From sle-updates at lists.suse.com Sun Apr 1 17:08:16 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Apr 2012 01:08:16 +0200 (CEST) Subject: SUSE-RU-2012:0440-1: Recommended update for net-snmp Message-ID: <20120401230817.8C8A23242B@maintenance.suse.de> SUSE Recommended Update: Recommended update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0440-1 Rating: low References: #707636 #742634 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This maintenance update for net-snmp fixes the following issues: * The snmpd agent doesn't generate linkUp or linkDown notifications when linkUpDownNotifications is configured (bug#742634). * Avoid an unnecessary stop/start cycle in the agent after log rotation (bnc#707636). Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): net-snmp-5.3.0.1-25.39.1 net-snmp-devel-5.3.0.1-25.39.1 perl-SNMP-5.3.0.1-25.39.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): net-snmp-32bit-5.3.0.1-25.39.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): net-snmp-x86-5.3.0.1-25.39.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): net-snmp-64bit-5.3.0.1-25.39.1 net-snmp-devel-64bit-5.3.0.1-25.39.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): net-snmp-5.3.0.1-25.39.1 net-snmp-devel-5.3.0.1-25.39.1 perl-SNMP-5.3.0.1-25.39.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): net-snmp-32bit-5.3.0.1-25.39.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): net-snmp-devel-5.3.0.1-25.39.1 - SLE SDK 10 SP4 (ppc): net-snmp-devel-64bit-5.3.0.1-25.39.1 References: https://bugzilla.novell.com/707636 https://bugzilla.novell.com/742634 http://download.novell.com/patch/finder/?keywords=25c3848c6b5780faba2769185c585d2e From sle-updates at lists.suse.com Sun Apr 1 17:08:19 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Apr 2012 01:08:19 +0200 (CEST) Subject: SUSE-RU-2012:0441-1: important: Recommended update for coreutils Message-ID: <20120401230819.D9FE53242B@maintenance.suse.de> SUSE Recommended Update: Recommended update for coreutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0441-1 Rating: important References: #697897 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: A previous security update to coreutils changed su to start shells for "su -c" invocations in a separate session. As this caused interopability issues, this update adds back the old behavior as a non-default option: * either via su -C , which is consistent with how su -c behaved before * or by exporting SU_C_SAME_SESSION=1 as an environment variable before running su(1). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-coreutils-6058 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-coreutils-6058 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-coreutils-6058 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): coreutils-8.12-6.21.1 coreutils-lang-8.12-6.21.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): coreutils-8.12-6.21.1 coreutils-lang-8.12-6.21.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): coreutils-x86-8.12-6.21.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): coreutils-8.12-6.21.1 coreutils-lang-8.12-6.21.1 References: https://bugzilla.novell.com/697897 http://download.novell.com/patch/finder/?keywords=f19b567d3d31ac72d3f9240d23367bc7 From sle-updates at lists.suse.com Mon Apr 2 15:08:16 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Apr 2012 23:08:16 +0200 (CEST) Subject: SUSE-FU-2012:0456-1: Feature update for pciutils Message-ID: <20120402210816.E532F32430@maintenance.suse.de> SUSE Feature Update: Feature update for pciutils ______________________________________________________________________________ Announcement ID: SUSE-FU-2012:0456-1 Rating: low References: #743540 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one feature fix can now be installed. It includes one version update. Description: This update provides pciutils 3.1.7, which improves correctness and completeness of information reporting for VF devices. * All extended capabilities have their version displayed (-vv or more). * When scanning extended capabilities, properly mask the lowest 2 bits, which are currently reserved. This avoids unaligned access errors on broken hardware (see tests/broken-ecaps). * Large bar sizes are displayed in human-readable format (with units). * The SR-IOV capability decoder now prints the VF BAR's. * The VPD parser now reports unknown and vendor-defined items properly. It also stops on any item in unknown format, avoiding long output on bogus VPD data * The Power Management capability now includes the soft reset bit. * Decoding of the Advanced Features capability has been added. * The procfs back-end is able to cope with /proc/bus/pci containing names with domains, which occur on sparc64 and possibly other architectures due to a kernel bug. * The MSI and MSI-X capabilities are printed in a prettier way. * When a BAR is reported by the OS, but not by the device (i.e., it is marked as [virtual] in lspci), the [disabled] flag is suppressed, because it does not make sense in such cases. * When a device has the VPD (Vital Product Data) capability and the VPD data are supplied by the OS, they are decoded and printed in the verbose mode. This currently works only on Linux with the sysfs back-end. * The setpci utility is now able to address registers stored in PCI capabilities (actually it allows a more general form of relative addressing). * The library has gained functions for working with PCI capabilities. * Fixed printing of the AER capability. Patch Instructions: To install this SUSE Feature Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-pciutils-5883 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-pciutils-5883 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-pciutils-5883 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-pciutils-5883 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.1.7]: pciutils-devel-3.1.7-11.5.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64) [New Version: 3.1.7]: pciutils-devel-32bit-3.1.7-11.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.1.7]: pciutils-3.1.7-11.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.1.7]: pciutils-32bit-3.1.7-11.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.1.7]: pciutils-3.1.7-11.5.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.1.7]: pciutils-32bit-3.1.7-11.5.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.1.7]: pciutils-x86-3.1.7-11.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.1.7]: pciutils-3.1.7-11.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.1.7]: pciutils-32bit-3.1.7-11.5.1 References: https://bugzilla.novell.com/743540 http://download.novell.com/patch/finder/?keywords=a1da8b02b8de0c35b836b3dcb62d6445 From sle-updates at lists.suse.com Mon Apr 2 16:08:32 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2012 00:08:32 +0200 (CEST) Subject: SUSE-SU-2012:0457-1: moderate: Security update for LibreOffice Message-ID: <20120402220833.02A9D32430@maintenance.suse.de> SUSE Security Update: Security update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0457-1 Rating: moderate References: #417818 #621739 #653688 #655408 #657909 #677811 #685123 #693238 #693388 #695479 #699334 #703032 #704274 #705949 #705956 #705977 #705985 #705991 #706138 #706792 #707157 #714787 #715094 #715104 #715115 #715543 #717290 #718227 #718694 #718971 #719656 #719887 #719989 #720443 #720948 #722045 #722918 #723074 #724087 #726152 #726174 #727504 #728559 #728603 #733864 #734734 #735533 #736495 #737190 #737921 #738113 #740032 #740117 #740453 #741182 #742178 #746996 #747471 #748198 Cross-References: CVE-2011-4599 CVE-2012-0037 CVE-2012-1149 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 56 fixes is now available. It includes one version update. Description: LibreOffice 3.4.5 includes many fixes over the previous LibreOffice 3.4.2.6 update. The update fixes the following security issues: * 740453: Vulnerability in RDF handling (CVE-2012-0037) * 752595: overflow in jpeg handling (CVE-2012-1149) * 736146: buffer overflow in the build in icu copy (736146) This update also fixes the following non-security issues: Extras: * add SUSE color palette (fate#312645) Filters: * crash when loading embedded elements (bnc#693238) * crash when importing an empty paragraph (rh#667082) * more on bentConnectors (bnc#736495) * wrong text color in smartArt (bnc#746996) * reading of w:textbox contents (bnc#693388) * textbox position and size DOCX import (fdo#45560) * RTF/DOCX import of transparent frames (bnc#695479) * consecutive frames in RTF/DOCX import (bnc#703032) * handling of frame properties in RTF import (bnc#417818) * force imported XLSX active tab to be shown (bnc#748198) * create TableManager for inside shapes (bnc#747471, bnc#693238) * textboxes import with OLE objects inside (bnc#747471, bnc#693238) * table style (bnc#705991) * text rotation fixes (bnc#734734) * crash in PPTX import (bnc#706792) * read w:sdt* contents (bnc#705949) * connector shape fixes (bnc#719989) * legacy fragment import (bnc#699334) * non-working Excel macros (bnc#705977) * free drawn curves import (bnc#657909) * group shape transformations (bnc#621739) * extLst of drawings in diagrams import (bnc#655408) * flip properties of custom shapes import (bnc#705985) * line spacing is used from previous values (bnc#734734) * missing ooxml customshape->mso shape name entries (bnc#737921) * word doesn't break the numberings and prefers hiding them (bnc#707157) Base: * iterator misuse (fdo #44040, bnc#742178) Writer: * do not use an invalidated iterator (fdo#46337) * field refreshing (fdo#39694) * more layout crashers (i#101776, fdo#39510) * textbox borders style and width in DOCX import (fdo#45560) * expand all text fields when setting properties (fdo#42073) * version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1) * SmartArt import * custom shapes import * Oracle Java 1.7.0 detection * reading AES-encrypted ODF 1.2 documents as generated by LO 3.5 * frame selection (bnc#740117) * crash when editing index (bnc#726174) * order database properties (bnc#740032) * numbering levels in DOC import (bnc#715115) * image size issue in DOC import (bnc#718971) * pointless forward moving of a table (bnc#706138) * tabs set after the end margin in DOCX import (bnc#693238) * add hyperlinks by default in Table of Contents (bnc#705956) Calc: * pie charts colors messed in XLS import (fdo#40320) * correctly import data point formats in data series (fdo#40320) Components: * crash when parsing XML signatures (fdo#39657) * broken getDataArray (fdo#46165, fdo#38441, i#117010) * don't paint a frame around the list of edit boxes (fdo#42543) * inconsistent compression method for encrypted documents (bnc#653688) * allow pasting to multiple ranges (bnc#715094) * correctly convert chart data ranges (bnc#727504) * definedName corruption for XLSX export (bnc#741182) * adjust/shrink the ranges while copying (bnc#677811) * extra graph data is displayed for label (bnc#717290) * getCellRangeByName failure for named range (bnc#738113) * graph in XLS file has dates displayed wrong (bnc#720443) * improve performance of large Excel documents (bnc#715104) * display page background color/image properly (bnc#722045) * pivot table output becoming empty on re-save (bnc#715543) * encode virtual paths to local volume correctly (bnc#719887) * avoid adjusting cell-anchored objects on other sheets (bnc#726152) * make sure to adjust the sheet index of drawing objects (bnc#733864) * make the data validation popup more reliable (fdo #36851, bnc#737190) Impress: * do not create an empty slide when printing handouts (fdo#31966) * undo corruption (bnc#685123) * do not set duplicate master slide names (bnc#735533) Libraries: * default shortcut for .uno:SearchDialog should be Ctrl+H * crash using instances dialog of dataform navigator (fdo#44816) * disable problematic reading of external entities in raptor * correctly calculate leap year * use proper Indian Rupee currency symbol U+20B9 (rh#794679) * handle copy and paste from ConsoleOne (bnc#704274) * VBA control events not working, broken eventattacher (bnc#718227) * "General Error" when double-click graphic in presentation (bnc#720948) * upgrade graphite to 1.0.3 fix surrogate support * crash at exit (bnc#728603) * radial gradient offset (bnc#714787) * horizontal scrollbars with KDE oxygen style (bnc#722918) * rendering of metafiles embedded in EMF+ (updated) (bnc#705956) Postprocess: * make the 3D transitions work again (bnc#728559) URE: * make Duden Korrektor 5 and 6 work General: * add compat symlinks for the old main desktop icon (bnc#724087) * Fix tooltips are all black in KDE4 (bnc#723074, fdo#40461) * do-not-display-math-in-desktop-menu.diff: do not display math in desktop menu (fdo#41681) * desktop-submenu.diff: display LO application in the right desktop submenu (bnc#718694) * bash-completion-for-loffice.diff: define bash completion for 'loffice' wrapper (bnc#719656) * svx-globlmn-hrc-build-dep.diff: fix build dependency problem in svx Security Issue references: * CVE-2011-4599 * CVE-2012-1149 * CVE-2012-0037 Package List: - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 3.4.5.5]: libreoffice-3.4.5.5-0.7.1 libreoffice-af-3.4.5.5-0.7.1 libreoffice-ar-3.4.5.5-0.7.1 libreoffice-ca-3.4.5.5-0.7.1 libreoffice-cs-3.4.5.5-0.7.1 libreoffice-da-3.4.5.5-0.7.1 libreoffice-de-3.4.5.5-0.7.1 libreoffice-el-3.4.5.5-0.7.1 libreoffice-en-GB-3.4.5.5-0.7.1 libreoffice-es-3.4.5.5-0.7.1 libreoffice-fi-3.4.5.5-0.7.1 libreoffice-fr-3.4.5.5-0.7.1 libreoffice-galleries-3.4.5.5-0.7.1 libreoffice-gnome-3.4.5.5-0.7.1 libreoffice-gu-IN-3.4.5.5-0.7.1 libreoffice-hi-IN-3.4.5.5-0.7.1 libreoffice-hu-3.4.5.5-0.7.1 libreoffice-it-3.4.5.5-0.7.1 libreoffice-ja-3.4.5.5-0.7.1 libreoffice-kde-3.4.5.5-0.7.1 libreoffice-ko-3.4.5.5-0.7.1 libreoffice-mono-3.4.5.5-0.7.1 libreoffice-nb-3.4.5.5-0.7.1 libreoffice-nl-3.4.5.5-0.7.1 libreoffice-nn-3.4.5.5-0.7.1 libreoffice-pl-3.4.5.5-0.7.1 libreoffice-pt-BR-3.4.5.5-0.7.1 libreoffice-ru-3.4.5.5-0.7.1 libreoffice-sk-3.4.5.5-0.7.1 libreoffice-sv-3.4.5.5-0.7.1 libreoffice-xh-3.4.5.5-0.7.1 libreoffice-zh-CN-3.4.5.5-0.7.1 libreoffice-zh-TW-3.4.5.5-0.7.1 libreoffice-zu-3.4.5.5-0.7.1 - SLE SDK 10 SP4 (i586) [New Version: 3.4.5.5]: libreoffice-3.4.5.5-0.7.1 libreoffice-cs-3.4.5.5-0.7.1 libreoffice-de-3.4.5.5-0.7.1 libreoffice-es-3.4.5.5-0.7.1 libreoffice-fr-3.4.5.5-0.7.1 libreoffice-galleries-3.4.5.5-0.7.1 libreoffice-gnome-3.4.5.5-0.7.1 libreoffice-hu-3.4.5.5-0.7.1 libreoffice-it-3.4.5.5-0.7.1 libreoffice-ja-3.4.5.5-0.7.1 libreoffice-kde-3.4.5.5-0.7.1 libreoffice-mono-3.4.5.5-0.7.1 libreoffice-pl-3.4.5.5-0.7.1 libreoffice-pt-BR-3.4.5.5-0.7.1 libreoffice-sk-3.4.5.5-0.7.1 libreoffice-zh-CN-3.4.5.5-0.7.1 libreoffice-zh-TW-3.4.5.5-0.7.1 References: http://support.novell.com/security/cve/CVE-2011-4599.html http://support.novell.com/security/cve/CVE-2012-0037.html http://support.novell.com/security/cve/CVE-2012-1149.html https://bugzilla.novell.com/417818 https://bugzilla.novell.com/621739 https://bugzilla.novell.com/653688 https://bugzilla.novell.com/655408 https://bugzilla.novell.com/657909 https://bugzilla.novell.com/677811 https://bugzilla.novell.com/685123 https://bugzilla.novell.com/693238 https://bugzilla.novell.com/693388 https://bugzilla.novell.com/695479 https://bugzilla.novell.com/699334 https://bugzilla.novell.com/703032 https://bugzilla.novell.com/704274 https://bugzilla.novell.com/705949 https://bugzilla.novell.com/705956 https://bugzilla.novell.com/705977 https://bugzilla.novell.com/705985 https://bugzilla.novell.com/705991 https://bugzilla.novell.com/706138 https://bugzilla.novell.com/706792 https://bugzilla.novell.com/707157 https://bugzilla.novell.com/714787 https://bugzilla.novell.com/715094 https://bugzilla.novell.com/715104 https://bugzilla.novell.com/715115 https://bugzilla.novell.com/715543 https://bugzilla.novell.com/717290 https://bugzilla.novell.com/718227 https://bugzilla.novell.com/718694 https://bugzilla.novell.com/718971 https://bugzilla.novell.com/719656 https://bugzilla.novell.com/719887 https://bugzilla.novell.com/719989 https://bugzilla.novell.com/720443 https://bugzilla.novell.com/720948 https://bugzilla.novell.com/722045 https://bugzilla.novell.com/722918 https://bugzilla.novell.com/723074 https://bugzilla.novell.com/724087 https://bugzilla.novell.com/726152 https://bugzilla.novell.com/726174 https://bugzilla.novell.com/727504 https://bugzilla.novell.com/728559 https://bugzilla.novell.com/728603 https://bugzilla.novell.com/733864 https://bugzilla.novell.com/734734 https://bugzilla.novell.com/735533 https://bugzilla.novell.com/736495 https://bugzilla.novell.com/737190 https://bugzilla.novell.com/737921 https://bugzilla.novell.com/738113 https://bugzilla.novell.com/740032 https://bugzilla.novell.com/740117 https://bugzilla.novell.com/740453 https://bugzilla.novell.com/741182 https://bugzilla.novell.com/742178 https://bugzilla.novell.com/746996 https://bugzilla.novell.com/747471 https://bugzilla.novell.com/748198 http://download.novell.com/patch/finder/?keywords=212ca99750b4a43554de347c255f56fb From sle-updates at lists.suse.com Mon Apr 2 16:08:34 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2012 00:08:34 +0200 (CEST) Subject: SUSE-RU-2012:0458-1: Recommended update for pciutils Message-ID: <20120402220834.8BCA932430@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0458-1 Rating: low References: #699490 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Fix printing of the PCI Correctable Error Mask information under the AER Capabilities section (bnc#699490). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-pciutils-5953 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-pciutils-5953 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-pciutils-5953 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): pciutils-3.0.1-2.20.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): pciutils-32bit-3.0.1-2.20.2.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): pciutils-3.0.1-2.20.2.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): pciutils-32bit-3.0.1-2.20.2.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): pciutils-x86-3.0.1-2.20.2.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): pciutils-3.0.1-2.20.2.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): pciutils-32bit-3.0.1-2.20.2.1 References: https://bugzilla.novell.com/699490 http://download.novell.com/patch/finder/?keywords=d907ffa59f9a330bdefd6d44a569a9c7 From sle-updates at lists.suse.com Mon Apr 2 16:08:35 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2012 00:08:35 +0200 (CEST) Subject: SUSE-RU-2012:0441-2: important: Recommended update for coreutils Message-ID: <20120402220835.D35C632430@maintenance.suse.de> SUSE Recommended Update: Recommended update for coreutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0441-2 Rating: important References: #697897 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: A previous security update to coreutils changed su to start shells for "su -c" invocations in a separate session. As this caused interopability issues, this update adds back the old behavior as a non-default option: * either via su -C , which is consistent with how su -c behaved before * or by exporting SU_C_SAME_SESSION=1 as an environment variable before running su(1). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-coreutils-6050 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-coreutils-6050 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-coreutils-6050 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): coreutils-6.12-32.37.1 coreutils-lang-6.12-32.37.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): coreutils-6.12-32.37.1 coreutils-lang-6.12-32.37.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): coreutils-x86-6.12-32.37.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): coreutils-6.12-32.37.1 coreutils-lang-6.12-32.37.1 References: https://bugzilla.novell.com/697897 http://download.novell.com/patch/finder/?keywords=ed51dbf14f4fb13d19fb4139c54c9916 From sle-updates at lists.suse.com Tue Apr 3 13:08:27 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Apr 2012 21:08:27 +0200 (CEST) Subject: SUSE-SU-2012:0464-1: Security update for libxslt Message-ID: <20120403190827.CB56332172@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0464-1 Rating: low References: #746039 Cross-References: CVE-2011-3970 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libxslt was prone to an out-of-bounds read flaw when parsing certain patterns (CVE-2011-3970). This could have lead to a Denial of Service. Security Issue reference: * CVE-2011-3970 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libxslt-5810 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libxslt-5810 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libxslt-5810 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libxslt-5810 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libxslt-5810 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libxslt-5810 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libxslt-5810 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxslt-devel-1.1.24-19.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libxslt-devel-32bit-1.1.24-19.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libxslt-devel-1.1.24-19.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): libxslt-devel-32bit-1.1.24-19.17.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxslt-1.1.24-19.17.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libxslt-32bit-1.1.24-19.17.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libxslt-x86-1.1.24-19.17.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): libxslt-1.1.24-19.17.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libxslt-32bit-1.1.24-19.17.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): libxslt-1.1.24-19.17.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libxslt-32bit-1.1.24-19.17.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libxslt-x86-1.1.24-19.17.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libxslt-1.1.24-19.17.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libxslt-32bit-1.1.24-19.17.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): libxslt-1.1.24-19.17.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libxslt-32bit-1.1.24-19.17.1 References: http://support.novell.com/security/cve/CVE-2011-3970.html https://bugzilla.novell.com/746039 http://download.novell.com/patch/finder/?keywords=844627b355e09a035cff1b6b2996ea42 From sle-updates at lists.suse.com Tue Apr 3 20:08:13 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Apr 2012 04:08:13 +0200 (CEST) Subject: SUSE-RU-2012:0465-1: Recommended update for release-notes-ha-geo Message-ID: <20120404020813.CA0A932179@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha-geo ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0465-1 Rating: low References: #64937 Affected Products: SUSE Linux Enterprise High Availability Geographic Cluster 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest Release Notes updates for SUSE Linux Enterprise Server 11 SP2 High Availablility Geo Clustering. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Geographic Cluster 11 SP2: zypper in -t patch sleshagsp2-release-notes-ha-geo-6092 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Geographic Cluster 11 SP2 (s390x x86_64): release-notes-ha-geo-11.2-0.7.1 References: https://bugzilla.novell.com/64937 http://download.novell.com/patch/finder/?keywords=4701a653e58e528e59275da768977424 From sle-updates at lists.suse.com Wed Apr 4 18:08:18 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Apr 2012 02:08:18 +0200 (CEST) Subject: SUSE-RU-2012:0468-1: Recommended update for osc Message-ID: <20120405000818.E619032188@maintenance.suse.de> SUSE Recommended Update: Recommended update for osc ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0468-1 Rating: low References: #737640 #749335 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update provides osc 0.134.1: * adding unlock command * maintenance_incident requests get created with source revision of package * Enables new maintenance submissions for new OBS 2.3 maintenance model * Fixes srcmd5 revisions in submit request, when link target != submission target * patchinfo call can work without checked out copy now * use qemu as fallback for building not directly supported architectures * "results --watch" option to watch build results until they finished building * fixes injection of terminal control chars (bnc#749335)(CVE-2012-1095) * support dryrun of branching to preview the expected result. "osc sm" is doing this now by default. * maintenance requests accept package lists as source and target incidents to be merged in * add "setincident" command to "request" to re-direct a maintenance request * ask user to create "maintenance incident" request when submit request is failing at release project * "osc my patchinfos" is showing patchinfos where any open bug is assigned to user * "osc my" or "osc my work" is including assigned patchinfos * "osc branch --maintenance" is creating setups for maintenance * removed debug code lead to warning message (fix by Marcus_H) * add --meta option also to "list", "cat" and "less" commands * project checkout is skipping packages linking to project local packages by default * add --keep-link option to copypac command * source validators are not called by default anymore: * They can get used via source services now * Allows different validations based on the code streams * support source services using OBS project or package name * support updateing _patchinfo file with new issues just by calling "osc patchinfo" again * branch --add-repositories can be used to add repos from source project to target project * branch --extend-package-names can be used to do mbranch like branch of a single package * branch --new-package can be used to do branch from a not yet existing package (to define later submit target) * show declined requests which created by user Security Issue reference: * CVE-2012-1095 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-osc-0134-6064 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-osc-0134-6064 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.134.1]: osc-0.134.1-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.134.1]: osc-0.134.1-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-1095.html https://bugzilla.novell.com/737640 https://bugzilla.novell.com/749335 http://download.novell.com/patch/finder/?keywords=8b74484846ec00c0baf720b6b4bd7e1c From sle-updates at lists.suse.com Thu Apr 5 09:08:15 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Apr 2012 17:08:15 +0200 (CEST) Subject: SUSE-SU-2012:0464-2: Security update for libxslt Message-ID: <20120405150815.C3EE932188@maintenance.suse.de> SUSE Security Update: Security update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0464-2 Rating: low References: #746039 Cross-References: CVE-2011-3970 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libxslt was prone to an out-of-bounds read flaw when parsing certain patterns (CVE-2011-3970). This could have lead to a Denial of Service and is fixed with this update. Security Issue reference: * CVE-2011-3970 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): libxslt-1.1.15-15.16.21 libxslt-devel-1.1.15-15.16.21 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libxslt-32bit-1.1.15-15.16.21 libxslt-devel-32bit-1.1.15-15.16.21 - SUSE Linux Enterprise Server 10 SP4 (ia64): libxslt-x86-1.1.15-15.16.21 - SUSE Linux Enterprise Server 10 SP4 (ppc): libxslt-64bit-1.1.15-15.16.21 libxslt-devel-64bit-1.1.15-15.16.21 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libxslt-1.1.15-15.16.21 libxslt-devel-1.1.15-15.16.21 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libxslt-32bit-1.1.15-15.16.21 libxslt-devel-32bit-1.1.15-15.16.21 References: http://support.novell.com/security/cve/CVE-2011-3970.html https://bugzilla.novell.com/746039 http://download.novell.com/patch/finder/?keywords=5d3a5dffd02556b10dd8725a25b362d4 From sle-updates at lists.suse.com Thu Apr 5 11:08:18 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Apr 2012 19:08:18 +0200 (CEST) Subject: SUSE-SU-2012:0470-1: moderate: Security update for nginx-1.0 Message-ID: <20120405170818.CA5A432188@maintenance.suse.de> SUSE Security Update: Security update for nginx-1.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0470-1 Rating: moderate References: #752482 Cross-References: CVE-2012-1180 Affected Products: WebYaST 1.2 SUSE Studio Standard Edition 1.2 SUSE Studio Onsite 1.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The following issue has been fixed: * specially crafted http responses from upstream server could have leaked already freed memory (CVE-2012-1180). Security Issue reference: * CVE-2012-1180 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.2: zypper in -t patch slewyst12-nginx-1.0-6017 - SUSE Studio Standard Edition 1.2: zypper in -t patch sleslms12-nginx-1.0-6017 - SUSE Studio Onsite 1.2: zypper in -t patch slestso12-nginx-1.0-6017 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.2 (i586 ia64 ppc64 s390x x86_64): nginx-1.0-1.0.0-0.13.1 - SUSE Studio Standard Edition 1.2 (x86_64): nginx-1.0-1.0.0-0.13.1 - SUSE Studio Onsite 1.2 (x86_64): nginx-1.0-1.0.0-0.13.1 References: http://support.novell.com/security/cve/CVE-2012-1180.html https://bugzilla.novell.com/752482 http://download.novell.com/patch/finder/?keywords=580483de83bdb5fcefc3e3b28e7b4a03 From sle-updates at lists.suse.com Thu Apr 5 19:08:13 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Apr 2012 03:08:13 +0200 (CEST) Subject: SUSE-RU-2012:0471-1: important: Recommended update for mkinitrd Message-ID: <20120406010814.5A20932188@maintenance.suse.de> SUSE Recommended Update: Recommended update for mkinitrd ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0471-1 Rating: important References: #739822 #750668 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mkinitrd provides the following fixes: * mkinitrd has been fixed to set zfcp scsi devices online in the initramfs. * The /sbin/installkernel script has been fixed to install the /boot/vmlinux-* image for use by e.g. kdump Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-mkinitrd-6014 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-mkinitrd-6014 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-mkinitrd-6014 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): mkinitrd-2.4.2-0.53.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): mkinitrd-2.4.2-0.53.