libexif12-32bit-0.6.21-8.3.1 libexif12-debuginfo-0.6.21-8.3.1 libexif12-debuginfo-32bit-0.6.21-8.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libexif-debugsource-0.6.21-8.3.1 libexif12-0.6.21-8.3.1 libexif12-32bit-0.6.21-8.3.1 libexif12-debuginfo-0.6.21-8.3.1 libexif12-debuginfo-32bit-0.6.21-8.3.1 References: https://www.suse.com/security/cve/CVE-2016-6328.html https://www.suse.com/security/cve/CVE-2017-7544.html https://bugzilla.suse.com/1055857 https://bugzilla.suse.com/1059893 From sle-security-updates at lists.suse.com Wed Jan 24 10:10:49 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Jan 2018 18:10:49 +0100 (CET) Subject: SUSE-SU-2018:0195-1: moderate: Security update for libexif Message-ID: <20180124171049.CDDB5FD29@maintenance.suse.de> SUSE Security Update: Security update for libexif ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0195-1 Rating: moderate References: #1059893 Cross-References: CVE-2017-7544 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libexif fixes the following security issue: - CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libexif-13434=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libexif-13434=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libexif-13434=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libexif-devel-0.6.17-2.14.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libexif-0.6.17-2.14.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libexif-32bit-0.6.17-2.14.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libexif-x86-0.6.17-2.14.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libexif-debuginfo-0.6.17-2.14.3.1 libexif-debugsource-0.6.17-2.14.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libexif-debuginfo-32bit-0.6.17-2.14.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libexif-debuginfo-x86-0.6.17-2.14.3.1 References: https://www.suse.com/security/cve/CVE-2017-7544.html https://bugzilla.suse.com/1059893 From sle-security-updates at lists.suse.com Wed Jan 24 13:11:25 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Jan 2018 21:11:25 +0100 (CET) Subject: SUSE-SU-2018:0197-1: moderate: Security update for GraphicsMagick Message-ID: <20180124201125.6DAB7FD29@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0197-1 Rating: moderate References: #1047044 #1047054 #1048457 #1049373 #1050129 #1051412 #1051847 #1052252 #1052460 #1052758 #1052764 #1052771 #1055063 #1056550 #1057723 #1058082 #1058422 #1060577 #1061587 #1063050 #1067177 #1074969 #1074975 Cross-References: CVE-2017-10799 CVE-2017-10800 CVE-2017-11188 CVE-2017-11449 CVE-2017-11532 CVE-2017-12140 CVE-2017-12430 CVE-2017-12563 CVE-2017-12642 CVE-2017-12644 CVE-2017-12662 CVE-2017-12691 CVE-2017-13061 CVE-2017-14042 CVE-2017-14174 CVE-2017-14249 CVE-2017-14343 CVE-2017-14733 CVE-2017-14994 CVE-2017-15277 CVE-2017-16547 CVE-2017-18022 CVE-2018-5247 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available. Description: This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2017-14343: Fixed a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file (bsc#1058422) - CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allowed remote attackers to cause a denial of service (memory consumption) via a crafted file (bsc#1058422) - CVE-2017-14042: Prevent memory allocation failure in the ReadPNMImage function in coders/pnm.c. The vulnerability caused a big memory allocation, which may have lead to remote denial of service in the MagickRealloc function in magick/memory.c (bsc#1056550) - CVE-2017-13061: A length-validation vulnerability in the function ReadPSDLayersInternal in coders/psd.c allowed attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file (bsc#1055063) - CVE-2017-12563: A memory exhaustion vulnerability in the function ReadPSDImage in coders/psd.c allowed attackers to cause a denial of service (bsc#1052460) - CVE-2017-14174: coders/psd.c allowed for DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but did not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1057723) - CVE-2017-15277: ReadGIFImage in coders/gif.c left the palette uninitialized when processing a GIF file that has neither a global nor local palette. If this functionality was used as a library loaded into a process that operates on interesting data, this data sometimes could have been leaked via the uninitialized palette (bsc#1063050) - CVE-2017-14733: ReadRLEImage in coders/rle.c mishandled RLE headers that specified too few colors, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file (bsc#1060577). - CVE-2017-12662: Fixed a memory leak vulnerability in WritePDFImage in coders/pdf.c (bsc#1052758). - CVE-2017-14994: ReadDCMImage in coders/dcm.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames (bsc#1061587). - CVE-2017-12140: The ReadDCMImage function in coders\dcm.c had an integer signedness error leading to excessive memory consumption via a crafted DCM file (bsc#1051847). - CVE-2017-12644: Fixed memory leak vulnerability in ReadDCMImage in coders\dcm.c (bsc#1052764). - CVE-2017-11188: The ReadDPXImage function in coders\dpx.c had a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check (bsc#1048457). - CVE-2017-10799: When processing a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) could have occurred in ReadDPXImage() (bsc#1047054). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373). - CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage() function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129). - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252). - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771). - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082). - CVE-2017-16547: The DrawImage function in magick/render.c did not properly look for pop keywords that are associated with push keywords, which allowed remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file (bsc#1067177). - Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412) - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044). - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975). - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13435=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13435=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13435=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.78.28.2 libGraphicsMagick2-1.2.5-4.78.28.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.78.28.2 libGraphicsMagick2-1.2.5-4.78.28.2 perl-GraphicsMagick-1.2.5-4.78.28.