From sle-updates at lists.suse.com Wed Oct 2 12:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Oct 2013 20:04:13 +0200 (CEST) Subject: SUSE-RU-2013:1518-1: Recommended update for release-notes-sled Message-ID: <20131002180413.1C017320AE@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1518-1 Rating: low References: #836922 #838463 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for the Release Notes for SUSE Linux Enterprise Desktop 11 SP3 provides the following changes: * FreeRDP is going to replace rdesktop (bnc#836922, via fate#311422) * Migrating to SLE 11 SP3 using zypper (bnc#838463). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-release-notes-sled-8341 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 11.3.23]: release-notes-sled-11.3.23-0.7.1 References: https://bugzilla.novell.com/836922 https://bugzilla.novell.com/838463 http://download.novell.com/patch/finder/?keywords=99b13f5a83e492aabfd159f93b1bf02c From sle-updates at lists.suse.com Wed Oct 2 14:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Oct 2013 22:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1519-1: moderate: Security update for openstack-swift Message-ID: <20131002200410.05C0832167@maintenance.suse.de> SUSE Security Update: Security update for openstack-swift ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1519-1 Rating: moderate References: #833059 Cross-References: CVE-2013-4155 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This openstack-swift update fixes a Denial of Service issue. * bnc#833059: VUL-1: CVE-2013-4155: openstack-swift: Denial of Service using superfluous object tombstones Security Issue reference: * CVE-2013-4155 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-openstack-swift-8351 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): openstack-swift-1.4.8+git.1332408124.4a6fead-0.15.1 openstack-swift-account-1.4.8+git.1332408124.4a6fead-0.15.1 openstack-swift-container-1.4.8+git.1332408124.4a6fead-0.15.1 openstack-swift-doc-1.4.8+git.1332408124.4a6fead-0.15.1 openstack-swift-object-1.4.8+git.1332408124.4a6fead-0.15.1 openstack-swift-proxy-1.4.8+git.1332408124.4a6fead-0.15.1 python-swift-1.4.8+git.1332408124.4a6fead-0.15.1 References: http://support.novell.com/security/cve/CVE-2013-4155.html https://bugzilla.novell.com/833059 http://download.novell.com/patch/finder/?keywords=0734295a7d58787e52f00a40a0ca179c From sle-updates at lists.suse.com Wed Oct 2 14:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Oct 2013 22:04:14 +0200 (CEST) Subject: SUSE-SU-2013:1520-1: critical: Security update for icedtea-web Message-ID: <20131002200414.981AA32167@maintenance.suse.de> SUSE Security Update: Security update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1520-1 Rating: critical References: #840572 Cross-References: CVE-2012-4540 CVE-2013-4349 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This icedtea-web update adds a missing fix for an off-by-one heap-based buffer overflow. bnc#840572: CVE-2013-4349: icedtea-web 1.4.1 fixes the missing patch for CVE-2012-4540. Security Issues: * CVE-2012-4540 * CVE-2013-4349 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-icedtea-web-8358 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-icedtea-web-8357 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.4.1]: icedtea-web-1.4.1-0.11.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.4.1]: icedtea-web-1.4.1-0.8.1 References: http://support.novell.com/security/cve/CVE-2012-4540.html http://support.novell.com/security/cve/CVE-2013-4349.html https://bugzilla.novell.com/840572 http://download.novell.com/patch/finder/?keywords=e1679e6b7d33fb8b6dd05a7bbe7b1720 http://download.novell.com/patch/finder/?keywords=fb1fc7110968b46c3b519aa8f5760a4d From sle-updates at lists.suse.com Wed Oct 2 14:04:19 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Oct 2013 22:04:19 +0200 (CEST) Subject: SUSE-SU-2013:1521-1: moderate: Security update for openstack-nova, Message-ID: <20131002200419.12C1E32167@maintenance.suse.de> SUSE Security Update: Security update for openstack-nova, ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1521-1 Rating: moderate References: #833739 #836358 #837018 Cross-References: CVE-2013-2256 CVE-2013-4185 CVE-2013-4278 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This openstack-nova update fixes several security issues: * bnc#833739: CVE-2013-4185: network source security groups denial of service * bnc#836358: CVE-2013-4278: private flavors resource limit circumvention * bnc#837018: CVE-2013-2256: Resource limit circumvention in Nova private flavors Security Issue references: * CVE-2013-4185 * CVE-2013-4278 * CVE-2013-2256 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-openstack-nova-8350 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): openstack-nova-2012.1+git.1364234478.e52e691-0.9.2 openstack-nova-api-2012.1+git.1364234478.e52e691-0.9.2 openstack-nova-cert-2012.1+git.1364234478.e52e691-0.9.2 openstack-nova-compute-2012.1+git.1364234478.e52e691-0.9.2 openstack-nova-network-2012.1+git.1364234478.e52e691-0.9.2 openstack-nova-objectstore-2012.1+git.1364234478.e52e691-0.9.2 openstack-nova-scheduler-2012.1+git.1364234478.e52e691-0.9.2 openstack-nova-vncproxy-2012.1+git.1364234478.e52e691-0.9.2 openstack-nova-volume-2012.1+git.1364234478.e52e691-0.9.2 python-nova-2012.1+git.1364234478.e52e691-0.9.2 References: http://support.novell.com/security/cve/CVE-2013-2256.html http://support.novell.com/security/cve/CVE-2013-4185.html http://support.novell.com/security/cve/CVE-2013-4278.html https://bugzilla.novell.com/833739 https://bugzilla.novell.com/836358 https://bugzilla.novell.com/837018 http://download.novell.com/patch/finder/?keywords=bbbdb2ae6b576221a6801e37cff4c9be From sle-updates at lists.suse.com Wed Oct 2 14:04:24 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Oct 2013 22:04:24 +0200 (CEST) Subject: SUSE-SU-2013:1522-1: moderate: Security update for Samba Message-ID: <20131002200424.7CAF732167@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1522-1 Rating: moderate References: #829969 Cross-References: CVE-2013-4124 Affected Products: SUSE Linux Enterprise Server 10 GPLv3 Extras ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The Samba server suite received a security update to fix a denial of service problem in integer wrap protection. (CVE-2013-4124) Security Issue reference: * CVE-2013-4124 Package List: - SUSE Linux Enterprise Server 10 GPLv3 Extras (i586 ia64 ppc s390x x86_64): libnetapi-devel-3.4.3-0.49.1 libnetapi0-3.4.3-0.49.1 libtalloc-devel-3.4.3-0.49.1 libtalloc1-3.4.3-0.49.1 libtdb-devel-3.4.3-0.49.1 libtdb1-3.4.3-0.49.1 libwbclient-devel-3.4.3-0.49.1 libwbclient0-3.4.3-0.49.1 samba-gplv3-3.4.3-0.49.1 samba-gplv3-client-3.4.3-0.49.1 samba-gplv3-krb-printing-3.4.3-0.49.1 samba-gplv3-winbind-3.4.3-0.49.1 - SUSE Linux Enterprise Server 10 GPLv3 Extras (noarch): samba-gplv3-doc-3.4.3-0.49.1 References: http://support.novell.com/security/cve/CVE-2013-4124.html https://bugzilla.novell.com/829969 http://download.novell.com/patch/finder/?keywords=09fec2c6f53c158b65dddd5b91aa3aa9 From sle-updates at lists.suse.com Fri Oct 4 19:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Oct 2013 03:04:11 +0200 (CEST) Subject: SUSE-RU-2013:1524-1: Recommended update for kernel-firmware Message-ID: <20131005010411.84DBD3208D@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1524-1 Rating: low References: #796821 #805371 #811263 #822716 #824785 #827613 #829473 #832311 #832342 #832343 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for kernel-firmware provides the following enhancements: * Add the new Intel Wilkins Peak BT firmwares (version 2e) * Update rtl_nic/rtl8168e-3.fw to its current version and add rtl8168f-{1, 2}.fw * Add firmware for Realtek RTL8188EE * Remove duplicated sb16/* and yamaha/* firmware files that conflict with alsa-firmware package * Add firmware files for Wilkins Peak 1/2 WiFi (FATE#313607) * Update ar3k firmwares to v20130729 to fix loading errors. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-firmware-8290 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-firmware-8290 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-firmware-8290 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): kernel-firmware-20110923-0.48.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): kernel-firmware-20110923-0.48.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): kernel-firmware-20110923-0.48.1 References: https://bugzilla.novell.com/796821 https://bugzilla.novell.com/805371 https://bugzilla.novell.com/811263 https://bugzilla.novell.com/822716 https://bugzilla.novell.com/824785 https://bugzilla.novell.com/827613 https://bugzilla.novell.com/829473 https://bugzilla.novell.com/832311 https://bugzilla.novell.com/832342 https://bugzilla.novell.com/832343 http://download.novell.com/patch/finder/?keywords=35dc53f11f51d28562e0372d34a4e727 From sle-updates at lists.suse.com Fri Oct 4 19:04:16 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 5 Oct 2013 03:04:16 +0200 (CEST) Subject: SUSE-RU-2013:1525-1: Recommended update for kernel-firmware Message-ID: <20131005010416.0A1A33208D@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1525-1 Rating: low References: #805371 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-firmware provides the following enhancement: * Update rtl_nic/rtl8168e-3.fw to the latest version and add rtl8168f-{1,2}.fw. (bnc#805371) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-firmware-8118 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-firmware-8118 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-firmware-8118 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): kernel-firmware-20110923-0.19.23.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): kernel-firmware-20110923-0.19.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): kernel-firmware-20110923-0.19.23.1 References: https://bugzilla.novell.com/805371 http://download.novell.com/patch/finder/?keywords=88ff2e42afe80e15191206ec1d1ede36 From sle-updates at lists.suse.com Mon Oct 7 14:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Oct 2013 22:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1529-1: important: Security update for mysql, mysql-client Message-ID: <20131007200411.7844632274@maintenance.suse.de> SUSE Security Update: Security update for mysql, mysql-client ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1529-1 Rating: important References: #734436 #768832 #780019 #789263 #791863 #792332 #803040 #830086 #834028 #834967 #837801 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: This version upgrade of mysql to 5.5.33 fixed multiple security issues: * CVE-2013-1861 CVE-2013-3783 CVE-2013-3793 CVE-2013-3794 * CVE-2013-3795 CVE-2013-3796 CVE-2013-3798 CVE-2013-3801 * CVE-2013-3802 CVE-2013-3804 CVE-2013-3805 CVE-2013-3806 * CVE-2013-3807 CVE-2013-3808 CVE-2013-3809 CVE-2013-3810 * CVE-2013-3811 CVE-2013-3812 Additionally, it contains numerous bug fixes and improvements.: * fixed mysqldump with MySQL 5.0 (bnc#768832) * fixed log rights (bnc#789263 and bnc#803040 and bnc#792332) * binlog disabled in default configuration (bnc#791863) * fixed dependencies for client package (bnc#780019) * minor polishing of spec/installation * avoid file conflicts with mytop * better fix for hardcoded libdir issue * fixed hardcoded plugin paths (bnc#834028) * use chown --no-dereference instead of chown to improve security (bnc#834967) * adjust to spell !includedir correctly in /etc/my.cnf (bnc#734436) * typo in init script stops database on update (bnc#837801) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libmysql55client18-8364 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libmysql55client18-8364 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libmysql55client18-8364 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libmysql55client18-8364 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.33-0.11.1 libmysqlclient_r15-32bit-5.0.96-0.6.9 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libmysql55client_r18-x86-5.5.33-0.11.1 libmysqlclient_r15-x86-5.0.96-0.6.9 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 5.5.33]: libmysql55client18-5.5.33-0.11.1 libmysql55client_r18-5.5.33-0.11.1 libmysqlclient15-5.0.96-0.6.9 libmysqlclient_r15-5.0.96-0.6.9 mysql-5.5.33-0.11.1 mysql-client-5.5.33-0.11.1 mysql-tools-5.5.33-0.11.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 5.5.33]: libmysql55client18-32bit-5.5.33-0.11.1 libmysqlclient15-32bit-5.0.96-0.6.9 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.5.33]: libmysql55client18-5.5.33-0.11.1 libmysql55client_r18-5.5.33-0.11.1 libmysqlclient15-5.0.96-0.6.9 libmysqlclient_r15-5.0.96-0.6.9 mysql-5.5.33-0.11.1 mysql-client-5.5.33-0.11.1 mysql-tools-5.5.33-0.11.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 5.5.33]: libmysql55client18-32bit-5.5.33-0.11.1 libmysqlclient15-32bit-5.0.96-0.6.9 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 5.5.33]: libmysql55client18-x86-5.5.33-0.11.1 libmysqlclient15-x86-5.0.96-0.6.9 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 5.5.33]: libmysql55client18-5.5.33-0.11.1 libmysql55client_r18-5.5.33-0.11.1 libmysqlclient15-5.0.96-0.6.9 libmysqlclient_r15-5.0.96-0.6.9 mysql-5.5.33-0.11.1 mysql-client-5.5.33-0.