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): mkinitrd-2.4.2-0.53.1 References: https://bugzilla.novell.com/739822 https://bugzilla.novell.com/750668 http://download.novell.com/patch/finder/?keywords=a884e432ac60d736def98584ecb6cc54 From sle-updates at lists.suse.com Thu Apr 5 19:08:16 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Apr 2012 03:08:16 +0200 (CEST) Subject: SUSE-SU-2012:0472-1: important: Security update for PHP5 Message-ID: <20120406010816.6F65432182@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0472-1 Rating: important References: #741520 #741859 #743308 #746661 #749111 Cross-References: CVE-2011-4153 CVE-2012-0057 CVE-2012-0807 CVE-2012-0831 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update of PHP5 fixes multiple security flaws: * CVE-2011-4153, missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference) * CVE-2012-0057, specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content * CVE-2012-0807, a stack based buffer overflow in php5's Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header * CVE-2012-0831, temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections Security Issue references: * CVE-2011-4153 * CVE-2012-0057 * CVE-2012-0807 * CVE-2012-0831 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php53-5958 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_php53-5958 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_php53-5958 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.8-0.23.1 php53-imap-5.3.8-0.23.1 php53-posix-5.3.8-0.23.1 php53-readline-5.3.8-0.23.1 php53-sockets-5.3.8-0.23.1 php53-sqlite-5.3.8-0.23.1 php53-tidy-5.3.8-0.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_php53-5.3.8-0.23.1 php53-5.3.8-0.23.1 php53-bcmath-5.3.8-0.23.1 php53-bz2-5.3.8-0.23.1 php53-calendar-5.3.8-0.23.1 php53-ctype-5.3.8-0.23.1 php53-curl-5.3.8-0.23.1 php53-dba-5.3.8-0.23.1 php53-dom-5.3.8-0.23.1 php53-exif-5.3.8-0.23.1 php53-fastcgi-5.3.8-0.23.1 php53-fileinfo-5.3.8-0.23.1 php53-ftp-5.3.8-0.23.1 php53-gd-5.3.8-0.23.1 php53-gettext-5.3.8-0.23.1 php53-gmp-5.3.8-0.23.1 php53-iconv-5.3.8-0.23.1 php53-intl-5.3.8-0.23.1 php53-json-5.3.8-0.23.1 php53-ldap-5.3.8-0.23.1 php53-mbstring-5.3.8-0.23.1 php53-mcrypt-5.3.8-0.23.1 php53-mysql-5.3.8-0.23.1 php53-odbc-5.3.8-0.23.1 php53-openssl-5.3.8-0.23.1 php53-pcntl-5.3.8-0.23.1 php53-pdo-5.3.8-0.23.1 php53-pear-5.3.8-0.23.1 php53-pgsql-5.3.8-0.23.1 php53-pspell-5.3.8-0.23.1 php53-shmop-5.3.8-0.23.1 php53-snmp-5.3.8-0.23.1 php53-soap-5.3.8-0.23.1 php53-suhosin-5.3.8-0.23.1 php53-sysvmsg-5.3.8-0.23.1 php53-sysvsem-5.3.8-0.23.1 php53-sysvshm-5.3.8-0.23.1 php53-tokenizer-5.3.8-0.23.1 php53-wddx-5.3.8-0.23.1 php53-xmlreader-5.3.8-0.23.1 php53-xmlrpc-5.3.8-0.23.1 php53-xmlwriter-5.3.8-0.23.1 php53-xsl-5.3.8-0.23.1 php53-zip-5.3.8-0.23.1 php53-zlib-5.3.8-0.23.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.8-0.23.1 php53-5.3.8-0.23.1 php53-bcmath-5.3.8-0.23.1 php53-bz2-5.3.8-0.23.1 php53-calendar-5.3.8-0.23.1 php53-ctype-5.3.8-0.23.1 php53-curl-5.3.8-0.23.1 php53-dba-5.3.8-0.23.1 php53-dom-5.3.8-0.23.1 php53-exif-5.3.8-0.23.1 php53-fastcgi-5.3.8-0.23.1 php53-fileinfo-5.3.8-0.23.1 php53-ftp-5.3.8-0.23.1 php53-gd-5.3.8-0.23.1 php53-gettext-5.3.8-0.23.1 php53-gmp-5.3.8-0.23.1 php53-iconv-5.3.8-0.23.1 php53-intl-5.3.8-0.23.1 php53-json-5.3.8-0.23.1 php53-ldap-5.3.8-0.23.1 php53-mbstring-5.3.8-0.23.1 php53-mcrypt-5.3.8-0.23.1 php53-mysql-5.3.8-0.23.1 php53-odbc-5.3.8-0.23.1 php53-openssl-5.3.8-0.23.1 php53-pcntl-5.3.8-0.23.1 php53-pdo-5.3.8-0.23.1 php53-pear-5.3.8-0.23.1 php53-pgsql-5.3.8-0.23.1 php53-pspell-5.3.8-0.23.1 php53-shmop-5.3.8-0.23.1 php53-snmp-5.3.8-0.23.1 php53-soap-5.3.8-0.23.1 php53-suhosin-5.3.8-0.23.1 php53-sysvmsg-5.3.8-0.23.1 php53-sysvsem-5.3.8-0.23.1 php53-sysvshm-5.3.8-0.23.1 php53-tokenizer-5.3.8-0.23.1 php53-wddx-5.3.8-0.23.1 php53-xmlreader-5.3.8-0.23.1 php53-xmlrpc-5.3.8-0.23.1 php53-xmlwriter-5.3.8-0.23.1 php53-xsl-5.3.8-0.23.1 php53-zip-5.3.8-0.23.1 php53-zlib-5.3.8-0.23.1 References: http://support.novell.com/security/cve/CVE-2011-4153.html http://support.novell.com/security/cve/CVE-2012-0057.html http://support.novell.com/security/cve/CVE-2012-0807.html http://support.novell.com/security/cve/CVE-2012-0831.html https://bugzilla.novell.com/741520 https://bugzilla.novell.com/741859 https://bugzilla.novell.com/743308 https://bugzilla.novell.com/746661 https://bugzilla.novell.com/749111 http://download.novell.com/patch/finder/?keywords=5921434f37058d8a8c2271862091b332 From sle-updates at lists.suse.com Sat Apr 7 16:08:24 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 8 Apr 2012 00:08:24 +0200 (CEST) Subject: SUSE-RU-2012:0473-1: Recommended update for csync2 Message-ID: <20120407220824.4D1D532188@maintenance.suse.de> SUSE Recommended Update: Recommended update for csync2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0473-1 Rating: low References: #752563 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for csync2 forces debug output off completely when running under xinetd (fixes protocol breakage when target directories don't exist; bnc#752563) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-csync2-6029 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): csync2-1.34-0.6.1 References: https://bugzilla.novell.com/752563 http://download.novell.com/patch/finder/?keywords=17064435fef03b07f4264e8cce047de5 From sle-updates at lists.suse.com Tue Apr 10 14:08:13 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Apr 2012 22:08:13 +0200 (CEST) Subject: SUSE-SU-2012:0478-1: moderate: Security update for OpenSSL Message-ID: <20120410200814.5AA3332192@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0478-1 Rating: moderate References: #748738 #749210 #749213 #751946 Cross-References: CVE-2006-7250 CVE-2012-1165 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: The following security issue has been fixed: * Specially crafted MIME headers could cause OpenSSL's ans1 parser to dereference a NULL pointer leading to a Denial of Service (CVE-2006-7250) or fail verfication (CVE-2012-1165). Additionally, two other bugs have been fixed: * bnc#749213 free() headers after use in error message * bnc#749210 symmetric crypto errors in PKCS7_decrypt Security Issue references: * CVE-2006-7250 * CVE-2012-1165 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): openssl-0.9.8a-18.64.3 openssl-devel-0.9.8a-18.64.3 openssl-doc-0.9.8a-18.64.3 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): openssl-32bit-0.9.8a-18.64.3 openssl-devel-32bit-0.9.8a-18.64.3 - SUSE Linux Enterprise Server 10 SP4 (ia64): openssl-x86-0.9.8a-18.64.3 - SUSE Linux Enterprise Server 10 SP4 (ppc): openssl-64bit-0.9.8a-18.64.3 openssl-devel-64bit-0.9.8a-18.64.3 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): openssl-0.9.8a-18.64.3 openssl-devel-0.9.8a-18.64.3 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): openssl-32bit-0.9.8a-18.64.3 openssl-devel-32bit-0.9.8a-18.64.3 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): openssl-doc-0.9.8a-18.64.3 References: http://support.novell.com/security/cve/CVE-2006-7250.html http://support.novell.com/security/cve/CVE-2012-1165.html https://bugzilla.novell.com/748738 https://bugzilla.novell.com/749210 https://bugzilla.novell.com/749213 https://bugzilla.novell.com/751946 http://download.novell.com/patch/finder/?keywords=f6896f36048d7e8f3d49c12c286ae0d8 From sle-updates at lists.suse.com Tue Apr 10 14:08:16 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Apr 2012 22:08:16 +0200 (CEST) Subject: SUSE-SU-2012:0479-1: moderate: Security update for OpenSSL Message-ID: <20120410200816.8380532188@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0479-1 Rating: moderate References: #748738 #749210 #749213 #751946 #751977 Cross-References: CVE-2006-7250 CVE-2012-0884 CVE-2012-1165 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. It includes one version update. Description: The following security issues have been fixed: * Specially crafted MIME headers could cause openssl's ans1 parser to dereference a NULL pointer leading to a Denial of Service (CVE-2006-7250) or fail verfication (CVE-2012-1165). * The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL was vulnerable to a Million Message Attack (MMA) adaptive chosen ciphertext attack (CVE-2012-0884). Additionally, the following issues have been fixed: * bnc#749213 - Free headers after use in error message * bnc#749210 - Symmetric crypto errors in PKCS7_decrypt * bnc#749735 - Memory leak when creating public keys Security Issue references: * CVE-2006-7250 * CVE-2012-1165 * CVE-2012-0884 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libopenssl-devel-6054 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libopenssl-devel-6054 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libopenssl-devel-6054 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libopenssl-devel-6054 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libopenssl-devel-6054 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libopenssl-devel-6054 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libopenssl-devel-6054 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.32.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.32.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.32.1 openssl-0.9.8j-0.32.1 openssl-doc-0.9.8j-0.32.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.32.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 0.9.8j]: libopenssl0_9_8-x86-0.9.8j-0.32.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.32.1 openssl-0.9.8j-0.32.1 openssl-doc-0.9.8j-0.32.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.32.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.32.1 openssl-0.9.8j-0.32.1 openssl-doc-0.9.8j-0.32.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.32.1 - SUSE Linux Enterprise Server 11 SP1 (ia64) [New Version: 0.9.8j]: libopenssl0_9_8-x86-0.9.8j-0.32.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.32.1 openssl-0.9.8j-0.32.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.32.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.32.1 openssl-0.9.8j-0.32.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.32.1 References: http://support.novell.com/security/cve/CVE-2006-7250.html http://support.novell.com/security/cve/CVE-2012-0884.html http://support.novell.com/security/cve/CVE-2012-1165.html https://bugzilla.novell.com/748738 https://bugzilla.novell.com/749210 https://bugzilla.novell.com/749213 https://bugzilla.novell.com/751946 https://bugzilla.novell.com/751977 http://download.novell.com/patch/finder/?keywords=5c8a36f85c32f7d2796329c6695e45e9 From sle-updates at lists.suse.com Wed Apr 11 11:08:18 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2012 19:08:18 +0200 (CEST) Subject: SUSE-SU-2012:0481-1: moderate: Security update for LibreOffice Message-ID: <20120411170818.AB5CD3219A@maintenance.suse.de> SUSE Security Update: Security update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0481-1 Rating: moderate References: #417818 #621739 #653688 #655408 #657909 #677811 #685123 #693238 #693388 #695479 #699334 #703032 #704274 #705949 #705956 #705977 #705985 #705991 #706138 #706792 #707157 #714787 #715094 #715104 #715115 #715543 #717290 #718227 #718971 #719887 #719989 #720443 #720948 #722045 #722644 #722918 #726152 #726174 #727504 #728559 #728603 #733864 #734734 #735533 #736495 #737190 #737921 #738113 #740032 #740117 #740453 #741182 #742178 #746996 #747471 #748198 #748548 Cross-References: CVE-2012-0037 CVE-2012-1149 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 55 fixes is now available. It includes one version update. Description: The update fixes the following security issues: * 740453: Vulnerability in RDF handling (CVE-2012-0037) * 752595: overflow in jpeg handling (CVE-2012-1149) This update also fixes the following non-security issues: Extras: * add SUSE color palette (fate#312645) Filters: * crash when loading embedded elements (bnc#693238) * crash when importing an empty paragraph (rh#667082) * more on bentConnectors (bnc#736495) * wrong text color in smartArt (bnc#746996) * reading of w:textbox contents (bnc#693388) * textbox position and size DOCX import (fdo#45560) * RTF/DOCX import of transparent frames (bnc#695479) * consecutive frames in RTF/DOCX import (bnc#703032) * handling of frame properties in RTF import (bnc#417818) * force imported XLSX active tab to be shown (bnc#748198) * create TableManager for inside shapes (bnc#747471, bnc#693238) * textboxes import with OLE objects inside (bnc#747471, bnc#693238) * table style (bnc#705991) * text rotation fixes (bnc#734734) * crash in PPTX import (bnc#706792) * read w:sdt* contents (bnc#705949) * connector shape fixes (bnc#719989) * legacy fragment import (bnc#699334) * non-working Excel macros (bnc#705977) * free drawn curves import (bnc#657909) * group shape transformations (bnc#621739) * extLst of drawings in diagrams import (bnc#655408) * flip properties of custom shapes import (bnc#705985) * line spacing is used from previous values (bnc#734734) * missing ooxml customshape->mso shape name entries (bnc#737921) * word doesn't break the numberings and prefers hiding them (bnc#707157) Base: * iterator misuse (fdo #44040, bnc#742178) Writer: * do not use an invalidated iterator (fdo#46337) * field refreshing (fdo#39694) * more layout crashers (i#101776, fdo#39510) * textbox borders style and width in DOCX import (fdo#45560) * expand all text fields when setting properties (fdo#42073) * version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1) * SmartArt import * custom shapes import * Oracle Java 1.7.0 detection * reading AES-encrypted ODF 1.2 documents as generated by LO 3.5 * frame selection (bnc#740117) * crash when editing index (bnc#726174) * order database properties (bnc#740032) * numbering levels in DOC import (bnc#715115) * image size issue in DOC import (bnc#718971) * pointless forward moving of a table (bnc#706138) * tabs set after the end margin in DOCX import (bnc#693238) * add hyperlinks by default in Table of Contents (bnc#705956) Calc: * pie charts colors messed in XLS import (fdo#40320) * correctly import data point formats in data series (fdo#40320) Components: * crash when parsing XML signatures (fdo#39657) * broken getDataArray (fdo#46165, fdo#38441, i#117010) * don't paint a frame around the list of edit boxes (fdo#42543) * inconsistent compression method for encrypted documents (bnc#653688) * allow pasting to multiple ranges (bnc#715094) * correctly convert chart data ranges (bnc#727504) * definedName corruption for XLSX export (bnc#741182) * adjust/shrink the ranges while copying (bnc#677811) * extra graph data is displayed for label (bnc#717290) * getCellRangeByName failure for named range (bnc#738113) * graph in XLS file has dates displayed wrong (bnc#720443) * improve performance of large Excel documents (bnc#715104) * display page background color/image properly (bnc#722045) * pivot table output becoming empty on re-save (bnc#715543) * encode virtual paths to local volume correctly (bnc#719887) * avoid adjusting cell-anchored objects on other sheets (bnc#726152) * make sure to adjust the sheet index of drawing objects (bnc#733864) * make the data validation popup more reliable (fdo #36851, bnc#737190) Impress: * do not create an empty slide when printing handouts (fdo#31966) * undo corruption (bnc#685123) * do not set duplicate master slide names (bnc#735533) Libraries: * default shortcut for .uno:SearchDialog should be Ctrl+H * crash using instances dialog of dataform navigator (fdo#44816) * disable problematic reading of external entities in raptor * correctly calculate leap year * use proper Indian Rupee currency symbol U+20B9 (rh#794679) * handle copy and paste from ConsoleOne (bnc#704274) * VBA control events not working, broken eventattacher (bnc#718227) * "General Error" when double-click graphic in presentation (bnc#720948) * upgrade graphite to 1.0.3 fix surrogate support * crash at exit (bnc#728603) * radial gradient offset (bnc#714787) * horizontal scrollbars with KDE oxygen style (bnc#722918) * rendering of metafiles embedded in EMF+ (updated) (bnc#705956) Postprocess: * make the 3D transitions work again (bnc#728559) URE: * make Duden Korrektor 5 and 6 work General: * add compat symlinks for the old main desktop icon (bnc#724087) * Fix tooltips are all black in KDE4 (bnc#723074, fdo#40461) * do-not-display-math-in-desktop-menu.diff: do not display math in desktop menu (fdo#41681) * desktop-submenu.diff: display LO application in the right desktop submenu (bnc#718694) * bash-completion-for-loffice.diff: define bash completion for 'loffice' wrapper (bnc#719656) * svx-globlmn-hrc-build-dep.diff: fix build dependency problem in svx * Update gdocs extension to version 3.0.0; needed to make it working with the current Google Docs interface Security Issue references: * CVE-2012-1149 * CVE-2012-0037 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libreoffice-345-6003 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libreoffice-345-6003 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libreoffice-345-6003 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libreoffice-345-6003 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 3.4.5.5]: libreoffice-3.4.5.5-0.3.1 libreoffice-base-3.4.5.5-0.3.1 libreoffice-base-drivers-postgresql-3.4.5.5-0.3.1 libreoffice-base-extensions-3.4.5.5-0.3.1 libreoffice-calc-3.4.5.5-0.3.1 libreoffice-calc-extensions-3.4.5.5-0.3.1 libreoffice-draw-3.4.5.5-0.3.1 libreoffice-draw-extensions-3.4.5.5-0.3.1 libreoffice-filters-optional-3.4.5.5-0.3.1 libreoffice-gnome-3.4.5.5-0.3.1 libreoffice-impress-3.4.5.5-0.3.1 libreoffice-impress-extensions-3.4.5.5-0.3.1 libreoffice-kde-3.4.5.5-0.3.1 libreoffice-kde4-3.4.5.5-0.3.1 libreoffice-l10n-prebuilt-3.4.5.5-0.3.1 libreoffice-mailmerge-3.4.5.5-0.3.1 libreoffice-math-3.4.5.5-0.3.1 libreoffice-mono-3.4.5.5-0.3.1 libreoffice-officebean-3.4.5.5-0.3.1 libreoffice-pyuno-3.4.5.5-0.3.1 libreoffice-sdk-3.4.5.5-0.3.1 libreoffice-testtool-3.4.5.5-0.3.1 libreoffice-writer-3.4.5.5-0.3.1 libreoffice-writer-extensions-3.4.5.5-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (noarch) [New Version: 3.4.5.5]: libreoffice-branding-upstream-3.4.5.5-0.3.1 libreoffice-help-cs-3.4.5.5-0.3.1 libreoffice-help-da-3.4.5.5-0.3.1 libreoffice-help-de-3.4.5.5-0.3.1 libreoffice-help-en-GB-3.4.5.5-0.3.1 libreoffice-help-en-US-3.4.5.5-0.3.1 libreoffice-help-es-3.4.5.5-0.3.1 libreoffice-help-fr-3.4.5.5-0.3.1 libreoffice-help-gu-IN-3.4.5.5-0.3.1 libreoffice-help-hi-IN-3.4.5.5-0.3.1 libreoffice-help-hu-3.4.5.5-0.3.1 libreoffice-help-it-3.4.5.5-0.3.1 libreoffice-help-ja-3.4.5.5-0.3.1 libreoffice-help-ko-3.4.5.5-0.3.1 libreoffice-help-nl-3.4.5.5-0.3.1 libreoffice-help-pl-3.4.5.5-0.3.1 libreoffice-help-pt-3.4.5.5-0.3.1 libreoffice-help-pt-BR-3.4.5.5-0.3.1 libreoffice-help-ru-3.4.5.5-0.3.1 libreoffice-help-sv-3.4.5.5-0.3.1 libreoffice-help-zh-CN-3.4.5.5-0.3.1 libreoffice-help-zh-TW-3.4.5.5-0.3.1 libreoffice-icon-themes-3.4.5.5-0.3.1 libreoffice-l10n-af-3.4.5.5-0.3.1 libreoffice-l10n-ar-3.4.5.5-0.3.1 libreoffice-l10n-ca-3.4.5.5-0.3.1 libreoffice-l10n-cs-3.4.5.5-0.3.1 libreoffice-l10n-da-3.4.5.5-0.3.1 libreoffice-l10n-de-3.4.5.5-0.3.1 libreoffice-l10n-el-3.4.5.5-0.3.1 libreoffice-l10n-en-GB-3.4.5.5-0.3.1 libreoffice-l10n-es-3.4.5.5-0.3.1 libreoffice-l10n-fi-3.4.5.5-0.3.1 libreoffice-l10n-fr-3.4.5.5-0.3.1 libreoffice-l10n-gu-IN-3.4.5.5-0.3.1 libreoffice-l10n-hi-IN-3.4.5.5-0.3.1 libreoffice-l10n-hu-3.4.5.5-0.3.1 libreoffice-l10n-it-3.4.5.5-0.3.1 libreoffice-l10n-ja-3.4.5.5-0.3.1 libreoffice-l10n-ko-3.4.5.5-0.3.1 libreoffice-l10n-nb-3.4.5.5-0.3.1 libreoffice-l10n-nl-3.4.5.5-0.3.1 libreoffice-l10n-nn-3.4.5.5-0.3.1 libreoffice-l10n-pl-3.4.5.5-0.3.1 libreoffice-l10n-pt-3.4.5.5-0.3.1 libreoffice-l10n-pt-BR-3.4.5.5-0.3.1 libreoffice-l10n-ru-3.4.5.5-0.3.1 libreoffice-l10n-sk-3.4.5.5-0.3.1 libreoffice-l10n-sv-3.4.5.5-0.3.1 libreoffice-l10n-xh-3.4.5.5-0.3.1 libreoffice-l10n-zh-CN-3.4.5.5-0.3.1 libreoffice-l10n-zh-TW-3.4.5.5-0.3.1 libreoffice-l10n-zu-3.4.5.5-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 3.4.5.5]: libreoffice-3.4.5.5-0.3.1 libreoffice-base-3.4.5.5-0.3.1 libreoffice-base-drivers-postgresql-3.4.5.5-0.3.1 libreoffice-base-extensions-3.4.5.5-0.3.1 libreoffice-calc-3.4.5.5-0.3.1 libreoffice-calc-extensions-3.4.5.5-0.3.1 libreoffice-draw-3.4.5.5-0.3.1 libreoffice-draw-extensions-3.4.5.5-0.3.1 libreoffice-filters-optional-3.4.5.5-0.3.1 libreoffice-gnome-3.4.5.5-0.3.1 libreoffice-impress-3.4.5.5-0.3.1 libreoffice-impress-extensions-3.4.5.5-0.3.1 libreoffice-kde-3.4.5.5-0.3.1 libreoffice-kde4-3.4.5.5-0.3.1 libreoffice-l10n-prebuilt-3.4.5.5-0.3.1 libreoffice-mailmerge-3.4.5.5-0.3.1 libreoffice-math-3.4.5.5-0.3.1 libreoffice-mono-3.4.5.5-0.3.1 libreoffice-officebean-3.4.5.5-0.3.1 libreoffice-pyuno-3.4.5.5-0.3.1 libreoffice-sdk-3.4.5.5-0.3.1 libreoffice-testtool-3.4.5.5-0.3.1 libreoffice-writer-3.4.5.5-0.3.1 libreoffice-writer-extensions-3.4.5.5-0.3.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (noarch) [New Version: 3.4.5.5]: libreoffice-branding-upstream-3.4.5.5-0.3.1 libreoffice-help-cs-3.4.5.5-0.3.1 libreoffice-help-da-3.4.5.5-0.3.1 libreoffice-help-de-3.4.5.5-0.3.1 libreoffice-help-en-GB-3.4.5.5-0.3.1 libreoffice-help-en-US-3.4.5.5-0.3.1 libreoffice-help-es-3.4.5.5-0.3.1 libreoffice-help-fr-3.4.5.5-0.3.1 libreoffice-help-gu-IN-3.4.5.5-0.3.1 libreoffice-help-hi-IN-3.4.5.5-0.3.1 libreoffice-help-hu-3.4.5.5-0.3.1 libreoffice-help-it-3.4.5.5-0.3.1 libreoffice-help-ja-3.4.5.5-0.3.1 libreoffice-help-ko-3.4.5.5-0.3.1 libreoffice-help-nl-3.4.5.5-0.3.1 libreoffice-help-pl-3.4.5.5-0.3.1 libreoffice-help-pt-3.4.5.5-0.3.1 libreoffice-help-pt-BR-3.4.5.5-0.3.1 libreoffice-help-ru-3.4.5.5-0.3.1 libreoffice-help-sv-3.4.5.5-0.3.1 libreoffice-help-zh-CN-3.4.5.5-0.3.1 libreoffice-help-zh-TW-3.4.5.5-0.3.1 libreoffice-icon-themes-3.4.5.5-0.3.1 libreoffice-l10n-af-3.4.5.5-0.3.1 libreoffice-l10n-ar-3.4.5.5-0.3.1 libreoffice-l10n-ca-3.4.5.5-0.3.1 libreoffice-l10n-cs-3.4.5.5-0.3.1 libreoffice-l10n-da-3.4.5.5-0.3.1 libreoffice-l10n-de-3.4.5.5-0.3.1 libreoffice-l10n-el-3.4.5.5-0.3.1 libreoffice-l10n-en-GB-3.4.5.5-0.3.1 libreoffice-l10n-es-3.4.5.5-0.3.1 libreoffice-l10n-fi-3.4.5.5-0.3.1 libreoffice-l10n-fr-3.4.5.5-0.3.1 libreoffice-l10n-gu-IN-3.4.5.5-0.3.1 libreoffice-l10n-hi-IN-3.4.5.5-0.3.1 libreoffice-l10n-hu-3.4.5.5-0.3.1 libreoffice-l10n-it-3.4.5.5-0.3.1 libreoffice-l10n-ja-3.4.5.5-0.3.1 libreoffice-l10n-ko-3.4.5.5-0.3.1 libreoffice-l10n-nb-3.4.5.5-0.3.1 libreoffice-l10n-nl-3.4.5.5-0.3.1 libreoffice-l10n-nn-3.4.5.5-0.3.1 libreoffice-l10n-pl-3.4.5.5-0.3.1 libreoffice-l10n-pt-3.4.5.5-0.3.1 libreoffice-l10n-pt-BR-3.4.5.5-0.3.1 libreoffice-l10n-ru-3.4.5.5-0.3.1 libreoffice-l10n-sk-3.4.5.5-0.3.1 libreoffice-l10n-sv-3.4.5.5-0.3.1 libreoffice-l10n-xh-3.4.5.5-0.3.1 libreoffice-l10n-zh-CN-3.4.5.5-0.3.1 libreoffice-l10n-zh-TW-3.4.5.5-0.3.1 libreoffice-l10n-zu-3.4.5.5-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.4.5.5]: libreoffice-3.4.5.5-0.3.1 libreoffice-base-3.4.5.5-0.3.1 libreoffice-base-drivers-postgresql-3.4.5.5-0.3.1 libreoffice-base-extensions-3.4.5.5-0.3.1 libreoffice-calc-3.4.5.5-0.3.1 libreoffice-calc-extensions-3.4.5.5-0.3.1 libreoffice-draw-3.4.5.5-0.3.1 libreoffice-draw-extensions-3.4.5.5-0.3.1 libreoffice-filters-optional-3.4.5.5-0.3.1 libreoffice-gnome-3.4.5.5-0.3.1 libreoffice-impress-3.4.5.5-0.3.1 libreoffice-impress-extensions-3.4.5.5-0.3.1 libreoffice-kde-3.4.5.5-0.3.1 libreoffice-kde4-3.4.5.5-0.3.1 libreoffice-mailmerge-3.4.5.5-0.3.1 libreoffice-math-3.4.5.5-0.3.1 libreoffice-mono-3.4.5.5-0.3.1 libreoffice-officebean-3.4.5.5-0.3.1 libreoffice-pyuno-3.4.5.5-0.3.1 libreoffice-writer-3.4.5.5-0.3.1 libreoffice-writer-extensions-3.4.5.5-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 3.4.5.5]: libreoffice-help-cs-3.4.5.5-0.3.1 libreoffice-help-da-3.4.5.5-0.3.1 libreoffice-help-de-3.4.5.5-0.3.1 libreoffice-help-en-GB-3.4.5.5-0.3.1 libreoffice-help-en-US-3.4.5.5-0.3.1 libreoffice-help-es-3.4.5.5-0.3.1 libreoffice-help-fr-3.4.5.5-0.3.1 libreoffice-help-gu-IN-3.4.5.5-0.3.1 libreoffice-help-hi-IN-3.4.5.5-0.3.1 libreoffice-help-hu-3.4.5.5-0.3.1 libreoffice-help-it-3.4.5.5-0.3.1 libreoffice-help-ja-3.4.5.5-0.3.1 libreoffice-help-ko-3.4.5.5-0.3.1 libreoffice-help-nl-3.4.5.5-0.3.1 libreoffice-help-pl-3.4.5.5-0.3.1 libreoffice-help-pt-3.4.5.5-0.3.1 libreoffice-help-pt-BR-3.4.5.5-0.3.1 libreoffice-help-ru-3.4.5.5-0.3.1 libreoffice-help-sv-3.4.5.5-0.3.1 libreoffice-help-zh-CN-3.4.5.5-0.3.1 libreoffice-help-zh-TW-3.4.5.5-0.3.1 libreoffice-icon-themes-3.4.5.5-0.3.1 libreoffice-l10n-af-3.4.5.5-0.3.1 libreoffice-l10n-ar-3.4.5.5-0.3.1 libreoffice-l10n-ca-3.4.5.5-0.3.1 libreoffice-l10n-cs-3.4.5.5-0.3.1 libreoffice-l10n-da-3.4.5.5-0.3.1 libreoffice-l10n-de-3.4.5.5-0.3.1 libreoffice-l10n-en-GB-3.4.5.5-0.3.1 libreoffice-l10n-es-3.4.5.5-0.3.1 libreoffice-l10n-fi-3.4.5.5-0.3.1 libreoffice-l10n-fr-3.4.5.5-0.3.1 libreoffice-l10n-gu-IN-3.4.5.5-0.3.1 libreoffice-l10n-hi-IN-3.4.5.5-0.3.1 libreoffice-l10n-hu-3.4.5.5-0.3.1 libreoffice-l10n-it-3.4.5.5-0.3.1 libreoffice-l10n-ja-3.4.5.5-0.3.1 libreoffice-l10n-ko-3.4.5.5-0.3.1 libreoffice-l10n-nb-3.4.5.5-0.3.1 libreoffice-l10n-nl-3.4.5.5-0.3.1 libreoffice-l10n-nn-3.4.5.5-0.3.1 libreoffice-l10n-pl-3.4.5.5-0.3.1 libreoffice-l10n-pt-3.4.5.5-0.3.1 libreoffice-l10n-pt-BR-3.4.5.5-0.3.1 libreoffice-l10n-ru-3.4.5.5-0.3.1 libreoffice-l10n-sk-3.4.5.5-0.3.1 libreoffice-l10n-sv-3.4.5.5-0.3.1 libreoffice-l10n-xh-3.4.5.5-0.3.1 libreoffice-l10n-zh-CN-3.4.5.5-0.3.1 libreoffice-l10n-zh-TW-3.4.5.5-0.3.1 libreoffice-l10n-zu-3.4.5.5-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 3.4.5.5]: libreoffice-3.4.5.5-0.3.1 libreoffice-base-3.4.5.5-0.3.1 libreoffice-base-drivers-postgresql-3.4.5.5-0.3.1 libreoffice-base-extensions-3.4.5.5-0.3.1 libreoffice-calc-3.4.5.5-0.3.1 libreoffice-calc-extensions-3.4.5.5-0.3.1 libreoffice-draw-3.4.5.5-0.3.1 libreoffice-draw-extensions-3.4.5.5-0.3.1 libreoffice-filters-optional-3.4.5.5-0.3.1 libreoffice-gnome-3.4.5.5-0.3.1 libreoffice-impress-3.4.5.5-0.3.1 libreoffice-impress-extensions-3.4.5.5-0.3.1 libreoffice-kde-3.4.5.5-0.3.1 libreoffice-kde4-3.4.5.5-0.3.1 libreoffice-mailmerge-3.4.5.5-0.3.1 libreoffice-math-3.4.5.5-0.3.1 libreoffice-mono-3.4.5.5-0.3.1 libreoffice-officebean-3.4.5.5-0.3.1 libreoffice-pyuno-3.4.5.5-0.3.1 libreoffice-writer-3.4.5.5-0.3.1 libreoffice-writer-extensions-3.4.5.5-0.3.1 - SUSE Linux Enterprise Desktop 11 SP1 (noarch) [New Version: 3.4.5.5]: libreoffice-help-cs-3.4.5.5-0.3.1 libreoffice-help-da-3.4.5.5-0.3.1 libreoffice-help-de-3.4.5.5-0.3.1 libreoffice-help-en-GB-3.4.5.5-0.3.1 libreoffice-help-en-US-3.4.5.5-0.3.1 libreoffice-help-es-3.4.5.5-0.3.1 libreoffice-help-fr-3.4.5.5-0.3.1 libreoffice-help-gu-IN-3.4.5.5-0.3.1 libreoffice-help-hi-IN-3.4.5.5-0.3.1 libreoffice-help-hu-3.4.5.5-0.3.1 libreoffice-help-it-3.4.5.5-0.3.1 libreoffice-help-ja-3.4.5.5-0.3.1 libreoffice-help-ko-3.4.5.5-0.3.1 libreoffice-help-nl-3.4.5.5-0.3.1 libreoffice-help-pl-3.4.5.5-0.3.1 libreoffice-help-pt-3.4.5.5-0.3.1 libreoffice-help-pt-BR-3.4.5.5-0.3.1 libreoffice-help-ru-3.4.5.5-0.3.1 libreoffice-help-sv-3.4.5.5-0.3.1 libreoffice-help-zh-CN-3.4.5.5-0.3.1 libreoffice-help-zh-TW-3.4.5.5-0.3.1 libreoffice-icon-themes-3.4.5.5-0.3.1 libreoffice-l10n-af-3.4.5.5-0.3.1 libreoffice-l10n-ar-3.4.5.5-0.3.1 libreoffice-l10n-ca-3.4.5.5-0.3.1 libreoffice-l10n-cs-3.4.5.5-0.3.1 libreoffice-l10n-da-3.4.5.5-0.3.1 libreoffice-l10n-de-3.4.5.5-0.3.1 libreoffice-l10n-en-GB-3.4.5.5-0.3.1 libreoffice-l10n-es-3.4.5.5-0.3.1 libreoffice-l10n-fi-3.4.5.5-0.3.1 libreoffice-l10n-fr-3.4.5.5-0.3.1 libreoffice-l10n-gu-IN-3.4.5.5-0.3.1 libreoffice-l10n-hi-IN-3.4.5.5-0.3.1 libreoffice-l10n-hu-3.4.5.5-0.3.1 libreoffice-l10n-it-3.4.5.5-0.3.1 libreoffice-l10n-ja-3.4.5.5-0.3.1 libreoffice-l10n-ko-3.4.5.5-0.3.1 libreoffice-l10n-nb-3.4.5.5-0.3.1 libreoffice-l10n-nl-3.4.5.5-0.3.1 libreoffice-l10n-nn-3.4.5.5-0.3.1 libreoffice-l10n-pl-3.4.5.5-0.3.1 libreoffice-l10n-pt-3.4.5.5-0.3.1 libreoffice-l10n-pt-BR-3.4.5.5-0.3.1 libreoffice-l10n-ru-3.4.5.5-0.3.1 libreoffice-l10n-sk-3.4.5.5-0.3.1 libreoffice-l10n-sv-3.4.5.5-0.3.1 libreoffice-l10n-xh-3.4.5.5-0.3.1 libreoffice-l10n-zh-CN-3.4.5.5-0.3.1 libreoffice-l10n-zh-TW-3.4.5.5-0.3.1 libreoffice-l10n-zu-3.4.5.5-0.3.1 References: http://support.novell.com/security/cve/CVE-2012-0037.html http://support.novell.com/security/cve/CVE-2012-1149.html https://bugzilla.novell.com/417818 https://bugzilla.novell.com/621739 https://bugzilla.novell.com/653688 https://bugzilla.novell.com/655408 https://bugzilla.novell.com/657909 https://bugzilla.novell.com/677811 https://bugzilla.novell.com/685123 https://bugzilla.novell.com/693238 https://bugzilla.novell.com/693388 https://bugzilla.novell.com/695479 https://bugzilla.novell.com/699334 https://bugzilla.novell.com/703032 https://bugzilla.novell.com/704274 https://bugzilla.novell.com/705949 https://bugzilla.novell.com/705956 https://bugzilla.novell.com/705977 https://bugzilla.novell.com/705985 https://bugzilla.novell.com/705991 https://bugzilla.novell.com/706138 https://bugzilla.novell.com/706792 https://bugzilla.novell.com/707157 https://bugzilla.novell.com/714787 https://bugzilla.novell.com/715094 https://bugzilla.novell.com/715104 https://bugzilla.novell.com/715115 https://bugzilla.novell.com/715543 https://bugzilla.novell.com/717290 https://bugzilla.novell.com/718227 https://bugzilla.novell.com/718971 https://bugzilla.novell.com/719887 https://bugzilla.novell.com/719989 https://bugzilla.novell.com/720443 https://bugzilla.novell.com/720948 https://bugzilla.novell.com/722045 https://bugzilla.novell.com/722644 https://bugzilla.novell.com/722918 https://bugzilla.novell.com/726152 https://bugzilla.novell.com/726174 https://bugzilla.novell.com/727504 https://bugzilla.novell.com/728559 https://bugzilla.novell.com/728603 https://bugzilla.novell.com/733864 https://bugzilla.novell.com/734734 https://bugzilla.novell.com/735533 https://bugzilla.novell.com/736495 https://bugzilla.novell.com/737190 https://bugzilla.novell.com/737921 https://bugzilla.novell.com/738113 https://bugzilla.novell.com/740032 https://bugzilla.novell.com/740117 https://bugzilla.novell.com/740453 https://bugzilla.novell.com/741182 https://bugzilla.novell.com/742178 https://bugzilla.novell.com/746996 https://bugzilla.novell.com/747471 https://bugzilla.novell.com/748198 https://bugzilla.novell.com/748548 http://download.novell.com/patch/finder/?keywords=1a8fb2e9276ccf1deba126d3b76e404c From sle-updates at lists.suse.com Wed Apr 11 11:08:20 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2012 19:08:20 +0200 (CEST) Subject: SUSE-RU-2012:0482-1: Recommended update for ghostscript Message-ID: <20120411170820.EB5E632192@maintenance.suse.de> SUSE Recommended Update: Recommended update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0482-1 Rating: low References: #635004 #649207 #726092 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for ghostscript-library fixes a regression in Ghostscript 8.62 where it did no longer use fonts specified via FONTPATH=/path/to/font when they are not considered to be resource fonts. In addition, the following low impact security fixes are included: * CVE-2009-3743: Off-by-one error in the TrueType bytecode interpreter in Ghostscript before 8.71 allowed remote attackers to cause a denial of service (heap memory corruption) via a malformed TrueType font in a document. * CVE-2010-4054: The gs_type2_interpret function in Ghostscript allowed remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream. Security Issue references: * CVE-2009-3743 * CVE-2010-4054 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-ghostscript-devel-5916 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-ghostscript-devel-5916 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-ghostscript-devel-5916 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-ghostscript-devel-5916 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-ghostscript-devel-5916 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-ghostscript-devel-5916 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-ghostscript-devel-5916 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): ghostscript-devel-8.62-32.32.1 ghostscript-ijs-devel-8.62-32.32.1 libgimpprint-devel-4.2.7-32.32.