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.78.28.2 GraphicsMagick-debugsource-1.2.5-4.78.28.2 References: https://www.suse.com/security/cve/CVE-2017-10799.html https://www.suse.com/security/cve/CVE-2017-10800.html https://www.suse.com/security/cve/CVE-2017-11188.html https://www.suse.com/security/cve/CVE-2017-11449.html https://www.suse.com/security/cve/CVE-2017-11532.html https://www.suse.com/security/cve/CVE-2017-12140.html https://www.suse.com/security/cve/CVE-2017-12430.html https://www.suse.com/security/cve/CVE-2017-12563.html https://www.suse.com/security/cve/CVE-2017-12642.html https://www.suse.com/security/cve/CVE-2017-12644.html https://www.suse.com/security/cve/CVE-2017-12662.html https://www.suse.com/security/cve/CVE-2017-12691.html https://www.suse.com/security/cve/CVE-2017-13061.html https://www.suse.com/security/cve/CVE-2017-14042.html https://www.suse.com/security/cve/CVE-2017-14174.html https://www.suse.com/security/cve/CVE-2017-14249.html https://www.suse.com/security/cve/CVE-2017-14343.html https://www.suse.com/security/cve/CVE-2017-14733.html https://www.suse.com/security/cve/CVE-2017-14994.html https://www.suse.com/security/cve/CVE-2017-15277.html https://www.suse.com/security/cve/CVE-2017-16547.html https://www.suse.com/security/cve/CVE-2017-18022.html https://www.suse.com/security/cve/CVE-2018-5247.html https://bugzilla.suse.com/1047044 https://bugzilla.suse.com/1047054 https://bugzilla.suse.com/1048457 https://bugzilla.suse.com/1049373 https://bugzilla.suse.com/1050129 https://bugzilla.suse.com/1051412 https://bugzilla.suse.com/1051847 https://bugzilla.suse.com/1052252 https://bugzilla.suse.com/1052460 https://bugzilla.suse.com/1052758 https://bugzilla.suse.com/1052764 https://bugzilla.suse.com/1052771 https://bugzilla.suse.com/1055063 https://bugzilla.suse.com/1056550 https://bugzilla.suse.com/1057723 https://bugzilla.suse.com/1058082 https://bugzilla.suse.com/1058422 https://bugzilla.suse.com/1060577 https://bugzilla.suse.com/1061587 https://bugzilla.suse.com/1063050 https://bugzilla.suse.com/1067177 https://bugzilla.suse.com/1074969 https://bugzilla.suse.com/1074975 From sle-security-updates at lists.suse.com Wed Jan 24 13:15:57 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Jan 2018 21:15:57 +0100 (CET) Subject: SUSE-SU-2018:0200-1: moderate: Security update for libevent Message-ID: <20180124201557.4FCE0FD29@maintenance.suse.de> SUSE Security Update: Security update for libevent ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0200-1 Rating: moderate References: #1022917 #1022918 #1022919 Cross-References: CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libevent fixes the following security issues: - CVE-2016-10195: DNS remote stack overread vulnerability (bsc#1022917) - CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port() (bsc#1022918) - CVE-2016-10197: out-of-bounds read in search_make_new() (bsc#1022919) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-143=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2018-143=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-143=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-143=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-143=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-143=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-143=1 - SUSE CaaS Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2018-143=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libevent-debugsource-2.0.21-6.3.1 libevent-devel-2.0.21-6.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libevent-debugsource-2.0.21-6.3.1 libevent-devel-2.0.21-6.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libevent-2_0-5-2.0.21-6.3.1 libevent-2_0-5-debuginfo-2.0.21-6.3.1 libevent-debugsource-2.0.21-6.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libevent-2_0-5-2.0.21-6.3.1 libevent-2_0-5-debuginfo-2.0.21-6.3.1 libevent-debugsource-2.0.21-6.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libevent-2_0-5-2.0.21-6.3.1 libevent-2_0-5-debuginfo-2.0.21-6.3.1 libevent-debugsource-2.0.21-6.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libevent-2_0-5-2.0.21-6.3.1 libevent-2_0-5-debuginfo-2.0.21-6.3.1 libevent-debugsource-2.0.21-6.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libevent-2_0-5-2.0.21-6.3.1 libevent-2_0-5-debuginfo-2.0.21-6.3.1 libevent-debugsource-2.0.21-6.3.1 - SUSE CaaS Platform ALL (x86_64): libevent-2_0-5-2.0.21-6.3.1 libevent-2_0-5-debuginfo-2.0.21-6.3.1 libevent-debugsource-2.0.21-6.3.1 References: https://www.suse.com/security/cve/CVE-2016-10195.html https://www.suse.com/security/cve/CVE-2016-10196.html https://www.suse.com/security/cve/CVE-2016-10197.html https://bugzilla.suse.com/1022917 https://bugzilla.suse.com/1022918 https://bugzilla.suse.com/1022919 From sle-security-updates at lists.suse.com Thu Jan 25 07:08:06 2018 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Jan 2018 15:08:06 +0100 (CET) Subject: SUSE-SU-2018:0213-1: important: Security update for the Linux Kernel Message-ID: <20180125140806.EC4B8FD29@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0213-1 Rating: important References: #1010201 #1012382 #1012829 #1012917 #1021424 #1022476 #1022595 #1024412 #1027301 #1031717 #1039616 #1046107 #1047487 #1050060 #1050231 #1056003 #1056365 #1056427 #1056979 #1057199 #1060333 #1060682 #1061756 #1062941 #1063026 #1063043 #1063516 #1064311 #1064926 #1065180 #1065600 #1065639 #1065692 #1065717 #1065866 #1066045 #1066192 #1066213 #1066223 #1066285 #1066382 #1066470 #1066471 #1066472 #1066573 #1066606 #1066629 #1067105 #1067132 #1067494 #1067888 #1068032 #1068671 #1068951 #1068978 #1068980 #1068982 #1069270 #1069496 #1069702 #1069793 #1069942 #1069996 #1070006 #1070145 #1070535 #1070767 #1070771 #1070805 #1070825 #1070964 #1071009 #1071231 #1071693 #1071694 #1071695 #1071833 #1072556 #1072962 #1073090 #1073792 #1073809 #1073874 #1073912 #1074392 #1074709 #963575 #964063 #964944 #966170 #966172 #969470 #979928 #989261 Cross-References: CVE-2017-1000405 CVE-2017-1000410 CVE-2017-11600 CVE-2017-12193 CVE-2017-15115 CVE-2017-16528 CVE-2017-16536 CVE-2017-16537 CVE-2017-16645 CVE-2017-16646 CVE-2017-16939 CVE-2017-16994 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7482 CVE-2017-8824 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP2 ______________________________________________________________________________ An update that solves 22 vulnerabilities and has 72 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 Realtime kernel was updated to 4.4.104 to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. This is done with help of Linux Kernel fixes on the Intel/AMD x86_64 architectures. On x86_64, this requires also updates of the CPU microcode packages, delivered in seperate updates. As this feature can have a performance impact, it can be disabled using the "nospec" kernel commandline option. - CVE-2017-5754: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation" and "PTI" / "Page Table Isolation". The following security bugs were fixed: - CVE-2017-1000405: The Linux Kernel versions had a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it did allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp (bnc#1069496). - CVE-2017-1000410: The Linux kernel was affected by a vulnerability that lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. (bnc#1070535). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-12193: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel mishandled node splitting, which allowed local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations (bnc#1066192). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-16528: sound/core/seq_device.c in the Linux kernel allowed local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066629). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16645: The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067132). - CVE-2017-16646: drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel allowed local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067105). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2017-16994: The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel mishandled holes in hugetlb ranges, which allowed local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call (bnc#1069996). - CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in the Linux kernel did not require the CAP_NET_ADMIN capability for new, get, and del operations, which allowed local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces (bnc#1071693). - CVE-2017-17449: The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel did not restrict observations of Netlink messages to a single net namespace, which allowed local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system (bnc#1071694). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-7482: Fixed an overflow when decoding a krb5 principal. (bnc#1046107). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). The following non-security bugs were fixed: - Add undefine _unique_build_ids (bsc#964063) - adm80211: return an error if adm8211_alloc_rings() fails (bsc#1031717). - adv7604: Initialize drive strength to default when using DT (bnc#1012382). - af_netlink: ensure that NLMSG_DONE never fails in dumps (bnc#1012382). - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717). - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717). - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717). - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717). - alsa: hda: Add Raven PCI ID (bnc#1012382). - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717). - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717). - alsa: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE (bnc#1012382). - alsa: hda/ca0132 - Fix memory leak at error path (bsc#1031717). - alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717). - alsa: hda: Drop useless WARN_ON() (bsc#1031717). - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717). - alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc236 (bnc#1012382). - alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717). - alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717). - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717). - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717). - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717). - alsa: hda - No loopback on ALC299 codec (git-fixes). - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717). - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717). - alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717). - alsa: hda/realtek: Add headset mic support for Intel NUC Skull Canyon (bsc#1031717). - alsa: hda/realtek - Add new codec ID ALC299 (bnc#1012382). - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717). - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717). - alsa: hda/realtek - Add support for ALC236/ALC3204 (bnc#1012382). - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717). - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717). - alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717). - alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717). - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717). - alsa: hda/realtek - Fix ALC700 family no sound issue (bsc#1031717). - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717). - alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717). - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717). - alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717). - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717). - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717). - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717). - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717). - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717). - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717). - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717). - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717). - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717). - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717). - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717). - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717). - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717). - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717). - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717). - alsa: pcm: update tstamp only if audio_tstamp changed (bsc#1031717). - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717). - alsa: seq: Avoid invalid lockdep class warning (bsc#1031717). - alsa: seq: Fix nested rwsem annotation for lockdep splat (bnc#1012382). - alsa: seq: Fix OSS sysex delivery in OSS emulation (bnc#1012382). - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717). - alsa: timer: Add missing mutex lock for compat ioctls (bnc#1012382). - alsa: timer: Remove kernel warning at compat ioctl error paths (bsc#1031717). - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717). - alsa: usb-audio: Add sanity checks in v2 clock parsers (bsc#1031717). - alsa: usb-audio: Add sanity checks to FE parser (bsc#1031717). - alsa: usb-audio: Fix out-of-bound error (bsc#1031717). - alsa: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1031717). - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717). - alsa: usb-audio: uac1: Invalidate ctl on interrupt (bsc#1031717). - alsa: vx: Do not try to update capture stream before running (bnc#1012382). - alsa: vx: Fix possible transfer overflow (bnc#1012382). - Always sign validate_negotiate_info reqs (bsc#1071009, fate#324404). - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556). - Apply generic ppc build fixes to vanilla (bsc#1070805) - arm64: dts: NS2: reserve memory for Nitro firmware (bnc#1012382). - arm64: ensure __dump_instr() checks addr_limit (bnc#1012382). - arm64: fix dump_instr when PAN and UAO are in use (bnc#1012382). - arm: 8715/1: add a private asm/unaligned.h (bnc#1012382). - arm: 8720/1: ensure dump_instr() checks addr_limit (bnc#1012382). - arm: 8721/1: mm: dump: check hardware RO bit for LPAE (bnc#1012382). - arm: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE (bnc#1012382). - arm: crypto: reduce priority of bit-sliced AES cipher (bnc#1012382). - arm: dts: Fix am335x and dm814x scm syscon to probe children (bnc#1012382). - arm: dts: Fix compatible for ti81xx uarts for 8250 (bnc#1012382). - arm: dts: Fix omap3 off mode pull defines (bnc#1012382). - arm: dts: mvebu: pl310-cache disable double-linefill (bnc#1012382). - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382). - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032). - arm: OMAP2+: Fix init for multiple quirks for the same SoC (bnc#1012382). - arm: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 (bnc#1012382). - arm: pxa: Do not rely on public mmc header to include leds.h (bnc#1012382). - asm/sections: add helpers to check for section data (bsc#1063026). - asoc: adau17x1: Workaround for noise bug in ADC (bnc#1012382). - asoc: cs42l56: Fix reset GPIO name in example DT binding (bsc#1031717). - asoc: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' (bsc#1031717). - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717). - asoc: rsnd: do not double free kctrl (bnc#1012382). - asoc: samsung: Fix possible double iounmap on s3c24xx driver probe failure (bsc#1031717). - asoc: twl4030: fix child-node lookup (bsc#1031717). - asoc: wm_adsp: Do not overrun firmware file buffer when reading region data (bnc#1012382). - asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717). - ata: ATA_BMDMA should depend on HAS_DMA (bnc#1012382). - ata: fixes kernel crash while tracing ata_eh_link_autopsy event (bnc#1012382). - ata: SATA_HIGHBANK should depend on HAS_DMA (bnc#1012382). - ata: SATA_MV should depend on HAS_DMA (bnc#1012382). - ath10k: convert warning about non-existent OTP board id to debug message (git-fixes). - ath10k: fix a warning during channel switch with multiple vaps (bsc#1031717). - ath10k: fix board data fetch error message (bsc#1031717). - ath10k: fix diag_read to collect data for larger memory (bsc#1031717). - ath10k: fix incorrect txpower