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 5.5.33]: libmysql55client18-32bit-5.5.33-0.11.1 libmysql55client_r18-32bit-5.5.33-0.11.1 libmysqlclient15-32bit-5.0.96-0.6.9 libmysqlclient_r15-32bit-5.0.96-0.6.9 References: https://bugzilla.novell.com/734436 https://bugzilla.novell.com/768832 https://bugzilla.novell.com/780019 https://bugzilla.novell.com/789263 https://bugzilla.novell.com/791863 https://bugzilla.novell.com/792332 https://bugzilla.novell.com/803040 https://bugzilla.novell.com/830086 https://bugzilla.novell.com/834028 https://bugzilla.novell.com/834967 https://bugzilla.novell.com/837801 http://download.novell.com/patch/finder/?keywords=3c8dec0d92966349feb185de1d4f2146 From sle-updates at lists.suse.com Mon Oct 7 15:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Oct 2013 23:04:10 +0200 (CEST) Subject: SUSE-SU-2013:1530-1: Security update for Real Time Linux Kernel Message-ID: <20131007210410.4530832269@maintenance.suse.de> SUSE Security Update: Security update for Real Time Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1530-1 Rating: low References: #745640 #760407 #765523 #773006 #773255 #773837 #783475 #785901 #789010 #801427 #803320 #804482 #805371 #806396 #806976 #807471 #807502 #808940 #809122 #812526 #812974 #813604 #813733 #814336 #815320 #816043 #817035 #817377 #818465 #819363 #819523 #820172 #820434 #821052 #821235 #822066 #822077 #822575 #822825 #823082 #823342 #823497 #823517 #824159 #824295 #824915 #825048 #825142 #825227 #825591 #825657 #825887 #826350 #826960 #827372 #827376 #827378 #827749 #827750 #827808 #828119 #828192 #828574 #828714 #829082 #829357 #829622 #830901 #831055 #831058 #831410 #831949 Cross-References: CVE-2013-1059 CVE-2013-1774 CVE-2013-1819 CVE-2013-1929 CVE-2013-2148 CVE-2013-2164 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2851 CVE-2013-4162 CVE-2013-4163 Affected Products: SUSE Linux Enterprise Real Time 11 SP2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 60 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to version 3.0.93 and includes various bug and security fixes. The following security bugs have been fixed: * CVE-2013-2148: The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. * CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. * CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. * CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. * CVE-2013-4162: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel made an incorrect function call for pending data, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. * CVE-2013-1059: net/ceph/auth_none.c in the Linux kernel allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. * CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. * CVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. * CVE-2013-4163: The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel did not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. * CVE-2013-1929: Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. * CVE-2013-1819: The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel did not validate block numbers, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. * CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. Also the following bugs have been fixed: BTRFS: * btrfs: merge contigous regions when loading free space cache * btrfs: fix how we deal with the orphan block rsv * btrfs: fix wrong check during log recovery * btrfs: change how we indicate we are adding csums * btrfs: flush delayed inodes if we are short on space (bnc#801427). * btrfs: rework shrink_delalloc (bnc#801427). * btrfs: fix our overcommit math (bnc#801427). * btrfs: delay block group item insertion (bnc#801427). * btrfs: remove bytes argument from do_chunk_alloc (bnc#801427). * btrfs: run delayed refs first when out of space (bnc#801427). * btrfs: do not commit instead of overcommitting (bnc#801427). * btrfs: do not take inode delalloc mutex if we are a free space inode (bnc#801427). * btrfs: fix chunk allocation error handling (bnc#801427). * btrfs: remove extent mapping if we fail to add chunk (bnc#801427). * btrfs: do not overcommit if we do not have enough space for global rsv (bnc#801427). * btrfs: rework the overcommit logic to be based on the total size (bnc#801427). * btrfs: steal from global reserve if we are cleaning up orphans (bnc#801427). * btrfs: clear chunk_alloc flag on retryable failure (bnc#801427). * btrfs: use reserved space for creating a snapshot (bnc#801427). * btrfs: cleanup to make the function btrfs_delalloc_reserve_metadata more logic (bnc#801427). * btrfs: fix space leak when we fail to reserve metadata space (bnc#801427). * btrfs: fix space accounting for unlink and rename (bnc#801427). * btrfs: allocate new chunks if the space is not enough for global rsv (bnc#801427). * btrfs: various abort cleanups (bnc#812526 bnc#801427). * btrfs: simplify unlink reservations (bnc#801427). OTHER: * x86: Add workaround to NMI iret woes (bnc#831949). * x86: Do not schedule while still in NMI context (bnc#831949). * bnx2x: Avoid sending multiple statistics queries (bnc#814336). * bnx2x: protect different statistics flows (bnc#814336). * futex: Take hugepages into account when generating futex_key. * drivers/hv: util: Fix a bug in version negotiation code for util services (bnc#828714). * printk: Add NMI ringbuffer (bnc#831949). * printk: extract ringbuffer handling from vprintk (bnc#831949). * printk: NMI safe printk (bnc#831949). * printk: Make NMI ringbuffer size independent on log_buf_len (bnc#831949). * printk: Do not call console_unlock from nmi context (bnc#831949). * printk: Do not use printk_cpu from finish_printk (bnc#831949). * mlx4_en: Adding 40gb speed report for ethtool (bnc#831410). * reiserfs: Fixed double unlock in reiserfs_setattr failure path. * reiserfs: delay reiserfs lock until journal initialization (bnc#815320). * reiserfs: do not lock journal_init() (bnc#815320). * reiserfs: locking, handle nested locks properly (bnc#815320). * reiserfs: locking, push write lock out of xattr code (bnc#815320). * reiserfs: locking, release lock around quota operations (bnc#815320). * NFS: support "nosharetransport" option (bnc#807502, bnc#828192, FATE#315593). * dm mpath: add retain_attached_hw_handler feature (bnc#760407). * scsi_dh: add scsi_dh_attached_handler_name (bnc#760407). * bonding: disallow change of MAC if fail_over_mac enabled (bnc#827376). * bonding: propagate unicast lists down to slaves (bnc#773255 bnc#827372). * bonding: emit address change event also in bond_release (bnc#773255 bnc#827372). * bonding: emit event when bonding changes MAC (bnc#773255 bnc#827372). * SUNRPC: Ensure we release the socket write lock if the rpc_task exits early (bnc#830901). * ext4: force read-only unless rw=1 module option is used (fate#314864). * HID: fix unused rsize usage (bnc#783475). * HID: fix data access in implement() (bnc#783475). * xfs: fix deadlock in xfs_rtfree_extent with kernel v3.x (bnc#829622). * r8169: allow multicast packets on sub-8168f chipset (bnc#805371). * r8169: support new chips of RTL8111F (bnc#805371). * r8169: define the early size for 8111evl (bnc#805371). * r8169: fix the reset setting for 8111evl (bnc#805371). * r8169: add MODULE_FIRMWARE for the firmware of 8111evl (bnc#805371). * r8169: fix sticky accepts packet bits in RxConfig (bnc#805371). * r8169: adjust the RxConfig settings (bnc#805371). * r8169: support RTL8111E-VL (bnc#805371). * r8169: add ERI functions (bnc#805371). * r8169: modify the flow of the hw reset (bnc#805371). * r8169: adjust some registers (bnc#805371). * r8169: check firmware content sooner (bnc#805371). * r8169: support new firmware format (bnc#805371). * r8169: explicit firmware format check (bnc#805371). * r8169: move the firmware down into the device private data (bnc#805371). * mm: link_mem_sections make sure nmi watchdog does not trigger while linking memory sections (bnc#820434). * kernel: lost IPIs on CPU hotplug (bnc#825048, LTC#94784). * iwlwifi: use correct supported firmware for 6035 and 6000g2 (bnc#825887). * watchdog: Update watchdog_thresh atomically (bnc#829357). * watchdog: update watchdog_tresh properly (bnc#829357). * watchdog: watchdog-make-disable-enable-hotplug-and-preempt-save.patch (bnc#829357). * include/1/smp.h: define __smp_call_function_single for !CONFIG_SMP (bnc#829357). * lpfc: Return correct error code on bsg_timeout (bnc#816043). * dm-multipath: Drop table when retrying ioctl (bnc#808940). * scsi: Do not retry invalid function error (bnc#809122). * scsi: Always retry internal target error (bnc#745640, bnc#825227). * ibmvfc: Driver version 1.0.1 (bnc#825142). * ibmvfc: Fix for offlining devices during error recovery (bnc#825142). * ibmvfc: Properly set cancel flags when cancelling abort (bnc#825142). * ibmvfc: Send cancel when link is down (bnc#825142). * ibmvfc: Support FAST_IO_FAIL in EH handlers (bnc#825142). * ibmvfc: Suppress ABTS if target gone (bnc#825142). * fs/dcache.c: add cond_resched() to shrink_dcache_parent() (bnc#829082). * kmsg_dump: do not run on non-error paths by default (bnc#820172). * mm: honor min_free_kbytes set by user (bnc#826960). * hyperv: Fix a kernel warning from netvsc_linkstatus_callback() (bnc#828574). * RT: Fix up hardening patch to not gripe when avg > available, which lockless access makes possible and happens in -rt kernels running a cpubound ltp realtime testcase. Just keep the output sane in that case. * md/raid10: Fix two bug affecting RAID10 reshape (-). * Allow NFSv4 to run execute-only files (bnc#765523). * fs/ocfs2/namei.c: remove unecessary ERROR when removing non-empty directory (bnc#819363). * block: Reserve only one queue tag for sync IO if only 3 tags are available (bnc#806396). * drm/i915: Add wait_for in init_ring_common (bnc#813604). * drm/i915: Mark the ringbuffers as being in the GTT domain (bnc#813604). * ext4: avoid hang when mounting non-journal filesystems with orphan list (bnc#817377). * autofs4 - fix get_next_positive_subdir() (bnc#819523). * ocfs2: Add bits_wanted while calculating credits in ocfs2_calc_extend_credits (bnc#822077). * re-enable io tracing (bnc#785901). * SUNRPC: Prevent an rpc_task wakeup race (bnc#825591). * tg3: Prevent system hang during repeated EEH errors (bnc#822066). * backends: Check for insane amounts of requests on the ring. * Update Xen patches to 3.0.82. * netiucv: Hold rtnl between name allocation and device registration (bnc#824159). * drm/edid: Do not print messages regarding stereo or csync by default (bnc #821235). * net/sunrpc: xpt_auth_cache should be ignored when expired (bnc#803320). * sunrpc/cache: ensure items removed from cache do not have pending upcalls (bnc#803320). * sunrpc/cache: remove races with queuing an upcall (bnc#803320). * sunrpc/cache: use cache_fresh_unlocked consistently and correctly (bnc#803320). * md/raid10 "enough" fixes (bnc#773837). * Update config files: disable IP_PNP (bnc#822825) * Disable efi pstore by default (bnc#804482 bnc#820172). * md: Fix problem with GET_BITMAP_FILE returning wrong status (bnc#812974 bnc#823497). * USB: xHCI: override bogus bulk wMaxPacketSize values (bnc#823082). * ALSA: hda - Fix system panic when DMA > 40 bits for Nvidia audio controllers (bnc#818465). * USB: UHCI: fix for suspend of virtual HP controller (bnc#817035). * mm: mmu_notifier: re-fix freed page still mapped in secondary MMU (bnc#821052). Security Issue references: * CVE-2013-1059 * CVE-2013-1774 * CVE-2013-1819 * CVE-2013-1929 * CVE-2013-2148 * CVE-2013-2164 * CVE-2013-2232 * CVE-2013-2234 * CVE-2013-2237 * CVE-2013-2851 * CVE-2013-4162 * CVE-2013-4163 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time 11 SP2: zypper in -t patch slertesp2-kernel-8295 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version: 3.0.93.rt117]: cluster-network-kmp-rt-1.4_3.0.93_rt117_0.5-2.18.62 cluster-network-kmp-rt_trace-1.4_3.0.93_rt117_0.5-2.18.62 drbd-kmp-rt-8.4.2_3.0.93_rt117_0.5-0.6.6.53 drbd-kmp-rt_trace-8.4.2_3.0.93_rt117_0.5-0.6.6.53 iscsitarget-kmp-rt-1.4.20_3.0.93_rt117_0.5-0.25.25.1 iscsitarget-kmp-rt_trace-1.4.20_3.0.93_rt117_0.5-0.25.25.1 kernel-rt-3.0.93.rt117-0.5.1 kernel-rt-base-3.0.93.rt117-0.5.1 kernel-rt-devel-3.0.93.rt117-0.5.1 kernel-rt_trace-3.0.93.rt117-0.5.1 kernel-rt_trace-base-3.0.93.rt117-0.5.1 kernel-rt_trace-devel-3.0.93.rt117-0.5.1 kernel-source-rt-3.0.93.rt117-0.5.1 kernel-syms-rt-3.0.93.rt117-0.5.1 lttng-modules-kmp-rt-2.0.4_3.0.93_rt117_0.5-0.7.44 lttng-modules-kmp-rt_trace-2.0.4_3.0.93_rt117_0.5-0.7.44 ocfs2-kmp-rt-1.6_3.0.93_rt117_0.5-0.11.61 ocfs2-kmp-rt_trace-1.6_3.0.93_rt117_0.5-0.11.61 ofed-kmp-rt-1.5.2_3.0.93_rt117_0.5-0.28.28.33 ofed-kmp-rt_trace-1.5.2_3.0.93_rt117_0.5-0.28.28.33 References: http://support.novell.com/security/cve/CVE-2013-1059.html http://support.novell.com/security/cve/CVE-2013-1774.html http://support.novell.com/security/cve/CVE-2013-1819.html http://support.novell.com/security/cve/CVE-2013-1929.html http://support.novell.com/security/cve/CVE-2013-2148.html http://support.novell.com/security/cve/CVE-2013-2164.html http://support.novell.com/security/cve/CVE-2013-2232.html http://support.novell.com/security/cve/CVE-2013-2234.html http://support.novell.com/security/cve/CVE-2013-2237.html http://support.novell.com/security/cve/CVE-2013-2851.html http://support.novell.com/security/cve/CVE-2013-4162.html http://support.novell.com/security/cve/CVE-2013-4163.html https://bugzilla.novell.com/745640 https://bugzilla.novell.com/760407 https://bugzilla.novell.com/765523 https://bugzilla.novell.com/773006 https://bugzilla.novell.com/773255 https://bugzilla.novell.com/773837 https://bugzilla.novell.com/783475 https://bugzilla.novell.com/785901 https://bugzilla.novell.com/789010 https://bugzilla.novell.com/801427 https://bugzilla.novell.com/803320 https://bugzilla.novell.com/804482 https://bugzilla.novell.com/805371 https://bugzilla.novell.com/806396 https://bugzilla.novell.com/806976 https://bugzilla.novell.com/807471 https://bugzilla.novell.com/807502 https://bugzilla.novell.com/808940 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/812526 https://bugzilla.novell.com/812974 https://bugzilla.novell.com/813604 https://bugzilla.novell.com/813733 https://bugzilla.novell.com/814336 https://bugzilla.novell.com/815320 https://bugzilla.novell.com/816043 https://bugzilla.novell.com/817035 https://bugzilla.novell.com/817377 https://bugzilla.novell.com/818465 https://bugzilla.novell.com/819363 https://bugzilla.novell.com/819523 https://bugzilla.novell.com/820172 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/821052 https://bugzilla.novell.com/821235 https://bugzilla.novell.com/822066 https://bugzilla.novell.com/822077 https://bugzilla.novell.com/822575 https://bugzilla.novell.com/822825 https://bugzilla.novell.com/823082 https://bugzilla.novell.com/823342 https://bugzilla.novell.com/823497 https://bugzilla.novell.com/823517 https://bugzilla.novell.com/824159 https://bugzilla.novell.com/824295 https://bugzilla.novell.com/824915 https://bugzilla.novell.com/825048 https://bugzilla.novell.com/825142 https://bugzilla.novell.com/825227 https://bugzilla.novell.com/825591 https://bugzilla.novell.com/825657 https://bugzilla.novell.com/825887 https://bugzilla.novell.com/826350 https://bugzilla.novell.com/826960 https://bugzilla.novell.com/827372 https://bugzilla.novell.com/827376 https://bugzilla.novell.com/827378 https://bugzilla.novell.com/827749 https://bugzilla.novell.com/827750 https://bugzilla.novell.com/827808 https://bugzilla.novell.com/828119 https://bugzilla.novell.com/828192 https://bugzilla.novell.com/828574 https://bugzilla.novell.com/828714 https://bugzilla.novell.com/829082 https://bugzilla.novell.com/829357 https://bugzilla.novell.com/829622 https://bugzilla.novell.com/830901 https://bugzilla.novell.com/831055 https://bugzilla.novell.com/831058 https://bugzilla.novell.com/831410 https://bugzilla.novell.com/831949 http://download.novell.com/patch/finder/?keywords=5a7e4b634fc70fee57177f0dad3d8008 From sle-updates at lists.suse.com Mon Oct 7 15:04:15 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Oct 2013 23:04:15 +0200 (CEST) Subject: SUSE-SU-2013:1531-1: Security update for Real Time Linux Kernel Message-ID: <20131007210415.743FB32269@maintenance.suse.de> SUSE Security Update: Security update for Real Time Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1531-1 Rating: low References: #708296 #745640 #754690 #760407 #763968 #765523 #773006 #773255 #773837 #783475 #785901 #789010 #792991 #797090 #797727 #797909 #800875 #800907 #801341 #801427 #803320 #804482 #804609 #805371 #805740 #805804 #805945 #806396 #806976 #807471 #807502 #808015 #808136 #808647 #808837 #808855 #808940 #809122 #809130 #809220 #809463 #809617 #809895 #809975 #810098 #810210 #810722 #812274 #812281 #812332 #812526 #812974 #813604 #813733 #813922 #814336 #815256 #815320 #815356 #816043 #816065 #816403 #816451 #816892 #816925 #816971 #817035 #817339 #817377 #818047 #818053 #818064 #818154 #818371 #818465 #818497 #819018 #819195 #819295 #819363 #819519 #819523 #819610 #819655 #819789 #819979 #820172 #820183 #820434 #820569 #820738 #820948 #820982 #821052 #821070 #821235 #821560 #821799 #821802 #821859 #821930 #821980 #822052 #822066 #822077 #822080 #822164 #822225 #822340 #822431 #822575 #822579 #822722 #822825 #822878 #823082 #823191 #823223 #823342 #823386 #823517 #823597 #823795 #824159 #824256 #824295 #824568 #824915 #825037 #825048 #825142 #825227 #825591 #825657 #825696 #825887 #826186 #826350 #826960 #827271 #827372 #827376 #827378 #827749 #827750 #827930 #828087 #828119 #828192 #828265 #828574 #828714 #828886 #828914 #829001 #829082 #829357 #829539 #829622 #830346 #830478 #830766 #830822 #830901 #831055 #831058 #831410 #831422 #831424 #831438 #831623 #831949 #832318 #833073 #833097 #833148 #834116 #834647 #834742 #835175 Cross-References: CVE-2013-1059 CVE-2013-1774 CVE-2013-1819 CVE-2013-1929 CVE-2013-2094 CVE-2013-2148 CVE-2013-2164 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2850 CVE-2013-2851 CVE-2013-2852 CVE-2013-3301 CVE-2013-4162 CVE-2013-4163 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 164 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to version 3.0.93 and to fix various bugs and security issues. The following features have been added: * NFS: Now supports a "nosharetransport" option (bnc#807502, bnc#828192, FATE#315593). * ALSA: virtuoso: Xonar DSX support was added (FATE#316016). The following security issues have been fixed: * CVE-2013-2148: The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. * CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. * CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. * CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. CVE-2013-4162: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel made an incorrect function call for pending data, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. * CVE-2013-1059: net/ceph/auth_none.c in the Linux kernel allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. * CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. * CVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. * CVE-2013-4163: The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel did not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. * CVE-2013-1929: Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. * CVE-2013-1819: The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel did not validate block numbers, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. Also the following non-security bugs have been fixed: * ACPI / APEI: Force fatal AER severity when component has been reset (bnc#828886 bnc#824568). * PCI/AER: Move AER severity defines to aer.h (bnc#828886 bnc#824568). * PCI/AER: Set dev->__aer_firmware_first only for matching devices (bnc#828886 bnc#824568). * PCI/AER: Factor out HEST device type matching (bnc#828886 bnc#824568). * PCI/AER: Do not parse HEST table for non-PCIe devices (bnc#828886 bnc#824568). * PCI/AER: Reset link for devices below Root Port or Downstream Port (bnc#828886 bnc#824568). * zfcp: fix lock imbalance by reworking request queue locking (bnc#835175, LTC#96825). * qeth: Fix crash on initial MTU size change (bnc#835175, LTC#96809). * qeth: change default standard blkt settings for OSA Express (bnc#835175, LTC#96808). * x86: Add workaround to NMI iret woes (bnc#831949). * x86: Do not schedule while still in NMI context (bnc#831949). * drm/i915: no longer call drm_helper_resume_force_mode (bnc#831424,bnc#800875). * bnx2x: protect different statistics flows (bnc#814336). * bnx2x: Avoid sending multiple statistics queries (bnc#814336). * bnx2x: protect different statistics flows (bnc#814336). * ALSA: hda - Fix unbalanced runtime pm refount (bnc#834742). * xhci: directly calling _PS3 on suspend (bnc#833148). * futex: Take hugepages into account when generating futex_key. * e1000e: workaround DMA unit hang on I218 (bnc#834647). * e1000e: unexpected "Reset adapter" message when cable pulled (bnc#834647). * e1000e: 82577: workaround for link drop issue (bnc#834647). * e1000e: helper functions for accessing EMI registers (bnc#834647). * e1000e: workaround DMA unit hang on I218 (bnc#834647). * e1000e: unexpected "Reset adapter" message when cable pulled (bnc#834647). * e1000e: 82577: workaround for link drop issue (bnc#834647). * e1000e: helper functions for accessing EMI registers (bnc#834647). * Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). * printk: Add NMI ringbuffer (bnc#831949). * printk: extract ringbuffer handling from vprintk (bnc#831949). * printk: NMI safe printk (bnc#831949). * printk: Make NMI ringbuffer size independent on log_buf_len (bnc#831949). * printk: Do not call console_unlock from nmi context (bnc#831949). * printk: Do not use printk_cpu from finish_printk (bnc#831949). * zfcp: fix schedule-inside-lock in scsi_device list loops (bnc#833073, LTC#94937). * uvc: increase number of buffers (bnc#822164, bnc#805804). * drm/i915: Adding more reserved PCI IDs for Haswell (bnc#834116). * Refresh patches.xen/xen-netback-generalize (bnc#827378). * Update Xen patches to 3.0.87. * mlx4_en: Adding 40gb speed report for ethtool (bnc#831410). * drm/i915: Retry DP aux_ch communications with a different clock after failure (bnc#831422). * drm/i915: split aux_clock_divider logic in a separated function for reuse (bnc#831422). * drm/i915: dp: increase probe retries (bnc#831422). * drm/i915: Only clear write-domains after a successful wait-seqno (bnc#831422). * drm/i915: Fix write-read race with multiple rings (bnc#831422). * drm/i915: Retry DP aux_ch communications with a different clock after failure (bnc#831422). * drm/i915: split aux_clock_divider logic in a separated function for reuse (bnc#831422). * drm/i915: dp: increase probe retries (bnc#831422). * drm/i915: Only clear write-domains after a successful wait-seqno (bnc#831422). * drm/i915: Fix write-read race with multiple rings (bnc#831422). * xhci: Add xhci_disable_ports boot option (bnc#822164). * xhci: set device to D3Cold on shutdown (bnc#833097). * reiserfs: Fixed double unlock in reiserfs_setattr failure path. * reiserfs: locking, release lock around quota operations (bnc#815320). * reiserfs: locking, push write lock out of xattr code (bnc#815320). * reiserfs: locking, handle nested locks properly (bnc#815320). * reiserfs: do not lock journal_init() (bnc#815320). * reiserfs: delay reiserfs lock until journal initialization (bnc#815320). * NFS: support "nosharetransport" option (bnc#807502, bnc#828192, FATE#315593). * HID: hyperv: convert alloc+memcpy to memdup. * Drivers: hv: vmbus: Implement multi-channel support (fate#316098). * Drivers: hv: Add the GUID fot synthetic fibre channel device (fate#316098). * tools: hv: Check return value of setsockopt call. * tools: hv: Check return value of poll call. * tools: hv: Check retrun value of strchr call. * tools: hv: Fix file descriptor leaks. * tools: hv: Improve error logging in KVP daemon. * drivers: hv: switch to use mb() instead of smp_mb(). * drivers: hv: check interrupt mask before read_index. * drivers: hv: allocate synic structures before hv_synic_init(). * storvsc: Increase the value of scsi timeout for storvsc devices (fate#316098). * storvsc: Update the storage protocol to win8 level (fate#316098). * storvsc: Implement multi-channel support (fate#316098). * storvsc: Support FC devices (fate#316098). * storvsc: Increase the value of STORVSC_MAX_IO_REQUESTS (fate#316098). * hyperv: Fix the NETIF_F_SG flag setting in netvsc. * Drivers: hv: vmbus: incorrect device name is printed when child device is unregistered. * Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration (bnc#828714). * ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (bnc#831055, CVE-2013-4163). * ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (bnc#831055, CVE-2013-4163). * dm mpath: add retain_attached_hw_handler feature (bnc#760407). * scsi_dh: add scsi_dh_attached_handler_name (bnc#760407). * af_key: fix info leaks in notify messages (bnc#827749 CVE-2013-2234). * af_key: initialize satype in key_notify_policy_flush() (bnc#828119 CVE-2013-2237). * ipv6: call udp_push_pending_frames when uncorking a socket with (bnc#831058, CVE-2013-4162). * tg3: fix length overflow in VPD firmware parsing (bnc#813733 CVE-2013-1929). * xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (CVE-2013-1819 bnc#807471). * ipv6: ip6_sk_dst_check() must not assume ipv6 dst (bnc#827750, CVE-2013-2232). * dasd: fix hanging devices after path events (bnc#831623, LTC#96336). * kernel: z90crypt module load crash (bnc#831623, LTC#96214). * ata: Fix DVD not dectected at some platform with Wellsburg PCH (bnc#822225). * drm/i915: edp: add standard modes (bnc#832318). * Do not switch camera on yet more HP machines (bnc#822164). * Do not switch camera on HP EB 820 G1 (bnc#822164). * xhci: Avoid NULL pointer deref when host dies (bnc#827271). * bonding: disallow change of MAC if fail_over_mac enabled (bnc#827376). * bonding: propagate unicast lists down to slaves (bnc#773255 bnc#827372). * net/bonding: emit address change event also in bond_release (bnc#773255 bnc#827372). * bonding: emit event when bonding changes MAC (bnc#773255 bnc#827372). * usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all controllers with xhci 1.0 (bnc#797909). * xhci: fix null pointer dereference on ring_doorbell_for_active_rings (bnc#827271). * updated reference for security issue fixed inside (CVE-2013-3301 bnc#815256) * qla2xxx: Clear the MBX_INTR_WAIT flag when the mailbox time-out happens (bnc#830478). * drm/i915: initialize gt_lock early with other spin locks (bnc#801341). * drm/i915: fix up gt init sequence fallout (bnc#801341). * drm/i915: initialize gt_lock early with other spin locks (bnc#801341). * drm/i915: fix up gt init sequence fallout (bnc#801341). * timer_list: Correct the iterator for timer_list (bnc#818047). * firmware: do not spew errors in normal boot (bnc#831438, fate#314574). * ALSA: virtuoso: Xonar DSX support (FATE#316016). * SUNRPC: Ensure we release the socket write lock if the rpc_task exits early (bnc#830901). * ext4: Re-add config option Building ext4 as the ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that read-write module should be enabled. This update just defaults allow_rw to true if it is set. * e1000: fix vlan processing regression (bnc#830766). * ext4: force read-only unless rw=1 module option is used (fate#314864). * dm mpath: fix ioctl deadlock when no paths (bnc#808940). * HID: fix unused rsize usage (bnc#783475). * add reference for b43 format string flaw (bnc#822579 CVE-2013-2852) * HID: fix data access in implement() (bnc#783475). * xfs: fix deadlock in xfs_rtfree_extent with kernel v3.x (bnc#829622). * kernel: sclp console hangs (bnc#830346, LTC#95711). * Refresh patches.fixes/rtc-add-an-alarm-disable-quirk.patch. * Delete patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-the-fi rst-occurrence. It was removed from series.conf in 063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was not deleted. * Drivers: hv: balloon: Do not post pressure status if interrupted (bnc#829539). * Drivers: hv: balloon: Fix a bug in the hot-add code (bnc#829539). * drm/i915: Fix incoherence with fence updates on Sandybridge+ (bnc#809463). * drm/i915: merge {i965, sandybridge}_write_fence_reg() (bnc#809463). * drm/i915: Fix incoherence with fence updates on Sandybridge+ (bnc#809463). * drm/i915: merge {i965, sandybridge}_write_fence_reg() (bnc#809463). * Refresh patches.fixes/rtc-add-an-alarm-disable-quirk.patch. * r8169: allow multicast packets on sub-8168f chipset (bnc#805371). * r8169: support new chips of RTL8111F (bnc#805371). * r8169: define the early size for 8111evl (bnc#805371). * r8169: fix the reset setting for 8111evl (bnc#805371). * r8169: add MODULE_FIRMWARE for the firmware of 8111evl (bnc#805371). * r8169: fix sticky accepts packet bits in RxConfig (bnc#805371). * r8169: adjust the RxConfig settings (bnc#805371). * r8169: support RTL8111E-VL (bnc#805371). * r8169: add ERI functions (bnc#805371). * r8169: modify the flow of the hw reset (bnc#805371). * r8169: adjust some registers (bnc#805371). * r8169: check firmware content sooner (bnc#805371). * r8169: support new firmware format (bnc#805371). * r8169: explicit firmware format check (bnc#805371). * r8169: move the firmware down into the device private data (bnc#805371). * r8169: allow multicast packets on sub-8168f chipset (bnc#805371). * r8169: support new chips of RTL8111F (bnc#805371). * r8169: define the early size for 8111evl (bnc#805371). * r8169: fix the reset setting for 8111evl (bnc#805371). * r8169: add MODULE_FIRMWARE for the firmware of 8111evl (bnc#805371). * r8169: fix sticky accepts packet bits in RxConfig (bnc#805371). * r8169: adjust the RxConfig settings (bnc#805371). * r8169: support RTL8111E-VL (bnc#805371). * r8169: add ERI functions (bnc#805371). * r8169: modify the flow of the hw reset (bnc#805371). * r8169: adjust some registers (bnc#805371). * r8169: check firmware content sooner (bnc#805371). * r8169: support new firmware format (bnc#805371). * r8169: explicit firmware format check (bnc#805371). * r8169: move the firmware down into the device private data (bnc#805371). * patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.patch: mm: link_mem_sections make sure nmi watchdog does not trigger while linking memory sections (bnc#820434). * drm/i915: fix long-standing SNB regression in power consumption after resume v2 (bnc#801341). * RTC: Add an alarm disable quirk (bnc#805740). * drm/i915: Fix bogus hotplug warnings at resume (bnc#828087). * drm/i915: Serialize all register access (bnc#809463,bnc#812274,bnc#822878,bnc#828914). * drm/i915: Resurrect ring kicking for semaphores, selectively (bnc#828087). * drm/i915: Fix bogus hotplug warnings at resume (bnc#828087). * drm/i915: Serialize all register access (bnc#809463,bnc#812274,bnc#822878,bnc#828914). * drm/i915: Resurrect ring kicking for semaphores, selectively (bnc#828087). * drm/i915: use lower aux clock divider on non-ULT HSW (bnc#800875). * drm/i915: preserve the PBC bits of TRANS_CHICKEN2 (bnc#828087). * drm/i915: set CPT FDI RX polarity bits based on VBT (bnc#828087). * drm/i915: hsw: fix link training for eDP on port-A (bnc#800875). * drm/i915: use lower aux clock divider on non-ULT HSW (bnc#800875). * drm/i915: preserve the PBC bits of TRANS_CHICKEN2 (bnc#828087). * drm/i915: set CPT FDI RX polarity bits based on VBT (bnc#828087). * drm/i915: hsw: fix link training for eDP on port-A (bnc#800875). * patches.arch/s390-66-02-smp-ipi.patch: kernel: lost IPIs on CPU hotplug (bnc#825048, LTC#94784). * patches.fixes/iwlwifi-use-correct-supported-firmware-for-603 5-and-.patch: iwlwifi: use correct supported firmware for 6035 and 6000g2 (bnc#825887). * patches.fixes/watchdog-update-watchdog_thresh-atomically.pat ch: watchdog: Update watchdog_thresh atomically (bnc#829357). * patches.fixes/watchdog-update-watchdog_tresh-properly.patch: watchdog: update watchdog_tresh properly (bnc#829357). * patches.fixes/watchdog-make-disable-enable-hotplug-and-preem pt-save.patch: watchdog-make-disable-enable-hotplug-and-preempt-save.patch (bnc#829357). * kabi/severities: Ignore changes in drivers/hv * patches.drivers/lpfc-return-correct-error-code-on-bsg_timeou t.patch: lpfc: Return correct error code on bsg_timeout (bnc#816043). * patches.fixes/dm-drop-table-reference-on-ioctl-retry.patch: dm-multipath: Drop table when retrying ioctl (bnc#808940). * scsi: Do not retry invalid function error (bnc#809122). * patches.suse/scsi-do-not-retry-invalid-function-error.patch: scsi: Do not retry invalid function error (bnc#809122). * scsi: Always retry internal target error (bnc#745640, bnc#825227). * patches.suse/scsi-always-retry-internal-target-error.patch: scsi: Always retry internal target error (bnc#745640, bnc#825227). * patches.drivers/drm-edid-Don-t-print-messages-regarding-ster eo-or-csync-by-default.patch: Refresh: add upstream commit ID. * patches.suse/acpiphp-match-to-Bochs-dmi-data.patch: Refresh. (bnc#824915). * Refresh patches.suse/acpiphp-match-to-Bochs-dmi-data.patch (bnc#824915). * Update kabi files. * ACPI:remove panic in case hardware has changed after S4 (bnc#829001). * ibmvfc: Driver version 1.0.1 (bnc#825142). * ibmvfc: Fix for offlining devices during error recovery (bnc#825142). * ibmvfc: Properly set cancel flags when cancelling abort (bnc#825142). * ibmvfc: Send cancel when link is down (bnc#825142). * ibmvfc: Support FAST_IO_FAIL in EH handlers (bnc#825142). * ibmvfc: Suppress ABTS if target gone (bnc#825142). * fs/dcache.c: add cond_resched() to shrink_dcache_parent() (bnc#829082). * drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (bnc#824295, CVE-2013-2164). * kmsg_dump: do not run on non-error paths by default (bnc#820172). * supported.conf: mark tcm_qla2xxx as supported * mm: honor min_free_kbytes set by user (bnc#826960). * Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). * hyperv: Fix a kernel warning from netvsc_linkstatus_callback() (bnc#828574). * RT: Fix up hardening patch to not gripe when avg > available, which lockless access makes possible and happens in -rt kernels running a cpubound ltp realtime testcase. Just keep the output sane in that case. * kabi/severities: Add exception for aer_recover_queue() There should not be any user besides ghes.ko. * Fix rpm changelog * PCI / PM: restore the original behavior of pci_set_power_state() (bnc#827930). * fanotify: info leak in copy_event_to_user() (CVE-2013-2148 bnc#823517). * usb: xhci: check usb2 port capabilities before adding hw link PM support (bnc#828265). * aerdrv: Move cper_print_aer() call out of interrupt context (bnc#822052, bnc#824568). * PCI/AER: pci_get_domain_bus_and_slot() call missing required pci_dev_put() (bnc#822052, bnc#824568). * patches.fixes/block-do-not-pass-disk-names-as-format-strings .patch: block: do not pass disk names as format strings (bnc#822575 CVE-2013-2851). * powerpc: POWER8 cputable entries (bnc#824256). * libceph: Fix NULL pointer dereference in auth client code. (CVE-2013-1059, bnc#826350) * md/raid10: Fix two bug affecting RAID10 reshape. * Allow NFSv4 to run execute-only files (bnc#765523). * fs/ocfs2/namei.c: remove unecessary ERROR when removing non-empty directory (bnc#819363). * block: Reserve only one queue tag for sync IO if only 3 tags are available (bnc#806396). * btrfs: merge contigous regions when loading free space cache * btrfs: fix how we deal with the orphan block rsv. * btrfs: fix wrong check during log recovery. * btrfs: change how we indicate we are adding csums. Security Issue references: * CVE-2013-1059 * CVE-2013-1819 * CVE-2013-1929 * CVE-2013-2148 * CVE-2013-2164 * CVE-2013-2232 * CVE-2013-2234 * CVE-2013-2237 * CVE-2013-2851 * CVE-2013-2852 * CVE-2013-3301 * CVE-2013-4162 * CVE-2013-4163 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-kernel-8410 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.93.rt117]: cluster-network-kmp-rt-1.4_3.0.93_rt117_0.9-2.27.16 cluster-network-kmp-rt_trace-1.4_3.0.93_rt117_0.9-2.27.16 drbd-kmp-rt-8.4.3_3.0.93_rt117_0.9-0.19.7 drbd-kmp-rt_trace-8.4.3_3.0.93_rt117_0.9-0.19.7 iscsitarget-kmp-rt-1.4.20_3.0.93_rt117_0.9-0.38.1 iscsitarget-kmp-rt_trace-1.4.20_3.0.93_rt117_0.9-0.38.1 kernel-rt-3.0.93.rt117-0.9.1 kernel-rt-base-3.0.93.rt117-0.9.1 kernel-rt-devel-3.0.93.rt117-0.9.1 kernel-rt_trace-3.0.93.rt117-0.9.1 kernel-rt_trace-base-3.0.93.rt117-0.9.1 kernel-rt_trace-devel-3.0.93.rt117-0.9.1 kernel-source-rt-3.0.93.rt117-0.9.1 kernel-syms-rt-3.0.93.rt117-0.9.1 lttng-modules-kmp-rt-2.1.1_3.0.93_rt117_0.9-0.11.6 lttng-modules-kmp-rt_trace-2.1.1_3.0.93_rt117_0.9-0.11.6 ocfs2-kmp-rt-1.6_3.0.93_rt117_0.9-0.20.16 ocfs2-kmp-rt_trace-1.6_3.0.93_rt117_0.9-0.20.16 ofed-kmp-rt-1.5.4.1_3.0.93_rt117_0.9-0.13.7 ofed-kmp-rt_trace-1.5.4.1_3.0.93_rt117_0.9-0.13.7 References: http://support.novell.com/security/cve/CVE-2013-1059.html http://support.novell.com/security/cve/CVE-2013-1774.html http://support.novell.com/security/cve/CVE-2013-1819.html http://support.novell.com/security/cve/CVE-2013-1929.html http://support.novell.com/security/cve/CVE-2013-2094.html http://support.novell.com/security/cve/CVE-2013-2148.html http://support.novell.com/security/cve/CVE-2013-2164.html http://support.novell.com/security/cve/CVE-2013-2232.html http://support.novell.com/security/cve/CVE-2013-2234.html http://support.novell.com/security/cve/CVE-2013-2237.html http://support.novell.com/security/cve/CVE-2013-2850.html http://support.novell.com/security/cve/CVE-2013-2851.html http://support.novell.com/security/cve/CVE-2013-2852.html http://support.novell.com/security/cve/CVE-2013-3301.html http://support.novell.com/security/cve/CVE-2013-4162.html http://support.novell.com/security/cve/CVE-2013-4163.html https://bugzilla.novell.com/708296 https://bugzilla.novell.com/745640 https://bugzilla.novell.com/754690 https://bugzilla.novell.com/760407 https://bugzilla.novell.com/763968 https://bugzilla.novell.com/765523 https://bugzilla.novell.com/773006 https://bugzilla.novell.com/773255 https://bugzilla.novell.com/773837 https://bugzilla.novell.com/783475 https://bugzilla.novell.com/785901 https://bugzilla.novell.com/789010 https://bugzilla.novell.com/792991 https://bugzilla.novell.com/797090 https://bugzilla.novell.com/797727 https://bugzilla.novell.com/797909 https://bugzilla.novell.com/800875 https://bugzilla.novell.com/800907 https://bugzilla.novell.com/801341 https://bugzilla.novell.com/801427 https://bugzilla.novell.com/803320 https://bugzilla.novell.com/804482 https://bugzilla.novell.com/804609 https://bugzilla.novell.com/805371 https://bugzilla.novell.com/805740 https://bugzilla.novell.com/805804 https://bugzilla.novell.com/805945 https://bugzilla.novell.com/806396 https://bugzilla.novell.com/806976 https://bugzilla.novell.com/807471 https://bugzilla.novell.com/807502 https://bugzilla.novell.com/808015 https://bugzilla.novell.com/808136 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/808837 https://bugzilla.novell.com/808855 https://bugzilla.novell.com/808940 https://bugzilla.novell.com/809122 https://bugzilla.novell.com/809130 https://bugzilla.novell.com/809220 https://bugzilla.novell.com/809463 https://bugzilla.novell.com/809617 https://bugzilla.novell.com/809895 https://bugzilla.novell.com/809975 https://bugzilla.novell.com/810098 https://bugzilla.novell.com/810210 https://bugzilla.novell.com/810722 https://bugzilla.novell.com/812274 https://bugzilla.novell.com/812281 https://bugzilla.novell.com/812332 https://bugzilla.novell.com/812526 https://bugzilla.novell.com/812974 https://bugzilla.novell.com/813604 https://bugzilla.novell.com/813733 https://bugzilla.novell.com/813922 https://bugzilla.novell.com/814336 https://bugzilla.novell.com/815256 https://bugzilla.novell.com/815320 https://bugzilla.novell.com/815356 https://bugzilla.novell.com/816043 https://bugzilla.novell.com/816065 https://bugzilla.novell.com/816403 https://bugzilla.novell.com/816451 https://bugzilla.novell.com/816892 https://bugzilla.novell.com/816925 https://bugzilla.novell.com/816971 https://bugzilla.novell.com/817035 https://bugzilla.novell.com/817339 https://bugzilla.novell.com/817377 https://bugzilla.novell.com/818047 https://bugzilla.novell.com/818053 https://bugzilla.novell.com/818064 https://bugzilla.novell.com/818154 https://bugzilla.novell.com/818371 https://bugzilla.novell.com/818465 https://bugzilla.novell.com/818497 https://bugzilla.novell.com/819018 https://bugzilla.novell.com/819195 https://bugzilla.novell.com/819295 https://bugzilla.novell.com/819363 https://bugzilla.novell.com/819519 https://bugzilla.novell.com/819523 https://bugzilla.novell.com/819610 https://bugzilla.novell.com/819655 https://bugzilla.novell.com/819789 https://bugzilla.novell.com/819979 https://bugzilla.novell.com/820172 https://bugzilla.novell.com/820183 https://bugzilla.novell.com/820434 https://bugzilla.novell.com/820569 https://bugzilla.novell.com/820738 https://bugzilla.novell.com/820948 https://bugzilla.novell.com/820982 https://bugzilla.novell.com/821052 https://bugzilla.novell.com/821070 https://bugzilla.novell.com/821235 https://bugzilla.novell.com/821560 https://bugzilla.novell.com/821799 https://bugzilla.novell.com/821802 https://bugzilla.novell.com/821859 https://bugzilla.novell.com/821930 https://bugzilla.novell.com/821980 https://bugzilla.novell.com/822052 https://bugzilla.novell.com/822066 https://bugzilla.novell.com/822077 https://bugzilla.novell.com/822080 https://bugzilla.novell.com/822164 https://bugzilla.novell.com/822225 https://bugzilla.novell.com/822340 https://bugzilla.novell.com/822431 https://bugzilla.novell.com/822575 https://bugzilla.novell.com/822579 https://bugzilla.novell.com/822722 https://bugzilla.novell.com/822825 https://bugzilla.novell.com/822878 https://bugzilla.novell.com/823082 https://bugzilla.novell.com/823191 https://bugzilla.novell.com/823223 https://bugzilla.novell.com/823342 https://bugzilla.novell.com/823386 https://bugzilla.novell.com/823517 https://bugzilla.novell.com/823597 https://bugzilla.novell.com/823795 https://bugzilla.novell.com/824159 https://bugzilla.novell.com/824256 https://bugzilla.novell.com/824295 https://bugzilla.novell.com/824568 https://bugzilla.novell.com/824915 https://bugzilla.novell.com/825037 https://bugzilla.novell.com/825048 https://bugzilla.novell.com/825142 https://bugzilla.novell.com/825227 https://bugzilla.novell.com/825591 https://bugzilla.novell.com/825657 https://bugzilla.novell.com/825696 https://bugzilla.novell.com/825887 https://bugzilla.novell.com/826186 https://bugzilla.novell.com/826350 https://bugzilla.novell.com/826960 https://bugzilla.novell.com/827271 https://bugzilla.novell.com/827372 https://bugzilla.novell.com/827376 https://bugzilla.novell.com/827378 https://bugzilla.novell.com/827749 https://bugzilla.novell.com/827750 https://bugzilla.novell.com/827930 https://bugzilla.novell.com/828087 https://bugzilla.novell.com/828119 https://bugzilla.novell.com/828192 https://bugzilla.novell.com/828265 https://bugzilla.novell.com/828574 https://bugzilla.novell.com/828714 https://bugzilla.novell.com/828886 https://bugzilla.novell.com/828914 https://bugzilla.novell.com/829001 https://bugzilla.novell.com/829082 https://bugzilla.novell.com/829357 https://bugzilla.novell.com/829539 https://bugzilla.novell.com/829622 https://bugzilla.novell.com/830346 https://bugzilla.novell.com/830478 https://bugzilla.novell.com/830766 https://bugzilla.novell.com/830822 https://bugzilla.novell.com/830901 https://bugzilla.novell.com/831055 https://bugzilla.novell.com/831058 https://bugzilla.novell.com/831410 https://bugzilla.novell.com/831422 https://bugzilla.novell.com/831424 https://bugzilla.novell.com/831438 https://bugzilla.novell.com/831623 https://bugzilla.novell.com/831949 https://bugzilla.novell.com/832318 https://bugzilla.novell.com/833073 https://bugzilla.novell.com/833097 https://bugzilla.novell.com/833148 https://bugzilla.novell.com/834116 https://bugzilla.novell.com/834647 https://bugzilla.novell.com/834742 https://bugzilla.novell.com/835175 http://download.novell.com/patch/finder/?keywords=48c5687a9cfba9c5cbed976a2680b095 From sle-updates at lists.suse.com Tue Oct 15 09:06:15 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Oct 2013 17:06:15 +0200 (CEST) Subject: SUSE-RU-2013:1551-1: important: Recommended update for timezone Message-ID: <20131015150615.1E5123215D@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1551-1 Rating: important References: #842769 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest timezone information for your system. The changes in detail are: * Morocco now observes DST from the last Sunday in March to the last Sunday in October, not April to September respectively. * Tocantins will very likely not observe DST starting this spring * Jordan will likely stay at UTC+3 indefinitely * Palestine will fall back at 00:00, not 01:00 * This year Fiji will start DST on October 27, not October 20 * Use WIB/WITA/WIT rather than WIT/CIT/EIT for alphabetic Indonesian time zone abbreviations since 1932 * Use ART (UTC-3, standard time), rather than WARST (also UTC-3, but daylight saving time) for San Luis, Argentina since 2009. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-timezone-2013g-8418 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-timezone-2013g-8418 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-timezone-2013g-8418 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-timezone-2013g-8418 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 2013g]: timezone-java-2013g-0.4.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2013g]: timezone-2013g-0.4.4.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2013g]: timezone-java-2013g-0.4.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2013g]: timezone-2013g-0.4.4.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2013g]: timezone-java-2013g-0.4.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2013g]: timezone-2013g-0.4.4.