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): ghostscript-devel-8.62-32.32.1 ghostscript-ijs-devel-8.62-32.32.1 libgimpprint-devel-4.2.7-32.32.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ghostscript-fonts-other-8.62-32.32.1 ghostscript-fonts-rus-8.62-32.32.1 ghostscript-fonts-std-8.62-32.32.1 ghostscript-library-8.62-32.32.1 ghostscript-omni-8.62-32.32.1 ghostscript-x11-8.62-32.32.1 libgimpprint-4.2.7-32.32.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): ghostscript-fonts-other-8.62-32.32.1 ghostscript-fonts-rus-8.62-32.32.1 ghostscript-fonts-std-8.62-32.32.1 ghostscript-library-8.62-32.32.1 ghostscript-omni-8.62-32.32.1 ghostscript-x11-8.62-32.32.1 libgimpprint-4.2.7-32.32.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): ghostscript-fonts-other-8.62-32.32.1 ghostscript-fonts-rus-8.62-32.32.1 ghostscript-fonts-std-8.62-32.32.1 ghostscript-library-8.62-32.32.1 ghostscript-omni-8.62-32.32.1 ghostscript-x11-8.62-32.32.1 libgimpprint-4.2.7-32.32.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ghostscript-fonts-other-8.62-32.32.1 ghostscript-fonts-rus-8.62-32.32.1 ghostscript-fonts-std-8.62-32.32.1 ghostscript-library-8.62-32.32.1 ghostscript-omni-8.62-32.32.1 ghostscript-x11-8.62-32.32.1 libgimpprint-4.2.7-32.32.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): ghostscript-fonts-other-8.62-32.32.1 ghostscript-fonts-rus-8.62-32.32.1 ghostscript-fonts-std-8.62-32.32.1 ghostscript-library-8.62-32.32.1 ghostscript-omni-8.62-32.32.1 ghostscript-x11-8.62-32.32.1 libgimpprint-4.2.7-32.32.1 References: http://support.novell.com/security/cve/CVE-2009-3743.html http://support.novell.com/security/cve/CVE-2010-4054.html https://bugzilla.novell.com/635004 https://bugzilla.novell.com/649207 https://bugzilla.novell.com/726092 http://download.novell.com/patch/finder/?keywords=d32438d017a666c248f87a90698dda0a From sle-updates at lists.suse.com Wed Apr 11 12:08:17 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2012 20:08:17 +0200 (CEST) Subject: SUSE-SU-2012:0483-1: important: Security update for freetype2 Message-ID: <20120411180817.A447C3219A@maintenance.suse.de> SUSE Security Update: Security update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0483-1 Rating: important References: #750937 #750938 #750939 #750940 #750941 #750943 #750945 #750946 #750947 #750948 #750949 #750950 #750951 #750952 #750953 #750955 Cross-References: CVE-2012-1126 CVE-2012-1127 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: Specially crafted font files could have caused buffer overflows in freetype. This has been fixed. Security Issue references: * CVE-2012-1129 * CVE-2012-1127 * CVE-2012-1138 * CVE-2012-1131 * CVE-2012-1141 * CVE-2012-1132 * CVE-2012-1139 * CVE-2012-1137 * CVE-2012-1126 * CVE-2012-1142 * CVE-2012-1130 * CVE-2012-1136 * CVE-2012-1143 * CVE-2012-1133 * CVE-2012-1135 * CVE-2012-1134 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): freetype2-2.1.10-18.29.6 freetype2-devel-2.1.10-18.29.6 ft2demos-2.1.10-19.29.2 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): freetype2-32bit-2.1.10-18.29.6 freetype2-devel-32bit-2.1.10-18.29.6 - SUSE Linux Enterprise Server 10 SP4 (ia64): freetype2-x86-2.1.10-18.29.6 - SUSE Linux Enterprise Server 10 SP4 (ppc): freetype2-64bit-2.1.10-18.29.6 freetype2-devel-64bit-2.1.10-18.29.6 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): freetype2-2.1.10-18.29.6 freetype2-devel-2.1.10-18.29.6 ft2demos-2.1.10-19.29.2 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): freetype2-32bit-2.1.10-18.29.6 freetype2-devel-32bit-2.1.10-18.29.6 References: http://support.novell.com/security/cve/CVE-2012-1126.html http://support.novell.com/security/cve/CVE-2012-1127.html http://support.novell.com/security/cve/CVE-2012-1129.html http://support.novell.com/security/cve/CVE-2012-1130.html http://support.novell.com/security/cve/CVE-2012-1131.html http://support.novell.com/security/cve/CVE-2012-1132.html http://support.novell.com/security/cve/CVE-2012-1133.html http://support.novell.com/security/cve/CVE-2012-1134.html http://support.novell.com/security/cve/CVE-2012-1135.html http://support.novell.com/security/cve/CVE-2012-1136.html http://support.novell.com/security/cve/CVE-2012-1137.html http://support.novell.com/security/cve/CVE-2012-1138.html http://support.novell.com/security/cve/CVE-2012-1139.html http://support.novell.com/security/cve/CVE-2012-1141.html http://support.novell.com/security/cve/CVE-2012-1142.html http://support.novell.com/security/cve/CVE-2012-1143.html https://bugzilla.novell.com/750937 https://bugzilla.novell.com/750938 https://bugzilla.novell.com/750939 https://bugzilla.novell.com/750940 https://bugzilla.novell.com/750941 https://bugzilla.novell.com/750943 https://bugzilla.novell.com/750945 https://bugzilla.novell.com/750946 https://bugzilla.novell.com/750947 https://bugzilla.novell.com/750948 https://bugzilla.novell.com/750949 https://bugzilla.novell.com/750950 https://bugzilla.novell.com/750951 https://bugzilla.novell.com/750952 https://bugzilla.novell.com/750953 https://bugzilla.novell.com/750955 http://download.novell.com/patch/finder/?keywords=1726216ecdcd5bf2aac95567fbb683f1 From sle-updates at lists.suse.com Wed Apr 11 13:08:18 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2012 21:08:18 +0200 (CEST) Subject: SUSE-SU-2012:0484-1: important: Security update for freetype2 Message-ID: <20120411190818.B6B2832189@maintenance.suse.de> SUSE Security Update: Security update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0484-1 Rating: important References: #750937 #750938 #750939 #750940 #750941 #750942 #750943 #750944 #750945 #750946 #750947 #750948 #750949 #750950 #750951 #750952 #750953 #750954 #750955 Cross-References: CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: Specially crafted font files could have caused buffer overflows in freetype. This has been fixed. Security Issue references: * CVE-2012-1129 * CVE-2012-1127 * CVE-2012-1140 * CVE-2012-1138 * CVE-2012-1131 * CVE-2012-1141 * CVE-2012-1132 * CVE-2012-1139 * CVE-2012-1137 * CVE-2012-1126 * CVE-2012-1142 * CVE-2012-1128 * CVE-2012-1130 * CVE-2012-1136 * CVE-2012-1143 * CVE-2012-1133 * CVE-2012-1135 * CVE-2012-1144 * CVE-2012-1134 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-freetype2-6052 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-freetype2-6052 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-freetype2-6052 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-freetype2-6052 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-freetype2-6052 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-freetype2-6052 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-freetype2-6052 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): freetype2-devel-2.3.7-25.30.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): freetype2-devel-32bit-2.3.7-25.30.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): freetype2-devel-2.3.7-25.30.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): freetype2-devel-32bit-2.3.7-25.30.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): freetype2-2.3.7-25.30.1 ft2demos-2.3.7-25.30.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): freetype2-32bit-2.3.7-25.30.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): freetype2-x86-2.3.7-25.30.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): freetype2-2.3.7-25.30.1 ft2demos-2.3.7-25.30.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): freetype2-32bit-2.3.7-25.30.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): freetype2-2.3.7-25.30.1 ft2demos-2.3.7-25.30.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): freetype2-32bit-2.3.7-25.30.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): freetype2-x86-2.3.7-25.30.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): freetype2-2.3.7-25.30.1 freetype2-devel-2.3.7-25.30.1 ft2demos-2.3.7-25.30.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): freetype2-32bit-2.3.7-25.30.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): freetype2-2.3.7-25.30.1 freetype2-devel-2.3.7-25.30.1 ft2demos-2.3.7-25.30.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): freetype2-32bit-2.3.7-25.30.1 References: http://support.novell.com/security/cve/CVE-2012-1126.html http://support.novell.com/security/cve/CVE-2012-1127.html http://support.novell.com/security/cve/CVE-2012-1128.html http://support.novell.com/security/cve/CVE-2012-1129.html http://support.novell.com/security/cve/CVE-2012-1130.html http://support.novell.com/security/cve/CVE-2012-1131.html http://support.novell.com/security/cve/CVE-2012-1132.html http://support.novell.com/security/cve/CVE-2012-1133.html http://support.novell.com/security/cve/CVE-2012-1134.html http://support.novell.com/security/cve/CVE-2012-1135.html http://support.novell.com/security/cve/CVE-2012-1136.html http://support.novell.com/security/cve/CVE-2012-1137.html http://support.novell.com/security/cve/CVE-2012-1138.html http://support.novell.com/security/cve/CVE-2012-1139.html http://support.novell.com/security/cve/CVE-2012-1140.html http://support.novell.com/security/cve/CVE-2012-1141.html http://support.novell.com/security/cve/CVE-2012-1142.html http://support.novell.com/security/cve/CVE-2012-1143.html http://support.novell.com/security/cve/CVE-2012-1144.html https://bugzilla.novell.com/750937 https://bugzilla.novell.com/750938 https://bugzilla.novell.com/750939 https://bugzilla.novell.com/750940 https://bugzilla.novell.com/750941 https://bugzilla.novell.com/750942 https://bugzilla.novell.com/750943 https://bugzilla.novell.com/750944 https://bugzilla.novell.com/750945 https://bugzilla.novell.com/750946 https://bugzilla.novell.com/750947 https://bugzilla.novell.com/750948 https://bugzilla.novell.com/750949 https://bugzilla.novell.com/750950 https://bugzilla.novell.com/750951 https://bugzilla.novell.com/750952 https://bugzilla.novell.com/750953 https://bugzilla.novell.com/750954 https://bugzilla.novell.com/750955 http://download.novell.com/patch/finder/?keywords=c8333ba8e3ae05779714d7f5c5a5b46d From sle-updates at lists.suse.com Wed Apr 11 15:08:14 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Apr 2012 23:08:14 +0200 (CEST) Subject: SUSE-RU-2012:0485-1: moderate: Recommended update for sg3_utils Message-ID: <20120411210814.D0A9E32192@maintenance.suse.de> SUSE Recommended Update: Recommended update for sg3_utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0485-1 Rating: moderate References: #752659 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds a compatibility symlink for libgsutils.so.1 (bnc#752659). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-sg3_utils-6000 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-sg3_utils-6000 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-sg3_utils-6000 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-sg3_utils-6000 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): sg3_utils-devel-1.31-1.13.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): sg3_utils-1.31-1.13.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): sg3_utils-1.31-1.13.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): sg3_utils-1.31-1.13.1 References: https://bugzilla.novell.com/752659 http://download.novell.com/patch/finder/?keywords=3f9ab4050eb8e25708db33b49040abbf From sle-updates at lists.suse.com Wed Apr 11 16:08:22 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Apr 2012 00:08:22 +0200 (CEST) Subject: SUSE-RU-2012:0486-1: Recommended update for espeak Message-ID: <20120411220822.B184432189@maintenance.suse.de> SUSE Recommended Update: Recommended update for espeak ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0486-1 Rating: low References: #748704 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update to espeak fixes an issue where Orca can make the system unresponsive when silencing speech. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-espeak-6105 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-espeak-6105 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-espeak-6105 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-espeak-6105 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-espeak-6105 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-espeak-6105 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-espeak-6105 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): espeak-devel-1.39-2.32.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): espeak-devel-1.39-2.32.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): espeak-1.39-2.32.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): espeak-1.39-2.32.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): espeak-1.39-2.32.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): espeak-1.39-2.32.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): espeak-1.39-2.32.1 References: https://bugzilla.novell.com/748704 http://download.novell.com/patch/finder/?keywords=6f74585a55c25293708d191f5f6f3a78 From sle-updates at lists.suse.com Thu Apr 12 04:08:19 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Apr 2012 12:08:19 +0200 (CEST) Subject: SUSE-RU-2012:0495-1: Recommended update for libcgroup Message-ID: <20120412100819.DFF19321A4@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcgroup ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0495-1 Rating: low References: #711657 #728330 #728677 #728914 #732638 #752070 #754012 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. It includes one version update. Description: This update for libcgroup1 provides an update to 0.37.1 which includes important fixes for cgroup support: * make it possible to configure disjoint cpusets in cgconfig.conf via comma separated lists (bnc#728677) * Fix cgrulesngd crashing on reload (bnc#728914) * Add a default config file and documentation (bnc#711657) * Fix cgconfig overwriting settings in cgconfig.conf (bnc#658944) * Fix incorrect symlink to pam_cgroup.so (bnc#752070) * Fix inconsistency with cgrules.conf (bnc#732638) * Fix startup failure with NIS groups (bnc#728330) * Fix crash on rules reload (bnc#728914) * Fix handling of certain cgroup configurations (bnc#754012) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libcgroup-devel-6057 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libcgroup-devel-6057 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libcgroup-devel-6057 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libcgroup-devel-6057 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libcgroup-devel-6057 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.37.1]: libcgroup-devel-0.37.1-5.14.3 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 0.37.1]: libcgroup1-0.37.1-5.14.3 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.37.1]: libcgroup-devel-0.37.1-5.14.3 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 0.37.1]: libcgroup1-0.37.1-5.14.3 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.37.1]: libcgroup1-0.37.1-5.14.3 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 0.37.1]: libcgroup1-0.37.1-5.14.3 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.37.1]: libcgroup1-0.37.1-5.14.3 References: https://bugzilla.novell.com/711657 https://bugzilla.novell.com/728330 https://bugzilla.novell.com/728677 https://bugzilla.novell.com/728914 https://bugzilla.novell.com/732638 https://bugzilla.novell.com/752070 https://bugzilla.novell.com/754012 http://download.novell.com/patch/finder/?keywords=906d8c99298718f1540a1b53ecabfbd6 From sle-updates at lists.suse.com Thu Apr 12 04:08:23 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Apr 2012 12:08:23 +0200 (CEST) Subject: SUSE-RU-2012:0441-3: important: Recommended update for coreutils Message-ID: <20120412100823.771AA32192@maintenance.suse.de> SUSE Recommended Update: Recommended update for coreutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0441-3 Rating: important References: #697897 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: A previous security update to coreutils changed su to start shells for "su -c" invocations in a separate session. As this caused interopability issues, this update adds back the old behavior as a non-default option: * either via su -C , which is consistent with how su -c behaved before * or by exporting SU_C_SAME_SESSION=1 as an environment variable before running su(1). Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): coreutils-5.93-22.31.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): coreutils-x86-5.93-22.31.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): coreutils-5.93-22.31.1 References: https://bugzilla.novell.com/697897 http://download.novell.com/patch/finder/?keywords=95f26ef0ff4ff94e7b77f4030635ffa0 From sle-updates at lists.suse.com Thu Apr 12 15:08:13 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Apr 2012 23:08:13 +0200 (CEST) Subject: SUSE-SU-2012:0496-1: important: Security update for PHP5 Message-ID: <20120412210813.8C42A32192@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0496-1 Rating: important References: #699711 #709549 #713652 #728671 #733590 #735613 #736169 #738221 #741520 #741859 #742273 #742806 #743308 #744966 #746661 #749111 Cross-References: CVE-2011-1072 CVE-2011-1466 CVE-2011-2202 CVE-2011-3182 CVE-2011-4153 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057 CVE-2012-0781 CVE-2012-0788 CVE-2012-0789 CVE-2012-0807 CVE-2012-0830 CVE-2012-0831 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has two fixes is now available. It includes one version update. Description: This update of php5 fixes multiple security flaws: * CVE-2011-2202: A php5 upload filename injection was fixed. * CVE-2011-4566: A integer overflow in the EXIF extension was fixed that could be used by attackers to crash the interpreter or potentially read memory * CVE-2011-3182: Multiple NULL pointer dereferences were fixed that could lead to crashes * CVE-2011-1466: An integer overflow in the PHP calendar extension was fixed that could have led to crashes. * CVE-2011-1072: A symlink vulnerability in the PEAR installer could be exploited by local attackers to inject code. * CVE-2011-4153: missing checks of return values could allow remote attackers to cause a denial of service (NULL pointer dereference) * CVE-2011-4885: denial of service via hash collisions * CVE-2012-0057: specially crafted XSLT stylesheets could allow remote attackers to create arbitrary files with arbitrary content * CVE-2012-0781: remote attackers can cause a denial of service via specially crafted input to an application that attempts to perform Tidy::diagnose operations * CVE-2012-0788: applications that use a PDO driver were prone to denial of service flaws which could be exploited remotely * CVE-2012-0789: memory leak in the timezone functionality could allow remote attackers to cause a denial of service (memory consumption) * CVE-2012-0807: a stack based buffer overflow in the php5 Suhosin extension could allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header * CVE-2012-0830: this fixes an incorrect fix for CVE-2011-4885 which could allow remote attackers to execute arbitrary code via a request containing a large number of variables * CVE-2012-0831: temporary changes to the magic_quotes_gpc directive during the importing of environment variables is not properly performed which makes it easier for remote attackers to conduct SQL injections Also the following bugs have been fixed: * allow uploading files bigger than 2GB for 64bit systems [bnc#709549] * amend README.SUSE to discourage using apache module with apache2-worker [bnc#728671] Security Issue references: * CVE-2011-2202 * CVE-2011-4153 * CVE-2011-4885 * CVE-2012-0057 * CVE-2012-0781 * CVE-2012-0788 * CVE-2012-0789 * CVE-2012-0807 * CVE-2012-0830 * CVE-2012-0831 * CVE-2011-4566 * CVE-2011-3182 * CVE-2011-1466 * CVE-2011-1072 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-apache2-mod_php5-5964 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-apache2-mod_php5-5964 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-apache2-mod_php5-5964 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-apache2-mod_php5-5964 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-apache2-mod_php5-5964 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: php5-devel-5.2.14-0.7.30.34.1 php5-imap-5.2.14-0.7.30.34.1 php5-ncurses-5.2.14-0.7.30.34.1 php5-posix-5.2.14-0.7.30.34.1 php5-readline-5.2.14-0.7.30.34.1 php5-sockets-5.2.14-0.7.30.34.1 php5-sqlite-5.2.14-0.7.30.34.1 php5-tidy-5.2.14-0.7.30.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.34.1 php5-5.2.14-0.7.30.34.1 php5-bcmath-5.2.14-0.7.30.34.1 php5-bz2-5.2.14-0.7.30.34.1 php5-calendar-5.2.14-0.7.30.34.1 php5-ctype-5.2.14-0.7.30.34.1 php5-curl-5.2.14-0.7.30.34.1 php5-dba-5.2.14-0.7.30.34.1 php5-dbase-5.2.14-0.7.30.34.1 php5-dom-5.2.14-0.7.30.34.1 php5-exif-5.2.14-0.7.30.34.1 php5-fastcgi-5.2.14-0.7.30.34.1 php5-ftp-5.2.14-0.7.30.34.1 php5-gd-5.2.14-0.7.30.34.1 php5-gettext-5.2.14-0.7.30.34.1 php5-gmp-5.2.14-0.7.30.34.1 php5-hash-5.2.14-0.7.30.34.1 php5-iconv-5.2.14-0.7.30.34.1 php5-json-5.2.14-0.7.30.34.1 php5-ldap-5.2.14-0.7.30.34.1 php5-mbstring-5.2.14-0.7.30.34.1 php5-mcrypt-5.2.14-0.7.30.34.1 php5-mysql-5.2.14-0.7.30.34.1 php5-odbc-5.2.14-0.7.30.34.1 php5-openssl-5.2.14-0.7.30.34.1 php5-pcntl-5.2.14-0.7.30.34.1 php5-pdo-5.2.14-0.7.30.34.1 php5-pear-5.2.14-0.7.30.34.1 php5-pgsql-5.2.14-0.7.30.34.1 php5-pspell-5.2.14-0.7.30.34.1 php5-shmop-5.2.14-0.7.30.34.1 php5-snmp-5.2.14-0.7.30.34.1 php5-soap-5.2.14-0.7.30.34.1 php5-suhosin-5.2.14-0.7.30.34.1 php5-sysvmsg-5.2.14-0.7.30.34.1 php5-sysvsem-5.2.14-0.7.30.34.1 php5-sysvshm-5.2.14-0.7.30.34.1 php5-tokenizer-5.2.14-0.7.30.34.1 php5-wddx-5.2.14-0.7.30.34.1 php5-xmlreader-5.2.14-0.7.30.34.1 php5-xmlrpc-5.2.14-0.7.30.34.1 php5-xmlwriter-5.2.14-0.7.30.34.1 php5-xsl-5.2.14-0.7.30.34.1 php5-zip-5.2.14-0.7.30.34.1 php5-zlib-5.2.14-0.7.30.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: php5-devel-5.2.14-0.7.30.34.1 php5-imap-5.2.14-0.7.30.34.1 php5-ncurses-5.2.14-0.7.30.34.1 php5-posix-5.2.14-0.7.30.34.1 php5-readline-5.2.14-0.7.30.34.1 php5-sockets-5.2.14-0.7.30.34.1 php5-sqlite-5.2.14-0.7.30.34.1 php5-tidy-5.2.14-0.7.30.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.34.1 php5-5.2.14-0.7.30.34.1 php5-bcmath-5.2.14-0.7.30.34.1 php5-bz2-5.2.14-0.7.30.34.1 php5-calendar-5.2.14-0.7.30.34.1 php5-ctype-5.2.14-0.7.30.34.1 php5-curl-5.2.14-0.7.30.34.1 php5-dba-5.2.14-0.7.30.34.1 php5-dbase-5.2.14-0.7.30.34.1 php5-dom-5.2.14-0.7.30.34.1 php5-exif-5.2.14-0.7.30.34.1 php5-fastcgi-5.2.14-0.7.30.34.1 php5-ftp-5.2.14-0.7.30.34.1 php5-gd-5.2.14-0.7.30.34.1 php5-gettext-5.2.14-0.7.30.34.1 php5-gmp-5.2.14-0.7.30.34.1 php5-hash-5.2.14-0.7.30.34.1 php5-iconv-5.2.14-0.7.30.34.1 php5-json-5.2.14-0.7.30.34.1 php5-ldap-5.2.14-0.7.30.34.1 php5-mbstring-5.2.14-0.7.30.34.1 php5-mcrypt-5.2.14-0.7.30.34.1 php5-mysql-5.2.14-0.7.30.34.1 php5-odbc-5.2.14-0.7.30.34.1 php5-openssl-5.2.14-0.7.30.34.1 php5-pcntl-5.2.14-0.7.30.34.1 php5-pdo-5.2.14-0.7.30.34.1 php5-pear-5.2.14-0.7.30.34.1 php5-pgsql-5.2.14-0.7.30.34.1 php5-pspell-5.2.14-0.7.30.34.1 php5-shmop-5.2.14-0.7.30.34.1 php5-snmp-5.2.14-0.7.30.34.1 php5-soap-5.2.14-0.7.30.34.1 php5-suhosin-5.2.14-0.7.30.34.1 php5-sysvmsg-5.2.14-0.7.30.34.1 php5-sysvsem-5.2.14-0.7.30.34.1 php5-sysvshm-5.2.14-0.7.30.34.1 php5-tokenizer-5.2.14-0.7.30.34.1 php5-wddx-5.2.14-0.7.30.34.1 php5-xmlreader-5.2.14-0.7.30.34.1 php5-xmlrpc-5.2.14-0.7.30.34.1 php5-xmlwriter-5.2.14-0.7.30.34.1 php5-xsl-5.2.14-0.7.30.34.1 php5-zip-5.2.14-0.7.30.34.1 php5-zlib-5.2.14-0.7.30.34.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.34.1 php5-5.2.14-0.7.30.34.1 php5-bcmath-5.2.14-0.7.30.34.1 php5-bz2-5.2.14-0.7.30.34.1 php5-calendar-5.2.14-0.7.30.34.1 php5-ctype-5.2.14-0.7.30.34.1 php5-curl-5.2.14-0.7.30.34.1 php5-dba-5.2.14-0.7.30.34.1 php5-dbase-5.2.14-0.7.30.34.1 php5-dom-5.2.14-0.7.30.34.1 php5-exif-5.2.14-0.7.30.34.1 php5-fastcgi-5.2.14-0.7.30.34.1 php5-ftp-5.2.14-0.7.30.34.1 php5-gd-5.2.14-0.7.30.34.1 php5-gettext-5.2.14-0.7.30.34.1 php5-gmp-5.2.14-0.7.30.34.1 php5-hash-5.2.14-0.7.30.34.1 php5-iconv-5.2.14-0.7.30.34.1 php5-json-5.2.14-0.7.30.34.1 php5-ldap-5.2.14-0.7.30.34.1 php5-mbstring-5.2.14-0.7.30.34.1 php5-mcrypt-5.2.14-0.7.30.34.1 php5-mysql-5.2.14-0.7.30.34.1 php5-odbc-5.2.14-0.7.30.34.1 php5-openssl-5.2.14-0.7.30.34.1 php5-pcntl-5.2.14-0.7.30.34.1 php5-pdo-5.2.14-0.7.30.34.1 php5-pear-5.2.14-0.7.30.34.1 php5-pgsql-5.2.14-0.7.30.34.1 php5-pspell-5.2.14-0.7.30.34.1 php5-shmop-5.2.14-0.7.30.34.1 php5-snmp-5.2.14-0.7.30.34.1 php5-soap-5.2.14-0.7.30.34.1 php5-suhosin-5.2.14-0.7.30.34.1 php5-sysvmsg-5.2.14-0.7.30.34.1 php5-sysvsem-5.2.14-0.7.30.34.1 php5-sysvshm-5.2.14-0.7.30.34.1 php5-tokenizer-5.2.14-0.7.30.34.1 php5-wddx-5.2.14-0.7.30.34.1 php5-xmlreader-5.2.14-0.7.30.34.1 php5-xmlrpc-5.2.14-0.7.30.34.1 php5-xmlwriter-5.2.14-0.7.30.34.1 php5-xsl-5.2.14-0.7.30.34.1 php5-zip-5.2.14-0.7.30.34.1 php5-zlib-5.2.14-0.7.30.34.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.34.1 php5-5.2.14-0.7.30.34.1 php5-bcmath-5.2.14-0.7.30.34.1 php5-bz2-5.2.14-0.7.30.34.1 php5-calendar-5.2.14-0.7.30.34.1 php5-ctype-5.2.14-0.7.30.34.1 php5-curl-5.2.14-0.7.30.34.1 php5-dba-5.2.14-0.7.30.34.1 php5-dbase-5.2.14-0.7.30.34.1 php5-dom-5.2.14-0.7.30.34.1 php5-exif-5.2.14-0.7.30.34.1 php5-fastcgi-5.2.14-0.7.30.34.1 php5-ftp-5.2.14-0.7.30.34.1 php5-gd-5.2.14-0.7.30.34.1 php5-gettext-5.2.14-0.7.30.34.1 php5-gmp-5.2.14-0.7.30.34.1 php5-hash-5.2.14-0.7.30.34.1 php5-iconv-5.2.14-0.7.30.34.1 php5-json-5.2.14-0.7.30.34.1 php5-ldap-5.2.14-0.7.30.34.1 php5-mbstring-5.2.14-0.7.30.34.1 php5-mcrypt-5.2.14-0.7.30.34.1 php5-mysql-5.2.14-0.7.30.34.1 php5-odbc-5.2.14-0.7.30.34.1 php5-openssl-5.2.14-0.7.30.34.1 php5-pcntl-5.2.14-0.7.30.34.1 php5-pdo-5.2.14-0.7.30.34.1 php5-pear-5.2.14-0.7.30.34.1 php5-pgsql-5.2.14-0.7.30.34.1 php5-pspell-5.2.14-0.7.30.34.1 php5-shmop-5.2.14-0.7.30.34.1 php5-snmp-5.2.14-0.7.30.34.1 php5-soap-5.2.14-0.7.30.34.1 php5-suhosin-5.2.14-0.7.30.34.1 php5-sysvmsg-5.2.14-0.7.30.34.1 php5-sysvsem-5.2.14-0.7.30.34.1 php5-sysvshm-5.2.14-0.7.30.34.1 php5-tokenizer-5.2.14-0.7.30.34.1 php5-wddx-5.2.14-0.7.30.34.1 php5-xmlreader-5.2.14-0.7.30.34.1 php5-xmlrpc-5.2.14-0.7.30.34.1 php5-xmlwriter-5.2.14-0.7.30.34.1 php5-xsl-5.2.14-0.7.30.34.1 php5-zip-5.2.14-0.7.30.34.1 php5-zlib-5.2.14-0.7.30.34.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.2.14]: apache2-mod_php5-5.2.14-0.7.30.34.1 php5-5.2.14-0.7.30.34.1 php5-bcmath-5.2.14-0.7.30.34.1 php5-bz2-5.2.14-0.7.30.34.1 php5-calendar-5.2.14-0.7.30.34.1 php5-ctype-5.2.14-0.7.30.34.1 php5-curl-5.2.14-0.7.30.34.1 php5-dba-5.2.14-0.7.30.34.1 php5-dbase-5.2.14-0.7.30.34.1 php5-dom-5.2.14-0.7.30.34.1 php5-exif-5.2.14-0.7.30.34.1 php5-fastcgi-5.2.14-0.7.30.34.1 php5-ftp-5.2.14-0.7.30.34.1 php5-gd-5.2.14-0.7.30.34.1 php5-gettext-5.2.14-0.7.30.34.1 php5-gmp-5.2.14-0.7.30.34.1 php5-hash-5.2.14-0.7.30.34.1 php5-iconv-5.2.14-0.7.30.34.1 php5-json-5.2.14-0.7.30.34.1 php5-ldap-5.2.14-0.7.30.34.1 php5-mbstring-5.2.14-0.7.30.34.1 php5-mcrypt-5.2.14-0.7.30.34.1 php5-mysql-5.2.14-0.7.30.34.1 php5-odbc-5.2.14-0.7.30.34.1 php5-openssl-5.2.14-0.7.30.34.1 php5-pcntl-5.2.14-0.7.30.34.1 php5-pdo-5.2.14-0.7.30.34.1 php5-pear-5.2.14-0.7.30.34.1 php5-pgsql-5.2.14-0.7.30.34.1 php5-pspell-5.2.14-0.7.30.34.1 php5-shmop-5.2.14-0.7.30.34.1 php5-snmp-5.2.14-0.7.30.34.1 php5-soap-5.2.14-0.7.30.34.1 php5-suhosin-5.2.14-0.7.30.34.1 php5-sysvmsg-5.2.14-0.7.30.34.1 php5-sysvsem-5.2.14-0.7.30.34.1 php5-sysvshm-5.2.14-0.7.30.34.1 php5-tokenizer-5.2.14-0.7.30.34.1 php5-wddx-5.2.14-0.7.30.34.1 php5-xmlreader-5.2.14-0.7.30.34.1 php5-xmlrpc-5.2.14-0.7.30.34.1 php5-xmlwriter-5.2.14-0.7.30.34.1 php5-xsl-5.2.14-0.7.30.34.1 php5-zip-5.2.14-0.7.30.34.1 php5-zlib-5.2.14-0.7.30.34.1 References: http://support.novell.com/security/cve/CVE-2011-1072.html http://support.novell.com/security/cve/CVE-2011-1466.html http://support.novell.com/security/cve/CVE-2011-2202.html http://support.novell.com/security/cve/CVE-2011-3182.html http://support.novell.com/security/cve/CVE-2011-4153.html http://support.novell.com/security/cve/CVE-2011-4566.html http://support.novell.com/security/cve/CVE-2011-4885.html http://support.novell.com/security/cve/CVE-2012-0057.html http://support.novell.com/security/cve/CVE-2012-0781.html http://support.novell.com/security/cve/CVE-2012-0788.html http://support.novell.com/security/cve/CVE-2012-0789.html http://support.novell.com/security/cve/CVE-2012-0807.html http://support.novell.com/security/cve/CVE-2012-0830.html http://support.novell.com/security/cve/CVE-2012-0831.html https://bugzilla.novell.com/699711 https://bugzilla.novell.com/709549 https://bugzilla.novell.com/713652 https://bugzilla.novell.com/728671 https://bugzilla.novell.com/733590 https://bugzilla.novell.com/735613 https://bugzilla.novell.com/736169 https://bugzilla.novell.com/738221 https://bugzilla.novell.com/741520 https://bugzilla.novell.com/741859 https://bugzilla.novell.com/742273 https://bugzilla.novell.com/742806 https://bugzilla.novell.com/743308 https://bugzilla.novell.com/744966 https://bugzilla.novell.com/746661 https://bugzilla.novell.com/749111 http://download.novell.com/patch/finder/?keywords=778ae960c062031cb692b8c0c4a67400 From sle-updates at lists.suse.com Fri Apr 13 09:08:13 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Apr 2012 17:08:13 +0200 (CEST) Subject: SUSE-RU-2012:0497-1: Recommended update for crmsh, hawk, pacemaker Message-ID: <20120413150813.6A9163219A@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh, hawk, pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0497-1 Rating: low References: #752241 #752242 #752269 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update for pacemaker, crmsh and hawk provides the following changes: * Update Hawk to show ticket status and configure rsc_ticket constraints for Geo clustering. * Pacemaker support for granting/revoking tickets with crm_simulate, add confirmation prompt to crm_ticket, support tickets in standby state for graceful relinquishment. * Update crmsh support for tickets The changes in detail are: crmsh: * drop dependency on python-xdg (lives in SDK repo) * move user files to standard locations (XDG) * site: ticket standby and activate commands * cibstatus: ticket management * site: update interface to crm_ticket * cibconf: use uname instead of id when listing nodes (cl#5043) * ra: use only effective UID when choosing RA interface * ra: always use lrmadmin with glue 1.0.10 (cl#5036) * upstream cs: 9569a7f283cb hawk: * GUI: summary_view, simulator: Support standby/activate tickets (bnc#752242) * GUI: simulator: Sort ticket names in inject dialog * Misc: Cib model: Look for ticket state in "/cib/status/tickets/ticket_state" * Build: Bump spec file version to 0.5.2 * GUI: summary_view: show last granted time for tickets * GUI: summary_view: Allow viewing details of all tickets, nodes, resources simultaneously * GUI: summary_view: Right align item counts * GUI: simulator: Support granting/revoking tickets * GUI: Constraints: Add arrows to ticket constraint display, show loss policy in constraint list * Misc: Cib model: Pick up tickets from rsc_ticket constraints in addition to status section * GUI: summary_view: Show ticket status * GUI: Add ability