From sle-updates at lists.suse.com Mon Dec 1 17:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Dec 2014 01:04:43 +0100 (CET) Subject: SUSE-RU-2014:1275-7: Recommended update for openstack-ceilometer Message-ID: <20141202000443.B24D232291@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-ceilometer ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1275-7 Rating: low References: #897815 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for openstack-ceilometer provides stability fixes from the upstream OpenStack project: * Fix listener for update.start notifications * Fix a response header bug in the error middleware * Updated from global requirements * Fix statistics query in postgres Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-ceilometer-1114-9985 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev4.g6b6f260]: openstack-ceilometer-2014.1.4.dev4.g6b6f260-0.7.1 openstack-ceilometer-agent-central-2014.1.4.dev4.g6b6f260-0.7.1 openstack-ceilometer-agent-compute-2014.1.4.dev4.g6b6f260-0.7.1 openstack-ceilometer-agent-notification-2014.1.4.dev4.g6b6f260-0.7.1 openstack-ceilometer-alarm-evaluator-2014.1.4.dev4.g6b6f260-0.7.1 openstack-ceilometer-alarm-notifier-2014.1.4.dev4.g6b6f260-0.7.1 openstack-ceilometer-api-2014.1.4.dev4.g6b6f260-0.7.1 openstack-ceilometer-collector-2014.1.4.dev4.g6b6f260-0.7.1 python-ceilometer-2014.1.4.dev4.g6b6f260-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev4.g6b6f260]: openstack-ceilometer-doc-2014.1.4.dev4.g6b6f260-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=897815 http://download.suse.com/patch/finder/?keywords=7ab7399fb670e86a41fb979fa8bc2b52 From sle-updates at lists.suse.com Tue Dec 2 08:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Dec 2014 16:04:43 +0100 (CET) Subject: SUSE-RU-2014:1540-1: Initial Live Patch Message-ID: <20141202150443.2486632337@maintenance.suse.de> SUSE Recommended Update: Initial Live Patch ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1540-1 Rating: low References: Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: Initial live patch for kernel-3.12.32-25. Contains only patch for uname syscall and no bugfixes yet. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2014-89 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_32-25-default-1-2.7 kgraft-patch-3_12_32-25-xen-1-2.7 References: From sle-updates at lists.suse.com Tue Dec 2 10:04:42 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Dec 2014 18:04:42 +0100 (CET) Subject: SUSE-SU-2014:1541-1: moderate: Security update for java-1_6_0-ibm Message-ID: <20141202170442.27D1C32337@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1541-1 Rating: moderate References: #901223 #901239 #904889 Cross-References: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: java-1_6_0-ibm was updated to version 1.6.0_sr16.2 to fix 18 security issues. These security issues were fixed: - Unspecified vulnerability in Oracle Java SE 6u81 (CVE-2014-3065). - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). Further information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nove mber_2014 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2014-93 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.2-8.1 java-1_6_0-ibm-fonts-1.6.0_sr16.2-8.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.2-8.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.2-8.1 References: http://support.novell.com/security/cve/CVE-2014-3065.html http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-4288.html http://support.novell.com/security/cve/CVE-2014-6457.html http://support.novell.com/security/cve/CVE-2014-6458.html http://support.novell.com/security/cve/CVE-2014-6466.html http://support.novell.com/security/cve/CVE-2014-6492.html http://support.novell.com/security/cve/CVE-2014-6493.html http://support.novell.com/security/cve/CVE-2014-6502.html http://support.novell.com/security/cve/CVE-2014-6503.html http://support.novell.com/security/cve/CVE-2014-6506.html http://support.novell.com/security/cve/CVE-2014-6511.html http://support.novell.com/security/cve/CVE-2014-6512.html http://support.novell.com/security/cve/CVE-2014-6513.html http://support.novell.com/security/cve/CVE-2014-6515.html http://support.novell.com/security/cve/CVE-2014-6531.html http://support.novell.com/security/cve/CVE-2014-6532.html http://support.novell.com/security/cve/CVE-2014-6558.html https://bugzilla.suse.com/show_bug.cgi?id=901223 https://bugzilla.suse.com/show_bug.cgi?id=901239 https://bugzilla.suse.com/show_bug.cgi?id=904889 From sle-updates at lists.suse.com Tue Dec 2 10:05:17 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Dec 2014 18:05:17 +0100 (CET) Subject: SUSE-SU-2014:1542-1: moderate: Security update for flash-player Message-ID: <20141202170517.E718332339@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1542-1 Rating: moderate References: #907257 Cross-References: CVE-2014-8439 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: flash-player was updated to fix one security issue. This security issue was fixed: - Hardening against a code execution flaw (CVE-2014-8439). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-91 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-91 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.424-15.1 flash-player-gnome-11.2.202.424-15.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.424-15.1 flash-player-gnome-11.2.202.424-15.1 References: http://support.novell.com/security/cve/CVE-2014-8439.html https://bugzilla.suse.com/show_bug.cgi?id=907257 From sle-updates at lists.suse.com Tue Dec 2 11:04:39 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Dec 2014 19:04:39 +0100 (CET) Subject: SUSE-SU-2014:1526-2: important: Security update for IBM Java Message-ID: <20141202180439.ED66932337@maintenance.suse.de> SUSE Security Update: Security update for IBM Java ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1526-2 Rating: important References: #904889 Cross-References: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: java-1_6_0-ibm has been updated to version 1.6.0_sr16.2 to fix 18 security issues. These security issues have been fixed: * Unspecified vulnerability in Oracle Java SE 6u81 (CVE-2014-3065). * The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). * Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). * Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_Nove mber_2014 Security Issues: * CVE-2014-3065 * CVE-2014-3566 * CVE-2014-6506 * CVE-2014-6511 * CVE-2014-6531 * CVE-2014-6512 * CVE-2014-6457 * CVE-2014-6502 * CVE-2014-6558 * CVE-2014-6513 * CVE-2014-6503 * CVE-2014-4288 * CVE-2014-6493 * CVE-2014-6532 * CVE-2014-6492 * CVE-2014-6458 * CVE-2014-6466 * CVE-2014-6515 * CVE-2014-6456 * CVE-2014-6476 * CVE-2014-6527 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-java-1_6_0-ibm-9994 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): java-1_6_0-ibm-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-devel-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.2-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr16.2-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-3065.html http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-4288.html http://support.novell.com/security/cve/CVE-2014-6456.html http://support.novell.com/security/cve/CVE-2014-6457.html http://support.novell.com/security/cve/CVE-2014-6458.html http://support.novell.com/security/cve/CVE-2014-6466.html http://support.novell.com/security/cve/CVE-2014-6476.html http://support.novell.com/security/cve/CVE-2014-6492.html http://support.novell.com/security/cve/CVE-2014-6493.html http://support.novell.com/security/cve/CVE-2014-6502.html http://support.novell.com/security/cve/CVE-2014-6503.html http://support.novell.com/security/cve/CVE-2014-6506.html http://support.novell.com/security/cve/CVE-2014-6511.html http://support.novell.com/security/cve/CVE-2014-6512.html http://support.novell.com/security/cve/CVE-2014-6513.html http://support.novell.com/security/cve/CVE-2014-6515.html http://support.novell.com/security/cve/CVE-2014-6527.html http://support.novell.com/security/cve/CVE-2014-6531.html http://support.novell.com/security/cve/CVE-2014-6532.html http://support.novell.com/security/cve/CVE-2014-6558.html https://bugzilla.suse.com/show_bug.cgi?id=904889 http://download.suse.com/patch/finder/?keywords=556fa23b5756de780c455b083e882ed7 From sle-updates at lists.suse.com Tue Dec 2 11:04:54 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Dec 2014 19:04:54 +0100 (CET) Subject: SUSE-SU-2014:1544-1: moderate: Security update for LibreOffice Message-ID: <20141202180454.B6E8132339@maintenance.suse.de> SUSE Security Update: Security update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1544-1 Rating: moderate References: #900214 #900218 Cross-References: CVE-2014-3693 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: LibreOffice was updated to fix two security issues. These security issues have been fixed: * "Document as E-mail" vulnerability (bnc#900218). * Impress remote control use-after-free vulnerability (CVE-2014-3693). Security Issues: * CVE-2014-3693 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libreoffice-2014-11-19-10001 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libreoffice-2014-11-19-10001 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]: libreoffice-4.0.3.3.26-0.10.2 libreoffice-base-4.0.3.3.26-0.10.2 libreoffice-base-drivers-postgresql-4.0.3.3.26-0.10.2 libreoffice-base-extensions-4.0.3.3.26-0.10.2 libreoffice-calc-4.0.3.3.26-0.10.2 libreoffice-calc-extensions-4.0.3.3.26-0.10.2 libreoffice-draw-4.0.3.3.26-0.10.2 libreoffice-draw-extensions-4.0.3.3.26-0.10.2 libreoffice-filters-optional-4.0.3.3.26-0.10.2 libreoffice-gnome-4.0.3.3.26-0.10.2 libreoffice-impress-4.0.3.3.26-0.10.2 libreoffice-impress-extensions-4.0.3.3.26-0.10.2 libreoffice-kde-4.0.3.3.26-0.10.2 libreoffice-kde4-4.0.3.3.26-0.10.2 libreoffice-l10n-prebuilt-4.0.3.3.26-0.10.2 libreoffice-mailmerge-4.0.3.3.26-0.10.2 libreoffice-math-4.0.3.3.26-0.10.2 libreoffice-mono-4.0.3.3.26-0.10.2 libreoffice-officebean-4.0.3.3.26-0.10.2 libreoffice-pyuno-4.0.3.3.26-0.10.2 libreoffice-sdk-4.0.3.3.26-0.10.2 libreoffice-writer-4.0.3.3.26-0.10.2 libreoffice-writer-extensions-4.0.3.3.26-0.10.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 4.0.3.3.26]: libreoffice-branding-upstream-4.0.3.3.26-0.10.1 libreoffice-help-cs-4.0.3.3.26-0.10.2 libreoffice-help-da-4.0.3.3.26-0.10.2 libreoffice-help-de-4.0.3.3.26-0.10.2 libreoffice-help-en-GB-4.0.3.3.26-0.10.2 libreoffice-help-en-US-4.0.3.3.26-0.10.2 libreoffice-help-es-4.0.3.3.26-0.10.2 libreoffice-help-fr-4.0.3.3.26-0.10.2 libreoffice-help-gu-IN-4.0.3.3.26-0.10.2 libreoffice-help-hi-IN-4.0.3.3.26-0.10.2 libreoffice-help-hu-4.0.3.3.26-0.10.2 libreoffice-help-it-4.0.3.3.26-0.10.2 libreoffice-help-ja-4.0.3.3.26-0.10.2 libreoffice-help-ko-4.0.3.3.26-0.10.2 libreoffice-help-nl-4.0.3.3.26-0.10.2 libreoffice-help-pl-4.0.3.3.26-0.10.2 libreoffice-help-pt-4.0.3.3.26-0.10.2 libreoffice-help-pt-BR-4.0.3.3.26-0.10.2 libreoffice-help-ru-4.0.3.3.26-0.10.2 libreoffice-help-sv-4.0.3.3.26-0.10.2 libreoffice-help-zh-CN-4.0.3.3.26-0.10.2 libreoffice-help-zh-TW-4.0.3.3.26-0.10.2 libreoffice-icon-themes-4.0.3.3.26-0.10.1 libreoffice-l10n-af-4.0.3.3.26-0.10.1 libreoffice-l10n-ar-4.0.3.3.26-0.10.1 libreoffice-l10n-ca-4.0.3.3.26-0.10.1 libreoffice-l10n-cs-4.0.3.3.26-0.10.1 libreoffice-l10n-da-4.0.3.3.26-0.10.1 libreoffice-l10n-de-4.0.3.3.26-0.10.1 libreoffice-l10n-el-4.0.3.3.26-0.10.1 libreoffice-l10n-en-GB-4.0.3.3.26-0.10.1 libreoffice-l10n-es-4.0.3.3.26-0.10.1 libreoffice-l10n-fi-4.0.3.3.26-0.10.1 libreoffice-l10n-fr-4.0.3.3.26-0.10.1 libreoffice-l10n-gu-IN-4.0.3.3.26-0.10.1 libreoffice-l10n-hi-IN-4.0.3.3.26-0.10.1 libreoffice-l10n-hu-4.0.3.3.26-0.10.1 libreoffice-l10n-it-4.0.3.3.26-0.10.1 libreoffice-l10n-ja-4.0.3.3.26-0.10.1 libreoffice-l10n-ko-4.0.3.3.26-0.10.1 libreoffice-l10n-nb-4.0.3.3.26-0.10.1 libreoffice-l10n-nl-4.0.3.3.26-0.10.1 libreoffice-l10n-nn-4.0.3.3.26-0.10.1 libreoffice-l10n-pl-4.0.3.3.26-0.10.1 libreoffice-l10n-pt-4.0.3.3.26-0.10.1 libreoffice-l10n-pt-BR-4.0.3.3.26-0.10.1 libreoffice-l10n-ru-4.0.3.3.26-0.10.1 libreoffice-l10n-sk-4.0.3.3.26-0.10.1 libreoffice-l10n-sv-4.0.3.3.26-0.10.1 libreoffice-l10n-xh-4.0.3.3.26-0.10.1 libreoffice-l10n-zh-CN-4.0.3.3.26-0.10.1 libreoffice-l10n-zh-TW-4.0.3.3.26-0.10.1 libreoffice-l10n-zu-4.0.3.3.26-0.10.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]: libreoffice-4.0.3.3.26-0.10.2 libreoffice-base-4.0.3.3.26-0.10.2 libreoffice-base-drivers-postgresql-4.0.3.3.26-0.10.2 libreoffice-base-extensions-4.0.3.3.26-0.10.2 libreoffice-calc-4.0.3.3.26-0.10.2 libreoffice-calc-extensions-4.0.3.3.26-0.10.2 libreoffice-draw-4.0.3.3.26-0.10.2 libreoffice-draw-extensions-4.0.3.3.26-0.10.2 libreoffice-filters-optional-4.0.3.3.26-0.10.2 libreoffice-gnome-4.0.3.3.26-0.10.2 libreoffice-impress-4.0.3.3.26-0.10.2 libreoffice-impress-extensions-4.0.3.3.26-0.10.2 libreoffice-kde-4.0.3.3.26-0.10.2 libreoffice-kde4-4.0.3.3.26-0.10.2 libreoffice-mailmerge-4.0.3.3.26-0.10.2 libreoffice-math-4.0.3.3.26-0.10.2 libreoffice-mono-4.0.3.3.26-0.10.2 libreoffice-officebean-4.0.3.3.26-0.10.2 libreoffice-pyuno-4.0.3.3.26-0.10.2 libreoffice-writer-4.0.3.3.26-0.10.2 libreoffice-writer-extensions-4.0.3.3.26-0.10.2 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 4.0.3.3.26]: libreoffice-help-cs-4.0.3.3.26-0.10.2 libreoffice-help-da-4.0.3.3.26-0.10.2 libreoffice-help-de-4.0.3.3.26-0.10.2 libreoffice-help-en-GB-4.0.3.3.26-0.10.2 libreoffice-help-en-US-4.0.3.3.26-0.10.2 libreoffice-help-es-4.0.3.3.26-0.10.2 libreoffice-help-fr-4.0.3.3.26-0.10.2 libreoffice-help-gu-IN-4.0.3.3.26-0.10.2 libreoffice-help-hi-IN-4.0.3.3.26-0.10.2 libreoffice-help-hu-4.0.3.3.26-0.10.2 libreoffice-help-it-4.0.3.3.26-0.10.2 libreoffice-help-ja-4.0.3.3.26-0.10.2 libreoffice-help-ko-4.0.3.3.26-0.10.2 libreoffice-help-nl-4.0.3.3.26-0.10.2 libreoffice-help-pl-4.0.3.3.26-0.10.2 libreoffice-help-pt-4.0.3.3.26-0.10.2 libreoffice-help-pt-BR-4.0.3.3.26-0.10.2 libreoffice-help-ru-4.0.3.3.26-0.10.2 libreoffice-help-sv-4.0.3.3.26-0.10.2 libreoffice-help-zh-CN-4.0.3.3.26-0.10.2 libreoffice-help-zh-TW-4.0.3.3.26-0.10.2 libreoffice-icon-themes-4.0.3.3.26-0.10.1 libreoffice-l10n-af-4.0.3.3.26-0.10.1 libreoffice-l10n-ar-4.0.3.3.26-0.10.1 libreoffice-l10n-ca-4.0.3.3.26-0.10.1 libreoffice-l10n-cs-4.0.3.3.26-0.10.1 libreoffice-l10n-da-4.0.3.3.26-0.10.1 libreoffice-l10n-de-4.0.3.3.26-0.10.1 libreoffice-l10n-en-GB-4.0.3.3.26-0.10.1 libreoffice-l10n-es-4.0.3.3.26-0.10.1 libreoffice-l10n-fi-4.0.3.3.26-0.10.1 libreoffice-l10n-fr-4.0.3.3.26-0.10.1 libreoffice-l10n-gu-IN-4.0.3.3.26-0.10.1 libreoffice-l10n-hi-IN-4.0.3.3.26-0.10.1 libreoffice-l10n-hu-4.0.3.3.26-0.10.1 libreoffice-l10n-it-4.0.3.3.26-0.10.1 libreoffice-l10n-ja-4.0.3.3.26-0.10.1 libreoffice-l10n-ko-4.0.3.3.26-0.10.1 libreoffice-l10n-nb-4.0.3.3.26-0.10.1 libreoffice-l10n-nl-4.0.3.3.26-0.10.1 libreoffice-l10n-nn-4.0.3.3.26-0.10.1 libreoffice-l10n-pl-4.0.3.3.26-0.10.1 libreoffice-l10n-pt-4.0.3.3.26-0.10.1 libreoffice-l10n-pt-BR-4.0.3.3.26-0.10.1 libreoffice-l10n-ru-4.0.3.3.26-0.10.1 libreoffice-l10n-sk-4.0.3.3.26-0.10.1 libreoffice-l10n-sv-4.0.3.3.26-0.10.1 libreoffice-l10n-xh-4.0.3.3.26-0.10.1 libreoffice-l10n-zh-CN-4.0.3.3.26-0.10.1 libreoffice-l10n-zh-TW-4.0.3.3.26-0.10.1 libreoffice-l10n-zu-4.0.3.3.26-0.10.1 References: http://support.novell.com/security/cve/CVE-2014-3693.html https://bugzilla.suse.com/show_bug.cgi?id=900214 https://bugzilla.suse.com/show_bug.cgi?id=900218 http://download.suse.com/patch/finder/?keywords=db57231a4f71ea060e6ffd389c761b73 From sle-updates at lists.suse.com Tue Dec 2 17:04:44 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Dec 2014 01:04:44 +0100 (CET) Subject: SUSE-SU-2014:1545-1: important: Security update for flash-player Message-ID: <20141203000444.3DA2C32294@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1545-1 Rating: important References: #907257 Cross-References: CVE-2014-8439 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: The following vulnerability is fixed with this update: * bnc#907257 hardening against a remote code execution flaw (APSB14-26) Security Issues: * CVE-2014-8439 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-10023 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.424]: flash-player-11.2.202.424-0.3.1 flash-player-gnome-11.2.202.424-0.3.1 flash-player-kde4-11.2.202.424-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-8439.html https://bugzilla.suse.com/show_bug.cgi?id=907257 http://download.suse.com/patch/finder/?keywords=3982bdc1e32d85b48703af1cc342821b From sle-updates at lists.suse.com Wed Dec 3 09:04:42 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Dec 2014 17:04:42 +0100 (CET) Subject: SUSE-SU-2014:1549-1: important: Security update for java-1_7_1-ibm Message-ID: <20141203160442.8232632338@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1549-1 Rating: important References: #901223 #901239 #904889 Cross-References: CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: java-1_7_1-ibm was updated to version 1.7.1_sr1.2 to fix 21 security issues. These security issues were fixed: - Unspecified vulnerability in Oracle Java (CVE-2014-3065). - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (CVE-2014-3566). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (CVE-2014-6513). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2014-6456). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (CVE-2014-6503). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (CVE-2014-6532). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-4288). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (CVE-2014-6493). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6492). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6458). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (CVE-2014-6466). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (CVE-2014-6506). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527 (CVE-2014-6476). - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (CVE-2014-6515). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (CVE-2014-6511). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (CVE-2014-6531). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6512). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (CVE-2014-6457). - Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476 (CVE-2014-6527). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (CVE-2014-6502). - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (CVE-2014-6558). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-95 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-95 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr2.0-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr2.0-4.1 java-1_7_1-ibm-jdbc-1.7.1_sr2.0-4.1 - SUSE Linux Enterprise Server 12 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr2.0-4.1 java-1_7_1-ibm-plugin-1.7.1_sr2.0-4.1 References: http://support.novell.com/security/cve/CVE-2014-3065.html http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-4288.html http://support.novell.com/security/cve/CVE-2014-6456.html http://support.novell.com/security/cve/CVE-2014-6457.html http://support.novell.com/security/cve/CVE-2014-6458.html http://support.novell.com/security/cve/CVE-2014-6466.html http://support.novell.com/security/cve/CVE-2014-6476.html http://support.novell.com/security/cve/CVE-2014-6492.html http://support.novell.com/security/cve/CVE-2014-6493.html http://support.novell.com/security/cve/CVE-2014-6502.html http://support.novell.com/security/cve/CVE-2014-6503.html http://support.novell.com/security/cve/CVE-2014-6506.html http://support.novell.com/security/cve/CVE-2014-6511.html http://support.novell.com/security/cve/CVE-2014-6512.html http://support.novell.com/security/cve/CVE-2014-6513.html http://support.novell.com/security/cve/CVE-2014-6515.html http://support.novell.com/security/cve/CVE-2014-6527.html http://support.novell.com/security/cve/CVE-2014-6531.html http://support.novell.com/security/cve/CVE-2014-6532.html http://support.novell.com/security/cve/CVE-2014-6558.html https://bugzilla.suse.com/show_bug.cgi?id=901223 https://bugzilla.suse.com/show_bug.cgi?id=901239 https://bugzilla.suse.com/show_bug.cgi?id=904889 From sle-updates at lists.suse.com Wed Dec 3 11:04:44 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Dec 2014 19:04:44 +0100 (CET) Subject: SUSE-RU-2014:1550-1: Recommended update for papi Message-ID: <20141203180444.104F432338@maintenance.suse.de> SUSE Recommended Update: Recommended update for papi ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1550-1 Rating: low References: #901134 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for papi fixes an access beyond array bounds on POWER8. (bnc#901134) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-96 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-96 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le x86_64): papi-debuginfo-5.3.0-7.1 papi-debugsource-5.3.0-7.1 papi-devel-5.3.0-7.1 papi-devel-static-5.3.0-7.1 - SUSE Linux Enterprise Server 12 (ppc64le x86_64): libpapi-5.3.0-7.1 libpapi-debuginfo-5.3.0-7.1 papi-5.3.0-7.1 papi-debuginfo-5.3.0-7.1 papi-debugsource-5.3.0-7.1 - SUSE Linux Enterprise Server 12 (x86_64): libpapi-32bit-5.3.0-7.1 libpapi-debuginfo-32bit-5.3.0-7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=901134 From sle-updates at lists.suse.com Thu Dec 4 03:04:40 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Dec 2014 11:04:40 +0100 (CET) Subject: SUSE-RU-2014:1551-1: moderate: Recommended update for SUSE Manager Server 2.1 Message-ID: <20141204100440.6371E3233A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1551-1 Rating: moderate References: #879992 #880936 #881111 #883009 #883379 #884051 #884081 #886391 #887538 #889363 #889605 #889721 #889739 #889905 #892707 #896238 #896244 #896254 #896844 #898242 #898428 #899266 #900956 #901958 #903720 #904959 Affected Products: SUSE Manager Server ______________________________________________________________________________ An update that has 26 recommended fixes can now be installed. It includes 17 new package versions. Description: This collective update for SUSE Manager Server 2.1 provides the following fixes and enhancements: cobbler: * Require syslinux-x86_64 on s390x. (bsc#884051) * Fix fetching of profiles for auto-installation. (bsc#880936) oracle-config: * No need to pre-require Apache as its user and group are available in the base system. osad: * Enable and install osad during first installation. (bsc#901958) * Fix traceback if http proxy is not configured. * Support communication over proxy. pxe-default-image: * Add bind-utils (dig) to packagelist. (bsc#889739) smdba: * Fully hot operations for PostgreSQL. * Fix "system check breaks backup and other configuration". * Implement rotating PostgreSQL backup. (bsc#896244) spacecmd: * Fix listupgrades. (bsc#892707) * Make print_result a static method of SpacewalkShell. (bsc#889605) spacewalk-backend: * Use the old style ISS method with NCC backend. * Make spacewalk-debug SCC migration compatible. * ISS: Export/import subscriptions and entitlements. * ISS: Remove old import code for NCC products and subscriptions. * ISS: Export/import suseProductChannels and suseUpgradePaths via ISS. * ISS: Export/import SUSE Products via ISS. * Fix cleanup when database init goes wrong. * Update channel checksum type for vendor channels. * Read mirror credentials from database depending on the Customer Center backend. * Speed up satellite-sync by avoiding commonly-called dblink_exec. * Backend should correctly checksum configuration files with macros. * Fix spacewalk-debug to be fully PostgreSQL aware. * Correct UTF8 configuration files from being marked as binary. * Preserve the query parameters in the URL. * Allow missing packages in patches if they are not part of this repository. * Handle SLE 12 update tag correctly in reposync. * Fix traceback when pushing RPMs with archive size greater than 4GB. * Queue server for errata cache update when package list changes. * Recognize oVirt node as virtual system. spacewalk-branding: * Integrate the refresh dialog with the setup wizard products page. * Implement new "mgr-sync-refresh" taskomatic job. * End-user documentation clarification. spacewalk-certs-tools: * bootstrap.sh: When installing certificate via rpm, support both curl and wget. * bootstrap.sh: Fail if both curl and wget are missing. * bootstrap.sh: Install certificate in the right location on SLE 12. * Fix removal of existing host key entries. (bsc#886391) spacewalk-client-tools: * Allow unicode characters in proxy username and password. * Send correct hostname. (bsc#887538) spacewalk-config: * Add recommended Apache settings from the Security Team. spacewalk-java: * Sync correct repositories. (bnc#904959) * No refresh if this server is an ISS slave. * Refresh is needed only if we are migrated to use SCC yet. * Integrate the refresh dialog with the setup wizard products page. * Implement new "mgr-sync-refresh" taskomatic job. * Introduce caching of repositories read from SCC. * Fix pxt page link to point to the ported version of that page. (bsc#903720) * Only show the SMT warning if we are using from-mirror or from-dir. * Add progress and reload page after finish. * Do not allow to cancel the kickstart once completed. * Don't schedule a remote-cmd if the system can't execute it. * Schedule configuration actions asynchronously. * Correctly apply patches to multiple systems in SSM. (bsc#898242) * Ping SCC for testing proxy status if SCC is enabled. * Implement the API methods to work with mirror credentials. * Fix CVE audit when some packages of a patch are already installed. (bsc#899266) * Download CSV button does not export all columns ("Base Channel" missing). (bsc#896238) * Support SCC API v4 and token authentication with updates.suse.com. * Official repository host is now updates.suse.com (after channels.xml change). * Support list/add channels and products with SCC. * SCC client for managing products and channels. * Implement SLE 12 style of update tag handling while generating updateinfo. * Add Korea to the list of timezones. * Read and display only a limited number of logfile lines. (bsc#883009) * Fix package upgrade via SSM. (bsc#889721) * Fix logrotate for /var/log/rhn/rhn_web_api.log. (bsc#884081) spacewalk-reports: * Improve documentation. * Do not sort multival values within one column to match other multival values (in another columns). spacewalk-search: * Set newly constructed "db_name" even if db_ssl_enabled is disabled. * Fix package searching in shared channels. spacewalk-setup: * No activation if database population should be skipped. (bsc#900956) * Give Tomcat read permissions on the NCCcredentials file. * Do not enable spacewalk-service in runlevel 4. (bsc#879992) spacewalk-utils: * Add openSUSE 13.2 repositories to spacewalk-common-channels. * Improve clone-by-date dependency resolution. * Make clone-by-date able to specify --parents from configuration file. * Add CentOS 7 and EPEL 7 channels. spacewalk-web: * Integrate the refresh dialog with the setup wizard products page. * Add aarch64 and ppc64le to parent-child channel compatibility list. * WebUI cloning should use the same SQL query as API. susemanager-manuals_en, susemanager-jsp_en: * Clarification about supported Web browsers. (bsc#889905) susemanager-schema: * Add SLE 12 distribution targets to database. * Fix evr_t schema upgrade. (bsc#881111) * Allow evr_t to be compared with NULL in Oracle. (bsc#881111) * Speed up satellite-sync by avoiding commonly-called dblink_exec. * Make configuration file deletion faster if there are lots of snapshots. * Add Fedora 21 and CentOS 7 GPG keys. * Add support to ppc64le architecture. * Add Korea to the list of timezones. susemanager: * Schedule refresh after setup with SCC. * On an ISS slave, disallow the use of mgr-sync with the exception of enable-scc. * Recommend to run refresh after credentials are changed. * ISS setup for SCC do not need mirror credentials