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2013g]: timezone-java-2013g-0.4.1 References: https://bugzilla.novell.com/842769 http://download.novell.com/patch/finder/?keywords=9289bc8c8a46c0f0d373a30e9d7ed097 From sle-updates at lists.suse.com Wed Oct 16 01:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Oct 2013 09:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1551-2: important: Recommended update for timezone Message-ID: <20131016070410.02CA33208D@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1551-2 Rating: important References: #842769 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest timezone information for your system. The changes in detail are: * Morocco now observes DST from the last Sunday in March to the last Sunday in October, not April to September respectively. * Tocantins will very likely not observe DST starting this spring * Jordan will likely stay at UTC+3 indefinitely * Palestine will fall back at 00:00, not 01:00 * This year Fiji will start DST on October 27, not October 20 * Use WIB/WITA/WIT rather than WIT/CIT/EIT for alphabetic Indonesian time zone abbreviations since 1932 * Use ART (UTC-3, standard time), rather than WARST (also UTC-3, but daylight saving time) for San Luis, Argentina since 2009. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-timezone-2013g-8417 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-timezone-2013g-8417 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-timezone-2013g-8417 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-timezone-2013g-8417 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (noarch): timezone-java-2013g-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2013g]: timezone-2013g-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 2013g]: timezone-java-2013g-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2013g]: timezone-2013g-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 2013g]: timezone-java-2013g-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2013g]: timezone-2013g-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 2013g]: timezone-java-2013g-0.6.1 References: https://bugzilla.novell.com/842769 http://download.novell.com/patch/finder/?keywords=5a7ac2d672dbe5c7eae233b0f777419b From sle-updates at lists.suse.com Wed Oct 16 02:04:07 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Oct 2013 10:04:07 +0200 (CEST) Subject: SUSE-RU-2013:1553-1: Recommended update for binutils Message-ID: <20131016080407.E395232245@maintenance.suse.de> SUSE Recommended Update: Recommended update for binutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1553-1 Rating: low References: #830516 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for binutils provides the following: * Add .gnu.warning.* sections also to shared libraries. (bnc#830516) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-binutils-8293 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-binutils-8293 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-binutils-8293 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-binutils-8293 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): binutils-devel-2.23.1-0.19.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): binutils-devel-32bit-2.23.1-0.19.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 x86_64): binutils-gold-2.23.1-0.19.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): binutils-2.23.1-0.19.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): binutils-2.23.1-0.19.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): binutils-2.23.1-0.19.2 References: https://bugzilla.novell.com/830516 http://download.novell.com/patch/finder/?keywords=a65581af7e93247eb09c407c7fbefb5a From sle-updates at lists.suse.com Wed Oct 16 03:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Oct 2013 11:04:11 +0200 (CEST) Subject: SUSE-RU-2013:1554-1: moderate: Recommended update for oracleasm Message-ID: <20131016090411.4850632245@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1554-1 Rating: moderate References: #830864 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The oracleasm KMP has been rebuilt for version 3.0.82 of the Linux Kernel. There are no code changes in this update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-oracleasm-8101 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-oracleasm-8101 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): oracleasm-2.0.5-7.39.1 oracleasm-kmp-default-2.0.5_3.0.82_0.7-7.39.1 oracleasm-kmp-trace-2.0.5_3.0.82_0.7-7.39.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586): oracleasm-kmp-pae-2.0.5_3.0.82_0.7-7.39.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): oracleasm-2.0.5-7.39.1 oracleasm-kmp-default-2.0.5_3.0.82_0.7-7.39.1 oracleasm-kmp-trace-2.0.5_3.0.82_0.7-7.39.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): oracleasm-kmp-xen-2.0.5_3.0.82_0.7-7.39.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64): oracleasm-kmp-ppc64-2.0.5_3.0.82_0.7-7.39.1 - SUSE Linux Enterprise Server 11 SP3 (i586): oracleasm-kmp-pae-2.0.5_3.0.82_0.7-7.39.1 References: https://bugzilla.novell.com/830864 http://download.novell.com/patch/finder/?keywords=1b1dc9f6474325d377ecc1a84a4cda9f From sle-updates at lists.suse.com Wed Oct 16 12:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Oct 2013 20:04:11 +0200 (CEST) Subject: SUSE-RU-2013:1551-3: important: Recommended update for timezone Message-ID: <20131016180411.8105D32263@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1551-3 Rating: important References: #842769 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest timezone information for your system. The changes in detail are: * Morocco now observes DST from the last Sunday in March to the last Sunday in October, not April to September respectively. * Tocantins will very likely not observe DST starting this spring * Jordan will likely stay at UTC+3 indefinitely * Palestine will fall back at 00:00, not 01:00 * This year Fiji will start DST on October 27, not October 20 * Use WIB/WITA/WIT rather than WIT/CIT/EIT for alphabetic Indonesian time zone abbreviations since 1932 * Use ART (UTC-3, standard time), rather than WARST (also UTC-3, but daylight saving time) for San Luis, Argentina since 2009. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-timezone-2013g-8419 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-timezone-2013g-8419 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 2013g]: timezone-2013g-0.4.4.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (noarch) [New Version: 2013g]: timezone-java-2013g-0.4.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2013g]: timezone-2013g-0.4.4.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch) [New Version: 2013g]: timezone-java-2013g-0.4.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 2013g]: timezone-2013g-0.5.1 References: https://bugzilla.novell.com/842769 http://download.novell.com/patch/finder/?keywords=6b0bf9ea805e37cbf2f3d1180b654e23 http://download.novell.com/patch/finder/?keywords=d6517d868d64b166b9dcfb5804e447c7 From sle-updates at lists.suse.com Wed Oct 16 13:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Oct 2013 21:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1557-1: moderate: Recommended update for oracleasm Message-ID: <20131016190409.A2F0C32274@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1557-1 Rating: moderate References: #786189 #807812 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for oracleasm provides the following fixes: * When devices report their physical block size, oracleasm reports the wrong block size to ASM which leads to an unsuccessful mount attempt. (bnc #807812) * Ensure all pages were mapped in IO request. (bnc #786189) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-oracleasm-8099 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-oracleasm-8099 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): oracleasm-2.0.5-7.28.28.1 oracleasm-kmp-default-2.0.5_3.0.80_0.7-7.28.28.1 oracleasm-kmp-trace-2.0.5_3.0.80_0.7-7.28.28.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586): oracleasm-kmp-pae-2.0.5_3.0.80_0.7-7.28.28.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): oracleasm-2.0.5-7.28.28.1 oracleasm-kmp-default-2.0.5_3.0.80_0.7-7.28.28.1 oracleasm-kmp-trace-2.0.5_3.0.80_0.7-7.28.28.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): oracleasm-kmp-xen-2.0.5_3.0.80_0.7-7.28.28.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64): oracleasm-kmp-ppc64-2.0.5_3.0.80_0.7-7.28.28.1 - SUSE Linux Enterprise Server 11 SP2 (i586): oracleasm-kmp-pae-2.0.5_3.0.80_0.7-7.28.28.1 References: https://bugzilla.novell.com/786189 https://bugzilla.novell.com/807812 http://download.novell.com/patch/finder/?keywords=b2cd1072abbe93b24f7c916b8a6aed50 From sle-updates at lists.suse.com Thu Oct 17 17:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Oct 2013 01:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1559-1: moderate: Security update for kdelibs4 Message-ID: <20131017230411.5595732261@maintenance.suse.de> SUSE Security Update: Security update for kdelibs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1559-1 Rating: moderate References: #787520 Cross-References: CVE-2012-4512 CVE-2012-4513 CVE-2012-4515 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This kdelibs4 update fixes several security issues related to khtml/konqueror. * Fix security issues and null pointer references in khtml/konqueror (bnc#787520) (CVE-2012-4512, CVE-2012-4513, CVE-2012-4515) Security Issue references: * CVE-2012-4512 * CVE-2012-4513 * CVE-2012-4515 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-kdelibs4-8402 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-kdelibs4-8401 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kdelibs4-8402 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kdelibs4-8402 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kdelibs4-8401 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kdelibs4-8401 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kdelibs4-8402 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kdelibs4-8401 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): kdelibs4-doc-4.3.5-0.12.1 libkde4-devel-4.3.5-0.12.1 libkdecore4-devel-4.3.5-0.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): libkde4-32bit-4.3.5-0.12.1 libkdecore4-32bit-4.3.5-0.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): kdelibs4-doc-4.3.5-0.12.1 libkde4-devel-4.3.5-0.12.1 libkdecore4-devel-4.3.5-0.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64): libkde4-32bit-4.3.5-0.12.1 libkdecore4-32bit-4.3.5-0.12.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): kdelibs4-4.3.5-0.12.1 kdelibs4-core-4.3.5-0.12.1 kdelibs4-doc-4.3.5-0.12.1 libkde4-4.3.5-0.12.1 libkdecore4-4.3.5-0.12.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libkde4-32bit-4.3.5-0.12.1 libkdecore4-32bit-4.3.5-0.12.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): kdelibs4-4.3.5-0.12.1 kdelibs4-core-4.3.5-0.12.1 kdelibs4-doc-4.3.5-0.12.1 libkde4-4.3.5-0.12.1 libkdecore4-4.3.5-0.12.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libkde4-32bit-4.3.5-0.12.1 libkdecore4-32bit-4.3.5-0.12.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libkde4-x86-4.3.5-0.12.1 libkdecore4-x86-4.3.5-0.12.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): kdelibs4-4.3.5-0.12.1 kdelibs4-core-4.3.5-0.12.1 kdelibs4-doc-4.3.5-0.12.1 libkde4-4.3.5-0.12.1 libkdecore4-4.3.5-0.12.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libkde4-32bit-4.3.5-0.12.1 libkdecore4-32bit-4.3.5-0.12.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): kdelibs4-4.3.5-0.12.1 kdelibs4-core-4.3.5-0.12.1 kdelibs4-doc-4.3.5-0.12.1 libkde4-4.3.5-0.12.1 libkdecore4-4.3.5-0.12.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libkde4-32bit-4.3.5-0.12.1 libkdecore4-32bit-4.3.5-0.12.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libkde4-x86-4.3.5-0.12.1 libkdecore4-x86-4.3.5-0.12.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): kdelibs4-4.3.5-0.12.1 kdelibs4-core-4.3.5-0.12.1 libkde4-4.3.5-0.12.1 libkdecore4-4.3.5-0.12.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libkde4-32bit-4.3.5-0.12.1 libkdecore4-32bit-4.3.5-0.12.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): kdelibs4-4.3.5-0.12.1 kdelibs4-core-4.3.5-0.12.1 libkde4-4.3.5-0.12.1 libkdecore4-4.3.5-0.12.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libkde4-32bit-4.3.5-0.12.1 libkdecore4-32bit-4.3.5-0.12.1 References: http://support.novell.com/security/cve/CVE-2012-4512.html http://support.novell.com/security/cve/CVE-2012-4513.html http://support.novell.com/security/cve/CVE-2012-4515.html https://bugzilla.novell.com/787520 http://download.novell.com/patch/finder/?keywords=168ca9955c5fe460af69625ac0c58712 http://download.novell.com/patch/finder/?keywords=b68c5e75481658853e507777d8dbd188 From sle-updates at lists.suse.com Tue Oct 22 08:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Oct 2013 16:04:11 +0200 (CEST) Subject: SUSE-RU-2013:1564-1: Recommended update for rts5229 and sled11-branding-hp-bnb Message-ID: <20131022140411.B42D03236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for rts5229 and sled11-branding-hp-bnb ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1564-1 Rating: low References: #819014 Affected Products: SLED 11 HP BNB Preload SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for for rts5229 and sled11-branding-hp-bnb disables MMC in Realtek and JMicron card readers. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SLED 11 HP BNB Preload SP2: zypper in -t patch slehpbnbp2-rts5229-hpbnb-8420 To bring your system up-to-date, use "zypper patch". Package List: - SLED 11 HP BNB Preload SP2 (i586 x86_64): rts5229-kmp-default-1.07_3.0.93_0.5-0.7.11.15 - SLED 11 HP BNB Preload SP2 (noarch): sled11-branding-hp-bnb-1-0.149.149.1 - SLED 11 HP BNB Preload SP2 (i586): rts5229-kmp-pae-1.07_3.0.93_0.5-0.7.11.15 References: https://bugzilla.novell.com/819014 http://download.novell.com/patch/finder/?keywords=1d78b90f7fa4404bb14f2b747752a741 From sle-updates at lists.suse.com Tue Oct 22 10:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Oct 2013 18:04:09 +0200 (CEST) Subject: SUSE-RU-2013:1565-1: moderate: Recommended update for createrepo Message-ID: <20131022160409.E58EA32255@maintenance.suse.de> SUSE Recommended Update: Recommended update for createrepo ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1565-1 Rating: moderate References: #839169 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for createrepo fixes the unique names option and adds it also to modifyrepo. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-createrepo-8366 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-createrepo-8366 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-createrepo-8366 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch): createrepo-0.9.9-0.27.27.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): createrepo-0.9.9-0.27.27.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): createrepo-0.9.9-0.27.27.1 References: https://bugzilla.novell.com/839169 http://download.novell.com/patch/finder/?keywords=2411d52613f679d1eb40b33ef7bc4f3b From sle-updates at lists.suse.com Tue Oct 22 14:04:15 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Oct 2013 22:04:15 +0200 (CEST) Subject: SUSE-RU-2013:1566-1: Recommended update for SUSE Manager Client Tools Message-ID: <20131022200415.2DF1832251@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1566-1 Rating: low References: #838509 #839111 Affected Products: SUSE Manager Client Tools for SLE 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This collective update provides the following fixes and enhancements: osad: - Require python-xml on SLE11. (bnc#838509) spacewalk-backend-libs: - Handle bool(0) as a valid file mode. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP2: zypper in -t patch slesctsp2-client-tools-201310-8396 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP2 (i586 ia64 ppc64 s390x x86_64): spacewalk-backend-libs-1.7.38.29-0.5.1 - SUSE Manager Client Tools for SLE 11 SP2 (noarch): osad-5.10.41.9-0.5.1 References: https://bugzilla.novell.com/838509 https://bugzilla.novell.com/839111 http://download.novell.com/patch/finder/?keywords=f7210dfdfe6472c5c4ccdf4312e8eaf4 From sle-updates at lists.suse.com Tue Oct 22 14:04:19 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Oct 2013 22:04:19 +0200 (CEST) Subject: SUSE-RU-2013:1567-1: Recommended update for SUSE Manager 1.7 Message-ID: <20131022200419.6997832251@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 1.7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1567-1 Rating: low References: #793700 #794772 #810787 #814954 #823350 #823813 #835005 #835006 #836692 #838188 #838509 #838866 #839111 #839737 #840899 #841054 #841240 #842031 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has 18 recommended fixes can now be installed. It includes 6 new package versions. Description: This collective update for SUSE Manager 1.7 provides the following fixes: osad: - Require python-xml on SLE11. (bnc#838509) perl-NOCpulse-Probe: - Call ssh quiet to prevent "Permanently added key" warning. (bnc#839737) sm-client-tools: - Progress bar while registering for better user interaction. (bnc#823813) smdba: - Fixed hot-backup rolling. (bnc#814954) - RMAN errors upon a problem differentiation. (bnc#823350) spacewalk-backend: - Check if mountpoint exists and send error mail. (bnc#839111) spacewalk-java: - Use server arch instead of relying on a base channel. (bnc#841054) - Filter out product base channels with invalid arch. (bnc#841054) - CVEAuditManager: do not fail with unsynced channels. - Log exception stack traces in Taskomatic. - CVEAuditManager: Fetch ChannelArch instead of ServerArch. - Do not assume a migrated base channel exists. (bnc#841240) - Fix Systems Subscribed column on the Entitlements page. - Add missing keyword 'AS' in dist upgrade queries. (bnc#840899) - Make taskomatic max memory configurable via rhn.conf. (bnc#810787) - Clean up SSH push jobs in case of taskomatic restart. (bnc#838188) - Remember systems we are currently talking to via SSH push. (bnc#838188) - Add necessary transaction handling to fix job status. (bnc#838188) - Show the system name in the log message warning. - RhnSet concurrency fix reformulated at upstream's request. - Fix javascript "Uncaught TypeError". (bnc#836692) - Avoid a possible issue on concurrent updates to an RhnSet. susemanager-jsp_en, susemanager-manuals_en: - Update manuals for SUSE Manager 1.7. susemanager: - Return user_id as string if mgr-ncc-sync with --from-dir is used. (bnc#842031) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-suse-manager-201310-8394 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64) [New Version: 1.2.2,1.7.25 and 1.7.38.29]: smdba-1.2.2-0.12.1 spacewalk-backend-1.7.38.29-0.5.1 spacewalk-backend-app-1.7.38.29-0.5.1 spacewalk-backend-applet-1.7.38.29-0.5.1 spacewalk-backend-config-files-1.7.38.29-0.5.1 spacewalk-backend-config-files-common-1.7.38.29-0.5.1 spacewalk-backend-config-files-tool-1.7.38.29-0.5.1 spacewalk-backend-iss-1.7.38.29-0.5.1 spacewalk-backend-iss-export-1.7.38.29-0.5.1 spacewalk-backend-libs-1.7.38.29-0.5.1 spacewalk-backend-package-push-server-1.7.38.29-0.5.1 spacewalk-backend-server-1.7.38.29-0.5.1 spacewalk-backend-sql-1.7.38.29-0.5.1 spacewalk-backend-sql-oracle-1.7.38.29-0.5.1 spacewalk-backend-sql-postgresql-1.7.38.29-0.5.1 spacewalk-backend-tools-1.7.38.29-0.5.1 spacewalk-backend-xml-export-libs-1.7.38.29-0.5.1 spacewalk-backend-xmlrpc-1.7.38.29-0.5.1 spacewalk-backend-xp-1.7.38.29-0.5.1 susemanager-1.7.25-0.5.1 susemanager-tools-1.7.25-0.5.1 - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.184.15.2,1.2.2,1.7.54.28 and 5.10.41.9]: osa-dispatcher-5.10.41.9-0.5.1 perl-NOCpulse-Probe-1.184.15.2-0.5.1 perl-NOCpulse-Probe-Oracle-1.184.15.2-0.5.1 sm-client-tools-1.2.2-0.5.1 spacewalk-java-1.7.54.28-0.5.1 spacewalk-java-config-1.7.54.28-0.5.1 spacewalk-java-lib-1.7.54.28-0.5.1 spacewalk-java-oracle-1.7.54.28-0.5.1 spacewalk-java-postgresql-1.7.54.28-0.5.1 spacewalk-taskomatic-1.7.54.28-0.5.1 susemanager-client-config_en-pdf-1.7-0.19.1 susemanager-install_en-pdf-1.7-0.19.1 susemanager-jsp_en-1.7-0.19.1 susemanager-manuals_en-1.7-0.19.1 susemanager-proxy-quick_en-pdf-1.7-0.19.1 susemanager-quick_en-pdf-1.7-0.19.1 susemanager-reference_en-pdf-1.7-0.19.1 References: https://bugzilla.novell.com/793700 https://bugzilla.novell.com/794772 https://bugzilla.novell.com/810787 https://bugzilla.novell.com/814954 https://bugzilla.novell.com/823350 https://bugzilla.novell.com/823813 https://bugzilla.novell.com/835005 https://bugzilla.novell.com/835006 https://bugzilla.novell.com/836692 https://bugzilla.novell.com/838188 https://bugzilla.novell.com/838509 https://bugzilla.novell.com/838866 https://bugzilla.novell.com/839111 https://bugzilla.novell.com/839737 https://bugzilla.novell.com/840899 https://bugzilla.novell.com/841054 https://bugzilla.novell.com/841240 https://bugzilla.novell.com/842031 http://download.novell.com/patch/finder/?keywords=900ab2d78570061c170613a1b82e5e5d From sle-updates at lists.suse.com Tue Oct 22 14:04:23 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Oct 2013 22:04:23 +0200 (CEST) Subject: SUSE-RU-2013:1568-1: Recommended update for SUSE Manager Proxy 1.7 Message-ID: <20131022200423.4C54232251@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 1.7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1568-1 Rating: low References: #823813 #834899 #838509 #839111 #839737 Affected Products: SUSE Manager Proxy 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes 6 new package versions. Description: This collective update for SUSE Manager Proxy 1.7 provides the following new feature: * Add redirect for bootstrap repositories. (FATE#315138) This update fixes the following issues: osad: - Require python-xml on SLE11. (bnc#838509) perl-NOCpulse-Probe: - Call ssh quiet to prevent "Permanently added key" warning. (bnc#839737) sm-client-tools: - Progress bar while registering for better user interaction. (bnc#823813) spacewalk-backend: - Check if mountpoint exists and send error mail. (bnc#839111) spacewalk-proxy-installer: - Fix usage of answer file for configure-proxy.sh. (bnc#834899) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 1.7 for SLE 11 SP2: zypper in -t patch slemap17sp2-suse-manager-proxy-201310-8392 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 1.7 for SLE 11 SP2 (x86_64) [New Version: 1.7.38.29]: spacewalk-backend-1.7.38.29-0.5.1 spacewalk-backend-libs-1.7.38.29-0.5.1 - SUSE Manager Proxy 1.7 for SLE 11 SP2 (noarch) [New Version: 1.184.15.2,1.2.2,1.7.12.12,1.7.6.10 and 5.10.41.9]: osad-5.10.41.9-0.5.1 perl-NOCpulse-Probe-1.184.15.2-0.5.1 sm-client-tools-1.2.2-0.5.1 spacewalk-proxy-broker-1.7.12.12-0.5.1 spacewalk-proxy-common-1.7.12.12-0.5.1 spacewalk-proxy-installer-1.7.6.10-0.5.2 spacewalk-proxy-management-1.7.12.12-0.5.1 spacewalk-proxy-package-manager-1.7.12.12-0.5.1 spacewalk-proxy-redirect-1.7.12.12-0.5.1 References: https://bugzilla.novell.com/823813 https://bugzilla.novell.com/834899 https://bugzilla.novell.com/838509 https://bugzilla.novell.com/839111 https://bugzilla.novell.com/839737 http://download.novell.com/patch/finder/?keywords=d64b474958d491e5eb435436a2f38388 From sle-updates at lists.suse.com Tue Oct 22 14:04:27 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Oct 2013 22:04:27 +0200 (CEST) Subject: SUSE-RU-2013:1569-1: Recommended update for sm-ncc-sync-data Message-ID: <20131022200427.625FE32251@maintenance.suse.de> SUSE Recommended Update: Recommended update for sm-ncc-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1569-1 Rating: low References: #809722 #841138 #841139 #841143 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. It includes one version update. Description: This update adds support for the following products: * SUSE Linux Enterprise Server for SAP 11 SP3 * SUSE Linux Enterprise Point of Service 11 SP3 * SUSE Linux Enterprise Real Time 11 SP3 * SUSE Cloud 2.0 After installing this update run mgr-ncc-sync --refresh Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-sm-ncc-sync-data-8387 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.14]: sm-ncc-sync-data-1.7.14-0.5.1 References: https://bugzilla.novell.com/809722 https://bugzilla.novell.com/841138 https://bugzilla.novell.com/841139 https://bugzilla.novell.com/841143 http://download.novell.com/patch/finder/?keywords=3f5ac3416232d8b3446d51e4830260d9 From sle-updates at lists.suse.com Tue Oct 22 14:04:32 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Oct 2013 22:04:32 +0200 (CEST) Subject: SUSE-RU-2013:1570-1: Recommended update for postfix Message-ID: <20131022200432.7363232251@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1570-1 Rating: low References: #821632 #833004 #837561 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: * Automatic installation stops with error during Postfix configuration. * SuSEconfig.postfix: don't mount /proc inside chroot. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-postfix-8398 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-postfix-8398 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-postfix-8398 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-postfix-8398 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): postfix-devel-2.9.4-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): postfix-2.9.4-0.15.1 postfix-doc-2.9.4-0.15.1 postfix-mysql-2.9.4-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): postfix-2.9.4-0.15.1 postfix-doc-2.9.4-0.15.1 postfix-mysql-2.9.4-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): postfix-2.9.4-0.15.1 References: https://bugzilla.novell.com/821632 https://bugzilla.novell.com/833004 https://bugzilla.novell.com/837561 http://download.novell.com/patch/finder/?keywords=3ddc03480726faf45f7103d1203bcf07 From sle-updates at lists.suse.com Wed Oct 23 10:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Oct 2013 18:04:11 +0200 (CEST) Subject: SUSE-RU-2013:1572-1: Recommended update for python-rtslib Message-ID: <20131023160411.3F2E5323CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-rtslib ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1572-1 Rating: low References: #837519 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue: * typo in python-rtslib prevented LIO target setup for the qla2xxx driver (bnc#837519) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-rtslib-8451 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-rtslib-8451 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): python-rtslib-2.1.fb27-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-rtslib-2.1.fb27-0.9.1 References: https://bugzilla.novell.com/837519 http://download.novell.com/patch/finder/?keywords=9b4f6353825aa144b0975af36a054a29 From sle-updates at lists.suse.com Thu Oct 24 10:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Oct 2013 18:04:11 +0200 (CEST) Subject: SUSE-RU-2013:1574-1: Recommended update for iproute2 Message-ID: <20131024160411.5DA0F323C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for iproute2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1574-1 Rating: low References: #750550 #836972 #838349 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for iproute2 provides fixes for the following issues: * VF spoofchk flag support missing in iproute2 although supported by driver. (bnc#838349) * VF information not shown by "ip link". (bnc#750550, bnc#836972) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-iproute2-8345 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-iproute2-8345 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-iproute2-8345 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-iproute2-8345 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libnetlink-devel-2.6.29.1-6.35.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): iproute2-2.6.29.1-6.35.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): iproute2-2.6.29.1-6.35.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): iproute2-2.6.29.1-6.35.1 References: https://bugzilla.novell.com/750550 https://bugzilla.novell.com/836972 https://bugzilla.novell.com/838349 http://download.novell.com/patch/finder/?keywords=a535ace1701b89f43b5899299b9042f2 From sle-updates at lists.suse.com Thu Oct 24 13:04:13 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Oct 2013 21:04:13 +0200 (CEST) Subject: SUSE-RU-2013:1575-1: moderate: Recommended update for mcelog Message-ID: <20131024190413.A606B323C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for mcelog ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1575-1 Rating: moderate References: #807336 #824707 #827616 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mcelog provides the following fixes and enhancements: * Support AMD family 15 CPUs and only bail out on AMD processors of families above 15. (bnc#807336) * Fix mcelog in virtual environments that virtualize CPUs of type SandyBridge or newer, but do not support MSR calls for extended (IMC) error messages. (bnc#827616) * Add latest Haswell CPU models. (bnc#824707) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-mcelog-8449 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-mcelog-8449 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-mcelog-8449 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): mcelog-1.0.2013.01.18-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64): mcelog-1.0.2013.01.18-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): mcelog-1.0.2013.01.18-0.15.1 References: https://bugzilla.novell.com/807336 https://bugzilla.novell.com/824707 https://bugzilla.novell.com/827616 http://download.novell.com/patch/finder/?keywords=08c8158bd0a905e9f83ab87c6165e14e From sle-updates at lists.suse.com Fri Oct 25 12:04:09 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Oct 2013 20:04:09 +0200 (CEST) Subject: SUSE-SU-2013:1576-1: Security update for gpg2 Message-ID: <20131025180409.A41513236B@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1576-1 Rating: low References: #840510 #844175 Cross-References: CVE-2013-4351 CVE-2013-4402 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This GnuPG update fixes two security issues: * CVE-2013-4351: GnuPG treated no-usage-permitted keys as all-usages-permitted. * CVE-2013-4402: An infinite recursion in the compressed packet parser was fixed. Security Issue references: * CVE-2013-4351 * CVE-2013-4402 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-gpg2-8427 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-gpg2-8427 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-gpg2-8426 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-gpg2-8426 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-gpg2-8427 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-gpg2-8426 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): gpg2-2.0.9-25.33.37.1 gpg2-lang-2.0.9-25.33.37.