to configure ticket constraints * Misc: Cib model: Skip pending monitor ops * Misc: Update copyright date in footer * Build: Actually die if "rake makemo" fails * Misc: Remove obsolete .hu msgids * Misc: Workaround deprecated Gem.all_load_paths error * Misc: Suppress ror-sec-scanner false positives pacemaker: * Resolve coverity RESOURCE_LEAK, REVERSE_INULL and UNREACHABLE defects * Tools: crm_simulate - Support to grant/revoke/standby/activate tickets from the new ticket state section (bnc#752241) * Tools: Add crm_ticket to be profiled by valgrind * Tools: crm_ticket - Display the tickets that are referenced in rsc_ticket constraints but have never been granted yet (bnc#752241) * Tools: crm_mon - Support to display tickets (bnc#752242) * PE: Move the ticket state section to "/cib/status/tickets/ticket_state" (bnc#752241) * PE: Support to make tickets standby for relinquishing tickets gracefully (bnc#752241) * Tools: Implement a new crm_ticket (bnc#752241) * Tools: Update CLI regression tests for the new crm_ticket * Tools: Add CLI regression tests for ticket standby state * PE: Update regression tests for the new ticket state section * PE: Support to make tickets standby for relinquishing tickets gracefully (regression tests) * Tools: crm_ticket - Granting/revoking tickets need user to confirm unless "--force" option is used (bnc#752269) * Tools: Implement the support of granting/revoking tickets for crm_simulate (bnc#752241) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-pacemaker-ticket-support-6069 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.5.2]: crmsh-1.1.0-0.17.3 hawk-0.5.2-0.5.1 hawk-templates-0.5.2-0.5.1 libpacemaker-devel-1.1.6-1.29.1 libpacemaker3-1.1.6-1.29.1 pacemaker-1.1.6-1.29.1 References: https://bugzilla.novell.com/752241 https://bugzilla.novell.com/752242 https://bugzilla.novell.com/752269 http://download.novell.com/patch/finder/?keywords=1e183e2502322b409e0553884014b7e3 From sle-updates at lists.suse.com Fri Apr 13 10:08:15 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Apr 2012 18:08:15 +0200 (CEST) Subject: SUSE-RU-2012:0498-1: Recommended update for cluster-glue Message-ID: <20120413160815.ADF8C321A8@maintenance.suse.de> SUSE Recommended Update: Recommended update for cluster-glue ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0498-1 Rating: low References: #750049 #752231 #753562 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update to cluster-glue provides the following changes: * clplumbing: cl_msg: increase max message size to 512Kb * clplumbing: cl_msg: increase compression threshold * clplumbing: cl_msg: don't use traditional compression by default * clplumbing: cl_msg: try compressing message before rejecting it as too big * clplumbing: load bz2 compression module by default * clplumbing: ipc: fix message size checks (bnc#752231) * stonith: external/vcenter: return list of configured hosts on gethosts * LRM: lrmd: add basic authentication (lf#2547) * LRM: lrmd: if set, get max-children from the LRMD_MAX_CHILDREN environment var * hb_report: add /etc/booth/booth.conf to the list of configurations (bnc#750049) * add dependency on perl-TimeDate for hb_report (bnc#753562) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-cluster-glue-6051 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-glue-1.0.9-0.35.1 libglue-devel-1.0.9-0.35.1 libglue2-1.0.9-0.35.1 References: https://bugzilla.novell.com/750049 https://bugzilla.novell.com/752231 https://bugzilla.novell.com/753562 http://download.novell.com/patch/finder/?keywords=7ae783eb9ba9feb141bca8396e925851 From sle-updates at lists.suse.com Fri Apr 13 11:08:14 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Apr 2012 19:08:14 +0200 (CEST) Subject: SUSE-RU-2012:0499-1: moderate: Recommended update for ksh Message-ID: <20120413170814.D64BC321CD@maintenance.suse.de> SUSE Recommended Update: Recommended update for ksh ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0499-1 Rating: moderate References: #743244 #744355 #744589 #744992 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. It includes one version update. Description: This update for ksh fixes the following reports: * 743244: job control failure when backgrounding processes * 744355: builtin ulimit fails sporadically * 744589: Fix memory leak, crashes, weirdness * 744992: Fix segfault on %0s Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-ksh-5879 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-ksh-5879 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-ksh-5879 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-ksh-5879 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-ksh-5879 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-ksh-5879 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-ksh-5879 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 93u]: ksh-devel-93u-0.8.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 93u]: ksh-devel-93u-0.8.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 93u]: ksh-93u-0.8.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 93u]: ksh-93u-0.8.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 93u]: ksh-93u-0.8.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 93u]: ksh-93u-0.13.1 ksh-devel-93u-0.13.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 93u]: ksh-93u-0.8.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 93u]: ksh-93u-0.8.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 93u]: ksh-93u-0.13.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 93u]: ksh-devel-93u-0.13.1 References: https://bugzilla.novell.com/743244 https://bugzilla.novell.com/744355 https://bugzilla.novell.com/744589 https://bugzilla.novell.com/744992 http://download.novell.com/patch/finder/?keywords=ba89d0fdce9a5b0edf8947b03b068c4a http://download.novell.com/patch/finder/?keywords=ee60f2eb15400a60f28bd7a0c2f580a3 From sle-updates at lists.suse.com Sat Apr 14 02:08:16 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Apr 2012 10:08:16 +0200 (CEST) Subject: SUSE-SU-2012:0500-1: critical: Security update for Samba Message-ID: <20120414080816.89539321A8@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0500-1 Rating: critical References: #722663 #732572 #742885 #747906 #752797 Cross-References: CVE-2012-1182 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 10 GPLv3 Extras SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: A remote code execution flaw in Samba has been fixed: * CVE-2012-1182: PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size Also the following bugs have been fixed: * Samba printer name marshalling problems (bnc#722663) * mount.cifs: properly update mtab during remount (bnc#747906) * s3: compile IDL files in autogen, some configure tests need this. * Fix incorrect types in the full audit VFS module. Add null terminators to audit log enums (bnc#742885) * Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572). Security Issue reference: * CVE-2012-1182 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-cifs-mount-6124 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-cifs-mount-6124 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-cifs-mount-6124 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-cifs-mount-6124 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-cifs-mount-6124 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-cifs-mount-6124 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libnetapi-devel-3.4.3-1.38.1 libnetapi0-3.4.3-1.38.1 libsmbclient-devel-3.4.3-1.38.1 libsmbsharemodes-devel-3.4.3-1.38.1 libsmbsharemodes0-3.4.3-1.38.1 libtalloc-devel-3.4.3-1.38.1 libtdb-devel-3.4.3-1.38.1 libwbclient-devel-3.4.3-1.38.1 samba-devel-3.4.3-1.38.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): cifs-mount-3.4.3-1.38.1 libtalloc1-3.4.3-1.38.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libtalloc1-32bit-3.4.3-1.38.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libtalloc1-x86-3.4.3-1.38.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): cifs-mount-3.4.3-1.38.1 ldapsmb-1.34b-11.28.38.1 libsmbclient0-3.4.3-1.38.1 libtalloc1-3.4.3-1.38.1 libtdb1-3.4.3-1.38.1 libwbclient0-3.4.3-1.38.1 samba-3.4.3-1.38.1 samba-client-3.4.3-1.38.1 samba-krb-printing-3.4.3-1.38.1 samba-winbind-3.4.3-1.38.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libsmbclient0-32bit-3.4.3-1.38.1 libtalloc1-32bit-3.4.3-1.38.1 libtdb1-32bit-3.4.3-1.38.1 libwbclient0-32bit-3.4.3-1.38.1 samba-32bit-3.4.3-1.38.1 samba-client-32bit-3.4.3-1.38.1 samba-winbind-32bit-3.4.3-1.38.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (noarch): samba-doc-3.4.3-1.38.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): cifs-mount-3.4.3-1.38.1 ldapsmb-1.34b-11.28.38.1 libsmbclient0-3.4.3-1.38.1 libtalloc1-3.4.3-1.38.1 libtdb1-3.4.3-1.38.1 libwbclient0-3.4.3-1.38.1 samba-3.4.3-1.38.1 samba-client-3.4.3-1.38.1 samba-krb-printing-3.4.3-1.38.1 samba-winbind-3.4.3-1.38.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libsmbclient0-32bit-3.4.3-1.38.1 libtalloc1-32bit-3.4.3-1.38.1 libtdb1-32bit-3.4.3-1.38.1 libwbclient0-32bit-3.4.3-1.38.1 samba-32bit-3.4.3-1.38.1 samba-client-32bit-3.4.3-1.38.1 samba-winbind-32bit-3.4.3-1.38.1 - SUSE Linux Enterprise Server 11 SP1 (noarch): samba-doc-3.4.3-1.38.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libsmbclient0-x86-3.4.3-1.38.1 libtalloc1-x86-3.4.3-1.38.1 libtdb1-x86-3.4.3-1.38.1 libwbclient0-x86-3.4.3-1.38.1 samba-client-x86-3.4.3-1.38.1 samba-winbind-x86-3.4.3-1.38.1 samba-x86-3.4.3-1.38.1 - SUSE Linux Enterprise Server 10 GPLv3 Extras (i586 ia64 ppc s390x x86_64): libnetapi-devel-3.4.3-0.41.1 libnetapi0-3.4.3-0.41.1 libtalloc-devel-3.4.3-0.41.1 libtalloc1-3.4.3-0.41.1 libtdb-devel-3.4.3-0.41.1 libtdb1-3.4.3-0.41.1 libwbclient-devel-3.4.3-0.41.1 libwbclient0-3.4.3-0.41.1 samba-gplv3-3.4.3-0.41.1 samba-gplv3-client-3.4.3-0.41.1 samba-gplv3-krb-printing-3.4.3-0.41.1 samba-gplv3-winbind-3.4.3-0.41.1 - SUSE Linux Enterprise Server 10 GPLv3 Extras (noarch): samba-gplv3-doc-3.4.3-0.41.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): cifs-mount-3.4.3-1.38.1 libtalloc1-3.4.3-1.38.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libtalloc1-32bit-3.4.3-1.38.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): cifs-mount-3.4.3-1.38.1 libsmbclient0-3.4.3-1.38.1 libtalloc1-3.4.3-1.38.1 libtdb1-3.4.3-1.38.1 libwbclient0-3.4.3-1.38.1 samba-3.4.3-1.38.1 samba-client-3.4.3-1.38.1 samba-krb-printing-3.4.3-1.38.1 samba-winbind-3.4.3-1.38.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libsmbclient0-32bit-3.4.3-1.38.1 libtalloc1-32bit-3.4.3-1.38.1 libtdb1-32bit-3.4.3-1.38.1 libwbclient0-32bit-3.4.3-1.38.1 samba-32bit-3.4.3-1.38.1 samba-client-32bit-3.4.3-1.38.1 samba-winbind-32bit-3.4.3-1.38.1 - SUSE Linux Enterprise Desktop 11 SP1 (noarch): samba-doc-3.4.3-1.38.1 References: http://support.novell.com/security/cve/CVE-2012-1182.html https://bugzilla.novell.com/722663 https://bugzilla.novell.com/732572 https://bugzilla.novell.com/742885 https://bugzilla.novell.com/747906 https://bugzilla.novell.com/752797 http://download.novell.com/patch/finder/?keywords=3bd8f1f0b7951916141df8d3c918f1a5 http://download.novell.com/patch/finder/?keywords=a26eb82dd0f2acd52392bd054ba1ef36 From sle-updates at lists.suse.com Sat Apr 14 02:08:19 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Apr 2012 10:08:19 +0200 (CEST) Subject: SUSE-SU-2012:0501-1: critical: Security update for Samba Message-ID: <20120414080819.27B5F321A8@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0501-1 Rating: critical References: #752797 Cross-References: CVE-2012-1182 Affected Products: SUSE Linux Enterprise Server 10 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: A remote code execution flaw in Samba has been fixed: * CVE-2012-1182: PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size Security Issue reference: * CVE-2012-1182 Package List: - SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64) [New Version: 3.0.32]: cifs-mount-3.0.32-0.22.1 libmsrpc-3.0.32-0.22.1 libmsrpc-devel-3.0.32-0.22.1 libsmbclient-3.0.32-0.22.1 libsmbclient-devel-3.0.32-0.22.1 samba-3.0.32-0.22.1 samba-client-3.0.32-0.22.1 samba-krb-printing-3.0.32-0.22.1 samba-python-3.0.32-0.22.1 samba-vscan-0.3.6b-42.85.22.1 samba-winbind-3.0.32-0.22.1 - SUSE Linux Enterprise Server 10 SP2 (s390x x86_64) [New Version: 3.0.32]: libsmbclient-32bit-3.0.32-0.22.1 samba-32bit-3.0.32-0.22.1 samba-client-32bit-3.0.32-0.22.1 samba-winbind-32bit-3.0.32-0.22.1 - SUSE Linux Enterprise Server 10 SP2 (noarch) [New Version: 3.0.32]: samba-doc-3.0.32-0.22.1 References: http://support.novell.com/security/cve/CVE-2012-1182.html https://bugzilla.novell.com/752797 http://download.novell.com/patch/finder/?keywords=5b844721c4336f27fc2fd229115daaf1 From sle-updates at lists.suse.com Sat Apr 14 05:08:15 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Apr 2012 13:08:15 +0200 (CEST) Subject: SUSE-SU-2012:0502-1: critical: Security update for Samba Message-ID: <20120414110815.75E5532235@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0502-1 Rating: critical References: #732395 #741854 #743986 #746825 #747934 #751454 #752797 Cross-References: CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: The following issues have been fixed in samba: * CVE-2012-1182: PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size * CVE-2012-0870: Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions * CVE-2012-0817: Fix memory leak in parent smbd on connection Also the following non-security bugs have been fixed: * s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). * Correctly handle DENY ACEs when privileges apply; (bso#8797). * s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). * Allow vfs_aio_pthread to build as a static module; (bso#8723). * s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). * s3: segfault in dom_sid_compare(bso#8567). * Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). * s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). * s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). * Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784). * Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454). * Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854). * s3-printing: fix crash in printer_list_set_printer(); (bso#8762); (bnc#746825). * s3:winbindd fix a return code check; (bso#8406). * s3: Add rmdir operation to streams_depot; (bso#8733). * s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738). * s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739). Security Issue references: * CVE-2012-1182 * CVE-2012-0870 * CVE-2012-0817 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ldapsmb-6120 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ldapsmb-6120 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ldapsmb-6120 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ldapsmb-6120 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.20.1 libnetapi-devel-3.6.3-0.20.1 libnetapi0-3.6.3-0.20.1 libsmbclient-devel-3.6.3-0.20.1 libsmbsharemodes-devel-3.6.3-0.20.1 libsmbsharemodes0-3.6.3-0.20.1 libtalloc-devel-3.6.3-0.20.1 libtdb-devel-3.6.3-0.20.1 libtevent-devel-3.6.3-0.20.1 libwbclient-devel-3.6.3-0.20.1 samba-devel-3.6.3-0.20.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ldapsmb-1.34b-12.20.1 libldb1-3.6.3-0.20.1 libsmbclient0-3.6.3-0.20.1 libtalloc2-3.6.3-0.20.1 libtdb1-3.6.3-0.20.1 libtevent0-3.6.3-0.20.1 libwbclient0-3.6.3-0.20.1 samba-3.6.3-0.20.1 samba-client-3.6.3-0.20.1 samba-krb-printing-3.6.3-0.20.1 samba-winbind-3.6.3-0.20.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.20.1 libtalloc2-32bit-3.6.3-0.20.1 libtdb1-32bit-3.6.3-0.20.1 libwbclient0-32bit-3.6.3-0.20.1 samba-32bit-3.6.3-0.20.1 samba-client-32bit-3.6.3-0.20.1 samba-winbind-32bit-3.6.3-0.20.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): samba-doc-3.6.3-0.20.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.20.1 libldb1-3.6.3-0.20.1 libsmbclient0-3.6.3-0.20.1 libtalloc2-3.6.3-0.20.1 libtdb1-3.6.3-0.20.1 libtevent0-3.6.3-0.20.1 libwbclient0-3.6.3-0.20.1 samba-3.6.3-0.20.1 samba-client-3.6.3-0.20.1 samba-krb-printing-3.6.3-0.20.1 samba-winbind-3.6.3-0.20.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.20.1 libtalloc2-32bit-3.6.3-0.20.1 libtdb1-32bit-3.6.3-0.20.1 libwbclient0-32bit-3.6.3-0.20.1 samba-32bit-3.6.3-0.20.1 samba-client-32bit-3.6.3-0.20.1 samba-winbind-32bit-3.6.3-0.20.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): samba-doc-3.6.3-0.20.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libsmbclient0-x86-3.6.3-0.20.1 libtalloc2-x86-3.6.3-0.20.1 libtdb1-x86-3.6.3-0.20.1 libwbclient0-x86-3.6.3-0.20.1 samba-client-x86-3.6.3-0.20.1 samba-winbind-x86-3.6.3-0.20.1 samba-x86-3.6.3-0.20.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libldb1-3.6.3-0.20.1 libsmbclient0-3.6.3-0.20.1 libtalloc2-3.6.3-0.20.1 libtdb1-3.6.3-0.20.1 libtevent0-3.6.3-0.20.1 libwbclient0-3.6.3-0.20.1 samba-3.6.3-0.20.1 samba-client-3.6.3-0.20.1 samba-krb-printing-3.6.3-0.20.1 samba-winbind-3.6.3-0.20.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libldb1-32bit-3.6.3-0.20.1 libsmbclient0-32bit-3.6.3-0.20.1 libtalloc2-32bit-3.6.3-0.20.1 libtdb1-32bit-3.6.3-0.20.1 libtevent0-32bit-3.6.3-0.20.1 libwbclient0-32bit-3.6.3-0.20.1 samba-32bit-3.6.3-0.20.1 samba-client-32bit-3.6.3-0.20.1 samba-winbind-32bit-3.6.3-0.20.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): samba-doc-3.6.3-0.20.1 References: http://support.novell.com/security/cve/CVE-2012-0817.html http://support.novell.com/security/cve/CVE-2012-0870.html http://support.novell.com/security/cve/CVE-2012-1182.html https://bugzilla.novell.com/732395 https://bugzilla.novell.com/741854 https://bugzilla.novell.com/743986 https://bugzilla.novell.com/746825 https://bugzilla.novell.com/747934 https://bugzilla.novell.com/751454 https://bugzilla.novell.com/752797 http://download.novell.com/patch/finder/?keywords=1525022a16d67e6a299e19313c5d8357 From sle-updates at lists.suse.com Sat Apr 14 06:08:15 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Apr 2012 14:08:15 +0200 (CEST) Subject: SUSE-RU-2012:0503-1: Recommended update for sleha-bootstrap and yast2-cluster Message-ID: <20120414120815.3F3B1321CD@maintenance.suse.de> SUSE Recommended Update: Recommended update for sleha-bootstrap and yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0503-1 Rating: low References: #752410 #752831 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update to sleha-bootstrap adds the following fixes: * Merge root's ssh known_hosts when joining a new node (bnc#752410) * change Booth config file to /etc/booth/booth.conf * Fix init_firewall() to gracefully handle absence of corosync.conf * Split out network portion of log_start() into init_network() * Quieten service_is_on. * Add /etc/sysconfig/booth to default csync2 file list * Ensure csync2.cfg is sync'd across whole cluster if >2 nodes (bnc#752831) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-sleha-bootstrap-201204-6065 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (noarch): sleha-bootstrap-0.3-0.13.1 yast2-cluster-2.15.0-8.35.4 References: https://bugzilla.novell.com/752410 https://bugzilla.novell.com/752831 http://download.novell.com/patch/finder/?keywords=e85eb96aed2bae42e75ab906b05525cb From sle-updates at lists.suse.com Sat Apr 14 06:08:16 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Apr 2012 14:08:16 +0200 (CEST) Subject: SUSE-SU-2012:0504-1: critical: Security update for Samba Message-ID: <20120414120816.AD461321A8@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0504-1 Rating: critical References: #747906 #752797 Cross-References: CVE-2012-1182 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: A remote code execution flaw in Samba has been fixed: * CVE-2012-1182: PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size Also the following bug has been fixed: * mount.cifs: Properly update mtab during remount; (bnc#747906). Security Issue reference: * CVE-2012-1182 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): cifs-mount-3.0.36-0.13.20.1 ldapsmb-1.34b-25.13.20.1 libmsrpc-3.0.36-0.13.20.1 libmsrpc-devel-3.0.36-0.13.20.1 libsmbclient-3.0.36-0.13.20.1 libsmbclient-devel-3.0.36-0.13.20.1 samba-3.0.36-0.13.20.1 samba-client-3.0.36-0.13.20.1 samba-krb-printing-3.0.36-0.13.20.1 samba-python-3.0.36-0.13.20.1 samba-vscan-0.3.6b-43.13.20.1 samba-winbind-3.0.36-0.13.20.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libsmbclient-32bit-3.0.36-0.13.20.1 samba-32bit-3.0.36-0.13.20.1 samba-client-32bit-3.0.36-0.13.20.1 samba-winbind-32bit-3.0.36-0.13.20.1 - SUSE Linux Enterprise Server 10 SP4 (noarch): samba-doc-3.0.36-0.12.20.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): libsmbclient-x86-3.0.36-0.13.20.1 samba-client-x86-3.0.36-0.13.20.1 samba-winbind-x86-3.0.36-0.13.20.1 samba-x86-3.0.36-0.13.20.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): libsmbclient-64bit-3.0.36-0.13.20.1 samba-64bit-3.0.36-0.13.20.1 samba-client-64bit-3.0.36-0.13.20.1 samba-winbind-64bit-3.0.36-0.13.20.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): cifs-mount-3.0.36-0.13.20.1 ldapsmb-1.34b-25.13.20.1 libmsrpc-3.0.36-0.13.20.1 libmsrpc-devel-3.0.36-0.13.20.1 libsmbclient-3.0.36-0.13.20.1 libsmbclient-devel-3.0.36-0.13.20.1 samba-3.0.36-0.13.20.1 samba-client-3.0.36-0.13.20.1 samba-krb-printing-3.0.36-0.13.20.1 samba-python-3.0.36-0.13.20.1 samba-vscan-0.3.6b-43.13.20.1 samba-winbind-3.0.36-0.13.20.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): libsmbclient-32bit-3.0.36-0.13.20.1 samba-32bit-3.0.36-0.13.20.1 samba-client-32bit-3.0.36-0.13.20.1 samba-winbind-32bit-3.0.36-0.13.20.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (noarch): samba-doc-3.0.36-0.12.20.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): cifs-mount-3.0.36-0.13.20.1 ldapsmb-1.34b-25.13.20.1 libsmbclient-3.0.36-0.13.20.1 libsmbclient-devel-3.0.36-0.13.20.1 samba-3.0.36-0.13.20.1 samba-client-3.0.36-0.13.20.1 samba-krb-printing-3.0.36-0.13.20.1 samba-vscan-0.3.6b-43.13.20.1 samba-winbind-3.0.36-0.13.20.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libsmbclient-32bit-3.0.36-0.13.20.1 samba-32bit-3.0.36-0.13.20.1 samba-client-32bit-3.0.36-0.13.20.1 samba-winbind-32bit-3.0.36-0.13.20.1 - SUSE Linux Enterprise Desktop 10 SP4 (noarch): samba-doc-3.0.36-0.12.20.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): libmsrpc-3.0.36-0.13.20.1 libmsrpc-devel-3.0.36-0.13.20.1 libsmbclient-devel-3.0.36-0.13.20.1 libsmbsharemodes-3.0.36-0.13.20.1 libsmbsharemodes-devel-3.0.36-0.13.20.1 samba-python-3.0.36-0.13.20.1 References: http://support.novell.com/security/cve/CVE-2012-1182.html https://bugzilla.novell.com/747906 https://bugzilla.novell.com/752797 http://download.novell.com/patch/finder/?keywords=62cd7ec87ad16e0edc0743bc15673759 http://download.novell.com/patch/finder/?keywords=ddd29165a82cb06a9503d4d188911168 From sle-updates at lists.suse.com Sat Apr 14 06:08:18 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Apr 2012 14:08:18 +0200 (CEST) Subject: SUSE-RU-2012:0505-1: Recommended update for SLE 11 SP2 High Availability documentation Message-ID: <20120414120818.2B71C32235@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLE 11 SP2 High Availability documentation ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0505-1 Rating: low References: #752228 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update to the SLE 11 SP2 High Availability Manuals provides the latest state to support also Geo Clustering (bnc#752228). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-sle-ha-guide_en-pdf-6031 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP2 (noarch): sle-ha-guide_en-pdf-11-0.19.1 sle-ha-manuals_en-11-0.19.1 sle-ha-nfs-quick_en-pdf-11-0.19.1 References: https://bugzilla.novell.com/752228 http://download.novell.com/patch/finder/?keywords=9bbf76a9888f7ca2e9f1cd4fd1a5276f From sle-updates at lists.suse.com Sat Apr 14 06:08:19 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Apr 2012 14:08:19 +0200 (CEST) Subject: SUSE-SU-2012:0501-2: critical: Security update for Samba Message-ID: <20120414120819.4AEB5321CD@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0501-2 Rating: critical References: #752797 Cross-References: CVE-2012-1182 Affected Products: SUSE CORE 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A remote code execution flaw in Samba has been fixed: * CVE-2012-1182: PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size Security Issue reference: * CVE-2012-1182 Package List: - SUSE CORE 9 (i586 s390 s390x x86_64): libsmbclient-3.0.26a-0.23 libsmbclient-devel-3.0.26a-0.23 samba-3.0.26a-0.23 samba-client-3.0.26a-0.23 samba-doc-3.0.26a-0.23 samba-pdb-3.0.26a-0.23 samba-python-3.0.26a-0.23 samba-vscan-0.3.6b-0.51 samba-winbind-3.0.26a-0.23 - SUSE CORE 9 (x86_64): libsmbclient-32bit-9-201204111235 samba-32bit-9-201204111235 samba-client-32bit-9-201204111235 samba-winbind-32bit-9-201204111235 - SUSE CORE 9 (s390x): libsmbclient-32bit-9-201204111252 samba-32bit-9-201204111252 samba-client-32bit-9-201204111252 samba-winbind-32bit-9-201204111252 References: http://support.novell.com/security/cve/CVE-2012-1182.html https://bugzilla.novell.com/752797 http://download.novell.com/patch/finder/?keywords=a2cf0eaa66df512b4acca53cc92c9818 From sle-updates at lists.suse.com Sat Apr 14 12:08:14 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Apr 2012 20:08:14 +0200 (CEST) Subject: SUSE-RU-2012:0506-1: moderate: Recommended update for SUSE Manager Server Message-ID: <20120414180814.34763321A8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0506-1 Rating: moderate References: #672637 #681984 Affected Products: SUSE Manager Client Tools for SLE 11 SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update implement the following new feature: * Deployment of SUSE Studio images Indications: Everybody using SUSE Manager should update Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP1: zypper in -t patch slesctsp1-client-tools-201204-6097 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP1 (i586 ia64 ppc64 s390x x86_64): spacewalk-backend-libs-1.2.74-0.50.2 - SUSE Manager Client Tools for SLE 11 SP1 (noarch): osad-5.9.44-0.16.1 rhn-virtualization-common-5.4.15-0.11.1 rhn-virtualization-host-5.4.15-0.11.1 References: https://bugzilla.novell.com/672637 https://bugzilla.novell.com/681984 http://download.novell.com/patch/finder/?keywords=3aef6e827ff2e4a323acae3bfae42a37 From sle-updates at lists.suse.com Mon Apr 16 09:08:14 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2012 17:08:14 +0200 (CEST) Subject: SUSE-SU-2012:0509-1: moderate: Security update for SUSE Manager Server Message-ID: <20120416150814.C909632296@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0509-1 Rating: moderate References: #681980 #681984 #732538 #751837 #752459 #752467 Cross-References: CVE-2011-1550 CVE-2012-1145 Affected Products: SUSE Manager 1.2 for SLE 11 SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. It includes one version update. Description: This update implement the following new feature: * Deployment of SUSE Studio images This update fixes the following issues: * Rotate logfiles as user nocpulse/wwwrun (CVE-2011-1550) * Fix arbitrary package upload (CVE-2012-1145) * Replace passwords in debug files * Reword All Patches to All Types * Remove the page errata/Overview.do as it is a duplicate of errata/RelevantErrata.do * Add indexes on some database tables * Fix rhnServerNeededView to reflect all errata * Update bootstrap repositories to latest version How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop If the SUSE Manager database is running on the same machine as the SUSE Manager server, this command also stops the SUSE Manager database instance. 3. Apply the patch using either zypper patch or YaST Online Update. 