anymore. * Rename "Mirror Credentials" to "Organization Credentials" for SCC. * Complete initial setup with SCC. * Added --from-options switch to mgr-sync. * Replace /etc/motd after setup. (bsc#883379) * Adapt YaST setup to check credentials against SCC. * Added mirror credential manipulation functions to mgr-sync. * Implement mgr-sync to manage products and channels from SCC. * Make mgr-create-bootstrap-repo SCC and SLE 12 aware. suseRegisterInfo: * Re-add legacy suse_register_info to successfully perform the update. (bsc#898428) zypp-plugin-spacewalk: * Check for retrieveOnly option in up2date configuration and set download_only. (bsc#896254) * Changed the spec file to force usage of the official python VM. (bsc#889363) yum: * Preserve query parameters in URLs. (bsc#896844) The following new packages have been added to the product: susemanager-sync-data, google-gson, python-enum34. How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema with spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-suse-manager-21-201411-9952 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (x86_64) [New Version: 1.4,2.1.14,2.1.25.5,2.1.33.8,2.1.55.12 and 2.1.9]: cobbler-2.2.2-0.46.35 python-enum34-1.0-0.7.1 smdba-1.4-0.7.1 spacecmd-2.1.25.5-0.7.1 spacewalk-backend-2.1.55.12-0.7.2 spacewalk-backend-app-2.1.55.12-0.7.2 spacewalk-backend-applet-2.1.55.12-0.7.2 spacewalk-backend-config-files-2.1.55.12-0.7.2 spacewalk-backend-config-files-common-2.1.55.12-0.7.2 spacewalk-backend-config-files-tool-2.1.55.12-0.7.2 spacewalk-backend-iss-2.1.55.12-0.7.2 spacewalk-backend-iss-export-2.1.55.12-0.7.2 spacewalk-backend-libs-2.1.55.12-0.7.2 spacewalk-backend-package-push-server-2.1.55.12-0.7.2 spacewalk-backend-server-2.1.55.12-0.7.2 spacewalk-backend-sql-2.1.55.12-0.7.2 spacewalk-backend-sql-oracle-2.1.55.12-0.7.2 spacewalk-backend-sql-postgresql-2.1.55.12-0.7.2 spacewalk-backend-tools-2.1.55.12-0.7.2 spacewalk-backend-xml-export-libs-2.1.55.12-0.7.2 spacewalk-backend-xmlrpc-2.1.55.12-0.7.2 spacewalk-branding-2.1.33.8-0.7.1 suseRegisterInfo-2.1.9-0.7.1 susemanager-2.1.14-0.7.2 susemanager-tools-2.1.14-0.7.2 yum-3.2.29-0.19.1 yum-common-3.2.29-0.19.1 zypp-plugin-spacewalk-0.9.8-0.15.1 - SUSE Manager Server (noarch) [New Version: 2.1.14.5,2.1.14.7,2.1.14.8,2.1.16.5,2.1.165.10,2.1.27.10,2.1.5.3,2.1.50.9,2.1.6.3,2.1.60.10 and 5.11.33.5]: google-gson-2.2.4-0.7.1 oracle-config-1.1-0.10.10.1 osa-dispatcher-5.11.33.5-0.7.1 pxe-default-image-0.1-0.18.2 spacewalk-base-2.1.60.10-0.7.1 spacewalk-base-minimal-2.1.60.10-0.7.1 spacewalk-base-minimal-config-2.1.60.10-0.7.1 spacewalk-certs-tools-2.1.6.3-0.7.1 spacewalk-check-2.1.16.5-0.7.1 spacewalk-client-setup-2.1.16.5-0.7.1 spacewalk-client-tools-2.1.16.5-0.7.1 spacewalk-config-2.1.5.3-0.7.2 spacewalk-grail-2.1.60.10-0.7.1 spacewalk-html-2.1.60.10-0.7.1 spacewalk-java-2.1.165.10-0.7.1 spacewalk-java-config-2.1.165.10-0.7.1 spacewalk-java-lib-2.1.165.10-0.7.1 spacewalk-java-oracle-2.1.165.10-0.7.1 spacewalk-java-postgresql-2.1.165.10-0.7.1 spacewalk-pxt-2.1.60.10-0.7.1 spacewalk-reports-2.1.14.7-0.7.1 spacewalk-search-2.1.14.5-0.7.1 spacewalk-setup-2.1.14.8-0.7.1 spacewalk-sniglets-2.1.60.10-0.7.1 spacewalk-taskomatic-2.1.165.10-0.7.1 spacewalk-utils-2.1.27.10-0.7.3 susemanager-client-config_en-pdf-2.1-0.11.4 susemanager-install_en-pdf-2.1-0.11.4 susemanager-jsp_en-2.1-0.11.4 susemanager-manuals_en-2.1-0.11.4 susemanager-proxy-quick_en-pdf-2.1-0.11.4 susemanager-reference_en-pdf-2.1-0.11.4 susemanager-schema-2.1.50.9-0.7.1 susemanager-sync-data-2.1.3-0.7.1 susemanager-user_en-pdf-2.1-0.11.4 References: https://bugzilla.suse.com/show_bug.cgi?id=879992 https://bugzilla.suse.com/show_bug.cgi?id=880936 https://bugzilla.suse.com/show_bug.cgi?id=881111 https://bugzilla.suse.com/show_bug.cgi?id=883009 https://bugzilla.suse.com/show_bug.cgi?id=883379 https://bugzilla.suse.com/show_bug.cgi?id=884051 https://bugzilla.suse.com/show_bug.cgi?id=884081 https://bugzilla.suse.com/show_bug.cgi?id=886391 https://bugzilla.suse.com/show_bug.cgi?id=887538 https://bugzilla.suse.com/show_bug.cgi?id=889363 https://bugzilla.suse.com/show_bug.cgi?id=889605 https://bugzilla.suse.com/show_bug.cgi?id=889721 https://bugzilla.suse.com/show_bug.cgi?id=889739 https://bugzilla.suse.com/show_bug.cgi?id=889905 https://bugzilla.suse.com/show_bug.cgi?id=892707 https://bugzilla.suse.com/show_bug.cgi?id=896238 https://bugzilla.suse.com/show_bug.cgi?id=896244 https://bugzilla.suse.com/show_bug.cgi?id=896254 https://bugzilla.suse.com/show_bug.cgi?id=896844 https://bugzilla.suse.com/show_bug.cgi?id=898242 https://bugzilla.suse.com/show_bug.cgi?id=898428 https://bugzilla.suse.com/show_bug.cgi?id=899266 https://bugzilla.suse.com/show_bug.cgi?id=900956 https://bugzilla.suse.com/show_bug.cgi?id=901958 https://bugzilla.suse.com/show_bug.cgi?id=903720 https://bugzilla.suse.com/show_bug.cgi?id=904959 http://download.suse.com/patch/finder/?keywords=e04bae2d808db65ad015cec0cba15fbb From sle-updates at lists.suse.com Thu Dec 4 03:09:04 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Dec 2014 11:09:04 +0100 (CET) Subject: SUSE-RU-2014:1552-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20141204100904.246F83233A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1552-1 Rating: moderate References: #880936 #885997 #887538 #889363 #896254 #898428 #901958 Affected Products: SUSE Manager Client Tools for SLE 11 SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for SUSE Manager Client Tools provides the following fixes and enhancements: osad: * Enable and install osad during first installation. (bsc#901958) * Fix traceback if http proxy is not configured. * Support communication over proxy. rhncfg: * Fix error in rhncfg if SELinux is disabled. * Balidate the content of configuration files before deploying. * Avoid traceback with a configuration file upload action with no SELinux context. * Ensure WebUI configuration file diff looks at owner and permissions. spacewalk-backend-libs: * Fix traceback when pushing RPMs with archive size greater than 4GB. spacewalk-client-tools: * Allow unicode characters in proxy username / password. * Send correct hostname. (bsc#887538) spacewalk-koan: * Fix crash when installing via DHCP. * Fix provisioning of a registered server on SLES with static IP address. (bsc#880936) spacewalk-oscap: * Avoid creating profile with empty id. spacewalk-remote-utils: * Add channel definitions for RHEL 5.11 and RHEL 7.0. suseRegisterInfo: * Re-add legacy suse_register_info to successfully perform the update. (bsc#898428) zypp-plugin-spacewalk: * Check for retrieveOnly option in up2date configuration and set download_only. (bsc#896254) * Changed the spec file to force usage of the official python VM. (bsc#889363) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP3: zypper in -t patch slesctsp3-client-tools-21-201411-9961 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP3 (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.46.35 spacewalk-backend-libs-2.1.55.12-0.7.2 suseRegisterInfo-2.1.9-0.7.1 zypp-plugin-spacewalk-0.9.8-0.15.1 - SUSE Manager Client Tools for SLE 11 SP3 (noarch): osad-5.11.33.5-0.7.1 rhncfg-5.10.65.8-0.7.1 rhncfg-actions-5.10.65.8-0.7.1 rhncfg-client-5.10.65.8-0.7.1 rhncfg-management-5.10.65.8-0.7.1 spacewalk-check-2.1.16.5-0.7.1 spacewalk-client-setup-2.1.16.5-0.7.1 spacewalk-client-tools-2.1.16.5-0.7.1 spacewalk-koan-2.1.4.8-0.7.1 spacewalk-oscap-0.0.23.4-0.7.1 spacewalk-remote-utils-2.1.3.6-0.7.2 References: https://bugzilla.suse.com/show_bug.cgi?id=880936 https://bugzilla.suse.com/show_bug.cgi?id=885997 https://bugzilla.suse.com/show_bug.cgi?id=887538 https://bugzilla.suse.com/show_bug.cgi?id=889363 https://bugzilla.suse.com/show_bug.cgi?id=896254 https://bugzilla.suse.com/show_bug.cgi?id=898428 https://bugzilla.suse.com/show_bug.cgi?id=901958 http://download.suse.com/patch/finder/?keywords=cb9e6575c9bee77f269756980e2cf2ca From sle-updates at lists.suse.com Thu Dec 4 03:10:15 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Dec 2014 11:10:15 +0100 (CET) Subject: SUSE-RU-2014:1553-1: moderate: Recommended update for SUSE Manager Proxy 2.1 Message-ID: <20141204101015.DF64B3233A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1553-1 Rating: moderate References: #885997 #886391 #887538 #889363 #896254 #898428 #901958 Affected Products: SUSE Manager Proxy ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. It includes 9 new package versions. Description: This collective update for SUSE Manager Proxy 2.1 provides the following fixes and enhancements: osad: * Enable and install osad during first installation. (bsc#901958) * Fix traceback if http proxy is not configured. * Support communication over proxy. rhncfg: * Fix error in rhncfg if SELinux is disabled. * Balidate the content of configuration files before deploying. * Avoid traceback with a configuration file upload action with no SELinux context. * Ensure WebUI configuration file diff looks at owner and permissions. spacewalk-backend: * Use the old style ISS method with NCC backend. * Make spacewalk-debug SCC migration compatible. * ISS: Export/import subscriptions and entitlements. * ISS: Remove old import code for NCC products and subscriptions. * ISS: Export/import suseProductChannels and suseUpgradePaths via ISS. * ISS: Export/import SUSE Products via ISS. * Fix cleanup when database init goes wrong. * Update channel checksum type for vendor channels. * Read mirror credentials from database depending on the Customer Center backend. * Speed up satellite-sync by avoiding commonly-called dblink_exec. * Backend should correctly checksum configuration files with macros. * Fix spacewalk-debug to be fully PostgreSQL aware. * Correct UTF8 configuration files from being marked as binary. * Preserve the query parameters in the URL. * Allow missing packages in patches if they are not part of this repository. * Handle SLE 12 update tag correctly in reposync. * Fix traceback when pushing RPMs with archive size greater than 4GB. * Queue server for errata cache update when package list changes. * Recognize oVirt node as virtual system. spacewalk-certs-tools: * bootstrap.sh: When installing certificate via rpm, support both curl and wget. * bootstrap.sh: Fail if both curl and wget are missing. * bootstrap.sh: Install certificate in the right location on SLE 12. * Fix removal of existing host key entries. (bsc#886391) spacewalk-client-tools: * Allow unicode characters in proxy username / password. * Send correct hostname. (bsc#887538) spacewalk-proxy-installer: * Don't hardcode systemid path in rhn-proxy-activate. * Remove duplicate Summary and Group entries. spacewalk-remote-utils: * Add channel definitions for RHEL 5.11 and RHEL 7.0. spacewalk-web: * Integrate the refresh dialog with the setup wizard products page. * Add aarch64 and ppc64le to parent-child channel compatibility list. * WebUI cloning should use the same SQL query as API. suseRegisterInfo: * Re-add legacy suse_register_info to successfully perform the update. (bsc#898428) zypp-plugin-spacewalk: * Check for retrieveOnly option in up2date configuration and set download_only. (bsc#896254) * Changed the spec file to force usage of the official python VM. (bsc#889363) The following new packages have been added to the product: python-enum34. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy: zypper in -t patch slemap21-suse-manager-proxy-21-201411-9946 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy (x86_64) [New Version: 2.1.55.12 and 2.1.9]: python-enum34-1.0-0.7.1 spacewalk-backend-2.1.55.12-0.7.2 spacewalk-backend-libs-2.1.55.12-0.7.2 suseRegisterInfo-2.1.9-0.7.1 zypp-plugin-spacewalk-0.9.8-0.15.1 - SUSE Manager Proxy (noarch) [New Version: 2.1.16.5,2.1.3.6,2.1.6.3,2.1.6.6,2.1.60.10,5.10.65.8 and 5.11.33.5]: osad-5.11.33.5-0.7.1 rhncfg-5.10.65.8-0.7.1 rhncfg-actions-5.10.65.8-0.7.1 rhncfg-client-5.10.65.8-0.7.1 rhncfg-management-5.10.65.8-0.7.1 spacewalk-base-minimal-2.1.60.10-0.7.1 spacewalk-base-minimal-config-2.1.60.10-0.7.1 spacewalk-certs-tools-2.1.6.3-0.7.1 spacewalk-check-2.1.16.5-0.7.1 spacewalk-client-setup-2.1.16.5-0.7.1 spacewalk-client-tools-2.1.16.5-0.7.1 spacewalk-proxy-installer-2.1.6.6-0.7.2 spacewalk-remote-utils-2.1.3.6-0.7.2 References: https://bugzilla.suse.com/show_bug.cgi?id=885997 https://bugzilla.suse.com/show_bug.cgi?id=886391 https://bugzilla.suse.com/show_bug.cgi?id=887538 https://bugzilla.suse.com/show_bug.cgi?id=889363 https://bugzilla.suse.com/show_bug.cgi?id=896254 https://bugzilla.suse.com/show_bug.cgi?id=898428 https://bugzilla.suse.com/show_bug.cgi?id=901958 http://download.suse.com/patch/finder/?keywords=3236a93a6ce4737550bdf003bbc00af6 From sle-updates at lists.suse.com Thu Dec 4 03:11:29 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Dec 2014 11:11:29 +0100 (CET) Subject: SUSE-RU-2014:1554-1: moderate: Recommended update for SUSE Manager Client Tools 2.1 Message-ID: <20141204101129.8B7F33233C@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1554-1 Rating: moderate References: #850105 #865313 #885997 #887538 #889363 #896254 #898428 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. It includes two new package versions. Description: This update provides SUSE Manager Client Tools 2.1, which brings many fixes and enhancements: spacewalk-client-tools: * Allow unicode characters in proxy username / password. * Send correct hostname. (bsc#887538) suseRegisterInfo: * Re-add legacy suse_register_info to successfully perform the update. (bsc#898428) * Fix boolean test for zypper output. (bsc#865313) * Fix suseRegisterInfo for RHEL5 systems. (bsc#885997) zypp-plugin-spacewalk: * Check for retrieveOnly option in up2date configuration and set download_only. (bsc#896254) * Changed the spec file to force usage of the official python VM. (bsc#889363) * Prepare packages.setLocks action for SUMA-2.1. (fate#312359) * Require rhn-client-tools >= 1.7.7 which contains utf8_encode function. (bsc#850105) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-client-tools-21-201411-9966 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-client-tools-21-201411-9966 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-client-tools-21-201411-9966 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 0.9.8]: suseRegisterInfo-2.1.9-0.7.1 zypp-plugin-spacewalk-0.9.8-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2.1.16.5]: spacewalk-check-2.1.16.5-0.7.1 spacewalk-client-setup-2.1.16.5-0.7.1 spacewalk-client-tools-2.1.16.5-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.8]: suseRegisterInfo-2.1.9-0.7.1 zypp-plugin-spacewalk-0.9.8-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2.1.16.5]: spacewalk-check-2.1.16.5-0.7.1 spacewalk-client-setup-2.1.16.5-0.7.1 spacewalk-client-tools-2.1.16.5-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.9.8]: suseRegisterInfo-2.1.9-0.7.1 zypp-plugin-spacewalk-0.9.8-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2.1.16.5]: spacewalk-check-2.1.16.5-0.7.1 spacewalk-client-setup-2.1.16.5-0.7.1 spacewalk-client-tools-2.1.16.5-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=850105 https://bugzilla.suse.com/show_bug.cgi?id=865313 https://bugzilla.suse.com/show_bug.cgi?id=885997 https://bugzilla.suse.com/show_bug.cgi?id=887538 https://bugzilla.suse.com/show_bug.cgi?id=889363 https://bugzilla.suse.com/show_bug.cgi?id=896254 https://bugzilla.suse.com/show_bug.cgi?id=898428 http://download.suse.com/patch/finder/?keywords=637e971c3a746f1e3cde8203ac58385d From sle-updates at lists.suse.com Thu Dec 4 07:04:45 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Dec 2014 15:04:45 +0100 (CET) Subject: SUSE-SU-2014:1555-1: moderate: Security update for file Message-ID: <20141204140445.302723233B@maintenance.suse.de> SUSE Security Update: Security update for file ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1555-1 Rating: moderate References: #888308 #902367 Cross-References: CVE-2014-3710 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: file was updated to fix one security issue. This security issue was fixed: - Out-of-bounds read in elf note headers (CVE-2014-3710). This non-security issues was fixed: - Correctly identify GDBM files created by libgdbm4 (bnc#888308). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-97 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-97 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-97 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): file-debuginfo-5.19-5.2 file-debugsource-5.19-5.2 file-devel-5.19-5.2 python-magic-5.19-5.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): file-5.19-5.2 file-debuginfo-5.19-5.2 file-debugsource-5.19-5.2 file-magic-5.19-5.2 libmagic1-5.19-5.2 libmagic1-debuginfo-5.19-5.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libmagic1-32bit-5.19-5.2 libmagic1-debuginfo-32bit-5.19-5.2 - SUSE Linux Enterprise Desktop 12 (x86_64): file-5.19-5.2 file-debuginfo-5.19-5.2 file-debugsource-5.19-5.2 file-magic-5.19-5.2 libmagic1-32bit-5.19-5.2 libmagic1-5.19-5.2 libmagic1-debuginfo-32bit-5.19-5.2 libmagic1-debuginfo-5.19-5.2 References: http://support.novell.com/security/cve/CVE-2014-3710.html https://bugzilla.suse.com/show_bug.cgi?id=888308 https://bugzilla.suse.com/show_bug.cgi?id=902367 From sle-updates at lists.suse.com Thu Dec 4 11:04:46 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Dec 2014 19:04:46 +0100 (CET) Subject: SUSE-RU-2014:1556-1: Recommended update for crowbar-barclamp-swift Message-ID: <20141204180446.4307C3233B@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-swift ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1556-1 Rating: low References: #879095 #896481 #897815 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crowbar-barclamp-swift provides the following fixes: * Use region from keystone settings. (bnc#896481) * Set the log level to match ceilometer's one. (bnc#879095) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-swift-9896 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-swift-1.8+git.1413211375.18590cb-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=879095 https://bugzilla.suse.com/show_bug.cgi?id=896481 https://bugzilla.suse.com/show_bug.cgi?id=897815 http://download.suse.com/patch/finder/?keywords=7939a79ae7e1a0581e7a36541cda9cd4 From sle-updates at lists.suse.com Thu Dec 4 12:04:41 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Dec 2014 20:04:41 +0100 (CET) Subject: SUSE-SU-2014:1557-1: moderate: Security update for compat-openssl097g Message-ID: <20141204190441.6A2263233A@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1557-1 Rating: moderate References: #802184 #880891 #890764 #901223 #901277 #905106 Cross-References: CVE-2013-0166 CVE-2013-0169 CVE-2014-0224 CVE-2014-3470 CVE-2014-3508 CVE-2014-3566 CVE-2014-3568 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues: * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV (CVE-2014-3566) * Information leak in pretty printing functions (CVE-2014-3508) * OCSP bad key DoS attack (CVE-2013-0166) * SSL/TLS CBC plaintext recovery attack (CVE-2013-0169) * Anonymous ECDH denial of service (CVE-2014-3470) * SSL/TLS MITM vulnerability (CVE-2014-0224) Security Issues: * CVE-2013-0166 * CVE-2013-0169 * CVE-2014-0224 * CVE-2014-3470 * CVE-2014-3508 * CVE-2014-3566 * CVE-2014-3568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP1: zypper in -t patch slesapp1-compat-openssl097g-10032 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP1 (x86_64): compat-openssl097g-0.9.7g-146.22.25.1 compat-openssl097g-32bit-0.9.7g-146.22.25.1 References: http://support.novell.com/security/cve/CVE-2013-0166.html http://support.novell.com/security/cve/CVE-2013-0169.html http://support.novell.com/security/cve/CVE-2014-0224.html http://support.novell.com/security/cve/CVE-2014-3470.html http://support.novell.com/security/cve/CVE-2014-3508.html http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-3568.html https://bugzilla.suse.com/show_bug.cgi?id=802184 https://bugzilla.suse.com/show_bug.cgi?id=880891 https://bugzilla.suse.com/show_bug.cgi?id=890764 https://bugzilla.suse.com/show_bug.cgi?id=901223 https://bugzilla.suse.com/show_bug.cgi?id=901277 https://bugzilla.suse.com/show_bug.cgi?id=905106 http://download.suse.com/patch/finder/?keywords=1d970165e44d09f727b7c89af11e885f From sle-updates at lists.suse.com Thu Dec 4 16:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Dec 2014 00:04:43 +0100 (CET) Subject: SUSE-SU-2014:1557-2: moderate: Security update for compat-openssl097g Message-ID: <20141204230443.D8ED23233A@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1557-2 Rating: moderate References: #802184 #880891 #890764 #901223 #901277 #905106 Cross-References: CVE-2013-0166 CVE-2013-0169 CVE-2014-0224 CVE-2014-3470 CVE-2014-3508 CVE-2014-3566 CVE-2014-3568 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues: * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV (CVE-2014-3566) * Information leak in pretty printing functions (CVE-2014-3508) * OCSP bad key DoS attack (CVE-2013-0166) * SSL/TLS CBC plaintext recovery attack (CVE-2013-0169) * Anonymous ECDH denial of service (CVE-2014-3470) * SSL/TLS MITM vulnerability (CVE-2014-0224) Security Issues: * CVE-2013-0166 * CVE-2013-0169 * CVE-2014-0224 * CVE-2014-3470 * CVE-2014-3508 * CVE-2014-3566 * CVE-2014-3568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-compat-openssl097g-10033 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): compat-openssl097g-0.9.7g-146.22.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): compat-openssl097g-32bit-0.9.7g-146.22.25.1 References: http://support.novell.com/security/cve/CVE-2013-0166.html http://support.novell.com/security/cve/CVE-2013-0169.html http://support.novell.com/security/cve/CVE-2014-0224.html http://support.novell.com/security/cve/CVE-2014-3470.html http://support.novell.com/security/cve/CVE-2014-3508.html http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-3568.html https://bugzilla.suse.com/show_bug.cgi?id=802184 https://bugzilla.suse.com/show_bug.cgi?id=880891 https://bugzilla.suse.com/show_bug.cgi?id=890764 https://bugzilla.suse.com/show_bug.cgi?id=901223 https://bugzilla.suse.com/show_bug.cgi?id=901277 https://bugzilla.suse.com/show_bug.cgi?id=905106 http://download.suse.com/patch/finder/?keywords=a12966f5561ba5e3afba4dc35a37d352 From sle-updates at lists.suse.com Thu Dec 4 17:04:49 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Dec 2014 01:04:49 +0100 (CET) Subject: SUSE-SU-2014:1558-1: moderate: Security update for pure-ftpd Message-ID: <20141205000449.9628432336@maintenance.suse.de> SUSE Security Update: Security update for pure-ftpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1558-1 Rating: moderate References: #828469 #856424 #902229 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: pure-ftpd was updated to fix one security issue and two non-security bugs: * SSLv2 and SSLv3 have been disabled to avoid the attack named POODLE (CVE-2014-3566, bnc#902229). * Added the disable_ascii option (bnc#828469). * Fixed wait on TLS handshake (bnc#856424). Security Issues: * CVE-2014-3566 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-pure-ftpd-10004 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-pure-ftpd-10004 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-pure-ftpd-10004 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): pure-ftpd-1.0.22-3.25.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): pure-ftpd-1.0.22-3.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): pure-ftpd-1.0.22-3.25.1 References: https://bugzilla.suse.com/show_bug.cgi?id=828469 https://bugzilla.suse.com/show_bug.cgi?id=856424 https://bugzilla.suse.com/show_bug.cgi?id=902229 http://download.suse.com/patch/finder/?keywords=05e51d386d4b3a9169d3b2bb5be13fc6 From sle-updates at lists.suse.com Thu Dec 4 17:05:25 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Dec 2014 01:05:25 +0100 (CET) Subject: SUSE-RU-2014:1559-1: Recommended update for openstack-dashboard Message-ID: <20141205000525.1321C3233A@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-dashboard ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1559-1 Rating: low References: #897815 #904190 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for openstack-dashboard provides stability fixes from the upstream OpenStack project: * Fixing Neutron Subnet Details help text * Tolerate completely missing floating_ips * Handle negative values in total*Used for Cinder absolute limits * Update WSGI app creation to be compatible with Django 1.7 * Run router dashboard unit tests by default * Fix issue with unavailable services in different regions (bnc#904190) * Handle negative values in total*Used for Cinder absolute limits * Workaround for negative vals in total*Used in nova absolute_limits * Update WSGI app creation to be compatible with Django 1.7 * Run router dashboard unit tests by default * Allow forms to disable autofill in all browsers * template to rely on the the "id" attribute * Long container names no longer break the page * TEMPLATE_DIRS must be a tuple * Set the correct min_disk size when creating volume from image * Fix endpoint error when running keystone on apache * Not able to delete a pseudo-folder via horizon * Proper port for LBaaS members * Use default_project_id as user project for keystone v3 * Rename add_error methods: Django 1.7 conflict * Add OS_REGION_NAME to openrc * Replace Ceilometer ClientException with HTTPException * Add missing "load url from future" in a container template Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-dashboard-1214-10030 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev10.g8226b97]: openstack-dashboard-2014.1.4.dev10.g8226b97-0.7.1 python-horizon-2014.1.4.dev10.g8226b97-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=897815 https://bugzilla.suse.com/show_bug.cgi?id=904190 http://download.suse.com/patch/finder/?keywords=aab78a8b31b412240c22166ec773799b From sle-updates at lists.suse.com Fri Dec 5 11:04:44 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Dec 2014 19:04:44 +0100 (CET) Subject: SUSE-SU-2014:1571-1: important: Security update for clamav Message-ID: <20141205180444.717903233D@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1571-1 Rating: important References: #899395 #903489 #903719 #904207 #906077 #906770 Cross-References: CVE-2013-6497 CVE-2014-9050 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. It includes one version update. Description: clamav was updated to version 0.98.5 to fix five security issues: * Crash when scanning maliciously crafted yoda's crypter files (CVE-2013-6497). * Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). * Fix heap corruption (CVE-2013-2020). * Fix overflow due to PDF key length computation (CVE-2013-2021). * Crash when using 'clamscan -a'. Several non-security issues have also been fixed, please refer to the package's change log for details. Security Issues: * CVE-2013-6497 * CVE-2014-9050 * CVE-2013-2021 * CVE-2013-2020 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-clamav-10015 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-clamav-10014 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.5.