set by P2P_DEVICE interface (bnc#1012382). - ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() (bnc#1012382). - ath10k: free cached fw bin contents when get board id fails (bsc#1031717). - ath10k: ignore configuring the incorrect board_id (bnc#1012382). - ath10k: set CTS protection VDEV param only if VDEV is up (bnc#1012382). - ath9k_htc: check for underflow in ath9k_htc_rx_msg() (bsc#1031717). - ath9k: off by one in ath9k_hw_nvram_read_array() (bsc#1031717). - autofs: do not fail mount for transient error (bsc#1065180). - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180). - backlight: adp5520: Fix error handling in adp5520_bl_probe() (bnc#1012382). - backlight: lcd: Fix race condition during register (bnc#1012382). - bcache: check ca->alloc_thread initialized before wake up it (bnc#1012382). - bcache: Fix building error on MIPS (bnc#1012382). - blacklist.conf: Add ath10k, mmc and rtl8192u commits (bsc#1031717) - blacklist.conf: Add drm/i915 blacklist (bsc#1031717) - blacklist.conf: added misc commits (bsc#1031717) - blacklist.conf: Add misc entries (bsc#1031717) - blacklist.conf: blacklist not-applicable patch (bsc#1071231) - blacklist.conf: Update blacklist (bsc#1031717) - blacklist.conf: Update iwlwifi blacklist (bsc#1031717) - blacklist.conf: yet another serial entry (bsc#1031717) - block: Fix a race between blk_cleanup_queue() and timeout handling (FATE#319965, bsc#964944). - Bluetooth: btusb: fix QCA Rome suspend/resume (bnc#1012382). - bnxt_en: Call firmware to approve the random VF MAC address (bsc#963575 FATE#320144). - bnxt_en: Do not setup MAC address in bnxt_hwrm_func_qcaps() (bsc#963575 FATE#320144). - bnxt_en: Fix possible corrupted NVRAM parameters from firmware response (bsc#963575 FATE#320144). - bnxt_en: Fix VF PCIe link speed and width logic (bsc#963575 FATE#320144). - bnxt_en: Re-arrange bnxt_hwrm_func_qcaps() (bsc#963575 FATE#320144). - bnxt_en: use eth_hw_addr_random() (bsc#963575 FATE#320144). - bonding: discard lowest hash bit for 802.3ad layer3+4 (bnc#1012382). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - brcmfmac: remove setting IBSS mode when stopping AP (bnc#1012382). - bt8xx: fix memory leak (bnc#1012382). - btrfs: clear space cache inode generation always (bnc#1012382). - btrfs: Fix typo in may_commit_transaction Rather than comparing the result of the percpu comparison I was comparing the value of the percpu counter against 0 or 1. - btrfs: return the actual error value from from btrfs_uuid_tree_iterate (bnc#1012382). - can: c_can: do not indicate triple sampling support for D_CAN (bnc#1012382). - can: kvaser_usb: Correct return value in printout (bnc#1012382). - can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages (bnc#1012382). - can: sun4i: fix loopback mode (bnc#1012382). - can: sun4i: handle overrun in RX FIFO (bnc#1012382). - carl9170: prevent speculative execution (bnc#1068032). - cdc_ncm: Set NTB format again after altsetting switch for Huawei devices (bnc#1012382). - ceph: unlock dangling spinlock in try_flush_caps() (bsc#1065639). - cgroup, net_cls: iterate the fds of only the tasks which are being migrated (bnc#1064926). - Check cmdline_find_option() retval properly and use boot_cpu_has(). - cifs: add build_path_from_dentry_optional_prefix() (fate#323482) - cifs: Add capability to decrypt big read responses (FATE#324404). Allow to decrypt transformed packets that are bigger than the big buffer size. In particular it is used for read responses that can only exceed the big buffer size. - cifs: Add capability to transform requests before sending (FATE#324404). This will allow us to do protocol specific tranformations of packets before sending to the server. For SMB3 it can be used to support encryption. - cifs: Add copy into pages callback for a read operation (FATE#324404). Since we have two different types of reads (pagecache and direct) we need to process such responses differently after decryption of a packet. The change allows to specify a callback that copies a read payload data into preallocated pages. - cifs: Add mid handle callback (FATE#324404). We need to process read responses differently because the data should go directly into preallocated pages. This can be done by specifying a mid handle callback. - cifs: Add soft dependencies (FATE#324404). List soft dependencies of cifs so that mkinitrd and dracut can include the required helper modules. - cifs: Add transform header handling callbacks (FATE#324404). We need to recognize and parse transformed packets in demultiplex thread to find a corresponsing mid and process it further. - cifs: add use_ipc flag to SMB2_ioctl() (fate#323482) - cifs: Allow to switch on encryption with seal mount option (FATE#324404). This allows users to inforce encryption for SMB3 shares if a server supports it. - cifs: check MaxPathNameComponentLength != 0 before using it (bnc#1012382). - cifs: Decrypt and process small encrypted packets (FATE#324404). Allow to decrypt transformed packets, find a corresponding mid and process as usual further. - cifs: do not bother with kmap on read_pages side (FATE#324404). just do ITER_BVEC recvmsg - cifs: Enable encryption during session setup phase (FATE#324404). In order to allow encryption on SMB connection we need to exchange a session key and generate encryption and decryption keys. - cifs: Encrypt SMB3 requests before sending (FATE#324404). This change allows to encrypt packets if it is required by a server for SMB sessions or tree connections. - cifs: Fix some return values in case of error in 'crypt_message' (fate#324404). - cifs: Fix sparse warnings (fate#323482) - cifs: implement get_dfs_refer for SMB2+ (fate#323482) - cifs: let ses->ipc_tid hold smb2 TreeIds (fate#323482) - cifs: Make send_cancel take rqst as argument (FATE#324404). - cifs: Make SendReceive2() takes resp iov (FATE#324404). Now SendReceive2 frees the first iov and returns a response buffer in it that increases a code complexity. Simplify this by making a caller responsible for freeing request buffer itself and returning a response buffer in a separate iov. - cifs: move DFS response parsing out of SMB1 code (fate#323482) - cifs: no need to wank with copying and advancing iovec on recvmsg side either (FATE#324404). - cifs: Only select the required crypto modules (FATE#324404). The sha256 and cmac crypto modules are only needed for SMB2+, so move the select statements to config CIFS_SMB2. Also select CRYPTO_AES there as SMB2+ needs it. - cifs: Prepare for encryption support (first part). Add decryption and encryption key generation. (FATE#324404). - cifs_readv_receive: use cifs_read_from_socket() (FATE#324404). - cifs: remove any preceding delimiter from prefix_path (fate#323482) - cifs: Send RFC1001 length in a separate iov (FATE#324404). In order to simplify further encryption support we need to separate RFC1001 length and SMB2 header when sending a request. Put the length field in iov[0] and the rest of the packet into following iovs. - cifs: Separate RFC1001 length processing for SMB2 read (FATE#324404). Allocate and initialize SMB2 read request without RFC1001 length field to directly call cifs_send_recv() rather than SendReceive2() in a read codepath. - cifs: Separate SMB2 header structure (FATE#324404). In order to support compounding and encryption we need to separate RFC1001 length field and SMB2 header structure because the protocol treats them differently. This change will allow to simplify parsing of such complex SMB2 packets further. - cifs: Separate SMB2 sync header processing (FATE#324404). Do not process RFC1001 length