4. If the SUSE Manager database is running on the same machine as your SUSE Manager server, start the database instance with /etc/init.d/oracle-xe start 5. Upgrade the database schema with spacewalk-schema-upgrade 6. Start the Spacewalk service: spacewalk-service start Security Issues: * CVE-2012-1145 * CVE-2011-1550 Indications: Every SUSE Manager user should update Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.2 for SLE 11 SP1: zypper in -t patch sleman12sp1-suse-manager-201204-6141 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.2 for SLE 11 SP1 (x86_64) [New Version: 1.2.74]: spacewalk-backend-1.2.74-0.52.1 spacewalk-backend-app-1.2.74-0.52.1 spacewalk-backend-applet-1.2.74-0.52.1 spacewalk-backend-config-files-1.2.74-0.52.1 spacewalk-backend-config-files-common-1.2.74-0.52.1 spacewalk-backend-config-files-tool-1.2.74-0.52.1 spacewalk-backend-iss-1.2.74-0.52.1 spacewalk-backend-iss-export-1.2.74-0.52.1 spacewalk-backend-libs-1.2.74-0.52.1 spacewalk-backend-package-push-server-1.2.74-0.52.1 spacewalk-backend-server-1.2.74-0.52.1 spacewalk-backend-sql-1.2.74-0.52.1 spacewalk-backend-sql-oracle-1.2.74-0.52.1 spacewalk-backend-tools-1.2.74-0.52.1 spacewalk-backend-xml-export-libs-1.2.74-0.52.1 spacewalk-backend-xmlrpc-1.2.74-0.52.1 spacewalk-backend-xp-1.2.74-0.52.1 spacewalk-branding-1.2.2-0.22.4 spacewalk-client-repository-0.1-0.5.209 spacewalk-client-repository-sle-10-3-0.1-0.7.2 spacewalk-client-repository-sle-10-4-0.1-0.7.2 spacewalk-client-repository-sle-11-1-0.1-0.5.209 - SUSE Manager 1.2 for SLE 11 SP1 (noarch) [New Version: 1.2.74]: nocpulse-common-2.1.19-0.12.3 osa-dispatcher-5.9.44-0.16.3 simple-xml-2.6.2-0.5.4 spacewalk-base-1.2.31-0.37.3 spacewalk-base-minimal-1.2.31-0.37.3 spacewalk-dobby-1.2.31-0.37.3 spacewalk-grail-1.2.31-0.37.3 spacewalk-html-1.2.31-0.37.3 spacewalk-java-1.2.115-0.56.5 spacewalk-java-config-1.2.115-0.56.5 spacewalk-java-lib-1.2.115-0.56.5 spacewalk-java-oracle-1.2.115-0.56.5 spacewalk-pxt-1.2.31-0.37.3 spacewalk-sniglets-1.2.31-0.37.3 spacewalk-taskomatic-1.2.115-0.56.5 susemanager-schema-1.2.74-0.3.3 susestudio-java-client-0.1.2-0.3.4 References: http://support.novell.com/security/cve/CVE-2011-1550.html http://support.novell.com/security/cve/CVE-2012-1145.html https://bugzilla.novell.com/681980 https://bugzilla.novell.com/681984 https://bugzilla.novell.com/732538 https://bugzilla.novell.com/751837 https://bugzilla.novell.com/752459 https://bugzilla.novell.com/752467 http://download.novell.com/patch/finder/?keywords=2693bf7056da7107635b17b003d6f4fb From sle-updates at lists.suse.com Mon Apr 16 09:08:17 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2012 17:08:17 +0200 (CEST) Subject: SUSE-SU-2012:0510-1: moderate: Security update for SUSE Manager Proxy Message-ID: <20120416150817.131C832235@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0510-1 Rating: moderate References: #681980 #681984 Cross-References: CVE-2012-1145 Affected Products: SUSE Manager Proxy 1.2 for SLE 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the following issues: * Rotate logfiles as user nocpulse/wwwrun (CVE-2011-1550) * Update bootstrap repositories to latest version How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: mgr-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: mgr-proxy start Security Issue reference: * CVE-2012-1145 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 1.2 for SLE 11 SP1: zypper in -t patch slemap12sp1-suse-manager-proxy-201204-6101 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 1.2 for SLE 11 SP1 (x86_64): spacewalk-backend-1.2.74-0.50.3 spacewalk-backend-libs-1.2.74-0.50.3 spacewalk-client-repository-0.1-0.5.196 spacewalk-client-repository-sle-10-3-0.1-0.7.2 spacewalk-client-repository-sle-10-4-0.1-0.7.2 spacewalk-client-repository-sle-11-1-0.1-0.5.196 - SUSE Manager Proxy 1.2 for SLE 11 SP1 (noarch): nocpulse-common-2.1.19-0.12.1 osad-5.9.44-0.16.2 spacewalk-proxy-broker-1.2.15-0.13.2 spacewalk-proxy-common-1.2.15-0.13.2 spacewalk-proxy-management-1.2.15-0.13.2 spacewalk-proxy-package-manager-1.2.15-0.13.2 spacewalk-proxy-redirect-1.2.15-0.13.2 References: http://support.novell.com/security/cve/CVE-2012-1145.html https://bugzilla.novell.com/681980 https://bugzilla.novell.com/681984 http://download.novell.com/patch/finder/?keywords=0668f3013aaa83708ee32d1f815cc480 From sle-updates at lists.suse.com Mon Apr 16 12:08:55 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Apr 2012 20:08:55 +0200 (CEST) Subject: SUSE-RU-2012:0513-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20120416180855.7DAE332235@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0513-1 Rating: moderate References: #680630 #710269 #719690 #721128 #722250 #735284 #740982 #742198 #743955 #749418 #750485 Affected Products: SLE CLIENT TOOLS 10 for x86_64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for ia64 SLE CLIENT TOOLS 10 for PPC SLE CLIENT TOOLS 10 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update fixes the following issues: * Provide 'zmd' to aid products requiring this in their release package. * Change duprule generation to ignore uninstallable packages * Enable NTLM authentication * Apply soft locks by name and not per package * Change splitprovides so that they only work on packages that are to be updated * Fix and optimize Pathname ctor and provide testcases * Fix checking mount table * zypper should return nonzero when query matches no package * Fix handling of locked patches * Update zypper man page Security Issue reference: * CVE-2012-1145 Indications: Everybody should update. Package List: - SLE CLIENT TOOLS 10 for x86_64 (x86_64): libzypp-6.37.7-0.5.1 satsolver-tools-0.14.20-0.5.1 spacewalk-backend-libs-1.2.74-0.15.1 zypp-plugin-spacewalk-0.6-0.5.1 zypper-1.3.18-0.5.1 - SLE CLIENT TOOLS 10 for x86_64 (noarch): osad-5.9.44-0.7.1 - SLE CLIENT TOOLS 10 for s390x (noarch): osad-5.9.44-0.7.1 - SLE CLIENT TOOLS 10 for s390x (s390x): libzypp-6.37.7-0.5.1 satsolver-tools-0.14.20-0.5.1 spacewalk-backend-libs-1.2.74-0.15.1 zypp-plugin-spacewalk-0.6-0.5.1 zypper-1.3.18-0.5.1 - SLE CLIENT TOOLS 10 for ia64 (noarch): osad-5.9.44-0.7.1 - SLE CLIENT TOOLS 10 for ia64 (ia64): libzypp-6.37.7-0.5.1 satsolver-tools-0.14.20-0.5.1 spacewalk-backend-libs-1.2.74-0.15.1 zypp-plugin-spacewalk-0.6-0.5.1 zypper-1.3.18-0.5.1 - SLE CLIENT TOOLS 10 for PPC (noarch): osad-5.9.44-0.7.1 - SLE CLIENT TOOLS 10 for PPC (ppc): libzypp-6.37.7-0.5.1 satsolver-tools-0.14.20-0.5.1 spacewalk-backend-libs-1.2.74-0.15.1 zypp-plugin-spacewalk-0.6-0.5.1 zypper-1.3.18-0.5.1 - SLE CLIENT TOOLS 10 (noarch): osad-5.9.44-0.7.1 - SLE CLIENT TOOLS 10 (i586): libzypp-6.37.7-0.5.1 satsolver-tools-0.14.20-0.5.1 spacewalk-backend-libs-1.2.74-0.15.1 zypp-plugin-spacewalk-0.6-0.5.1 zypper-1.3.18-0.5.1 References: http://support.novell.com/security/cve/CVE-2012-1145.html https://bugzilla.novell.com/680630 https://bugzilla.novell.com/710269 https://bugzilla.novell.com/719690 https://bugzilla.novell.com/721128 https://bugzilla.novell.com/722250 https://bugzilla.novell.com/735284 https://bugzilla.novell.com/740982 https://bugzilla.novell.com/742198 https://bugzilla.novell.com/743955 https://bugzilla.novell.com/749418 https://bugzilla.novell.com/750485 http://download.novell.com/patch/finder/?keywords=5914c8b25a0314d33bb7f915850e6780 From sle-updates at lists.suse.com Mon Apr 16 17:08:15 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Apr 2012 01:08:15 +0200 (CEST) Subject: SUSE-RU-2012:0514-1: Recommended update for X.org Message-ID: <20120416230815.14D5032188@maintenance.suse.de> SUSE Recommended Update: Recommended update for X.org ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0514-1 Rating: low References: #743450 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-server fixes a crash of X server at start up with 3-outputs on machines with Intel IvyBridge graphics. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-Xvnc-5867 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-Xvnc-5867 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-Xvnc-5867 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-Xvnc-5867 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.62.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-Xvnc-7.4-27.62.1 xorg-x11-server-7.4-27.62.1 xorg-x11-server-extra-7.4-27.62.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.62.1 xorg-x11-server-7.4-27.62.1 xorg-x11-server-extra-7.4-27.62.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-Xvnc-7.4-27.62.1 xorg-x11-server-7.4-27.62.1 xorg-x11-server-extra-7.4-27.62.1 References: https://bugzilla.novell.com/743450 http://download.novell.com/patch/finder/?keywords=0410456900b494a8e43e4231cfd3c3dc From sle-updates at lists.suse.com Tue Apr 17 07:08:15 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Apr 2012 15:08:15 +0200 (CEST) Subject: SUSE-SU-2012:0515-1: critical: Security update for Samba Message-ID: <20120417130815.CE82832296@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0515-1 Rating: critical References: #732395 #732572 #741854 #743986 #746825 #747934 #751454 #752797 #757080 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: The following issues have been fixed in Samba: * CVE-2012-1182: PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size * CVE-2012-0870: Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions * CVE-2012-0817: Fix memory leak in parent smbd on connection Also the following non-security bugs have been fixed: * s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). * Correctly handle DENY ACEs when privileges apply; (bso#8797). * s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). * Allow vfs_aio_pthread to build as a static module; (bso#8723). * s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). * s3: segfault in dom_sid_compare(bso#8567). * Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). * s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). * s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). * Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784). * Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454). * Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854). * s3-printing: fix crash in printer_list_set_printer(); (bso#8762); (bnc#746825). * s3:winbindd fix a return code check; (bso#8406). * s3: Add rmdir operation to streams_depot; (bso#8733). * s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738). * s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739). * Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572). * Remove all precompiled idl output to ensure any pidl changes take effect; (bnc#757080). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ldapsmb-6145 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ldapsmb-6145 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ldapsmb-6145 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ldapsmb-6145 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.22.1 libnetapi-devel-3.6.3-0.22.1 libnetapi0-3.6.3-0.22.1 libsmbclient-devel-3.6.3-0.22.1 libsmbsharemodes-devel-3.6.3-0.22.1 libsmbsharemodes0-3.6.3-0.22.1 libtalloc-devel-3.6.3-0.22.1 libtdb-devel-3.6.3-0.22.1 libtevent-devel-3.6.3-0.22.1 libwbclient-devel-3.6.3-0.22.1 samba-devel-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ldapsmb-1.34b-12.22.1 libldb1-3.6.3-0.22.1 libsmbclient0-3.6.3-0.22.1 libtalloc2-3.6.3-0.22.1 libtdb1-3.6.3-0.22.1 libtevent0-3.6.3-0.22.1 libwbclient0-3.6.3-0.22.1 samba-3.6.3-0.22.1 samba-client-3.6.3-0.22.1 samba-krb-printing-3.6.3-0.22.1 samba-winbind-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.22.1 libtalloc2-32bit-3.6.3-0.22.1 libtdb1-32bit-3.6.3-0.22.1 libwbclient0-32bit-3.6.3-0.22.1 samba-32bit-3.6.3-0.22.1 samba-client-32bit-3.6.3-0.22.1 samba-winbind-32bit-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): samba-doc-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.22.1 libldb1-3.6.3-0.22.1 libsmbclient0-3.6.3-0.22.1 libtalloc2-3.6.3-0.22.1 libtdb1-3.6.3-0.22.1 libtevent0-3.6.3-0.22.1 libwbclient0-3.6.3-0.22.1 samba-3.6.3-0.22.1 samba-client-3.6.3-0.22.1 samba-krb-printing-3.6.3-0.22.1 samba-winbind-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.22.1 libtalloc2-32bit-3.6.3-0.22.1 libtdb1-32bit-3.6.3-0.22.1 libwbclient0-32bit-3.6.3-0.22.1 samba-32bit-3.6.3-0.22.1 samba-client-32bit-3.6.3-0.22.1 samba-winbind-32bit-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): samba-doc-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libsmbclient0-x86-3.6.3-0.22.1 libtalloc2-x86-3.6.3-0.22.1 libtdb1-x86-3.6.3-0.22.1 libwbclient0-x86-3.6.3-0.22.1 samba-client-x86-3.6.3-0.22.1 samba-winbind-x86-3.6.3-0.22.1 samba-x86-3.6.3-0.22.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libldb1-3.6.3-0.22.1 libsmbclient0-3.6.3-0.22.1 libtalloc2-3.6.3-0.22.1 libtdb1-3.6.3-0.22.1 libtevent0-3.6.3-0.22.1 libwbclient0-3.6.3-0.22.1 samba-3.6.3-0.22.1 samba-client-3.6.3-0.22.1 samba-krb-printing-3.6.3-0.22.1 samba-winbind-3.6.3-0.22.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libldb1-32bit-3.6.3-0.22.1 libsmbclient0-32bit-3.6.3-0.22.1 libtalloc2-32bit-3.6.3-0.22.1 libtdb1-32bit-3.6.3-0.22.1 libtevent0-32bit-3.6.3-0.22.1 libwbclient0-32bit-3.6.3-0.22.1 samba-32bit-3.6.3-0.22.1 samba-client-32bit-3.6.3-0.22.1 samba-winbind-32bit-3.6.3-0.22.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): samba-doc-3.6.3-0.22.1 References: https://bugzilla.novell.com/732395 https://bugzilla.novell.com/732572 https://bugzilla.novell.com/741854 https://bugzilla.novell.com/743986 https://bugzilla.novell.com/746825 https://bugzilla.novell.com/747934 https://bugzilla.novell.com/751454 https://bugzilla.novell.com/752797 https://bugzilla.novell.com/757080 http://download.novell.com/patch/finder/?keywords=fab6ab7c7748d5189f56148ead498705 From sle-updates at lists.suse.com Wed Apr 18 02:08:19 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 10:08:19 +0200 (CEST) Subject: SUSE-SU-2012:0516-1: moderate: Security update for libtiff Message-ID: <20120418080820.AC6B3323C7@maintenance.suse.de> SUSE Security Update: Security update for libtiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0516-1 Rating: moderate References: #753362 Cross-References: CVE-2012-1173 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of tiff fixes an issue where specially crafted tiff files could have triggered an integer overflow which would have lead to a heap-based buffer overflow (CVE-2012-1173). Security Issue reference: * CVE-2012-1173 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libtiff-devel-6106 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libtiff-devel-6106 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libtiff-devel-6106 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libtiff-devel-6106 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libtiff-devel-6106 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libtiff-devel-6106 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libtiff-devel-6106 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.144.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.144.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.144.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.144.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.144.1 tiff-3.8.2-141.144.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.144.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libtiff3-x86-3.8.2-141.144.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): libtiff3-3.8.2-141.144.1 tiff-3.8.2-141.144.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libtiff3-32bit-3.8.2-141.144.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.144.1 tiff-3.8.2-141.144.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.144.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): libtiff3-x86-3.8.2-141.144.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libtiff3-3.8.2-141.144.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libtiff3-32bit-3.8.2-141.144.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): libtiff3-3.8.2-141.144.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libtiff3-32bit-3.8.2-141.144.1 References: http://support.novell.com/security/cve/CVE-2012-1173.html https://bugzilla.novell.com/753362 http://download.novell.com/patch/finder/?keywords=e33207efa2a3f8888d899f11b5a5b1bc From sle-updates at lists.suse.com Wed Apr 18 04:08:20 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 12:08:20 +0200 (CEST) Subject: SUSE-RU-2012:0517-1: Recommended update for SMT 11 Message-ID: <20120418100820.F0B12323CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for SMT 11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0517-1 Rating: low References: #749323 Affected Products: Subscription Management Tool 11 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update enables the Subscription Management Tool 11 to be upgraded to Subscription Management Tool (SMT) 11 Service Pack 2. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool 11: zypper in -t patch slesmtsp0-sle-smt-sp2-upgrade-5903 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool 11 (i586 s390x x86_64): sle-smt-SP2-migration-11-1.1 sle-smt-release-11-1.12 sle-smt-release-cd-11-1.12 References: https://bugzilla.novell.com/749323 http://download.novell.com/patch/finder/?keywords=866fd9105fbebada4fd4ef2c58d7ffeb From sle-updates at lists.suse.com Wed Apr 18 05:08:21 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 13:08:21 +0200 (CEST) Subject: SUSE-FU-2012:0518-1: important: Feature update for libssh2 Message-ID: <20120418110821.4FA69323C7@maintenance.suse.de> SUSE Feature Update: Feature update for libssh2 ______________________________________________________________________________ Announcement ID: SUSE-FU-2012:0518-1 Rating: important References: #756830 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that has one feature fix can now be installed. It includes one version update. Description: This feature update to libssh2_org brings several improvements from the upstream project, including: * Support for the "aes128-ctr", "aes192-ctr", "aes256-ctr" and "arcfour128" ciphers * Performance improvements in SFTP and SCP * Support for the ssh-agent In addition to that some problems were fixed, including a possible application hang when waiting for a remote server to return the results of a command. Patch Instructions: To install this SUSE Feature Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-libssh2-1-6142 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-libssh2-1-6142 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-libssh2-1-6142 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-libssh2-1-6142 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-libssh2-1-6142 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-libssh2-1-6142 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-libssh2-1-6142 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.2.9]: libssh2-devel-1.2.9-4.2.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64) [New Version: 1.2.9]: libssh2-1-32bit-1.2.9-4.2.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.2.9]: libssh2-1-1.2.9-4.2.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ia64) [New Version: 1.2.9]: libssh2-1-x86-1.2.9-4.2.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.2.9]: libssh2-devel-1.2.9-4.2.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ppc64 s390x x86_64) [New Version: 1.2.9]: libssh2-1-32bit-1.2.9-4.2.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 1.2.9]: libssh2-1-1.2.9-4.2.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (ia64) [New Version: 1.2.9]: libssh2-1-x86-1.2.9-4.2.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.2.9]: libssh2-1-1.2.9-4.2.2.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 1.2.9]: libssh2-1-1.2.9-4.2.2.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.2.9]: libssh2-1-1.2.9-4.2.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.2.9]: libssh2-1-1.2.9-4.2.2.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.2.9]: libssh2-1-1.2.9-4.2.2.1 References: https://bugzilla.novell.com/756830 http://download.novell.com/patch/finder/?keywords=0c81807a33cf29a70115ebaa6bd9b42d From sle-updates at lists.suse.com Wed Apr 18 10:08:37 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 18:08:37 +0200 (CEST) Subject: SUSE-SU-2012:0521-1: important: Security update for freetype2 Message-ID: <20120418160837.DB5E3323CB@maintenance.suse.de> SUSE Security Update: Security update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0521-1 Rating: important References: #750937 #750938 #750939 #750940 #750941 #750945 #750946 #750947 #750948 #750949 #750950 #750951 #750952 #750953 #750955 Cross-References: CVE-2012-1126 CVE-2012-1127 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1138 CVE-2012-1139 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 Affected Products: SUSE CORE 9 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: Specially crafted font files could have caused buffer overflows in freetype. This has been fixed. Security Issue references: * CVE-2012-1142 * CVE-2012-1126 * CVE-2012-1130 * CVE-2012-1129 * CVE-2012-1127 * CVE-2012-1138 * CVE-2012-1136 * CVE-2012-1131 * CVE-2012-1143 * CVE-2012-1141 * CVE-2012-1132 * CVE-2012-1133 * CVE-2012-1135 * CVE-2012-1139 * CVE-2012-1134 Package List: - SUSE CORE 9 (i586 s390 s390x x86_64): freetype2-2.1.7-53.27 freetype2-devel-2.1.7-53.27 ft2demos-2.1.7-88.18 - SUSE CORE 9 (x86_64): freetype2-32bit-9-201203291610 freetype2-devel-32bit-9-201203291610 - SUSE CORE 9 (s390x): freetype2-32bit-9-201203291618 freetype2-devel-32bit-9-201203291618 References: http://support.novell.com/security/cve/CVE-2012-1126.html http://support.novell.com/security/cve/CVE-2012-1127.html http://support.novell.com/security/cve/CVE-2012-1129.html http://support.novell.com/security/cve/CVE-2012-1130.html http://support.novell.com/security/cve/CVE-2012-1131.html http://support.novell.com/security/cve/CVE-2012-1132.html http://support.novell.com/security/cve/CVE-2012-1133.html http://support.novell.com/security/cve/CVE-2012-1134.html http://support.novell.com/security/cve/CVE-2012-1135.html http://support.novell.com/security/cve/CVE-2012-1136.html http://support.novell.com/security/cve/CVE-2012-1138.html http://support.novell.com/security/cve/CVE-2012-1139.html http://support.novell.com/security/cve/CVE-2012-1141.html http://support.novell.com/security/cve/CVE-2012-1142.html http://support.novell.com/security/cve/CVE-2012-1143.html https://bugzilla.novell.com/750937 https://bugzilla.novell.com/750938 https://bugzilla.novell.com/750939 https://bugzilla.novell.com/750940 https://bugzilla.novell.com/750941 https://bugzilla.novell.com/750945 https://bugzilla.novell.com/750946 https://bugzilla.novell.com/750947 https://bugzilla.novell.com/750948 https://bugzilla.novell.com/750949 https://bugzilla.novell.com/750950 https://bugzilla.novell.com/750951 https://bugzilla.novell.com/750952 https://bugzilla.novell.com/750953 https://bugzilla.novell.com/750955 http://download.novell.com/patch/finder/?keywords=07580f2d53f7e842f140886bbd54220b From sle-updates at lists.suse.com Wed Apr 18 11:08:24 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 19:08:24 +0200 (CEST) Subject: SUSE-SU-2012:0522-1: important: Security update for Acrobat Reader Message-ID: <20120418170824.F214A323C7@maintenance.suse.de> SUSE Security Update: Security update for Acrobat Reader ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0522-1 Rating: important References: #742126 #756574 Cross-References: CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes two new package versions. Description: Specially crafted PDF files could have caused a denial of service or have lead to the execution of arbitrary code in the context of the user running acroread: * CVE-2012-0774, crafted fonts inside PDFs could allow attackers to cause an integer overflow, resulting in the possibility of arbitrary code execution * CVE-2012-0775, CVE-2012-0777: an issue in acroread's javascript API could allow attackers to cause a denial of service or potentially execute arbitrary code Security Issue references: * CVE-2012-0774 * CVE-2012-0775 * CVE-2012-0777 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-acroread-6138 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-acroread-6138 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 9.4.6]: acroread-cmaps-9.4.6-0.4.2.3 acroread-fonts-ja-9.4.6-0.4.2.3 acroread-fonts-ko-9.4.6-0.4.2.3 acroread-fonts-zh_CN-9.4.6-0.4.2.3 acroread-fonts-zh_TW-9.4.6-0.4.2.3 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.1]: acroread-9.5.1-0.2.1 - SUSE Linux Enterprise Desktop 11 SP1 (noarch) [New Version: 9.4.6]: acroread-cmaps-9.4.6-0.4.2.3 acroread-fonts-ja-9.4.6-0.4.2.3 acroread-fonts-ko-9.4.6-0.4.2.3 acroread-fonts-zh_CN-9.4.6-0.4.2.3 acroread-fonts-zh_TW-9.4.6-0.4.2.3 - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 9.5.1]: acroread-9.5.1-0.2.1 References: http://support.novell.com/security/cve/CVE-2012-0774.html http://support.novell.com/security/cve/CVE-2012-0775.html http://support.novell.com/security/cve/CVE-2012-0777.html https://bugzilla.novell.com/742126 https://bugzilla.novell.com/756574 http://download.novell.com/patch/finder/?keywords=d50fa4600ca02afa4a43a3170e58aa41 From sle-updates at lists.suse.com Wed Apr 18 11:08:29 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 19:08:29 +0200 (CEST) Subject: SUSE-SU-2012:0524-1: important: Security update for Acrobat Reader Message-ID: <20120418170829.DED76323CB@maintenance.suse.de> SUSE Security Update: Security update for Acrobat Reader ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0524-1 Rating: important References: #756574 Cross-References: CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 Affected Products: SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes two new package versions. Description: The Acrobat Reader has been updated to version 9.5.1 to fix the following issues: * CVE-2012-0774: crafted fonts inside PDFs could allow attackers to cause an integer overflow, resulting in the possibility of arbitrary code execution * CVE-2012-0775, CVE-2012-0777: an issue in acroread's javascript API could allowattackers to cause a denial of service or potentially execute arbitrary code Security Issue references: * CVE-2012-0774 * CVE-2012-0775 * CVE-2012-0777 Package List: - SUSE Linux Enterprise Desktop 10 SP4 (noarch) [New Version: 9.4.6]: acroread-cmaps-9.4.6-0.6.1 acroread-fonts-ja-9.4.6-0.6.1 acroread-fonts-ko-9.4.6-0.6.1 acroread-fonts-zh_CN-9.4.6-0.6.1 acroread-fonts-zh_TW-9.4.6-0.6.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 9.5.1]: acroread-9.5.1-0.6.1 References: http://support.novell.com/security/cve/CVE-2012-0774.html http://support.novell.com/security/cve/CVE-2012-0775.html http://support.novell.com/security/cve/CVE-2012-0777.html https://bugzilla.novell.com/756574 http://download.novell.com/patch/finder/?keywords=e0a6a6c45c73e49ff30a650d740a24d0 From sle-updates at lists.suse.com Wed Apr 18 11:08:31 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 19:08:31 +0200 (CEST) Subject: SUSE-SU-2012:0525-1: moderate: Security update for tiff Message-ID: <20120418170831.912AB323CB@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0525-1 Rating: moderate References: #753362 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of tiff fixes an issue where specially crafted tiff files could trigger an integer overflow which leads to a heap-based buffer overflow (CVE-2012-1173). Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): libtiff-3.8.2-5.26.1 libtiff-devel-3.8.2-5.26.1 tiff-3.8.2-5.26.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): libtiff-32bit-3.8.2-5.26.1 libtiff-devel-32bit-3.8.2-5.26.1 - SUSE Linux Enterprise Server 10 SP4 (ia64): libtiff-x86-3.8.2-5.26.1 - SUSE Linux Enterprise Server 10 SP4 (ppc): libtiff-64bit-3.8.2-5.26.1 libtiff-devel-64bit-3.8.2-5.26.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): libtiff-3.8.2-5.26.1 libtiff-devel-3.8.2-5.26.1 tiff-3.8.2-5.26.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): libtiff-32bit-3.8.2-5.26.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): libtiff-devel-3.8.2-5.26.1 - SLE SDK 10 SP4 (s390x x86_64): libtiff-devel-32bit-3.8.2-5.26.1 - SLE SDK 10 SP4 (ppc): libtiff-devel-64bit-3.8.2-5.26.1 References: https://bugzilla.novell.com/753362 http://download.novell.com/patch/finder/?keywords=3c1e26e281f6488d70976e6d76893183 From sle-updates at lists.suse.com Wed Apr 18 14:08:23 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 22:08:23 +0200 (CEST) Subject: SUSE-RU-2012:0526-1: important: Recommended update for augeas Message-ID: <20120418200824.05F76323C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for augeas ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0526-1 Rating: important References: #753624 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update fixes a regression in the previous augeas update which caused atd, kernel and bootloader in /etc/sysconfig to be no longer handled. Additionally, it adds support for more sysconfig entries relevant for high availability setups and the s390x architecture. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-augeas-6136 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-augeas-6136 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-augeas-6136 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-augeas-6136 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-augeas-6136 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-augeas-6136 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-augeas-6136 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): augeas-devel-0.8.1-7.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): augeas-devel-0.8.1-7.18.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.8.1]: augeas-0.8.1-7.18.1 augeas-lenses-0.8.1-7.18.1 libaugeas0-0.8.1-7.18.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 0.8.1]: augeas-0.8.1-7.18.1 augeas-lenses-0.8.1-7.18.1 libaugeas0-0.8.1-7.18.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.8.1]: augeas-0.8.1-7.18.1 augeas-lenses-0.8.1-7.18.1 libaugeas0-0.8.1-7.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.8.1]: libaugeas0-0.8.1-7.18.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 0.8.1]: libaugeas0-0.8.1-7.18.1 References: https://bugzilla.novell.com/753624 http://download.novell.com/patch/finder/?keywords=b6c0ea71455a482e78111693b1c7dac7 From sle-updates at lists.suse.com Wed Apr 18 14:08:25 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 22:08:25 +0200 (CEST) Subject: SUSE-RU-2012:0527-1: important: Recommended update for zmd Message-ID: <20120418200825.97771323CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for zmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0527-1 Rating: important References: #719869 #751782 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for zmd fixes a regression in the previous update where unparseable system wide SSL certificates would cause the daemon to become unresponsible (bnc#751782). In addition, the logrotate script was changed by removing the restart of zmd in the logrotate script, to avoid zmd hanging on rotate (bnc#719869) Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): zmd-7.3.0.0-0.16.1 zmd-devel-7.3.0.0-0.16.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): zmd-7.3.0.0-0.16.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): zmd-devel-7.3.0.0-0.16.1 References: https://bugzilla.novell.com/719869 https://bugzilla.novell.com/751782 http://download.novell.com/patch/finder/?keywords=2e7b0666bedb088dd260df5f0ff7eb73 From sle-updates at lists.suse.com Wed Apr 18 14:08:27 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 22:08:27 +0200 (CEST) Subject: SUSE-RU-2012:0528-1: Recommended update for Satsolver Bindings Message-ID: <20120418200827.1D192323CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for Satsolver Bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0528-1 Rating: low References: #744383 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: When using multiple repositories, Kiwi might fail to resolve all (file-based) package dependencies. This fix enriches the solver context with file information, making the dependency resolution succeed. Indications: Kiwi unable to resolve (file-based) package dependencies Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libsatsolverapp0-5973 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libsatsolverapp0-5973 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libsatsolverapp0-5973 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libsatsolverapp0-5973 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.44.5]: libsatsolverapp0-0.44.5-0.5.8 libsatsolverapp0-devel-0.44.5-0.5.8 ruby-satsolver-0.44.5-0.5.8 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 0.44.5]: perl-satsolver-0.44.5-0.5.8 python-satsolver-0.44.5-0.5.8 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.44.5]: perl-satsolver-0.44.5-0.5.8 python-satsolver-0.44.5-0.5.8 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.44.5]: perl-satsolver-0.44.5-0.5.8 python-satsolver-0.44.5-0.5.8 References: https://bugzilla.novell.com/744383 http://download.novell.com/patch/finder/?keywords=c60e47148cf115e641611bd7a26b9de9 From sle-updates at lists.suse.com Wed Apr 18 15:08:40 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 23:08:40 +0200 (CEST) Subject: SUSE-RU-2012:0529-1: kernel update for SLE11 SP2 Message-ID: <20120418210840.E7457323C7@maintenance.suse.de> SUSE Recommended Update: kernel update for SLE11 SP2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0529-1 Rating: low References: #755667 Affected Products: SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE Linux Enterprise 11 SP2 kernel GA release was shipped without -extra packages. This update provides the extra packages for the SUSE Linux Enterprise 11 SP2 GA release. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.13_0.27-0.10.100 kernel-default-extra-3.0.13-0.27.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.13_0.27-0.10.100 kernel-xen-extra-3.0.13-0.27.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.13_0.27-0.10.100 kernel-ppc64-extra-3.0.13-0.27.