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-6497.html http://support.novell.com/security/cve/CVE-2014-9050.html https://bugzilla.suse.com/show_bug.cgi?id=899395 https://bugzilla.suse.com/show_bug.cgi?id=903489 https://bugzilla.suse.com/show_bug.cgi?id=903719 https://bugzilla.suse.com/show_bug.cgi?id=904207 https://bugzilla.suse.com/show_bug.cgi?id=906077 https://bugzilla.suse.com/show_bug.cgi?id=906770 http://download.suse.com/patch/finder/?keywords=21beeab39cfa85199510367c32cbdd16 http://download.suse.com/patch/finder/?keywords=da1389754016c53659409dd9ebba9efc From sle-updates at lists.suse.com Fri Dec 5 11:05:49 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Dec 2014 19:05:49 +0100 (CET) Subject: SUSE-SU-2014:1572-1: moderate: Security update for apache2-mod_wsgi Message-ID: <20141205180549.F05F432340@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1572-1 Rating: moderate References: #903961 Cross-References: CVE-2014-8583 Affected Products: SUSE Cloud 4 SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: apache2-mod_wsgi was updated to fix one security issue: * Failure to handle errors when attempting to drop group privileges. (CVE-2014-8583) Security Issues: * CVE-2014-8583 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-apache2-mod_wsgi-10019 - SUSE Cloud 3: zypper in -t patch sleclo30sp3-apache2-mod_wsgi-10020 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): apache2-mod_wsgi-3.3-5.7.1 - SUSE Cloud 3 (x86_64): apache2-mod_wsgi-3.3-5.7.1 References: http://support.novell.com/security/cve/CVE-2014-8583.html https://bugzilla.suse.com/show_bug.cgi?id=903961 http://download.suse.com/patch/finder/?keywords=774a655e97a0f4ea39b012023a08b5ce http://download.suse.com/patch/finder/?keywords=dfb6386f3e5bab137b2e20e861bcee09 From sle-updates at lists.suse.com Fri Dec 5 13:04:41 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Dec 2014 21:04:41 +0100 (CET) Subject: SUSE-RU-2014:1573-1: Recommended update for acl Message-ID: <20141205200441.30B5C3233D@maintenance.suse.de> SUSE Recommended Update: Recommended update for acl ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1573-1 Rating: low References: #902881 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes a potential segmentation fault in getfacl(1) when handling overly long group names. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-acl-10012 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-acl-10012 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-acl-10012 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-acl-10012 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libacl-devel-2.2.47-30.36.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64): libacl-devel-32bit-2.2.47-30.36.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): acl-2.2.47-30.36.1 libacl-2.2.47-30.36.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libacl-32bit-2.2.47-30.36.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): acl-2.2.47-30.36.1 libacl-2.2.47-30.36.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libacl-32bit-2.2.47-30.36.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libacl-x86-2.2.47-30.36.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): acl-2.2.47-30.36.1 libacl-2.2.47-30.36.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libacl-32bit-2.2.47-30.36.1 References: https://bugzilla.suse.com/show_bug.cgi?id=902881 http://download.suse.com/patch/finder/?keywords=2eeebb44600a8581e80eb345939163a9 From sle-updates at lists.suse.com Fri Dec 5 13:04:56 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Dec 2014 21:04:56 +0100 (CET) Subject: SUSE-SU-2014:1574-1: important: Security update for clamav Message-ID: <20141205200456.2D03A32340@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1574-1 Rating: important References: #903489 #903719 #904207 #906077 #906770 Cross-References: CVE-2013-6497 CVE-2014-9050 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. It includes one version update. Description: clamav was updated to version 0.98.5 to fix three security issues and several non-security issues. These security issues have been fixed: * Crash when scanning maliciously crafted yoda's crypter files (CVE-2013-6497). * Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). * Crash when using 'clamscan -a'. These non-security issues have been fixed: * Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files. * Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. * Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs. * Resolution of many of the warning messages from ClamAV compilation. * Improved detection of malicious PE files. * ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207). * Fix server socket setup code in clamd (bnc#903489). * Change updateclamconf to prefer the state of the old config file even for commented-out options (bnc#903719). * Fix infinite loop in clamdscan when clamd is not running. * Fix buffer underruns when handling multi-part MIME email attachments. * Fix configuration of OpenSSL on various platforms. * Fix linking issues with libclamunrar. Security Issues: * CVE-2013-6497 * CVE-2014-9050 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-clamav-10016 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-clamav-10016 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-clamav-10016 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.98.5]: clamav-0.98.5-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-6497.html http://support.novell.com/security/cve/CVE-2014-9050.html https://bugzilla.suse.com/show_bug.cgi?id=903489 https://bugzilla.suse.com/show_bug.cgi?id=903719 https://bugzilla.suse.com/show_bug.cgi?id=904207 https://bugzilla.suse.com/show_bug.cgi?id=906077 https://bugzilla.suse.com/show_bug.cgi?id=906770 http://download.suse.com/patch/finder/?keywords=6c42e45ae40ed1ee02b8a321b52a6318 http://download.suse.com/patch/finder/?keywords=b71adb6b19097f47d8e0eb43a5efa4ef From sle-updates at lists.suse.com Fri Dec 5 16:04:40 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Dec 2014 00:04:40 +0100 (CET) Subject: SUSE-RU-2014:1575-1: moderate: Recommended update for ntp Message-ID: <20141205230440.C94A33233D@maintenance.suse.de> SUSE Recommended Update: Recommended update for ntp ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1575-1 Rating: moderate References: #883859 #887957 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ntp provides the following fixes: * Respect NTPD_FORCE_SYNC_ON_STARTUP also for dynamic peers. (bnc#887957) * Fix orphan mode. (bnc#883859) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ntp-9984 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ntp-9984 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ntp-9984 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ntp-4.2.4p8-1.26.1 ntp-doc-4.2.4p8-1.26.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.4p8-1.26.1 ntp-doc-4.2.4p8-1.26.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ntp-4.2.4p8-1.26.1 ntp-doc-4.2.4p8-1.26.1 References: https://bugzilla.suse.com/show_bug.cgi?id=883859 https://bugzilla.suse.com/show_bug.cgi?id=887957 http://download.suse.com/patch/finder/?keywords=5a518d39ed626cca235615b16bb32684 From sle-updates at lists.suse.com Fri Dec 5 17:04:44 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Dec 2014 01:04:44 +0100 (CET) Subject: SUSE-RU-2014:1576-1: Recommended update for crowbar-barclamp-ceilometer Message-ID: <20141206000444.7165A32337@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-ceilometer ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1576-1 Rating: low References: #859678 #879095 #882587 #896481 #897815 #900887 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for crowbar-barclamp-ceilometer provides stability fixes from the upstream OpenStack project: * Do not log to stderr (additionally to the log file) (bnc#879095) * Use region from keystone settings (bnc#896481) * Fix shell out failing due to a missing require * Add Requires on crowbar-barclamp-openstack for the new crowbar-openstack cookbook * Make config files owned by root:ceilometer, instead of ceilometer:ceilometer * With HA, really look for mongodb master on all nodes * Wait for a MongoDB master to be available, not just for a MongoDB connection * Increase timeouts in waits for mongodb * Fix configuring MongoDB replica set on first run * ceilometer-server role needs at least 3 nodes in a cluster * Rework setting the replica set attributes on nodes when applying * Restart mongodb on template change * Fix use of mongo gem after it got installed in this chef run * Only establish pacemaker_order when use_mongodb is enabled * Use the first instance node as the mongodb controller node * Add pacemaker sync markers for mongodb service * Always define mongo service with PacemakerService provider * Use admin network ip address when connecting to mongodb * Restrict node searches to the current proposal * Fix NoMethodError when mongodb is enabled without a cluster * Configure mongo for HA only if the use_mongodb attr is on * Clone the mongodb service in pacemaker * Use pacemaker to handle mongodb service and ordering * Use cluster founder as mongodb replica set controller * Define the mongodb subtree on nodes * Install rubygem-mongo immediately * Move mongodb deployment into its own recipe * Disable and stop ceilometer-agent-compute if node is not a compute node (bnc#859678) * Always start the ceilometer-agent-compute service resource (bnc#859678) * Do not crash if a ceilometer-agent node is not a compute node (bnc#859678) * Use helpers from new crowbar-openstack cookbook * Make ceilometer HA deployment more solid (bnc#882587) * Add dependency on crowbar-barclamp-openstack as Requires(post) and Requires to make sure the package is installed before the %post scriplet is executed (bnc#900887). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-ceilometer-9881 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-ceilometer-1.8+git.1412779902.1f3cd3f-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=859678 https://bugzilla.suse.com/show_bug.cgi?id=879095 https://bugzilla.suse.com/show_bug.cgi?id=882587 https://bugzilla.suse.com/show_bug.cgi?id=896481 https://bugzilla.suse.com/show_bug.cgi?id=897815 https://bugzilla.suse.com/show_bug.cgi?id=900887 http://download.suse.com/patch/finder/?keywords=aacdc49ec9bc5c0ab9e81b9af41df1d6 From sle-updates at lists.suse.com Fri Dec 5 23:04:38 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Dec 2014 07:04:38 +0100 (CET) Subject: SUSE-SU-2014:1577-1: Security update for flac Message-ID: <20141206060438.5236D3233D@maintenance.suse.de> SUSE Security Update: Security update for flac ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1577-1 Rating: low References: #906831 #907016 Cross-References: CVE-2014-8962 CVE-2014-9028 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: flac was updated to fix two security issues: * Stack overflow may result in arbitrary code execution (CVE-2014-8962). * Heap overflow via specially crafted .flac files (CVE-2014-9028). Security Issues: * CVE-2014-8962 * CVE-2014-9028 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-flac-10029 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-flac-10029 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-flac-10029 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flac-10029 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): flac-devel-1.2.1-68.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libFLAC++6-32bit-1.2.1-68.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libFLAC++6-x86-1.2.1-68.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libFLAC++6-1.2.1-68.17.1 libFLAC8-1.2.1-68.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libFLAC8-32bit-1.2.1-68.17.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libFLAC++6-1.2.1-68.17.1 libFLAC8-1.2.1-68.17.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libFLAC8-32bit-1.2.1-68.17.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libFLAC8-x86-1.2.1-68.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libFLAC++6-1.2.1-68.17.1 libFLAC8-1.2.1-68.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libFLAC8-32bit-1.2.1-68.17.1 References: http://support.novell.com/security/cve/CVE-2014-8962.html http://support.novell.com/security/cve/CVE-2014-9028.html https://bugzilla.suse.com/show_bug.cgi?id=906831 https://bugzilla.suse.com/show_bug.cgi?id=907016 http://download.suse.com/patch/finder/?keywords=4d4757eada5e86ae5fc46fc89ef0f248 From sle-updates at lists.suse.com Sat Dec 6 09:04:47 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Dec 2014 17:04:47 +0100 (CET) Subject: SUSE-RU-2014:1578-1: moderate: Recommended update for yast2-drbd Message-ID: <20141206160447.D76BE3233D@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1578-1 Rating: moderate References: #898448 #901554 #901833 #903514 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-drbd provides the following fixes: - Add a validation check for node names (bsc#898448) - Fix display of "wfc-timeout" and "degr-wfc-timeout" in GUI. (bsc#901833) - Fix incorrect information in help text. (bsc#903514) - Change outdate-peer to fence-peer. (bsc#901554) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2014-99 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (noarch): yast2-drbd-3.1.9-8.1 References: https://bugzilla.suse.com/show_bug.cgi?id=898448 https://bugzilla.suse.com/show_bug.cgi?id=901554 https://bugzilla.suse.com/show_bug.cgi?id=901833 https://bugzilla.suse.com/show_bug.cgi?id=903514 From sle-updates at lists.suse.com Sat Dec 6 09:05:33 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Dec 2014 17:05:33 +0100 (CET) Subject: SUSE-RU-2014:1579-1: important: Recommended update for webkitgtk Message-ID: <20141206160533.E253332340@maintenance.suse.de> SUSE Recommended Update: Recommended update for webkitgtk ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1579-1 Rating: important References: #899922 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for webkitgtk includes an updated tarball with refreshed version (2.2.7a), which replaces some non-free licensed files with free ones. (bnc#899922) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-100 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-100 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-100 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-100 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libjavascriptcoregtk-1_0-0-2.2.7-10.5 libjavascriptcoregtk-1_0-0-32bit-2.2.7-10.5 libjavascriptcoregtk-1_0-0-debuginfo-2.2.7-10.5 libjavascriptcoregtk-1_0-0-debuginfo-32bit-2.2.7-10.5 libwebkit2gtk-3_0-25-2.2.7-10.4 libwebkit2gtk-3_0-25-debuginfo-2.2.7-10.4 libwebkitgtk-1_0-0-2.2.7-10.5 libwebkitgtk-1_0-0-32bit-2.2.7-10.5 libwebkitgtk-1_0-0-debuginfo-2.2.7-10.5 libwebkitgtk-1_0-0-debuginfo-32bit-2.2.7-10.5 typelib-1_0-JavaScriptCore-3_0-2.2.7-10.4 typelib-1_0-WebKit-3_0-2.2.7-10.4 - SUSE Linux Enterprise Workstation Extension 12 (noarch): libwebkitgtk2-lang-2.2.7-10.5 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libjavascriptcoregtk-1_0-0-2.2.7-10.5 libjavascriptcoregtk-1_0-0-debuginfo-2.2.7-10.5 libwebkit2gtk-3_0-25-2.2.7-10.4 libwebkit2gtk-3_0-25-debuginfo-2.2.7-10.4 libwebkitgtk-1_0-0-2.2.7-10.5 libwebkitgtk-1_0-0-debuginfo-2.2.7-10.5 libwebkitgtk-devel-2.2.7-10.5 libwebkitgtk3-devel-2.2.7-10.4 typelib-1_0-JavaScriptCore-1_0-2.2.7-10.5 typelib-1_0-JavaScriptCore-3_0-2.2.7-10.4 typelib-1_0-WebKit-1_0-2.2.7-10.5 typelib-1_0-WebKit-3_0-2.2.7-10.4 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libjavascriptcoregtk-3_0-0-2.2.7-10.4 libjavascriptcoregtk-3_0-0-debuginfo-2.2.7-10.4 libwebkitgtk-3_0-0-2.2.7-10.4 libwebkitgtk-3_0-0-debuginfo-2.2.7-10.4 - SUSE Linux Enterprise Server 12 (noarch): libwebkitgtk3-lang-2.2.7-10.4 - SUSE Linux Enterprise Desktop 12 (x86_64): libjavascriptcoregtk-1_0-0-2.2.7-10.5 libjavascriptcoregtk-1_0-0-32bit-2.2.7-10.5 libjavascriptcoregtk-1_0-0-debuginfo-2.2.7-10.5 libjavascriptcoregtk-1_0-0-debuginfo-32bit-2.2.7-10.5 libjavascriptcoregtk-3_0-0-2.2.7-10.4 libjavascriptcoregtk-3_0-0-debuginfo-2.2.7-10.4 libwebkit2gtk-3_0-25-2.2.7-10.4 libwebkit2gtk-3_0-25-debuginfo-2.2.7-10.4 libwebkitgtk-1_0-0-2.2.7-10.5 libwebkitgtk-1_0-0-32bit-2.2.7-10.5 libwebkitgtk-1_0-0-debuginfo-2.2.7-10.5 libwebkitgtk-1_0-0-debuginfo-32bit-2.2.7-10.5 libwebkitgtk-3_0-0-2.2.7-10.4 libwebkitgtk-3_0-0-debuginfo-2.2.7-10.4 typelib-1_0-JavaScriptCore-3_0-2.2.7-10.4 typelib-1_0-WebKit-3_0-2.2.7-10.4 - SUSE Linux Enterprise Desktop 12 (noarch): libwebkitgtk2-lang-2.2.7-10.5 libwebkitgtk3-lang-2.2.7-10.4 References: https://bugzilla.suse.com/show_bug.cgi?id=899922 From sle-updates at lists.suse.com Sat Dec 6 09:05:52 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Dec 2014 17:05:52 +0100 (CET) Subject: SUSE-RU-2014:1580-1: moderate: Recommended update for PackageKit Message-ID: <20141206160552.06B8632340@maintenance.suse.de> SUSE Recommended Update: Recommended update for PackageKit ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1580-1 Rating: moderate References: #901109 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for PackageKit sets $DISABLE_RESTART_ON_UPDATE to 'yes' instead of '1', as the systemd macros do an explicit compare to the string (bsc#901109). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-98 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-98 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-98 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-98 - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2014-98 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): PackageKit-debuginfo-0.8.16-8.2 PackageKit-debugsource-0.8.16-8.2 PackageKit-gstreamer-plugin-0.8.16-8.2 PackageKit-gstreamer-plugin-debuginfo-0.8.16-8.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): PackageKit-debuginfo-0.8.16-8.2 PackageKit-debugsource-0.8.16-8.2 PackageKit-devel-0.8.16-8.2 PackageKit-devel-debuginfo-0.8.16-8.2 libpackagekit-glib2-devel-0.8.16-8.2 typelib-1_0-PackageKitPlugin-1_0-0.8.16-8.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): PackageKit-0.8.16-8.2 PackageKit-backend-zypp-0.8.16-8.2 PackageKit-backend-zypp-debuginfo-0.8.16-8.2 PackageKit-debuginfo-0.8.16-8.2 PackageKit-debugsource-0.8.16-8.2 libpackagekit-glib2-16-0.8.16-8.2 libpackagekit-glib2-16-debuginfo-0.8.16-8.2 typelib-1_0-PackageKitGlib-1_0-0.8.16-8.2 - SUSE Linux Enterprise Server 12 (noarch): PackageKit-lang-0.8.16-8.2 - SUSE Linux Enterprise Desktop 12 (x86_64): PackageKit-0.8.16-8.2 PackageKit-backend-zypp-0.8.16-8.2 PackageKit-backend-zypp-debuginfo-0.8.16-8.2 PackageKit-debuginfo-0.8.16-8.2 PackageKit-debugsource-0.8.16-8.2 PackageKit-gstreamer-plugin-0.8.16-8.2 PackageKit-gstreamer-plugin-debuginfo-0.8.16-8.2 libpackagekit-glib2-16-0.8.16-8.2 libpackagekit-glib2-16-debuginfo-0.8.16-8.2 typelib-1_0-PackageKitGlib-1_0-0.8.16-8.2 - SUSE Linux Enterprise Desktop 12 (noarch): PackageKit-lang-0.8.16-8.2 - SUSE Linux Enterprise Build System Kit 12 (noarch): PackageKit-branding-upstream-0.8.16-8.2 References: https://bugzilla.suse.com/show_bug.cgi?id=901109 From sle-updates at lists.suse.com Mon Dec 8 09:06:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Dec 2014 17:06:14 +0100 (CET) Subject: SUSE-SU-2014:1592-1: moderate: Security update for tigervnc Message-ID: <20141208160614.308FA32341@maintenance.suse.de> SUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1592-1 Rating: moderate References: #900896 #906922 Cross-References: CVE-2014-8240 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tigervnc provides the following fixes: - Fixed integer overflow flaw, leading to a heap-based buffer overflow in screen size handling. (CVE-2014-8240) - Send correctly keys that don't type any characters, such as CTRL+Space. (bnc#906922) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-101 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-101 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tigervnc-1.3.0-22.3 tigervnc-debuginfo-1.3.0-22.3 tigervnc-debugsource-1.3.0-22.3 xorg-x11-Xvnc-1.3.0-22.3 xorg-x11-Xvnc-debuginfo-1.3.0-22.3 - SUSE Linux Enterprise Desktop 12 (x86_64): tigervnc-1.3.0-22.3 tigervnc-debuginfo-1.3.0-22.3 tigervnc-debugsource-1.3.0-22.3 xorg-x11-Xvnc-1.3.0-22.3 xorg-x11-Xvnc-debuginfo-1.3.0-22.3 References: http://support.novell.com/security/cve/CVE-2014-8240.html https://bugzilla.suse.com/show_bug.cgi?id=900896 https://bugzilla.suse.com/show_bug.cgi?id=906922 From sle-updates at lists.suse.com Mon Dec 8 09:07:07 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Dec 2014 17:07:07 +0100 (CET) Subject: SUSE-SU-2014:1595-1: moderate: Security update for ImageMagick Message-ID: <20141208160707.BA72732343@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1595-1 Rating: moderate References: #903204 #903216 #903638 #905260 Cross-References: CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: ImageMagick was updated to fix four security issues. These security issues were fixed: - Crafted JPEG file could lead to DOS (CVE-2014-8716). - Out-of-bounds memory access in PCX parser (CVE-2014-8355). - Out-of-bounds memory access in resize code (CVE-2014-8354). - Out-of-bounds memory error in DCM decode (CVE-2014-8562). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-102 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-102 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-102 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-102 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): ImageMagick-6.8.8.1-8.2 ImageMagick-debuginfo-6.8.8.1-8.2 ImageMagick-debugsource-6.8.8.1-8.2 libMagick++-6_Q16-3-6.8.8.1-8.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-8.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-8.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-8.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-8.2 ImageMagick-debuginfo-6.8.8.1-8.2 ImageMagick-debugsource-6.8.8.1-8.2 ImageMagick-devel-6.8.8.1-8.2 libMagick++-6_Q16-3-6.8.8.1-8.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-8.2 libMagick++-devel-6.8.8.1-8.2 perl-PerlMagick-6.8.8.1-8.2 perl-PerlMagick-debuginfo-6.8.8.1-8.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-8.2 ImageMagick-debugsource-6.8.8.1-8.2 libMagickCore-6_Q16-1-6.8.8.1-8.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-8.2 libMagickWand-6_Q16-1-6.8.8.1-8.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-8.2 - SUSE Linux Enterprise Desktop 12 (x86_64): ImageMagick-6.8.8.1-8.2 ImageMagick-debuginfo-6.8.8.1-8.2 ImageMagick-debugsource-6.8.8.1-8.2 libMagick++-6_Q16-3-6.8.8.1-8.2 libMagick++-6_Q16-3-debuginfo-6.8.8.1-8.2 libMagickCore-6_Q16-1-32bit-6.8.8.1-8.2 libMagickCore-6_Q16-1-6.8.8.1-8.2 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-8.2 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-8.2 libMagickWand-6_Q16-1-6.8.8.1-8.2 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-8.2 References: http://support.novell.com/security/cve/CVE-2014-8354.html http://support.novell.com/security/cve/CVE-2014-8355.html http://support.novell.com/security/cve/CVE-2014-8562.html http://support.novell.com/security/cve/CVE-2014-8716.html https://bugzilla.suse.com/show_bug.cgi?id=903204 https://bugzilla.suse.com/show_bug.cgi?id=903216 https://bugzilla.suse.com/show_bug.cgi?id=903638 https://bugzilla.suse.com/show_bug.cgi?id=905260 From sle-updates at lists.suse.com Mon Dec 8 11:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Dec 2014 19:04:43 +0100 (CET) Subject: SUSE-OU-2014:1597-1: Optional update for rear116 Message-ID: <20141208180443.0E31932341@maintenance.suse.de> SUSE Optional Update: Optional update for rear116 ______________________________________________________________________________ Announcement ID: SUSE-OU-2014:1597-1 Rating: low References: #887134 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This optional update provides Relax-and-Recover (ReaR) 1.16. In addition to Relax-and-Recover version 1.10 that is still provided in the RPM package "rear" we provide Relax-and-Recover version 1.16 as additional totally separated RPM package "rear116". A new separated package name rear116 is used so that users where version 1.10 does not support their particular needs can manually upgrade to version 1.16. On the other hand, users who have a working disaster recovery procedure with version 1.10 do not need to upgrade. The package name contains the version and the packages conflict with each other to avoid that an installed version may get accidentally replaced with another version. For each rear version upgrade you should re-validate that your particular disaster recovery procedure still works. See in particular the section "Version upgrades" at https://en.opensuse.org/SDB:Disaster_Recovery . Indications: Everyone interested in ReaR 1.16 Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-rear116-10005 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP3 (noarch): rear116-1.16-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=887134 http://download.suse.com/patch/finder/?keywords=850439395f28a6239b08b328693b987e From sle-updates at lists.suse.com Mon Dec 8 11:04:58 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Dec 2014 19:04:58 +0100 (CET) Subject: SUSE-SU-2014:1598-1: Security update for crowbar-barclamp-nova_dashboard Message-ID: <20141208180458.3909332343@maintenance.suse.de> SUSE Security Update: Security update for crowbar-barclamp-nova_dashboard ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1598-1 Rating: low References: #897815 Cross-References: CVE-2014-3566 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for crowbar-barclamp-nova_dashboard provides the following security fix from the upstream OpenStack project: * Disable SSLv2/v3 to avoid POODLE weakness (CVE-2014-3566) Security Issues: * CVE-2014-3566 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-nova_dashboard-10050 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-nova_dashboard-1.8+git.1413540742.7fcd117-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-3566.html https://bugzilla.suse.com/show_bug.cgi?id=897815 http://download.suse.com/patch/finder/?keywords=b99b4537d927009c370f944e9251546f From sle-updates at lists.suse.com Mon Dec 8 11:05:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Dec 2014 19:05:12 +0100 (CET) Subject: SUSE-RU-2014:1599-1: Recommended update for crowbar-barclamp-ceilometer Message-ID: <20141208180512.C10EF32343@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-ceilometer ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1599-1 Rating: low References: #895597 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-barclamp-ceilometer provides stability fixes from the upstream OpenStack project: * Fix shell out failing due to a missing require * Fix use of mongo gem after it got installed in this chef run * Cleanup search for mongodb node * Restart mongodb on template change * Cleanup code creating the db connection string * Remove unneeded variable * Rework setting the replica set attributes on nodes when applying * Fix configuring MongoDB replica set on first run * Increase timeouts in waits for mongodb * Wait for a MongoDB master to be available, not just for a MongoDB connection * With HA, really look for mongodb master on all nodes For a comprehensive list of changes, refer to the package's change log. