From sle-updates at lists.suse.com Mon Dec 2 09:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Dec 2013 17:04:10 +0100 (CET) Subject: SUSE-RU-2013:1789-2: important: Recommended update for timezone Message-ID: <20131202160410.6F48A32178@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1789-2 Rating: important References: #807624 #845530 #850462 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update provides the latest timezone information for your system. The changes in detail are: * Update to version 2013h (bnc#850462): o Lybia has switched back to UTC+2 o Western Sahara uses Morocco's DST rules o Acre switches from UTC-4 to UTC-5 on Nov. 10th * Define TM_GMTOFF and TM_ZONE like glibc did (bnc#807624) * Correct path expansion for local time link (bnc#845530). Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 2013h]: timezone-2013h-0.5.1 References: https://bugzilla.novell.com/807624 https://bugzilla.novell.com/845530 https://bugzilla.novell.com/850462 http://download.novell.com/patch/finder/?keywords=00ff808efb40fcf681625ebec9d8eb34 From sle-updates at lists.suse.com Mon Dec 2 12:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Dec 2013 20:04:10 +0100 (CET) Subject: SUSE-SU-2013:1807-1: important: Security update for mozilla-nspr, mozilla-nss Message-ID: <20131202190410.D7EF232178@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1807-1 Rating: important References: #850148 Cross-References: CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes two new package versions. Description: Mozilla NSPR and NSS were updated to fix various security bugs that could be used to crash the browser or potentially execute code. Mozilla NSPR 4.10.2 has the following bug fixes: * Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by Pascal Cuoq and Kamil Dudka. * Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav Trmac. * Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato. * Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate. (CVE-2013-5607) Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the following bug fixes: * Bug 925100: Ensure a size is <= half of the maximum PRUint32 value. (CVE-2013-1741) * Bug 934016: Handle invalid handshake packets. (CVE-2013-5605) * Bug 910438: Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used. (CVE-2013-5606) Security Issue references: * CVE-2013-1741 * CVE-2013-5605 * CVE-2013-5606 * CVE-2013-5607 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-nss-201311-8573 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-nss-201311-8572 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-nss-201311-8573 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-nss-201311-8573 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nss-201311-8572 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nss-201311-8572 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-nss-201311-8574 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-nss-201311-8573 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-nss-201311-8572 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-devel-4.10.2-0.3.1 mozilla-nss-devel-3.15.3-0.8.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-devel-4.10.2-0.3.1 mozilla-nss-devel-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.8.1 libsoftokn3-3.15.3-0.8.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.8.1 mozilla-nss-tools-3.15.3-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.8.1 libsoftokn3-32bit-3.15.3-0.8.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.8.1 libsoftokn3-3.15.3-0.8.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.8.1 mozilla-nss-tools-3.15.3-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.8.1 libsoftokn3-32bit-3.15.3-0.8.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-x86-3.15.3-0.8.1 libsoftokn3-x86-3.15.3-0.8.1 mozilla-nspr-x86-4.10.2-0.3.1 mozilla-nss-x86-3.15.3-0.8.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.3.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.3.1 mozilla-nss-tools-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.3.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.3.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.3.1 mozilla-nss-tools-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.3.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-x86-3.15.3-0.3.1 mozilla-nspr-x86-4.10.2-0.3.1 mozilla-nss-x86-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.3.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.3.1 mozilla-nss-tools-3.15.3-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.3.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.3.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-4.10.2-0.5.1 mozilla-nspr-devel-4.10.2-0.5.1 mozilla-nss-3.15.3-0.5.1 mozilla-nss-devel-3.15.3-0.5.1 mozilla-nss-tools-3.15.3-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-32bit-4.10.2-0.5.1 mozilla-nss-32bit-3.15.3-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-4.10.2-0.5.1 mozilla-nspr-devel-4.10.2-0.5.1 mozilla-nss-3.15.3-0.5.1 mozilla-nss-devel-3.15.3-0.5.1 mozilla-nss-tools-3.15.3-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 3.15.3 and 4.10.2]: mozilla-nspr-32bit-4.10.2-0.5.1 mozilla-nss-32bit-3.15.3-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.8.1 libsoftokn3-3.15.3-0.8.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.8.1 mozilla-nss-tools-3.15.3-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.8.1 libsoftokn3-32bit-3.15.3-0.8.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.8.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-3.15.3-0.3.1 mozilla-nspr-4.10.2-0.3.1 mozilla-nss-3.15.3-0.3.1 mozilla-nss-tools-3.15.3-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.15.3 and 4.10.2]: libfreebl3-32bit-3.15.3-0.3.1 mozilla-nspr-32bit-4.10.2-0.3.1 mozilla-nss-32bit-3.15.3-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-1741.html http://support.novell.com/security/cve/CVE-2013-5605.html http://support.novell.com/security/cve/CVE-2013-5606.html http://support.novell.com/security/cve/CVE-2013-5607.html https://bugzilla.novell.com/850148 http://download.novell.com/patch/finder/?keywords=06e5fb9c1bb44bc958d26f52b71b7269 http://download.novell.com/patch/finder/?keywords=3847822af2a8723bbe4fbc4f642205f8 http://download.novell.com/patch/finder/?keywords=50ea7d515940ba15ce107c64c80c22dd http://download.novell.com/patch/finder/?keywords=758c70c36ded607941fc576dea5ff0ea http://download.novell.com/patch/finder/?keywords=be957c00b1a9648f69c250c606572601 From sle-updates at lists.suse.com Mon Dec 2 13:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Dec 2013 21:04:11 +0100 (CET) Subject: SUSE-SU-2013:1808-1: moderate: Security update for OpenJDK 1.6 Message-ID: <20131202200411.6AC6C32178@maintenance.suse.de> SUSE Security Update: Security update for OpenJDK 1.6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1808-1 Rating: moderate References: #852367 Cross-References: CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: OpenJDK 1.6 was updated to the new Icedtea release 1.12.7, which includes many fixes for bugs and security issues: * S8006900, CVE-2013-3829: Add new date/time capability * S8008589: Better MBean permission validation * S8011071, CVE-2013-5780: Better crypto provider handling * S8011081, CVE-2013-5772: Improve jhat * S8011157, CVE-2013-5814: Improve CORBA portablility * S8012071, CVE-2013-5790: Better Building of Beans * S8012147: Improve tool support * S8012277: CVE-2013-5849: Improve AWT DataFlavor * S8012425, CVE-2013-5802: Transform TransformerFactory * S8013503, CVE-2013-5851: Improve stream factories * S8013506: Better Pack200 data handling * S8013510, CVE-2013-5809: Augment image writing code * S8013514: Improve stability of cmap class * S8013739, CVE-2013-5817: Better LDAP resource management * S8013744, CVE-2013-5783: Better tabling for AWT * S8014085: Better serialization support in JMX classes * S8014093, CVE-2013-5782: Improve parsing of images * S8014102, CVE-2013-5778: Improve image conversion * S8014341, CVE-2013-5803: Better service from Kerberos servers * S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations * S8014530, CVE-2013-5825: Better digital signature processing * S8014534: Better profiling support * S8014987, CVE-2013-5842: Augment serialization handling * S8015614: Update build settings * S8015731: Subject java.security.auth.subject to improvements * S8015743, CVE-2013-5774: Address internet addresses * S8016256: Make finalization final * S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names * S8016675, CVE-2013-5797: Make Javadoc pages more robust * S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately * S8017287, CVE-2013-5829: Better resource disposal * S8017291, CVE-2013-5830: Cast Proxies Aside * S8017298, CVE-2013-4002: Better XML support * S8017300, CVE-2013-5784: Improve Interface Implementation * S8017505, CVE-2013-5820: Better Client Service * S8019292: Better Attribute Value Exceptions * S8019617: Better view of objects * S8020293: JVM crash * S8021290, CVE-2013-5823: Better signature validation * S8022940: Enhance CORBA translations * S8023683: Enhance class file parsing Security issue references: * CVE-2013-3829 * CVE-2013-5780 * CVE-2013-5772 * CVE-2013-5814 * CVE-2013-5790 * CVE-2013-5849 * CVE-2013-5802 * CVE-2013-5851 * CVE-2013-5809 * CVE-2013-5817 * CVE-2013-5783 * CVE-2013-5782 * CVE-2013-5778 * CVE-2013-5803 * CVE-2013-5840 * CVE-2013-5825 * CVE-2013-5842 * CVE-2013-5774 * CVE-2013-5804 * CVE-2013-5797 * CVE-2013-5850 * CVE-2013-5829 * CVE-2013-5830 * CVE-2013-4002 * CVE-2013-5784 * CVE-2013-5820 * CVE-2013-5823 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-java-1_6_0-openjdk-8598 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b27.1.12.7-0.2.1 java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.7-0.2.1 java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.7-0.2.1 References: http://support.novell.com/security/cve/CVE-2013-3829.html http://support.novell.com/security/cve/CVE-2013-4002.html http://support.novell.com/security/cve/CVE-2013-5772.html http://support.novell.com/security/cve/CVE-2013-5774.html http://support.novell.com/security/cve/CVE-2013-5778.html http://support.novell.com/security/cve/CVE-2013-5780.html http://support.novell.com/security/cve/CVE-2013-5782.html http://support.novell.com/security/cve/CVE-2013-5783.html http://support.novell.com/security/cve/CVE-2013-5784.html http://support.novell.com/security/cve/CVE-2013-5790.html http://support.novell.com/security/cve/CVE-2013-5797.html http://support.novell.com/security/cve/CVE-2013-5802.html http://support.novell.com/security/cve/CVE-2013-5803.html http://support.novell.com/security/cve/CVE-2013-5804.html http://support.novell.com/security/cve/CVE-2013-5809.html http://support.novell.com/security/cve/CVE-2013-5814.html http://support.novell.com/security/cve/CVE-2013-5817.html http://support.novell.com/security/cve/CVE-2013-5820.html http://support.novell.com/security/cve/CVE-2013-5823.html http://support.novell.com/security/cve/CVE-2013-5825.html http://support.novell.com/security/cve/CVE-2013-5829.html http://support.novell.com/security/cve/CVE-2013-5830.html http://support.novell.com/security/cve/CVE-2013-5840.html http://support.novell.com/security/cve/CVE-2013-5842.html http://support.novell.com/security/cve/CVE-2013-5849.html http://support.novell.com/security/cve/CVE-2013-5850.html http://support.novell.com/security/cve/CVE-2013-5851.html https://bugzilla.novell.com/852367 http://download.novell.com/patch/finder/?keywords=f9bc9e92927bdfde8cd5a58a25ff1f63 From sle-updates at lists.suse.com Mon Dec 2 20:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Dec 2013 04:04:11 +0100 (CET) Subject: SUSE-RU-2013:1809-1: Recommended update for bash Message-ID: <20131203030411.0175532170@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1809-1 Rating: low References: #819783 #820149 #844550 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for bash provides fixes for the following issues: * Fix crash when expanding '$[' without matching ']'. (bnc#844550) * Do not restart the sighandler after a trap is reset. (bnc#820149) * Workaround crash in libreadline. (bnc#819783) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-bash-8430 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-bash-8430 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-bash-8430 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-bash-8430 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): readline-devel-5.2-147.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): readline-devel-32bit-5.2-147.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): libreadline5-5.2-147.18.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): bash-3.2-147.18.1 bash-doc-3.2-147.18.1 libreadline5-5.2-147.18.1 readline-doc-5.2-147.18.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libreadline5-32bit-5.2-147.18.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): bash-3.2-147.18.1 bash-doc-3.2-147.18.1 libreadline5-5.2-147.18.1 readline-doc-5.2-147.18.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libreadline5-32bit-5.2-147.18.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): bash-x86-3.2-147.18.1 libreadline5-x86-5.2-147.18.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): bash-3.2-147.18.1 bash-doc-3.2-147.18.1 libreadline5-5.2-147.18.1 readline-doc-5.2-147.18.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libreadline5-32bit-5.2-147.18.1 References: https://bugzilla.novell.com/819783 https://bugzilla.novell.com/820149 https://bugzilla.novell.com/844550 http://download.novell.com/patch/finder/?keywords=e6f0981a0330b2437ab4680d0805dda1 From sle-updates at lists.suse.com Mon Dec 2 20:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Dec 2013 04:04:13 +0100 (CET) Subject: SUSE-RU-2013:1810-1: Recommended update for bash Message-ID: <20131203030413.F062C32178@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1810-1 Rating: low References: #776694 #819783 #820149 #844550 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for bash provides fixes for the following issues: * Fix crash when expanding '$[' without matching ']'. (bnc#844550) * Do not restart the sighandler after a trap is reset. (bnc#820149) * Workaround crash in libreadline. (bnc#819783) * Mark skeleton files as configurations files. (bnc#776694) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-bash-8431 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-bash-8431 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-bash-8431 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bash-8431 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): readline-devel-5.2-147.14.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): readline-devel-32bit-5.2-147.14.18.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): libreadline5-5.2-147.14.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): bash-3.2-147.14.18.1 bash-doc-3.2-147.14.18.1 libreadline5-5.2-147.14.18.1 readline-doc-5.2-147.14.18.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libreadline5-32bit-5.2-147.14.18.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): bash-3.2-147.14.18.1 bash-doc-3.2-147.14.18.1 libreadline5-5.2-147.14.18.1 readline-doc-5.2-147.14.18.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libreadline5-32bit-5.2-147.14.18.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): bash-x86-3.2-147.14.18.1 libreadline5-x86-5.2-147.14.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): bash-3.2-147.14.18.1 bash-doc-3.2-147.14.18.1 libreadline5-5.2-147.14.18.1 readline-doc-5.2-147.14.18.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libreadline5-32bit-5.2-147.14.18.1 References: https://bugzilla.novell.com/776694 https://bugzilla.novell.com/819783 https://bugzilla.novell.com/820149 https://bugzilla.novell.com/844550 http://download.novell.com/patch/finder/?keywords=4bf20986a838e7377de90a4c80caff70 From sle-updates at lists.suse.com Tue Dec 3 08:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Dec 2013 16:04:12 +0100 (CET) Subject: SUSE-RU-2013:1811-1: Recommended update for hawk Message-ID: <20131203150412.62BAA32188@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1811-1 Rating: low References: #825949 #826530 #827940 #834198 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for hawk fixes the following issues: * Rails3: Set random secret_token instead of deprecated cookie_secret (bnc#827940) * GUI: Primitive editor: Fix default list of resource types (bnc#826530) * GUI: Fix French translation of node status (bnc#825949) * Misc: Primitive model: Use PerRequestCache for classes and providers * Misc: Cib model: Ensure orphaned resources with same ID as clone parent are ignored (bnc#834198) * Misc: Primitive model: Use crm_resource --show-metadata. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-hawk-8307 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): hawk-0.6.1-0.11.1 hawk-templates-0.6.1-0.11.1 References: https://bugzilla.novell.com/825949 https://bugzilla.novell.com/826530 https://bugzilla.novell.com/827940 https://bugzilla.novell.com/834198 http://download.novell.com/patch/finder/?keywords=c794f7e698f5976fd5d5fe411824935e From sle-updates at lists.suse.com Tue Dec 3 11:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Dec 2013 19:04:11 +0100 (CET) Subject: SUSE-RU-2013:1812-1: moderate: Recommended update for yast2-ldap-client Message-ID: <20131203180411.956C832188@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ldap-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1812-1 Rating: moderate References: #848051 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update fixes yast2-ldap-client do no longer modify the nscd cache value when running on Open Enterprise Server. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-yast2-ldap-client-8594 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-yast2-ldap-client-8594 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-yast2-ldap-client-8594 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2.17.38]: yast2-ldap-client-2.17.38-0.7.2 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2.17.38]: yast2-ldap-client-2.17.38-0.7.2 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2.17.38]: yast2-ldap-client-2.17.38-0.7.2 References: https://bugzilla.novell.com/848051 http://download.novell.com/patch/finder/?keywords=e71a0ce877d38b8a6ee8fd24d6bdbe18 From sle-updates at lists.suse.com Tue Dec 3 17:04:27 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Dec 2013 01:04:27 +0100 (CET) Subject: SUSE-SU-2013:1813-1: Security update for SLMS Message-ID: <20131204000427.989FF32172@maintenance.suse.de> SUSE Security Update: Security update for SLMS ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1813-1 Rating: low References: #799218 #839419 #852101 Cross-References: CVE-2013-3710 Affected Products: SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. It includes one version update. Description: This update for SLMS provides the following fixes: * Always generate secret key if default one from git is used and ensure files containing keys are readable only by SLMS. (CVE-2013-3710) * Fix valid appliance handling in studio APIv2 which return 404 instead of 400. * Fix grammar in error message. * NetIQ migration L3 fixes: o Fix injecting metadata into repodata o Fixed wrong namespace in injecting metadata o Prevent oversized logs when log xmlling output o Fix crash for download in chunk as it's object doesn't have even empty method o Fix crash if additional package is inconsistently added and not included in appliance anymore. Security Issues: * CVE-2013-3710 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-slms-8586 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 1.3.7]: slms-1.3.7-0.5.1 slms-core-1.3.7-0.5.1 slms-customer-center-1.3.7-0.5.1 slms-devel-doc-1.3.7-0.5.1 slms-external-1.3.7-0.5.1 slms-registration-1.3.7-0.5.1 slms-testsuite-1.3.7-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3710.html https://bugzilla.novell.com/799218 https://bugzilla.novell.com/839419 https://bugzilla.novell.com/852101 http://download.novell.com/patch/finder/?keywords=737458eaeb41721b046145a5f89dac3e From sle-updates at lists.suse.com Wed Dec 4 13:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Dec 2013 21:04:12 +0100 (CET) Subject: SUSE-SU-2013:1824-1: moderate: Security update for Apache2 Message-ID: <20131204200412.1630832175@maintenance.suse.de> SUSE Security Update: Security update for Apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1824-1 Rating: moderate References: #791794 #815621 #829056 #829057 Cross-References: CVE-2013-1862 CVE-2013-1896 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. It includes one version update. Description: Apache2 received an LTSS rollup update which fixes various security issues and bugs. Security issues fixed: * CVE-2013-1896: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. [bnc#829056] * CVE-2013-1862: client data written to the RewriteLog must have terminal escape sequences escaped. [bnc#829057] Bugs fixed: * make sure that input that has already arrived on the socket is not discarded during a non-blocking read (read(2) returns 0 and errno is set to -EAGAIN). [bnc#815621] * make ssl connection not behave as above (this is openssl BIO stuff). [bnc#815621] * close the connection just before an attempted re-negotiation if data has been read with pipelining. This is done by resetting the keepalive status. [bnc#815621] [L3:38943] * reset the renegotiation status of a client<->server connection to RENEG_INIT to prevent falsely assumed status. [bnc#791794] * "OPTIONS *" internal requests are intercepted by a dummy filter that kicks in for the OPTIONS method. Apple iPrint uses "OPTIONS *" to upgrade the connection to TLS/1.0 following rfc2817. For compatibility, check if an Upgrade request header is present and skip the filter if yes. [bnc#791794] Security Issue references: * CVE-2013-1896 * CVE-2013-1862 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-apache2-8429 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-apache2-8429 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 2.2.12]: apache2-2.2.12-1.40.7 apache2-doc-2.2.12-1.40.7 apache2-example-pages-2.2.12-1.40.7 apache2-prefork-2.2.12-1.40.7 apache2-utils-2.2.12-1.40.7 apache2-worker-2.2.12-1.40.7 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2.2.12]: apache2-2.2.12-1.40.7 apache2-doc-2.2.12-1.40.7 apache2-example-pages-2.2.12-1.40.7 apache2-prefork-2.2.12-1.40.7 apache2-utils-2.2.12-1.40.7 apache2-worker-2.2.12-1.40.7 References: http://support.novell.com/security/cve/CVE-2013-1862.html http://support.novell.com/security/cve/CVE-2013-1896.html https://bugzilla.novell.com/791794 https://bugzilla.novell.com/815621 https://bugzilla.novell.com/829056 https://bugzilla.novell.com/829057 http://download.novell.com/patch/finder/?keywords=1788cfd4ee089aa3e421b7f8f02766fc From sle-updates at lists.suse.com Thu Dec 5 08:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Dec 2013 16:04:12 +0100 (CET) Subject: SUSE-RU-2013:1827-1: Recommended update for gtk-vnc Message-ID: <20131205150412.5481632188@maintenance.suse.de> SUSE Recommended Update: Recommended update for gtk-vnc ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1827-1 Rating: low References: #830556 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gtk-vnc allows applications to configure the key sequence to grab and release the console. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-gtk-vnc-8584 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-gtk-vnc-8584 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-gtk-vnc-8584 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-gtk-vnc-8584 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): gtk-vnc-devel-0.3.9-1.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libgtk-vnc-1_0-0-0.3.9-1.3.1 python-gtk-vnc-0.3.9-1.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgtk-vnc-1_0-0-0.3.9-1.3.1 python-gtk-vnc-0.3.9-1.3.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libgtk-vnc-1_0-0-0.3.9-1.3.1 python-gtk-vnc-0.3.9-1.3.1 References: https://bugzilla.novell.com/830556 http://download.novell.com/patch/finder/?keywords=fd805a5260b8162c874f74240e1a3d80 From sle-updates at lists.suse.com Thu Dec 5 10:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Dec 2013 18:04:12 +0100 (CET) Subject: SUSE-SU-2013:1828-1: critical: Security update for ruby Message-ID: <20131205170412.311AA3218D@maintenance.suse.de> SUSE Security Update: Security update for ruby ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1828-1 Rating: critical References: #851803 Cross-References: CVE-2009-0689 CVE-2013-4164 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The following security issue has been fixed: * CVE-2013-4164: heap overflow in float point parsing Security Issue references: * CVE-2013-4164 * CVE-2009-0689 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-ruby-8578 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby-8578 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-ruby-8579 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ruby-8578 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ruby-8579 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ruby-8579 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ruby-8578 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ruby-8578 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ruby-8579 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ruby-8578 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-ruby-8578 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.13.1 - SUSE Studio Onsite 1.3 (x86_64): ruby-devel-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-doc-ri-1.8.7.p357-0.9.13.1 ruby-examples-1.8.7.p357-0.9.13.1 ruby-test-suite-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-doc-ri-1.8.7.p357-0.9.13.1 ruby-examples-1.8.7.p357-0.9.13.1 ruby-test-suite-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ruby-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ruby-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ruby-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ruby-1.8.7.p357-0.9.13.1 ruby-doc-html-1.8.7.p357-0.9.13.1 ruby-tk-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ruby-1.8.7.p357-0.9.13.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ruby-1.8.7.p357-0.9.13.1 - SUSE Lifecycle Management Server 1.3 (x86_64): ruby-devel-1.8.7.p357-0.9.13.1 References: http://support.novell.com/security/cve/CVE-2009-0689.html http://support.novell.com/security/cve/CVE-2013-4164.html https://bugzilla.novell.com/851803 http://download.novell.com/patch/finder/?keywords=55e519fd3f439fd9aafa49788216f9f7 http://download.novell.com/patch/finder/?keywords=7cc8b87908b21ff43fefbb8322d8f53d From sle-updates at lists.suse.com Thu Dec 5 15:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Dec 2013 23:04:13 +0100 (CET) Subject: SUSE-RU-2013:1829-1: Recommended update for nfs-client Message-ID: <20131205220413.069693218E@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1829-1 Rating: low References: #802823 #832264 #834164 #841971 #844015 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for nfs-utils provides the following fixes: * Fix decoding of octal encoded fields in idmapd. (bnc#802823) * Improve support for GSS security negotiation with old servers. (bnc#844015) * Correctly handle sub-directory exports from file systems with 64-bit inode numbers. (bnc#841971) * Ensure ldconfig cache is updated when libraries exist on NFS mounted file system. (bnc#834164) * Make it easy to enable NFSv4.1 support on server. (bnc#832264) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-nfs-client-8476 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-nfs-client-8476 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nfs-client-8475 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nfs-client-8475 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-nfs-client-8476 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-nfs-client-8475 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): nfs-client-1.2.3-18.33.1 nfs-doc-1.2.3-18.33.1 nfs-kernel-server-1.2.3-18.33.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): nfs-client-1.2.3-18.33.1 nfs-doc-1.2.3-18.33.1 nfs-kernel-server-1.2.3-18.33.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): nfs-client-1.2.3-18.33.1 nfs-doc-1.2.3-18.33.1 nfs-kernel-server-1.2.3-18.33.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): nfs-client-1.2.3-18.33.1 nfs-doc-1.2.3-18.33.1 nfs-kernel-server-1.2.3-18.33.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): nfs-client-1.2.3-18.33.1 nfs-kernel-server-1.2.3-18.33.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): nfs-client-1.2.3-18.33.1 nfs-kernel-server-1.2.3-18.33.1 References: https://bugzilla.novell.com/802823 https://bugzilla.novell.com/832264 https://bugzilla.novell.com/834164 https://bugzilla.novell.com/841971 https://bugzilla.novell.com/844015 http://download.novell.com/patch/finder/?keywords=a456bddeed977750616671ad1fb4654d http://download.novell.com/patch/finder/?keywords=e5f287383ebe9bc85b9a92a1b5b7ebac From sle-updates at lists.suse.com Fri Dec 6 11:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Dec 2013 19:04:12 +0100 (CET) Subject: SUSE-RU-2013:1830-1: Recommended update for hal Message-ID: <20131206180412.D4E923218E@maintenance.suse.de> SUSE Recommended Update: Recommended update for hal ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1830-1 Rating: low References: #808143 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hal includes the following fix: * Removable media sporadically not automatically mounted (bnc#808143) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-hal-201310-8456 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-hal-201310-8457 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-hal-201310-8456 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-hal-201310-8457 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-hal-201310-8457 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-hal-201310-8456 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-hal-201310-8456 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-hal-201310-8457 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-hal-201310-8456 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): hal-devel-0.5.12-23.72.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): hal-devel-0.5.12-23.72.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): hal-devel-0.5.12-23.72.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): hal-0.5.12-23.72.1 hal-doc-0.5.12-23.72.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): hal-32bit-0.5.12-23.72.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): hal-0.5.12-23.72.1 hal-doc-0.5.12-23.72.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): hal-32bit-0.5.12-23.72.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): hal-x86-0.5.12-23.72.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): hal-0.5.12-23.72.1 hal-doc-0.5.12-23.72.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): hal-32bit-0.5.12-23.72.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): hal-0.5.12-23.72.1 hal-doc-0.5.12-23.72.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): hal-32bit-0.5.12-23.72.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): hal-x86-0.5.12-23.72.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): hal-0.5.12-23.72.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): hal-32bit-0.5.12-23.72.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): hal-0.5.12-23.72.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): hal-32bit-0.5.12-23.72.1 References: https://bugzilla.novell.com/808143 http://download.novell.com/patch/finder/?keywords=439071c6cd1e0a5c80f35a65fdf8b2d2 http://download.novell.com/patch/finder/?keywords=60f2f0ec24098ddd4bb9b4a9345327a3 From sle-updates at lists.suse.com Fri Dec 6 11:04:17 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Dec 2013 19:04:17 +0100 (CET) Subject: SUSE-RU-2013:1831-1: moderate: Recommended update for blktrace Message-ID: <20131206180417.14E663218E@maintenance.suse.de> SUSE Recommended Update: Recommended update for blktrace ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1831-1 Rating: moderate References: #832292 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for blktrace provides a fix for the following issue: If two instances of blktrace are executed on the same device, one would fail to initialize and then tear down the devices it was configured to use, even when they weren't set up by that instance. This could result in tearing down running traces, which would end up leaving the debugfs files around without a way to clean them up. Further instances of blktrace on that device would fail. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-blktrace-8530 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-blktrace-8530 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-blktrace-8529 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-blktrace-8529 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-blktrace-8530 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-blktrace-8529 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): blktrace-1.0.3-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): blktrace-1.0.3-0.7.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): blktrace-1.0.3-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): blktrace-1.0.3-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): blktrace-1.0.3-0.7.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): blktrace-1.0.3-0.7.1 References: https://bugzilla.novell.com/832292 http://download.novell.com/patch/finder/?keywords=a9ae7545414326045c87c04afb45c01e http://download.novell.com/patch/finder/?keywords=d2d9d9d453bd6bf614405dda99e73a68 From sle-updates at lists.suse.com Fri Dec 6 23:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Dec 2013 07:04:14 +0100 (CET) Subject: SUSE-SU-2013:1832-1: moderate: Security update for Linux kernel Message-ID: <20131207060415.0542B32192@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1832-1 Rating: moderate References: #537165 #609220 #615418 #649868 #656153 #681180 #681181 #681185 #683101 #693513 #699354 #699355 #699709 #700879 #701550 #702014 #702037 #703153 #703156 #706375 #707288 #709213 #709369 #713430 #717421 #718028 #721267 #721351 #721830 #722400 #724692 #725878 #726064 #726600 #727597 #730118 #730749 #731673 #731770 #732613 #733407 #734056 #735612 #740131 #742881 #745760 #747576 #749168 #752556 #760902 #762825 #765102 #765320 #770980 #773831 #776888 #786013 #789831 #795075 #797175 #802642 #804154 #808827 #809889 #809891 #809892 #809893 #809894 #809898 #809899 #809900 #809901 #809903 #811354 #811752 #813735 #815745 #816668 #823260 #823267 #824295 #826102 #826551 #827749 #827750 #828119 #836856 #850241 Cross-References: CVE-2009-4020 CVE-2009-4067 CVE-2010-4249 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-2203 CVE-2011-2213 CVE-2011-2484 CVE-2011-2492 CVE-2011-2494 CVE-2011-2525 CVE-2011-2534 CVE-2011-2699 CVE-2011-2928 CVE-2011-3209 CVE-2011-3363 CVE-2011-4077 CVE-2011-4110 CVE-2011-4132 CVE-2011-4324 CVE-2011-4330 CVE-2012-2136 CVE-2012-3510 CVE-2012-4444 CVE-2012-4530 CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6541 CVE-2012-6542 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6547 CVE-2012-6549 CVE-2013-0160 CVE-2013-0268 CVE-2013-0871 CVE-2013-0914 CVE-2013-1827 CVE-2013-1928 CVE-2013-2141 CVE-2013-2147 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that solves 58 vulnerabilities and has 30 fixes is now available. Description: The SUSE Linux Enterprise Server 10 SP3 LTSS kernel received a roll up update to fix lots of moderate security issues and several bugs. The Following security issues have been fixed: * CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password. * CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. * CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. * CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. * CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. * CVE-2013-0160: The Linux kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. * CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. * CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. * CVE-2013-1827: net/dccp/ccid.h in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. * CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application. * CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2012-6546: The ATM implementation in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. * CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel memory via a crafted application. * CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel had an incorrect return value in certain circumstances, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. * CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel preserved the value of the sa_restorer field across an exec operation, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. * CVE-2011-2492: The bluetooth subsystem in the Linux kernel did not properly initialize certain data structures, which allowed local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. * CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. * CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. * CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. * CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. * CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. * CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel on unspecified architectures lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. * CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. * CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. * CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. * CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key." * CVE-2012-2136: The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel did not properly validate a certain length value, which allowed local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. * CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allowed remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. * CVE-2011-2928: The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel did not validate the length attribute of long symlinks, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. * CVE-2011-4077: Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel, when CONFIG_XFS_DEBUG is disabled, allowed local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. * CVE-2011-4324: The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel allowed local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem. * CVE-2011-4330: Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel allowed local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field. * CVE-2011-1172: net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. * CVE-2011-2525: The qdisc_notify function in net/sched/sch_api.c in the Linux kernel did not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. * CVE-2011-2699: The IPv6 implementation in the Linux kernel did not generate Fragment Identification values separately for each destination, which made it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets. * CVE-2011-1171: net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. * CVE-2011-1170: net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel did not place the expected 0 character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. * CVE-2011-3209: The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel on the x86 platform allowed local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call. * CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. * CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating 0 character. * CVE-2011-2699: The IPv6 implementation in the Linux kernel did not generate Fragment Identification values separately for each destination, which made it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets. * CVE-2011-2203: The hfs_find_init function in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record. * CVE-2009-4067: A USB string descriptor overflow in the auerwald USB driver was fixed, which could be used by physically proximate attackers to cause a kernel crash. * CVE-2011-3363: The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel did not properly handle DFS referrals, which allowed remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. * CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. * CVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel allowed local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value." * CVE-2010-4249: The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. The following bugs have been fixed: * patches.fixes/allow-executables-larger-than-2GB.patch: Allow executables larger than 2GB (bnc#836856). * cio: prevent kernel panic after unexpected I/O interrupt (bnc#649868,LTC#67975). * cio: Add timeouts for internal IO (bnc#701550,LTC#72691). * kernel: first time swap use results in heavy swapping (bnc#701550,LTC#73132). * qla2xxx: Do not be so verbose on underrun detected * patches.arch/i386-run-tsc-calibration-5-times.patch: Fix the patch, the logic was wrong (bnc#537165, bnc#826551). * xfs: Do not reclaim new inodes in xfs_sync_inodes() (bnc#770980 bnc#811752). * kbuild: Fix gcc -x syntax (bnc#773831). * e1000e: stop cleaning when we reach tx_ring->next_to_use (bnc#762825). * Fix race condition about network device name allocation (bnc#747576). * kdump: bootmem map over crash reserved region (bnc#749168, bnc#722400, bnc#742881). * tcp: fix race condition leading to premature termination of sockets in FIN_WAIT2 state and connection being reset (bnc#745760) * tcp: drop SYN+FIN messages (bnc#765102). * net/linkwatch: Handle jiffies wrap-around (bnc#740131). * patches.fixes/vm-dirty-bytes: Provide /proc/sys/vm/dirty_{background_,}bytes for tuning (bnc#727597). * ipmi: Fix deadlock in start_next_msg() (bnc#730749). * cpu-hotplug: release workqueue_mutex properly on CPU hot-remove (bnc#733407). * libiscsi: handle init task failures (bnc#721351). * NFS/sunrpc: do not use a credential with extra groups (bnc#725878). * x86_64: fix reboot hang when "reboot=b" is passed to the kernel (bnc#721267). * nf_nat: do not add NAT extension for confirmed conntracks (bnc#709213). * xfs: fix memory reclaim recursion deadlock on locked inode buffer (bnc#699355 bnc#699354 bnc#721830). * ipmi: do not grab locks in run-to-completion mode (bnc#717421). * cciss: do not attempt to read from a write-only register (bnc#683101). * qla2xxx: Disable MSI-X initialization (bnc#693513). * Allow balance_dirty_pages to help other filesystems (bnc#709369). * nfs: fix congestion control (bnc#709369). * NFS: Separate metadata and page cache revalidation mechanisms (bnc#709369). * knfsd: nfsd4: fix laundromat shutdown race (bnc#752556). * x87: Do not synchronize TSCs across cores if they already should be synchronized by HW (bnc#615418 bnc#609220). * reiserfs: Fix int overflow while calculating free space (bnc#795075). * af_unix: limit recursion level (bnc#656153). * bcm43xx: netlink deadlock fix (bnc#850241). * jbd: Issue cache flush after checkpointing (bnc#731770). * cfq: Fix infinite loop in cfq_preempt_queue() (bnc#724692). Security Issue references: * CVE-2009-4020 * CVE-2009-4067 * CVE-2010-4249 * CVE-2011-1170 * CVE-2011-1171 * CVE-2011-1172 * CVE-2011-2203 * CVE-2011-2213 * CVE-2011-2484 * CVE-2011-2492 * CVE-2011-2494 * CVE-2011-2525 * CVE-2011-2534 * CVE-2011-2699 * CVE-2011-2928 * CVE-2011-3209 * CVE-2011-3363 * CVE-2011-4077 * CVE-2011-4110 * CVE-2011-4324 * CVE-2011-4330 * CVE-2012-2136 * CVE-2012-3510 * CVE-2012-4444 * CVE-2012-4530 * CVE-2012-6537 * CVE-2012-6539 * CVE-2012-6540 * CVE-2012-6541 * CVE-2012-6542 * CVE-2012-6544 * CVE-2012-6545 * CVE-2012-6546 * CVE-2012-6547 * CVE-2012-6549 * CVE-2013-0160 * CVE-2013-0268 * CVE-2013-0871 * CVE-2013-0914 * CVE-2013-1827 * CVE-2013-2141 * CVE-2013-2147 * CVE-2013-2164 * CVE-2013-2206 * CVE-2013-2232 * CVE-2013-2234 * CVE-2013-2237 * CVE-2013-3222 * CVE-2013-3223 * CVE-2013-3224 * CVE-2013-3228 * CVE-2013-3229 * CVE-2013-3231 * CVE-2013-3232 * CVE-2013-3234 * CVE-2013-3235 * CVE-2011-4132 * CVE-2013-1928 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): kernel-default-2.6.16.60-0.113.1 kernel-source-2.6.16.60-0.113.1 kernel-syms-2.6.16.60-0.113.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64): kernel-debug-2.6.16.60-0.113.1 kernel-kdump-2.6.16.60-0.113.1 kernel-smp-2.6.16.60-0.113.1 kernel-xen-2.6.16.60-0.113.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): kernel-bigsmp-2.6.16.60-0.113.1 kernel-kdumppae-2.6.16.60-0.113.1 kernel-vmi-2.6.16.60-0.113.1 kernel-vmipae-2.6.16.60-0.113.1 kernel-xenpae-2.6.16.60-0.113.1 References: http://support.novell.com/security/cve/CVE-2009-4020.html http://support.novell.com/security/cve/CVE-2009-4067.html http://support.novell.com/security/cve/CVE-2010-4249.html http://support.novell.com/security/cve/CVE-2011-1170.html http://support.novell.com/security/cve/CVE-2011-1171.html http://support.novell.com/security/cve/CVE-2011-1172.html http://support.novell.com/security/cve/CVE-2011-2203.html http://support.novell.com/security/cve/CVE-2011-2213.html http://support.novell.com/security/cve/CVE-2011-2484.html http://support.novell.com/security/cve/CVE-2011-2492.html http://support.novell.com/security/cve/CVE-2011-2494.html http://support.novell.com/security/cve/CVE-2011-2525.html http://support.novell.com/security/cve/CVE-2011-2534.html http://support.novell.com/security/cve/CVE-2011-2699.html http://support.novell.com/security/cve/CVE-2011-2928.html http://support.novell.com/security/cve/CVE-2011-3209.html http://support.novell.com/security/cve/CVE-2011-3363.html http://support.novell.com/security/cve/CVE-2011-4077.html http://support.novell.com/security/cve/CVE-2011-4110.html http://support.novell.com/security/cve/CVE-2011-4132.html http://support.novell.com/security/cve/CVE-2011-4324.html http://support.novell.com/security/cve/CVE-2011-4330.html http://support.novell.com/security/cve/CVE-2012-2136.html http://support.novell.com/security/cve/CVE-2012-3510.html http://support.novell.com/security/cve/CVE-2012-4444.html http://support.novell.com/security/cve/CVE-2012-4530.html http://support.novell.com/security/cve/CVE-2012-6537.html http://support.novell.com/security/cve/CVE-2012-6539.html http://support.novell.com/security/cve/CVE-2012-6540.html http://support.novell.com/security/cve/CVE-2012-6541.html http://support.novell.com/security/cve/CVE-2012-6542.html http://support.novell.com/security/cve/CVE-2012-6544.html http://support.novell.com/security/cve/CVE-2012-6545.html http://support.novell.com/security/cve/CVE-2012-6546.html http://support.novell.com/security/cve/CVE-2012-6547.html http://support.novell.com/security/cve/CVE-2012-6549.html http://support.novell.com/security/cve/CVE-2013-0160.html http://support.novell.com/security/cve/CVE-2013-0268.html http://support.novell.com/security/cve/CVE-2013-0871.html http://support.novell.com/security/cve/CVE-2013-0914.html http://support.novell.com/security/cve/CVE-2013-1827.html http://support.novell.com/security/cve/CVE-2013-1928.html http://support.novell.com/security/cve/CVE-2013-2141.html http://support.novell.com/security/cve/CVE-2013-2147.html http://support.novell.com/security/cve/CVE-2013-2164.html http://support.novell.com/security/cve/CVE-2013-2206.html http://support.novell.com/security/cve/CVE-2013-2232.html http://support.novell.com/security/cve/CVE-2013-2234.html http://support.novell.com/security/cve/CVE-2013-2237.html http://support.novell.com/security/cve/CVE-2013-3222.html http://support.novell.com/security/cve/CVE-2013-3223.html http://support.novell.com/security/cve/CVE-2013-3224.html http://support.novell.com/security/cve/CVE-2013-3228.html http://support.novell.com/security/cve/CVE-2013-3229.html http://support.novell.com/security/cve/CVE-2013-3231.html http://support.novell.com/security/cve/CVE-2013-3232.html http://support.novell.com/security/cve/CVE-2013-3234.html http://support.novell.com/security/cve/CVE-2013-3235.html https://bugzilla.novell.com/537165 https://bugzilla.novell.com/609220 https://bugzilla.novell.com/615418 https://bugzilla.novell.com/649868 https://bugzilla.novell.com/656153 https://bugzilla.novell.com/681180 https://bugzilla.novell.com/681181 https://bugzilla.novell.com/681185 https://bugzilla.novell.com/683101 https://bugzilla.novell.com/693513 https://bugzilla.novell.com/699354 https://bugzilla.novell.com/699355 https://bugzilla.novell.com/699709 https://bugzilla.novell.com/700879 https://bugzilla.novell.com/701550 https://bugzilla.novell.com/702014 https://bugzilla.novell.com/702037 https://bugzilla.novell.com/703153 https://bugzilla.novell.com/703156 https://bugzilla.novell.com/706375 https://bugzilla.novell.com/707288 https://bugzilla.novell.com/709213 https://bugzilla.novell.com/709369 https://bugzilla.novell.com/713430 https://bugzilla.novell.com/717421 https://bugzilla.novell.com/718028 https://bugzilla.novell.com/721267 https://bugzilla.novell.com/721351 https://bugzilla.novell.com/721830 https://bugzilla.novell.com/722400 https://bugzilla.novell.com/724692 https://bugzilla.novell.com/725878 https://bugzilla.novell.com/726064 https://bugzilla.novell.com/726600 https://bugzilla.novell.com/727597 https://bugzilla.novell.com/730118 https://bugzilla.novell.com/730749 https://bugzilla.novell.com/731673 https://bugzilla.novell.com/731770 https://bugzilla.novell.com/732613 https://bugzilla.novell.com/733407 https://bugzilla.novell.com/734056 https://bugzilla.novell.com/735612 https://bugzilla.novell.com/740131 https://bugzilla.novell.com/742881 https://bugzilla.novell.com/745760 https://bugzilla.novell.com/747576 https://bugzilla.novell.com/749168 https://bugzilla.novell.com/752556 https://bugzilla.novell.com/760902 https://bugzilla.novell.com/762825 https://bugzilla.novell.com/765102 https://bugzilla.novell.com/765320 https://bugzilla.novell.com/770980 https://bugzilla.novell.com/773831 https://bugzilla.novell.com/776888 https://bugzilla.novell.com/786013 https://bugzilla.novell.com/789831 https://bugzilla.novell.com/795075 https://bugzilla.novell.com/797175 https://bugzilla.novell.com/802642 https://bugzilla.novell.com/804154 https://bugzilla.novell.com/808827 https://bugzilla.novell.com/809889 https://bugzilla.novell.com/809891 https://bugzilla.novell.com/809892 https://bugzilla.novell.com/809893 https://bugzilla.novell.com/809894 https://bugzilla.novell.com/809898 https://bugzilla.novell.com/809899 https://bugzilla.novell.com/809900 https://bugzilla.novell.com/809901 https://bugzilla.novell.com/809903 https://bugzilla.novell.com/811354 https://bugzilla.novell.com/811752 https://bugzilla.novell.com/813735 https://bugzilla.novell.com/815745 https://bugzilla.novell.com/816668 https://bugzilla.novell.com/823260 https://bugzilla.novell.com/823267 https://bugzilla.novell.com/824295 https://bugzilla.novell.com/826102 https://bugzilla.novell.com/826551 https://bugzilla.novell.com/827749 https://bugzilla.novell.com/827750 https://bugzilla.novell.com/828119 https://bugzilla.novell.com/836856 https://bugzilla.novell.com/850241 http://download.novell.com/patch/finder/?keywords=2edd49abdf9ae71916d1b5acb9177a75 http://download.novell.com/patch/finder/?keywords=ab3d3594ee8b8099b9bc0f2a2095b6b6 http://download.novell.com/patch/finder/?keywords=ffdbcc106c0e9486ae78943c42345dbd From sle-updates at lists.suse.com Mon Dec 9 14:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Dec 2013 22:04:11 +0100 (CET) Subject: SUSE-RU-2013:1851-1: Recommended update for SUSE_SLES_SAP-SP3-migration and SUSE_SLES_SAP-release Message-ID: <20131209210411.8135832173@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE_SLES_SAP-SP3-migration and SUSE_SLES_SAP-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1851-1 Rating: low References: #832565 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update enables SUSE Linux Enterprise for SAP Applications 11 SP2 to online migrate to SUSE Linux Enterprise for SAP Applications 11 SP3. Indications: Everyone, who wants to upgrade to from SLES for SAP 11 SP2 to SLES for SAP 11 SP3, should install this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP2: zypper in -t patch slesapp2-SLES-SAP-SP3-Migration-8147 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP2 (x86_64): SUSE_SLES_SAP-SP3-migration-11.2-1.14 SUSE_SLES_SAP-release-11.2-2.9.1 References: https://bugzilla.novell.com/832565 http://download.novell.com/patch/finder/?keywords=1cdb2d13bfdf5187a0c7c4f0e0a15fd8 From sle-updates at lists.suse.com Tue Dec 10 03:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Dec 2013 11:04:12 +0100 (CET) Subject: SUSE-SU-2013:1852-1: Security update for glibc Message-ID: <20131210100412.4186D43DF3@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1852-1 Rating: low References: #691365 #779320 #791928 #801246 #811979 #813121 #819347 #822210 #827811 #828235 #828637 #830268 #834594 #839870 Cross-References: CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237 CVE-2013-4332 CVE-2013-4788 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 8 fixes is now available. Description: This update for glibc contains the following fixes: * Fix integer overflows in malloc (CVE-2013-4332, bnc#839870) * Fix buffer overflow in glob (bnc#691365) * Fix buffer overflow in strcoll (CVE-2012-4412, bnc#779320) * Update mount flags in (bnc#791928) * Fix buffer overrun in regexp matcher (CVE-2013-0242, bnc#801246) * Fix memory leaks in dlopen (bnc#811979) * Fix stack overflow in getaddrinfo with many results (CVE-2013-1914, bnc#813121) * Don't raise UNDERFLOW in tan/tanf for small but normal argument (bnc#819347) * Properly cross page boundary in SSE4.2 implementation of strcmp (bnc#822210) * Fix robust mutex handling after fork (bnc#827811) * Fix missing character in IBM-943 charset (bnc#828235) * Fix use of alloca in gaih_inet (bnc#828637) * Initialize pointer guard also in static executables (CVE-2013-4788, bnc#830268) * Fix readdir_r with long file names (CVE-2013-4237, bnc#834594). Security Issues: * CVE-2012-4412 * CVE-2013-0242 * CVE-2013-1914 * CVE-2013-4237 * CVE-2013-4332 * CVE-2013-4788 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-glibc-8337 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-glibc-8337 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-glibc-8337 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-glibc-8337 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): glibc-html-2.11.3-17.56.2 glibc-info-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): glibc-2.11.3-17.56.2 glibc-devel-2.11.3-17.56.2 glibc-html-2.11.3-17.56.2 glibc-i18ndata-2.11.3-17.56.2 glibc-info-2.11.3-17.56.2 glibc-locale-2.11.3-17.56.2 glibc-profile-2.11.3-17.56.2 nscd-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): glibc-32bit-2.11.3-17.56.2 glibc-devel-32bit-2.11.3-17.56.2 glibc-locale-32bit-2.11.3-17.56.2 glibc-profile-32bit-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.56.2 glibc-devel-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.56.2 glibc-i18ndata-2.11.3-17.56.2 glibc-info-2.11.3-17.56.2 glibc-locale-2.11.3-17.56.2 glibc-profile-2.11.3-17.56.2 nscd-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.56.2 glibc-devel-32bit-2.11.3-17.56.2 glibc-locale-32bit-2.11.3-17.56.2 glibc-profile-32bit-2.11.3-17.56.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): glibc-locale-x86-2.11.3-17.56.2 glibc-profile-x86-2.11.3-17.56.2 glibc-x86-2.11.3-17.56.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 i686 x86_64): glibc-2.11.3-17.56.2 glibc-devel-2.11.3-17.56.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): glibc-i18ndata-2.11.3-17.56.2 glibc-locale-2.11.3-17.56.2 nscd-2.11.3-17.56.