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): gpg2-2.0.9-25.33.37.1 gpg2-lang-2.0.9-25.33.37.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): gpg2-2.0.9-25.33.37.1 gpg2-lang-2.0.9-25.33.37.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): gpg2-2.0.9-25.33.37.1 gpg2-lang-2.0.9-25.33.37.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): gpg2-2.0.9-25.33.37.1 gpg2-lang-2.0.9-25.33.37.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): gpg2-2.0.9-25.33.37.1 gpg2-lang-2.0.9-25.33.37.1 References: http://support.novell.com/security/cve/CVE-2013-4351.html http://support.novell.com/security/cve/CVE-2013-4402.html https://bugzilla.novell.com/840510 https://bugzilla.novell.com/844175 http://download.novell.com/patch/finder/?keywords=1a9216ce39dd2871a8d6e5b39203e766 http://download.novell.com/patch/finder/?keywords=62c1b5dafafed1d8aa2a8a1d3f9d2f4f From sle-updates at lists.suse.com Fri Oct 25 13:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Oct 2013 21:04:11 +0200 (CEST) Subject: SUSE-SU-2013:1577-1: moderate: Security update for gpg Message-ID: <20131025190411.93C08323BF@maintenance.suse.de> SUSE Security Update: Security update for gpg ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1577-1 Rating: moderate References: #780943 #798465 #831359 #840510 #844175 Cross-References: CVE-2012-6085 CVE-2013-4242 CVE-2013-4351 CVE-2013-4402 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This GnuPG LTSS roll-up update fixes two security issues: * CVE-2013-4351: GnuPG treated no-usage-permitted keys as all-usages-permitted. * CVE-2013-4402: An infinite recursion in the compressed packet parser was fixed. * CVE-2013-4242: GnuPG allowed local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. * CVE-2012-6085: The read_block function in g10/import.c in GnuPG 1.4.x, when importing a key, allowed remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet. We also fixed a permission issue on opening new files (bnc#780943) Security Issues: * CVE-2013-4351 * CVE-2013-4402 * CVE-2013-4242 * CVE-2012-6085 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): gpg-1.4.2-23.27.1 References: http://support.novell.com/security/cve/CVE-2012-6085.html http://support.novell.com/security/cve/CVE-2013-4242.html http://support.novell.com/security/cve/CVE-2013-4351.html http://support.novell.com/security/cve/CVE-2013-4402.html https://bugzilla.novell.com/780943 https://bugzilla.novell.com/798465 https://bugzilla.novell.com/831359 https://bugzilla.novell.com/840510 https://bugzilla.novell.com/844175 http://download.novell.com/patch/finder/?keywords=e1dc4237303f900680735301818d6d76 From sle-updates at lists.suse.com Fri Oct 25 13:04:15 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Oct 2013 21:04:15 +0200 (CEST) Subject: SUSE-SU-2013:1578-1: moderate: Security update for gpg Message-ID: <20131025190415.74E21323BF@maintenance.suse.de> SUSE Security Update: Security update for gpg ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1578-1 Rating: moderate References: #780943 #798465 #831359 #840510 #844175 Cross-References: CVE-2013-4351 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This GnuPG LTSS roll-up update fixes two security issues: * CVE-2013-4351: GnuPG treated no-usage-permitted keys as all-usages-permitted. * CVE-2013-4402: An infinite recursion in the compressed packet parser was fixed. * CVE-2013-4242: GnuPG allowed local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. * CVE-2012-6085: The read_block function in g10/import.c in GnuPG 1.4.x, when importing a key, allowed remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet. We also fixed a permission issue on opening new files (bnc#780943) Security Issues: * CVE-2013-4351 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): gpg-1.4.2-23.27.1 References: http://support.novell.com/security/cve/CVE-2013-4351.html https://bugzilla.novell.com/780943 https://bugzilla.novell.com/798465 https://bugzilla.novell.com/831359 https://bugzilla.novell.com/840510 https://bugzilla.novell.com/844175 http://download.novell.com/patch/finder/?keywords=acd92f9dee2e9699d6f15796e9111ead From sle-updates at lists.suse.com Mon Oct 28 09:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Oct 2013 16:04:10 +0100 (CET) Subject: SUSE-SU-2013:1594-1: moderate: Security update for sudo Message-ID: <20131028150410.3ED52323BA@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1594-1 Rating: moderate References: #760697 #806919 #806921 #817349 #817350 Cross-References: CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. It includes one version update. Description: This LTSS rollup update fixes the following security issues which allowed to bypass the sudo authentication: * CVE-2013-1775: sudo allowed local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. * CVE-2013-1776: sudo, when the tty_tickets option is enabled, did not properly validate the controlling terminal device, which allowed local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to a standard input, output, and error file descriptors of another terminal. * CVE-2013-2776: sudo, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, did not properly validate the controlling terminal device, which allowed local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to a standard input, output, and error file descriptors of another terminal. * CVE-2013-2777: sudo, when the tty_tickets option is enabled, did not properly validate the controlling terminal device, which allowed local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to a standard input, output, and error file descriptors of another terminal. Also a non-security bug was fixed: * set global ldap option before ldap init (bnc#760697) Security Issue references: * CVE-2013-1775 * CVE-2013-1776 * CVE-2013-2776 * CVE-2013-2777 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-sudo-8428 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-sudo-8428 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 1.7.6p2]: sudo-1.7.6p2-0.2.12.5 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 1.7.6p2]: sudo-1.7.6p2-0.2.12.5 References: http://support.novell.com/security/cve/CVE-2013-1775.html http://support.novell.com/security/cve/CVE-2013-1776.html http://support.novell.com/security/cve/CVE-2013-2776.html http://support.novell.com/security/cve/CVE-2013-2777.html https://bugzilla.novell.com/760697 https://bugzilla.novell.com/806919 https://bugzilla.novell.com/806921 https://bugzilla.novell.com/817349 https://bugzilla.novell.com/817350 http://download.novell.com/patch/finder/?keywords=66b1eced1248cd2a904f88f64ac445fc From sle-updates at lists.suse.com Mon Oct 28 09:04:14 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Oct 2013 16:04:14 +0100 (CET) Subject: SUSE-SU-2013:1595-1: moderate: Security update for sudo Message-ID: <20131028150414.6E113323BA@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1595-1 Rating: moderate References: #724490 #806919 #806921 #817349 #817350 Cross-References: CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This LTSS rollup update fixes the following security issues which allowed to bypass the sudo authentication: * CVE-2013-1775: sudo allowed local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. * CVE-2013-1776: sudo, when the tty_tickets option is enabled, did not properly validate the controlling terminal device, which allowed local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to a standard input, output, and error file descriptors of another terminal. * CVE-2013-2776: sudo, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, did not properly validate the controlling terminal device, which allowed local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to a standard input, output, and error file descriptors of another terminal. * CVE-2013-2777: sudo, when the tty_tickets option is enabled, did not properly validate the controlling terminal device, which allowed local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to a standard input, output, and error file descriptors of another terminal. Also a non-security bug was fixed: * escape string passed to ldap search (bnc#724490) Security Issue references: * CVE-2013-1775 * CVE-2013-1776 * CVE-2013-2776 * CVE-2013-2777 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): sudo-1.6.8p12-18.21.8 References: http://support.novell.com/security/cve/CVE-2013-1775.html http://support.novell.com/security/cve/CVE-2013-1776.html http://support.novell.com/security/cve/CVE-2013-2776.html http://support.novell.com/security/cve/CVE-2013-2777.html https://bugzilla.novell.com/724490 https://bugzilla.novell.com/806919 https://bugzilla.novell.com/806921 https://bugzilla.novell.com/817349 https://bugzilla.novell.com/817350 http://download.novell.com/patch/finder/?keywords=15848b3b7ae158210dabd736b67fa800 From sle-updates at lists.suse.com Mon Oct 28 21:04:11 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Oct 2013 04:04:11 +0100 (CET) Subject: SUSE-RU-2013:1598-1: moderate: Recommended update for kdump Message-ID: <20131029030411.43D8A323BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1598-1 Rating: moderate References: #833323 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kdump fixes the following issue: * #833323: kernel dump output storing over SSH does not work Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kdump-8466 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kdump-8466 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kdump-8466 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): kdump-0.8.4-0.37.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): kdump-0.8.4-0.37.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): kdump-0.8.4-0.37.1 References: https://bugzilla.novell.com/833323 http://download.novell.com/patch/finder/?keywords=d7674f7a905fa68b3d3db26217ae6270 From sle-updates at lists.suse.com Tue Oct 29 11:04:07 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Oct 2013 18:04:07 +0100 (CET) Subject: SUSE-RU-2013:1601-1: Recommended update for elilo Message-ID: <20131029170407.8BB5C323C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for elilo ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1601-1 Rating: low References: #825932 #828835 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update contains the following changes in elilo: * SecureBoot: cope with separate '/boot' file-system. (bnc#825932) * SecureBoot: improve detection of file-system UUIDs. (bnc#828835) * Correctly handle installation to 'BOOT'. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-elilo-8240 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-elilo-8240 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-elilo-8240 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): elilo-3.14-0.32.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 x86_64): elilo-3.14-0.32.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): elilo-3.14-0.32.1 References: https://bugzilla.novell.com/825932 https://bugzilla.novell.com/828835 http://download.novell.com/patch/finder/?keywords=529f5564e1a9a4d77aad1de2d3d882ba From sle-updates at lists.suse.com Tue Oct 29 15:04:16 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Oct 2013 22:04:16 +0100 (CET) Subject: SUSE-RU-2013:1603-1: moderate: Recommended update for sle-slms-manual_en Message-ID: <20131029210416.6A7603236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-slms-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1603-1 Rating: moderate References: #821955 #829491 Affected Products: SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides the latest version of SLMS manual in English. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-slms-manual-201309-8321 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Lifecycle Management Server 1.3 (noarch): sle-slms-manual_en-1.3-0.17.1 sle-slms-manual_en-pdf-1.3-0.17.1 References: https://bugzilla.novell.com/821955 https://bugzilla.novell.com/829491 http://download.novell.com/patch/finder/?keywords=197b7744ea95cb1e8a77d260c715d945 From sle-updates at lists.suse.com Tue Oct 29 15:04:20 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Oct 2013 22:04:20 +0100 (CET) Subject: SUSE-RU-2013:1604-1: moderate: Recommended update for SLMS Message-ID: <20131029210420.6DC073236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLMS ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1604-1 Rating: moderate References: #834454 Affected Products: SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for SLMS enables support for s390x appliances. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-slms-8224 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Lifecycle Management Server 1.3 (noarch) [New Version: 1.3.5]: slms-1.3.5-0.5.1 slms-core-1.3.5-0.5.1 slms-customer-center-1.3.5-0.5.1 slms-devel-doc-1.3.5-0.5.1 slms-external-1.3.5-0.5.1 slms-registration-1.3.5-0.5.1 slms-testsuite-1.3.5-0.5.1 References: https://bugzilla.novell.com/834454 http://download.novell.com/patch/finder/?keywords=a4fc404cf1b75d76ebfcc7be9ea46ea2 From sle-updates at lists.suse.com Tue Oct 29 15:04:26 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Oct 2013 22:04:26 +0100 (CET) Subject: SUSE-RU-2013:1605-1: moderate: Recommended update for SUSE Studio Message-ID: <20131029210426.9DEFB3236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Studio ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1605-1 Rating: moderate References: #714202 #778843 #824309 #825307 #829651 #832624 #834997 #835195 #835623 #837237 #839665 Affected Products: SUSE Studio Extension for System z 1.3 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. It includes one version update. Description: This update provides SUSE Studio 1.3.5, including many improvements and bug fixes. The changes in detail are: * #829651: "repository and template setup failed" during installation * #824309: when removing or reinstalling AddOn, sudoers file might get corrupted * #778843: create server.cert files (x86 and s390) * #835195: apache is not restarted after deinstallation of susestudio-runner * #714202: s390x runner - add firewall rule for runner * #835623: /usr/lib64/apache2/mod_passenger.so is not owned by any package * #834997: empty file downloads from Testdrive's Modified Files of s390 runner * #825307: can't remove conflicting package through the warning baloon * #832624: missing SP1 WebYaST repos from SMT server blocks adding of SLE 11 SP1 templates * #837237: unban does not work Selected Software list * #839665: s390 deployed appliance does not get updates from SLMS. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Extension for System z 1.3: zypper in -t patch slestso13-susestudio-135-201309-8327 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Extension for System z 1.3 (s390x) [New Version: 1.3.5]: susestudio-common-1.3.5-0.17.1 susestudio-runner-1.3.5-0.17.1 susestudio-ui-server-1.3.5-0.17.1 References: https://bugzilla.novell.com/714202 https://bugzilla.novell.com/778843 https://bugzilla.novell.com/824309 https://bugzilla.novell.com/825307 https://bugzilla.novell.com/829651 https://bugzilla.novell.com/832624 https://bugzilla.novell.com/834997 https://bugzilla.novell.com/835195 https://bugzilla.novell.com/835623 https://bugzilla.novell.com/837237 https://bugzilla.novell.com/839665 http://download.novell.com/patch/finder/?keywords=b1ddbc0ec246230e82e98550fd294f7b From sle-updates at lists.suse.com Tue Oct 29 15:04:30 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Oct 2013 22:04:30 +0100 (CET) Subject: SUSE-RU-2013:1606-1: moderate: Recommended update for SUSE Studio Message-ID: <20131029210430.490333236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Studio ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1606-1 Rating: moderate References: #714202 #778843 #813216 #824309 #824411 #825307 #829651 #832624 #834997 #835195 #835623 #837237 #839665 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. It includes one version update. Description: This update provides SUSE Studio 1.3.5, including many improvements and bug fixes. The changes in detail are: * #829651: "repository and template setup failed" during installation * #824309: when removing or reinstalling AddOn, sudoers file might get corrupted * #778843: create server.cert files (x86 and s390) * #835195: apache is not restarted after deinstallation of susestudio-runner * #714202: s390x runner - add firewall rule for runner * #835623: /usr/lib64/apache2/mod_passenger.so is not owned by any package * #834997: empty file downloads from Testdrive's Modified Files of s390 runner * #825307: can't remove conflicting package through the warning baloon * #832624: missing SP1 WebYaST repos from SMT server blocks adding of SLE 11 SP1 templates * #837237: unban does not work Selected Software list * #813216: upgrade of kernel on appliance causes 6 new entries in menu.lst * #824411: document that Containment_SLE_11_SP1 is also used for SLE 11-SP2 * #839665: s390 deployed appliance does not get updates from SLMS. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-135-201309-8325 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.5]: susestudio-1.3.5-0.17.1 susestudio-bundled-packages-1.3.5-0.17.1 susestudio-common-1.3.5-0.17.1 susestudio-runner-1.3.5-0.17.1 susestudio-sid-1.3.5-0.17.1 susestudio-ui-server-1.3.5-0.17.1 - SUSE Studio Onsite 1.3 (noarch): Containment-Studio-SLE11_SP1-4.85.108-20130919140917 References: https://bugzilla.novell.com/714202 https://bugzilla.novell.com/778843 https://bugzilla.novell.com/813216 https://bugzilla.novell.com/824309 https://bugzilla.novell.com/824411 https://bugzilla.novell.com/825307 https://bugzilla.novell.com/829651 https://bugzilla.novell.com/832624 https://bugzilla.novell.com/834997 https://bugzilla.novell.com/835195 https://bugzilla.novell.com/835623 https://bugzilla.novell.com/837237 https://bugzilla.novell.com/839665 http://download.novell.com/patch/finder/?keywords=958ddc921a8898fc6e08fa7a5ccb4079 From sle-updates at lists.suse.com Tue Oct 29 15:04:34 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Oct 2013 22:04:34 +0100 (CET) Subject: SUSE-RU-2013:1607-1: moderate: Recommended update for studiorunner-onsite-config Message-ID: <20131029210434.66ED23236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for studiorunner-onsite-config ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1607-1 Rating: moderate References: #714202 #824309 Affected Products: SUSE Studio Extension for System z 1.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for studiorunner-onsite-config provides the following fixes: * When removing or reinstalling the AddOn, sudoers might get broken: own the /etc/sudoers.studio file so that it will be removed together with the package. (bnc#824309) * Change ownership of susestudio-runner-firewall to ensure the firewall rule is removed together with the package. (bnc#714202) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Extension for System z 1.3: zypper in -t patch slestso13-studiorunner-onsite-config-8316 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Extension for System z 1.3 (s390x): studiorunner-onsite-config-1.3-0.20.1 References: https://bugzilla.novell.com/714202 https://bugzilla.novell.com/824309 http://download.novell.com/patch/finder/?keywords=687ef40ac1da26fae3d336438fd9fc25 From sle-updates at lists.suse.com Tue Oct 29 15:04:38 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Oct 2013 22:04:38 +0100 (CET) Subject: SUSE-RU-2013:1608-1: moderate: Recommended update for studio-help Message-ID: <20131029210438.2D1823236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for studio-help ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1608-1 Rating: moderate References: #808377 #808381 #829517 #843270 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. It includes one version update. Description: This update provides the latest version of SUSE Studio Onsite documentation. The changes in detail are: * #829517: document new behavior of the network function "Configure network during first boot" * #829517: fix html parser error * #808381: fix outdated image types list in API documentation * #808377: qcow2 is not mentioned in User Guide * #843270: remove extra files from source tarball. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-studio-help-8407 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (noarch) [New Version: 1.3.14]: studio-help-1.3.14-0.5.1 References: https://bugzilla.novell.com/808377 https://bugzilla.novell.com/808381 https://bugzilla.novell.com/829517 https://bugzilla.novell.com/843270 http://download.novell.com/patch/finder/?keywords=d92b9888cd8a6e0669d6a080406dab24 From sle-updates at lists.suse.com Wed Oct 30 11:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Oct 2013 18:04:10 +0100 (CET) Subject: SUSE-YU-2013:1408-2: important: YOU update for libzypp Message-ID: <20131030170410.9F0A332261@maintenance.suse.de> SUSE YOU Update: YOU update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-YU-2013:1408-2 Rating: important References: #828672 Affected Products: SUSE Manager Client Tools for SLE 11 SP1 SLE CLIENT TOOLS 10 for x86_64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for ia64 SLE CLIENT TOOLS 10 for PPC SLE CLIENT TOOLS 10 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libzypp did not handle multiple gpg pubkeys in the repomd.xml.key and content.key consistently and secure. Attackers could have exploited this to add their own keys and pretend it's from SUSE. Security Issue reference: * CVE-2013-3704 Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this SUSE YOU Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP1: zypper in -t patch slesctsp1-libzypp-8360 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP1 (i586 ia64 ppc64 s390x x86_64): libzypp-6.39.0-0.3.1 - SLE CLIENT TOOLS 10 for x86_64 (x86_64): libzypp-6.39.0-0.5.1 - SLE CLIENT TOOLS 10 for s390x (s390x): libzypp-6.39.0-0.5.1 - SLE CLIENT TOOLS 10 for ia64 (ia64): libzypp-6.39.0-0.5.1 - SLE CLIENT TOOLS 10 for PPC (ppc): libzypp-6.39.0-0.5.1 - SLE CLIENT TOOLS 10 (i586): libzypp-6.39.0-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3704.html https://bugzilla.novell.com/828672 http://download.novell.com/patch/finder/?keywords=1580d4919b3e80f746b6ed3158079edf http://download.novell.com/patch/finder/?keywords=69da9fdb4651190f06fc1b3973aaf523 From sle-updates at lists.suse.com Wed Oct 30 12:04:38 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Oct 2013 19:04:38 +0100 (CET) Subject: SUSE-RU-2013:1615-1: moderate: Recommended update for microcode_ctl Message-ID: <20131030180438.259643236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1615-1 Rating: moderate References: #841723 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Intel's CPU microcode version 20130906. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-microcode_ctl-8414 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-microcode_ctl-8414 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-microcode_ctl-8413 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-microcode_ctl-8413 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-microcode_ctl-8415 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-microcode_ctl-8415 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-microcode_ctl-8414 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-microcode_ctl-8413 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): microcode_ctl-1.17-102.68.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): microcode_ctl-1.17-102.68.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): microcode_ctl-1.17-102.57.62.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64): microcode_ctl-1.17-102.57.62.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64): microcode_ctl-1.17-102.57.62.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64): microcode_ctl-1.17-102.57.62.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): microcode_ctl-1.17-102.68.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): microcode_ctl-1.17-102.57.62.1 References: https://bugzilla.novell.com/841723 http://download.novell.com/patch/finder/?keywords=57b30794bc8e71b20ed97e4e8a4d271c http://download.novell.com/patch/finder/?keywords=82faa1bc5faab5ec33bdf36c10951c19 http://download.novell.com/patch/finder/?keywords=d0ed3dc459928bb4171df106ae602760 From sle-updates at lists.suse.com Thu Oct 31 13:04:10 2013 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 31 Oct 2013 20:04:10 +0100 (CET) Subject: SUSE-SU-2013:1618-1: moderate: Security update for Python Message-ID: <20131031190410.9823A323C6@maintenance.suse.de> SUSE Security Update: Security update for Python ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1618-1 Rating: moderate References: #834601 Cross-References: CVE-2013-4238 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This python update fixes a certificate hostname issue. * bnc#834601: CVE-2013-4238: python: SSL module does not handle certificates that contain hostnames with NULL bytes Security Issue reference: * CVE-2013-4238 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-201310-8405 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-python-201310-8404 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-201310-8405 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-201310-8405 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-python-201310-8404 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-python-201310-8404 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-201310-8405 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-python-201310-8404 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-devel-2.6.8-0.23.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): python-demo-2.6.8-0.23.1 python-gdbm-2.6.8-0.23.1 python-idle-2.6.8-0.23.1 python-tk-2.6.8-0.23.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): python-32bit-2.6.8-0.23.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.8]: python-devel-2.6.8-0.23.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 2.6.8]: python-demo-2.6.8-0.23.1 python-gdbm-2.6.8-0.23.1 python-idle-2.6.8-0.23.1 python-tk-2.6.8-0.23.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (x86_64) [New Version: 2.6.8]: python-32bit-2.6.8-0.23.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libpython2_6-1_0-2.6.8-0.23.1 python-2.6.8-0.23.1 python-base-2.6.8-0.23.1 python-curses-2.6.8-0.23.1 python-demo-2.6.8-0.23.1 python-gdbm-2.6.8-0.23.1 python-idle-2.6.8-0.23.1 python-tk-2.6.8-0.23.1 python-xml-2.6.8-0.23.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libpython2_6-1_0-32bit-2.6.8-0.23.1 python-32bit-2.6.8-0.23.1 python-base-32bit-2.6.8-0.23.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpython2_6-1_0-2.6.8-0.23.1 python-2.6.8-0.23.1 python-base-2.6.8-0.23.1 python-curses-2.6.8-0.23.1 python-demo-2.6.8-0.23.1 python-gdbm-2.6.8-0.23.1 python-idle-2.6.8-0.23.1 python-tk-2.6.8-0.23.1 python-xml-2.6.8-0.23.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libpython2_6-1_0-32bit-2.6.8-0.23.1 python-32bit-2.6.8-0.23.1 python-base-32bit-2.6.8-0.23.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libpython2_6-1_0-x86-2.6.8-0.23.1 python-base-x86-2.6.8-0.23.1 python-x86-2.6.8-0.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2.6.8]: libpython2_6-1_0-2.6.8-0.23.1 python-2.6.8-0.23.1 python-base-2.6.8-0.23.1 python-curses-2.6.8-0.23.1 python-demo-2.6.8-0.23.1 python-gdbm-2.6.8-0.23.1 python-idle-2.6.8-0.23.1 python-tk-2.6.8-0.23.1 python-xml-2.6.8-0.23.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 2.6.8]: libpython2_6-1_0-32bit-2.6.8-0.23.1 python-32bit-2.6.8-0.23.1 python-base-32bit-2.6.8-0.23.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.8]: libpython2_6-1_0-2.6.8-0.23.1 python-2.6.8-0.23.1 python-base-2.6.8-0.23.1 python-curses-2.6.8-0.23.1 python-demo-2.6.8-0.23.1 python-gdbm-2.6.8-0.23.1 python-idle-2.6.8-0.23.1 python-tk-2.6.8-0.23.1 python-xml-2.6.8-0.23.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 2.6.8]: libpython2_6-1_0-32bit-2.6.8-0.23.1 python-32bit-2.6.8-0.23.1 python-base-32bit-2.6.8-0.23.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 2.6.8]: libpython2_6-1_0-x86-2.6.8-0.23.1 python-base-x86-2.6.8-0.23.1 python-x86-2.6.8-0.23.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libpython2_6-1_0-2.6.8-0.23.1 python-2.6.8-0.23.1 python-base-2.6.8-0.23.1 python-curses-2.6.8-0.23.1 python-devel-2.6.8-0.23.1 python-tk-2.6.8-0.23.1 python-xml-2.6.8-0.23.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libpython2_6-1_0-32bit-2.6.8-0.23.1 python-base-32bit-2.6.8-0.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.6.8]: libpython2_6-1_0-2.6.8-0.23.1 python-2.6.8-0.23.1 python-base-2.6.8-0.23.1 python-curses-2.6.8-0.23.1 python-devel-2.6.8-0.23.1 python-tk-2.6.8-0.23.1 python-xml-2.6.8-0.23.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 2.6.8]: libpython2_6-1_0-32bit-2.6.8-0.23.1 python-base-32bit-2.6.8-0.23.1 References: http://support.novell.com/security/cve/CVE-2013-4238.html https://bugzilla.novell.com/834601 http://download.novell.com/patch/finder/?keywords=44f8e36da143c92e1f5805dabcf91e30 http://download.novell.com/patch/finder/?keywords=776be407908387f0e13fc5cac4dcdec5