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-crowbar-barclamp-ceilometer-9765 sleclo30sp3-crowbar-barclamp-crowbar-9766 sleclo30sp3-crowbar-barclamp-database-9767 sleclo30sp3-crowbar-barclamp-keystone-9761 sleclo30sp3-crowbar-barclamp-neutron-9762 sleclo30sp3-crowbar-barclamp-nova-9771 sleclo30sp3-crowbar-barclamp-rabbitmq-9770 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (noarch): crowbar-barclamp-ceilometer-1.7+git.1409902994.39d3cb7-0.7.1 crowbar-barclamp-crowbar-1.7+git.1406351216.b622609-0.7.1 crowbar-barclamp-database-1.7+git.1404310506.e3afcad-0.7.1 crowbar-barclamp-keystone-1.7+git.1404718087.099e87d-0.7.1 crowbar-barclamp-neutron-1.7+git.1408958821.4ccb3f3-0.7.1 crowbar-barclamp-nova-1.7+git.1410167530.1dfa9e3-0.7.1 crowbar-barclamp-rabbitmq-1.7+git.1409563055.6d57796-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=895597 http://download.suse.com/patch/finder/?keywords=499a6534caf3fc8665db4fd16f7cf0ce http://download.suse.com/patch/finder/?keywords=509ca9727d41f523916180ceff602ba5 http://download.suse.com/patch/finder/?keywords=6beab9b39ecc7f62f4e2c8c2ef2a3746 http://download.suse.com/patch/finder/?keywords=6eebdcb1462cca0ee97ee5e3adb7e8ea http://download.suse.com/patch/finder/?keywords=7eff6f037ab6f006477156c3b7919c56 http://download.suse.com/patch/finder/?keywords=9c43570f1b3eb3434dfc1c7c909f2c2d http://download.suse.com/patch/finder/?keywords=b01104e62bea130836676f39ac348070 From sle-updates at lists.suse.com Mon Dec 8 11:05:28 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Dec 2014 19:05:28 +0100 (CET) Subject: SUSE-RU-2014:1600-1: Recommended update for rubygem-chef-server Message-ID: <20141208180528.7837332343@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1600-1 Rating: low References: #884552 #895597 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-chef-server provides stability fixes. * bnc#884552 - chef views are not compacted o Removed the creation of the compaction cronjob script from the specfile and added it to the package o Added compaction for the views and view cleanup to the script * Set reasonable permission rights for cronjob and init script For a comprehensive list of changes, refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-rubygem-chef-server-9776 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64): rubygem-chef-server-10.24.4-0.15.1 References: https://bugzilla.suse.com/show_bug.cgi?id=884552 https://bugzilla.suse.com/show_bug.cgi?id=895597 http://download.suse.com/patch/finder/?keywords=fad766bf83cfb3c5c7b54bf0d7c23001 From sle-updates at lists.suse.com Mon Dec 8 11:05:53 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Dec 2014 19:05:53 +0100 (CET) Subject: SUSE-RU-2014:1601-1: Recommended update for crowbar-barclamp-pacemaker Message-ID: <20141208180553.5BF0D32343@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1601-1 Rating: low References: #879657 #888060 #893011 #895597 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for crowbar-barclamp-pacemaker provides stability fixes from the upstream OpenStack project: * Fix validation of SBD devices when none is specified. (bnc#888060) * Force output of "crm configure show" to not use colors. (bnc#893011) * Fix pacemaker exception (bnc#879657) * Fix race on initial run where cluster founder is not found. For a comprehensive list of changes, refer to the package's change log. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-crowbar-barclamp-pacemaker-9769 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (noarch): crowbar-barclamp-pacemaker-1.7+git.1409659309.cf86dc5-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=879657 https://bugzilla.suse.com/show_bug.cgi?id=888060 https://bugzilla.suse.com/show_bug.cgi?id=893011 https://bugzilla.suse.com/show_bug.cgi?id=895597 http://download.suse.com/patch/finder/?keywords=6bf047991a225b7bdf01b51a5232fe8e From sle-updates at lists.suse.com Mon Dec 8 11:06:37 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Dec 2014 19:06:37 +0100 (CET) Subject: SUSE-RU-2014:1602-1: Recommended update for crowbar-barclamp-glance Message-ID: <20141208180637.0CB0A32343@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-glance ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1602-1 Rating: low References: #890591 #895597 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crowbar-barclamp-glance provides stability fixes from the upstream OpenStack project. * Add Requires for crowbar-barclamp-database, because we need a version with HA. * Set known_stores in config file (bnc# 890591) * Fix glance-manage db sync happening twice on first chef run For a comprehensive list of changes, refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-crowbar-barclamp-glance-9760 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (noarch): crowbar-barclamp-glance-1.7+git.1407996944.b803207-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=890591 https://bugzilla.suse.com/show_bug.cgi?id=895597 http://download.suse.com/patch/finder/?keywords=28fb3d64d06cf33b101bffa842bdeec4 From sle-updates at lists.suse.com Mon Dec 8 11:07:01 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Dec 2014 19:07:01 +0100 (CET) Subject: SUSE-RU-2014:1603-1: Recommended update for crowbar-barclamp-nova_dashboard Message-ID: <20141208180701.5E85A32343@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-nova_dashboard ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1603-1 Rating: low References: #894070 #895597 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crowbar-barclamp-nova_dashboard provides stability fixes from the upstream OpenStack project: * Use a host specific memcache key for django_compressor. (bnc#894070) * Fix redirection of non-SSL to SSL website when using HA. * Avoid races with HA on "python manage.py syncdb". * Fix apache with HA not running until second chef-client run. * Configure horizon before configuring the vhost for horizon in apache * Tell pacemaker to start apache with -DSSL when apache needs SSL * Add Requires for crowbar-barclamp-database, because we need a version with HA. * Make fields for password injection configurable For a comprehensive list of changes, refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-crowbar-barclamp-nova_dashboard-9768 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (noarch): crowbar-barclamp-nova_dashboard-1.7+git.1410255994.04a9d76-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=894070 https://bugzilla.suse.com/show_bug.cgi?id=895597 http://download.suse.com/patch/finder/?keywords=b42473c6bbc6f6d54e2ac49199c40c95 From sle-updates at lists.suse.com Mon Dec 8 12:04:42 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Dec 2014 20:04:42 +0100 (CET) Subject: SUSE-RU-2014:1604-1: Recommended update for crudini Message-ID: <20141208190442.8965A32341@maintenance.suse.de> SUSE Recommended Update: Recommended update for crudini ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1604-1 Rating: low References: #901575 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides crudini 0.4, which brings fixes and enhancements: * Add --format=lines to support line by line processing * Declare encoding to avoid fatal error * Fix duplicate DEFAULT section header being output * Ensure edited ini file contents are always complete * Provide alternative --rewrite file editing option * Provide --output option to allow redirecting output * Ensure writes to the edited ini are never lost * Add a new --list option to update a list of values * Honor case when merging new parameters. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crudini-9897 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 0.4]: crudini-0.4-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=901575 http://download.suse.com/patch/finder/?keywords=5c38e1c445b4d2f81b7d4b003243e3c0 From sle-updates at lists.suse.com Mon Dec 8 17:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Dec 2014 01:04:43 +0100 (CET) Subject: SUSE-SU-2014:1605-1: important: Security update for OpenVPN Message-ID: <20141209000443.5070332337@maintenance.suse.de> SUSE Security Update: Security update for OpenVPN ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1605-1 Rating: important References: #895882 #907764 Cross-References: CVE-2014-8104 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes a critical denial of service vulnerability in OpenVPN: * CVE-2014-8104: Critical denial of service vulnerability in OpenVPN servers that can be triggered by authenticated attackers. Also an incompatibility with OpenVPN and OpenSSL in FIPS mode has been fixed. (bnc#895882) Security Issues: * CVE-2014-8104 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-openvpn-10061 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-openvpn-10061 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-openvpn-10061 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): openvpn-2.0.9-143.44.1 openvpn-auth-pam-plugin-2.0.9-143.44.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): openvpn-2.0.9-143.44.1 openvpn-auth-pam-plugin-2.0.9-143.44.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): openvpn-2.0.9-143.44.1 References: http://support.novell.com/security/cve/CVE-2014-8104.html https://bugzilla.suse.com/show_bug.cgi?id=895882 https://bugzilla.suse.com/show_bug.cgi?id=907764 http://download.suse.com/patch/finder/?keywords=5352ff2473420ef0f67960593d5e6560 From sle-updates at lists.suse.com Mon Dec 8 17:05:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Dec 2014 01:05:10 +0100 (CET) Subject: SUSE-SU-2014:1572-2: moderate: Security update for apache2-mod_wsgi Message-ID: <20141209000510.0C9E632341@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1572-2 Rating: moderate References: #903961 Cross-References: CVE-2014-8583 Affected Products: SUSE Manager Server SUSE Manager Proxy 1.7 for SLE 11 SP2 SUSE Manager Proxy SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: apache2-mod_wsgi was updated to fix one security issue: * Failure to handle errors when attempting to drop group privileges. (CVE-2014-8583) Security Issues: * CVE-2014-8583 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-apache2-mod_wsgi-10022 - SUSE Manager Proxy 1.7 for SLE 11 SP2: zypper in -t patch slemap17sp2-apache2-mod_wsgi-10021 - SUSE Manager Proxy: zypper in -t patch slemap21-apache2-mod_wsgi-10022 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-apache2-mod_wsgi-10021 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (x86_64): apache2-mod_wsgi-3.3-5.7.1 - SUSE Manager Proxy 1.7 for SLE 11 SP2 (x86_64): apache2-mod_wsgi-3.3-5.7.1 - SUSE Manager Proxy (x86_64): apache2-mod_wsgi-3.3-5.7.1 - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): apache2-mod_wsgi-3.3-5.7.1 References: http://support.novell.com/security/cve/CVE-2014-8583.html https://bugzilla.suse.com/show_bug.cgi?id=903961 http://download.suse.com/patch/finder/?keywords=18fb10915eba9ec79498a8b73c43767b http://download.suse.com/patch/finder/?keywords=8c590da242c918acd79f4c49f1ec16e3 From sle-updates at lists.suse.com Tue Dec 9 10:04:50 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Dec 2014 18:04:50 +0100 (CET) Subject: SUSE-RU-2014:1607-1: moderate: Recommended update for bind Message-ID: <20141209170450.4CC8032343@maintenance.suse.de> SUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1607-1 Rating: moderate References: #906079 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides fixes for BIND for systems running with FIPS mode enabled: - Do not consider a failure to load the GOST OpenSSL engine a fatal error. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-103 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-103 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-103 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bind-debuginfo-9.9.5P1-4.1 bind-debugsource-9.9.5P1-4.1 bind-devel-9.9.5P1-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bind-9.9.5P1-4.1 bind-chrootenv-9.9.5P1-4.1 bind-debuginfo-9.9.5P1-4.1 bind-debugsource-9.9.5P1-4.1 bind-libs-9.9.5P1-4.1 bind-libs-debuginfo-9.9.5P1-4.1 bind-utils-9.9.5P1-4.1 bind-utils-debuginfo-9.9.5P1-4.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): bind-libs-32bit-9.9.5P1-4.1 bind-libs-debuginfo-32bit-9.9.5P1-4.1 - SUSE Linux Enterprise Server 12 (noarch): bind-doc-9.9.5P1-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bind-debuginfo-9.9.5P1-4.1 bind-debugsource-9.9.5P1-4.1 bind-libs-32bit-9.9.5P1-4.1 bind-libs-9.9.5P1-4.1 bind-libs-debuginfo-32bit-9.9.5P1-4.1 bind-libs-debuginfo-9.9.5P1-4.1 bind-utils-9.9.5P1-4.1 bind-utils-debuginfo-9.9.5P1-4.1 References: https://bugzilla.suse.com/show_bug.cgi?id=906079 From sle-updates at lists.suse.com Tue Dec 9 10:05:08 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Dec 2014 18:05:08 +0100 (CET) Subject: SUSE-RU-2014:1608-1: moderate: Recommended update for apparmor Message-ID: <20141209170509.00A2E32345@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1608-1 Rating: moderate References: #898438 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The AppArmor profiles were adjusted to allow running ntpd. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-104 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-104 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le): apparmor-debugsource-2.8.2-28.2 libapparmor-devel-2.8.2-28.2 - SUSE Linux Enterprise Server 12 (ppc64le): apache2-mod_apparmor-2.8.2-28.2 apache2-mod_apparmor-debuginfo-2.8.2-28.2 apparmor-debugsource-2.8.2-28.2 apparmor-parser-2.8.2-28.2 apparmor-parser-debuginfo-2.8.2-28.2 libapparmor1-2.8.2-28.2 libapparmor1-debuginfo-2.8.2-28.2 pam_apparmor-2.8.2-28.2 pam_apparmor-debuginfo-2.8.2-28.2 perl-apparmor-2.8.2-28.2 perl-apparmor-debuginfo-2.8.2-28.2 - SUSE Linux Enterprise Server 12 (noarch): apparmor-docs-2.8.2-28.2 apparmor-profiles-2.8.2-28.2 apparmor-utils-2.8.2-28.2 References: https://bugzilla.suse.com/show_bug.cgi?id=898438 From sle-updates at lists.suse.com Tue Dec 9 11:04:44 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Dec 2014 19:04:44 +0100 (CET) Subject: SUSE-RU-2014:1608-2: moderate: Recommended update for apparmor Message-ID: <20141209180444.926C832343@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1608-2 Rating: moderate References: #898438 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The AppArmor profiles were adjusted to allow running ntpd. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-104 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-104 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-104 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): apparmor-debugsource-2.8.2-28.2 libapparmor-devel-2.8.2-28.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): apache2-mod_apparmor-2.8.2-28.2 apache2-mod_apparmor-debuginfo-2.8.2-28.2 apparmor-debugsource-2.8.2-28.2 apparmor-parser-2.8.2-28.2 apparmor-parser-debuginfo-2.8.2-28.2 libapparmor1-2.8.2-28.2 libapparmor1-32bit-2.8.2-28.2 libapparmor1-debuginfo-2.8.2-28.2 libapparmor1-debuginfo-32bit-2.8.2-28.2 pam_apparmor-2.8.2-28.2 pam_apparmor-32bit-2.8.2-28.2 pam_apparmor-debuginfo-2.8.2-28.2 pam_apparmor-debuginfo-32bit-2.8.2-28.2 perl-apparmor-2.8.2-28.2 perl-apparmor-debuginfo-2.8.2-28.2 - SUSE Linux Enterprise Server 12 (noarch): apparmor-docs-2.8.2-28.2 apparmor-profiles-2.8.2-28.2 apparmor-utils-2.8.2-28.2 - SUSE Linux Enterprise Desktop 12 (x86_64): apparmor-debugsource-2.8.2-28.2 apparmor-parser-2.8.2-28.2 apparmor-parser-debuginfo-2.8.2-28.2 libapparmor1-2.8.2-28.2 libapparmor1-32bit-2.8.2-28.2 libapparmor1-debuginfo-2.8.2-28.2 libapparmor1-debuginfo-32bit-2.8.2-28.2 pam_apparmor-2.8.2-28.2 pam_apparmor-32bit-2.8.2-28.2 pam_apparmor-debuginfo-2.8.2-28.2 pam_apparmor-debuginfo-32bit-2.8.2-28.2 perl-apparmor-2.8.2-28.2 perl-apparmor-debuginfo-2.8.2-28.2 - SUSE Linux Enterprise Desktop 12 (noarch): apparmor-docs-2.8.2-28.2 apparmor-profiles-2.8.2-28.2 apparmor-utils-2.8.2-28.2 References: https://bugzilla.suse.com/show_bug.cgi?id=898438 From sle-updates at lists.suse.com Tue Dec 9 17:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Dec 2014 01:04:43 +0100 (CET) Subject: SUSE-SU-2014:1609-1: Security update for rubygem-sprockets Message-ID: <20141210000443.3A1AD32338@maintenance.suse.de> SUSE Security Update: Security update for rubygem-sprockets ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1609-1 Rating: low References: #903658 Cross-References: CVE-2014-7819 Affected Products: SUSE Cloud 4 SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: rubygem-sprockets-2_10 has been updated to fix one security issue: * Arbitrary file existence disclosure (CVE-2014-7819). Security Issues: * CVE-2014-7819 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-rubygem-sprockets-2_10-9963 - SUSE Cloud 3: zypper in -t patch sleclo30sp3-rubygem-sprockets-2_10-9964 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): rubygem-sprockets-2_10-2.10.1-0.11.1 - SUSE Cloud 3 (x86_64): rubygem-sprockets-2_10-2.10.1-0.13.1 References: http://support.novell.com/security/cve/CVE-2014-7819.html https://bugzilla.suse.com/show_bug.cgi?id=903658 http://download.suse.com/patch/finder/?keywords=719244544bcbaff9dcb59537b8c8d274 http://download.suse.com/patch/finder/?keywords=823a9471289b1711d9d9df3c17298d7d From sle-updates at lists.suse.com Tue Dec 9 17:04:58 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Dec 2014 01:04:58 +0100 (CET) Subject: SUSE-RU-2014:1610-1: Recommended update for mokutil Message-ID: <20141210000458.C156C32343@maintenance.suse.de> SUSE Recommended Update: Recommended update for mokutil ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1610-1 Rating: low References: #874164 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mokutil fixes handling of non-fatal errors when reading password hash files. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-mokutil-9983 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-mokutil-9983 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-mokutil-9983 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): mokutil-0.1.0-0.23.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64): mokutil-0.1.0-0.23.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): mokutil-0.1.0-0.23.1 References: https://bugzilla.suse.com/show_bug.cgi?id=874164 http://download.suse.com/patch/finder/?keywords=0605e2daa6faef9e6b066e2d785f12aa From sle-updates at lists.suse.com Tue Dec 9 17:05:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Dec 2014 01:05:14 +0100 (CET) Subject: SUSE-RU-2014:1611-1: moderate: Recommended update for SMT Message-ID: <20141210000514.8AA0B32343@maintenance.suse.de> SUSE Recommended Update: Recommended update for SMT ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1611-1 Rating: moderate References: #901281 #902903 #903677 #903684 #903686 #903787 #903847 #904352 #906595 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11 SP3 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. It includes two new package versions. Description: This collective update for SMT provides the following fixes and enhancements: * Prevent POODLE: SMT should only talk TLS. (bsc#903684, CVE-2014-3566) * Fix duplicate detection in smt-ncc-sync. (bsc#903677) * When migration is not possible, show the reason and record logs. (bnc#903787) * Fix setup-custom-repos accessing wrong column in database. (bsc#903847) * Reduce warnings during SCC migration (bnc#901281) * Proofread README-SCC file. (bsc#902903) * Fix get next jobid. (bsc#903686) * Fix spelling error in command line output. (bsc#906595) * Create patchstatus job when registering a new client with SCC protocol. (bsc#904352) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11 SP3: zypper in -t patch slesmtsp3-smt-209-10024 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool for SUSE Linux Enterprise 11 SP3 (i586 s390x x86_64) [New Version: 2.0.9]: res-signingkeys-2.0.9-0.7.1 smt-2.0.9-0.7.1 smt-support-2.0.9-0.7.1 - Subscription Management Tool for SUSE Linux Enterprise 11 SP3 (noarch) [New Version: 2.17.31]: yast2-smt-2.17.31-0.7.3 References: https://bugzilla.suse.com/show_bug.cgi?id=901281 https://bugzilla.suse.com/show_bug.cgi?id=902903 https://bugzilla.suse.com/show_bug.cgi?id=903677 https://bugzilla.suse.com/show_bug.cgi?id=903684 https://bugzilla.suse.com/show_bug.cgi?id=903686 https://bugzilla.suse.com/show_bug.cgi?id=903787 https://bugzilla.suse.com/show_bug.cgi?id=903847 https://bugzilla.suse.com/show_bug.cgi?id=904352 https://bugzilla.suse.com/show_bug.cgi?id=906595 http://download.suse.com/patch/finder/?keywords=34253c8c73bc58bdcf0860d7ef207e0f From sle-updates at lists.suse.com Tue Dec 9 19:04:49 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Dec 2014 03:04:49 +0100 (CET) Subject: SUSE-RU-2014:1612-1: moderate: Recommended update for python-urlgrabber Message-ID: <20141210020449.EFF2B3233B@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-urlgrabber ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1612-1 Rating: moderate References: #896844 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-urlgrabber fixes the following issues: * Preserve queryparams in the urls when mirroring. (bnc#896844) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-urlgrabber-9948 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-urlgrabber-9948 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-urlgrabber-9948 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): python-urlgrabber-3.9.1-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-urlgrabber-3.9.1-0.3.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): python-urlgrabber-3.9.1-0.3.1 References: https://bugzilla.suse.com/show_bug.cgi?id=896844 http://download.suse.com/patch/finder/?keywords=059f63d41b05eeeddc0fe022ed6b72a2 From sle-updates at lists.suse.com Wed Dec 10 03:04:39 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Dec 2014 11:04:39 +0100 (CET) Subject: SUSE-RU-2014:1613-1: important: Recommended update for btrfsmaintenance Message-ID: <20141210100439.82CC632343@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsmaintenance ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1613-1 Rating: important References: #907343 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for btrfsmaintenance ensures that cron script symlinks are created on first installation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-105 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-105 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): btrfsmaintenance-0.1-7.1 - SUSE Linux Enterprise Desktop 12 (noarch): btrfsmaintenance-0.1-7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=907343 From sle-updates at lists.suse.com Wed Dec 10 04:04:39 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Dec 2014 12:04:39 +0100 (CET) Subject: SUSE-RU-2014:1614-1: Recommended update for release-notes-ha Message-ID: <20141210110439.A8B2532343@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1614-1 Rating: low References: #904680 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise High Availability Extension. Fixes include: - Replace references to Novell with SUSE. (bsc#904680) - Fix documentation URL. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2014-106 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (noarch): release-notes-ha-12.0.20141112-4.1 References: https://bugzilla.suse.com/show_bug.cgi?id=904680 From sle-updates at lists.suse.com Wed Dec 10 09:04:42 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Dec 2014 17:04:42 +0100 (CET) Subject: SUSE-SU-2014:1615-1: moderate: Security update for pidgin Message-ID: <20141210160442.E3F4732354@maintenance.suse.de> SUSE Security Update: Security update for pidgin ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1615-1 Rating: moderate References: #902408 #902409 #902410 Cross-References: CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This pidgin security update fixes the following issues: - bnc#902408: remote information leak via crafted XMPP message. (CVE-2014-3698) - bnc#902410: denial of service parsing Groupwise server message. (CVE-2014-3696) - bnc#902409: crash in MXit protocol plug-in. (CVE-2014-3695) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-107 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-107 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-107 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): finch-2.10.9-8.1 finch-debuginfo-2.10.9-8.1 libpurple-2.10.9-8.1 libpurple-debuginfo-2.10.9-8.1 libpurple-meanwhile-2.10.9-8.1 libpurple-meanwhile-debuginfo-2.10.9-8.1 libpurple-tcl-2.10.9-8.1 libpurple-tcl-debuginfo-2.10.9-8.1 pidgin-2.10.9-8.1 pidgin-debuginfo-2.10.9-8.1 pidgin-debugsource-2.10.9-8.1 - SUSE Linux Enterprise Workstation Extension 12 (noarch): libpurple-lang-2.10.9-8.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): finch-devel-2.10.9-8.1 libpurple-2.10.9-8.1 libpurple-debuginfo-2.10.9-8.1 libpurple-devel-2.10.9-8.1 pidgin-debuginfo-2.10.9-8.1 pidgin-debugsource-2.10.9-8.1 pidgin-devel-2.10.9-8.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): libpurple-lang-2.10.9-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): finch-2.10.9-8.1 finch-debuginfo-2.10.9-8.1 libpurple-2.10.9-8.1 libpurple-debuginfo-2.10.9-8.1 libpurple-meanwhile-2.10.9-8.1 libpurple-meanwhile-debuginfo-2.10.9-8.1 libpurple-tcl-2.10.9-8.1 libpurple-tcl-debuginfo-2.10.9-8.1 pidgin-2.10.9-8.1 pidgin-debuginfo-2.10.9-8.1 pidgin-debugsource-2.10.9-8.1 - SUSE Linux Enterprise Desktop 12 (noarch): libpurple-lang-2.10.9-8.1 References: http://support.novell.com/security/cve/CVE-2014-3695.html http://support.novell.com/security/cve/CVE-2014-3696.html http://support.novell.com/security/cve/CVE-2014-3698.html https://bugzilla.suse.com/show_bug.cgi?id=902408 https://bugzilla.suse.com/show_bug.cgi?id=902409 https://bugzilla.suse.com/show_bug.cgi?id=902410 From sle-updates at lists.suse.com Thu Dec 11 11:04:39 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Dec 2014 19:04:39 +0100 (CET) Subject: SUSE-SU-2014:1619-1: important: Security update for shim Message-ID: <20141211180439.0988032354@maintenance.suse.de> SUSE Security Update: Security update for shim ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1619-1 Rating: important References: #813448 #863205 #866690 #875385 #889332 #889765 Cross-References: CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. It includes two new package versions. Description: shim has been updated to fix three security issues: * OOB read access when parsing DHCPv6 packets (remote DoS) (CVE-2014-3675). * Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6 boot option (RCE) (CVE-2014-3676). * Memory corruption when processing user provided MOK lists (CVE-2014-3677). Security Issues: * CVE-2014-3675 * CVE-2014-3676 * CVE-2014-3677 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-shim-2014-11-20-9997 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-shim-2014-11-20-9997 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-shim-2014-11-20-9997 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-shim-2014-11-20-9997 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 3.0u]: gnu-efi-3.0u-0.7.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 0.7.318.81ee561d and 3.0u]: gnu-efi-3.0u-0.7.2 shim-0.7.318.81ee561d-0.9.2 - SUSE Linux Enterprise Server 11 SP3 (x86_64) [New Version: 0.7.318.81ee561d and 3.0u]: gnu-efi-3.0u-0.7.2 shim-0.7.318.81ee561d-0.9.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 0.7.318.81ee561d]: shim-0.7.318.81ee561d-0.9.2 References: http://support.novell.com/security/cve/CVE-2014-3675.html http://support.novell.com/security/cve/CVE-2014-3676.html http://support.novell.com/security/cve/CVE-2014-3677.html https://bugzilla.suse.com/show_bug.cgi?id=813448 https://bugzilla.suse.com/show_bug.cgi?id=863205 https://bugzilla.suse.com/show_bug.cgi?id=866690 https://bugzilla.suse.com/show_bug.cgi?id=875385 https://bugzilla.suse.com/show_bug.cgi?id=889332 https://bugzilla.suse.com/show_bug.cgi?id=889765 http://download.suse.com/patch/finder/?keywords=9aaff893726e6b56bde50850c3154ed1 From sle-updates at lists.suse.com Thu Dec 11 11:05:50 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Dec 2014 19:05:50 +0100 (CET) Subject: SUSE-RU-2014:1620-1: Recommended update for crowbar-barclamp-neutron Message-ID: <20141211180550.A588B32354@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1620-1 Rating: low References: #848323 #896481 #896750 #897815 #900887 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for crowbar-barclamp-neutron provides stability fixes from the upstream OpenStack project: * Properly quote the values of keystone arguments * Use region from keystone settings (bnc#896481) * Properly quote the values of keystone arguments (bnc#896750) * Use "--insecure" for keystone call when needed * Ensure that api-paste.ini does not contain the auth_token * Fix wrong group on config file breaking ovs setup * Set auth_insecure config option in metadata_agent.ini (bnc#848323) * Make config files owned by root:neutron, instead of neutron:root * Use attributes from the neutron node, not the current node * Add Requires on crowbar-barclamp-openstack for the new crowbar-openstack cookbook. * Use CrowbarPacemakerService provider for neutron-lbaas-agent when HA * Use helpers from new crowbar-openstack cookbook * Do not modify in place a string which is an attribute of the node * Add dependency on crowbar-barclamp-openstack as Requires(post) and Requires to make sure the package is installed before the %post scriplet is executed (bnc#900887). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-neutron-9887 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-neutron-1.8+git.1412782243.9938d8c-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=848323 https://bugzilla.suse.com/show_bug.cgi?id=896481 https://bugzilla.suse.com/show_bug.cgi?id=896750 https://bugzilla.suse.com/show_bug.cgi?id=897815 https://bugzilla.suse.com/show_bug.cgi?id=900887 http://download.suse.com/patch/finder/?keywords=d94c9240d34117f3b7eda237a553b99a From sle-updates at lists.suse.com Thu Dec 11 17:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Dec 2014 01:04:43 +0100 (CET) Subject: SUSE-SU-2014:1623-1: moderate: Security update for pidgin Message-ID: <20141212000443.AC82032342@maintenance.suse.de> SUSE Security Update: Security update for pidgin ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1623-1 Rating: moderate References: #902408 #902409 #902410 Cross-References: CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This pidgin update fixes the following security issues: * bnc#902408: remote information leak via crafted XMPP message (CVE-2014-3698) * bnc#902410: denial of service parsing Groupwise server message (CVE-2014-3696) * bnc#902409: crash in MXit protocol plug-in (CVE-2014-3695) Security Issues: * CVE-2014-3698 * CVE-2014-3696 * CVE-2014-3695 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-finch-10078 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-finch-10078 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): finch-2.6.6-0.25.2 finch-devel-2.6.6-0.25.2 libpurple-2.6.6-0.25.2 libpurple-devel-2.6.6-0.25.2 libpurple-lang-2.6.6-0.25.2 pidgin-2.6.6-0.25.2 pidgin-devel-2.6.6-0.25.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): finch-2.6.6-0.25.2 libpurple-2.6.6-0.25.2 libpurple-lang-2.6.6-0.25.2 libpurple-meanwhile-2.6.6-0.25.2 libpurple-tcl-2.6.6-0.25.2 pidgin-2.6.6-0.25.2 References: http://support.novell.com/security/cve/CVE-2014-3695.html http://support.novell.com/security/cve/CVE-2014-3696.html http://support.novell.com/security/cve/CVE-2014-3698.html https://bugzilla.suse.com/show_bug.cgi?id=902408 https://bugzilla.suse.com/show_bug.cgi?id=902409 https://bugzilla.suse.com/show_bug.cgi?id=902410 http://download.suse.com/patch/finder/?keywords=b42c0aeceaaa9ff5f85df2d7207116a2 From sle-updates at lists.suse.com Thu Dec 11 19:05:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Dec 2014 03:05:12 +0100 (CET) Subject: SUSE-SU-2014:1624-1: important: Security update for Mozilla Firefox Message-ID: <20141212020512.C45A132346@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1624-1 Rating: important References: #908009 Cross-References: CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-1595 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. It includes one version update. Description: Mozilla Firefox has been updated to the 31.3ESR release fixing bugs and security issues. * MFSA 2014-83 / CVE-2014-1588 / CVE-2014-1587: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * MFSA 2014-85 / CVE-2014-1590: Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks. * MFSA 2014-87 / CVE-2014-1592: Security researcher Berend-Jan Wever reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash. * MFSA 2014-88 / CVE-2014-1593: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash. * MFSA 2014-89 / CVE-2014-1594: Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center (GTISC) reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified. * MFSA 2014-90 / CVE-2014-1595: Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X from versions 10.6 through 10.9, the CoreGraphics had this logging ability but it was turned off by default. In OS X 10.10, this logging was turned on by default for some applications that use a custom memory allocator, such as jemalloc, because of an initialization bug in the framework. This issue has been addressed in Mozilla products by explicitly turning off the framework's logging of input events. On vulnerable systems, this issue can result in private data such as usernames, passwords, and other inputed data being saved to a log file on the local system. Security Issues: * CVE-2014-1587 * CVE-2014-1588 * CVE-2014-1589 * CVE-2014-1590 * CVE-2014-1591 * CVE-2014-1592 * CVE-2014-1593 * CVE-2014-1594 * CVE-2014-1595 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox-201412-10064 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox-201412-10064 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox-201412-10064 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-firefox-201412-10065 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-201412-10066 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox-201412-10064 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-31.3.0esr-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 31.3.0esr]: MozillaFirefox-31.3.0esr-0.8.1 MozillaFirefox-translations-31.3.0esr-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 31.3.0esr]: MozillaFirefox-31.3.0esr-0.8.1 MozillaFirefox-translations-31.3.0esr-0.8.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 31.3.0esr]: MozillaFirefox-31.3.0esr-0.3.1 MozillaFirefox-translations-31.3.0esr-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 31.3.0esr]: MozillaFirefox-31.3.0esr-0.3.1 MozillaFirefox-translations-31.3.0esr-0.3.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x): MozillaFirefox-31.3.0esr-0.5.1 MozillaFirefox-translations-31.3.0esr-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 31.3.0esr]: MozillaFirefox-31.3.0esr-0.8.1 MozillaFirefox-translations-31.3.0esr-0.8.1 References: http://support.novell.com/security/cve/CVE-2014-1587.html http://support.novell.com/security/cve/CVE-2014-1588.html http://support.novell.com/security/cve/CVE-2014-1589.html http://support.novell.com/security/cve/CVE-2014-1590.html http://support.novell.com/security/cve/CVE-2014-1591.html http://support.novell.com/security/cve/CVE-2014-1592.html http://support.novell.com/security/cve/CVE-2014-1593.html http://support.novell.com/security/cve/CVE-2014-1594.html http://support.novell.com/security/cve/CVE-2014-1595.html https://bugzilla.suse.com/show_bug.cgi?id=908009 http://download.suse.com/patch/finder/?keywords=0615641fb2f45aa54681190d0d635b57 http://download.suse.com/patch/finder/?keywords=4ffa3a796b6b4288bb70c145016dbfa4 http://download.suse.com/patch/finder/?keywords=a163293f68a3f574c56b72fa5f1dd8ef http://download.suse.com/patch/finder/?keywords=d622a076d6545627a78da4f5c5eb804c From sle-updates at lists.suse.com Fri Dec 12 04:04:40 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Dec 2014 12:04:40 +0100 (CET) Subject: SUSE-RU-2014:1627-1: Initial live patch for kernel 3.12.32-29 Message-ID: <20141212110440.C34F932356@maintenance.suse.de> SUSE Recommended Update: Initial live patch for kernel 3.12.32-29 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1627-1 Rating: low References: Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This patch contains modifications of uname syscall and no bug fixes yet. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2014-108 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_32-29-default-1-4.2 kgraft-patch-3_12_32-29-xen-1-4.2 References: From sle-updates at lists.suse.com Fri Dec 12 05:04:45 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Dec 2014 13:04:45 +0100 (CET) Subject: SUSE-SU-2014:1628-1: moderate: Security update for gnutls Message-ID: <20141212120445.9119A32356@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1628-1 Rating: moderate References: #904603 Cross-References: CVE-2014-8564 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: gnutls was updated to fix one security issue. - Fixed parsing problem in elliptic curve blobs over TLS that could lead to remote crashes (CVE-2014-8564). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-109 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-109 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-109 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gnutls-debuginfo-3.2.15-4.1 gnutls-debugsource-3.2.15-4.1 libgnutls-devel-3.2.15-4.1 libgnutls-openssl-devel-3.2.15-4.1 libgnutlsxx-devel-3.2.15-4.1 libgnutlsxx28-3.2.15-4.1 libgnutlsxx28-debuginfo-3.2.15-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnutls-3.2.15-4.1 gnutls-debuginfo-3.2.15-4.1 gnutls-debugsource-3.2.15-4.1 libgnutls-openssl27-3.2.15-4.1 libgnutls-openssl27-debuginfo-3.2.15-4.1 libgnutls28-3.2.15-4.1 libgnutls28-debuginfo-3.2.15-4.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgnutls28-32bit-3.2.15-4.1 libgnutls28-debuginfo-32bit-3.2.15-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gnutls-3.2.15-4.1 gnutls-debuginfo-3.2.15-4.1 gnutls-debugsource-3.2.15-4.1 libgnutls28-3.2.15-4.1 libgnutls28-32bit-3.2.15-4.1 libgnutls28-debuginfo-3.2.15-4.1 libgnutls28-debuginfo-32bit-3.2.15-4.1 References: http://support.novell.com/security/cve/CVE-2014-8564.html https://bugzilla.suse.com/show_bug.cgi?id=904603 From sle-updates at lists.suse.com Fri Dec 12 11:04:42 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Dec 2014 19:04:42 +0100 (CET) Subject: SUSE-RU-2014:1630-1: moderate: Recommended update for python-urlgrabber Message-ID: <20141212180442.0D3C032357@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-urlgrabber ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1630-1 Rating: moderate References: #902416 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-urlgrabber declares the '$' sign as a safe character in URL paths. This prevents escaping /$RCE/, which lead to problems with token authentication on update repositories. (bnc#902416) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-urlgrabber-10079 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-urlgrabber-10079 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-urlgrabber-10079 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): python-urlgrabber-3.9.1-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-urlgrabber-3.9.1-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): python-urlgrabber-3.9.1-0.5.1 References: https://bugzilla.suse.com/show_bug.cgi?id=902416 http://download.suse.com/patch/finder/?keywords=0e16e715e06016da1170c85b9fb8c4c9 From sle-updates at lists.suse.com Fri Dec 12 22:04:40 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Dec 2014 06:04:40 +0100 (CET) Subject: SUSE-SU-2014:1631-1: moderate: Security update for Image Magick Message-ID: <20141213050440.ABA9432359@maintenance.suse.de> SUSE Security Update: Security update for Image Magick ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1631-1 Rating: moderate References: #903204 #903216 #903638 #905260 Cross-References: CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: ImageMagick has been updated to fix four security issues: * Crafted jpeg file could have lead to a Denial of Service (CVE-2014-8716). * Out-of-bounds memory access in resize code (CVE-2014-8354) * Out-of-bounds memory access in PCX parser (CVE-2014-8355). * Out-of-bounds memory error in DCM decode (CVE-2014-8562). Security Issues: * CVE-2014-8716 * CVE-2014-8355 * CVE-2014-8354 * CVE-2014-8562 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-ImageMagick-9976 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ImageMagick-9976 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ImageMagick-9976 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ImageMagick-9976 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.30.1 ImageMagick-devel-6.4.3.6-7.30.1 libMagick++-devel-6.4.3.6-7.30.1 libMagick++1-6.4.3.6-7.30.1 libMagickWand1-6.4.3.6-7.30.1 perl-PerlMagick-6.4.3.6-7.30.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.30.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libMagickCore1-6.4.3.6-7.30.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libMagickCore1-32bit-6.4.3.6-7.30.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.30.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.30.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ImageMagick-6.4.3.6-7.30.1 libMagick++1-6.4.3.6-7.30.1 libMagickCore1-6.4.3.6-7.30.1 libMagickWand1-6.4.3.6-7.30.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libMagickCore1-32bit-6.4.3.6-7.30.1 References: http://support.novell.com/security/cve/CVE-2014-8354.html http://support.novell.com/security/cve/CVE-2014-8355.html http://support.novell.com/security/cve/CVE-2014-8562.html http://support.novell.com/security/cve/CVE-2014-8716.html https://bugzilla.suse.com/show_bug.cgi?id=903204 https://bugzilla.suse.com/show_bug.cgi?id=903216 https://bugzilla.suse.com/show_bug.cgi?id=903638 https://bugzilla.suse.com/show_bug.cgi?id=905260 http://download.suse.com/patch/finder/?keywords=f5721a41b940c2f4a6fd787f4d563fcc From sle-updates at lists.suse.com Mon Dec 15 06:04:41 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Dec 2014 14:04:41 +0100 (CET) Subject: SUSE-SU-2014:1648-1: moderate: Security update for docker, sle2docker, go Message-ID: <20141215130441.5691832357@maintenance.suse.de> SUSE Security Update: Security update for docker, sle2docker, go ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1648-1 Rating: moderate References: #898901 #902289 #902413 #907012 #907014 Cross-References: CVE-2014-5277 CVE-2014-5282 CVE-2014-6407 CVE-2014-6408 CVE-2014-7189 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: Docker was updated to version 1.3.2 to fix five security issues and several other bugs. - Updated to 1.3.2 (2014-11-20) - fixes bnc#907012 (CVE-2014-6407) and bnc#907014 (CVE-2014-6408) - Fixed minor packaging issues. These security issues were fixed: - Prevent fallback to SSL protocols lower than TLS 1.0 for client, daemon and registry (CVE-2014-5277). - Secure HTTPS connection to registries with certificate verification and without HTTP fallback unless `--insecure-registry` is specified. - Tagging image to ID can redirect images on subsequent pulls (CVE-2014-5282). - Fix tar breakout vulnerability (CVE-2014-6407) - Extractions are now sandboxed chroot (CVE-2014-6407) - Security options are no longer committed to images (CVE-2014-6408) These non-security issues were fixed: - Fix deadlock in `docker ps -f exited=1` - Fix a bug when `--volumes-from` references a container that failed to start - `--insecure-registry` now accepts CIDR notation such as 10.1.0.0/16 - Private registries whose IPs fall in the 127.0.0.0/8 range do no need the `--insecure-registry` flag - Skip the experimental registry v2 API when mirroring is enabled - Fix issue where volumes would not be shared - Fix issue with `--iptables=false` not automatically setting `--ip-masq=false` - Fix docker run output to non-TTY stdout - Fix escaping `$` for environment variables - Fix issue with lowercase `onbuild` Dockerfile instruction - Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`, `WORKDIR`, `EXPOSE`, `VOLUME` and `USER` - docker `exec` allows you to run additional processes inside existing containers - docker `create` gives you the ability to create a container via the cli without executing a process - `--security-opts` options to allow user to customize container labels and apparmor profiles - docker `ps` filters - Wildcard support to copy/add - Move production urls to get.docker.com from get.docker.io - Allocate ip address on the bridge inside a valid cidr - Use drone.io for pr and ci testing - Ability to setup an official registry mirror - Ability to save multiple images with docker `save` go was updated to version 1.3.3 to fix one security issue and several other bugs. This security issue was fixed: - TLS client authentication issue (CVE-2014-7189). These non-security issues were fixed: - Avoid stripping debuginfo on arm, it fails (and is not necessary) - Revert the /usr/share/go/contrib symlink as it caused problems during update. Moved all go sources to /usr/share/go/contrib/src instead of /usr/share/go/contrib/src/pkg and created pkg and src symlinks in contrib to add it to GOPATH - Fixed %go_contribsrcdir value - Copy temporary macros.go as go.macros to avoid it to be built - Do not modify Source: files, because that makes the .src.rpm being tied to one specific arch. - Removed extra src folder in /usr/share/go/contrib: the goal is to transform this folder into a proper entry for GOPATH. This folder is now linked to %{_libdir}/go/contrib - go requires gcc to build sources using cgo - tools-packaging.patch: Allow building cover and vet tools in $GOROOT_TARGET/pkg/tool instead of $GOROOT/pkg/tool. This will allow building go tools as a separate package sle2docker was updated to version 0.2.2 to fix one bug: - Fix SLE12 urls (bnc#902289) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-111 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): docker-1.3.2-9.1 docker-debuginfo-1.3.2-9.1 docker-debugsource-1.3.2-9.1 ruby2.1-rubygem-sle2docker-0.2.3-5.1 sle2docker-0.2.3-5.1 References: http://support.novell.com/security/cve/CVE-2014-5277.html http://support.novell.com/security/cve/CVE-2014-5282.html http://support.novell.com/security/cve/CVE-2014-6407.html http://support.novell.com/security/cve/CVE-2014-6408.html http://support.novell.com/security/cve/CVE-2014-7189.html https://bugzilla.suse.com/show_bug.cgi?id=898901 https://bugzilla.suse.com/show_bug.cgi?id=902289 https://bugzilla.suse.com/show_bug.cgi?id=902413 https://bugzilla.suse.com/show_bug.cgi?id=907012 https://bugzilla.suse.com/show_bug.cgi?id=907014 From sle-updates at lists.suse.com Mon Dec 15 06:05:35 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Dec 2014 14:05:35 +0100 (CET) Subject: SUSE-SU-2014:1649-1: moderate: Security update for flash-player Message-ID: <20141215130535.4C1F732359@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1649-1 Rating: moderate References: #909219 Cross-References: CVE-2014-0580 CVE-2014-0587 CVE-2014-8443 CVE-2014-9162 CVE-2014-9163 CVE-2014-9164 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This flash-player security version update fixes the following issues: - Security update to 11.2.202.425 (bsc#909219): * APSB14-27, CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-110 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-110 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.425-19.1 flash-player-gnome-11.2.202.425-19.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.425-19.1 flash-player-gnome-11.2.202.425-19.1 References: http://support.novell.com/security/cve/CVE-2014-0580.html http://support.novell.com/security/cve/CVE-2014-0587.html http://support.novell.com/security/cve/CVE-2014-8443.html http://support.novell.com/security/cve/CVE-2014-9162.html http://support.novell.com/security/cve/CVE-2014-9163.html http://support.novell.com/security/cve/CVE-2014-9164.html https://bugzilla.suse.com/show_bug.cgi?id=909219 From sle-updates at lists.suse.com Mon Dec 15 17:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Dec 2014 01:04:43 +0100 (CET) Subject: SUSE-SU-2014:1650-1: important: Security update for flash-player Message-ID: <20141216000443.E540632352@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1650-1 Rating: important References: #909219 Cross-References: CVE-2014-0580 CVE-2014-0587 CVE-2014-8443 CVE-2014-9162 CVE-2014-9163 CVE-2014-9164 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. It includes one version update. Description: This flash-player security update fixes the following issues: * Security update to 11.2.202.425 (bnc#909219): o APSB14-27, CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164 Security Issues: * CVE-2014-0580 * CVE-2014-0587 * CVE-2014-8443 * CVE-2014-9162 * CVE-2014-9163 * CVE-2014-9164 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-10090 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.425]: flash-player-11.2.202.425-0.3.1 flash-player-gnome-11.2.202.425-0.3.1 flash-player-kde4-11.2.202.425-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-0580.html http://support.novell.com/security/cve/CVE-2014-0587.html http://support.novell.com/security/cve/CVE-2014-8443.html http://support.novell.com/security/cve/CVE-2014-9162.html http://support.novell.com/security/cve/CVE-2014-9163.html http://support.novell.com/security/cve/CVE-2014-9164.html https://bugzilla.suse.com/show_bug.cgi?id=909219 http://download.suse.com/patch/finder/?keywords=057ea7b242b47261313158ae660068aa From sle-updates at lists.suse.com Tue Dec 16 09:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Dec 2014 17:04:43 +0100 (CET) Subject: SUSE-RU-2014:1651-1: important: Recommended update for openssl-ibmca Message-ID: <20141216160443.ADCDD3235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-ibmca ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1651-1 Rating: important References: #905480 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the OpenSSL engines location in openssl-ibmca. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-112 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (s390x): openssl-ibmca-1.2.0-147.1 openssl-ibmca-32bit-1.2.0-147.1 openssl-ibmca-debuginfo-1.2.0-147.1 openssl-ibmca-debuginfo-32bit-1.2.0-147.1 openssl-ibmca-debugsource-1.2.0-147.1 References: https://bugzilla.suse.com/show_bug.cgi?id=905480 From sle-updates at lists.suse.com Wed Dec 17 02:04:42 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Dec 2014 10:04:42 +0100 (CET) Subject: SUSE-SU-2014:1652-1: moderate: Security update for cpio Message-ID: <20141217090442.E7EC23235B@maintenance.suse.de> SUSE Security Update: Security update for cpio ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1652-1 Rating: moderate References: #658010 #907456 Cross-References: CVE-2014-9112 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This cpio security update fixes the following buffer overflow issue and two non security issues: - fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112) - prevent cpio from extracting over a symlink (bnc#658010) - fix a truncation check in mt Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-113 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-113 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cpio-2.11-29.1 cpio-debuginfo-2.11-29.1 cpio-debugsource-2.11-29.1 - SUSE Linux Enterprise Server 12 (noarch): cpio-lang-2.11-29.1 - SUSE Linux Enterprise Desktop 12 (x86_64): cpio-2.11-29.1 cpio-debuginfo-2.11-29.1 cpio-debugsource-2.11-29.1 - SUSE Linux Enterprise Desktop 12 (noarch): cpio-lang-2.11-29.1 References: http://support.novell.com/security/cve/CVE-2014-9112.html https://bugzilla.suse.com/show_bug.cgi?id=658010 https://bugzilla.suse.com/show_bug.cgi?id=907456 From sle-updates at lists.suse.com Wed Dec 17 19:06:16 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Dec 2014 03:06:16 +0100 (CET) Subject: SUSE-RU-2014:1657-1: moderate: Recommended update for ksh Message-ID: <20141218020616.3946532352@maintenance.suse.de> SUSE Recommended Update: Recommended update for ksh ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1657-1 Rating: moderate References: #835885 #844071 #852160 #861326 #863315 #867401 #893031 #899014 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. It includes one version update. Description: This collective update for Korn Shell provides the following fixes: * Fix stk aliasing code. (bnc#844071, bnc#863315) * Fix crash when the subshell number overflows. (bnc#893031) * Fix path normalization in cd command. (bnc#867401) * Fix segmentation fault in dirname when cwd is gone. (bnc#852160) * Fix ksh using wrong files in some elements if the path does not exist. (bnc#899014) * Fix sub-processes in a pipe losing their reference to standard output. (bnc#835885) * Fix memory leak in ksh with here documents. (bnc#861326) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-ksh-10057 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ksh-10057 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ksh-10057 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-ksh-10058 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-ksh-10059 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ksh-10057 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): ksh-devel-93u-0.26.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ksh-93u-0.26.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ksh-93u-0.26.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): ksh-93u-0.26.1 ksh-devel-93u-0.26.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 93u]: ksh-93u-0.26.1 ksh-devel-93u-0.26.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 93u]: ksh-93u-0.31.1 ksh-devel-93u-0.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ksh-93u-0.26.1 References: https://bugzilla.suse.com/show_bug.cgi?id=835885 https://bugzilla.suse.com/show_bug.cgi?id=844071 https://bugzilla.suse.com/show_bug.cgi?id=852160 https://bugzilla.suse.com/show_bug.cgi?id=861326 https://bugzilla.suse.com/show_bug.cgi?id=863315 https://bugzilla.suse.com/show_bug.cgi?id=867401 https://bugzilla.suse.com/show_bug.cgi?id=893031 https://bugzilla.suse.com/show_bug.cgi?id=899014 http://download.suse.com/patch/finder/?keywords=1243f7810e7af36a5e3c95697ffe2438 http://download.suse.com/patch/finder/?keywords=be1791ebc88ec1247bc88be0f3366d69 http://download.suse.com/patch/finder/?keywords=dacf2d8c5b43c4b762f6e0c71934fb80 http://download.suse.com/patch/finder/?keywords=e24ee074caac3a08f914de43e314e2a8 From sle-updates at lists.suse.com Thu Dec 18 02:04:40 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Dec 2014 10:04:40 +0100 (CET) Subject: SUSE-SU-2014:1658-1: moderate: Security update for mailx Message-ID: <20141218090440.EB2D23235B@maintenance.suse.de> SUSE Security Update: Security update for mailx ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1658-1 Rating: moderate References: #909208 Cross-References: CVE-2004-2771 CVE-2014-7844 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This mailx update fixes the following security and non security issues: - bsc#909208: shell command injection via crafted email addresses (CVE-2004-2771, CVE-2014-7844) - Correct comment in spec file Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-114 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-114 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): mailx-12.5-22.1 mailx-debuginfo-12.5-22.1 mailx-debugsource-12.5-22.1 - SUSE Linux Enterprise Desktop 12 (x86_64): mailx-12.5-22.1 mailx-debuginfo-12.5-22.1 mailx-debugsource-12.5-22.1 References: http://support.novell.com/security/cve/CVE-2004-2771.html http://support.novell.com/security/cve/CVE-2014-7844.html https://bugzilla.suse.com/show_bug.cgi?id=909208 From sle-updates at lists.suse.com Thu Dec 18 07:04:42 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Dec 2014 15:04:42 +0100 (CET) Subject: SUSE-SU-2014:1663-1: moderate: Security update for flac Message-ID: <20141218140442.360223235B@maintenance.suse.de> SUSE Security Update: Security update for flac ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1663-1 Rating: moderate References: #906831 #907016 Cross-References: CVE-2014-8962 CVE-2014-9028 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: flac was updated to fix two security issues. These security issues were fixed: - Stack overflow may result in arbitrary code execution (CVE-2014-8962). - Heap overflow via specially crafted .flac files (CVE-2014-9028). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-115 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-115 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-115 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): flac-debuginfo-1.3.0-6.1 flac-debugsource-1.3.0-6.1 flac-devel-1.3.0-6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): flac-debuginfo-1.3.0-6.1 flac-debugsource-1.3.0-6.1 libFLAC++6-1.3.0-6.1 libFLAC++6-debuginfo-1.3.0-6.1 libFLAC8-1.3.0-6.1 libFLAC8-debuginfo-1.3.0-6.