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): glibc-32bit-2.11.3-17.56.2 glibc-devel-32bit-2.11.3-17.56.2 glibc-locale-32bit-2.11.3-17.56.2 References: http://support.novell.com/security/cve/CVE-2012-4412.html http://support.novell.com/security/cve/CVE-2013-0242.html http://support.novell.com/security/cve/CVE-2013-1914.html http://support.novell.com/security/cve/CVE-2013-4237.html http://support.novell.com/security/cve/CVE-2013-4332.html http://support.novell.com/security/cve/CVE-2013-4788.html https://bugzilla.novell.com/691365 https://bugzilla.novell.com/779320 https://bugzilla.novell.com/791928 https://bugzilla.novell.com/801246 https://bugzilla.novell.com/811979 https://bugzilla.novell.com/813121 https://bugzilla.novell.com/819347 https://bugzilla.novell.com/822210 https://bugzilla.novell.com/827811 https://bugzilla.novell.com/828235 https://bugzilla.novell.com/828637 https://bugzilla.novell.com/830268 https://bugzilla.novell.com/834594 https://bugzilla.novell.com/839870 http://download.novell.com/patch/finder/?keywords=662fdef831f525bc78959155f328aa67 From sle-updates at lists.suse.com Tue Dec 10 03:04:16 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Dec 2013 11:04:16 +0100 (CET) Subject: SUSE-RU-2013:1853-1: moderate: Recommended update for susestudio-admin_en Message-ID: <20131210100416.E2B6043DF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for susestudio-admin_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1853-1 Rating: moderate References: #803932 #809422 #813836 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides the latest version of SUSE Studio Onsite Deployment and Administration Guide. The following issues have been fixed: * bnc#803932: default password after upgrading from 1.2 to 1.3 * bnc#809422: more documentation how Studio Onsite can use SMT * bnc#813836: list all Studio services in 'Appendix A. SUSE Studio Onsite Services'. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-admin_en-8585 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (noarch): susestudio-admin_en-11.3-0.13.1 susestudio-admin_en-pdf-11.3-0.13.1 References: https://bugzilla.novell.com/803932 https://bugzilla.novell.com/809422 https://bugzilla.novell.com/813836 http://download.novell.com/patch/finder/?keywords=b0f504d60f06ccac42e731c85343f60c From sle-updates at lists.suse.com Tue Dec 10 03:04:21 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Dec 2013 11:04:21 +0100 (CET) Subject: SUSE-SU-2013:1854-1: Security update for glibc Message-ID: <20131210100421.1272943DF3@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1854-1 Rating: low References: #691365 #779320 #791928 #801246 #811979 #813121 #818628 #819347 #822210 #827811 #828235 #828637 #830268 #834594 #839870 Cross-References: CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-4237 CVE-2013-4332 CVE-2013-4788 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 9 fixes is now available. Description: This update for glibc contains the following fixes: * Fix integer overflows in malloc (CVE-2013-4332, bnc#839870) * Fix buffer overflow in glob (bnc#691365) * Fix buffer overflow in strcoll (CVE-2012-4412, bnc#779320) * Update mount flags in (bnc#791928) * Fix buffer overrun in regexp matcher (CVE-2013-0242, bnc#801246) * Fix memory leaks in dlopen (bnc#811979) * Fix stack overflow in getaddrinfo with many results (CVE-2013-1914, bnc#813121) * Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec (bnc#818628) * Don't raise UNDERFLOW in tan/tanf for small but normal argument (bnc#819347) * Properly cross page boundary in SSE4.2 implementation of strcmp (bnc#822210) * Fix robust mutex handling after fork (bnc#827811) * Fix missing character in IBM-943 charset (bnc#828235) * Fix use of alloca in gaih_inet (bnc#828637) * Initialize pointer guard also in static executables (CVE-2013-4788, bnc#830268) * Fix readdir_r with long file names (CVE-2013-4237, bnc#834594). Security Issues: * CVE-2012-4412 * CVE-2013-0242 * CVE-2013-1914 * CVE-2013-4237 * CVE-2013-4332 * CVE-2013-4788 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-glibc-8335 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-glibc-8335 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-glibc-8335 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-glibc-8335 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): glibc-html-2.11.3-17.45.49.1 glibc-info-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 i686 x86_64): glibc-2.11.3-17.45.49.1 glibc-devel-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): glibc-html-2.11.3-17.45.49.1 glibc-i18ndata-2.11.3-17.45.49.1 glibc-info-2.11.3-17.45.49.1 glibc-locale-2.11.3-17.45.49.1 glibc-profile-2.11.3-17.45.49.1 nscd-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): glibc-32bit-2.11.3-17.45.49.1 glibc-devel-32bit-2.11.3-17.45.49.1 glibc-locale-32bit-2.11.3-17.45.49.1 glibc-profile-32bit-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.45.49.1 glibc-devel-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.45.49.1 glibc-i18ndata-2.11.3-17.45.49.1 glibc-info-2.11.3-17.45.49.1 glibc-locale-2.11.3-17.45.49.1 glibc-profile-2.11.3-17.45.49.1 nscd-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.45.49.1 glibc-devel-32bit-2.11.3-17.45.49.1 glibc-locale-32bit-2.11.3-17.45.49.1 glibc-profile-32bit-2.11.3-17.45.49.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): glibc-locale-x86-2.11.3-17.45.49.1 glibc-profile-x86-2.11.3-17.45.49.1 glibc-x86-2.11.3-17.45.49.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 i686 x86_64): glibc-2.11.3-17.45.49.1 glibc-devel-2.11.3-17.45.49.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): glibc-i18ndata-2.11.3-17.45.49.1 glibc-locale-2.11.3-17.45.49.1 nscd-2.11.3-17.45.49.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): glibc-32bit-2.11.3-17.45.49.1 glibc-devel-32bit-2.11.3-17.45.49.1 glibc-locale-32bit-2.11.3-17.45.49.1 References: http://support.novell.com/security/cve/CVE-2012-4412.html http://support.novell.com/security/cve/CVE-2013-0242.html http://support.novell.com/security/cve/CVE-2013-1914.html http://support.novell.com/security/cve/CVE-2013-4237.html http://support.novell.com/security/cve/CVE-2013-4332.html http://support.novell.com/security/cve/CVE-2013-4788.html https://bugzilla.novell.com/691365 https://bugzilla.novell.com/779320 https://bugzilla.novell.com/791928 https://bugzilla.novell.com/801246 https://bugzilla.novell.com/811979 https://bugzilla.novell.com/813121 https://bugzilla.novell.com/818628 https://bugzilla.novell.com/819347 https://bugzilla.novell.com/822210 https://bugzilla.novell.com/827811 https://bugzilla.novell.com/828235 https://bugzilla.novell.com/828637 https://bugzilla.novell.com/830268 https://bugzilla.novell.com/834594 https://bugzilla.novell.com/839870 http://download.novell.com/patch/finder/?keywords=b8fd7817886a68f6a48cbaa69b2fcb17 From sle-updates at lists.suse.com Wed Dec 11 08:04:16 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Dec 2013 16:04:16 +0100 (CET) Subject: SUSE-RU-2013:1855-1: moderate: Recommended update for DRBD Message-ID: <20131211150416.459A53215A@maintenance.suse.de> SUSE Recommended Update: Recommended update for DRBD ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1855-1 Rating: moderate References: #825657 #833764 #850715 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update updates the Distributed Replicated Block Device (DRBD) component of SLES HAE 11 SP3 to version 8.4.4, providing many fixes and enhancements. Changes included in the user land packages: * New drbd-proxy option "bwlimit"; allow proxy options on host level * crm-fence-peer: less cib polling, peer-alive detection using crmadmin, and other improvements * ocf ra: avoid too tight pacemaker driven recovery loop on failed promote, implement adjust_master_score parameter * drbdadm adjust now deals with IP-address changes correctly * Make sure old binary paths are still accessible. Changes included in the kernel modules: * Fix potential deadlock when concurrently fencing and establishing a connection * Fix potential distributed deadlock during verify or resync * Fix decoding of bitmap vli rle for device sizes > 64 TB * Fix for deadlock when using automatic split-brain-recovery * Only fail empty flushes if no good data is reachable * Avoid to shrink max_bio_size due to peer re-configuration * Fix resume-io after reconnect with broken fence-peer handler * Fix too large bursts for very slow resync rates * Don't let application IO throttle resync to a stall * Fix a hole in the challenge-response implementation * Fix a theoretical IO deadlock (only triggers with unusual small AL i.e. 7) * Fix attaching to disks with fixed size external meta-data (bnc#833764) * Fix NULL pointer deref in module init error path (bnc#825657) * Fix a crash when the connection broke at a very exact point in time while a graceful disconnect executes * Support for REQ_DISCARD * Allow parallel promote/demote * Allow online changing of al-stripes and al-stripe-size with the resize command. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-drbd-844-201311-8587 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-drbd-844-201311-8587 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64): drbd-kmp-rt-8.4.4_3.0.101_rt130_0.8-0.20.1 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.8-0.20.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 8.4.4]: drbd-8.4.4-0.20.2 drbd-bash-completion-8.4.4-0.20.2 drbd-heartbeat-8.4.4-0.20.2 drbd-kmp-default-8.4.4_3.0.101_0.8-0.20.1 drbd-kmp-trace-8.4.4_3.0.101_0.8-0.20.1 drbd-pacemaker-8.4.4-0.20.2 drbd-udev-8.4.4-0.20.2 drbd-utils-8.4.4-0.20.2 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): drbd-kmp-xen-8.4.4_3.0.101_0.8-0.20.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (x86_64) [New Version: 8.4.4]: drbd-xen-8.4.4-0.20.2 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): drbd-kmp-ppc64-8.4.4_3.0.101_0.8-0.20.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): drbd-kmp-pae-8.4.4_3.0.101_0.8-0.20.1 References: https://bugzilla.novell.com/825657 https://bugzilla.novell.com/833764 https://bugzilla.novell.com/850715 http://download.novell.com/patch/finder/?keywords=8391d371d2d301217afbd2727c9a9181 From sle-updates at lists.suse.com Thu Dec 12 13:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Dec 2013 21:04:10 +0100 (CET) Subject: SUSE-SU-2013:1866-1: moderate: Security update for strongswan Message-ID: <20131212200410.A6453321DA@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1866-1 Rating: moderate References: #833278 #840826 #847506 Cross-References: CVE-2013-5018 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This strongswan update fixes security issues and bugs: * CVE-2013-5018: Specially crafted XAuth usernames and EAP identities could cause a crash in strongswan. * CVE-2013-6075: A crafted ID packet can be used by remote attackers to crash the server or potentially gain authentication privileges under certain circumstances. Additionally, a bug in route recursion limits was fixed: * Charon segfaults when left=%any / recursion limit. (bnc#840826) Security Issues: * CVE-2013-5018 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-strongswan-8488 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-strongswan-8488 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-strongswan-8488 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 References: http://support.novell.com/security/cve/CVE-2013-5018.html https://bugzilla.novell.com/833278 https://bugzilla.novell.com/840826 https://bugzilla.novell.com/847506 http://download.novell.com/patch/finder/?keywords=efb2537a9b17212b4bf63d91dcbc15a9 From sle-updates at lists.suse.com Thu Dec 12 14:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Dec 2013 22:04:10 +0100 (CET) Subject: SUSE-SU-2013:1867-1: moderate: Security update for Xen Message-ID: <20131212210410.566A2321DA@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1867-1 Rating: moderate References: #840997 #848657 Cross-References: CVE-2013-4494 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: Xen has been updated to fix a security issue and a bug: * CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. A non-security bug has also been fixed: * It is possible to start a VM twice on the same node (bnc#840997) Security Issue references: * CVE-2013-4494 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xen-201311-8577 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xen-201311-8577 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xen-201311-8577 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xen-201311-8577 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): xen-devel-4.1.6_04-0.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xen-kmp-trace-4.1.6_04_3.0.101_0.5-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): xen-kmp-default-4.1.6_04_3.0.101_0.5-0.5.1 xen-kmp-trace-4.1.6_04_3.0.101_0.5-0.5.1 xen-libs-4.1.6_04-0.5.1 xen-tools-domU-4.1.6_04-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (x86_64): xen-4.1.6_04-0.5.1 xen-doc-html-4.1.6_04-0.5.1 xen-doc-pdf-4.1.6_04-0.5.1 xen-libs-32bit-4.1.6_04-0.5.1 xen-tools-4.1.6_04-0.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586): xen-kmp-pae-4.1.6_04_3.0.101_0.5-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xen-kmp-default-4.1.6_04_3.0.101_0.5-0.5.1 xen-kmp-trace-4.1.6_04_3.0.101_0.5-0.5.1 xen-libs-4.1.6_04-0.5.1 xen-tools-domU-4.1.6_04-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): xen-4.1.6_04-0.5.1 xen-doc-html-4.1.6_04-0.5.1 xen-doc-pdf-4.1.6_04-0.5.1 xen-libs-32bit-4.1.6_04-0.5.1 xen-tools-4.1.6_04-0.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586): xen-kmp-pae-4.1.6_04_3.0.101_0.5-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-4494.html https://bugzilla.novell.com/840997 https://bugzilla.novell.com/848657 http://download.novell.com/patch/finder/?keywords=e2b4f1fdb40f6617a5fe27add20f67f0 From sle-updates at lists.suse.com Fri Dec 13 10:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Dec 2013 18:04:10 +0100 (CET) Subject: SUSE-RU-2013:1872-1: Recommended update for aaa_base Message-ID: <20131213170410.68DA663D89@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1872-1 Rating: low References: #800270 #828820 #848697 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for aaa_base provides fixes for the following issues: * Login shell reads $HOME/.kshrc twice. (bnc#848697) * chkconfig ignores initscripts with ".ba" in filename. (bnc#828820) * Oracle High Availability Service Daemon (ohasd) fails to start. (bnc#800270) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-aaa_base-8540 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-aaa_base-8540 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-aaa_base-8535 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-aaa_base-8535 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-aaa_base-8540 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-aaa_base-8535 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): aaa_base-11-6.92.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): aaa_base-11-6.92.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): aaa_base-11-6.77.79.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): aaa_base-11-6.77.79.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): aaa_base-11-6.92.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): aaa_base-11-6.77.79.1 References: https://bugzilla.novell.com/800270 https://bugzilla.novell.com/828820 https://bugzilla.novell.com/848697 http://download.novell.com/patch/finder/?keywords=4774628a594c327c8c703658df85926f http://download.novell.com/patch/finder/?keywords=87d366853c97b8e51d6db2a367aef12f From sle-updates at lists.suse.com Fri Dec 13 16:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Dec 2013 00:04:13 +0100 (CET) Subject: SUSE-RU-2013:1874-1: Recommended update for Mesa, libdrm and xorg-x11-driver-video Message-ID: <20131213230413.5EC38321EE@maintenance.suse.de> SUSE Recommended Update: Recommended update for Mesa, libdrm and xorg-x11-driver-video ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1874-1 Rating: low References: #808855 #817998 #834116 #845820 #847068 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This collective update for Mesa, xorg-x11-driver-video and libdrm adds support for new Intel Haswell video chipsets. Additionally, the following issues have been fixed: * Fix intel_reg_dumper tool for Intel Gen2/3 platforms. (bnc#808855) * Do not change DPMS mode on unconnected outputs. (bnc#817998) * Remove GLU debug output on normal builds. (bnc#845820) * Add missing initialization of return status in i830CreateContext(). (bnc#847068) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-haswell-201310-8470 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-haswell-201310-8470 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-haswell-201310-8470 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-haswell-201310-8470 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): Mesa-devel-9.0.3-0.25.1 libdrm-devel-2.4.41-0.10.8 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): Mesa-devel-32bit-9.0.3-0.25.1 libdrm-devel-32bit-2.4.41-0.10.8 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): Mesa-9.0.3-0.25.1 libdrm-2.4.41-0.10.8 xorg-x11-driver-video-7.4.0.1-0.85.5 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): Mesa-32bit-9.0.3-0.25.1 libdrm-32bit-2.4.41-0.10.8 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): Mesa-9.0.3-0.25.1 libdrm-2.4.41-0.10.8 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 x86_64): xorg-x11-driver-video-7.4.0.1-0.85.5 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): Mesa-32bit-9.0.3-0.25.1 libdrm-32bit-2.4.41-0.10.8 - SUSE Linux Enterprise Server 11 SP3 (ia64): Mesa-x86-9.0.3-0.25.1 libdrm-x86-2.4.41-0.10.8 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): Mesa-9.0.3-0.25.1 libdrm-2.4.41-0.10.8 xorg-x11-driver-video-7.4.0.1-0.85.5 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): Mesa-32bit-9.0.3-0.25.1 libdrm-32bit-2.4.41-0.10.8 References: https://bugzilla.novell.com/808855 https://bugzilla.novell.com/817998 https://bugzilla.novell.com/834116 https://bugzilla.novell.com/845820 https://bugzilla.novell.com/847068 http://download.novell.com/patch/finder/?keywords=bb958652d70a63ba1418bfd5603d31a5 From sle-updates at lists.suse.com Fri Dec 13 19:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 14 Dec 2013 03:04:14 +0100 (CET) Subject: SUSE-SU-2013:1875-1: moderate: Security update for krb5 Message-ID: <20131214020414.C6CAC3219D@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1875-1 Rating: moderate References: #849240 Cross-References: CVE-2013-1418 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following security issue: * If a KDC serves multiple realms, certain requests could cause setup_server_realm() to dereference a null pointer, crashing the KDC. (CVE-2013-1418) Security Issues: * CVE-2013-1418 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-krb5-8534 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-krb5-8533 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-krb5-8534 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-krb5-8534 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-krb5-8533 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-krb5-8533 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-krb5-8534 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-krb5-8533 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.58.