in smb2_hdr_assemble() because it is not a part of SMB2 header. This allows to cleanup the code and adds a possibility combine several SMB2 packets into one for compounding. - cifs: set signing flag in SMB2+ TreeConnect if needed (fate#323482) - cifs: Simplify SMB2 and SMB311 dependencies (FATE#324404). * CIFS_SMB2 depends on CIFS, which depends on INET and selects NLS. So these dependencies do not need to be repeated for CIFS_SMB2. * CIFS_SMB311 depends on CIFS_SMB2, which depends on INET. So this dependency does not need to be repeated for CIFS_SMB311. - cifs: use DFS pathnames in SMB2+ Create requests (fate#323482) - clk: ti: dra7-atl-clock: fix child-node lookups (bnc#1012382). - clk: ti: dra7-atl-clock: Fix of_node reference counting (bnc#1012382). - cma: fix calculation of aligned offset (VM Functionality, bsc#1050060). - coda: fix 'kernel memory exposure attempt' in fsync (bnc#1012382). - crypto: vmx - disable preemption to enable vsx in aes_ctr.c (bnc#1012382). - crypto: x86/sha1-mb - fix panic due to unaligned access (bnc#1012382). - cw1200: prevent speculative execution (bnc#1068032). - cx231xx: Fix I2C on Internal Master 3 Bus (bnc#1012382). - cxgb4: Fix error codes in c4iw_create_cq() (bsc#1021424). - cxl: Fix DAR check & use REGION_ID instead of opencoding (bsc#1066223). - cxl: Fix leaking pid refs in some error paths (bsc#1066223). - cxl: Force context lock during EEH flow (bsc#1066223). - cxl: Prevent adapter reset if an active context exists (bsc#1066223). - cxl: Route eeh events to all drivers in cxl_pci_error_detected() (bsc#1066223). - Disable IPMI fix patches due to regression (bsc#1071833) - dmaengine: dmatest: warn user when dma test times out (bnc#1012382). - dmaengine: zx: set DMA_CYCLIC cap_mask bit (bnc#1012382). - dm bufio: fix integer overflow when limiting maximum cache size (bnc#1012382). - dm: fix race between dm_get_from_kobject() and __dm_destroy() (bnc#1012382). - drivers: dma-mapping: Do not leave an invalid area->pages pointer in dma_common_contiguous_remap() (Git-fixes, bsc#1065692). - drm/amdgpu: when dpm disabled, also need to stop/start vce (bnc#1012382). - drm/amdkfd: NULL dereference involving create_process() (bsc#1031717). - drm: Apply range restriction after color adjustment when allocation (bnc#1012382). - drm/armada: Fix compile fail (bnc#1012382). - drm: drm_minor_register(): Clean up debugfs on failure (bnc#1012382). - drm: gma500: fix logic error (bsc#1031717). - drm/i915/bxt: set min brightness from VBT (bsc#1031717). - drm/i915: Do not try indexed reads to alternate slave addresses (bsc#1031717). - drm/i915: fix backlight invert for non-zero minimum brightness (bsc#1031717). - drm/i915: Prevent zero length "index" write (bsc#1031717). - drm/i915: Read timings from the correct transcoder in intel_crtc_mode_get() (bsc#1031717). - drm/msm: fix an integer overflow test (bnc#1012382). - drm/msm: Fix potential buffer overflow issue (bnc#1012382). - drm/nouveau/gr: fallback to legacy paths during firmware lookup (bsc#1031717). - drm/omap: Fix error handling path in 'omap_dmm_probe()' (bsc#1031717). - drm/panel: simple: Add missing panel_simple_unprepare() calls (bsc#1031717). - drm/radeon: fix atombios on big endian (bnc#1012382). - drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache (bnc#1012382). - drm/vc4: Fix leak of HDMI EDID (bsc#1031717). - drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue (bnc#1012382). - e1000e: Avoid receiver overrun interrupt bursts (bsc#969470 FATE#319819). - e1000e: Fix e1000_check_for_copper_link_ich8lan return value (bsc#1073809). - e1000e: Fix error path in link detection (bnc#1012382). - e1000e: Fix return value test (bnc#1012382). - e1000e: Separate signaling for link check/link up (bnc#1012382). - ecryptfs: fix dereference of NULL user_key_payload (bnc#1012382). - eCryptfs: use after free in ecryptfs_release_messaging() (bsc#1012829). - eeprom: at24: check at24_read/write arguments (bnc#1012382). - epoll: avoid calling ep_call_nested() from ep_poll_safewake() (bsc#1056427). - epoll: remove ep_call_nested() from ep_eventpoll_poll() (bsc#1056427). - ext4: cleanup goto next group (bsc#1066285). - ext4: do not use stripe_width if it is not set (bnc#1012382). - ext4: fix interaction between i_size, fallocate, and delalloc after a crash (bnc#1012382). - ext4: fix stripe-unaligned allocations (bnc#1012382). - ext4: reduce lock contention in __ext4_new_inode (bsc#1066285). - extcon: palmas: Check the parent instance to prevent the NULL (bnc#1012382). - exynos4-is: fimc-is: Unmap region obtained by of_iomap() (bnc#1012382). - fealnx: Fix building error on MIPS (bnc#1012382). - fix a page leak in vhost_scsi_iov_to_sgl() error recovery (bnc#1012382). - Fix leak of validate_negotiate_info resp (bsc#1071009, fate#324404). - Fix NULL pointer deref in SMB2_tcon() (bsc#1071009, fate#324404). - Fix serial console on SNI RM400 machines (bsc#1031717). - Fix tracing sample code warning (bnc#1012382). - Fix validate_negotiate_info uninitialized mem (bsc#1071009, fate#324404). - fm10k: request reset when mbx->state changes (bnc#1012382). - fm10k: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - fs/9p: Compare qid.path in v9fs_test_inode (bsc#1012829). - fscrypt: lock mutex before checking for bounce page pool (bnc#1012382). - fs: prevent speculative execution (bnc#1068032). - fuse: fix READDIRPLUS skipping an entry (bnc#1012382). - genwqe: Take R/W permissions into account when dealing with memory pages (bsc#1073090). - gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap (bnc#1012382). - hid: elo: clear BTN_LEFT mapping (bsc#1065866). - hsi: ssi_protocol: double free in ssip_pn_xmit() (bsc#1031717). - i2c: cadance: fix ctrl/addr reg write order (bsc#1031717). - i2c: imx: Use correct function to write to register (bsc#1031717). - i2c: riic: correctly finish transfers (bnc#1012382). - i2c: riic: fix restart condition (git-fixes). - i40e: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - i40evf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - ib/core: Fix calculation of maximum RoCE MTU (bsc#1022595 FATE#322350). - ib/core: Namespace is mandatory input for address resolution (bsc#1022595 FATE#322350). - ib/ipoib: Change list_del to list_del_init in the tx object (bnc#1012382). - ib/ipoib: Clean error paths in add port (bsc#1022595 FATE#322350). - ib/ipoib: Prevent setting negative values to max_nonsrq_conn_qp (bsc#1022595 FATE#322350). - ib/ipoib: Remove double pointer assigning (bsc#1022595 FATE#322350). - ib/ipoib: Set IPOIB_NEIGH_TBL_FLUSH after flushed completion initialization (bsc#1022595 FATE#322350). - ib/mlx5: Fix RoCE Address Path fields (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: Add netdev_dbg output for debugging (fate#323285). - ibmvnic: Add vnic client data to login buffer (bsc#1069942). - ibmvnic: Convert vnic server reported statistics to cpu endian (fate#323285). - ibmvnic: Enable scatter-gather support (bsc#1066382). - ibmvnic: Enable TSO support (bsc#1066382). - ibmvnic: Feature implementation of Vital Product Data (VPD) for the ibmvnic driver (bsc#1069942). - ibmvnic: Fix calculation of number of TX header descriptors (bsc#1066382). - ibmvnic: fix dma_mapping_error call (bsc#1069942). - ibmvnic: Fix failover error path for non-fatal resets (bsc#1066382). - ibmvnic: Implement .get_channels (fate#323285). - ibmvnic: Implement .get_ringparam (fate#323285). - ibmvnic: Implement per-queue statistics reporting (fate#323285). - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912). - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912). - ibmvnic: Let users change net device features (bsc#1066382). - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (bsc#1073912). - ibmvnic: Update reset infrastructure to support tunable parameters (bsc#1066382). - ib/srp: Avoid that a cable pull can trigger a kernel crash (bsc#1022595 FATE#322350). - ib/srpt: Do not accept invalid initiator port names (bnc#1012382). - ib/uverbs: Fix device cleanup (bsc#1022595 FATE#322350). - ib/uverbs: Fix NULL pointer dereference during device removal (bsc#1022595 FATE#322350). - igb: close/suspend race in netif_device_detach (bnc#1012382). - igb: Fix hw_dbg logging in igb_update_flash_i210 (bnc#1012382). - igb: reset the PHY before reading the PHY ID (bnc#1012382). - igb: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - igbvf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - iio: dummy: events: Add missing break (bsc#1031717). - iio: light: fix improper return value (bnc#1012382). - iio: trigger: free trigger resource correctly (bnc#1012382). - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS (bnc#1012382). - input: ar1021_i2c - fix too long name in driver's device table (bsc#1031717). - input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree (bsc#1031717). - input: elan_i2c - add ELAN060C to the ACPI table (bnc#1012382). - input: elan_i2c - add ELAN0611 to the ACPI table (bnc#1012382). - input: gtco - fix potential out-of-bound access (bnc#1012382). - input: mpr121 - handle multiple bits change of status register (bnc#1012382). - input: mpr121 - set missing event capability (bnc#1012382). - input: ti_am335x_tsc - fix incorrect step config for 5 wire touchscreen (bsc#1031717). - input: twl4030-pwrbutton - use correct device for irq request (bsc#1031717). - input: ucb1400_ts - fix suspend and resume handling (bsc#1031717). - input: uinput - avoid crash when sending FF request to device going away (bsc#1031717). - iommu/arm-smmu-v3: Clear prior settings when updating STEs (bnc#1012382). - iommu/vt-d: Do not register bus-notifier under dmar_global_lock (bsc#1069793). - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err (bnc#1012382). - ipip: only increase err_count for some certain type icmp in ipip_err (bnc#1012382). - ipmi: fix unsigned long underflow (bnc#1012382). - ipmi: Pick up slave address from SMBIOS on an ACPI device (bsc#1070006). - ipmi: Prefer ACPI system interfaces over SMBIOS ones (bsc#1070006). - ipmi_si: Clean up printks (bsc#1070006). - ipmi_si: fix memory leak on new_smi (bsc#1070006). - ipsec: do not ignore crypto err in ah4 input (bnc#1012382). - ipv6: flowlabel: do not leave opt->tot_len with garbage (bnc#1012382). - ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER (bnc#1012382). - ipv6: prevent speculative execution (bnc#1068032). - ipvs: make drop_entry protection effective for SIP-pe (bsc#1056365). - isa: Prevent NULL dereference in isa_bus driver callbacks (bsc#1031717). - iscsi-target: Fix non-immediate TMR reference leak (bnc#1012382). - isofs: fix timestamps beyond 2027 (bnc#1012382). - iwlwifi: mvm: fix the coex firmware API (bsc#1031717). - iwlwifi: mvm: return -ENODATA when reading the temperature with the FW down (bsc#1031717). - iwlwifi: mvm: set the RTS_MIMO_PROT bit in flag mask when sending sta to fw (bsc#1031717). - iwlwifi: split the regulatory rules when the bandwidth flags require it (bsc#1031717). - ixgbe: add mask for 64 RSS queues (bnc#1012382). - ixgbe: do not disable FEC from the driver (bnc#1012382). - ixgbe: fix AER error handling (bnc#1012382). - ixgbe: Fix skb list corruption on Power systems (bnc#1012382). - ixgbe: handle close/suspend race with netif_device_detach/present (bnc#1012382). - ixgbe: Reduce I2C retry count on X550 devices (bnc#1012382). - ixgbevf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - kabi fix for new hash_cred function (bsc#1012917). - kABI: protect struct regulator_dev (kabi). - kABI: protect structs rt_rq+root_domain (kabi). - kABI: protect typedef rds_rdma_cookie_t (kabi). - kaiser: add "nokaiser" boot option, using ALTERNATIVE. - kaiser: align addition to x86/mm/Makefile. - kaiser: asm/tlbflush.h handle noPGE at lower level. - kaiser: cleanups while trying for gold link. - kaiser: Disable on Xen PV. - kaiser: do not set _PAGE_NX on pgd_none. - kaiser: drop is_atomic arg to kaiser_pagetable_walk(). - kaiser: enhanced by kernel and user PCIDs. - kaiser: ENOMEM if kaiser_pagetable_walk() NULL. - kaiser: fix build and FIXME in alloc_ldt_struct(). - kaiser: fix perf crashes. - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER. - kaiser: fix unlikely error in alloc_ldt_struct(). - kaiser: KAISER depends on SMP. - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID. - kaiser: kaiser_remove_mapping() move along the pgd. - kaiser: Kernel Address Isolation. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user. - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET. - kaiser: paranoid_entry pass cr3 need to paranoid_exit. - kaiser: PCID 0 for kernel and 128 for user. - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls. - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE. - kaiser: tidied up asm/kaiser.h somewhat. - kaiser: tidied up kaiser_add/remove_mapping slightly. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: vmstat show NR_KAISERTABLE as nr_overhead. - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user. - kernel-docs: unpack the source instead of using kernel-source (bsc#1057199). - kernel/sysctl.c: remove duplicate UINT_MAX check on do_proc_douintvec_conv() (bsc#1066470). - kernel/watchdog: Prevent false positives with turbo modes (bnc#1063516). - keys: do not revoke uninstantiated key in request_key_auth_new() (bsc#1031717). - keys: fix cred refcount leak in request_key_auth_new() (bsc#1031717). - keys: fix key refcount leak in keyctl_assume_authority() (bsc#1031717). - keys: fix key refcount leak in keyctl_read_key() (bsc#1031717). - keys: fix NULL pointer dereference during ASN.1 parsing [ver #2] (bnc#1012382). - keys: fix out-of-bounds read during ASN.1 parsing (bnc#1012382). - keys: return full count in keyring_read() if buffer is too small (bnc#1012382). - keys: trusted: fix writing past end of buffer in trusted_read() (bnc#1012382). - keys: trusted: sanitize all key material (bnc#1012382). - kvm: nVMX: set IDTR and GDTR limits when loading L1 host state (bnc#1012382). - kvm: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter (bnc#1012382). - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: SVM: obey guest PAT (bnc#1012382). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - kvm: x86: Exit to user-mode on #UD intercept when emulator requires (bnc#1012382). - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382). - kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk (bnc#1012382). - l2tp: check ps->sock before running pppol2tp_session_ioctl() (bnc#1012382). - libertas: Fix lbs_prb_rsp_limit_set() (bsc#1031717). - lib/mpi: call cond_resched() from mpi_powm() loop (bnc#1012382). - libnvdimm, namespace: fix label initialization to use valid seq numbers (bnc#1012382). - libnvdimm, namespace: make 'resource' attribute only readable by root (bnc#1012382). - libnvdimm, pfn: make 'resource' attribute only readable by root (FATE#319858). - lib/ratelimit.c: use deferred printk() version (bsc#979928). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - mac80211: agg-tx: call drv_wake_tx_queue in proper context (bsc#1031717). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - mac80211: do not send SMPS action frame in AP mode when not needed (bsc#1031717). - mac80211: Fix addition of mesh configuration element (git-fixes). - mac80211: Fix BW upgrade for TDLS peers (bsc#1031717). - mac80211: fix mgmt-tx abort cookie and leak (bsc#1031717). - mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() (bsc#1031717). - mac80211: Remove invalid flag operations in mesh TSF synchronization (bnc#1012382). - mac80211: Remove unused 'beaconint_us' variable (bsc#1031717). - mac80211: Remove unused 'i' variable (bsc#1031717). - mac80211: Remove unused 'len' variable (bsc#1031717). - mac80211: Remove unused 'rates_idx' variable (bsc#1031717). - mac80211: Remove unused 'sband' and 'local' variables (bsc#1031717). - mac80211: Remove unused 'struct ieee80211_rx_status' ptr (bsc#1031717). - mac80211: Suppress NEW_PEER_CANDIDATE event if no room (bnc#1012382). - mac80211: TDLS: always downgrade invalid chandefs (bsc#1031717). - mac80211: TDLS: change BW calculation for WIDER_BW peers (bsc#1031717). - mac80211: use constant time comparison with keys (bsc#1066471). - media: au0828: fix RC_CORE dependency (bsc#1031717). - media: Do not do DMA on stack for firmware upload in the AS102 driver (bnc#1012382). - media: em28xx: calculate left volume level correctly (bsc#1031717). - media: mceusb: fix memory leaks in error path (bsc#1031717). - media: rc: check for integer overflow (bnc#1012382). - media: v4l2-ctrl: Fix flags field on Control events (bnc#1012382). - megaraid_sas: Do not fire MR_DCMD_PD_LIST_QUERY to controllers which do not support it (bsc#1027301). - mei: return error on notification request to a disconnected client (bnc#1012382). - mfd: ab8500-sysctrl: Handle probe deferral (bnc#1012382). - mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped (bnc#1012382). - misc: panel: properly restore atomic counter on error path (bnc#1012382). - mmc: block: return error on failed mmc_blk_get() (bsc#1031717). - mmc: core: Do not leave the block driver in a suspended state (bnc#1012382). - mmc: core/mmci: restore pre/post_req behaviour (bsc#1031717). - mmc: dw_mmc: rockchip: Set the drive phase properly (bsc#1031717). - mm: check the return value of lookup_page_ext for all call sites (bnc#1068982). - mmc: host: omap_hsmmc: avoid possible overflow of timeout value (bsc#1031717). - mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR() (bsc#1031717). - mmc: mediatek: Fixed size in dma_free_coherent (bsc#1031717). - mmc: s3cmci: include linux/interrupt.h for tasklet_struct (bnc#1012382). - mmc: sd: limit SD card power limit according to cards capabilities (bsc#1031717). - mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all call sites" (bnc#1012382). - mm/madvise.c: fix madvise() infinite loop under special circumstances (bnc#1070964). - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032). - mm/page_alloc.c: broken deferred calculation (bnc#1068980). - mm, page_alloc: fix potential false positive in __zone_watermark_ok (Git-fixes, bsc#1068978). - mm/page_ext.c: check if page_ext is not prepared (bnc#1068982). - mm/page_owner: avoid null pointer dereference (bnc#1068982). - mm/pagewalk.c: report holes in hugetlb ranges (bnc#1012382). - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382). - net: 3com: typhoon: typhoon_init_one: fix incorrect return values (bnc#1012382). - net: 3com: typhoon: typhoon_init_one: make return values more specific (bnc#1012382). - net/9p: Switch to wait_event_killable() (bnc#1012382). - net: Allow IP_MULTICAST_IF to set index to L3 slave (bnc#1012382). - net: cdc_ether: fix divide by 0 on bad descriptors (bnc#1012382). - net: cdc_ncm: GetNtbFormat endian fix (git-fixes). - net: dsa: select NET_SWITCHDEV (bnc#1012382). - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed (bnc#1012382). - netfilter: nf_tables: fix oob access (bnc#1012382). - netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family (bnc#1012382). - netfilter: nft_queue: use raw_smp_processor_id() (bnc#1012382). - net: ibm: ibmvnic: constify vio_device_id (fate#323285). - netlink: add a start callback for starting a netlink dump (bnc#1012382). - net: mpls: prevent speculative execution (bnc#1068032). - net: qmi_wwan: fix divide by 0 on bad descriptors (bnc#1012382). - net/sctp: Always set scope_id in sctp_inet6_skb_msgname (bnc#1012382). - net/unix: do not show information about sockets from other namespaces (bnc#1012382). - nfc: fix device-allocation error return (bnc#1012382). - nfsd: deal with revoked delegations appropriately (bnc#1012382). - nfsd: Fix another OPEN stateid race (bnc#1012382). - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382). - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382). - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - nfs: Fix typo in nomigration mount option (bnc#1012382). - nfs: Fix ugly referral attributes (bnc#1012382). - nfs: improve shinking of access cache (bsc#1012917). - nfs: revalidate "." etc correctly on "open" (bsc#1068951). - nfs: revalidate "." etc correctly on "open" (git-fixes). Fix References tag. - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951). - nilfs2: fix race condition that causes file system corruption (bnc#1012382). - nvme: Fix memory order on async queue deletion (bnc#1012382). - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (bnc#1012382). - ocfs2: should wait dio before inode lock in ocfs2_setattr() (bnc#1012382). - p54: prevent speculative execution (bnc#1068032). - packet: avoid panic in packet_getsockopt() (bnc#1012382). - parisc: Fix validity check of pointer size argument in new CAS implementation (bnc#1012382). - pci: Apply _HPX settings only to relevant devices (bnc#1012382). - pci: mvebu: Handle changes to the bridge windows while enabled (bnc#1012382). - perf tools: Fix build failure on perl script context (bnc#1012382). - perf tools: Only increase index if perf_evsel__new_idx() succeeds (bnc#1012382). - perf/x86/intel/bts: Fix exclusive event reference leak (git-fixes d2878d642a4ed). - phy: increase size of MII_BUS_ID_SIZE and bus_id (bnc#1012382). - pkcs#7: fix unitialized boolean 'want' (bnc#1012382). - platform/x86: acer-wmi: setup accelerometer when ACPI device was found (bsc#1031717). - platform/x86: hp-wmi: Do not shadow error values (bnc#1012382). - platform/x86: hp-wmi: Fix detection for dock and tablet mode (bnc#1012382). - platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state (bnc#1012382). - platform/x86: intel_mid_thermal: Fix module autoload (bnc#1012382). - platform/x86: sony-laptop: Fix error handling in sony_nc_setup_rfkill() (bsc#1031717). - pm / OPP: Add missing of_node_put(np) (bnc#1012382). - power: bq27xxx_battery: Fix bq27541 AveragePower register address (bsc#1031717). - power: bq27xxx: fix reading for bq27000 and bq27010 (bsc#1031717). - powercap: Fix an error code in powercap_register_zone() (bsc#1031717). - power: ipaq-micro-battery: freeing the wrong variable (bsc#1031717). - powerpc/64: Fix race condition in setting lock bit in idle/wakeup code (bsc#1066223). - powerpc/barrier: add gmb. - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le (bsc#1066223). - powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 (bnc#1012382). - powerpc: Correct instruction code for xxlor instruction (bsc#1066223). - powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC (bsc#1066223). - powerpc/mm: Fix check of multiple 16G pages from device tree (bsc#1066223). - powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash (bsc#1066223). - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201, bsc#1066223). - powerpc/mm/hash: Free the subpage_prot_table