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libFLAC8-32bit-1.3.0-6.1 libFLAC8-debuginfo-32bit-1.3.0-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flac-debuginfo-1.3.0-6.1 flac-debugsource-1.3.0-6.1 libFLAC8-1.3.0-6.1 libFLAC8-32bit-1.3.0-6.1 libFLAC8-debuginfo-1.3.0-6.1 libFLAC8-debuginfo-32bit-1.3.0-6.1 References: http://support.novell.com/security/cve/CVE-2014-8962.html http://support.novell.com/security/cve/CVE-2014-9028.html https://bugzilla.suse.com/show_bug.cgi?id=906831 https://bugzilla.suse.com/show_bug.cgi?id=907016 From sle-updates at lists.suse.com Thu Dec 18 10:04:45 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Dec 2014 18:04:45 +0100 (CET) Subject: SUSE-RU-2014:1664-1: moderate: Recommended update for ntp Message-ID: <20141218170445.326D73235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for ntp ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1664-1 Rating: moderate References: #898596 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ntp re-enables usage of the legacy MD5 algorithm in FIPS mode. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-117 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-117 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ntp-4.2.6p5-27.1 ntp-debuginfo-4.2.6p5-27.1 ntp-debugsource-4.2.6p5-27.1 ntp-doc-4.2.6p5-27.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ntp-4.2.6p5-27.1 ntp-debuginfo-4.2.6p5-27.1 ntp-debugsource-4.2.6p5-27.1 ntp-doc-4.2.6p5-27.1 References: https://bugzilla.suse.com/show_bug.cgi?id=898596 From sle-updates at lists.suse.com Thu Dec 18 10:05:02 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Dec 2014 18:05:02 +0100 (CET) Subject: SUSE-RU-2014:1665-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20141218170502.5367D3235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1665-1 Rating: moderate References: #855389 #896254 #898428 #900498 #901058 #901958 #908152 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This collective update for SUSE Manager Client Tools provides the following fixes and enhancements: cobbler: - Fix port guessing in koan. (bsc#855389) - Add "copy-default" option to grubby-compat. (bsc#855389) - Handle elilo in SUSE. (bsc#855389) - Fix wrong option "text" in SUSE environment. (bsc#901058) osad: - Removed PyXML dependency for RHEL systems. - Fix osad through unauthenticated proxy case. - Enable and install osad during first installation. (bsc#901958) rhncfg: - Fix compare configuration files by checking permissions on the correct file. (bsc#900498) - Fix error in rhncfg if SELinux is disabled. - Validate the content of configuration files before deploying. spacewalk-backend-libs: - Fix traceback when pushing rpms with archive size greater than 4GB. - Adding handling for new rpm header information. spacewalk-client-tools: - Disable sgmlop import in rhn_check. spacewalk-koan: - Make spacewalk-koan work with newer cobbler/koan version. (bsc#908152) spacewalk-oscap: - Avoid creating profile with empty id. spacewalk-remote-utils: - Add channel definitions for RHEL 6.6. - Compose format has slightly changed for RHEL 6.6. - Add channel definitions for RHEL 5.11. suseRegisterInfo: - Re-add legacy suse_register_info to successfully perform the update. (bsc#898428) zypp-plugin-spacewalk: - Check for retrieveOnly option in up2date configuration and set download_only. (bsc#896254) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2014-116 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (ppc64le s390x x86_64): suseRegisterInfo-2.1.9-5.1 zypp-plugin-spacewalk-0.9.8-6.1 - SUSE Manager Tools 12 (noarch): koan-2.4.2-9.1 osad-5.11.33.6-7.1 rhncfg-5.10.65.9-7.1 rhncfg-actions-5.10.65.9-7.1 rhncfg-client-5.10.65.9-7.1 rhncfg-management-5.10.65.9-7.1 spacewalk-backend-libs-2.1.55.13-7.1 spacewalk-check-2.1.16.5-5.4 spacewalk-client-setup-2.1.16.5-5.4 spacewalk-client-tools-2.1.16.5-5.4 spacewalk-koan-2.1.4.9-4.1 spacewalk-oscap-0.0.23.4-5.4 spacewalk-remote-utils-2.1.3.7-7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=855389 https://bugzilla.suse.com/show_bug.cgi?id=896254 https://bugzilla.suse.com/show_bug.cgi?id=898428 https://bugzilla.suse.com/show_bug.cgi?id=900498 https://bugzilla.suse.com/show_bug.cgi?id=901058 https://bugzilla.suse.com/show_bug.cgi?id=901958 https://bugzilla.suse.com/show_bug.cgi?id=908152 From sle-updates at lists.suse.com Thu Dec 18 15:04:40 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Dec 2014 23:04:40 +0100 (CET) Subject: SUSE-RU-2014:1666-1: moderate: Recommended update for SUSE Manager 2.1 Client Tools Message-ID: <20141218220440.EFD433235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 2.1 Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1666-1 Rating: moderate References: #855389 #900498 #901058 #908152 Affected Products: SUSE Manager Client Tools for SLE 11 SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for SUSE Manager Client Tools provides the following fixes and enhancements: koan: * Fix port guessing in koan. (bsc#855389) * Add "copy-default" option to grubby-compat. (bsc#855389) * Handle elilo in SUSE. (bsc#855389) * Fix wrong option "text" in SUSE environment. (bsc#901058) osad: * Removed PyXML dependency for RHEL systems. * Fix osad through unauthenticated proxy case. rhncfg: * Fix compare configuration files by checking permissions on the correct file. (bsc#900498) spacewalk-backend-libs: * Fixes minor issues. spacewalk-koan: * Make spacewalk-koan work with newer cobbler/koan version. (bsc#908152) spacewalk-remote-utils: * Add channel definitions for RHEL 6.6. * Compose format has slightly changed for RHEL6.6. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP3: zypper in -t patch slesctsp3-client-tools-21-201412-10068 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP3 (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.50.1 spacewalk-backend-libs-2.1.55.13-0.7.1 - SUSE Manager Client Tools for SLE 11 SP3 (noarch): osad-5.11.33.6-0.7.1 rhncfg-5.10.65.9-0.7.1 rhncfg-actions-5.10.65.9-0.7.1 rhncfg-client-5.10.65.9-0.7.1 rhncfg-management-5.10.65.9-0.7.1 spacewalk-koan-2.1.4.9-0.7.1 spacewalk-remote-utils-2.1.3.7-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=855389 https://bugzilla.suse.com/show_bug.cgi?id=900498 https://bugzilla.suse.com/show_bug.cgi?id=901058 https://bugzilla.suse.com/show_bug.cgi?id=908152 http://download.suse.com/patch/finder/?keywords=411bc0dc2238e291a50dbfc4853c75d5 From sle-updates at lists.suse.com Thu Dec 18 17:04:46 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Dec 2014 01:04:46 +0100 (CET) Subject: SUSE-RU-2014:1667-1: moderate: Recommended update for SUSE Manager 2.1 Message-ID: <20141219000446.E673032352@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1667-1 Rating: moderate References: #653265 #767279 #808947 #855389 #860299 #862408 #867836 #870159 #872029 #875231 #875452 #879904 #880026 #880027 #880087 #881225 #882468 #884366 #885889 #887879 #892711 #895001 #895961 #896109 #898426 #901058 #901108 #901193 #901675 #901776 #901927 #901928 #902373 #902494 #902503 #903723 #903880 #904690 #904699 #904732 #904841 #905072 #905263 #905530 #906850 #906887 #907086 #907106 #907337 #907527 #907586 #907643 #907645 #907646 #907677 #908320 Affected Products: SUSE Manager Server ______________________________________________________________________________ An update that has 56 recommended fixes can now be installed. It includes 14 new package versions. Description: This collective update for SUSE Manager Server 2.1 provides the following new features: * Connect SUSE Manager to the SUSE Customer Center. * Manage SLE12 systems. Additionally, several issues have been fixed: auditlog-keeper: * Fix init.d script restart. (bsc#872029) cobbler: * Fix port guessing in koan. (bsc#855389) * Add "copy-default" option to grubby-compat. (bsc#855389) * Handle elilo in SUSE. (bsc#855389) * Fix wrong option "text" in SUSE environment. (bsc#901058) osad: * Removed PyXML dependency for RHEL systems. * Fix osad through unauthenticated proxy case. pxe-default-image: * Wait for gateway to become available before register. (bsc#895001) smdba: * Space reclamation caused ORA-00942: table or view does not exist. (bsc#906850) * Optimized space reclamation for Oracle. sm-ncc-sync-data: * Add ATI and nVidia channels for SLED11-SP3. (bsc#901108) spacecmd: * Call listAutoinstallableChannels() for listing distributions. (bsc#887879) * Fix spacecmd schedule listing. (bsc#902494) * Teach spacecmd report_errata to process all-errata in the absence of further args * Fix call of setCustomOptions() during kickstart_importjson. (bsc#879904) spacewalk-backend: * Insert update tag at the correct place for SLE12. (bsc#907677) * Different registration paths should lock tables in the same order. * Use configuration file variable instead of hardcoded path part in spacewalk-data-fsck. * Drop unused column product_list in suseProducts table. * Trigger generation of metadata if the repo contains no packages. (bsc#870159) spacewalk-branding: * Fix link to macro documentation. (bsc#895961) * Add User Guide to online help pages. * Require online manual packages. * Fix branding in error message. (bsc#902503) * Change texts to print Inter-Server Synchronization additionally to ISS only. * Disable credentials and products dialog on ISS slave. * Improve the layout in case the exception message is large. * SCC notification: change the link to the verb 'Migrate'. * Make the SCC migration/refresh dialog show steps. * Use the NCC/SCC acronyms together with the full name. * Show alert message about disabling cron jobs. spacewalk-certs-tools: * Modify output in case a file is not found. * Remove duplicates from authorized_keys2 as well. (bsc#885889) spacewalk-java: * Throw channel name exception if name is already used. (bnc#901675) * Don't commit when XMLRPCExceptions are thrown. (bsc#908320) * Remove "Select All" button from system currency report. (bsc#653265) * Fix documentation search. (bsc#875452) * Add API listAutoinstallableChannels(). (bsc#887879) * Avoid ArrayIndexOutOfBoundsException with invalid URLs. (bsc#892711) * Avoid NumberFormatException in case of invalid URL. (bsc#892711) * Lookup kickstart tree only when org is found. (bsc#892711) * Fix NPE on GET /rhn/common/DownloadFile.do. (bsc#892711) * Port of the advanced provisioning option page to bootstrap. (bnc#862408) * New installations should use SCC as default customer center. * mgr-sync refresh sets wrong permissions on JSON files. (bnc#907337) * Fix link to macro documentation. (bsc#895961) * Forward to "raw mode" page in case this is an uploaded profile. (bsc#904841) * Enlarge big text area to use more available screen space. (bnc#867836) * Add User Guide to online help pages. * Fix links to monitoring documentation. (bsc#906887) * Check memory settings for virtual SUSE systems. * Fix install type detection. (bsc#875231) * Point "Register Clients" link to "Client Configuration Guide". (bsc#880026) * Change order of installer type: prefer SUSE Linux. (bsc#860299) * Fix ISE when clicking system currency. (bnc#905530) * Set cobbler hostname variable when calling system.createSystemRecord. (bnc#904699) * Fix wrong install=http://nullnull line when calling system.createSystemRecord. (bnc#904699) * Fix JS injection on /rhn/systems/Search.do page. * Configuration file URL should update when you create new revision. * User does not need to be a channel admin to manage a channel. * We should consider if text <> binary has changed for configuration files. * All API methods should be able to find shared channels. * Explain snapshot/rollback behavior better. (bsc#808947) * Fix patch syncing: prevent hibernate.NonUniqueObjectException and rollback. (bsc#903880) * Remove "Add Selected to SSM" from system overview page. (bsc#901776) * Fix CVE audit in case of multi-version package installed and patch in multi channels. (bsc#903723) * Update channel family membership when channel is updated. (bsc#901193) * Log SCC data files as received to files in SCCWebClient. * Add log warning if uploaded file size > 1MB. (bnc#901927) * Fix channel package compare. (bsc#904690) * Fix automatic configuration file deployment via snippet. (bsc#898426) * Avoid NPE when using 'from-dir', regression introduced with SCC caching. * Add support for SLE12 and refactor kernel and initrd default paths finders. * Fix wizard mirror credentials side help to point to SCC. * Make the SCC migration/refresh dialog show steps. * Show alert message about disabling cron jobs. * Schedule sync of all vendor channels in MgrSyncRefresh job. * Add client hostname or IP to log messages. (bsc#904732) * Hide email field for mirror credentials when on SCC. * We do not want to use cascade for EVR and name attributes of PackageActionDetails. * Fixed copying text from kickstart snippets. (bsc#880087) spacewalk-utils: * Prevent empty directory creation by scbd. * Updated spacewalk-common-channels.ini to include Oracle Linux 7. * Fix error if blacklist / removelist is not in scbd configuration file. * Improve error messaging in scbd. spacewalk-web: * Add User Guide to online help pages. * Fix links to monitoring documentation. (bsc#906887) * Fix rhnChannelNewestPackage table by using refresh_newest_package function again. * Improve the layout in case the exception message is large. * Setup wizard: add tooltip to refresh button. * Stop the spinner for the success task. * Link the error message with the tomcat log viewer. * Make the SCC migration/refresh dialog show steps. * Add a refresh button to the SUSE products page. susemanager-manuals_en, susemanager-jsp_en: * Update text and image files. (bnc#907527) * Document NCC to SCC switch with SUSE Manager 2.1. (bnc#907106, bnc#907643, bnc#907645, bnc#907646) * SUSE Manager server update description. (bnc#902373) * Activation keys and packages. (bnc#767279) * Cobbler (bnc#880027), Link fix (bnc#881225), Wagon (bnc#884366) * Install and ship the built PDFs. (bnc#907086) susemanager-schema: * Fix migration script names to fix bare-metal registration (bsc#896109) * Add virt-host-plat entitlement mappings for new arches. * Create regular index instead and have one migration per DB. (bsc#905072) * Drop unique index on package ids. (bsc#905072) * Drop unused column product_list in suseProducts table. * Drop unused column channel_family_id in suseProducts. susemanager: * Abort setup when invalid SSL country code given. (bnc#882468) * Use noRepoSync parameter always. * Enable and allow "mgr-sync refresh" in the case of ISS. * Fixed error message on exception in mgr-sync. (bnc#905263) * Fixed add product to not trigger redundant addition of base channel. (bnc#901928) * Drop unused columns in suseProducts table. susemanager-sync-data: * Add channels for Public Cloud Module. (bsc#907586) * Add new channel families SLE-WE and SLE-LP. * Add ATI and nVidia channels for SLED11-SP3. (bsc#901108) * Add channels for IBM-DLPAR for SLE12 ppc64le. How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema with spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-suse-manager-21-201412-1-10083 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (x86_64) [New Version: 1.5,2.1.15,2.1.25.6,2.1.33.9 and 2.1.55.13]: cobbler-2.2.2-0.50.1 smdba-1.5-0.7.1 spacecmd-2.1.25.6-0.7.1 spacewalk-backend-2.1.55.13-0.7.1 spacewalk-backend-app-2.1.55.13-0.7.1 spacewalk-backend-applet-2.1.55.13-0.7.1 spacewalk-backend-config-files-2.1.55.13-0.7.1 spacewalk-backend-config-files-common-2.1.55.13-0.7.1 spacewalk-backend-config-files-tool-2.1.55.13-0.7.1 spacewalk-backend-iss-2.1.55.13-0.7.1 spacewalk-backend-iss-export-2.1.55.13-0.7.1 spacewalk-backend-libs-2.1.55.13-0.7.1 spacewalk-backend-package-push-server-2.1.55.13-0.7.1 spacewalk-backend-server-2.1.55.13-0.7.1 spacewalk-backend-sql-2.1.55.13-0.7.1 spacewalk-backend-sql-oracle-2.1.55.13-0.7.1 spacewalk-backend-sql-postgresql-2.1.55.13-0.7.1 spacewalk-backend-tools-2.1.55.13-0.7.1 spacewalk-backend-xml-export-libs-2.1.55.13-0.7.1 spacewalk-backend-xmlrpc-2.1.55.13-0.7.1 spacewalk-branding-2.1.33.9-0.7.1 susemanager-2.1.15-0.7.2 susemanager-tools-2.1.15-0.7.2 - SUSE Manager Server (noarch) [New Version: 2.1.165.12,2.1.27.11,2.1.4,2.1.50.10,2.1.6.4,2.1.60.11,2.1.8 and 5.11.33.6]: auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.1 auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.1 auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.1 auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.1 auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.1 osa-dispatcher-5.11.33.6-0.7.1 perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.1 pxe-default-image-0.1-0.20.1 sm-ncc-sync-data-2.1.8-0.7.1 spacewalk-base-2.1.60.11-0.7.1 spacewalk-base-minimal-2.1.60.11-0.7.1 spacewalk-base-minimal-config-2.1.60.11-0.7.1 spacewalk-certs-tools-2.1.6.4-0.7.1 spacewalk-grail-2.1.60.11-0.7.1 spacewalk-html-2.1.60.11-0.7.1 spacewalk-java-2.1.165.12-0.7.1 spacewalk-java-config-2.1.165.12-0.7.1 spacewalk-java-lib-2.1.165.12-0.7.1 spacewalk-java-oracle-2.1.165.12-0.7.1 spacewalk-java-postgresql-2.1.165.12-0.7.1 spacewalk-pxt-2.1.60.11-0.7.1 spacewalk-sniglets-2.1.60.11-0.7.1 spacewalk-taskomatic-2.1.165.12-0.7.1 spacewalk-utils-2.1.27.11-0.7.1 susemanager-client-config_en-pdf-2.1-0.13.3 susemanager-install_en-pdf-2.1-0.13.3 susemanager-jsp_en-2.1-0.13.3 susemanager-manuals_en-2.1-0.13.3 susemanager-proxy-quick_en-pdf-2.1-0.13.3 susemanager-reference_en-pdf-2.1-0.13.3 susemanager-schema-2.1.50.10-0.7.1 susemanager-sync-data-2.1.4-0.7.1 susemanager-user_en-pdf-2.1-0.13.3 References: https://bugzilla.suse.com/show_bug.cgi?id=653265 https://bugzilla.suse.com/show_bug.cgi?id=767279 https://bugzilla.suse.com/show_bug.cgi?id=808947 https://bugzilla.suse.com/show_bug.cgi?id=855389 https://bugzilla.suse.com/show_bug.cgi?id=860299 https://bugzilla.suse.com/show_bug.cgi?id=862408 https://bugzilla.suse.com/show_bug.cgi?id=867836 https://bugzilla.suse.com/show_bug.cgi?id=870159 https://bugzilla.suse.com/show_bug.cgi?id=872029 https://bugzilla.suse.com/show_bug.cgi?id=875231 https://bugzilla.suse.com/show_bug.cgi?id=875452 https://bugzilla.suse.com/show_bug.cgi?id=879904 https://bugzilla.suse.com/show_bug.cgi?id=880026 https://bugzilla.suse.com/show_bug.cgi?id=880027 https://bugzilla.suse.com/show_bug.cgi?id=880087 https://bugzilla.suse.com/show_bug.cgi?id=881225 https://bugzilla.suse.com/show_bug.cgi?id=882468 https://bugzilla.suse.com/show_bug.cgi?id=884366 https://bugzilla.suse.com/show_bug.cgi?id=885889 https://bugzilla.suse.com/show_bug.cgi?id=887879 https://bugzilla.suse.com/show_bug.cgi?id=892711 https://bugzilla.suse.com/show_bug.cgi?id=895001 https://bugzilla.suse.com/show_bug.cgi?id=895961 https://bugzilla.suse.com/show_bug.cgi?id=896109 https://bugzilla.suse.com/show_bug.cgi?id=898426 https://bugzilla.suse.com/show_bug.cgi?id=901058 https://bugzilla.suse.com/show_bug.cgi?id=901108 https://bugzilla.suse.com/show_bug.cgi?id=901193 https://bugzilla.suse.com/show_bug.cgi?id=901675 https://bugzilla.suse.com/show_bug.cgi?id=901776 https://bugzilla.suse.com/show_bug.cgi?id=901927 https://bugzilla.suse.com/show_bug.cgi?id=901928 https://bugzilla.suse.com/show_bug.cgi?id=902373 https://bugzilla.suse.com/show_bug.cgi?id=902494 https://bugzilla.suse.com/show_bug.cgi?id=902503 https://bugzilla.suse.com/show_bug.cgi?id=903723 https://bugzilla.suse.com/show_bug.cgi?id=903880 https://bugzilla.suse.com/show_bug.cgi?id=904690 https://bugzilla.suse.com/show_bug.cgi?id=904699 https://bugzilla.suse.com/show_bug.cgi?id=904732 https://bugzilla.suse.com/show_bug.cgi?id=904841 https://bugzilla.suse.com/show_bug.cgi?id=905072 https://bugzilla.suse.com/show_bug.cgi?id=905263 https://bugzilla.suse.com/show_bug.cgi?id=905530 https://bugzilla.suse.com/show_bug.cgi?id=906850 https://bugzilla.suse.com/show_bug.cgi?id=906887 https://bugzilla.suse.com/show_bug.cgi?id=907086 https://bugzilla.suse.com/show_bug.cgi?id=907106 https://bugzilla.suse.com/show_bug.cgi?id=907337 https://bugzilla.suse.com/show_bug.cgi?id=907527 https://bugzilla.suse.com/show_bug.cgi?id=907586 https://bugzilla.suse.com/show_bug.cgi?id=907643 https://bugzilla.suse.com/show_bug.cgi?id=907645 https://bugzilla.suse.com/show_bug.cgi?id=907646 https://bugzilla.suse.com/show_bug.cgi?id=907677 https://bugzilla.suse.com/show_bug.cgi?id=908320 http://download.suse.com/patch/finder/?keywords=4a077b1cbaa19fdbf61516119d7509bf From sle-updates at lists.suse.com Thu Dec 18 17:14:33 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Dec 2014 01:14:33 +0100 (CET) Subject: SUSE-RU-2014:1668-1: moderate: Recommended update for SUSE Manager Proxy 2.1 Message-ID: <20141219001433.1BDBF32352@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1668-1 Rating: moderate References: #870159 #885889 #900498 #906887 #907677 Affected Products: SUSE Manager Proxy ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes 8 new package versions. Description: This collective update for SUSE Manager Proxy 2.1 provides the following fixes and enhancements: osad: * Removed PyXML dependency for RHEL systems. * Fix osad through unauthenticated proxy case. rhncfg: * Fix compare config files by checking permissions on the correct file. (bsc#900498) spacewalk-backend: * Insert update tag at the correct place for SLE12. (bsc#907677) * Different registration paths should lock tables in the same order. * Use configuration file variable instead of hardcoded path part in spacewalk-data-fsck. * Drop unused column product_list in suseProducts table. * Trigger generation of metadata if the repo contains no packages. (bsc#870159) spacewalk-certs-tools: * Modify output in case a file is not found. * Remove duplicates from authorized_keys2 as well. (bsc#885889) spacewalk-proxy-installer: * Read systemid path from configuration. * Proxy installer should use http proxy to get version number. spacewalk-proxy: * Read systemid path from configuration. * Configure proxy max memory file size separately from buffer_size. spacewalk-remote-utils: * Add channel definitions for RHEL 6.6. * Compose format has slightly changed for RHEL6.6. spacewalk-web: * Add User Guide to online help pages. * Fix links to monitoring documentation. (bsc#906887) * Improve the layout in case the exception message is large. * Stop the spinner for the success task. * Link the error message with the tomcat log viewer. * Make the SCC migration/refresh dialog show steps. * Add a refresh button to the SUSE products page How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy: zypper in -t patch slemap21-suse-manager-proxy-21-201412-10077 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy (x86_64) [New Version: 2.1.55.13]: spacewalk-backend-2.1.55.13-0.7.1 spacewalk-backend-libs-2.1.55.13-0.7.1 - SUSE Manager Proxy (noarch) [New Version: 2.1.15.5,2.1.3.7,2.1.6.4,2.1.6.7,2.1.60.11,5.10.65.9 and 5.11.33.6]: osad-5.11.33.6-0.7.1 rhncfg-5.10.65.9-0.7.1 rhncfg-actions-5.10.65.9-0.7.1 rhncfg-client-5.10.65.9-0.7.1 rhncfg-management-5.10.65.9-0.7.1 spacewalk-base-minimal-2.1.60.11-0.7.1 spacewalk-base-minimal-config-2.1.60.11-0.7.1 spacewalk-certs-tools-2.1.6.4-0.7.1 spacewalk-proxy-broker-2.1.15.5-0.7.1 spacewalk-proxy-common-2.1.15.5-0.7.1 spacewalk-proxy-installer-2.1.6.7-0.7.1 spacewalk-proxy-management-2.1.15.5-0.7.1 spacewalk-proxy-package-manager-2.1.15.5-0.7.1 spacewalk-proxy-redirect-2.1.15.5-0.7.1 spacewalk-remote-utils-2.1.3.7-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=870159 https://bugzilla.suse.com/show_bug.cgi?id=885889 https://bugzilla.suse.com/show_bug.cgi?id=900498 https://bugzilla.suse.com/show_bug.cgi?id=906887 https://bugzilla.suse.com/show_bug.cgi?id=907677 http://download.suse.com/patch/finder/?keywords=a1557eb57d8208ec76812d63ab2eccd4 From sle-updates at lists.suse.com Fri Dec 19 17:04:48 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Dec 2014 01:04:48 +0100 (CET) Subject: SUSE-RU-2014:1671-1: Recommended update for SUSE Cloud Documentation Message-ID: <20141220000448.59DC732356@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Cloud Documentation ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1671-1 Rating: low References: #891244 #893140 #897815 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for the SUSE Cloud 4 Deployment Guide fixes the following issues: * Update documentation for Windows Server 2012 R2 support. (bnc#893140) * Replace version strings "Cloud 3" with "Cloud 4". (bnc#891244) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-susecloud-admin_en-pdf-9807 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): susecloud-admin_en-pdf-4.0-0.43.2 susecloud-deployment_en-pdf-4.0-0.43.2 susecloud-manuals_en-4.0-0.43.2 susecloud-user_en-pdf-4.0-0.43.2 References: https://bugzilla.suse.com/show_bug.cgi?id=891244 https://bugzilla.suse.com/show_bug.cgi?id=893140 https://bugzilla.suse.com/show_bug.cgi?id=897815 http://download.suse.com/patch/finder/?keywords=c1f2327d9c451ef5650161049ad6fd9e From sle-updates at lists.suse.com Fri Dec 19 17:05:23 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Dec 2014 01:05:23 +0100 (CET) Subject: SUSE-RU-2014:1275-8: Recommended update for openstack-cinder Message-ID: <20141220000523.B0D293235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-cinder ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1275-8 Rating: low References: #897815 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for openstack-cinder provides the following stability fixes from the upstream OpenStack project: * Remove unecessary call to rbd.Image * NetApp fix attach fail for already mapped volume Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-cinder-10047 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev22.g1d48d01]: openstack-cinder-2014.1.4.dev22.g1d48d01-0.7.1 openstack-cinder-api-2014.1.4.dev22.g1d48d01-0.7.1 openstack-cinder-backup-2014.1.4.dev22.g1d48d01-0.7.1 openstack-cinder-scheduler-2014.1.4.dev22.g1d48d01-0.7.1 openstack-cinder-volume-2014.1.4.dev22.g1d48d01-0.7.1 python-cinder-2014.1.4.dev22.g1d48d01-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev22.g1d48d01]: openstack-cinder-doc-2014.1.4.dev22.g1d48d01-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=897815 http://download.suse.com/patch/finder/?keywords=d9b95b711f3175995983172c98fd8264 From sle-updates at lists.suse.com Fri Dec 19 17:05:40 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Dec 2014 01:05:40 +0100 (CET) Subject: SUSE-RU-2014:1672-1: Recommended update for openstack-swift Message-ID: <20141220000540.282273235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-swift ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1672-1 Rating: low References: #887305 #897815 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openstack-swift provides stability fixes from the upstream OpenStack project: * use %_rundir if available, otherwise /var/run * Fix crash of swift-proxy-server when started via Pacemaker (bnc#887305) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-swift-9806 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): openstack-swift-1.13.1.2.gb223322-0.9.1 openstack-swift-account-1.13.1.2.gb223322-0.9.1 openstack-swift-container-1.13.1.2.gb223322-0.9.1 openstack-swift-object-1.13.1.2.gb223322-0.9.1 openstack-swift-proxy-1.13.1.2.gb223322-0.9.1 python-swift-1.13.1.2.gb223322-0.9.1 - SUSE Cloud 4 (noarch): openstack-swift-doc-1.13.1.2.gb223322-0.9.1 References: https://bugzilla.suse.com/show_bug.cgi?id=887305 https://bugzilla.suse.com/show_bug.cgi?id=897815 http://download.suse.com/patch/finder/?keywords=dc7b53b4056a03f5edc5410aa125a5d8 From sle-updates at lists.suse.com Fri Dec 19 17:06:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Dec 2014 01:06:10 +0100 (CET) Subject: SUSE-RU-2014:1673-1: Recommended update for crowbar-barclamp-tempest and openstack-tempest Message-ID: <20141220000610.4789C3235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-tempest and openstack-tempest ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1673-1 Rating: low References: #891306 #897815 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes two new package versions. Description: This update for crowbar-barclamp-tempest and openstack-tempest provides stability fixes from the upstream OpenStack project: * crowbar-barclamp-tempest: o Do not enable swift when radosgw is used (bnc#891306) o For a comprehensive list of changes, refer to the package's change log. * openstack-tempest: o various bugfixes and improvements o For a comprehensive list of changes, refer to the package's change log. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-barclamp-tempest-201409-9798 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2.dev1065.g465ec2e]: openstack-tempest-2.dev1065.g465ec2e-0.7.1 openstack-tempest-test-2.dev1065.g465ec2e-0.7.1 python-tempest-2.dev1065.g465ec2e-0.7.1 - SUSE Cloud 4 (noarch): crowbar-barclamp-tempest-1.8+git.1409042859.9dc4e5a-0.7.3 References: https://bugzilla.suse.com/show_bug.cgi?id=891306 https://bugzilla.suse.com/show_bug.cgi?id=897815 http://download.suse.com/patch/finder/?keywords=eefcff4b02b303765768ded1fd97164f From sle-updates at lists.suse.com Fri Dec 19 17:06:39 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Dec 2014 01:06:39 +0100 (CET) Subject: SUSE-RU-2014:1674-1: Recommended update for openstack-glance Message-ID: <20141220000639.696B03235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-glance ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1674-1 Rating: low References: #900960 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for openstack-glance provides the following fixes and enhancements: * More robust detection of PostgreSQL connection errors. (bsc#900960) * Do not log password in swift URLs in g-registry. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-glance-9920 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev3.g63e599d]: openstack-glance-2014.1.4.dev3.g63e599d-0.7.1 python-glance-2014.1.4.dev3.g63e599d-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev3.g63e599d]: openstack-glance-doc-2014.1.4.dev3.g63e599d-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=900960 http://download.suse.com/patch/finder/?keywords=6af249ca0f1e6be934675bfc46f6f78f From sle-updates at lists.suse.com Fri Dec 19 21:04:47 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Dec 2014 05:04:47 +0100 (CET) Subject: SUSE-SU-2014:1675-1: moderate: Security update for cpio Message-ID: <20141220040447.0A71B3235B@maintenance.suse.de> SUSE Security Update: Security update for cpio ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1675-1 Rating: moderate References: #907456 Cross-References: CVE-2014-9112 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This cpio update fixes the following security issue: * bnc#907456: heap-based buffer overflow flaw in list_file() (CVE-2014-9112) Security Issues: * CVE-2014-9112 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cpio-10070 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cpio-10070 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cpio-10070 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): cpio-2.9-75.78.1 cpio-lang-2.9-75.78.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): cpio-2.9-75.78.1 cpio-lang-2.9-75.78.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): cpio-2.9-75.78.1 cpio-lang-2.9-75.78.1 References: http://support.novell.com/security/cve/CVE-2014-9112.html https://bugzilla.suse.com/show_bug.cgi?id=907456 http://download.suse.com/patch/finder/?keywords=a4487bcd3ff34f0442c1dfa5792cc9b0 From sle-updates at lists.suse.com Fri Dec 19 22:05:24 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Dec 2014 06:05:24 +0100 (CET) Subject: SUSE-SU-2014:1676-1: Security update for libksba Message-ID: <20141220050524.2F8313235B@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1676-1 Rating: low References: #907074 Cross-References: CVE-2014-9087 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This libksba update fixes the following security issue: * bnc#907074: buffer overflow in ksba_oid_to_str (CVE-2014-9087) Security Issues: * CVE-2014-9087 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libksba-10087 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libksba-10087 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libksba-10087 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libksba-10087 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libksba-devel-1.0.4-1.18.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libksba-1.0.4-1.18.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libksba-1.0.4-1.18.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libksba-1.0.4-1.18.1 References: http://support.novell.com/security/cve/CVE-2014-9087.html https://bugzilla.suse.com/show_bug.cgi?id=907074 http://download.suse.com/patch/finder/?keywords=91d1950430d0f82e1c891e6e8bbadf08 From sle-updates at lists.suse.com Mon Dec 22 13:04:46 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Dec 2014 21:04:46 +0100 (CET) Subject: SUSE-SU-2014:1686-1: critical: Security update for ntp Message-ID: <20141222200446.BB7483235A@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1686-1 Rating: critical References: #910764 Cross-References: CVE-2014-9295 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This ntp update fixes the following critical security issue: * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication) and ctl_putdata() where updated to avoid buffer overflows that could have been exploited. (CVE-2014-9295 / VU#852879) Security Issues: * CVE-2014-9295 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ntp-10117 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ntp-10117 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-ntp-10118 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ntp-10117 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ntp-4.2.4p8-1.28.1 ntp-doc-4.2.4p8-1.28.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.4p8-1.28.1 ntp-doc-4.2.4p8-1.28.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): ntp-4.2.4p8-1.28.1 ntp-doc-4.2.4p8-1.28.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ntp-4.2.4p8-1.28.1 ntp-doc-4.2.4p8-1.28.1 References: http://support.novell.com/security/cve/CVE-2014-9295.html https://bugzilla.suse.com/show_bug.cgi?id=910764 http://download.suse.com/patch/finder/?keywords=49ee0f538b0a3f58f2160d4c87450ab9 http://download.suse.com/patch/finder/?keywords=8082bb36619fe906d1390813bfcdf0b2 From sle-updates at lists.suse.com Mon Dec 22 19:04:41 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Dec 2014 03:04:41 +0100 (CET) Subject: SUSE-RU-2014:1687-1: moderate: Recommended update for multipath-tools Message-ID: <20141223020441.DB61532357@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1687-1 Rating: moderate References: #750110 #865577 #885395 #887608 #888453 #889614 #889927 #890188 #890998 #896910 #898427 #901091 #901809 #904667 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 14 recommended fixes can now be installed. Description: This collective update for multipath-tools provides the following fixes: * Check for valid DM_DEVICE_INFO before proceeding (bsc#888453) * Fix hang during bootup (bsc#750110) * Use a default dev_loss_tmo of 600 (bsc#889927) * Allow for empty SCSI revision (bsc#889614) * Ignore devices when sysfs_get_tgt_nodename fails (bsc#885395) * Skip USB devices during discovery (bsc#865577) * Revert commit 'Blacklist HP Virtual devices' (bsc#885395) * Backport cookie handling fixes (bsc#890188) * Fix thread count increase over time (bsc#896910) * Handle more than 256 loop devices in kpartx (bsc#898427) * Do not flush I/O for DM_DEVICE_CREATE (bsc#901809) * Unwrap dev_loss_tmo logic in libmultipath (bsc#887608) * Fix verbosity on map remove in multipathd (bsc#901091) * Reload map if reinstate failed (bsc#904667) * Do not remove paths without uevents (bnc#890998) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kpartx-10089 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kpartx-10089 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kpartx-10089 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): kpartx-0.4.9-0.105.1 multipath-tools-0.4.9-0.105.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): kpartx-0.4.9-0.105.1 multipath-tools-0.4.9-0.105.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): kpartx-0.4.9-0.105.1 multipath-tools-0.4.9-0.105.1 References: https://bugzilla.suse.com/show_bug.cgi?id=750110 https://bugzilla.suse.com/show_bug.cgi?id=865577 https://bugzilla.suse.com/show_bug.cgi?id=885395 https://bugzilla.suse.com/show_bug.cgi?id=887608 https://bugzilla.suse.com/show_bug.cgi?id=888453 https://bugzilla.suse.com/show_bug.cgi?id=889614 https://bugzilla.suse.com/show_bug.cgi?id=889927 https://bugzilla.suse.com/show_bug.cgi?id=890188 https://bugzilla.suse.com/show_bug.cgi?id=890998 https://bugzilla.suse.com/show_bug.cgi?id=896910 https://bugzilla.suse.com/show_bug.cgi?id=898427 https://bugzilla.suse.com/show_bug.cgi?id=901091 https://bugzilla.suse.com/show_bug.cgi?id=901809 https://bugzilla.suse.com/show_bug.cgi?id=904667 http://download.suse.com/patch/finder/?keywords=48b08d1f6b3e2b4911e6894370f53a65 From sle-updates at lists.suse.com Tue Dec 23 10:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Dec 2014 18:04:43 +0100 (CET) Subject: SUSE-RU-2014:1689-1: important: Recommended update for WALinuxAgent Message-ID: <20141223170443.C1D873235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for WALinuxAgent ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1689-1 Rating: important References: #909701 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for WALinuxAgent to version 2.0.11 provides support for the new G-Series instances in Microsoft Azure. (bnc#909701) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2014-119 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): WALinuxAgent-2.0.11-4.1 References: https://bugzilla.suse.com/show_bug.cgi?id=909701 From sle-updates at lists.suse.com Tue Dec 23 10:04:59 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Dec 2014 18:04:59 +0100 (CET) Subject: SUSE-SU-2014:1690-1: critical: Security update for ntp Message-ID: <20141223170459.ECF323235D@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1690-1 Rating: critical References: #910764 Cross-References: CVE-2014-9295 CVE-2014-9296 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The network timeservice ntp was updated to fix critical security issues (bnc#910764, CERT VU#852879) * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure() where updated to avoid buffer overflows that could be exploited. (CVE-2014-9295) * Furthermore a problem inside the ntpd error handling was found that is missing a return statement. This could also lead to a potentially attack vector. (CVE-2014-9296) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-118 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-118 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ntp-4.2.6p5-31.1 ntp-debuginfo-4.2.6p5-31.1 ntp-debugsource-4.2.6p5-31.1 ntp-doc-4.2.6p5-31.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ntp-4.2.6p5-31.1 ntp-debuginfo-4.2.6p5-31.1 ntp-debugsource-4.2.6p5-31.1 ntp-doc-4.2.6p5-31.1 References: http://support.novell.com/security/cve/CVE-2014-9295.html http://support.novell.com/security/cve/CVE-2014-9296.html https://bugzilla.suse.com/show_bug.cgi?id=910764 From sle-updates at lists.suse.com Tue Dec 23 11:04:47 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Dec 2014 19:04:47 +0100 (CET) Subject: SUSE-SU-2014:1691-1: moderate: Security update for Xen Message-ID: <20141223180447.C1B463235B@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1691-1 Rating: moderate References: #880751 #895799 #903850 #903970 #905467 #906439 Cross-References: CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: Xen has been updated to fix six security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (CVE-2014-8867). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Guest user mode triggerable VM exits not handled by hypervisor (bnc#903850). * Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155). * Hypervisor heap contents leaked to guests (CVE-2014-4021). Security Issues: * CVE-2014-8594 * CVE-2014-8595 * CVE-2014-9030 * CVE-2014-8866 * CVE-2014-8867 Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): xen-3.2.3_17040_46-0.9.1 xen-devel-3.2.3_17040_46-0.9.1 xen-doc-html-3.2.3_17040_46-0.9.1 xen-doc-pdf-3.2.3_17040_46-0.9.1 xen-doc-ps-3.2.3_17040_46-0.9.1 xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-libs-3.2.3_17040_46-0.9.1 xen-tools-3.2.3_17040_46-0.9.1 xen-tools-domU-3.2.3_17040_46-0.9.1 xen-tools-ioemu-3.2.3_17040_46-0.9.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): xen-libs-32bit-3.2.3_17040_46-0.9.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1 References: http://support.novell.com/security/cve/CVE-2014-8594.html http://support.novell.com/security/cve/CVE-2014-8595.html http://support.novell.com/security/cve/CVE-2014-8866.html http://support.novell.com/security/cve/CVE-2014-8867.html http://support.novell.com/security/cve/CVE-2014-9030.html https://bugzilla.suse.com/show_bug.cgi?id=880751 https://bugzilla.suse.com/show_bug.cgi?id=895799 https://bugzilla.suse.com/show_bug.cgi?id=903850 https://bugzilla.suse.com/show_bug.cgi?id=903970 https://bugzilla.suse.com/show_bug.cgi?id=905467 https://bugzilla.suse.com/show_bug.cgi?id=906439 http://download.suse.com/patch/finder/?keywords=2430903f7edca75f2ff542e854abf451 From sle-updates at lists.suse.com Tue Dec 23 11:05:55 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Dec 2014 19:05:55 +0100 (CET) Subject: SUSE-SU-2014:1692-1: Security update for tcpdump Message-ID: <20141223180555.77D6A3235B@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1692-1 Rating: low References: #905870 #905872 Cross-References: CVE-2014-8767 CVE-2014-8769 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: tcpdump has been updated to fix two security issues: * bnc#905872: Unreliable output using malformed AOVD payload (CVE-2014-8769). * bnc#905870: Denial of service in verbose mode using malformed OLSR payload (CVE-2014-8767). Security Issues: * CVE-2014-8769 * CVE-2014-8767 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-tcpdump-10093 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-tcpdump-10093 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-tcpdump-10093 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): tcpdump-3.9.8-1.23.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): tcpdump-3.9.8-1.23.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): tcpdump-3.9.8-1.23.1 References: http://support.novell.com/security/cve/CVE-2014-8767.html http://support.novell.com/security/cve/CVE-2014-8769.html https://bugzilla.suse.com/show_bug.cgi?id=905870 https://bugzilla.suse.com/show_bug.cgi?id=905872 http://download.suse.com/patch/finder/?keywords=f2c744b99b6865b54864e4810ad8e4ce From sle-updates at lists.suse.com Tue Dec 23 11:06:19 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Dec 2014 19:06:19 +0100 (CET) Subject: SUSE-SU-2014:1693-1: important: Security update for Linux kernel Message-ID: <20141223180619.55C103235D@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1693-1 Rating: important References: #755743 #779488 #800255 #835839 #851603 #853040 #857643 #860441 #868049 #873228 #876633 #883724 #883948 #885077 #887418 #888607 #891211 #891368 #891790 #892782 #893758 #894058 #894895 #895387 #895468 #896382 #896390 #896391 #896392 #896415 #897502 #897694 #897708 #898295 #898375 #898554 #899192 #899574 #899843 #901638 #902346 #902349 #903331 #903653 #904013 #904358 #904700 #905100 #905522 Cross-References: CVE-2012-4398 CVE-2013-2889 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-7263 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-4508 CVE-2014-4608 CVE-2014-7826 CVE-2014-7841 CVE-2014-8709 CVE-2014-8884 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 28 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (bnc#835839). * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#853040, bnc#857643). * CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). * CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). * CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). * CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype (bnc#883948). * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed INIT ping-of-death (bnc#905100). * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). * CVE-2014-8884: A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed: * Build the KOTD against the SP3 Update project * HID: fix kabi breakage. * NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. * NFS: fix inverted test for delegation in nfs4_reclaim_open_state (bnc#903331). * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331). * NFSv4: nfs4_open_done first must check that GETATTR decoded a file type (bnc#899574). * PCI: pciehp: Clear Data Link Layer State Changed during init (bnc#898295). * PCI: pciehp: Enable link state change notifications (bnc#898295). * PCI: pciehp: Handle push button event asynchronously (bnc#898295). * PCI: pciehp: Make check_link_active() non-static (bnc#898295). * PCI: pciehp: Use link change notifications for hot-plug and removal (bnc#898295). * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295). * PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898295). * PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * be2net: Fix invocation of be_close() after be_clear() (bnc#895468). * block: Fix bogus partition statistics reports (bnc#885077 bnc#891211). * block: Fix computation of merged request priority. * btrfs: Fix wrong device size when we are resizing the device. * btrfs: Return right extent when fiemap gives unaligned offset and len. * btrfs: abtract out range locking in clone ioctl(). * btrfs: always choose work from prio_head first. * btrfs: balance delayed inode updates. * btrfs: cache extent states in defrag code path. * btrfs: check file extent type before anything else (bnc#897694). * btrfs: clone, do not create invalid hole extent map. * btrfs: correctly determine if blocks are shared in btrfs_compare_trees. * btrfs: do not bug_on if we try to cow a free space cache inode. * btrfs: ensure btrfs_prev_leaf does not miss 1 item. * btrfs: ensure readers see new data after a clone operation. * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. * btrfs: filter invalid arg for btrfs resize. * btrfs: fix EINVAL checks in btrfs_clone. * btrfs: fix EIO on reading file after ioctl clone works on it. * btrfs: fix a crash of clone with inline extents split. * btrfs: fix crash of compressed writes (bnc#898375). * btrfs: fix crash when starting transaction. * btrfs: fix deadlock with nested trans handles. * btrfs: fix hang on error (such as ENOSPC) when writing extent pages. * btrfs: fix leaf corruption after __btrfs_drop_extents. * btrfs: fix race between balance recovery and root deletion. * btrfs: fix wrong extent mapping for DirectIO. * btrfs: handle a missing extent for the first file extent. * btrfs: limit delalloc pages outside of find_delalloc_range (bnc#898375). * btrfs: read lock extent buffer while walking backrefs. * btrfs: remove unused wait queue in struct extent_buffer. * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. * btrfs: replace error code from btrfs_drop_extents. * btrfs: unlock extent and pages on error in cow_file_range. * btrfs: unlock inodes in correct order in clone ioctl. * btrfs_ioctl_clone: Move clone code into its own function. * cifs: delay super block destruction until all cifsFileInfo objects are gone (bnc#903653). * drm/i915: Flush the PTEs after updating them before suspend (bnc#901638). * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638). * ext3: return 32/64-bit dir name hash according to usage type (bnc#898554). * ext4: return 32/64-bit dir name hash according to usage type (bnc#898554). * fix: use after free of xfs workqueues (bnc#894895). * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash (bnc#898554). * futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). * futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). * ipv6: add support of peer address (bnc#896415). * ipv6: fix a refcnt leak with peer addr (bnc#896415). * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502). * mm: change __remove_pages() to call release_mem_region_adjustable() (bnc#891790). * netxen: Fix link event handling (bnc#873228). * netxen: fix link notification order (bnc#873228). * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554). * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554). * ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page (bnc#899843). * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). * powerpc: Add support for the optimised lockref implementation (bsc#893758). * powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). * remove filesize checks for sync I/O journal commit (bnc#800255). * resource: add __adjust_resource() for internal use (bnc#891790). * resource: add release_mem_region_adjustable() (bnc#891790). * revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * rpm/mkspec: Generate specfiles according to Factory requirements. * rpm/mkspec: Generate a per-architecture per-package _constraints file * sched: Fix unreleased llc_shared_mask bit during CPU hotplug (bnc#891368). * scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). * usb: Do not re-read descriptors for wired devices in usb_authorize_device() (bnc#904358). * usbback: Do not access request fields in shared ring more than once. * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607). * vfs,proc: guarantee unique inodes in /proc (bnc#868049). * x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable() (bnc#887418). * x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). * x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). * xfs: Do not free EFIs before the EFDs are committed (bsc#755743). * xfs: Do not reference the EFI after it is freed (bsc#755743). * xfs: fix cil push sequence after log recovery (bsc#755743). * zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). * zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041). Security Issues: * CVE-2012-4398 * CVE-2013-2889 * CVE-2013-2893 * CVE-2013-2897 * CVE-2013-2899 * CVE-2013-7263 * CVE-2014-3181 * CVE-2014-3184 * CVE-2014-3185 * CVE-2014-3186 * CVE-2014-3601 * CVE-2014-3610 * CVE-2014-3646 * CVE-2014-3647 * CVE-2014-4508 * CVE-2014-4608 * CVE-2014-7826 * CVE-2014-7841 * CVE-2014-8709 * CVE-2014-8884 * CVE-2014-3673 Indications: Everyone using the Linux Kernel on x86 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-10037 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-10037 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-10037 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-10037 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-default-3.0.101-0.42.1 kernel-default-base-3.0.101-0.42.1 kernel-default-devel-3.0.101-0.42.1 kernel-pae-3.0.101-0.42.1 kernel-pae-base-3.0.101-0.42.1 kernel-pae-devel-3.0.101-0.42.1 kernel-source-3.0.101-0.42.1 kernel-syms-3.0.101-0.42.1 kernel-trace-3.0.101-0.42.1 kernel-trace-base-3.0.101-0.42.1 kernel-trace-devel-3.0.101-0.42.1 kernel-xen-devel-3.0.101-0.42.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-default-3.0.101-0.42.1 kernel-default-base-3.0.101-0.42.1 kernel-default-devel-3.0.101-0.42.1 kernel-ec2-3.0.101-0.42.1 kernel-ec2-base-3.0.101-0.42.1 kernel-ec2-devel-3.0.101-0.42.1 kernel-pae-3.0.101-0.42.1 kernel-pae-base-3.0.101-0.42.1 kernel-pae-devel-3.0.101-0.42.1 kernel-source-3.0.101-0.42.1 kernel-syms-3.0.101-0.42.1 kernel-trace-3.0.101-0.42.1 kernel-trace-base-3.0.101-0.42.1 kernel-trace-devel-3.0.101-0.42.1 kernel-xen-3.0.101-0.42.1 kernel-xen-base-3.0.101-0.42.1 kernel-xen-devel-3.0.101-0.42.1 xen-kmp-default-4.2.5_02_3.0.101_0.42-0.7.2 xen-kmp-pae-4.2.5_02_3.0.101_0.42-0.7.2 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-default-1.4_3.0.101_0.42-2.27.115 cluster-network-kmp-pae-1.4_3.0.101_0.42-2.27.115 cluster-network-kmp-trace-1.4_3.0.101_0.42-2.27.115 cluster-network-kmp-xen-1.4_3.0.101_0.42-2.27.115 gfs2-kmp-default-2_3.0.101_0.42-0.16.121 gfs2-kmp-pae-2_3.0.101_0.42-0.16.121 gfs2-kmp-trace-2_3.0.101_0.42-0.16.121 gfs2-kmp-xen-2_3.0.101_0.42-0.16.121 ocfs2-kmp-default-1.6_3.0.101_0.42-0.20.115 ocfs2-kmp-pae-1.6_3.0.101_0.42-0.20.115 ocfs2-kmp-trace-1.6_3.0.101_0.42-0.20.115 ocfs2-kmp-xen-1.6_3.0.101_0.42-0.20.115 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-default-3.0.101-0.42.1 kernel-default-base-3.0.101-0.42.1 kernel-default-devel-3.0.101-0.42.1 kernel-default-extra-3.0.101-0.42.1 kernel-pae-3.0.101-0.42.1 kernel-pae-base-3.0.101-0.42.1 kernel-pae-devel-3.0.101-0.42.1 kernel-pae-extra-3.0.101-0.42.1 kernel-source-3.0.101-0.42.1 kernel-syms-3.0.101-0.42.1 kernel-trace-devel-3.0.101-0.42.1 kernel-xen-3.0.101-0.42.1 kernel-xen-base-3.0.101-0.42.1 kernel-xen-devel-3.0.101-0.42.1 kernel-xen-extra-3.0.101-0.42.1 xen-kmp-default-4.2.5_02_3.0.101_0.42-0.7.2 xen-kmp-pae-4.2.5_02_3.0.101_0.42-0.7.2 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x): kernel-default-extra-3.0.101-0.42.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.42.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.42.1 kernel-xen-extra-3.0.101-0.42.1 References: http://support.novell.com/security/cve/CVE-2012-4398.html http://support.novell.com/security/cve/CVE-2013-2889.html http://support.novell.com/security/cve/CVE-2013-2893.html http://support.novell.com/security/cve/CVE-2013-2897.html http://support.novell.com/security/cve/CVE-2013-2899.