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.58.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): krb5-1.6.3-133.49.58.1 krb5-apps-clients-1.6.3-133.49.58.1 krb5-apps-servers-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 krb5-plugin-kdb-ldap-1.6.3-133.49.58.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.58.1 krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): krb5-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): krb5-doc-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.58.1 krb5-apps-clients-1.6.3-133.49.58.1 krb5-apps-servers-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 krb5-plugin-kdb-ldap-1.6.3-133.49.58.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.58.1 krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): krb5-doc-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): krb5-x86-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): krb5-1.6.3-133.49.58.1 krb5-apps-clients-1.6.3-133.49.58.1 krb5-apps-servers-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 krb5-plugin-kdb-ldap-1.6.3-133.49.58.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.58.1 krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): krb5-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): krb5-doc-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.58.1 krb5-apps-clients-1.6.3-133.49.58.1 krb5-apps-servers-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 krb5-plugin-kdb-ldap-1.6.3-133.49.58.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.58.1 krb5-server-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): krb5-doc-1.6.3-133.49.58.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): krb5-x86-1.6.3-133.49.58.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): krb5-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): krb5-32bit-1.6.3-133.49.58.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): krb5-1.6.3-133.49.58.1 krb5-client-1.6.3-133.49.58.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): krb5-32bit-1.6.3-133.49.58.1 References: http://support.novell.com/security/cve/CVE-2013-1418.html https://bugzilla.novell.com/849240 http://download.novell.com/patch/finder/?keywords=182a15756c7af7190a0ae54375ed9ac0 http://download.novell.com/patch/finder/?keywords=66507a3dafe1c24d9e9dae86457e9336 From sle-updates at lists.suse.com Mon Dec 16 09:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Dec 2013 17:04:11 +0100 (CET) Subject: SUSE-RU-2013:1892-1: moderate: Recommended update for SUSE Cloud manuals Message-ID: <20131216160411.C0DED321F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Cloud manuals ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1892-1 Rating: moderate References: #842018 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest revision of SUSE Cloud 2.0 manuals. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-susecloud-admin_en-pdf-8397 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (noarch): susecloud-admin_en-pdf-2.0-0.23.1 susecloud-deployment_en-pdf-2.0-0.23.1 susecloud-manuals_en-2.0-0.23.1 susecloud-user_en-pdf-2.0-0.23.1 References: https://bugzilla.novell.com/842018 http://download.novell.com/patch/finder/?keywords=93c809da970006e4b6cb38e9b29a146c From sle-updates at lists.suse.com Mon Dec 16 09:04:16 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Dec 2013 17:04:16 +0100 (CET) Subject: SUSE-RU-2013:1893-1: moderate: Recommended update for SUSE Cloud 2.0 Message-ID: <20131216160416.F28B2321F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Cloud 2.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1893-1 Rating: moderate References: #823345 #825644 #829047 #831329 #832117 #834203 #838095 #838132 #838419 #839141 #839428 #839573 #839612 #839701 #840243 #840255 #840331 #840561 #841026 #841515 #841855 #841978 #842018 #842050 #842187 #845453 #845813 #847527 #848519 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that has 29 recommended fixes can now be installed. It includes 11 new package versions. Description: This consolidated update for SUSE Cloud 2.0 provides the following fixes and enhancements: crowbar: * Do not run rake as root, to avoid permission issues later on. * Update install-crowbar-native.sh to reflect the evolution of the admin node. * Try up to 3 times to converge the admin node. * Script the creation of an admin network. * Initialize the default timezone from the timezone set on the admin node. (bnc#840243) * Create database for ActiveRecordStore session store. (bnc#838095) crowbar-barclamp-ceilometer: * Mention that Ceilometer is technology preview. (bnc#839701) crowbar-barclamp-ceph: * Improve barclamp description. * Mention that Ceph is technology preview. (bnc#839701) crowbar-barclamp-cinder: * Fix cinder.conf when using manual driver configuration. (bnc#842050) * Mention that EqualLogic is tech preview. (bnc#839701) * Add hook to restore loopback LVM on reboot. (bnc#829047) crowbar-barclamp-crowbar: * Create session store database if it doesn't yet exist. In case of a 2.0-GM cloud where session DB support wasn't yet part of install-chef-suse.sh (bnc#848519) * Fix hardware vendor detection. (bnc#841855) * Do not change target_platform when editing allocated node. * Always show reboot/shutdown, except for admin node. (bnc#838419) * Update SUSE branding. (bnc#832117, bnc#834203, bnc#838132) * Avoid some node.save calls that shouldn't be there. (bnc#839612) * Fix bug with deleted nodes. (bnc#840255) * Do not save node on allocate if node is already allocated, fixing a race. (bnc#839428) * Require rubygem-sqlite3 for ActiveRecord-backed session cache. * Use ActiveRecordStore as session store. (bnc#838095) * Avoid browser password safe dialog in barclamp edit forms. (bnc#831329) crowbar-barclamp-deployer: * Enhance Nic.master for ovs virtual switches. (bnc#839141) crowbar-barclamp-heat: * Mention that Heat is tech preview. (bnc#839701) crowbar-barclamp-hyperv: * Update to latest setuptools (1.1.5). * Update to latest gitversion (95b08f8). * Remove set_time recipe. (bnc#841978) crowbar-barclamp-ipmi: * Add another fix for chef-11 compatibility. (bnc#841978) crowbar-barclamp-nfs_client: * Ignore trailing slashes in mount points. (bnc#842187) crowbar-barclamp-nova: * Do not use set_time recipe. (bnc#841978) * Update hyperv role for recipe-related changes in hyperv cookbook. * Change vmwareapi_datastore_regex to datastore_regex in nova.conf.erb. (bnc#845813) crowbar-barclamp-ntp: * Fix recipe to run on Windows. (bnc#841978) crowbar-barclamp-provisioner: * Make ask_on_error flag Boolean. (bnc#841026) * Add timeout 100 to first boot to ensure that network is up. (bnc#841978) * Rework crowbar_join on SUSE. (bnc#838419, bnc#825644) * Fix set_state.ps1 to work, fix writing client.rb on Windows. (bnc#840561) * Fix start order of crowbar_join service. (bnc#847527) * Use 64bit curl.exe. crowbar-barclamp-network: * Reduce local_port_range to not overlap with ports used by services. (bnc#839573) * Use Nic.master instead of calling separate methods. (bnc#839141) crowbar-barclamp-swift: * Fix logical problem in host comparison. (bnc#841515) * Set log_facility for keystoneauth middleware. crowbar-barclamp-dns: * Don't create invalid bind config. * Use forward only option (only with forwarders). (bnc#845453) openstack-ceilometer: * Consume notification from the default queue. * Catch exceptions from nova client in poll_and_publish. * Fix regressions in unit test merge. openstack-cinder: * Ensure that qpid connection is closed. * Do not reschedule if copy_image_to_volume fails. openstack-glance: * Fixes Opt types in glance/notifier/notify_kombu.py. openstack-keystone: * Revoke user tokens when disabling/deleting a project. * Use joins instead of multiple lookups in groups sql. * Switch to grizzly branch of keystone-hybrid-backend. * Fix and test token revocation list API. * Set HOME dir correctly for openssl random state preservation. * Fix RUNDIR in init-script. openstack-nova: * Fix VMwareVCDriver to support multi-datastore. * Set launch_index to right value. * VMware: Ensure Quantum networking works with VMware drivers. * Make nbd reservation thread-safe. * Fix Qpid when sending long messages. * Fix {attach,detach}_interface() in libvirt. * Avoid reflected Neighbour discovery multicast. (bnc#823345) openstack-quantum: * Fix Hyper-V agent unsopported network_type issue. rubygem-chef: * Add crowbar_join to Should-Start of chef-client init script to avoid conflict between chef-client runs from crowbar_join and from the chef-client daemon. (Part of bnc#847527) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-cloud-20-201310-8541 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64) [New Version: 2013.1.4.a13.g4601b14,2013.1.4.a2.ga5522f0,2013.1.4.a22.g067fb93,2013.1.4.a6.ga4ba9ff,2013.1.4.a6.gf89afda and 2013.1.4.a7.gafbc75b]: openstack-ceilometer-2013.1.4.a6.ga4ba9ff-0.7.4 openstack-ceilometer-agent-central-2013.1.4.a6.ga4ba9ff-0.7.4 openstack-ceilometer-agent-compute-2013.1.4.a6.ga4ba9ff-0.7.4 openstack-ceilometer-api-2013.1.4.a6.ga4ba9ff-0.7.4 openstack-ceilometer-collector-2013.1.4.a6.ga4ba9ff-0.7.4 openstack-cinder-2013.1.4.a6.gf89afda-0.7.7 openstack-cinder-api-2013.1.4.a6.gf89afda-0.7.7 openstack-cinder-backup-2013.1.4.a6.gf89afda-0.7.7 openstack-cinder-scheduler-2013.1.4.a6.gf89afda-0.7.7 openstack-cinder-volume-2013.1.4.a6.gf89afda-0.7.7 openstack-glance-2013.1.4.a2.ga5522f0-0.9.7 openstack-keystone-2013.1.4.a7.gafbc75b-0.7.7 openstack-nova-2013.1.4.a22.g067fb93-0.7.7 openstack-nova-api-2013.1.4.a22.g067fb93-0.7.7 openstack-nova-cells-2013.1.4.a22.g067fb93-0.7.7 openstack-nova-cert-2013.1.4.a22.g067fb93-0.7.7 openstack-nova-compute-2013.1.4.a22.g067fb93-0.7.7 openstack-nova-conductor-2013.1.4.a22.g067fb93-0.7.7 openstack-nova-console-2013.1.4.a22.g067fb93-0.7.7 openstack-nova-consoleauth-2013.1.4.a22.g067fb93-0.7.7 openstack-nova-novncproxy-2013.1.4.a22.g067fb93-0.7.7 openstack-nova-objectstore-2013.1.4.a22.g067fb93-0.7.7 openstack-nova-scheduler-2013.1.4.a22.g067fb93-0.7.7 openstack-nova-vncproxy-2013.1.4.a22.g067fb93-0.7.7 openstack-quantum-2013.1.4.a13.g4601b14-0.7.7 openstack-quantum-dhcp-agent-2013.1.4.a13.g4601b14-0.7.7 openstack-quantum-l3-agent-2013.1.4.a13.g4601b14-0.7.7 openstack-quantum-lbaas-agent-2013.1.4.a13.g4601b14-0.7.7 openstack-quantum-linuxbridge-agent-2013.1.4.a13.g4601b14-0.7.7 openstack-quantum-metadata-agent-2013.1.4.a13.g4601b14-0.7.7 openstack-quantum-nec-agent-2013.1.4.a13.g4601b14-0.7.7 openstack-quantum-openvswitch-agent-2013.1.4.a13.g4601b14-0.7.7 openstack-quantum-plugin-cisco-2013.1.4.a13.g4601b14-0.7.7 openstack-quantum-ryu-agent-2013.1.4.a13.g4601b14-0.7.7 openstack-quantum-server-2013.1.4.a13.g4601b14-0.7.7 python-ceilometer-2013.1.4.a6.ga4ba9ff-0.7.4 python-cinder-2013.1.4.a6.gf89afda-0.7.7 python-glance-2013.1.4.a2.ga5522f0-0.9.7 python-keystone-2013.1.4.a7.gafbc75b-0.7.7 python-nova-2013.1.4.a22.g067fb93-0.7.7 python-quantum-2013.1.4.a13.g4601b14-0.7.7 rubygem-chef-10.24.4-0.19.4 rubygem-chef-doc-10.24.4-0.19.4 - SUSE Cloud 2.0 (noarch) [New Version: 2013.1.4.a13.g4601b14,2013.1.4.a2.ga5522f0,2013.1.4.a22.g067fb93,2013.1.4.a6.ga4ba9ff,2013.1.4.a6.gf89afda and 2013.1.4.a7.gafbc75b]: crowbar-1.6+git.1379334973.2b98515-0.9.15 crowbar-barclamp-ceilometer-1.6+git.1377887749.c5e6251-0.15.41 crowbar-barclamp-ceph-1.6+git.1379441217.ed06ec3-0.7.41 crowbar-barclamp-cinder-1.6+git.1377888191.7552884-0.13.40 crowbar-barclamp-crowbar-1.6+git.1378220118.50d5eb1-0.11.3 crowbar-barclamp-deployer-1.6+git.1378220069.24ac42c-0.9.41 crowbar-barclamp-dns-1.6+git.1381411195.51c43a3-0.7.20 crowbar-barclamp-heat-1.6+git.1378134133.f3c0ee9-0.9.41 crowbar-barclamp-hyperv-1.6+git.1382630076.95b08f8-0.7.20 crowbar-barclamp-hyperv-data-1.6+git.1382630076.95b08f8-0.7.20 crowbar-barclamp-ipmi-1.6+git.1377635334.8245d5a-0.11.41 crowbar-barclamp-network-1.6+git.1377638440.23b5860-0.13.41 crowbar-barclamp-nfs_client-1.6+git.1380092738.00ebf50-0.7.41 crowbar-barclamp-nova-1.6+git.1377887914.3cc5b3a-0.15.21 crowbar-barclamp-ntp-1.6+git.1377808735.470da4f-0.9.41 crowbar-barclamp-provisioner-1.6+git.1378227508.33c02b1-0.17.20 crowbar-barclamp-swift-1.6+git.1377888257.c7bc0fb-0.13.41 openstack-ceilometer-doc-2013.1.4.a6.ga4ba9ff-0.7.7 openstack-cinder-doc-2013.1.4.a6.gf89afda-0.7.11 openstack-glance-doc-2013.1.4.a2.ga5522f0-0.9.11 openstack-keystone-doc-2013.1.4.a7.gafbc75b-0.7.7 openstack-nova-doc-2013.1.4.a22.g067fb93-0.7.10 openstack-quantum-doc-2013.1.4.a13.g4601b14-0.7.9 References: https://bugzilla.novell.com/823345 https://bugzilla.novell.com/825644 https://bugzilla.novell.com/829047 https://bugzilla.novell.com/831329 https://bugzilla.novell.com/832117 https://bugzilla.novell.com/834203 https://bugzilla.novell.com/838095 https://bugzilla.novell.com/838132 https://bugzilla.novell.com/838419 https://bugzilla.novell.com/839141 https://bugzilla.novell.com/839428 https://bugzilla.novell.com/839573 https://bugzilla.novell.com/839612 https://bugzilla.novell.com/839701 https://bugzilla.novell.com/840243 https://bugzilla.novell.com/840255 https://bugzilla.novell.com/840331 https://bugzilla.novell.com/840561 https://bugzilla.novell.com/841026 https://bugzilla.novell.com/841515 https://bugzilla.novell.com/841855 https://bugzilla.novell.com/841978 https://bugzilla.novell.com/842018 https://bugzilla.novell.com/842050 https://bugzilla.novell.com/842187 https://bugzilla.novell.com/845453 https://bugzilla.novell.com/845813 https://bugzilla.novell.com/847527 https://bugzilla.novell.com/848519 http://download.novell.com/patch/finder/?keywords=4192498de9073eca1f16ae2192a79f04 From sle-updates at lists.suse.com Mon Dec 16 11:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Dec 2013 19:04:12 +0100 (CET) Subject: SUSE-SU-2013:1894-1: important: Security update for webyast Message-ID: <20131216180412.13E2632175@maintenance.suse.de> SUSE Security Update: Security update for webyast ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1894-1 Rating: important References: #851116 Cross-References: CVE-2013-3709 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following security issue has been fixed: * CVE-2013-3709: webyast: local privilege escalation via secret rails tokens execution. This vulnerability was reported by joernchen of Phenoelit. Security Issue reference: * CVE-2013-3709 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-webyast-base-8608 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-webyast-base-8608 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-webyast-base-8608 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (noarch) [New Version: 0.3.43.1]: webyast-base-0.3.43.1-0.5.1 webyast-base-branding-default-0.3.43.1-0.5.1 - SUSE Studio Onsite 1.3 (noarch) [New Version: 0.3.43.1]: webyast-base-0.3.43.1-0.5.1 webyast-base-branding-default-0.3.43.1-0.5.1 - SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 0.3.43.1]: webyast-base-0.3.43.1-0.5.1 webyast-base-branding-default-0.3.43.1-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3709.html https://bugzilla.novell.com/851116 http://download.novell.com/patch/finder/?keywords=e33808e1f7a924a2aecffd6c2cfef5e0 From sle-updates at lists.suse.com Mon Dec 16 13:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Dec 2013 21:04:10 +0100 (CET) Subject: SUSE-SU-2013:1895-1: important: Security update for nginx Message-ID: <20131216200410.D59263224F@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1895-1 Rating: important References: #851295 Cross-References: CVE-2013-4547 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: * CVE-2013-4547: nginx: security restriction bypass flaw due to whitespace parsing Security Issue reference: * CVE-2013-4547 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-nginx-1.0-8600 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-nginx-1.0-8600 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-nginx-1.0-8600 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64): nginx-1.0-1.0.15-0.8.1 - SUSE Studio Onsite 1.3 (x86_64): nginx-1.0-1.0.15-0.8.1 - SUSE Lifecycle Management Server 1.3 (x86_64): nginx-1.0-1.0.15-0.8.1 References: http://support.novell.com/security/cve/CVE-2013-4547.html https://bugzilla.novell.com/851295 http://download.novell.com/patch/finder/?keywords=d44506fa33f4c8fa0a43e48a7818a359 From sle-updates at lists.suse.com Mon Dec 16 16:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Dec 2013 00:04:09 +0100 (CET) Subject: SUSE-SU-2013:1896-1: important: Security update for flash-player Message-ID: <20131216230409.E51433224F@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1896-1 Rating: important References: #854881 Cross-References: CVE-2013-5331 CVE-2013-5332 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This update fixes the following security issues with flash-player: * bnc#854881: flash-plugin: multiple code execution flaws (APSB13-28) o These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2013-5331). o These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2013-5332). o Ref: http://helpx.adobe.com/security/products/flash-player/apsb13 -28.html Security Issue references: * CVE-2013-5332 * CVE-2013-5331 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-8640 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-8639 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.332]: flash-player-11.2.202.332-0.3.1 flash-player-gnome-11.2.202.332-0.3.1 flash-player-kde4-11.2.202.332-0.3.