correctly (bsc#1066223). - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1066223). - powerpc/numa: Fix whitespace in hot_add_drconf_memory_max() (bsc#1066223). - powerpc/opal: Fix EBUSY bug in acquiring tokens (bsc#1066223). - powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8 (bsc#1066223). - powerpc/powernv/ioda: Fix endianness when reading TCEs (bsc#1066223). - powerpc/powernv: Make opal_event_shutdown() callable from IRQ context (bsc#1066223). - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister (bsc#1067888). - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister (bsc#1067888). - powerpc: Secure memory rfi flush (bsc#1068032). - powerpc/signal: Properly handle return value from uprobe_deny_signal() (bsc#1066223). - powerpc/sysrq: Fix oops whem ppmu is not registered (bsc#1066223). - power: supply: bq27xxx_battery: Fix register map for BQ27510 and BQ27520 ("bsc#1069270"). - power: supply: isp1704: Fix unchecked return value of devm_kzalloc (bsc#1031717). - power: supply: lp8788: prevent out of bounds array access (bsc#1031717). - power_supply: tps65217-charger: Fix NULL deref during property export (bsc#1031717). - ppp: fix race in ppp device destruction (bnc#1012382). - Prevent timer value 0 for MWAITX (bsc#1065717). - printk/console: Always disable boot consoles that use init memory before it is freed (bsc#1063026). - printk/console: Enhance the check for consoles using init memory (bsc#1063026). - printk: include instead of (bsc#1063026). - printk: only unregister boot consoles when necessary (bsc#1063026). - pti: unbreak EFI (bsc#1074709). - ptrace: Add a new thread access check (bsc#1068032). - qla2xxx: prevent speculative execution (bnc#1068032). - quota: Check for register_shrinker() failure (bsc#1012829). - r8169: Do not increment tx_dropped in TX ring cleaning (bsc#1031717). - rbd: use GFP_NOIO for parent stat and data requests (bnc#1012382). - rdma/uverbs: Prevent leak of reserved field (bsc#1022595 FATE#322350). - rds: RDMA: return appropriate error on rdma map failures (bnc#1012382). - Redo encryption backport to fix pkt signing (bsc#1071009, fate#324404). - regulator: core: Limit propagation of parent voltage count and list (bsc#1070145). - regulator: fan53555: fix I2C device ids (bnc#1012382). - Revert "crypto: xts - Add ECB dependency" (bnc#1012382). - Revert "drm: bridge: add DT bindings for TI ths8135" (bnc#1012382). - Revert "drm/radeon: dont switch vt on suspend" (bnc#1012382). - Revert "ipsec: Fix aborted xfrm policy dump crash" (kabi). - Revert "netlink: add a start callback for starting a netlink dump" (kabi). - Revert "phy: increase size of MII_BUS_ID_SIZE and bus_id" (kabi). - Revert "sctp: do not peel off an assoc from one netns to another one" (bnc#1012382). - Revert "uapi: fix linux/rds.h userspace compilation errors" (bnc#1012382). - rpm/kernel-binary.spec.in: add the kernel-binary dependencies to kernel-binary-base (bsc#1060333). - rpm/kernel-binary.spec.in: Correct supplements for recent SLE products (bsc#1067494) - rpm/kernel-binary.spec.in: only rewrite modules.dep if non-zero in size (bsc#1056979). - rtc: ds1307: Fix relying on reset value for weekday (bsc#1031717). - rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks (bsc#1031717). - rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL (bsc#1031717). - rtc: rtc-nuc900: fix loop timeout test (bsc#1031717). - rtc: sa1100: fix unbalanced clk_prepare_enable/clk_disable_unprepare (bsc#1031717). - rt/fs/dcache: Convert s_anon_lock to a raw spinlock for RT - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time (bnc#1012382). - rtlwifi: rtl8192ee: Fix memory leak when loading firmware (bnc#1012382). - rtlwifi: rtl8821ae: Fix HW_VAR_NAV_UPPER operation (bsc#1031717). - s390: add ppa to system call and program check path (bsc#1068032). - s390/dasd: check for device error pointer within state change interrupts (bnc#1012382). - s390/disassembler: add missing end marker for e7 table (bnc#1012382). - s390/disassembler: correct disassembly lines alignment (bsc#1070825). - s390/disassembler: increase show_code buffer size (bnc#1012382). - s390: fix transactional execution control register handling (bnc#1012382). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/kbuild: enable modversions for symbols exported from asm (bnc#1012382). - s390/qeth: issue STARTLAN as first IPA command (bnc#1012382). - s390/runtime instrumention: fix possible memory corruption (bnc#1012382). - s390/spinlock: add gmb memory barrier - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path Signoff the s390 patches. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (bsc#1068032). - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (bsc#1068032). - sched: Make resched_cpu() unconditional (bnc#1012382). - sched/rt: Do not pull from current CPU if only one CPU to pull (bnc#1022476). - sched/rt: Simplify the IPI based RT balancing logic (bnc#1012382). - scsi: aacraid: Process Error for response I/O (bnc#1012382). - scsi_devinfo: cleanly zero-pad devinfo strings (bsc#1062941). - scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1064311). - scsi: ipr: Fix scsi-mq lockdep issue (bsc#1066213). - scsi: ipr: Set no_report_opcodes for RAID arrays (bsc#1066213). - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1056003). - scsi: lpfc: Add missing memory barrier (bnc#1012382). - scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload (bnc#1012382). - scsi: lpfc: Correct host name in symbolic_name field (bnc#1012382). - scsi: lpfc: Correct issue leading to oops during link reset (bnc#1012382). - scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort (bnc#1012382). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return "Illegal Request - Logical unit not supported" and processing should leave the timeout loop in this case. - scsi: scsi_devinfo: fixup string compare (bsc#1062941). - scsi: scsi_devinfo: handle non-terminated strings (bsc#1062941). - scsi: ses: check return code from ses_recv_diag() (bsc#1039616). - scsi: ses: Fixup error message 'failed to get diagnostic page 0xffffffea' (bsc#1039616). - scsi: ses: Fix wrong page error (bsc#1039616). - scsi: ses: make page2 support optional (bsc#1039616). - scsi: sg: Re-fix off by one in sg_fill_request_table() (bnc#1012382). - scsi: ufs: add capability to keep auto bkops always enabled (bnc#1012382). - scsi: ufs-qcom: Fix module autoload (bnc#1012382). - scsi: virtio_scsi: let host do exception handling (bsc#1060682). - scsi: zfcp: fix erp_action use-before-initialize in REC action trace (bnc#1012382). - sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect (bnc#1012382). - sctp: do not peel off an assoc from one netns to another one (bnc#1012382). - sctp: do not peel off an assoc from one netns to another one (bnc#1012382). - sctp: reset owner sk for data chunks on out queues when migrating a sock (bnc#1012382). - security/keys: add CONFIG_KEYS_COMPAT to Kconfig (bnc#1012382). - selftests: firmware: add empty string and async tests (bnc#1012382). - selftests: firmware: send expected errors to /dev/null (bnc#1012382). - serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() (bsc#1031717). - serial: 8250_uniphier: fix serial port index in private data (bsc#1031717). - serial: omap: Fix EFR write on RTS deassertion (bnc#1012382). - serial: Remove unused port type (bsc#1066045). - serial: sh-sci: Fix register offsets for the IRDA serial port (bnc#1012382). - smb2: Fix share type handling (bnc#1074392). - smb3: parsing for new snapshot timestamp mount parm (FATE#324404). New mount option "snapshot=