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.13_0.27-0.10.100 kernel-pae-extra-3.0.13-0.27.1 References: https://bugzilla.novell.com/755667 http://download.novell.com/patch/finder/?keywords=1feb293298568e7e879a06d26c8accf0 http://download.novell.com/patch/finder/?keywords=8ba71cda81290b213fdbabba16188fd2 http://download.novell.com/patch/finder/?keywords=9d1d7243e3948251d522af06c148d684 http://download.novell.com/patch/finder/?keywords=da7a5e5dd7ad870491f458f382f48f52 http://download.novell.com/patch/finder/?keywords=ebebf9e5e46728111e61c15953a730ad From sle-updates at lists.suse.com Wed Apr 18 15:08:43 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Apr 2012 23:08:43 +0200 (CEST) Subject: SUSE-OU-2012:0530-1: Optional update for python-pyasn1 Message-ID: <20120418210843.60DA4323F5@maintenance.suse.de> SUSE Optional Update: Optional update for python-pyasn1 ______________________________________________________________________________ Announcement ID: SUSE-OU-2012:0530-1 Rating: low References: #755686 Affected Products: SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides python-pyasn1, an implementation of ASN.1 types and codecs in Python programming language. It has been first written to support particular protocol (SNMP) but then generalized to be suitable for a wide range of protocols based on ASN.1 specification. Indications: Every user can install Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-python-pyasn1-6139 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-python-pyasn1-6139 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): python-pyasn1-0.1.2-0.5.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): python-pyasn1-0.1.2-0.5.1 References: https://bugzilla.novell.com/755686 http://download.novell.com/patch/finder/?keywords=b9c5e2f5b46742797765903dc64c8943 From sle-updates at lists.suse.com Wed Apr 18 16:08:49 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Apr 2012 00:08:49 +0200 (CEST) Subject: SUSE-SU-2012:0531-1: Security update for ghostscript Message-ID: <20120418220849.EFAAB323F5@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0531-1 Rating: low References: #545201 #635004 #649207 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of ghostscript fixes two security issues: * CVE-2009-3743: Off-by-one error in the TrueType bytecode interpreter in Ghostscript in SUSE Linux Enterprise 10 and 11 products allows remote attackers to cause a denial of service (heap memory corruption) via a malformed TrueType font in a document. * CVE-2010-4054: The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): ghostscript-fonts-other-8.15.4-16.14.1 ghostscript-fonts-rus-8.15.4-16.14.1 ghostscript-fonts-std-8.15.4-16.14.1 ghostscript-library-8.15.4-16.14.1 ghostscript-omni-8.15.4-16.14.1 ghostscript-x11-8.15.4-16.14.1 libgimpprint-4.2.7-62.14.1 libgimpprint-devel-4.2.7-62.14.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): ghostscript-fonts-other-8.15.4-16.14.1 ghostscript-fonts-std-8.15.4-16.14.1 ghostscript-library-8.15.4-16.14.1 ghostscript-x11-8.15.4-16.14.1 libgimpprint-4.2.7-62.14.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): ghostscript-fonts-rus-8.15.4-16.14.1 ghostscript-omni-8.15.4-16.14.1 libgimpprint-devel-4.2.7-62.14.1 References: https://bugzilla.novell.com/545201 https://bugzilla.novell.com/635004 https://bugzilla.novell.com/649207 http://download.novell.com/patch/finder/?keywords=ed33b07c67b3e3c685b564c2b6d267ec From sle-updates at lists.suse.com Fri Apr 20 03:08:14 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2012 11:08:14 +0200 (CEST) Subject: SUSE-RU-2012:0536-1: Recommended update for icedtea-web Message-ID: <20120420090814.7CF4332403@maintenance.suse.de> SUSE Recommended Update: Recommended update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0536-1 Rating: low References: #750695 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides a new version of open source Java plugin and Java webstart icedtea-web 1.2, which fixes many issues found in previous release including support for Elluminate Live!, Citrix XenApp, Juniper VPN or MindTerm SSH Applet. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-icedtea-web-5948 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.2]: icedtea-web-1.2-0.7.1 References: https://bugzilla.novell.com/750695 http://download.novell.com/patch/finder/?keywords=964ae5f91f39cf1821e9f8852b92fa83 From sle-updates at lists.suse.com Fri Apr 20 03:08:17 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2012 11:08:17 +0200 (CEST) Subject: SUSE-RU-2012:0537-1: important: Recommended update for timezone Message-ID: <20120420090817.1D0B932402@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0537-1 Rating: important References: #748550 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the 2012b timzone update which provides the following important changes: * Cuba has delayed its start of DST by 3 weeks (now starts April 1 rather than March 11) * Chile 2011/2012 and 2012/2013 summer time date adjustments. * Falkland Islands onto permanent summer time (we're assuming for the foreseeable future, though 2012 is all we're fairly certain of.) * Armenia has abolished Summer Time. * Tokelau jumped the International Date Line back last December (just the same as their near neighbour, Samoa). * America/Creston is a new zone for a small area of British Columbia * There will be a leapsecond on 2012-06-30 23:59:60 UTC. Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 2012b]: timezone-2012b-0.5.14 References: https://bugzilla.novell.com/748550 http://download.novell.com/patch/finder/?keywords=5c8a9a923c210535cc9821ff91dc309e From sle-updates at lists.suse.com Fri Apr 20 03:08:18 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2012 11:08:18 +0200 (CEST) Subject: SUSE-RU-2012:0538-1: important: Recommended update for syslog-ng Message-ID: <20120420090818.7F9F9323F5@maintenance.suse.de> SUSE Recommended Update: Recommended update for syslog-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0538-1 Rating: important References: #756036 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of syslog-ng removes the package's logrotate configuration file, which was obsoleted by the latest klogd update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): syslog-ng-1.6.8-20.23.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): syslog-ng-1.6.8-20.23.1 References: https://bugzilla.novell.com/756036 http://download.novell.com/patch/finder/?keywords=240efb105cbde607f06ccaa7eb2ba94a From sle-updates at lists.suse.com Fri Apr 20 11:08:17 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Apr 2012 19:08:17 +0200 (CEST) Subject: SUSE-RU-2012:0536-2: Recommended update for icedtea-web Message-ID: <20120420170817.E30B832402@maintenance.suse.de> SUSE Recommended Update: Recommended update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0536-2 Rating: low References: #750695 Affected Products: SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides a new version of opensource Java plugin and Java webstart icedtea-web 1.2, which fixes many issues found in previous release including support for Elluminate Live!, Citrix XenApp, Juniper VPN or MindTerm SSH Applet. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-icedtea-web-5946 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.2]: icedtea-web-1.2-0.2.1 References: https://bugzilla.novell.com/750695 http://download.novell.com/patch/finder/?keywords=431d8fbeb50397d19e45f9e71c49d140 From sle-updates at lists.suse.com Mon Apr 23 07:08:11 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Apr 2012 15:08:11 +0200 (CEST) Subject: SUSE-SU-2012:0483-2: important: Security update for freetype2 Message-ID: <20120423130811.57BF33240E@maintenance.suse.de> SUSE Security Update: Security update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0483-2 Rating: important References: #750937 #750938 #750939 #750940 #750941 #750943 #750945 #750946 #750947 #750948 #750949 #750950 #750951 #750952 #750953 #750955 Cross-References: CVE-2012-1126 CVE-2012-1127 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: Specially crafted font files could have caused buffer overflows in freetype, which could be exploited for remote code execution. Security Issue references: * CVE-2012-1129 * CVE-2012-1127 * CVE-2012-1138 * CVE-2012-1131 * CVE-2012-1141 * CVE-2012-1132 * CVE-2012-1139 * CVE-2012-1137 * CVE-2012-1126 * CVE-2012-1142 * CVE-2012-1130 * CVE-2012-1136 * CVE-2012-1143 * CVE-2012-1133 * CVE-2012-1135 * CVE-2012-1134 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): freetype2-2.1.10-18.29.17 freetype2-devel-2.1.10-18.29.17 ft2demos-2.1.10-19.29.7 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): freetype2-32bit-2.1.10-18.29.17 freetype2-devel-32bit-2.1.10-18.29.17 References: http://support.novell.com/security/cve/CVE-2012-1126.html http://support.novell.com/security/cve/CVE-2012-1127.html http://support.novell.com/security/cve/CVE-2012-1129.html http://support.novell.com/security/cve/CVE-2012-1130.html http://support.novell.com/security/cve/CVE-2012-1131.html http://support.novell.com/security/cve/CVE-2012-1132.html http://support.novell.com/security/cve/CVE-2012-1133.html http://support.novell.com/security/cve/CVE-2012-1134.html http://support.novell.com/security/cve/CVE-2012-1135.html http://support.novell.com/security/cve/CVE-2012-1136.html http://support.novell.com/security/cve/CVE-2012-1137.html http://support.novell.com/security/cve/CVE-2012-1138.html http://support.novell.com/security/cve/CVE-2012-1139.html http://support.novell.com/security/cve/CVE-2012-1141.html http://support.novell.com/security/cve/CVE-2012-1142.html http://support.novell.com/security/cve/CVE-2012-1143.html https://bugzilla.novell.com/750937 https://bugzilla.novell.com/750938 https://bugzilla.novell.com/750939 https://bugzilla.novell.com/750940 https://bugzilla.novell.com/750941 https://bugzilla.novell.com/750943 https://bugzilla.novell.com/750945 https://bugzilla.novell.com/750946 https://bugzilla.novell.com/750947 https://bugzilla.novell.com/750948 https://bugzilla.novell.com/750949 https://bugzilla.novell.com/750950 https://bugzilla.novell.com/750951 https://bugzilla.novell.com/750952 https://bugzilla.novell.com/750953 https://bugzilla.novell.com/750955 http://download.novell.com/patch/finder/?keywords=79a084c6d12b368701383076dee3e174 From sle-updates at lists.suse.com Mon Apr 23 07:08:13 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Apr 2012 15:08:13 +0200 (CEST) Subject: SUSE-SU-2012:0552-1: important: Security update for cobbler Message-ID: <20120423130813.1901C32409@maintenance.suse.de> SUSE Security Update: Security update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0552-1 Rating: important References: #757062 Cross-References: CVE-2011-4953 Affected Products: SUSE Manager Client Tools for SLE 11 SP1 SUSE Manager 1.2 for SLE 11 SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of cobbler fixes a privilege escalation flaw: * CVE-2011-4953: privilege escalation via unsafe call to yaml.load instead of yaml.safe_load Security Issue reference: * CVE-2011-4953 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP1: zypper in -t patch slesctsp1-cobbler-6153 - SUSE Manager 1.2 for SLE 11 SP1: zypper in -t patch sleman12sp1-cobbler-6153 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP1 (x86_64): koan-2.0.10-0.34.1 - SUSE Manager 1.2 for SLE 11 SP1 (x86_64): cobbler-2.0.10-0.34.1 References: http://support.novell.com/security/cve/CVE-2011-4953.html https://bugzilla.novell.com/757062 http://download.novell.com/patch/finder/?keywords=af48b142adfc83f42d21f36df6ac17a9 From sle-updates at lists.suse.com Mon Apr 23 10:08:17 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Apr 2012 18:08:17 +0200 (CEST) Subject: SUSE-SU-2012:0553-1: important: Security update for freetype2 Message-ID: <20120423160817.288F03240C@maintenance.suse.de> SUSE Security Update: Security update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0553-1 Rating: important References: #619562 #628213 #629447 #633938 #633943 #635692 #647375 #709851 #728044 #730124 #750937 #750938 #750939 #750940 #750941 #750943 #750945 #750946 #750947 #750948 #750949 #750950 #750951 #750952 #750953 #750955 Cross-References: CVE-2010-1797 CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 CVE-2010-2541 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-2895 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 Affected Products: SUSE Linux Enterprise Server 10 SP2 ______________________________________________________________________________ An update that fixes 34 vulnerabilities is now available. Description: Specially crafted font files could have caused buffer overflows in freetype, which could have been exploited for remote code execution. Security Issue references: * CVE-2012-1141 * CVE-2012-1132 * CVE-2012-1138 * CVE-2012-1139 * CVE-2011-2895 * CVE-2012-1130 * CVE-2010-3311 * CVE-2012-1134 * CVE-2010-2805 * CVE-2010-3814 * CVE-2012-1127 * CVE-2012-1126 * CVE-2010-1797 * CVE-2010-3855 * CVE-2010-2497 * CVE-2012-1142 * CVE-2010-3053 * CVE-2012-1133 * CVE-2012-1137 * CVE-2011-3439 * CVE-2012-1136 * CVE-2012-1143 * CVE-2011-3256 * CVE-2012-1129 * CVE-2012-1131 * CVE-2010-3054 * CVE-2012-1135 * CVE-2010-2498 * CVE-2010-2499 * CVE-2010-2500 * CVE-2010-2519 * CVE-2010-2520 * CVE-2010-2527 * CVE-2010-2541 Package List: - SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64): freetype2-2.1.10-18.22.21.25 freetype2-devel-2.1.10-18.22.21.25 ft2demos-2.1.10-19.18.21.7 - SUSE Linux Enterprise Server 10 SP2 (s390x x86_64): freetype2-32bit-2.1.10-18.22.21.25 freetype2-devel-32bit-2.1.10-18.22.21.25 References: http://support.novell.com/security/cve/CVE-2010-1797.html http://support.novell.com/security/cve/CVE-2010-2497.html http://support.novell.com/security/cve/CVE-2010-2498.html http://support.novell.com/security/cve/CVE-2010-2499.html http://support.novell.com/security/cve/CVE-2010-2500.html http://support.novell.com/security/cve/CVE-2010-2519.html http://support.novell.com/security/cve/CVE-2010-2520.html http://support.novell.com/security/cve/CVE-2010-2527.html http://support.novell.com/security/cve/CVE-2010-2541.html http://support.novell.com/security/cve/CVE-2010-2805.html http://support.novell.com/security/cve/CVE-2010-3053.html http://support.novell.com/security/cve/CVE-2010-3054.html http://support.novell.com/security/cve/CVE-2010-3311.html http://support.novell.com/security/cve/CVE-2010-3814.html http://support.novell.com/security/cve/CVE-2010-3855.html http://support.novell.com/security/cve/CVE-2011-2895.html http://support.novell.com/security/cve/CVE-2011-3256.html http://support.novell.com/security/cve/CVE-2011-3439.html http://support.novell.com/security/cve/CVE-2012-1126.html http://support.novell.com/security/cve/CVE-2012-1127.html http://support.novell.com/security/cve/CVE-2012-1129.html http://support.novell.com/security/cve/CVE-2012-1130.html http://support.novell.com/security/cve/CVE-2012-1131.html http://support.novell.com/security/cve/CVE-2012-1132.html http://support.novell.com/security/cve/CVE-2012-1133.html http://support.novell.com/security/cve/CVE-2012-1134.html http://support.novell.com/security/cve/CVE-2012-1135.html http://support.novell.com/security/cve/CVE-2012-1136.html http://support.novell.com/security/cve/CVE-2012-1137.html http://support.novell.com/security/cve/CVE-2012-1138.html http://support.novell.com/security/cve/CVE-2012-1139.html http://support.novell.com/security/cve/CVE-2012-1141.html http://support.novell.com/security/cve/CVE-2012-1142.html http://support.novell.com/security/cve/CVE-2012-1143.html https://bugzilla.novell.com/619562 https://bugzilla.novell.com/628213 https://bugzilla.novell.com/629447 https://bugzilla.novell.com/633938 https://bugzilla.novell.com/633943 https://bugzilla.novell.com/635692 https://bugzilla.novell.com/647375 https://bugzilla.novell.com/709851 https://bugzilla.novell.com/728044 https://bugzilla.novell.com/730124 https://bugzilla.novell.com/750937 https://bugzilla.novell.com/750938 https://bugzilla.novell.com/750939 https://bugzilla.novell.com/750940 https://bugzilla.novell.com/750941 https://bugzilla.novell.com/750943 https://bugzilla.novell.com/750945 https://bugzilla.novell.com/750946 https://bugzilla.novell.com/750947 https://bugzilla.novell.com/750948 https://bugzilla.novell.com/750949 https://bugzilla.novell.com/750950 https://bugzilla.novell.com/750951 https://bugzilla.novell.com/750952 https://bugzilla.novell.com/750953 https://bugzilla.novell.com/750955 http://download.novell.com/patch/finder/?keywords=7476e36b394db4aa52c01037bbfd62ee From sle-updates at lists.suse.com Mon Apr 23 14:08:24 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Apr 2012 22:08:24 +0200 (CEST) Subject: SUSE-SU-2012:0554-1: important: Security update for Linux kernel Message-ID: <20120423200824.6C5E332403@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0554-1 Rating: important References: #624072 #676204 #688996 #703156 #705551 #713148 #714604 #716850 #716971 #718863 #718918 #721587 #722560 #728840 #729247 #730117 #730118 #731387 #732070 #732296 #732908 #733761 #734900 #735909 #738583 #738597 #738679 #739837 #740180 #741824 #742845 #742871 #744315 #744392 #744658 #744795 #745400 #745422 #745424 #745741 #745832 #745867 #745876 #745929 #746373 #746454 #746526 #746579 #746717 #746883 #747071 #747159 #747867 #747878 #747944 #748384 #748456 #748629 #748632 #748827 #748854 #748862 #749049 #749115 #749417 #749543 #749569 #749651 #749787 #749980 #750041 #750079 #750173 #750402 #750426 #750459 #750959 #750995 #751015 #751171 #751322 #751743 #751885 #751903 #751916 #752408 #752484 #752599 #752972 #754052 #756821 Cross-References: CVE-2011-1083 CVE-2011-2494 CVE-2011-4086 CVE-2011-4127 CVE-2011-4131 CVE-2011-4132 CVE-2012-1097 CVE-2012-1146 CVE-2012-1179 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 82 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.26, which fixes a lot of bugs and security issues. The following security issues have been fixed: * CVE-2012-1179: A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm a privileged guest user could crash the kvm host system. * CVE-2011-4127: A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. * CVE-2012-1146: A local attacker could oops the kernel using memory control groups and eventfds. * CVE-2011-1083: Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time. * CVE-2012-1097: The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible. * CVE-2011-2494: Access to the /proc/pid/taskstats file requires root access to avoid side channel (timing keypresses etc.) attacks on other users. * CVE-2011-4086: Fixed a oops in jbd/jbd2 that could be caused by specific filesystem access patterns. * CVE-2011-4131: A malicious NFSv4 server could have caused a oops in the nfsv4 acl handling. * CVE-2011-4132: Fixed a oops in jbd/jbd2 that could be caused by mounting a malicious prepared filesystem. (Also included are all fixes from the 3.0.14 -> 3.0.25 stable kernel updates.) The following non-security issues have been fixed: EFI: * efivars: add missing parameter to efi_pstore_read(). BTRFS: * add a few error cleanups. * btrfs: handle errors when excluding super extents (FATE#306586 bnc#751015). * btrfs: Fix missing goto in btrfs_ioctl_clone. * btrfs: Fixed mishandled -EAGAIN error case from btrfs_split_item (bnc#750459). * btrfs: disallow unequal data/metadata blocksize for mixed block groups (FATE#306586). * btrfs: enhance superblock sanity checks (FATE#306586 bnc#749651). * btrfs: update message levels (FATE#306586). * btrfs 3.3-rc6 updates: o avoid setting ->d_op twice (FATE#306586 bnc#731387). o btrfs: fix wrong information of the directory in the snapshot (FATE#306586). o btrfs: fix race in reada (FATE#306586). o btrfs: do not add both copies of DUP to reada extent tree (FATE#306586). o btrfs: stop silently switching single chunks to raid0 on balance (FATE#306586). o btrfs: fix locking issues in find_parent_nodes() (FATE#306586). o btrfs: fix casting error in scrub reada code (FATE#306586). * btrfs sync with upstream up to 3.3-rc5 (FATE#306586) * btrfs: Sector Size check during Mount * btrfs: avoid positive number with ERR_PTR * btrfs: return the internal error unchanged if btrfs_get_extent_fiemap() call failed for SEEK_DATA/SEEK_HOLE inquiry. * btrfs: fix trim 0 bytes after a device delete * btrfs: do not check DUP chunks twice * btrfs: fix memory leak in load_free_space_cache() * btrfs: delalloc for page dirtied out-of-band in fixup worker * btrfs: fix structs where bitfields and spinlock/atomic share 8B word. * btrfs: silence warning in raid array setup. * btrfs: honor umask when creating subvol root. * btrfs: fix return value check of extent_io_ops. * btrfs: fix deadlock on page lock when doing auto-defragment. * btrfs: check return value of lookup_extent_mapping() correctly. * btrfs: skip states when they does not contain bits to clear. * btrfs: kick out redundant stuff in convert_extent_bit. * btrfs: fix a bug on overcommit stuff. * btrfs: be less strict on finding next node in clear_extent_bit. * btrfs: improve error handling for btrfs_insert_dir_item callers. * btrfs: make sure we update latest_bdev. * btrfs: add extra sanity checks on the path names in btrfs_mksubvol. * btrfs: clear the extent uptodate bits during parent transid failures. * btrfs: increase the global block reserve estimates. * btrfs: fix compiler warnings on 32 bit systems. * Clean up unused code, fix use of error-indicated pointer in transaction teardown (bnc#748854). * btrfs: fix return value check of extent_io_ops. * btrfs: fix deadlock on page lock when doing auto-defragment. * btrfs: check return value of lookup_extent_mapping() correctly. * btrfs: skip states when they does not contain bits to clear. * btrfs: kick out redundant stuff in convert_extent_bit. * btrfs: fix a bug on overcommit stuff. * btrfs: be less strict on finding next node in clear_extent_bit. * btrfs: do not reserve data with extents locked in btrfs_fallocate. * btrfs: avoid positive number with ERR_PTR. * btrfs: return the internal error unchanged if btrfs_get_extent_fiemap() call failed for SEEK_DATA/SEEK_HOLE inquiry. * btrfs: fix trim 0 bytes after a device delete. * btrfs: do not check DUP chunks twice. * btrfs: fix memory leak in load_free_space_cache(). * btrfs: fix permissions of new subvolume (bnc#746373). * btrfs: set ioprio of scrub readahead to idle. * fix logic in condition in BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS * fix incorrect exclusion of superblock from blockgroups (bnc#751743) * patches.suse/btrfs-8059-handle-errors-when-excluding-super-e xtents.patch: fix incorrect default value. * fix aio/dio bio refcounting bnc#718918. * btrfs: fix locking issues in find_parent_nodes() * Btrfs: fix casting error in scrub reada code * patches.suse/btrfs-8059-handle-errors-when-excluding-super-e xtents.patch: Fix uninitialized variable. * btrfs: handle errors from read_tree_block (bnc#748632). * btrfs: push-up errors from btrfs_num_copies (bnc#748632). * patches.suse/btrfs-8059-handle-errors-when-excluding-super-e xtents.patch: disable due to potential corruptions (bnc#751743) XFS: * XFS read/write calls do not generate DMAPI events (bnc#751885). * xfs/dmapi: Remove cached vfsmount (bnc#749417). * xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#716850). NFS: * nfs: Do not allow multiple mounts on same mountpoint when using -o noac (bnc#745422). * lockd: fix arg parsing for grace_period and timeout (bnc#733761). MD: * raid10: Disable recovery when recovery cannot proceed (bnc#751171). * md/bitmap: ensure to load bitmap when creating via sysfs. * md: do not set md arrays to readonly on shutdown (bnc#740180, bnc#713148, bnc#734900). * md: allow last device to be forcibly removed from RAID1/RAID10 (bnc#746717). * md: allow re-add to failed arrays (bnc#746717). * md: Correctly handle read failure from last working device in RAID10 (bnc#746717). * patches.suse/0003-md-raid1-add-failfast-handling-for-writes. patch: Refresh to not crash when handling write error on FailFast devices. bnc#747159 * md/raid10: Fix kernel oops during drive failure (bnc#750995). * patches.suse/md-re-add-to-failed: Update references (bnc#746717). * md/raid10: handle merge_bvec_fn in member devices. * md/raid10 - support resizing some RAID10 arrays. Hyper-V: * update hyperv drivers to 3.3-rc7 and move them out of staging: hv_timesource -> merged into core kernel hv_vmbus -> drivers/hv/hv_vmbus hv_utils -> drivers/hv/hv_utils hv_storvsc -> drivers/scsi/hv_storvsc hv_netvsc -> drivers/net/hyperv/hv_netvsc hv_mousevsc -> drivers/hid/hid-hyperv add compat modalias for hv_mousevsc update supported.conf rename all 333 patches, use msft-hv- and suse-hv- as prefix * net/hyperv: Use netif_tx_disable() instead of netif_stop_queue() when necessary. * net/hyperv: rx_bytes should account the ether header size. * net/hyperv: fix the issue that large packets be dropped under bridge. * net/hyperv: Fix the page buffer when an RNDIS message goes beyond page boundary. * net/hyperv: fix erroneous NETDEV_TX_BUSY use. SCSI: * sd: mark busy sd majors as allocated (bug#744658). * st: expand tape driver ability to write immediate filemarks (bnc#688996). * scsi scan: do not fail scans when host is in recovery (bnc#747867). S/390: * dasd: Implement block timeout handling (bnc#746717). * callhome: fix broken proc interface and activate compid (bnc#748862,LTC#79115). * ctcmpc: use correct idal word list for ctcmpc (bnc#750173,LTC#79264). * Fix recovery in case of concurrent asynchronous deliveries (bnc#748629,LTC#78309). * kernel: 3215 console deadlock (bnc#748629,LTC#78612). * qeth: synchronize discipline module loading (bnc#748629,LTC#78788). * memory hotplug: prevent memory zone interleave (bnc#748629,LTC#79113). * dasd: fix fixpoint divide exception in define_extent (bnc#748629,LTC#79125). * kernel: incorrect kernel message tags (bnc#744795,LTC#78356). * lcs: lcs offline failure (bnc#752484,LTC#79788). * qeth: add missing wake_up call (bnc#752484,LTC#79899). * dasd: Terminate inactive cqrs correctly (bnc#750995) * dasd: detailed I/O errors (bnc#746717). * patches.suse/dasd-blk-timeout.patch: Only activate blk_timeout for failfast requests (bnc#753617). ALSA: * ALSA: hda - Set codec to D3 forcibly even if not used (bnc#750426). * ALSA: hda - Add Realtek ALC269VC codec support (bnc#748827). * ALSA: hda/realtek - Apply the coef-setup only to ALC269VB (bnc#748827). * ALSA: pcm - Export snd_pcm_lib_default_mmap() helper (bnc#748384,bnc#738597). * ALSA: hda - Add snoop option (bnc#748384,bnc#738597). * ALSA: HDA: Add support for new AMD products (bnc#748384,bnc#738597). * ALSA: hda - Fix audio playback support on HP Zephyr system (bnc#749787). * ALSA: hda - Fix mute-LED VREF value for new HP laptops (bnc#745741). EXT3: * enable patches.suse/ext3-increase-reservation-window.patch. DRM: * drm/i915: Force explicit bpp selection for intel_dp_link_required (bnc#749980). * drm/i915/dp: Dither down to 6bpc if it makes the mode fit (bnc#749980). * drm/i915/dp: Read more DPCD registers on connection probe (bnc#749980). * drm/i915: fixup interlaced bits clearing in PIPECONF on PCH_SPLIT (bnc#749980). * drm/i915: read full receiver capability field during DP hot plug (bnc#749980). * drm/intel: Fix initialization if startup happens in interlaced mode [v2] (bnc#749980). * drm/i915 IVY/SNB fix patches from upstream 3.3-rc5 & rc6: patches.drivers/drm-i915-Prevent-a-machine-hang-by-checking- crtc-act, patches.drivers/drm-i915-do-not-enable-RC6p-on-Sandy-Bridge, patches.drivers/drm-i915-fix-operator-precedence-when-enabli ng-RC6p, patches.drivers/drm-i915-gen7-Disable-the-RHWO-optimization- as-it-ca, patches.drivers/drm-i915-gen7-Implement-an-L3-caching-workar ound, patches.drivers/drm-i915-gen7-implement-rczunit-workaround, patches.drivers/drm-i915-gen7-work-around-a-system-hang-on-I VB * drm/i915: Clear the TV sense state bits on cantiga to make TV detection reliable (bnc#750041). * drm/i915: Do not write DSPSURF for old chips (bnc#747071). * drm: Do not delete DPLL Multiplier during DAC init (bnc #728840). * drm: Set depth on low mem Radeon cards to 16 instead of 8 (bnc #746883). * patches.drivers/drm-i915-set-AUD_CONFIG_N_index-for-DP: Refresh. Updated the patch from the upstream (bnc#722560) * Add a few missing drm/i915 fixes from upstream 3.2 kernel (bnc#744392): * drm/i915: Sanitize BIOS debugging bits from PIPECONF (bnc#751916). * drm/i915: Add lvds_channel module option (bnc#739837). * drm/i915: Check VBIOS value for determining LVDS dual channel mode, too (bnc#739837). * agp: fix scratch page cleanup (bnc#738679). * drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908). ACPI: * supported.conf: Add acpi_ipmi as supported (bnc#716971). MM: * cpusets: avoid looping when storing to mems_allowed if one. * cpusets: avoid stall when updating mems_allowed for mempolicy. * cpuset: mm: Reduce large amounts of memory barrier related slowdown. * mm: make swapin readahead skip over holes. * mm: allow PF_MEMALLOC from softirq context. * mm: Ensure processes do not remain throttled under memory pressure. (Swap over NFS (fate#304949, bnc#747944). * mm: Allow sparsemem usemap allocations for very large NUMA nodes (bnc#749049). * backing-dev: fix wakeup timer races with bdi_unregister() (bnc#741824). * readahead: fix pipeline break caused by block plug (bnc#746454). * Fix uninitialised variable warning and obey the [get|put]_mems_allowed API. CIFS: * cifs: fix dentry refcount leak when opening a FIFO on lookup (CVE-2012-1090 bnc#749569). USB: * xhci: Fix encoding for HS bulk/control NAK rate (bnc#750402). * USB: Fix handoff when BIOS disables host PCI device (bnc#747878). * USB: Do not fail USB3 probe on missing legacy PCI IRQ (bnc#749543). * USB: Adding #define in hub_configure() and hcd.c file (bnc#714604). * USB: remove BKL comments (bnc#714604). * xHCI: Adding #define values used for hub descriptor (bnc#714604). * xHCI: Kick khubd when USB3 resume really completes (bnc#714604). * xhci: Fix oops caused by more USB2 ports than USB3 ports (bnc#714604). * USB/xhci: Enable remote wakeup for USB3 devices (bnc#714604). * USB: Suspend functions before putting dev into U3 (bnc#714604). * USB/xHCI: Enable USB 3.0 hub remote wakeup (bnc#714604). * USB: Refactor hub remote wake handling (bnc#714604). * USB/xHCI: Support device-initiated USB 3.0 resume (bnc#714604). * USB: Set wakeup bits for all children hubs (bnc#714604). * USB: Turn on auto-suspend for USB 3.0 hubs (bnc#714604). * USB: Set hub depth after USB3 hub reset (bnc#749115). * xhci: Fix USB 3.0 device restart on resume (bnc#745867). * xhci: Remove scary warnings about transfer issues (bnc#745867). * xhci: Remove warnings about MSI and MSI-X capabilities (bnc#745867). Other: * PCI / PCIe: Introduce command line option to disable ARI (bnc#742845). * PCI: Set device power state to PCI_D0 for device without native PM support (bnc#752972). X86: * x86/UV: Lower UV rtc clocksource rating (bnc#748456). * x86, mce, therm_throt: Do not report power limit and package level thermal throttle events in mcelog (bnc#745876). * x86: Unlock nmi lock after kdb_ipi call (bnc#745424). * x86, tsc: Fix SMI induced variation in quick_pit_calibrate(). (bnc#751322) XEN: * Update Xen patches to 3.0.22. * xenbus_dev: add missing error checks to watch handling. * drivers/xen/: use strlcpy() instead of strncpy(). * xenoprof: backward compatibility for changed XENOPROF_ESCAPE_CODE. * blkfront: properly fail packet requests (bnc#745929). * Refresh other Xen patches (bnc#732070, bnc#742871). * xenbus: do not free other end details too early. * blkback: also call blkif_disconnect() when frontend switched to closed. * gnttab: add deferred freeing logic. * blkback: failure to write "feature-barrier" node is non-fatal. Infiniband: * RDMA/cxgb4: Make sure flush CQ entries are collected on connection close (bnc#721587). * RDMA/cxgb4: Serialize calls to CQs comp_handler (bnc#721587). * mlx4_en: Assigning TX irq per ring (bnc#624072). Bluetooth: * Bluetooth: Add Atheros AR3012 Maryann PID/VID supported in ath3k (bnc#732296). * Bluetooth: btusb: fix bInterval for high/super speed isochronous endpoints (bnc#754052). SCTP: * dlm: Do not allocate a fd for peeloff (bnc#729247). * sctp: Export sctp_do_peeloff (bnc#729247). Other: * qlge: Removing needless prints which are not (bnc#718863). * ibft: Fix finding IBFT ACPI table on UEFI (bnc#746579). * proc: Consider NO_HZ when printing idle and iowait times (bnc#705551). * procfs: do not confuse jiffies with cputime64_t (bnc#705551). * procfs: do not overflow get_{idle,iowait}_time for nohz (bnc#705551). * bfa: Do not return DID_ABORT on failure (bnc#745400). * epoll: Do not limit non-nested epoll paths (bnc#676204). * Bridge: Always send NETDEV_CHANGEADDR up on br MAC change (bnc#752408). * hp_accel: Ignore the error from lis3lv02d_poweron() at resume (bnc#751903). * watchdog: make sure the watchdog thread gets CPU on loaded system (bnc#738583). Security Issue references: * CVE-2011-1083 * CVE-2011-2494 * CVE-2011-4086 * CVE-2011-4127 * CVE-2011-4131 * CVE-2011-4132 * CVE-2012-1097 * CVE-2012-1146 * CVE-2012-1179 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-6164 slessp2-kernel-6172 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-6161 slessp2-kernel-6162 slessp2-kernel-6163 slessp2-kernel-6164 slessp2-kernel-6172 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-6161 sleshasp2-kernel-6162 sleshasp2-kernel-6163 sleshasp2-kernel-6164 sleshasp2-kernel-6172 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-6164 sledsp2-kernel-6172 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.26]: kernel-default-3.0.26-0.7.6 kernel-default-base-3.0.26-0.7.6 kernel-default-devel-3.0.26-0.7.6 kernel-source-3.0.26-0.7.6 kernel-syms-3.0.26-0.7.6 kernel-trace-3.0.26-0.7.6 kernel-trace-base-3.0.26-0.7.6 kernel-trace-devel-3.0.26-0.7.6 kernel-xen-devel-3.0.26-0.7.6 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.26]: kernel-pae-3.0.26-0.7.6 kernel-pae-base-3.0.26-0.7.6 kernel-pae-devel-3.0.26-0.7.6 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.26]: kernel-default-3.0.26-0.7.6 kernel-default-base-3.0.26-0.7.6 kernel-default-devel-3.0.26-0.7.6 kernel-source-3.0.26-0.7.6 kernel-syms-3.0.26-0.7.6 kernel-trace-3.0.26-0.7.6 kernel-trace-base-3.0.26-0.7.6 kernel-trace-devel-3.0.26-0.7.6 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.26]: kernel-ec2-3.0.26-0.7.6 kernel-ec2-base-3.0.26-0.7.6 kernel-ec2-devel-3.0.26-0.7.6 kernel-xen-3.0.26-0.7.6 kernel-xen-base-3.0.26-0.7.6 kernel-xen-devel-3.0.26-0.7.6 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.26]: kernel-default-man-3.0.26-0.7.6 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.26]: kernel-ppc64-3.0.26-0.7.6 kernel-ppc64-base-3.0.26-0.7.6 kernel-ppc64-devel-3.0.26-0.7.6 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.26]: kernel-pae-3.0.26-0.7.6 kernel-pae-base-3.0.26-0.7.6 kernel-pae-devel-3.0.26-0.7.6 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.26_0.7-2.10.13 cluster-network-kmp-trace-1.4_3.0.26_0.7-2.10.13 gfs2-kmp-default-2_3.0.26_0.7-0.7.13 gfs2-kmp-trace-2_3.0.26_0.7-0.7.13 ocfs2-kmp-default-1.6_3.0.26_0.7-0.7.13 ocfs2-kmp-trace-1.6_3.0.26_0.7-0.7.13 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.26_0.7-2.10.13 gfs2-kmp-xen-2_3.0.26_0.7-0.7.13 ocfs2-kmp-xen-1.6_3.0.26_0.7-0.7.13 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.26_0.7-2.10.13 gfs2-kmp-ppc64-2_3.0.26_0.7-0.7.13 ocfs2-kmp-ppc64-1.6_3.0.26_0.7-0.7.13 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.26_0.7-2.10.13 gfs2-kmp-pae-2_3.0.26_0.7-0.7.13 ocfs2-kmp-pae-1.6_3.0.26_0.7-0.7.13 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.26]: kernel-default-3.0.26-0.7.6 kernel-default-base-3.0.26-0.7.6 kernel-default-devel-3.0.26-0.7.6 kernel-default-extra-3.0.26-0.7.6 kernel-source-3.0.26-0.7.6 kernel-syms-3.0.26-0.7.6 kernel-trace-3.0.26-0.7.6 kernel-trace-base-3.0.26-0.7.6 kernel-trace-devel-3.0.26-0.7.6 kernel-trace-extra-3.0.26-0.7.6 kernel-xen-3.0.26-0.7.6 kernel-xen-base-3.0.26-0.7.6 kernel-xen-devel-3.0.26-0.7.6 kernel-xen-extra-3.0.26-0.7.6 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.26]: kernel-pae-3.0.26-0.7.6 kernel-pae-base-3.0.26-0.7.6 kernel-pae-devel-3.0.26-0.7.6 kernel-pae-extra-3.0.26-0.7.6 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 x86_64): ext4-writeable-kmp-default-0_3.0.26_0.7-0.12.13 kernel-default-extra-3.0.26-0.7.6 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.26_0.7-0.12.13 kernel-xen-extra-3.0.26-0.7.6 - SLE 11 SERVER Unsupported Extras (s390x): ext4-writeable-kmp-default-0_3.0.26_0.7-0.12.14 kernel-default-extra-3.0.26-0.7.9 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.26_0.7-0.12.13 kernel-ppc64-extra-3.0.26-0.7.6 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.26_0.7-0.12.13 kernel-pae-extra-3.0.26-0.7.6 References: http://support.novell.com/security/cve/CVE-2011-1083.html http://support.novell.com/security/cve/CVE-2011-2494.html http://support.novell.com/security/cve/CVE-2011-4086.html http://support.novell.com/security/cve/CVE-2011-4127.html http://support.novell.com/security/cve/CVE-2011-4131.html http://support.novell.com/security/cve/CVE-2011-4132.html http://support.novell.com/security/cve/CVE-2012-1097.html http://support.novell.com/security/cve/CVE-2012-1146.html http://support.novell.com/security/cve/CVE-2012-1179.html https://bugzilla.novell.com/624072 https://bugzilla.novell.com/676204 https://bugzilla.novell.com/688996 https://bugzilla.novell.com/703156 https://bugzilla.novell.com/705551 https://bugzilla.novell.com/713148 https://bugzilla.novell.com/714604 https://bugzilla.novell.com/716850 https://bugzilla.novell.com/716971 https://bugzilla.novell.com/718863 https://bugzilla.novell.com/718918 https://bugzilla.novell.com/721587 https://bugzilla.novell.com/722560 https://bugzilla.novell.com/728840 https://bugzilla.novell.com/729247 https://bugzilla.novell.com/730117 https://bugzilla.novell.com/730118 https://bugzilla.novell.com/731387 https://bugzilla.novell.com/732070 https://bugzilla.novell.com/732296 https://bugzilla.novell.com/732908 https://bugzilla.novell.com/733761 https://bugzilla.novell.com/734900 https://bugzilla.novell.com/735909 https://bugzilla.novell.com/738583 https://bugzilla.novell.com/738597 https://bugzilla.novell.com/738679 https://bugzilla.novell.com/739837 https://bugzilla.novell.com/740180 https://bugzilla.novell.com/741824 https://bugzilla.novell.com/742845 https://bugzilla.novell.com/742871 https://bugzilla.novell.com/744315 https://bugzilla.novell.com/744392 https://bugzilla.novell.com/744658 https://bugzilla.novell.com/744795 https://bugzilla.novell.com/745400 https://bugzilla.novell.com/745422 https://bugzilla.novell.com/745424 https://bugzilla.novell.com/745741 https://bugzilla.novell.com/745832 https://bugzilla.novell.com/745867 https://bugzilla.novell.com/745876 https://bugzilla.novell.com/745929 https://bugzilla.novell.com/746373 https://bugzilla.novell.com/746454 https://bugzilla.novell.com/746526 https://bugzilla.novell.com/746579 https://bugzilla.novell.com/746717 https://bugzilla.novell.com/746883 https://bugzilla.novell.com/747071 https://bugzilla.novell.com/747159 https://bugzilla.novell.com/747867 https://bugzilla.novell.com/747878 https://bugzilla.novell.com/747944 https://bugzilla.novell.com/748384 https://bugzilla.novell.com/748456 https://bugzilla.novell.com/748629 https://bugzilla.novell.com/748632 https://bugzilla.novell.com/748827 https://bugzilla.novell.com/748854 https://bugzilla.novell.com/748862 https://bugzilla.novell.com/749049 https://bugzilla.novell.com/749115 https://bugzilla.novell.com/749417 https://bugzilla.novell.com/749543 https://bugzilla.novell.com/749569 https://bugzilla.novell.com/749651 https://bugzilla.novell.com/749787 https://bugzilla.novell.com/749980 https://bugzilla.novell.com/750041 https://bugzilla.novell.com/750079 https://bugzilla.novell.com/750173 https://bugzilla.novell.com/750402 https://bugzilla.novell.com/750426 https://bugzilla.novell.com/750459 https://bugzilla.novell.com/750959 https://bugzilla.novell.com/750995 https://bugzilla.novell.com/751015 https://bugzilla.novell.com/751171 https://bugzilla.novell.com/751322 https://bugzilla.novell.com/751743 https://bugzilla.novell.com/751885 https://bugzilla.novell.com/751903 https://bugzilla.novell.com/751916 https://bugzilla.novell.com/752408 https://bugzilla.novell.com/752484 https://bugzilla.novell.com/752599 https://bugzilla.novell.com/752972 https://bugzilla.novell.com/754052 https://bugzilla.novell.com/756821 http://download.novell.com/patch/finder/?keywords=0c0599ba7eb3ff19e03145395221492d http://download.novell.com/patch/finder/?keywords=2e90c1323c443452ce1300d028485433 http://download.novell.com/patch/finder/?keywords=3013eaf2835f479bb179809bbe457341 http://download.novell.com/patch/finder/?keywords=32e6cc1c03753bb6fea3e11ac96fa022 http://download.novell.com/patch/finder/?keywords=473d38c1e40bf853caa492bc515a7ef3 http://download.novell.com/patch/finder/?keywords=801367ba5926dca980d4cca08cb89d42 http://download.novell.com/patch/finder/?keywords=964c5d721958050cf002b86dc6679a38 http://download.novell.com/patch/finder/?keywords=999e5682f16cf2722ec13361cda52a51 http://download.novell.com/patch/finder/?keywords=c376b59b3b132786ff345a43f594d3dd http://download.novell.com/patch/finder/?keywords=def01de6b281f8b8cf0625ebfad3cb09 From sle-updates at lists.suse.com Mon Apr 23 18:08:15 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Apr 2012 02:08:15 +0200 (CEST) Subject: SUSE-RU-2012:0555-1: Recommended update for ipmitool Message-ID: <20120424000815.2DDFA32403@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmitool ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0555-1 Rating: low References: #614916 #726617 #729514 #739377 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for ipmitool provides the following fixes: * 604896: Fix ipmitool crash when reading sdr list on SLES11 * 614916: ipmitool broken on UV10 with SLES11 SP1 * 726617: Fix memory leak in SLES11SP1 ipmitool * 729514: Fix segfault in ipmitool * 739377: Fix detection if it is no longer connected to BMC In addition to that, it provides improved support for DELL OEM and Storage Enclosures (FATE#311239, FATE#311166). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-ipmitool-5780 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-ipmitool-5780 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-ipmitool-5780 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): ipmitool-1.8.11-0.13.6.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): ipmitool-1.8.11-0.13.6.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): ipmitool-1.8.11-0.13.6.1 References: https://bugzilla.novell.com/614916 https://bugzilla.novell.com/726617 https://bugzilla.novell.com/729514 https://bugzilla.novell.com/739377 http://download.novell.com/patch/finder/?keywords=ac46c5ecc6f296e023bdde7dd818f10e From sle-updates at lists.suse.com Mon Apr 23 19:08:16 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Apr 2012 03:08:16 +0200 (CEST) Subject: SUSE-RU-2012:0556-1: Recommended update for ipmitool Message-ID: <20120424010816.688613240C@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmitool ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0556-1 Rating: low References: #729514 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ipmitool provides the following fixes: * 729514: Fix segfault in ipmitool Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ipmitool-5862 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ipmitool-5862 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ipmitool-5862 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ipmitool-1.8.11-0.16.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ipmitool-1.8.11-0.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ipmitool-1.8.11-0.16.1 References: https://bugzilla.novell.com/729514 http://download.novell.com/patch/finder/?keywords=d698f4dd37157f874d6e083e5e7f9f4e From sle-updates at lists.suse.com Wed Apr 25 15:08:13 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Apr 2012 23:08:13 +0200 (CEST) Subject: SUSE-RU-2012:0380-2: moderate: Recommended update for ocfs2-tools Message-ID: <20120425210814.02AD83240C@maintenance.suse.de> SUSE Recommended Update: Recommended update for ocfs2-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0380-2 Rating: moderate References: #727592 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update fixes endianness issues in ocfs2-tools. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP1: zypper in -t patch sleshasp1-ocfs2-tools-5937 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.6.4]: ocfs2-tools-1.6.4-0.5.1 ocfs2-tools-devel-1.6.4-0.5.1 ocfs2-tools-o2cb-1.6.4-0.5.1 ocfs2console-1.6.4-0.5.1 References: https://bugzilla.novell.com/727592 http://download.novell.com/patch/finder/?keywords=bbe6655b2ad8a517be6720a52a6ac781 From sle-updates at lists.suse.com Thu Apr 26 09:08:13 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Apr 2012 17:08:13 +0200 (CEST) Subject: SUSE-RU-2012:0564-1: important: Recommended update for parted Message-ID: <20120426150813.7A1AA32414@maintenance.suse.de> SUSE Recommended Update: Recommended update for parted ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0564-1 Rating: important References: #754278 #756019 #757225 #757433 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for parted resolves the following issues: * On the s390x architecture, parted may crash with a segmentation fault because of an overflow in an error buffer (bnc#756019) * On servers that use the cciss SCSI controller, parted may fail to create partitions or to re-read the partition table (bnc#757225, bnc#757433, bnc#754278). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-parted-6156 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-parted-6156 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-parted-6156 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-parted-6156 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): parted-devel-2.3-10.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): parted-2.3-10.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): parted-32bit-2.3-10.23.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): parted-2.3-10.23.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): parted-32bit-2.3-10.23.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): parted-x86-2.3-10.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): parted-2.3-10.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): parted-32bit-2.3-10.23.1 References: https://bugzilla.novell.com/754278 https://bugzilla.novell.com/756019 https://bugzilla.novell.com/757225 https://bugzilla.novell.com/757433 http://download.novell.com/patch/finder/?keywords=5a286fbe663221e20281fde1b16ceb13 From sle-updates at lists.suse.com Thu Apr 26 12:08:34 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Apr 2012 20:08:34 +0200 (CEST) Subject: SUSE-SU-2012:0565-1: moderate: Security update for Python Message-ID: <20120426180834.6D2A73240C@maintenance.suse.de> SUSE Security Update: Security update for Python ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0565-1 Rating: moderate References: #751718 #752375 #754677 Cross-References: CVE-2012-1150 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: The following issues have been fixed in this update: * hash randomization issues (CVE-2012-115) (see below) * SimpleHTTPServer XSS (CVE-2011-1015) * SSL BEAST vulnerability (CVE-2011-3389) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes. To enable the hash seed randomization you can either use: * pass -R to the python interpreter commandline. * set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT. In generally enabling this is only needed when malicious third parties can inject values into your hash tables. Security Issue reference: * CVE-2012-1150 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): python-2.4.2-18.41.2 python-curses-2.4.2-18.41.2 python-demo-2.4.2-18.41.2 python-devel-2.4.2-18.41.2 python-gdbm-2.4.2-18.41.2 python-idle-2.4.2-18.41.2 python-tk-2.4.2-18.41.2 python-xml-2.4.2-18.41.2 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64): python-32bit-2.4.2-18.41.2 - SUSE Linux Enterprise Server 10 SP4 (noarch): python-doc-2.4.2-18.41.3 python-doc-pdf-2.4.2-18.41.3 - SUSE Linux Enterprise Server 10 SP4 (ia64): python-x86-2.4.2-18.41.2 - SUSE Linux Enterprise Server 10 SP4 (ppc): python-64bit-2.4.2-18.41.2 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): python-2.4.2-18.41.2 python-curses-2.4.2-18.41.2 python-devel-2.4.2-18.41.2 python-gdbm-2.4.2-18.41.2 python-tk-2.4.2-18.41.2 python-xml-2.4.2-18.41.2 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64): python-32bit-2.4.2-18.41.2 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): python-demo-2.4.2-18.41.2 python-devel-2.4.2-18.41.2 python-idle-2.4.2-18.41.2 - SLE SDK 10 SP4 (noarch): python-doc-2.4.2-18.41.3 python-doc-pdf-2.4.2-18.41.3 References: http://support.novell.com/security/cve/CVE-2012-1150.html https://bugzilla.novell.com/751718 https://bugzilla.novell.com/752375 https://bugzilla.novell.com/754677 http://download.novell.com/patch/finder/?keywords=8cae90c294b192a41f5e7816dbad3991 From sle-updates at lists.suse.com Thu Apr 26 12:08:39 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Apr 2012 20:08:39 +0200 (CEST) Subject: SUSE-SU-2012:0554-2: important: kernel update for SLE11 SP2 Message-ID: <20120426180839.9EAD532418@maintenance.suse.de> SUSE Security Update: kernel update for SLE11 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0554-2 Rating: important References: #624072 #676204 #688996 #703156 #705551 #713148 #714604 #716850 #716971 #718863 #718918 #721587 #722560 #728840 #729247 #730117 #730118 #731387 #732070 #732296 #732908 #733761 #734900 #735909 #738583 #738597 #738679 #739837 #740180 #741824 #742845 #742871 #744315 #744392 #744658 #744795 #745400 #745422 #745424 #745741 #745832 #745867 #745876 #745929 #746373 #746454 #746526 #746579 #746717 #746883 #747071 #747159 #747867 #747878 #747944 #748384 #748456 #748629 #748632 #748827 #748854 #748862 #749049 #749115 #749417 #749543 #749569 #749651 #749787 #749980 #750041 #750079 #750173 #750402 #750426 #750459 #750959 #750995 #751015 #751171 #751322 #751743 #751885 #751903 #751916 #752408 #752484 #752599 #752972 #754052 #756821 Cross-References: CVE-2011-1083 CVE-2011-2494 CVE-2011-4086 CVE-2011-4127 CVE-2011-4131 CVE-2011-4132 CVE-2012-1097 CVE-2012-1146 CVE-2012-1179 Affected Products: SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 82 fixes is now available. Description: The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.26, fixing lots of bugs and security issues. Following security issues were fixed: CVE-2012-1179: A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm a privileged guest user could crash the kvm host system. CVE-2011-4127: A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. CVE-2012-1146: A local attacker could oops the kernel using memory control groups and eventfds. CVE-2011-1083: Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time. CVE-2012-1097: The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible. CVE-2011-2494: Access to the /proc/pid/taskstats file requires root access to avoid side channel (timing keypresses etc.) attacks on other users. CVE-2011-4086: Fixed a oops in jbd/jbd2 that could be caused by specific filesystem access patterns. CVE-2011-4131: A malicious NFSv4 server could have caused a oops in the nfsv4 acl handling. CVE-2011-4132: Fixed a oops in jbd/jbd2 that could be caused by mounting a malicious prepared filesystem. (Also included all fixes from the 3.0.14 -> 3.0.25 stable kernel updates.) Following non-security issues were fixed: - efivars: add missing parameter to efi_pstore_read(). BTRFS: - add a few error cleanups. - btrfs: handle errors when excluding super extents (FATE#306586 bnc#751015). - btrfs: Fix missing goto in btrfs_ioctl_clone. - btrfs: Fixed mishandled -EAGAIN error case from btrfs_split_item (bnc#750459). - btrfs: disallow unequal data/metadata blocksize for mixed block groups (FATE#306586). - btrfs: enhance superblock sanity checks (FATE#306586 bnc#749651). - btrfs: update message levels (FATE#306586). - btrfs 3.3-rc6 updates: - avoid setting ->d_op twice (FATE#306586 bnc#731387). - btrfs: fix wrong information of the directory in the snapshot (FATE#306586). - btrfs: fix race in reada (FATE#306586). - btrfs: do not add both copies of DUP to reada extent tree (FATE#306586). - btrfs: stop silently switching single chunks to raid0 on balance (FATE#306586). - btrfs: fix locking issues in find_parent_nodes() (FATE#306586). - btrfs: fix casting error in scrub reada code (FATE#306586). - btrfs sync with upstream up to 3.3-rc5 (FATE#306586) - btrfs: Sector Size check during Mount - btrfs: avoid positive number with ERR_PTR - btrfs: return the internal error unchanged if btrfs_get_extent_fiemap() call failed for SEEK_DATA/SEEK_HOLE inquiry. - btrfs: fix trim 0 bytes after a device delete - btrfs: do not check DUP chunks twice - btrfs: fix memory leak in load_free_space_cache() - btrfs: delalloc for page dirtied out-of-band in fixup worker - btrfs: fix structs where bitfields and spinlock/atomic share 8B word. - btrfs: silence warning in raid array setup. - btrfs: honor umask when creating subvol root. - btrfs: fix return value check of extent_io_ops. - btrfs: fix deadlock on page lock when doing auto-defragment. - btrfs: check return value of lookup_extent_mapping() correctly. - btrfs: skip states when they does not contain bits to clear. - btrfs: kick out redundant stuff in convert_extent_bit. - btrfs: fix a bug on overcommit stuff. - btrfs: be less strict on finding next node in clear_extent_bit. - btrfs: improve error handling for btrfs_insert_dir_item callers. - btrfs: make sure we update latest_bdev. - btrfs: add extra sanity checks on the path names in btrfs_mksubvol. - btrfs: clear the extent uptodate bits during parent transid failures. - btrfs: increase the global block reserve estimates. - btrfs: fix compiler warnings on 32 bit systems. - Clean up unused code, fix use of error-indicated pointer in transaction teardown (bnc#748854). - btrfs: fix return value check of extent_io_ops. - btrfs: fix deadlock on page lock when doing auto-defragment. - btrfs: check return value of lookup_extent_mapping() correctly. - btrfs: skip states when they does not contain bits to clear. - btrfs: kick out redundant stuff in convert_extent_bit. - btrfs: fix a bug on overcommit stuff. - btrfs: be less strict on finding next node in clear_extent_bit. - btrfs: do not reserve data with extents locked in btrfs_fallocate. - btrfs: avoid positive number with ERR_PTR. - btrfs: return the internal error unchanged if btrfs_get_extent_fiemap() call failed for SEEK_DATA/SEEK_HOLE inquiry. - btrfs: fix trim 0 bytes after a device delete. - btrfs: do not check DUP chunks twice. - btrfs: fix memory leak in load_free_space_cache(). - btrfs: fix permissions of new subvolume (bnc#746373). - btrfs: set ioprio of scrub readahead to idle. - fix logic in condition in BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS - fix incorrect exclusion of superblock from blockgroups (bnc#751743) - patches.suse/btrfs-8059-handle-errors-when-excluding-super-e xtents.patch: fix incorrect default value. - fix aio/dio bio refcounting bnc#718918. - btrfs: fix locking issues in find_parent_nodes() - Btrfs: fix casting error in scrub reada code - patches.suse/btrfs-8059-handle-errors-when-excluding-super-e xtents.patch: Fix uninitialized variable. - btrfs: handle errors from read_tree_block (bnc#748632). - btrfs: push-up errors from btrfs_num_copies (bnc#748632). - patches.suse/btrfs-8059-handle-errors-when-excluding-super-e xtents.patch: disable due to potential corruptions (bnc#751743) XFS: - XFS read/write calls do not generate DMAPI events (bnc#751885). - xfs/dmapi: Remove cached vfsmount (bnc#749417). - xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#716850). NFS: - nfs: Do not allow multiple mounts on same mountpoint when using -o noac (bnc#745422). - lockd: fix arg parsing for grace_period and timeout (bnc#733761). MD: - raid10: Disable recovery when recovery cannot proceed (bnc#751171). - md/bitmap: ensure to load bitmap when creating via sysfs. - md: do not set md arrays to readonly on shutdown (bnc#740180, bnc#713148, bnc#734900). - md: allow last device to be forcibly removed from RAID1/RAID10 (bnc#746717). - md: allow re-add to failed arrays (bnc#746717). - md: Correctly handle read failure from last working device in RAID10 (bnc#746717). - patches.suse/0003-md-raid1-add-failfast-handling-for-writes. patch: Refresh to not crash when handling write error on FailFast devices. bnc#747159 - md/raid10: Fix kernel oops during drive failure (bnc#750995). - patches.suse/md-re-add-to-failed: Update references (bnc#746717). - md/raid10: handle merge_bvec_fn in member devices. - md/raid10 - support resizing some RAID10 arrays. Hyper-V: - update hyperv drivers to 3.3-rc7 and move them out of staging: hv_timesource -> merged into core kernel hv_vmbus -> drivers/hv/hv_vmbus hv_utils -> drivers/hv/hv_utils hv_storvsc -> drivers/scsi/hv_storvsc hv_netvsc -> drivers/net/hyperv/hv_netvsc hv_mousevsc -> drivers/hid/hid-hyperv add compat modalias for hv_mousevsc update supported.conf rename all 333 patches, use msft-hv- and suse-hv- as prefix - net/hyperv: Use netif_tx_disable() instead of netif_stop_queue() when necessary. - net/hyperv: rx_bytes should account the ether header size. - net/hyperv: fix the issue that large packets be dropped under bridge. - net/hyperv: Fix the page buffer when an RNDIS message goes beyond page boundary. - net/hyperv: fix erroneous NETDEV_TX_BUSY use. SCSI: - sd: mark busy sd majors as allocated (bug#744658). - st: expand tape driver ability to write immediate filemarks (bnc#688996). - scsi scan: do not fail scans when host is in recovery (bnc#747867). S/390: - dasd: Implement block timeout handling (bnc#746717). - callhome: fix broken proc interface and activate compid (bnc#748862,LTC#79115). - ctcmpc: use correct idal word list for ctcmpc (bnc#750173,LTC#79264). - Fix recovery in case of concurrent asynchronous deliveries (bnc#748629,LTC#78309). - kernel: 3215 console deadlock (bnc#748629,LTC#78612). - qeth: synchronize discipline module loading (bnc#748629,LTC#78788). - memory hotplug: prevent memory zone interleave (bnc#748629,LTC#79113). - dasd: fix fixpoint divide exception in define_extent (bnc#748629,LTC#79125). - kernel: incorrect kernel message tags (bnc#744795,LTC#78356). - lcs: lcs offline failure (bnc#752484,LTC#79788). - qeth: add missing wake_up call (bnc#752484,LTC#79899). - dasd: Terminate inactive cqrs correctly (bnc#750995) - dasd: detailed I/O errors (bnc#746717). - patches.suse/dasd-blk-timeout.patch: Only activate blk_timeout for failfast requests (bnc#753617). ALSA: - ALSA: hda - Set codec to D3 forcibly even if not used (bnc#750426). - ALSA: hda - Add Realtek ALC269VC codec support (bnc#748827). - ALSA: hda/realtek - Apply the coef-setup only to ALC269VB (bnc#748827). - ALSA: pcm - Export snd_pcm_lib_default_mmap() helper (bnc#748384,bnc#738597). - ALSA: hda - Add snoop option (bnc#748384,bnc#738597). - ALSA: HDA: Add support for new AMD products (bnc#748384,bnc#738597). - ALSA: hda - Fix audio playback support on HP Zephyr system (bnc#749787). - ALSA: hda - Fix mute-LED VREF value for new HP laptops (bnc#745741). EXT3: - enable patches.suse/ext3-increase-reservation-window.patch. DRM: - drm/i915: Force explicit bpp selection for intel_dp_link_required (bnc#749980). - drm/i915/dp: Dither down to 6bpc if it makes the mode fit (bnc#749980). - drm/i915/dp: Read more DPCD registers on connection probe (bnc#749980). - drm/i915: fixup interlaced bits clearing in PIPECONF on PCH_SPLIT (bnc#749980). - drm/i915: read full receiver capability field during DP hot plug (bnc#749980). - drm/intel: Fix initialization if startup happens in interlaced mode [v2] (bnc#749980). - drm/i915 IVY/SNB fix patches from upstream 3.3-rc5 & rc6: patches.drivers/drm-i915-Prevent-a-machine-hang-by-checking- crtc-act, patches.drivers/drm-i915-do-not-enable-RC6p-on-Sandy-Bridge, patches.drivers/drm-i915-fix-operator-precedence-when-enabli ng-RC6p, patches.drivers/drm-i915-gen7-Disable-the-RHWO-optimization- as-it-ca, patches.drivers/drm-i915-gen7-Implement-an-L3-caching-workar ound, patches.drivers/drm-i915-gen7-implement-rczunit-workaround, patches.drivers/drm-i915-gen7-work-around-a-system-hang-on-I VB - drm/i915: Clear the TV sense state bits on cantiga to make TV detection reliable (bnc#750041). - drm/i915: Do not write DSPSURF for old chips (bnc#747071). - drm: Do not delete DPLL Multiplier during DAC init (bnc #728840). - drm: Set depth on low mem Radeon cards to 16 instead of 8 (bnc #746883). - patches.drivers/drm-i915-set-AUD_CONFIG_N_index-for-DP: Refresh. Updated the patch from the upstream (bnc#722560) - Add a few missing drm/i915 fixes from upstream 3.2 kernel (bnc#744392): - drm/i915: Sanitize BIOS debugging bits from PIPECONF (bnc#751916). - drm/i915: Add lvds_channel module option (bnc#739837). - drm/i915: Check VBIOS value for determining LVDS dual channel mode, too (bnc#739837). - agp: fix scratch page cleanup (bnc#738679). - drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908). ACPI: - supported.conf: Add acpi_ipmi as supported (bnc#716971). MM: - cpusets: avoid looping when storing to mems_allowed if one. - cpusets: avoid stall when updating mems_allowed for mempolicy. - cpuset: mm: Reduce large amounts of memory barrier related slowdown. - mm: make swapin readahead skip over holes. - mm: allow PF_MEMALLOC from softirq context. - mm: Ensure processes do not remain throttled under memory pressure. (Swap over NFS (fate#304949, bnc#747944). - mm: Allow sparsemem usemap allocations for very large NUMA nodes (bnc#749049). - backing-dev: fix wakeup timer races with bdi_unregister() (bnc#741824). - readahead: fix pipeline break caused by block plug (bnc#746454). - Fix uninitialised variable warning and obey the [get|put]_mems_allowed API. CIFS: - cifs: fix dentry refcount leak when opening a FIFO on lookup (CVE-2012-1090 bnc#749569). USB: - xhci: Fix encoding for HS bulk/control NAK rate (bnc#750402). - USB: Fix handoff when BIOS disables host PCI device (bnc#747878). - USB: Do not fail USB3 probe on missing legacy PCI IRQ (bnc#749543). - USB: Adding #define in hub_configure() and hcd.c file (bnc#714604). - USB: remove BKL comments (bnc#714604). - xHCI: Adding #define values used for hub descriptor (bnc#714604). - xHCI: Kick khubd when USB3 resume really completes (bnc#714604). - xhci: Fix oops caused by more USB2 ports than USB3 ports (bnc#714604). - USB/xhci: Enable remote wakeup for USB3 devices (bnc#714604). - USB: Suspend functions before putting dev into U3 (bnc#714604). - USB/xHCI: Enable USB 3.0 hub remote wakeup (bnc#714604). - USB: Refactor hub remote wake handling (bnc#714604). - USB/xHCI: Support device-initiated USB 3.0 resume (bnc#714604). - USB: Set wakeup bits for all children hubs (bnc#714604). - USB: Turn on auto-suspend for USB 3.0 hubs (bnc#714604). - USB: Set hub depth after USB3 hub reset (bnc#749115). - xhci: Fix USB 3.0 device restart on resume (bnc#745867). - xhci: Remove scary warnings about transfer issues (bnc#745867). - xhci: Remove warnings about MSI and MSI-X capabilities (bnc#745867). Other: - PCI / PCIe: Introduce command line option to disable ARI (bnc#742845). - PCI: Set device power state to PCI_D0 for device without native PM support (bnc#752972). X86: - x86/UV: Lower UV rtc clocksource rating (bnc#748456). - x86, mce, therm_throt: Do not report power limit and package level thermal throttle events in mcelog (bnc#745876). - x86: Unlock nmi lock after kdb_ipi call (bnc#745424). - x86, tsc: Fix SMI induced variation in quick_pit_calibrate(). (bnc#751322) XEN: - Update Xen patches to 3.0.22. - xenbus_dev: add missing error checks to watch handling. - drivers/xen/: use strlcpy() instead of strncpy(). - xenoprof: backward compatibility for changed XENOPROF_ESCAPE_CODE. - blkfront: properly fail packet requests (bnc#745929). - Refresh other Xen patches (bnc#732070, bnc#742871). - xenbus: do not free other end details too early. - blkback: also call blkif_disconnect() when frontend switched to closed. - gnttab: add deferred freeing logic. - blkback: failure to write "feature-barrier" node is non-fatal. Infiniband: - RDMA/cxgb4: Make sure flush CQ entries are collected on connection close (bnc#721587). - RDMA/cxgb4: Serialize calls to CQs comp_handler (bnc#721587). - mlx4_en: Assigning TX irq per ring (bnc#624072). Bluetooth: - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported in ath3k (bnc#732296). - Bluetooth: btusb: fix bInterval for high/super speed isochronous endpoints (bnc#754052). SCTP: - dlm: Do not allocate a fd for peeloff (bnc#729247). - sctp: Export sctp_do_peeloff (bnc#729247). Other: - qlge: Removing needless prints which are not (bnc#718863). - ibft: Fix finding IBFT ACPI table on UEFI (bnc#746579). - proc: Consider NO_HZ when printing idle and iowait times (bnc#705551). - procfs: do not confuse jiffies with cputime64_t (bnc#705551). - procfs: do not overflow get_{idle,iowait}_time for nohz (bnc#705551). - bfa: Do not return DID_ABORT on failure (bnc#745400). - epoll: Do not limit non-nested epoll paths (bnc#676204). - Bridge: Always send NETDEV_CHANGEADDR up on br MAC change (bnc#752408). - hp_accel: Ignore the error from lis3lv02d_poweron() at resume (bnc#751903). - watchdog: make sure the watchdog thread gets CPU on loaded system (bnc#738583). Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SLE 11 SERVER Unsupported Extras (s390x): ext4-writeable-kmp-default-0_3.0.26_0.7-0.12.13 kernel-default-extra-3.0.26-0.7.6 References: http://support.novell.com/security/cve/CVE-2011-1083.html http://support.novell.com/security/cve/CVE-2011-2494.html http://support.novell.com/security/cve/CVE-2011-4086.html http://support.novell.com/security/cve/CVE-2011-4127.html http://support.novell.com/security/cve/CVE-2011-4131.html http://support.novell.com/security/cve/CVE-2011-4132.html http://support.novell.com/security/cve/CVE-2012-1097.html http://support.novell.com/security/cve/CVE-2012-1146.html http://support.novell.com/security/cve/CVE-2012-1179.html https://bugzilla.novell.com/624072 https://bugzilla.novell.com/676204 https://bugzilla.novell.com/688996 https://bugzilla.novell.com/703156 https://bugzilla.novell.com/705551 https://bugzilla.novell.com/713148 https://bugzilla.novell.com/714604 https://bugzilla.novell.com/716850 https://bugzilla.novell.com/716971 https://bugzilla.novell.com/718863 https://bugzilla.novell.com/718918 https://bugzilla.novell.com/721587 https://bugzilla.novell.com/722560 https://bugzilla.novell.com/728840 https://bugzilla.novell.com/729247 https://bugzilla.novell.com/730117 https://bugzilla.novell.com/730118 https://bugzilla.novell.com/731387 https://bugzilla.novell.com/732070 https://bugzilla.novell.com/732296 https://bugzilla.novell.com/732908 https://bugzilla.novell.com/733761 https://bugzilla.novell.com/734900 https://bugzilla.novell.com/735909 https://bugzilla.novell.com/738583 https://bugzilla.novell.com/738597 https://bugzilla.novell.com/738679 https://bugzilla.novell.com/739837 https://bugzilla.novell.com/740180 https://bugzilla.novell.com/741824 https://bugzilla.novell.com/742845 https://bugzilla.novell.com/742871 https://bugzilla.novell.com/744315 https://bugzilla.novell.com/744392 https://bugzilla.novell.com/744658 https://bugzilla.novell.com/744795 https://bugzilla.novell.com/745400 https://bugzilla.novell.com/745422 https://bugzilla.novell.com/745424 https://bugzilla.novell.com/745741 https://bugzilla.novell.com/745832 https://bugzilla.novell.com/745867 https://bugzilla.novell.com/745876 https://bugzilla.novell.com/745929 https://bugzilla.novell.com/746373 https://bugzilla.novell.com/746454 https://bugzilla.novell.com/746526 https://bugzilla.novell.com/746579 https://bugzilla.novell.com/746717 https://bugzilla.novell.com/746883 https://bugzilla.novell.com/747071 https://bugzilla.novell.com/747159 https://bugzilla.novell.com/747867 https://bugzilla.novell.com/747878 https://bugzilla.novell.com/747944 https://bugzilla.novell.com/748384 https://bugzilla.novell.com/748456 https://bugzilla.novell.com/748629 https://bugzilla.novell.com/748632 https://bugzilla.novell.com/748827 https://bugzilla.novell.com/748854 https://bugzilla.novell.com/748862 https://bugzilla.novell.com/749049 https://bugzilla.novell.com/749115 https://bugzilla.novell.com/749417 https://bugzilla.novell.com/749543 https://bugzilla.novell.com/749569 https://bugzilla.novell.com/749651 https://bugzilla.novell.com/749787 https://bugzilla.novell.com/749980 https://bugzilla.novell.com/750041 https://bugzilla.novell.com/750079 https://bugzilla.novell.com/750173 https://bugzilla.novell.com/750402 https://bugzilla.novell.com/750426 https://bugzilla.novell.com/750459 https://bugzilla.novell.com/750959 https://bugzilla.novell.com/750995 https://bugzilla.novell.com/751015 https://bugzilla.novell.com/751171 https://bugzilla.novell.com/751322 https://bugzilla.novell.com/751743 https://bugzilla.novell.com/751885 https://bugzilla.novell.com/751903 https://bugzilla.novell.com/751916 https://bugzilla.novell.com/752408 https://bugzilla.novell.com/752484 https://bugzilla.novell.com/752599 https://bugzilla.novell.com/752972 https://bugzilla.novell.com/754052 https://bugzilla.novell.com/756821 http://download.novell.com/patch/finder/?keywords=eac0aab7481baf272614ad227178444c From sle-updates at lists.suse.com Thu Apr 26 17:08:14 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Apr 2012 01:08:14 +0200 (CEST) Subject: SUSE-RU-2012:0566-1: important: Recommended update for parted Message-ID: <20120426230814.D7D53323CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for parted ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0566-1 Rating: important References: #696366 #754278 #756019 #757225 #757433 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update to parted resolves the following issues: * Allow resizing ReiserFS partitions up to the end of the disk (bnc#696366) * On the s390x architecture, parted may crash with a segmentation fault because of an overflow in an error buffer (bnc#756019) * On servers that use the cciss SCSI controller, parted may fail to create partitions or to re-read the partition table (bnc#757225, bnc#757433, bnc#754278). Indications: Required partition could not be created Contraindications: Indications: Required partition could not be created Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-parted-6209 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-parted-6209 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-parted-6209 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-parted-6209 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): parted-devel-1.8.8-102.27.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): parted-1.8.8-102.27.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): parted-32bit-1.8.8-102.27.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): parted-1.8.8-102.27.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): parted-32bit-1.8.8-102.27.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): parted-x86-1.8.8-102.27.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): parted-1.8.8-102.27.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): parted-32bit-1.8.8-102.27.1 References: https://bugzilla.novell.com/696366 https://bugzilla.novell.com/754278 https://bugzilla.novell.com/756019 https://bugzilla.novell.com/757225 https://bugzilla.novell.com/757433 http://download.novell.com/patch/finder/?keywords=a6d71f1482211bb45cf7002ed86ba067 From sle-updates at lists.suse.com Fri Apr 27 10:08:14 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Apr 2012 18:08:14 +0200 (CEST) Subject: SUSE-RU-2012:0568-1: Recommended update for sled11-branding-hp-cnb-SBSO Message-ID: <20120427160814.70CF63240E@maintenance.suse.de> SUSE Recommended Update: Recommended update for sled11-branding-hp-cnb-SBSO ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0568-1 Rating: low References: #755980 Affected Products: SLED 11 HP CNB Preload SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Remove references to not applicable documents if installed (bnc#755980). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SLED 11 HP CNB Preload SP2: zypper in -t patch slehpcnbp2-sled11-branding-hp-cnb-SBSO-6217 To bring your system up-to-date, use "zypper patch". Package List: - SLED 11 HP CNB Preload SP2 (x86_64): sled11-branding-hp-cnb-SBSO-0.9-0.25.1 References: https://bugzilla.novell.com/755980 http://download.novell.com/patch/finder/?keywords=7ca4eb79531f7abc4dd8fe56303e76f8 From sle-updates at lists.suse.com Mon Apr 30 13:08:14 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Apr 2012 21:08:14 +0200 (CEST) Subject: SUSE-RU-2012:0569-1: moderate: Recommended update for apparmor-profiles Message-ID: <20120430190814.6DC0A323C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor-profiles ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0569-1 Rating: moderate References: #691218 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of the Apparmor Profiles allows the -I option for traceroute to work. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-apparmor-profiles-5820 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-apparmor-profiles-5820 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-apparmor-profiles-5820 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware (noarch): apparmor-profiles-2.3-48.9.8.1 - SUSE Linux Enterprise Server 11 SP1 (noarch): apparmor-profiles-2.3-48.9.8.1 - SUSE Linux Enterprise Desktop 11 SP1 (noarch): apparmor-profiles-2.3-48.9.8.1 References: https://bugzilla.novell.com/691218 http://download.novell.com/patch/finder/?keywords=70b41271472b03799b21b6bc32ac20e0 From sle-updates at lists.suse.com Mon Apr 30 13:08:17 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Apr 2012 21:08:17 +0200 (CEST) Subject: SUSE-RU-2012:0570-1: Recommended update for glibc Message-ID: <20120430190817.030A7323D8@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0570-1 Rating: low References: #741345 #743689 #746824 #747768 #747932 #748032 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for glibc includes the following changes: * Fix sed not parsing correctly double-byte Japanese characters. * Fix format string protection bypass via "nargs" integer overflow. * Fix an assertion error in DNS query. * Fix a vi_VN.tcvn locale problem. * Fix crash in libpthread on heavy thread usage. * Fix IPv6-localhost cannot be resolved as an IPv4 address. In addition, the following minor security fix is also included: * Fix an integer overflow flaw in the format string protection mechanism offered by FORTIFY_SOURCE. (CVE-2012-0864 ) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-glibc-6134 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-glibc-6134 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-glibc-6134 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-glibc-6134 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64): glibc-html-2.11.1-0.38.1 glibc-info-2.11.1-0.38.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 i686 x86_64): glibc-2.11.1-0.38.1 glibc-devel-2.11.1-0.38.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): glibc-html-2.11.1-0.38.1 glibc-i18ndata-2.11.1-0.38.1 glibc-info-2.11.1-0.38.1 glibc-locale-2.11.1-0.38.1 glibc-profile-2.11.1-0.38.1 nscd-2.11.1-0.38.1 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): glibc-32bit-2.11.1-0.38.1 glibc-devel-32bit-2.11.1-0.38.1 glibc-locale-32bit-2.11.1-0.38.1 glibc-profile-32bit-2.11.1-0.38.1 - SUSE Linux Enterprise Server 11 SP1 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.1-0.38.1 glibc-devel-2.11.1-0.38.1 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.1-0.38.1 glibc-i18ndata-2.11.1-0.38.1 glibc-info-2.11.1-0.38.1 glibc-locale-2.11.1-0.38.1 glibc-profile-2.11.1-0.38.1 nscd-2.11.1-0.38.1 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): glibc-32bit-2.11.1-0.38.1 glibc-devel-32bit-2.11.1-0.38.1 glibc-locale-32bit-2.11.1-0.38.1 glibc-profile-32bit-2.11.1-0.38.1 - SUSE Linux Enterprise Server 11 SP1 (ia64): glibc-locale-x86-2.11.1-0.38.1 glibc-profile-x86-2.11.1-0.38.1 glibc-x86-2.11.1-0.38.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 i686 x86_64): glibc-2.11.1-0.38.1 glibc-devel-2.11.1-0.38.1 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): glibc-i18ndata-2.11.1-0.38.1 glibc-locale-2.11.1-0.38.1 nscd-2.11.1-0.38.1 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): glibc-32bit-2.11.1-0.38.1 glibc-devel-32bit-2.11.1-0.38.1 glibc-locale-32bit-2.11.1-0.38.1 References: http://support.novell.com/security/cve/CVE-2012-0864.html https://bugzilla.novell.com/741345 https://bugzilla.novell.com/743689 https://bugzilla.novell.com/746824 https://bugzilla.novell.com/747768 https://bugzilla.novell.com/747932 https://bugzilla.novell.com/748032 http://download.novell.com/patch/finder/?keywords=3fba78b3257d11130ddb00b6e276d0e0 From sle-updates at lists.suse.com Mon Apr 30 14:08:09 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Apr 2012 22:08:09 +0200 (CEST) Subject: SUSE-SU-2012:0571-1: moderate: Security update for cifs-utils Message-ID: <20120430200809.97132323D8@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0571-1 Rating: moderate References: #747906 #754443 Cross-References: CVE-2012-1586 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The following issue has been fixed: * Don't allow unprivileged users to mount onto dirs to which they can't chdir (CVE-2012-1586). Security Issue reference: * CVE-2012-1586 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-cifs-utils-6196 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-cifs-utils-6196 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-cifs-utils-6196 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): cifs-utils-5.1-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): cifs-utils-5.1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): cifs-utils-5.1-0.7.1 References: http://support.novell.com/security/cve/CVE-2012-1586.html https://bugzilla.novell.com/747906 https://bugzilla.novell.com/754443 http://download.novell.com/patch/finder/?keywords=d1a2486c645bab97da85841e46e9a71e From sle-updates at lists.suse.com Mon Apr 30 14:08:12 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Apr 2012 22:08:12 +0200 (CEST) Subject: SUSE-RU-2012:0572-1: Recommended update for glibc Message-ID: <20120430200812.168C6323D7@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2012:0572-1 Rating: low References: #741345 #743689 #744996 #745658 #746824 #747768 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for glibc includes the following changes: * Fix sed not parsing correctly double-byte Japanese characters. * Avoid unsupported file modification in package glibc-locale. * Remove references to __memmove_chk_ssse3 in static libc. * Fix format string protection bypass via "nargs" integer overflow. * Fix a vi_VN.tcvn locale problem. * Fix segfault in libpthread on heavy thread usage. In addition, the following minor security fix is also included: * Fix an integer overflow flaw in the format string protection mechanism offered by FORTIFY_SOURCE. (CVE-2012-0864 ) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-glibc-6135 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-glibc-6135 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-glibc-6135 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-glibc-6135 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): glibc-html-2.11.3-17.35.4 glibc-info-2.11.3-17.35.4 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 i686 x86_64): glibc-2.11.3-17.35.4 glibc-devel-2.11.3-17.35.4 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): glibc-html-2.11.3-17.35.4 glibc-i18ndata-2.11.3-17.35.4 glibc-info-2.11.3-17.35.4 glibc-locale-2.11.3-17.35.4 glibc-profile-2.11.3-17.35.4 nscd-2.11.3-17.35.4 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): glibc-32bit-2.11.3-17.35.4 glibc-devel-32bit-2.11.3-17.35.4 glibc-locale-32bit-2.11.3-17.35.4 glibc-profile-32bit-2.11.3-17.35.4 - SUSE Linux Enterprise Server 11 SP2 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.35.4 glibc-devel-2.11.3-17.35.4 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.35.4 glibc-i18ndata-2.11.3-17.35.4 glibc-info-2.11.3-17.35.4 glibc-locale-2.11.3-17.35.4 glibc-profile-2.11.3-17.35.4 nscd-2.11.3-17.35.4 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.35.4 glibc-devel-32bit-2.11.3-17.35.4 glibc-locale-32bit-2.11.3-17.35.4 glibc-profile-32bit-2.11.3-17.35.4 - SUSE Linux Enterprise Server 11 SP2 (ia64): glibc-locale-x86-2.11.3-17.35.4 glibc-profile-x86-2.11.3-17.35.4 glibc-x86-2.11.3-17.35.4 - SUSE Linux Enterprise Desktop 11 SP2 (i586 i686 x86_64): glibc-2.11.3-17.35.4 glibc-devel-2.11.3-17.35.4 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): glibc-i18ndata-2.11.3-17.35.4 glibc-locale-2.11.3-17.35.4 nscd-2.11.3-17.35.4 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): glibc-32bit-2.11.3-17.35.4 glibc-devel-32bit-2.11.3-17.35.4 glibc-locale-32bit-2.11.3-17.35.4 References: http://support.novell.com/security/cve/CVE-2012-0864.html https://bugzilla.novell.com/741345 https://bugzilla.novell.com/743689 https://bugzilla.novell.com/744996 https://bugzilla.novell.com/745658 https://bugzilla.novell.com/746824 https://bugzilla.novell.com/747768 http://download.novell.com/patch/finder/?keywords=a417242ac1889d7c5b2cd943089c2e82 From sle-updates at lists.suse.com Mon Apr 30 16:08:24 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 May 2012 00:08:24 +0200 (CEST) Subject: SUSE-SU-2012:0573-1: important: Security update for Samba Message-ID: <20120430220824.D2B0C323C7@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0573-1 Rating: important References: #757576 Cross-References: CVE-2012-2111 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of Samba fixes one security issue and several bugs. The security fix is: * Ensure that users cannot hand out their own privileges to everyone, only administrators are allowed to do that. (CVE-2012-2111 ) The non-security bug fixes merged from upstream Samba are: * Fix default name resolve order. (docs-xml, bso#7564). * Fix a segfault in vfs_aio_fork. (s3-aio-fork, bso#8836). * Remove whitespace in example samba.ldif. (docs, bso#8789) * Move print_backend_init() behind init_system_info(). (s3-smbd, bso#8845) * Prepend '/' to filename argument. (s3-docs, bso#8826) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ldapsmb-6211 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ldapsmb-6211 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ldapsmb-6211 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ldapsmb-6211 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.24.4 libnetapi-devel-3.6.3-0.24.4 libnetapi0-3.6.3-0.24.4 libsmbclient-devel-3.6.3-0.24.4 libsmbsharemodes-devel-3.6.3-0.24.4 libsmbsharemodes0-3.6.3-0.24.4 libtalloc-devel-3.6.3-0.24.4 libtdb-devel-3.6.3-0.24.4 libtevent-devel-3.6.3-0.24.4 libwbclient-devel-3.6.3-0.24.4 samba-devel-3.6.3-0.24.4 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ldapsmb-1.34b-12.24.4 libldb1-3.6.3-0.24.4 libsmbclient0-3.6.3-0.24.4 libtalloc2-3.6.3-0.24.4 libtdb1-3.6.3-0.24.4 libtevent0-3.6.3-0.24.4 libwbclient0-3.6.3-0.24.4 samba-3.6.3-0.24.4 samba-client-3.6.3-0.24.4 samba-krb-printing-3.6.3-0.24.4 samba-winbind-3.6.3-0.24.4 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.24.4 libtalloc2-32bit-3.6.3-0.24.4 libtdb1-32bit-3.6.3-0.24.4 libwbclient0-32bit-3.6.3-0.24.4 samba-32bit-3.6.3-0.24.4 samba-client-32bit-3.6.3-0.24.4 samba-winbind-32bit-3.6.3-0.24.4 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): samba-doc-3.6.3-0.24.4 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.24.4 libldb1-3.6.3-0.24.4 libsmbclient0-3.6.3-0.24.4 libtalloc2-3.6.3-0.24.4 libtdb1-3.6.3-0.24.4 libtevent0-3.6.3-0.24.4 libwbclient0-3.6.3-0.24.4 samba-3.6.3-0.24.4 samba-client-3.6.3-0.24.4 samba-krb-printing-3.6.3-0.24.4 samba-winbind-3.6.3-0.24.4 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.24.4 libtalloc2-32bit-3.6.3-0.24.4 libtdb1-32bit-3.6.3-0.24.4 libwbclient0-32bit-3.6.3-0.24.4 samba-32bit-3.6.3-0.24.4 samba-client-32bit-3.6.3-0.24.4 samba-winbind-32bit-3.6.3-0.24.4 - SUSE Linux Enterprise Server 11 SP2 (noarch): samba-doc-3.6.3-0.24.4 - SUSE Linux Enterprise Server 11 SP2 (ia64): libsmbclient0-x86-3.6.3-0.24.4 libtalloc2-x86-3.6.3-0.24.4 libtdb1-x86-3.6.3-0.24.4 libwbclient0-x86-3.6.3-0.24.4 samba-client-x86-3.6.3-0.24.4 samba-winbind-x86-3.6.3-0.24.4 samba-x86-3.6.3-0.24.4 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libldb1-3.6.3-0.24.4 libsmbclient0-3.6.3-0.24.4 libtalloc2-3.6.3-0.24.4 libtdb1-3.6.3-0.24.4 libtevent0-3.6.3-0.24.4 libwbclient0-3.6.3-0.24.4 samba-3.6.3-0.24.4 samba-client-3.6.3-0.24.4 samba-krb-printing-3.6.3-0.24.4 samba-winbind-3.6.3-0.24.4 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libldb1-32bit-3.6.3-0.24.4 libsmbclient0-32bit-3.6.3-0.24.4 libtalloc2-32bit-3.6.3-0.24.4 libtdb1-32bit-3.6.3-0.24.4 libtevent0-32bit-3.6.3-0.24.4 libwbclient0-32bit-3.6.3-0.24.4 samba-32bit-3.6.3-0.24.4 samba-client-32bit-3.6.3-0.24.4 samba-winbind-32bit-3.6.3-0.24.4 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): samba-doc-3.6.3-0.24.4 References: http://support.novell.com/security/cve/CVE-2012-2111.html https://bugzilla.novell.com/757576 http://download.novell.com/patch/finder/?keywords=70ea32a45e227ff8d0c05a55f3cae4c9 From sle-updates at lists.suse.com Mon Apr 30 16:08:26 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 May 2012 00:08:26 +0200 (CEST) Subject: SUSE-SU-2012:0574-1: moderate: Security update for wireshark Message-ID: <20120430220827.00B71323D7@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0574-1 Rating: moderate References: #754474 #754475 #754476 #754477 Cross-References: CVE-2012-1593 CVE-2012-1594 CVE-2012-1595 CVE-2012-1596 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This version upgrade of wireshark fixes the following security vulnerabilities: * The ANSI A dissector could dereference a NULL pointer and crash. ( CVE-2012-1593 ) * The pcap and pcap-ng file parsers could crash trying to read ERF data. (CVE-2012-1595 ) * The MP2T dissector could try to allocate too much memory and crash. ( CVE-2012-1596 ) Additionally, various other non-security bugs have been fixed. Indications: Everyone using wireshark should update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): wireshark-1.4.12-0.5.6 wireshark-devel-1.4.12-0.5.6 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64): wireshark-1.4.12-0.5.6 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64): wireshark-devel-1.4.12-0.5.6 References: http://support.novell.com/security/cve/CVE-2012-1593.html http://support.novell.com/security/cve/CVE-2012-1594.html http://support.novell.com/security/cve/CVE-2012-1595.html http://support.novell.com/security/cve/CVE-2012-1596.html https://bugzilla.novell.com/754474 https://bugzilla.novell.com/754475 https://bugzilla.novell.com/754476 https://bugzilla.novell.com/754477 http://download.novell.com/patch/finder/?keywords=23c9fd0f27644efe93d209c35cd2f52b From sle-updates at lists.suse.com Mon Apr 30 17:08:20 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 May 2012 01:08:20 +0200 (CEST) Subject: SUSE-SU-2012:0575-1: important: Security update for Samba Message-ID: <20120430230820.4CE6E323C7@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0575-1 Rating: important References: #754443 #757080 #757576 Cross-References: CVE-2012-2111 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update of Samba includes the following fixes for two security issues: * Ensure that users cannot hand out their own privileges to everyone, only administrators are allowed to do that. (CVE-2012-2111 ) * mount.cifs no longer allows unprivileged users to mount onto dirs that are not accessible to them. (CVE-2012-1568 ) Indications: Everyone using Samba should update Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-cifs-mount-6210 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-cifs-mount-6210 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-cifs-mount-6210 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-cifs-mount-6210 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-cifs-mount-6210 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-cifs-mount-6210 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64): libnetapi-devel-3.4.3-1.40.3 libnetapi0-3.4.3-1.40.3 libsmbclient-devel-3.4.3-1.40.3 libsmbsharemodes-devel-3.4.3-1.40.3 libsmbsharemodes0-3.4.3-1.40.3 libtalloc-devel-3.4.3-1.40.3 libtdb-devel-3.4.3-1.40.3 libwbclient-devel-3.4.3-1.40.3 samba-devel-3.4.3-1.40.3 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): cifs-mount-3.4.3-1.40.3 libtalloc1-3.4.3-1.40.3 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libtalloc1-32bit-3.4.3-1.40.3 - SUSE Linux Enterprise Server 11 SP2 (ia64): libtalloc1-x86-3.4.3-1.40.3 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64): cifs-mount-3.4.3-1.40.3 ldapsmb-1.34b-11.28.40.3 libsmbclient0-3.4.3-1.40.3 libtalloc1-3.4.3-1.40.3 libtdb1-3.4.3-1.40.3 libwbclient0-3.4.3-1.40.3 samba-3.4.3-1.40.3 samba-client-3.4.3-1.40.3 samba-krb-printing-3.4.3-1.40.3 samba-winbind-3.4.3-1.40.3 - SUSE Linux Enterprise Server 11 SP1 for VMware (x86_64): libsmbclient0-32bit-3.4.3-1.40.3 libtalloc1-32bit-3.4.3-1.40.3 libtdb1-32bit-3.4.3-1.40.3 libwbclient0-32bit-3.4.3-1.40.3 samba-32bit-3.4.3-1.40.3 samba-client-32bit-3.4.3-1.40.3 samba-winbind-32bit-3.4.3-1.40.3 - SUSE Linux Enterprise Server 11 SP1 for VMware (noarch): samba-doc-3.4.3-1.40.3 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64): cifs-mount-3.4.3-1.40.3 ldapsmb-1.34b-11.28.40.3 libsmbclient0-3.4.3-1.40.3 libtalloc1-3.4.3-1.40.3 libtdb1-3.4.3-1.40.3 libwbclient0-3.4.3-1.40.3 samba-3.4.3-1.40.3 samba-client-3.4.3-1.40.3 samba-krb-printing-3.4.3-1.40.3 samba-winbind-3.4.3-1.40.3 - SUSE Linux Enterprise Server 11 SP1 (ppc64 s390x x86_64): libsmbclient0-32bit-3.4.3-1.40.3 libtalloc1-32bit-3.4.3-1.40.3 libtdb1-32bit-3.4.3-1.40.3 libwbclient0-32bit-3.4.3-1.40.3 samba-32bit-3.4.3-1.40.3 samba-client-32bit-3.4.3-1.40.3 samba-winbind-32bit-3.4.3-1.40.3 - SUSE Linux Enterprise Server 11 SP1 (noarch): samba-doc-3.4.3-1.40.3 - SUSE Linux Enterprise Server 11 SP1 (ia64): libsmbclient0-x86-3.4.3-1.40.3 libtalloc1-x86-3.4.3-1.40.3 libtdb1-x86-3.4.3-1.40.3 libwbclient0-x86-3.4.3-1.40.3 samba-client-x86-3.4.3-1.40.3 samba-winbind-x86-3.4.3-1.40.3 samba-x86-3.4.3-1.40.3 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): cifs-mount-3.4.3-1.40.3 libtalloc1-3.4.3-1.40.3 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libtalloc1-32bit-3.4.3-1.40.3 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64): cifs-mount-3.4.3-1.40.3 libsmbclient0-3.4.3-1.40.3 libtalloc1-3.4.3-1.40.3 libtdb1-3.4.3-1.40.3 libwbclient0-3.4.3-1.40.3 samba-3.4.3-1.40.3 samba-client-3.4.3-1.40.3 samba-krb-printing-3.4.3-1.40.3 samba-winbind-3.4.3-1.40.3 - SUSE Linux Enterprise Desktop 11 SP1 (x86_64): libsmbclient0-32bit-3.4.3-1.40.3 libtalloc1-32bit-3.4.3-1.40.3 libtdb1-32bit-3.4.3-1.40.3 libwbclient0-32bit-3.4.3-1.40.3 samba-32bit-3.4.3-1.40.3 samba-client-32bit-3.4.3-1.40.3 samba-winbind-32bit-3.4.3-1.40.3 - SUSE Linux Enterprise Desktop 11 SP1 (noarch): samba-doc-3.4.3-1.40.3 References: http://support.novell.com/security/cve/CVE-2012-2111.html https://bugzilla.novell.com/754443 https://bugzilla.novell.com/757080 https://bugzilla.novell.com/757576 http://download.novell.com/patch/finder/?keywords=e9626ba4d78a73822dfbd0443d19bda0 From sle-updates at lists.suse.com Mon Apr 30 19:08:14 2012 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 May 2012 03:08:14 +0200 (CEST) Subject: SUSE-SU-2012:0576-1: moderate: Security update for wireshark Message-ID: <20120501010815.0C56A320DB@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0576-1 Rating: moderate References: #754474 #754476 #754477 Cross-References: CVE-2012-1593 CVE-2012-1595 CVE-2012-1596 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: This version upgrade of wireshark fixes the following security vulnerabilities: * The ANSI A dissector could dereference a NULL pointer and crash. ( CVE-2012-1593 ) * The pcap and pcap-ng file parsers could crash trying to read ERF data. (CVE-2012-1595 ) * The MP2T dissector could try to allocate too much memory and crash. ( CVE-2012-1596 ) Additionally, various other non-security bugs have been fixed. Indications: Everyone using wireshark should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp1-wireshark-6170 - SUSE Linux Enterprise Software Development Kit 11 SP1: zypper in -t patch sdksp1-wireshark-6170 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp1-wireshark-6170 - SUSE Linux Enterprise Server 11 SP1 for VMware: zypper in -t patch slessp1-wireshark-6170 - SUSE Linux Enterprise Server 11 SP1: zypper in -t patch slessp1-wireshark-6170 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-wireshark-6170 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-wireshark-6170 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]: wireshark-devel-1.4.12-0.3.2 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.4.12]: wireshark-1.4.12-0.3.2 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]: wireshark-devel-1.4.12-0.3.2 - SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 x86_64) [New Version: 1.4.12]: wireshark-1.4.12-0.3.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]: wireshark-1.4.12-0.3.2 - SUSE Linux Enterprise Server 11 SP1 for VMware (i586 x86_64) [New Version: 1.4.12]: wireshark-1.4.12-0.3.2 - SUSE Linux Enterprise Server 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.4.12]: wireshark-1.4.12-0.3.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.4.12]: wireshark-1.4.12-0.3.2 - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64) [New Version: 1.4.12]: wireshark-1.4.12-0.3.2 References: http://support.novell.com/security/cve/CVE-2012-1593.html http://support.novell.com/security/cve/CVE-2012-1595.html http://support.novell.com/security/cve/CVE-2012-1596.html https://bugzilla.novell.com/754474 https://bugzilla.novell.com/754476 https://bugzilla.novell.com/754477 http://download.novell.com/patch/finder/?keywords=ed4618865c926eab6615eb507ae1ca53