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.332]: flash-player-11.2.202.332-0.3.1 flash-player-gnome-11.2.202.332-0.3.1 flash-player-kde4-11.2.202.332-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-5331.html http://support.novell.com/security/cve/CVE-2013-5332.html https://bugzilla.novell.com/854881 http://download.novell.com/patch/finder/?keywords=30b48eee51a4727df3b225e699b6855e http://download.novell.com/patch/finder/?keywords=efb10711c30d7edc97e58e5d7d609260 From sle-updates at lists.suse.com Mon Dec 16 16:04:18 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Dec 2013 00:04:18 +0100 (CET) Subject: SUSE-SU-2013:1897-1: critical: Security update for ruby19 Message-ID: <20131216230418.6B1733224F@maintenance.suse.de> SUSE Security Update: Security update for ruby19 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1897-1 Rating: critical References: #851803 Cross-References: CVE-2013-4164 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update fixes a severe security bug in ruby19: * CVE-2013-4164: heap overflow in float point parsing could lead to crashes and code execution Security Issue reference: * CVE-2013-4164 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-ruby19-8620 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.9.3.p392]: ruby19-1.9.3.p392-0.17.1 ruby19-devel-1.9.3.p392-0.17.1 ruby19-devel-extra-1.9.3.p392-0.17.1 References: http://support.novell.com/security/cve/CVE-2013-4164.html https://bugzilla.novell.com/851803 http://download.novell.com/patch/finder/?keywords=3342ac1ab377ae7f16f87852381eeade From sle-updates at lists.suse.com Tue Dec 17 08:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Dec 2013 16:04:11 +0100 (CET) Subject: SUSE-SU-2013:1899-1: moderate: Security update for python-pyOpenSSL Message-ID: <20131217150411.DB1CE32054@maintenance.suse.de> SUSE Security Update: Security update for python-pyOpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1899-1 Rating: moderate References: #839107 Cross-References: CVE-2013-4314 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: python-pyOpenSSL has been updated to fix a SSL Certificate host name checking bypass vulnerability. (CVE-2013-4314) Security Issue reference: * CVE-2013-4314 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-python-pyOpenSSL-8481 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64) [New Version: 0.13.1]: python-pyOpenSSL-0.13.1-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-4314.html https://bugzilla.novell.com/839107 http://download.novell.com/patch/finder/?keywords=108b2405de9adc4bcd594084831521d5 From sle-updates at lists.suse.com Tue Dec 17 10:05:08 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Dec 2013 18:05:08 +0100 (CET) Subject: SUSE-RU-2013:1903-1: Recommended update for udev Message-ID: <20131217170508.70D4A32053@maintenance.suse.de> SUSE Recommended Update: Recommended update for udev ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1903-1 Rating: low References: #805059 #812050 #815263 #818146 #819331 #820574 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This collective update for udev provides the following fixes: * Add MSFT compatibility rules. (bnc#805059) * Drop memory/cpu hotplug rules for ppc/ppc64 arch. (bnc#818146) * Use device_new_from_id_filename. (bnc#819331) * Implement virtual function interface renaming. (bnc#812050) * Be more informative when renaming interfaces. (bnc#812050) * scsi_id: Export ID_SCSI_VPD and decode MD5 identifiers. (bnc#820574) * path_id: Handle ATA/S-ATA devices if we are using libata. (bnc#815263) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libgudev-1_0-0-8298 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libgudev-1_0-0-8298 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libgudev-1_0-0-8298 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libgudev-1_0-0-8298 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libgudev-1_0-devel-147-0.69.71.1 libudev-devel-147-0.69.71.1 libudev0-147-0.69.71.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libgudev-1_0-0-147-0.69.71.1 libudev0-147-0.69.71.1 udev-147-0.69.71.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libgudev-1_0-0-32bit-147-0.69.71.1 libudev0-32bit-147-0.69.71.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libgudev-1_0-0-147-0.69.71.1 libudev0-147-0.69.71.1 udev-147-0.69.71.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libgudev-1_0-0-32bit-147-0.69.71.1 libudev0-32bit-147-0.69.71.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libgudev-1_0-0-x86-147-0.69.71.1 libudev0-x86-147-0.69.71.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libgudev-1_0-0-147-0.69.71.1 libudev0-147-0.69.71.1 udev-147-0.69.71.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libgudev-1_0-0-32bit-147-0.69.71.1 libudev0-32bit-147-0.69.71.1 References: https://bugzilla.novell.com/805059 https://bugzilla.novell.com/812050 https://bugzilla.novell.com/815263 https://bugzilla.novell.com/818146 https://bugzilla.novell.com/819331 https://bugzilla.novell.com/820574 http://download.novell.com/patch/finder/?keywords=769321642e129d158bbca485bbcb4a69 From sle-updates at lists.suse.com Wed Dec 18 15:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Dec 2013 23:04:12 +0100 (CET) Subject: SUSE-RU-2013:1909-1: Recommended update for virt-manager Message-ID: <20131218220412.CC09232126@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1909-1 Rating: low References: #822531 #824720 #829284 Affected Products: SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for virt-manager provides the following fixes: * Don't write 'ram' XML attribute for video devices other than QXL. (bnc#829284) * Allow allocation of hdb for emulated IDE disks. (bnc#824720) * Don't reset DomU's 'Autostart' option after hardware configuration changes. (bnc#822531) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-virt-manager-8592 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-virt-manager-8592 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (i586 s390x x86_64): virt-manager-0.9.4-0.21.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): virt-manager-0.9.4-0.21.1 References: https://bugzilla.novell.com/822531 https://bugzilla.novell.com/824720 https://bugzilla.novell.com/829284 http://download.novell.com/patch/finder/?keywords=2d474df0ab18af456b80414bd487b1d4 From sle-updates at lists.suse.com Wed Dec 18 15:04:46 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Dec 2013 23:04:46 +0100 (CET) Subject: SUSE-RU-2013:1910-1: important: Recommended update for SUSE Manager 1.7 Message-ID: <20131218220446.4C93732126@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 1.7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1910-1 Rating: important References: #823813 #834415 #840751 #842699 #846351 #846356 #846436 #846580 #847723 #848225 #848840 #849856 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. It includes 11 new package versions. Description: This collective update for SUSE Manager 1.7 provides the following fixes and enhancements: cobbler: * Fix man page inconsistencies. * Fix wrong options in the man page. (bnc#846580) * Fix networking.xml snippet and use the correct key for getting the netmask. (bnc#842699) osad: * Remove extraneous 'except'. * Catch jabberd connection errors. spacewalk-backend: * Replace encode/decode with to_string/to_unicode. * Make sure we put strings to fd.write(). * Replace application code with database lookup to prevent conflicting inserts. * Python server: better logging of exceptions. * Log errors on bad request. (bnc#849856) * Update spacewalk-repo-sync's man page. (bnc#846351) * Add support for enhances rpm weak dependencies. (bnc#846436) * Python pgsql driver: handle ProgrammingError exceptions. * Fix typos in entitlement report. (bnc#840751) spacewalk-branding: * Remove obsolete example strings for CVE Audit. (bnc#846356) spacewalk-certs-tools: * Include fixed version of sm-client-tools. (bnc#823813) spacewalk-client-tools: * Uptime report: respect xmlrpc's integer limits. spacewalk-java: * Fix jsp file to actually show the result list. * Automatically set the focus using formFocus(). * Add a tooltip for the CVE ID. * Use a string constant to populate select with years. * Extract the separator from the prefix string constant. * Remove the maxlength attribute to allow n digit identifiers. * Enhance Package.listOrphans query. * Optimize system_config_files_with_diffs eleborator for PostgreSQL. * Fix ISE when renaming channel to channel name already in use. * Synchronize repo entries creation. * Fix ISE when deleting a non persistent custom info value. * Separate CVE audit inputs for year and ID. (bnc#846356) * Always set lastModifiedBy for custom info. * Reorder snippet tabs. * Use the kickstart icon for the snippets page. * Add help URL. (bnc#848225) * Fix navigation for the default snippets page. * Replace 'kickstart' with 'autoinstallation'. (bnc#848225) * Add support for enhances rpm weak dependency. (bnc#846436) spacewalk-search: * Fix custom info value index removal in advanced search. (bnc#834415) spacewalk-web: * Add support for enhances rpm weak dependency. (bnc#846436) susemanager-schema: * Fix Oracle syntax and provide separate update script for PostgreSQL DB. (bnc#846436) * Regenerate metadata for rpm enhances dependency. (bnc#846436) * Add support for enhances rpm weak dependency. (bnc#846436) * Fix invalid syntax for PostgreSQL migration. susemanager: * Add createrepo as a dependency of susemanager-tools. (bnc#848840) * Add slang package to bootstrap repository. (bnc#847723) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema with spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-suse-manager-201312-8659 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64) [New Version: 1.7.1.10,1.7.26 and 1.7.38.30]: cobbler-2.2.2-0.35.2 spacewalk-backend-1.7.38.30-0.5.5 spacewalk-backend-app-1.7.38.30-0.5.5 spacewalk-backend-applet-1.7.38.30-0.5.5 spacewalk-backend-config-files-1.7.38.30-0.5.5 spacewalk-backend-config-files-common-1.7.38.30-0.5.5 spacewalk-backend-config-files-tool-1.7.38.30-0.5.5 spacewalk-backend-iss-1.7.38.30-0.5.5 spacewalk-backend-iss-export-1.7.38.30-0.5.5 spacewalk-backend-libs-1.7.38.30-0.5.5 spacewalk-backend-package-push-server-1.7.38.30-0.5.5 spacewalk-backend-server-1.7.38.30-0.5.5 spacewalk-backend-sql-1.7.38.30-0.5.5 spacewalk-backend-sql-oracle-1.7.38.30-0.5.5 spacewalk-backend-sql-postgresql-1.7.38.30-0.5.5 spacewalk-backend-tools-1.7.38.30-0.5.5 spacewalk-backend-xml-export-libs-1.7.38.30-0.5.5 spacewalk-backend-xmlrpc-1.7.38.30-0.5.5 spacewalk-backend-xp-1.7.38.30-0.5.5 spacewalk-branding-1.7.1.10-0.5.2 susemanager-1.7.26-0.5.5 susemanager-tools-1.7.26-0.5.5 - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.2.3,1.7.14.18,1.7.28.19,1.7.3.10,1.7.3.11,1.7.54.29,1.7.56.22 and 5.10.41.10]: osa-dispatcher-5.10.41.10-0.5.2 sm-client-tools-1.2.3-0.5.2 spacewalk-base-1.7.28.19-0.5.2 spacewalk-base-minimal-1.7.28.19-0.5.2 spacewalk-certs-tools-1.7.3.10-0.5.3 spacewalk-client-tools-1.7.14.18-0.5.2 spacewalk-grail-1.7.28.19-0.5.2 spacewalk-html-1.7.28.19-0.5.2 spacewalk-java-1.7.54.29-0.5.2 spacewalk-java-config-1.7.54.29-0.5.2 spacewalk-java-lib-1.7.54.29-0.5.2 spacewalk-java-oracle-1.7.54.29-0.5.2 spacewalk-java-postgresql-1.7.54.29-0.5.2 spacewalk-pxt-1.7.28.19-0.5.2 spacewalk-search-1.7.3.11-0.5.2 spacewalk-sniglets-1.7.28.19-0.5.2 spacewalk-taskomatic-1.7.54.29-0.5.2 susemanager-schema-1.7.56.22-0.7.2 References: https://bugzilla.novell.com/823813 https://bugzilla.novell.com/834415 https://bugzilla.novell.com/840751 https://bugzilla.novell.com/842699 https://bugzilla.novell.com/846351 https://bugzilla.novell.com/846356 https://bugzilla.novell.com/846436 https://bugzilla.novell.com/846580 https://bugzilla.novell.com/847723 https://bugzilla.novell.com/848225 https://bugzilla.novell.com/848840 https://bugzilla.novell.com/849856 http://download.novell.com/patch/finder/?keywords=229cb1b2a179c0197f597771c99bc2db From sle-updates at lists.suse.com Wed Dec 18 15:06:55 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Dec 2013 23:06:55 +0100 (CET) Subject: SUSE-RU-2013:1911-1: important: Recommended update for SUSE Manager Client Tools Message-ID: <20131218220655.A48CD32126@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1911-1 Rating: important References: #846580 #847254 #850105 Affected Products: SUSE Manager Client Tools for SLE 11 SP2 SLE CLIENT TOOLS 10 for x86_64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for ia64 SLE CLIENT TOOLS 10 for PPC SLE CLIENT TOOLS 10 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This collective update provides the following fixes and enhancements: koan: * Fix man page inconsistencies. * Fix wrong options in the man page. (bnc#846580) osad: * Remove extraneous 'except'. * Catch jabberd connection errors. spacewalk-backend: * Replace encode/decode with to_string/to_unicode. * Make sure we put strings to fd.write(). spacewalk-client-tools: * Uptime report: respect xmlrpc's integer limits. zypp-plugin-spacewalk: * Avoid crashes when a channel's metadata contains UTF-8 data. (bnc#850105) * Call zypper with --auto-agree-with-licenses, as interactive agreement is not possible from remote. (bnc#847254) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP2: zypper in -t patch slesctsp2-client-tools-201312-8658 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP2 (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.35.2 spacewalk-backend-libs-1.7.38.30-0.5.5 zypp-plugin-spacewalk-0.9.5-0.5.5 - SUSE Manager Client Tools for SLE 11 SP2 (noarch): osad-5.10.41.10-0.5.2 spacewalk-check-1.7.14.18-0.5.2 spacewalk-client-setup-1.7.14.18-0.5.2 spacewalk-client-tools-1.7.14.18-0.5.2 - SLE CLIENT TOOLS 10 for x86_64 (x86_64): koan-2.2.2-0.34.1 spacewalk-backend-libs-1.7.38.30-0.5.1 zypp-plugin-spacewalk-0.9.5-0.5.1 - SLE CLIENT TOOLS 10 for x86_64 (noarch): osad-5.10.41.10-0.5.1 spacewalk-check-1.7.14.18-0.5.1 spacewalk-client-setup-1.7.14.18-0.5.1 spacewalk-client-tools-1.7.14.18-0.5.1 - SLE CLIENT TOOLS 10 for s390x (noarch): osad-5.10.41.10-0.5.1 spacewalk-check-1.7.14.18-0.5.1 spacewalk-client-setup-1.7.14.18-0.5.1 spacewalk-client-tools-1.7.14.18-0.5.1 - SLE CLIENT TOOLS 10 for s390x (s390x): koan-2.2.2-0.34.1 spacewalk-backend-libs-1.7.38.30-0.5.1 zypp-plugin-spacewalk-0.9.5-0.5.1 - SLE CLIENT TOOLS 10 for ia64 (noarch): osad-5.10.41.10-0.5.1 spacewalk-check-1.7.14.18-0.5.1 spacewalk-client-setup-1.7.14.18-0.5.1 spacewalk-client-tools-1.7.14.18-0.5.1 - SLE CLIENT TOOLS 10 for ia64 (ia64): koan-2.2.2-0.34.1 spacewalk-backend-libs-1.7.38.30-0.5.1 zypp-plugin-spacewalk-0.9.5-0.5.1 - SLE CLIENT TOOLS 10 for PPC (noarch): osad-5.10.41.10-0.5.1 spacewalk-check-1.7.14.18-0.5.1 spacewalk-client-setup-1.7.14.18-0.5.1 spacewalk-client-tools-1.7.14.18-0.5.1 - SLE CLIENT TOOLS 10 for PPC (ppc): koan-2.2.2-0.34.1 spacewalk-backend-libs-1.7.38.30-0.5.1 zypp-plugin-spacewalk-0.9.5-0.5.1 - SLE CLIENT TOOLS 10 (noarch): osad-5.10.41.10-0.5.1 spacewalk-check-1.7.14.18-0.5.1 spacewalk-client-setup-1.7.14.18-0.5.1 spacewalk-client-tools-1.7.14.18-0.5.1 - SLE CLIENT TOOLS 10 (i586): koan-2.2.2-0.34.1 spacewalk-backend-libs-1.7.38.30-0.5.1 zypp-plugin-spacewalk-0.9.5-0.5.1 References: https://bugzilla.novell.com/846580 https://bugzilla.novell.com/847254 https://bugzilla.novell.com/850105 http://download.novell.com/patch/finder/?keywords=b7cfb88d9af5159b99acc49bb7c8a6c5 http://download.novell.com/patch/finder/?keywords=c8c4d7e2227cedfc0b51e725f841f04c From sle-updates at lists.suse.com Wed Dec 18 15:07:29 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Dec 2013 23:07:29 +0100 (CET) Subject: SUSE-RU-2013:1912-1: important: Recommended update for SUSE Manager Client Tools Message-ID: <20131218220729.3273432126@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1912-1 Rating: important References: #847254 #850105 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes two new package versions. Description: This collective update provides the following fixes and enhancements: spacewalk-client-tools: * Uptime report: respect xmlrpc's integer limits. zypp-plugin-spacewalk: * Avoid crashes when a channel's metadata contains UTF-8 data. (bnc#850105) * Call zypper with --auto-agree-with-licenses, as interactive agreement is not possible from remote. (bnc#847254) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-client-tools-201312-8662 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-client-tools-201312-8662 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-client-tools-201312-8661 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-client-tools-201312-8661 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-client-tools-201312-8662 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-client-tools-201312-8661 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 0.9.5]: zypp-plugin-spacewalk-0.9.5-0.5.5 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 1.7.14.18]: spacewalk-check-1.7.14.18-0.5.2 spacewalk-client-setup-1.7.14.18-0.5.2 spacewalk-client-tools-1.7.14.18-0.5.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.5]: zypp-plugin-spacewalk-0.9.5-0.5.5 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 1.7.14.18]: spacewalk-check-1.7.14.18-0.5.2 spacewalk-client-setup-1.7.14.18-0.5.2 spacewalk-client-tools-1.7.14.18-0.5.2 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 0.9.5]: zypp-plugin-spacewalk-0.9.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 1.7.14.18]: spacewalk-check-1.7.14.18-0.5.2 spacewalk-client-setup-1.7.14.18-0.5.2 spacewalk-client-tools-1.7.14.18-0.5.2 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.5]: zypp-plugin-spacewalk-0.9.5-0.5.5 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 1.7.14.18]: spacewalk-check-1.7.14.18-0.5.2 spacewalk-client-setup-1.7.14.18-0.5.2 spacewalk-client-tools-1.7.14.18-0.5.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.9.5]: zypp-plugin-spacewalk-0.9.5-0.5.5 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 1.7.14.18]: spacewalk-check-1.7.14.18-0.5.2 spacewalk-client-setup-1.7.14.18-0.5.2 spacewalk-client-tools-1.7.14.18-0.5.2 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 0.9.5]: zypp-plugin-spacewalk-0.9.5-0.5.5 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 1.7.14.18]: spacewalk-check-1.7.14.18-0.5.2 spacewalk-client-setup-1.7.14.18-0.5.2 spacewalk-client-tools-1.7.14.18-0.5.2 References: https://bugzilla.novell.com/847254 https://bugzilla.novell.com/850105 http://download.novell.com/patch/finder/?keywords=a4f6efc7105520364740890cc65fe52d http://download.novell.com/patch/finder/?keywords=cd371f5580287e16c937e26c5bcc9d42 From sle-updates at lists.suse.com Wed Dec 18 15:07:53 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Dec 2013 23:07:53 +0100 (CET) Subject: SUSE-RU-2013:1913-1: important: Recommended update for SUSE Manager Documentation Message-ID: <20131218220753.DC53132126@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Documentation ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1913-1 Rating: important References: #788758 #835013 #842209 #844241 #844257 #844265 #845470 #846206 #846431 #847408 #847514 #847662 #849225 #849411 #850280 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has 15 recommended fixes can now be installed. It includes one version update. Description: This collective update provides the following fixes for SUSE Manager 1.7 documentation: susemanager-manuals_en, susemanager-jsp_en: * Child Channel with AutoYaST. (bnc#788758) * Quick Start: installation workflow now with Interserver Sync. (bnc#835013) * Install Guide: improve spacecmd description. (bnc#842209) * Client Config and Reference: No SP migration rollback. (bnc#844241) * Install Guide: warning aobut custom channel names. (bnc#844257) * More info on snapshots. (bnc#844265) * Reference: replace misleading example. (bnc#845470) * Install Guide: proxy configuration option. (bnc#846431) * Install Guide: fix typo. (bnc#847408) * Reference: cobbler clarification. (bnc#847514) * Renaming SUSE Manager server is unsupported. (bnc#847662) * Install Guide: improve backing up database description. (bnc#849225) * Reference: enabling monitoring. (bnc#849411) * Fix file names of images to make them visible at suse.com. (bnc#850280) * Also fix various Novell doc comments. spacewalk-doc-indexes: * Create current index. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-suse-manager-docs-201312-8605 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.0.4]: spacewalk-doc-indexes-1.7.0.4-0.5.3 susemanager-client-config_en-pdf-1.7-0.21.3 susemanager-install_en-pdf-1.7-0.21.3 susemanager-jsp_en-1.7-0.21.3 susemanager-manuals_en-1.7-0.21.3 susemanager-proxy-quick_en-pdf-1.7-0.21.3 susemanager-quick_en-pdf-1.7-0.21.3 susemanager-reference_en-pdf-1.7-0.21.3 References: https://bugzilla.novell.com/788758 https://bugzilla.novell.com/835013 https://bugzilla.novell.com/842209 https://bugzilla.novell.com/844241 https://bugzilla.novell.com/844257 https://bugzilla.novell.com/844265 https://bugzilla.novell.com/845470 https://bugzilla.novell.com/846206 https://bugzilla.novell.com/846431 https://bugzilla.novell.com/847408 https://bugzilla.novell.com/847514 https://bugzilla.novell.com/847662 https://bugzilla.novell.com/849225 https://bugzilla.novell.com/849411 https://bugzilla.novell.com/850280 http://download.novell.com/patch/finder/?keywords=c639db09c03ac82fbce3d94cd2407055 From sle-updates at lists.suse.com Wed Dec 18 16:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Dec 2013 00:04:12 +0100 (CET) Subject: SUSE-RU-2013:1914-1: important: Recommended update for SUSE Manager Proxy 1.7 Message-ID: <20131218230412.7C5983213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 1.7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1914-1 Rating: important References: #823813 #847254 #849856 #850105 #850983 Affected Products: SUSE Manager Proxy 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes 8 new package versions. Description: This collective update for SUSE Manager Proxy 1.7 provides the following fixes and enhancements: osad: * Remove extraneous 'except'. * Catch jabberd connection errors. spacewalk-backend: * Replace encode/decode with to_string/to_unicode. * Make sure we put strings to fd.write(). * Python server: better logging of exceptions. * Log errors on bad request. (bnc#849856) spacewalk-certs-tools: * Include fixed version of sm-client-tools. (bnc#823813) spacewalk-client-tools: * Uptime report: respect xmlrpc's integer limits. spacewalk-proxy: * /etc/hosts doesn't work with proxies. (bnc#850983) zypp-plugin-spacewalk: * Avoid crashes when a channel's metadata contains UTF-8 data. (bnc#850105) * Call zypper with --auto-agree-with-licenses, as interactive agreement is not possible from remote. (bnc#847254) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 1.7 for SLE 11 SP2: zypper in -t patch slemap17sp2-suse-manager-proxy-201312-8660 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 1.7 for SLE 11 SP2 (x86_64) [New Version: 0.9.5 and 1.7.38.30]: spacewalk-backend-1.7.38.30-0.5.5 spacewalk-backend-libs-1.7.38.30-0.5.5 zypp-plugin-spacewalk-0.9.5-0.5.5 - SUSE Manager Proxy 1.7 for SLE 11 SP2 (noarch) [New Version: 1.2.3,1.7.12.13,1.7.14.18,1.7.28.19,1.7.3.10 and 5.10.41.10]: osad-5.10.41.10-0.5.2 sm-client-tools-1.2.3-0.5.2 spacewalk-base-minimal-1.7.28.19-0.5.2 spacewalk-certs-tools-1.7.3.10-0.5.3 spacewalk-check-1.7.14.18-0.5.2 spacewalk-client-setup-1.7.14.18-0.5.2 spacewalk-client-tools-1.7.14.18-0.5.2 spacewalk-proxy-broker-1.7.12.13-0.5.4 spacewalk-proxy-common-1.7.12.13-0.5.4 spacewalk-proxy-management-1.7.12.13-0.5.4 spacewalk-proxy-package-manager-1.7.12.13-0.5.4 spacewalk-proxy-redirect-1.7.12.13-0.5.4 References: https://bugzilla.novell.com/823813 https://bugzilla.novell.com/847254 https://bugzilla.novell.com/849856 https://bugzilla.novell.com/850105 https://bugzilla.novell.com/850983 http://download.novell.com/patch/finder/?keywords=d5ffa037d2c502ea33f89369b5672dca From sle-updates at lists.suse.com Thu Dec 19 10:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Dec 2013 18:04:11 +0100 (CET) Subject: SUSE-SU-2013:1919-1: important: Security update for Mozilla Firefox Message-ID: <20131219170411.1EB9B320A1@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1919-1 Rating: important References: #854367 #854370 Cross-References: CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. It includes two new package versions. Description: MozillaFirefox has been updated to the 24.2.0 ESR security release. This is a major upgrade from the 17 ESR release branch. Security issues fixed: * CVE-2013-5611 Application Installation doorhanger persists on navigation (MFSA 2013-105) * CVE-2013-5609 Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104) * CVE-2013-5610 Miscellaneous memory safety hazards (rv:26.0) (MFSA 2013-104) * CVE-2013-5612 Character encoding cross-origin XSS attack (MFSA 2013-106) * CVE-2013-5614 Sandbox restrictions not applied to nested object elements (MFSA 2013-107) * CVE-2013-5616 Use-after-free in event listeners (MFSA 2013-108) * CVE-2013-5619 Potential overflow in JavaScript binary search algorithms (MFSA 2013-110) * CVE-2013-6671 Segmentation violation when replacing ordered list elements (MFSA 2013-111) * CVE-2013-6673 Trust settings for built-in roots ignored during EV certificate validation (MFSA 2013-113) * CVE-2013-5613 Use-after-free in synthetic mouse movement (MFSA 2013-114) * CVE-2013-5615 GetElementIC typed array stubs can be generated outside observed typesets (MFSA 2013-115) * CVE-2013-6672 Linux clipboard information disclosure though selection paste (MFSA 2013-112) * CVE-2013-5618 Use-after-free during Table Editing (MFSA 2013-109) Security Issue references: * CVE-2013-5609 * CVE-2013-5610 * CVE-2013-5611 * CVE-2013-5612 * CVE-2013-5613 * CVE-2013-5614 * CVE-2013-5615 * CVE-2013-5616 * CVE-2013-5618 * CVE-2013-5619 * CVE-2013-6671 * CVE-2013-6672 * CVE-2013-6673 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox24-201312-8657 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox24-201312-8657 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox24-201312-8657 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox24-201312-8657 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]: MozillaFirefox-devel-24.2.0esr-0.7.1 mozilla-nss-devel-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.2.0esr and 3.15.3.1]: MozillaFirefox-24.2.0esr-0.7.1 MozillaFirefox-translations-24.2.0esr-0.7.1 libfreebl3-3.15.3.1-0.7.1 libsoftokn3-3.15.3.1-0.7.1 mozilla-nss-3.15.3.1-0.7.1 mozilla-nss-tools-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.7.1 libsoftokn3-32bit-3.15.3.1-0.7.1 mozilla-nss-32bit-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.2.0esr and 3.15.3.1]: MozillaFirefox-24.2.0esr-0.7.1 MozillaFirefox-branding-SLED-24-0.7.4 MozillaFirefox-translations-24.2.0esr-0.7.1 libfreebl3-3.15.3.1-0.7.1 libsoftokn3-3.15.3.1-0.7.1 mozilla-nss-3.15.3.1-0.7.1 mozilla-nss-tools-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.7.1 libsoftokn3-32bit-3.15.3.1-0.7.1 mozilla-nss-32bit-3.15.3.1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.15.3.1]: libfreebl3-x86-3.15.3.1-0.7.1 libsoftokn3-x86-3.15.3.1-0.7.1 mozilla-nss-x86-3.15.3.1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.2.0esr and 3.15.3.1]: MozillaFirefox-24.2.0esr-0.7.1 MozillaFirefox-branding-SLED-24-0.7.4 MozillaFirefox-translations-24.2.0esr-0.7.1 libfreebl3-3.15.3.1-0.7.1 libsoftokn3-3.15.3.1-0.7.1 mozilla-nss-3.15.3.1-0.7.1 mozilla-nss-tools-3.15.3.1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.7.1 libsoftokn3-32bit-3.15.3.1-0.7.1 mozilla-nss-32bit-3.15.3.1-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-5609.html http://support.novell.com/security/cve/CVE-2013-5610.html http://support.novell.com/security/cve/CVE-2013-5611.html http://support.novell.com/security/cve/CVE-2013-5612.html http://support.novell.com/security/cve/CVE-2013-5613.html http://support.novell.com/security/cve/CVE-2013-5614.html http://support.novell.com/security/cve/CVE-2013-5615.html http://support.novell.com/security/cve/CVE-2013-5616.html http://support.novell.com/security/cve/CVE-2013-5618.html http://support.novell.com/security/cve/CVE-2013-5619.html http://support.novell.com/security/cve/CVE-2013-6671.html http://support.novell.com/security/cve/CVE-2013-6672.html http://support.novell.com/security/cve/CVE-2013-6673.html https://bugzilla.novell.com/854367 https://bugzilla.novell.com/854370 http://download.novell.com/patch/finder/?keywords=b65ba217110f17441675bc6fc74570d4 From sle-updates at lists.suse.com Thu Dec 19 10:04:38 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Dec 2013 18:04:38 +0100 (CET) Subject: SUSE-SU-2013:1920-1: important: Security update for libfreebl3 Message-ID: <20131219170438.9D80632126@maintenance.suse.de> SUSE Security Update: Security update for libfreebl3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1920-1 Rating: important References: #854367 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: Mozilla NSS has been updated to the 3.15.3.1 security release. The update blacklists an intermediate CA that was abused to create man in the middle certificates. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-nss-201312-8648 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nss-201312-8648 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nss-201312-8648 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-nss-201312-8648 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]: mozilla-nss-devel-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.15.3.1]: libfreebl3-3.15.3.1-0.4.2.1 mozilla-nss-3.15.3.1-0.4.2.1 mozilla-nss-tools-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.4.2.1 mozilla-nss-32bit-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.15.3.1]: libfreebl3-3.15.3.1-0.4.2.1 mozilla-nss-3.15.3.1-0.4.2.1 mozilla-nss-tools-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.4.2.1 mozilla-nss-32bit-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 3.15.3.1]: libfreebl3-x86-3.15.3.1-0.4.2.1 mozilla-nss-x86-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.15.3.1]: libfreebl3-3.15.3.1-0.4.2.1 mozilla-nss-3.15.3.1-0.4.2.1 mozilla-nss-tools-3.15.3.1-0.4.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 3.15.3.1]: libfreebl3-32bit-3.15.3.1-0.4.2.1 mozilla-nss-32bit-3.15.3.1-0.4.2.1 References: https://bugzilla.novell.com/854367 http://download.novell.com/patch/finder/?keywords=a417469719590c5d5345b9512a640f6b From sle-updates at lists.suse.com Thu Dec 19 11:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Dec 2013 19:04:10 +0100 (CET) Subject: SUSE-RU-2013:1922-1: Recommended update for vm-install Message-ID: <20131219180410.A07F532126@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1922-1 Rating: low References: #818222 #825292 #838791 Affected Products: SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update for vm-install provides the following fixes: * Fix user interface issue when changing a NIC's MAC on Xen guests. (bnc#838791) * Fix PXE boot max memory less that initial memory. (bnc#825292) * Work around libvirt internal client socket error. (bnc#825292) * Allow creation of VMs with up to 255 virtual CPUs. (bnc#818222) * Set default for NetWare disks to non-sparse for performance reasons. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-vm-install-8593 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-vm-install-8593 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (i586 s390x x86_64) [New Version: 0.6.24]: vm-install-0.6.24-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.6.24]: vm-install-0.6.24-0.7.1 References: https://bugzilla.novell.com/818222 https://bugzilla.novell.com/825292 https://bugzilla.novell.com/838791 http://download.novell.com/patch/finder/?keywords=a5167bdf8906a5d5ea7a32af366f6967 From sle-updates at lists.suse.com Thu Dec 19 14:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Dec 2013 22:04:11 +0100 (CET) Subject: SUSE-SU-2013:1923-1: moderate: Security update for Xen Message-ID: <20131219210411.56F7E320F0@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1923-1 Rating: moderate References: #833483 #840997 #842417 #846849 #848014 #848657 #849665 #849667 #849668 #851386 Cross-References: CVE-2013-1922 CVE-2013-2007 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: The Xen hypervisor and tool-suite have been updated to fix security issues and bugs: * CVE-2013-4494: XSA-73: A lock order reversal between page allocation and grant table locks could lead to host crashes or even host code execution. * CVE-2013-4553: XSA-74: A lock order reversal between page_alloc_lock and mm_rwlock could lead to deadlocks. * CVE-2013-4554: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests which might lead to Hypervisor escalation under specific circumstances. * CVE-2013-6375: XSA-78: Insufficient TLB flushing in VT-d (iommu) code could lead to access of memory that was revoked. * CVE-2013-4551: XSA-75: A host crash due to guest VMX instruction execution was fixed. Non-security bugs have also been fixed: * bnc#840997: It is possible to start a VM twice on the same node. * bnc#842417: In HP's UEFI x86_64 platform and SLES 11-SP3, dom0 will could lock-up on multiple blades nPar. * bnc#848014: Xen Hypervisor panics on 8-blades nPar with 46-bit memory addressing. * bnc#846849: Soft lock-up with PCI pass-through and many VCPUs. * bnc#833483: Boot Failure with Xen kernel in UEFI mode with error "No memory for trampoline". * Increase the maximum supported CPUs in the Hypervisor to 512. Security Issues: * CVE-2013-1922 * CVE-2013-2007 * CVE-2013-4375 * CVE-2013-4416 * CVE-2013-4494 * CVE-2013-4551 * CVE-2013-4553 * CVE-2013-4554 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xen-201311-8588 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xen-201311-8588 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xen-201311-8588 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): xen-devel-4.2.3_08-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): xen-kmp-default-4.2.3_08_3.0.101_0.8-0.7.1 xen-libs-4.2.3_08-0.7.1 xen-tools-domU-4.2.3_08-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64): xen-4.2.3_08-0.7.1 xen-doc-html-4.2.3_08-0.7.1 xen-doc-pdf-4.2.3_08-0.7.1 xen-libs-32bit-4.2.3_08-0.7.1 xen-tools-4.2.3_08-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586): xen-kmp-pae-4.2.3_08_3.0.101_0.8-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xen-kmp-default-4.2.3_08_3.0.101_0.8-0.7.1 xen-libs-4.2.3_08-0.7.1 xen-tools-domU-4.2.3_08-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xen-4.2.3_08-0.7.1 xen-doc-html-4.2.3_08-0.7.1 xen-doc-pdf-4.2.3_08-0.7.1 xen-libs-32bit-4.2.3_08-0.7.1 xen-tools-4.2.3_08-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586): xen-kmp-pae-4.2.3_08_3.0.101_0.8-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-1922.html http://support.novell.com/security/cve/CVE-2013-2007.html http://support.novell.com/security/cve/CVE-2013-4375.html http://support.novell.com/security/cve/CVE-2013-4416.html http://support.novell.com/security/cve/CVE-2013-4494.html http://support.novell.com/security/cve/CVE-2013-4551.html http://support.novell.com/security/cve/CVE-2013-4553.html http://support.novell.com/security/cve/CVE-2013-4554.html https://bugzilla.novell.com/833483 https://bugzilla.novell.com/840997 https://bugzilla.novell.com/842417 https://bugzilla.novell.com/846849 https://bugzilla.novell.com/848014 https://bugzilla.novell.com/848657 https://bugzilla.novell.com/849665 https://bugzilla.novell.com/849667 https://bugzilla.novell.com/849668 https://bugzilla.novell.com/851386 http://download.novell.com/patch/finder/?keywords=08d096221c1d89c9a950f559d38dccd0 From sle-updates at lists.suse.com Fri Dec 20 09:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Dec 2013 17:04:10 +0100 (CET) Subject: SUSE-SU-2013:1866-2: moderate: Security update for strongswan Message-ID: <20131220160410.A56C532126@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1866-2 Rating: moderate References: #833278 #840826 #847506 Cross-References: CVE-2013-5018 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This strongswan update fixes security issues and bugs: * CVE-2013-5018: Specially crafted XAuth usernames and EAP identities can cause a crash in strongswan. * CVE-2013-6075: A crafted ID packet can be used by remote attackers to crash the server or potentially gain authentication privileges under certain circumstances. Also a bug with route recursion limits was fixed: * Charon SEGFAULT when left=%any / recursion limit. (bnc#840826) Security Issues: * CVE-2013-5018 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-strongswan-8489 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-strongswan-8489 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-strongswan-8489 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): strongswan-4.4.0-6.21.1 strongswan-doc-4.4.0-6.21.1 References: http://support.novell.com/security/cve/CVE-2013-5018.html https://bugzilla.novell.com/833278 https://bugzilla.novell.com/840826 https://bugzilla.novell.com/847506 http://download.novell.com/patch/finder/?keywords=f4cb1e26e54ac7b57f6e81a2c156db7d From sle-updates at lists.suse.com Fri Dec 20 11:04:12 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Dec 2013 19:04:12 +0100 (CET) Subject: SUSE-RU-2013:1925-1: moderate: Recommended update for python-configshell Message-ID: <20131220180412.74B4332157@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-configshell ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1925-1 Rating: moderate References: #828485 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-configshell removes the runtime dependency on epydoc. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-configshell-8591 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-configshell-8591 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): python-configshell-1.1-0.9.1 python-configshell-doc-1.1-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-configshell-1.1-0.9.1 python-configshell-doc-1.1-0.9.1 References: https://bugzilla.novell.com/828485 http://download.novell.com/patch/finder/?keywords=25b8586abce024c6bd0b72f6c26ae60f From sle-updates at lists.suse.com Fri Dec 20 14:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Dec 2013 22:04:10 +0100 (CET) Subject: SUSE-SU-2013:1926-1: moderate: Security update for apache2-mod_nss Message-ID: <20131220210410.921BE3213C@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1926-1 Rating: moderate References: #853039 Cross-References: CVE-2013-4566 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issues with apache2-mod_nss: * bnc#853039: client certificate verification problematic (CVE-2013-4566) Security Issue reference: * CVE-2013-4566 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_nss-8611 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_nss-8611 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_nss-8610 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_nss-8610 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_nss-1.0.8-0.4.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.8-0.4.7.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_nss-1.0.8-0.4.7.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.8-0.4.7.1 References: http://support.novell.com/security/cve/CVE-2013-4566.html https://bugzilla.novell.com/853039 http://download.novell.com/patch/finder/?keywords=1f3e93c48200fcc7b35a097c90b110e2 http://download.novell.com/patch/finder/?keywords=85abee98c108f910ec3585a8f134d120 From sle-updates at lists.suse.com Mon Dec 23 12:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Dec 2013 20:04:11 +0100 (CET) Subject: SUSE-SU-2013:1866-3: moderate: Security update for strongswan Message-ID: <20131223190411.626FA320E8@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1866-3 Rating: moderate References: #833278 #840826 #847506 Cross-References: CVE-2013-5018 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This strongswan update fixes security issues and bugs: * CVE-2013-5018: Specially crafted XAuth usernames and EAP identities can cause a crash in strongswan. * CVE-2013-6075: A crafted ID packet can be used by remote attackers to crash the server or potentially gain authentication privileges under certain circumstances. Also a bug with route recursion limits was fixed: * Charon SEGFAULT when left=%any / recursion limit (bnc#840826). Security Issues: * CVE-2013-5018 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): strongswan-4.4.0-6.15.1 strongswan-doc-4.4.0-6.15.1 References: http://support.novell.com/security/cve/CVE-2013-5018.html https://bugzilla.novell.com/833278 https://bugzilla.novell.com/840826 https://bugzilla.novell.com/847506 http://download.novell.com/patch/finder/?keywords=e6c589e7bbb7423af132803861e03b33 From sle-updates at lists.suse.com Mon Dec 23 13:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Dec 2013 21:04:10 +0100 (CET) Subject: SUSE-RU-2013:1949-1: moderate: Recommended update for WALinuxAgent Message-ID: <20131223200410.7DB70320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for WALinuxAgent ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1949-1 Rating: moderate References: #827744 #851550 Affected Products: SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: WALinuxAgent has been updated to version 2.0.1, which brings many fixes and enhancements: * Add support for CustomData * Add exception handling for external consumer scripts * Save/Restore SELinux state during provision * Support for wire protocol * Fixed DVD detection for non-en locales * Fixed unhandled socket exception (Util.HttpPost/Util._HttpGet). * Fixed missing newline in the init script (bnc#827744) For a comprehensive list of fixes, refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-WALinuxAgent-8590 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-WALinuxAgent-8589 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (noarch): WALinuxAgent-2.0.1-0.7.1 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 2.0.1]: WALinuxAgent-2.0.1-0.7.1 References: https://bugzilla.novell.com/827744 https://bugzilla.novell.com/851550 http://download.novell.com/patch/finder/?keywords=6a463fec73f7029af25e7c2e59c82d0d http://download.novell.com/patch/finder/?keywords=846ef12b144406830ed06ca0b6f5f92b From sle-updates at lists.suse.com Fri Dec 27 09:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Dec 2013 17:04:10 +0100 (CET) Subject: SUSE-RU-2013:1966-1: Recommended update for python-lxml Message-ID: <20131227160410.C2253320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-lxml ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1966-1 Rating: low References: #657698 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SUSE Cloud 2.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue with python-lxml: * bnc#657698: python-lxml must not require pyxml Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-lxml-8567 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-lxml-8567 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-lxml-8567 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-lxml-8567 - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-python-lxml-8567 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-lxml-2.3.6-0.11.1 python-lxml-doc-2.3.6-0.11.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): python-lxml-2.3.6-0.11.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-lxml-2.3.6-0.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): python-lxml-2.3.6-0.11.1 - SUSE Cloud 2.0 (x86_64): python-lxml-2.3.6-0.11.1 References: https://bugzilla.novell.com/657698 http://download.novell.com/patch/finder/?keywords=4af0b419b5b9517558659cb2ab4da0a0 From sle-updates at lists.suse.com Fri Dec 27 10:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Dec 2013 18:04:10 +0100 (CET) Subject: SUSE-SU-2013:1967-1: important: Security update for acroread Message-ID: <20131227170410.7A268320F2@maintenance.suse.de> SUSE Security Update: Security update for acroread ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1967-1 Rating: important References: #843835 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: Adobe has discontinued the support of Adobe Reader for Linux in June 2013. Newer security problems and bugs are no longer fixed. As the Adobe Reader is binary only software and we cannot provide a replacement, SUSE declares the acroread package of Adobe Reader as being out of support and unmaintained. If you do not need Acrobat Reader, we recommend to uninstall the "acroread" package. This update removes the Acrobat Reader PDF plugin to avoid automatic exploitation by clicking on web pages with embedded PDFs. The stand alone "acroread" binary is still available, but again, we do not recommend to use it. Indications: For all Acrobat Reader users. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-acroread-8689 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-acroread-8688 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (noarch): acroread-cmaps-9.4.6-0.4.5.1 acroread-fonts-ja-9.4.6-0.4.5.1 acroread-fonts-ko-9.4.6-0.4.5.1 acroread-fonts-zh_CN-9.4.6-0.4.5.1 acroread-fonts-zh_TW-9.4.6-0.4.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586): acroread-9.5.5-0.5.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): acroread-cmaps-9.4.6-0.4.5.1 acroread-fonts-ja-9.4.6-0.4.5.1 acroread-fonts-ko-9.4.6-0.4.5.1 acroread-fonts-zh_CN-9.4.6-0.4.5.1 acroread-fonts-zh_TW-9.4.6-0.4.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.5]: acroread-9.5.5-0.5.5.1 acroread_ja-9.4.2-0.4.1 References: https://bugzilla.novell.com/843835 http://download.novell.com/patch/finder/?keywords=1ba40421128e83afa47923da7fa45a4e http://download.novell.com/patch/finder/?keywords=622bc5e164e4f99a6b0b90dded3112a4 From sle-updates at lists.suse.com Fri Dec 27 15:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Dec 2013 23:04:10 +0100 (CET) Subject: SUSE-RU-2013:1969-1: moderate: Recommended update for cluster-glue, crmsh, libqb, openais, pacemaker, resource-agents, sbd and sleha-bootstrap Message-ID: <20131227220410.50192320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for cluster-glue, crmsh, libqb, openais, pacemaker, resource-agents, sbd and sleha-bootstrap ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1969-1 Rating: moderate References: #829492 #833374 #836759 #836965 #838358 #840606 #841010 #841155 #842186 #842204 #842471 #842915 #843647 #843699 #845336 #845510 #846360 #848114 #849595 #851951 #853651 #854060 #854783 #854926 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has 24 recommended fixes can now be installed. It includes four new package versions. Description: This collective update for the High Availability Extension 11 SP3 provides many fixes and enhancements. Of particular importance, the Pacemaker update introduces a behavior change that might prevent the DLM resource (ocf:pacemaker:controld) from starting if stonith-enabled is set to "false". This change was needed because the DLM and all services depending on it such as cLVM2 and OCFS2 cannot recover properly if stonith-enabled="false". They will silently fail and block forever in case of a node failure or split-brain scenario that cannot be resolved without fencing. So these services should not started (to avoid data corruption) if stonith is explicitly disabled. The stonith-enabled check can be overridden by configuring the parameter allow_stonith_disabled="true" in the DLM resource, allowing the resource to start even if stonith-enabled="false". This is not recommended for production environments. Additionally, the following customer reported issues are fixed by this update: cluster-glue: * hb_report: Fix test for the root user. * hb_report: Add support for the rfc5424 syslog date format. * hb_report: Add -X option for extra ssh options. (FATE#314906) crmsh (updated to version 1.2.6): * doc: Explain groups in more detail. (bnc#845336) * node: Clear state new way since Pacemaker 1.1.8. (bnc#843699) * cibconf: Fix rsc_template referencing. (savannah#40011) * history: Add support for rfc5242 date format in syslog. * cibconfig: Improve performance when testing if resources are running. libqb (updated to version 0.16.0): * ipc: Merge multiple fixes and enhancements to IPC code. openais: * init script: Export LRMD_MAX_CHILDREN from /etc/sysconfig/pacemaker. (bnc#838358) pacemaker (updated to version 1.1.10): * report: Add support for xz compressed logs. (bnc#854060) * cts: Install cib_xml.py. (bnc#854926) * cmr_resource: Remove unnecessary newlines in crm_resource -O output. (bnc#853651) * pengine: Do not check the allocation of resources during a collocation preview. (bnc#849595) * crmd: Add multiple fixes and enhancements to throttling code. (bnc#838358) * election/fencing: Fix the casts that would result in incorrect values for big-endian systems. (bnc#842915) * crm_resource: Wait for the correct number of replies when cleaning up resources. (bnc#842204) * crm_resource: Wait for all replies when cleaning up resources. (bnc#842204) * crm_master: Avoid sending redundant "--node" options to crm_attribute. (bnc#846360) * crm_resource: Wait for a reply for each request to crmd. (bnc#842204) * plugin: Reset the scheduling policy of daemons to SCHED_OTHER with nice value -10. (bnc#843647) * lrmd: Correctly cancel monitor actions for lsb/systemd/service resources on cleaning up. (bnc#842471) * plugin: stonith-ng needs membership updates. (bnc#841010) * controld: Don't start dlm if stonith-enabled is false. (bnc#842186, FATE#315195) * controld: Allow the stonith-enabled check to be overridden. (bnc#842186, FATE#315195) * cib: Support XML comments in diffs. (bnc#836965) * pengine: Distinguish between the agent being missing and something the agent needs being missing. (bnc#833374) * cluster: Correctly construct the header for compressed messages. (bnc#851951) pacemaker-mgmt: * mgmtd: Use services_ocf_exitcode_str() if available instead of lrmd_event_rc2str(). resource-agents: * Xen: Fix logic in Xen_Status_with_Retry. (bnc#841155) * Xen: Retry domain lookup in repeating monitor and stop. (bnc#841155) * ldirector: Fix using service name instead of port number. (bnc#836759) * eDir88: Implement multiple IP support. (bnc#829492) * LVM: Retry deactivating vg allowing udev to settle. (bnc#848114) sbd (updated to version 1.2.1): * sbd: Re-validate dev header and node slot mbox read. (bnc#845510) * agent: Detect if the stonith-timeout is too low. (bnc#841010) * agent: Auto-correct pacemaker configuration if a too short timeout is detected (can be disabled using the timeout_bypass option). (bnc#841010) sleha-bootstrap: * Fix subnet match in network detection. (bnc#854783) * Warn on partprobe failure instead of hard error. (bnc#840606) The list above is not comprehensive. For details, please refer to the individual package change logs and Bugzilla. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-slehae-201312-8673 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-slehae-201312-8673 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.16.0]: libqb-devel-0.16.0-0.7.4 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.16.0,1.1.10,1.2.1 and 1.2.6]: cluster-glue-1.0.11-0.19.4 crmsh-1.2.6-0.25.4 ldirectord-3.9.5-0.32.22 libglue-devel-1.0.11-0.19.4 libglue2-1.0.11-0.19.4 libopenais-devel-1.1.4-5.17.5 libopenais3-1.1.4-5.17.5 libpacemaker-devel-1.1.10-0.9.28 libpacemaker3-1.1.10-0.9.28 libqb-devel-0.16.0-0.7.4 libqb0-0.16.0-0.7.4 nagios-plugins-metadata-3.9.5-0.32.22 openais-1.1.4-5.17.5 pacemaker-1.1.10-0.9.28 pacemaker-mgmt-2.1.2-0.11.4 pacemaker-mgmt-client-2.1.2-0.11.4 pacemaker-mgmt-devel-2.1.2-0.11.4 resource-agents-3.9.5-0.32.22 sbd-1.2.1-0.7.22 - SUSE Linux Enterprise High Availability Extension 11 SP3 (noarch): sleha-bootstrap-0.3-0.26.1 References: https://bugzilla.novell.com/829492 https://bugzilla.novell.com/833374 https://bugzilla.novell.com/836759 https://bugzilla.novell.com/836965 https://bugzilla.novell.com/838358 https://bugzilla.novell.com/840606 https://bugzilla.novell.com/841010 https://bugzilla.novell.com/841155 https://bugzilla.novell.com/842186 https://bugzilla.novell.com/842204 https://bugzilla.novell.com/842471 https://bugzilla.novell.com/842915 https://bugzilla.novell.com/843647 https://bugzilla.novell.com/843699 https://bugzilla.novell.com/845336 https://bugzilla.novell.com/845510 https://bugzilla.novell.com/846360 https://bugzilla.novell.com/848114 https://bugzilla.novell.com/849595 https://bugzilla.novell.com/851951 https://bugzilla.novell.com/853651 https://bugzilla.novell.com/854060 https://bugzilla.novell.com/854783 https://bugzilla.novell.com/854926 http://download.novell.com/patch/finder/?keywords=80f50c88f3d5d20036fab32b3f83c613 From sle-updates at lists.suse.com Mon Dec 30 11:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Dec 2013 19:04:10 +0100 (CET) Subject: SUSE-RU-2013:1970-1: important: Recommended update for timezone Message-ID: <20131230180410.B3FFB32126@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1970-1 Rating: important References: #856305 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest timezone information for your system. The changes in detail are: * Jordan switches back to standard time at 00:00 on December 20 2013 * The compile-time flag NOSOLAR has been removed * The files solar87, solar88, solar89 are no longer distributed. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-timezone-2013i-8693 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-timezone-2013i-8692 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-timezone-2013i-8693 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-timezone-2013i-8693 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-timezone-2013i-8692 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-timezone-2013i-8692 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-timezone-2013i-8693 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-timezone-2013i-8692 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 2013i]: timezone-java-2013i-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (noarch): timezone-java-2013i-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2013i]: timezone-2013i-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2013i]: timezone-java-2013i-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2013i]: timezone-2013i-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2013i]: timezone-java-2013i-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2013i]: timezone-2013i-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 2013i]: timezone-java-2013i-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2013i]: timezone-2013i-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 2013i]: timezone-java-2013i-0.6.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2013i]: timezone-2013i-0.6.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2013i]: timezone-java-2013i-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2013i]: timezone-2013i-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 2013i]: timezone-java-2013i-0.6.1 References: https://bugzilla.novell.com/856305 http://download.novell.com/patch/finder/?keywords=045564a071c7131a8ce9e6acdf0ddca8 http://download.novell.com/patch/finder/?keywords=a83379e559bff63f5ded09fdcce1066a From sle-updates at lists.suse.com Tue Dec 31 08:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Dec 2013 16:04:09 +0100 (CET) Subject: SUSE-RU-2013:1972-1: Recommended update for xkeyboard-config Message-ID: <20131231150409.5B8ED32126@maintenance.suse.de> SUSE Recommended Update: Recommended update for xkeyboard-config ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1972-1 Rating: low References: #773804 #821683 #849906 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for xkeyboard-config provides the following fixes: * On the Netherlands keyboard layout, Alt-Gr + key-5 should send the "1/2" symbol instead of the "Euro" symbol. (bnc#849906) * On the Portuguese keyboard layout, Alt-Gr + key-< should send the backslash ("\") instead of the pipe ("|") symbol. (bnc#821683) * Add missing backslash/bar mapping to "us" international variants. (bnc#773804) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xkeyboard-config-8563 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xkeyboard-config-8563 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xkeyboard-config-8562 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xkeyboard-config-8562 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xkeyboard-config-8563 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xkeyboard-config-8562 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): xkeyboard-config-1.5-4.44.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): xkeyboard-config-1.5-4.44.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): xkeyboard-config-1.5-4.44.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): xkeyboard-config-1.5-4.44.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): xkeyboard-config-1.5-4.44.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): xkeyboard-config-1.5-4.44.1 References: https://bugzilla.novell.com/773804 https://bugzilla.novell.com/821683 https://bugzilla.novell.com/849906 http://download.novell.com/patch/finder/?keywords=555cdad487f8c6429d33d45eb07a8cd7 http://download.novell.com/patch/finder/?keywords=6c4fd004c07016f25f042cc42420e5b5