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2014-3181.html http://support.novell.com/security/cve/CVE-2014-3184.html http://support.novell.com/security/cve/CVE-2014-3185.html http://support.novell.com/security/cve/CVE-2014-3186.html http://support.novell.com/security/cve/CVE-2014-3601.html http://support.novell.com/security/cve/CVE-2014-3610.html http://support.novell.com/security/cve/CVE-2014-3646.html http://support.novell.com/security/cve/CVE-2014-3647.html http://support.novell.com/security/cve/CVE-2014-3673.html http://support.novell.com/security/cve/CVE-2014-4508.html http://support.novell.com/security/cve/CVE-2014-4608.html http://support.novell.com/security/cve/CVE-2014-7826.html http://support.novell.com/security/cve/CVE-2014-7841.html http://support.novell.com/security/cve/CVE-2014-8709.html http://support.novell.com/security/cve/CVE-2014-8884.html https://bugzilla.suse.com/show_bug.cgi?id=755743 https://bugzilla.suse.com/show_bug.cgi?id=779488 https://bugzilla.suse.com/show_bug.cgi?id=800255 https://bugzilla.suse.com/show_bug.cgi?id=835839 https://bugzilla.suse.com/show_bug.cgi?id=851603 https://bugzilla.suse.com/show_bug.cgi?id=853040 https://bugzilla.suse.com/show_bug.cgi?id=857643 https://bugzilla.suse.com/show_bug.cgi?id=860441 https://bugzilla.suse.com/show_bug.cgi?id=868049 https://bugzilla.suse.com/show_bug.cgi?id=873228 https://bugzilla.suse.com/show_bug.cgi?id=876633 https://bugzilla.suse.com/show_bug.cgi?id=883724 https://bugzilla.suse.com/show_bug.cgi?id=883948 https://bugzilla.suse.com/show_bug.cgi?id=885077 https://bugzilla.suse.com/show_bug.cgi?id=887418 https://bugzilla.suse.com/show_bug.cgi?id=888607 https://bugzilla.suse.com/show_bug.cgi?id=891211 https://bugzilla.suse.com/show_bug.cgi?id=891368 https://bugzilla.suse.com/show_bug.cgi?id=891790 https://bugzilla.suse.com/show_bug.cgi?id=892782 https://bugzilla.suse.com/show_bug.cgi?id=893758 https://bugzilla.suse.com/show_bug.cgi?id=894058 https://bugzilla.suse.com/show_bug.cgi?id=894895 https://bugzilla.suse.com/show_bug.cgi?id=895387 https://bugzilla.suse.com/show_bug.cgi?id=895468 https://bugzilla.suse.com/show_bug.cgi?id=896382 https://bugzilla.suse.com/show_bug.cgi?id=896390 https://bugzilla.suse.com/show_bug.cgi?id=896391 https://bugzilla.suse.com/show_bug.cgi?id=896392 https://bugzilla.suse.com/show_bug.cgi?id=896415 https://bugzilla.suse.com/show_bug.cgi?id=897502 https://bugzilla.suse.com/show_bug.cgi?id=897694 https://bugzilla.suse.com/show_bug.cgi?id=897708 https://bugzilla.suse.com/show_bug.cgi?id=898295 https://bugzilla.suse.com/show_bug.cgi?id=898375 https://bugzilla.suse.com/show_bug.cgi?id=898554 https://bugzilla.suse.com/show_bug.cgi?id=899192 https://bugzilla.suse.com/show_bug.cgi?id=899574 https://bugzilla.suse.com/show_bug.cgi?id=899843 https://bugzilla.suse.com/show_bug.cgi?id=901638 https://bugzilla.suse.com/show_bug.cgi?id=902346 https://bugzilla.suse.com/show_bug.cgi?id=902349 https://bugzilla.suse.com/show_bug.cgi?id=903331 https://bugzilla.suse.com/show_bug.cgi?id=903653 https://bugzilla.suse.com/show_bug.cgi?id=904013 https://bugzilla.suse.com/show_bug.cgi?id=904358 https://bugzilla.suse.com/show_bug.cgi?id=904700 https://bugzilla.suse.com/show_bug.cgi?id=905100 https://bugzilla.suse.com/show_bug.cgi?id=905522 http://download.suse.com/patch/finder/?keywords=2969b6fb6821f3c1c5779cb35e36252b http://download.suse.com/patch/finder/?keywords=9da207bd70d4d6642d94fe875803ac61 http://download.suse.com/patch/finder/?keywords=a2d767013b3d89848dc24f9f8e959d1b http://download.suse.com/patch/finder/?keywords=ac39209a595f41dfe7246b4c02e9fa0e http://download.suse.com/patch/finder/?keywords=d7fb7c9ea045657cf163753ab42e7d48 From sle-updates at lists.suse.com Tue Dec 23 12:04:45 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Dec 2014 20:04:45 +0100 (CET) Subject: SUSE-SU-2014:1694-1: important: Security update for openvpn Message-ID: <20141223190445.5AA903235E@maintenance.suse.de> SUSE Security Update: Security update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1694-1 Rating: important References: #907764 Cross-References: CVE-2014-8104 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A remote denial of service attack against openvpn was fixed, where a authenticated client cloud stop the server by triggering a server-side ASSERT (CVE-2014-8104), Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-120 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-120 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openvpn-2.3.2-11.1 openvpn-auth-pam-plugin-2.3.2-11.1 openvpn-auth-pam-plugin-debuginfo-2.3.2-11.1 openvpn-debuginfo-2.3.2-11.1 openvpn-debugsource-2.3.2-11.1 - SUSE Linux Enterprise Desktop 12 (x86_64): openvpn-2.3.2-11.1 openvpn-debuginfo-2.3.2-11.1 openvpn-debugsource-2.3.2-11.1 References: http://support.novell.com/security/cve/CVE-2014-8104.html https://bugzilla.suse.com/show_bug.cgi?id=907764 From sle-updates at lists.suse.com Tue Dec 23 12:05:01 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Dec 2014 20:05:01 +0100 (CET) Subject: SUSE-SU-2014:1695-1: important: Security update for Linux kernel Message-ID: <20141223190501.73E1A3235D@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1695-1 Rating: important References: #755743 #779488 #800255 #835839 #851603 #853040 #857643 #860441 #868049 #873228 #876633 #883724 #883948 #885077 #887418 #888607 #891211 #891368 #891790 #892782 #893758 #894058 #894895 #895387 #895468 #896382 #896390 #896391 #896392 #896415 #897502 #897694 #897708 #898295 #898375 #898554 #899192 #899574 #899843 #901638 #902346 #902349 #903331 #903653 #904013 #904358 #904700 #905100 #905522 #907818 #909077 #910251 Cross-References: CVE-2012-4398 CVE-2013-2889 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-7263 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-4508 CVE-2014-4608 CVE-2014-7826 CVE-2014-7841 CVE-2014-8133 CVE-2014-8709 CVE-2014-8884 CVE-2014-9090 CVE-2014-9322 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 24 vulnerabilities and has 28 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (bnc#835839). * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#853040, bnc#857643). * CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). * CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). * CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). * CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype (bnc#883948). * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed INIT ping-of-death (bnc#905100). * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). * CVE-2014-8884: A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed: * Build the KOTD against the SP3 Update project * HID: fix kabi breakage. * NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. * NFS: fix inverted test for delegation in nfs4_reclaim_open_state (bnc#903331). * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331). * NFSv4: nfs4_open_done first must check that GETATTR decoded a file type (bnc#899574). * PCI: pciehp: Clear Data Link Layer State Changed during init (bnc#898295). * PCI: pciehp: Enable link state change notifications (bnc#898295). * PCI: pciehp: Handle push button event asynchronously (bnc#898295). * PCI: pciehp: Make check_link_active() non-static (bnc#898295). * PCI: pciehp: Use link change notifications for hot-plug and removal (bnc#898295). * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295). * PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898295). * PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * be2net: Fix invocation of be_close() after be_clear() (bnc#895468). * block: Fix bogus partition statistics reports (bnc#885077 bnc#891211). * block: Fix computation of merged request priority. * btrfs: Fix wrong device size when we are resizing the device. * btrfs: Return right extent when fiemap gives unaligned offset and len. * btrfs: abtract out range locking in clone ioctl(). * btrfs: always choose work from prio_head first. * btrfs: balance delayed inode updates. * btrfs: cache extent states in defrag code path. * btrfs: check file extent type before anything else (bnc#897694). * btrfs: clone, do not create invalid hole extent map. * btrfs: correctly determine if blocks are shared in btrfs_compare_trees. * btrfs: do not bug_on if we try to cow a free space cache inode. * btrfs: ensure btrfs_prev_leaf does not miss 1 item. * btrfs: ensure readers see new data after a clone operation. * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. * btrfs: filter invalid arg for btrfs resize. * btrfs: fix EINVAL checks in btrfs_clone. * btrfs: fix EIO on reading file after ioctl clone works on it. * btrfs: fix a crash of clone with inline extents split. * btrfs: fix crash of compressed writes (bnc#898375). * btrfs: fix crash when starting transaction. * btrfs: fix deadlock with nested trans handles. * btrfs: fix hang on error (such as ENOSPC) when writing extent pages. * btrfs: fix leaf corruption after __btrfs_drop_extents. * btrfs: fix race between balance recovery and root deletion. * btrfs: fix wrong extent mapping for DirectIO. * btrfs: handle a missing extent for the first file extent. * btrfs: limit delalloc pages outside of find_delalloc_range (bnc#898375). * btrfs: read lock extent buffer while walking backrefs. * btrfs: remove unused wait queue in struct extent_buffer. * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. * btrfs: replace error code from btrfs_drop_extents. * btrfs: unlock extent and pages on error in cow_file_range. * btrfs: unlock inodes in correct order in clone ioctl. * btrfs_ioctl_clone: Move clone code into its own function. * cifs: delay super block destruction until all cifsFileInfo objects are gone (bnc#903653). * drm/i915: Flush the PTEs after updating them before suspend (bnc#901638). * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638). * ext3: return 32/64-bit dir name hash according to usage type (bnc#898554). * ext4: return 32/64-bit dir name hash according to usage type (bnc#898554). * fix: use after free of xfs workqueues (bnc#894895). * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash (bnc#898554). * futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). * futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). * ipv6: add support of peer address (bnc#896415). * ipv6: fix a refcnt leak with peer addr (bnc#896415). * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502). * mm: change __remove_pages() to call release_mem_region_adjustable() (bnc#891790). * netxen: Fix link event handling (bnc#873228). * netxen: fix link notification order (bnc#873228). * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554). * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554). * ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page (bnc#899843). * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). * powerpc: Add support for the optimised lockref implementation (bsc#893758). * powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). * remove filesize checks for sync I/O journal commit (bnc#800255). * resource: add __adjust_resource() for internal use (bnc#891790). * resource: add release_mem_region_adjustable() (bnc#891790). * revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * rpm/mkspec: Generate specfiles according to Factory requirements. * rpm/mkspec: Generate a per-architecture per-package _constraints file * sched: Fix unreleased llc_shared_mask bit during CPU hotplug (bnc#891368). * scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). * usb: Do not re-read descriptors for wired devices in usb_authorize_device() (bnc#904358). * usbback: Do not access request fields in shared ring more than once. * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607). * vfs,proc: guarantee unique inodes in /proc (bnc#868049). * x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable() (bnc#887418). * x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). * x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). * xfs: Do not free EFIs before the EFDs are committed (bsc#755743). * xfs: Do not reference the EFI after it is freed (bsc#755743). * xfs: fix cil push sequence after log recovery (bsc#755743). * zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). * zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041). Security Issues: * CVE-2012-4398 * CVE-2013-2889 * CVE-2013-2893 * CVE-2013-2897 * CVE-2013-2899 * CVE-2013-7263 * CVE-2014-3181 * CVE-2014-3184 * CVE-2014-3185 * CVE-2014-3186 * CVE-2014-3601 * CVE-2014-3610 * CVE-2014-3646 * CVE-2014-3647 * CVE-2014-4508 * CVE-2014-4608 * CVE-2014-7826 * CVE-2014-7841 * CVE-2014-8709 * CVE-2014-8884 * CVE-2014-3673 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-10103 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-10103 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-10103 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-10103 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.46.1 kernel-default-3.0.101-0.46.1 kernel-default-base-3.0.101-0.46.1 kernel-default-devel-3.0.101-0.46.1 kernel-source-3.0.101-0.46.1 kernel-syms-3.0.101-0.46.1 kernel-trace-3.0.101-0.46.1 kernel-trace-base-3.0.101-0.46.1 kernel-trace-devel-3.0.101-0.46.1 kernel-xen-devel-3.0.101-0.46.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-3.0.101-0.46.1 kernel-bigsmp-base-3.0.101-0.46.1 kernel-bigsmp-devel-3.0.101-0.46.1 kernel-default-3.0.101-0.46.1 kernel-default-base-3.0.101-0.46.1 kernel-default-devel-3.0.101-0.46.1 kernel-ec2-3.0.101-0.46.1 kernel-ec2-base-3.0.101-0.46.1 kernel-ec2-devel-3.0.101-0.46.1 kernel-source-3.0.101-0.46.1 kernel-syms-3.0.101-0.46.1 kernel-trace-3.0.101-0.46.1 kernel-trace-base-3.0.101-0.46.1 kernel-trace-devel-3.0.101-0.46.1 kernel-xen-3.0.101-0.46.1 kernel-xen-base-3.0.101-0.46.1 kernel-xen-devel-3.0.101-0.46.1 xen-kmp-default-4.2.5_02_3.0.101_0.46-0.7.9 - SUSE Linux Enterprise High Availability Extension 11 SP3 (x86_64): cluster-network-kmp-bigsmp-1.4_3.0.101_0.46-2.27.120 cluster-network-kmp-default-1.4_3.0.101_0.46-2.27.120 cluster-network-kmp-trace-1.4_3.0.101_0.46-2.27.120 cluster-network-kmp-xen-1.4_3.0.101_0.46-2.27.120 gfs2-kmp-bigsmp-2_3.0.101_0.46-0.16.126 gfs2-kmp-default-2_3.0.101_0.46-0.16.126 gfs2-kmp-trace-2_3.0.101_0.46-0.16.126 gfs2-kmp-xen-2_3.0.101_0.46-0.16.126 ocfs2-kmp-bigsmp-1.6_3.0.101_0.46-0.20.120 ocfs2-kmp-default-1.6_3.0.101_0.46-0.20.120 ocfs2-kmp-trace-1.6_3.0.101_0.46-0.20.120 ocfs2-kmp-xen-1.6_3.0.101_0.46-0.20.120 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.46.1 kernel-default-3.0.101-0.46.1 kernel-default-base-3.0.101-0.46.1 kernel-default-devel-3.0.101-0.46.1 kernel-default-extra-3.0.101-0.46.1 kernel-source-3.0.101-0.46.1 kernel-syms-3.0.101-0.46.1 kernel-trace-devel-3.0.101-0.46.1 kernel-xen-3.0.101-0.46.1 kernel-xen-base-3.0.101-0.46.1 kernel-xen-devel-3.0.101-0.46.1 kernel-xen-extra-3.0.101-0.46.1 xen-kmp-default-4.2.5_02_3.0.101_0.46-0.7.9 - SLE 11 SERVER Unsupported Extras (x86_64): kernel-bigsmp-extra-3.0.101-0.46.1 kernel-default-extra-3.0.101-0.46.1 kernel-xen-extra-3.0.101-0.46.1 References: http://support.novell.com/security/cve/CVE-2012-4398.html http://support.novell.com/security/cve/CVE-2013-2889.html http://support.novell.com/security/cve/CVE-2013-2893.html http://support.novell.com/security/cve/CVE-2013-2897.html http://support.novell.com/security/cve/CVE-2013-2899.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2014-3181.html http://support.novell.com/security/cve/CVE-2014-3184.html http://support.novell.com/security/cve/CVE-2014-3185.html http://support.novell.com/security/cve/CVE-2014-3186.html http://support.novell.com/security/cve/CVE-2014-3601.html http://support.novell.com/security/cve/CVE-2014-3610.html http://support.novell.com/security/cve/CVE-2014-3646.html http://support.novell.com/security/cve/CVE-2014-3647.html http://support.novell.com/security/cve/CVE-2014-3673.html http://support.novell.com/security/cve/CVE-2014-4508.html http://support.novell.com/security/cve/CVE-2014-4608.html http://support.novell.com/security/cve/CVE-2014-7826.html http://support.novell.com/security/cve/CVE-2014-7841.html http://support.novell.com/security/cve/CVE-2014-8133.html http://support.novell.com/security/cve/CVE-2014-8709.html http://support.novell.com/security/cve/CVE-2014-8884.html http://support.novell.com/security/cve/CVE-2014-9090.html http://support.novell.com/security/cve/CVE-2014-9322.html https://bugzilla.suse.com/show_bug.cgi?id=755743 https://bugzilla.suse.com/show_bug.cgi?id=779488 https://bugzilla.suse.com/show_bug.cgi?id=800255 https://bugzilla.suse.com/show_bug.cgi?id=835839 https://bugzilla.suse.com/show_bug.cgi?id=851603 https://bugzilla.suse.com/show_bug.cgi?id=853040 https://bugzilla.suse.com/show_bug.cgi?id=857643 https://bugzilla.suse.com/show_bug.cgi?id=860441 https://bugzilla.suse.com/show_bug.cgi?id=868049 https://bugzilla.suse.com/show_bug.cgi?id=873228 https://bugzilla.suse.com/show_bug.cgi?id=876633 https://bugzilla.suse.com/show_bug.cgi?id=883724 https://bugzilla.suse.com/show_bug.cgi?id=883948 https://bugzilla.suse.com/show_bug.cgi?id=885077 https://bugzilla.suse.com/show_bug.cgi?id=887418 https://bugzilla.suse.com/show_bug.cgi?id=888607 https://bugzilla.suse.com/show_bug.cgi?id=891211 https://bugzilla.suse.com/show_bug.cgi?id=891368 https://bugzilla.suse.com/show_bug.cgi?id=891790 https://bugzilla.suse.com/show_bug.cgi?id=892782 https://bugzilla.suse.com/show_bug.cgi?id=893758 https://bugzilla.suse.com/show_bug.cgi?id=894058 https://bugzilla.suse.com/show_bug.cgi?id=894895 https://bugzilla.suse.com/show_bug.cgi?id=895387 https://bugzilla.suse.com/show_bug.cgi?id=895468 https://bugzilla.suse.com/show_bug.cgi?id=896382 https://bugzilla.suse.com/show_bug.cgi?id=896390 https://bugzilla.suse.com/show_bug.cgi?id=896391 https://bugzilla.suse.com/show_bug.cgi?id=896392 https://bugzilla.suse.com/show_bug.cgi?id=896415 https://bugzilla.suse.com/show_bug.cgi?id=897502 https://bugzilla.suse.com/show_bug.cgi?id=897694 https://bugzilla.suse.com/show_bug.cgi?id=897708 https://bugzilla.suse.com/show_bug.cgi?id=898295 https://bugzilla.suse.com/show_bug.cgi?id=898375 https://bugzilla.suse.com/show_bug.cgi?id=898554 https://bugzilla.suse.com/show_bug.cgi?id=899192 https://bugzilla.suse.com/show_bug.cgi?id=899574 https://bugzilla.suse.com/show_bug.cgi?id=899843 https://bugzilla.suse.com/show_bug.cgi?id=901638 https://bugzilla.suse.com/show_bug.cgi?id=902346 https://bugzilla.suse.com/show_bug.cgi?id=902349 https://bugzilla.suse.com/show_bug.cgi?id=903331 https://bugzilla.suse.com/show_bug.cgi?id=903653 https://bugzilla.suse.com/show_bug.cgi?id=904013 https://bugzilla.suse.com/show_bug.cgi?id=904358 https://bugzilla.suse.com/show_bug.cgi?id=904700 https://bugzilla.suse.com/show_bug.cgi?id=905100 https://bugzilla.suse.com/show_bug.cgi?id=905522 https://bugzilla.suse.com/show_bug.cgi?id=907818 https://bugzilla.suse.com/show_bug.cgi?id=909077 https://bugzilla.suse.com/show_bug.cgi?id=910251 http://download.suse.com/patch/finder/?keywords=862382a71da04b8618cfe4076b0bbe5e http://download.suse.com/patch/finder/?keywords=f5de0855dbf77afed3873613996e2a43 From sle-updates at lists.suse.com Wed Dec 24 00:04:41 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:04:41 +0100 (CET) Subject: SUSE-SU-2014:1696-1: moderate: Security update for mailx Message-ID: <20141224070441.8165C3235B@maintenance.suse.de> SUSE Security Update: Security update for mailx ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1696-1 Rating: moderate References: #909208 Cross-References: CVE-2004-2771 CVE-2014-7844 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This mailx update fixes the following security issues: * bnc#909208: Shell command injection via crafted email addresses (CVE-2004-2771, CVE-2014-7844). Security Issues: * CVE-2004-2771 * CVE-2014-7844 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-mailx-10096 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-mailx-10096 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-mailx-10096 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): mailx-12.5-1.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): mailx-12.5-1.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): mailx-12.5-1.7.1 References: http://support.novell.com/security/cve/CVE-2004-2771.html http://support.novell.com/security/cve/CVE-2014-7844.html https://bugzilla.suse.com/show_bug.cgi?id=909208 http://download.suse.com/patch/finder/?keywords=4c55a9784f8c46ad7ff703097f1037ba From sle-updates at lists.suse.com Wed Dec 24 00:04:57 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:04:57 +0100 (CET) Subject: SUSE-SU-2014:1697-1: important: Security update for popt Message-ID: <20141224070457.5EAD73235D@maintenance.suse.de> SUSE Security Update: Security update for popt ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1697-1 Rating: important References: #892431 #906803 #908128 Cross-References: CVE-2013-6435 CVE-2014-8118 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This rpm update fixes the following security and non security issues. * bnc#908128: check for bad invalid name sizes (CVE-2014-8118) * bnc#906803: create files with mode 0 (CVE-2013-6435) * bnc#892431: honor --noglob in install mode Security Issues: * CVE-2014-8118 * CVE-2013-6435 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-popt-10097 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-popt-10097 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-popt-10097 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-popt-10097 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): popt-devel-1.7-37.60.2 rpm-devel-4.4.2.3-37.60.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): rpm-32bit-4.4.2.3-37.60.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64): popt-devel-32bit-1.7-37.60.2 rpm-devel-32bit-4.4.2.3-37.60.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): rpm-x86-4.4.2.3-37.60.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): popt-1.7-37.60.2 rpm-4.4.2.3-37.60.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): popt-32bit-1.7-37.60.2 rpm-32bit-4.4.2.3-37.60.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): popt-1.7-37.60.2 rpm-4.4.2.3-37.60.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): popt-32bit-1.7-37.60.2 rpm-32bit-4.4.2.3-37.60.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): popt-x86-1.7-37.60.2 rpm-x86-4.4.2.3-37.60.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): popt-1.7-37.60.2 rpm-4.4.2.3-37.60.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): popt-32bit-1.7-37.60.2 rpm-32bit-4.4.2.3-37.60.2 References: http://support.novell.com/security/cve/CVE-2013-6435.html http://support.novell.com/security/cve/CVE-2014-8118.html https://bugzilla.suse.com/show_bug.cgi?id=892431 https://bugzilla.suse.com/show_bug.cgi?id=906803 https://bugzilla.suse.com/show_bug.cgi?id=908128 http://download.suse.com/patch/finder/?keywords=25800fa95867098c22bbab2dce9ea93b From sle-updates at lists.suse.com Wed Dec 24 00:05:35 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:05:35 +0100 (CET) Subject: SUSE-SU-2014:1686-2: critical: Security update for xntp Message-ID: <20141224070535.5DB143235D@maintenance.suse.de> SUSE Security Update: Security update for xntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1686-2 Rating: critical References: #910764 Cross-References: CVE-2014-9295 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This ntp update fixes the following critical security issue: * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication) and ctl_putdata() where updated to avoid buffer overflows that could have been exploited. (CVE-2014-9295 / VU#852879) Security Issues: * CVE-2014-9295 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): xntp-4.2.4p3-48.25.1 xntp-doc-4.2.4p3-48.25.1 References: http://support.novell.com/security/cve/CVE-2014-9295.html https://bugzilla.suse.com/show_bug.cgi?id=910764 http://download.suse.com/patch/finder/?keywords=f4d33535cb6a1f3819d1cd7bb928b58f From sle-updates at lists.suse.com Wed Dec 24 00:05:51 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:05:51 +0100 (CET) Subject: SUSE-SU-2014:1698-1: important: Security update for Linux kernel Message-ID: <20141224070551.A7B793235D@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1698-1 Rating: important References: #907818 #909077 #910251 Cross-References: CVE-2014-8133 CVE-2014-9090 CVE-2014-9322 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes two new package versions. Description: The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed: * CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could have been used by local attackers to crash the machine or execute code. * CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the 1 -clock-tests test suite. * CVE-2014-8133: Insufficient validation of TLS register usage could have leaked information from the kernel stack to userspace. Security Issues: * CVE-2014-8133 * CVE-2014-9090 * CVE-2014-9322 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-kernel-10114 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-kernel-10109 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.27.1 kernel-default-base-3.0.101-0.7.27.1 kernel-default-devel-3.0.101-0.7.27.1 kernel-ec2-3.0.101-0.7.27.1 kernel-ec2-base-3.0.101-0.7.27.1 kernel-ec2-devel-3.0.101-0.7.27.1 kernel-source-3.0.101-0.7.27.1 kernel-syms-3.0.101-0.7.27.1 kernel-trace-3.0.101-0.7.27.1 kernel-trace-base-3.0.101-0.7.27.1 kernel-trace-devel-3.0.101-0.7.27.1 kernel-xen-3.0.101-0.7.27.1 kernel-xen-base-3.0.101-0.7.27.1 kernel-xen-devel-3.0.101-0.7.27.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.27-0.5.5 xen-kmp-trace-4.1.6_08_3.0.101_0.7.27-0.5.5 - SUSE Linux Enterprise Server 11 SP1 LTSS (x86_64) [New Version: 2.6.32.59]: kernel-default-2.6.32.59-0.17.1 kernel-default-base-2.6.32.59-0.17.1 kernel-default-devel-2.6.32.59-0.17.1 kernel-ec2-2.6.32.59-0.17.1 kernel-ec2-base-2.6.32.59-0.17.1 kernel-ec2-devel-2.6.32.59-0.17.1 kernel-source-2.6.32.59-0.17.1 kernel-syms-2.6.32.59-0.17.1 kernel-trace-2.6.32.59-0.17.1 kernel-trace-base-2.6.32.59-0.17.1 kernel-trace-devel-2.6.32.59-0.17.1 kernel-xen-2.6.32.59-0.17.1 kernel-xen-base-2.6.32.59-0.17.1 kernel-xen-devel-2.6.32.59-0.17.1 xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.17-0.9.2 xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.17-0.9.2 - SLE 11 SERVER Unsupported Extras (x86_64): ext4-writeable-kmp-default-0_3.0.101_0.7.27-0.14.132 ext4-writeable-kmp-trace-0_3.0.101_0.7.27-0.14.132 ext4-writeable-kmp-xen-0_3.0.101_0.7.27-0.14.132 kernel-default-extra-2.6.32.59-0.17.1 kernel-default-extra-3.0.101-0.7.27.1 kernel-xen-extra-2.6.32.59-0.17.1 kernel-xen-extra-3.0.101-0.7.27.1 References: http://support.novell.com/security/cve/CVE-2014-8133.html http://support.novell.com/security/cve/CVE-2014-9090.html http://support.novell.com/security/cve/CVE-2014-9322.html https://bugzilla.suse.com/show_bug.cgi?id=907818 https://bugzilla.suse.com/show_bug.cgi?id=909077 https://bugzilla.suse.com/show_bug.cgi?id=910251 http://download.suse.com/patch/finder/?keywords=17cbd241265ffb7301400d4f2497c986 http://download.suse.com/patch/finder/?keywords=ea18fe4b0ce01bc702a6120012e00755 http://download.suse.com/patch/finder/?keywords=eb83dad7b182df22a0ec3ccf37ff136d http://download.suse.com/patch/finder/?keywords=fd8795d7eb65884e7e60e637c1890c6f From sle-updates at lists.suse.com Wed Dec 24 00:06:28 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:06:28 +0100 (CET) Subject: SUSE-SU-2014:1699-1: moderate: Security update for libyaml-0-2 Message-ID: <20141224070628.33A783235D@maintenance.suse.de> SUSE Security Update: Security update for libyaml-0-2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1699-1 Rating: moderate References: #907809 Cross-References: CVE-2014-9130 Affected Products: SUSE Cloud 4 SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This libyaml update fixes the following security issue: * assert failure when processing wrapped strings (bnc#907809, CVE-2014-9130) Security Issues: * CVE-2014-9130 Contraindications: Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-libyaml-0-2-10073 - SUSE Cloud 3: zypper in -t patch sleclo30sp3-libyaml-0-2-10074 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): libyaml-0-2-0.1.3-0.10.16.1 - SUSE Cloud 3 (x86_64): libyaml-0-2-0.1.3-0.10.16.1 References: http://support.novell.com/security/cve/CVE-2014-9130.html https://bugzilla.suse.com/show_bug.cgi?id=907809 http://download.suse.com/patch/finder/?keywords=108a6d54e4f1e8edc3b51e53ac719241 http://download.suse.com/patch/finder/?keywords=bfad0248402abc2401664bec31151059 From sle-updates at lists.suse.com Wed Dec 24 00:06:42 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:06:42 +0100 (CET) Subject: SUSE-SU-2014:1700-1: moderate: Security update for Xen Message-ID: <20141224070642.3DA9A3235D@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1700-1 Rating: moderate References: #866902 #882089 #896023 #901317 #903850 #903967 #903970 #905465 #905467 #906439 Cross-References: CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 5 fixes is now available. Description: Xen has been updated to version 4.2.5 with additional patches to fix six security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (CVE-2014-8867). * Excessive checking in compatibility mode hypercall argument translation (CVE-2014-8866). * Guest user mode triggerable VM exits not handled by hypervisor (bnc#903850). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594). These non-security issues have been fixed: * Xen save/restore of HVM guests cuts off disk and networking (bnc#866902). * Windows 2012 R2 fails to boot up with greater than 60 vcpus (bnc#882089). * Increase limit domUloader to 32MB (bnc#901317). * Adjust xentop column layout (bnc#896023). Security Issues: * CVE-2014-9030 * CVE-2014-8867 * CVE-2014-8866 * CVE-2014-8595 * CVE-2014-8594 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xen-11sp3-2014-11-26-10018 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xen-11sp3-2014-11-26-10018 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xen-11sp3-2014-11-26-10018 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): xen-devel-4.2.5_02-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64): xen-4.2.5_02-0.7.1 xen-doc-html-4.2.5_02-0.7.1 xen-doc-pdf-4.2.5_02-0.7.1 xen-kmp-default-4.2.5_02_3.0.101_0.40-0.7.1 xen-libs-32bit-4.2.5_02-0.7.1 xen-libs-4.2.5_02-0.7.1 xen-tools-4.2.5_02-0.7.1 xen-tools-domU-4.2.5_02-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): xen-4.2.5_02-0.7.1 xen-doc-html-4.2.5_02-0.7.1 xen-doc-pdf-4.2.5_02-0.7.1 xen-kmp-default-4.2.5_02_3.0.101_0.40-0.7.1 xen-libs-32bit-4.2.5_02-0.7.1 xen-libs-4.2.5_02-0.7.1 xen-tools-4.2.5_02-0.7.1 xen-tools-domU-4.2.5_02-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-8594.html http://support.novell.com/security/cve/CVE-2014-8595.html http://support.novell.com/security/cve/CVE-2014-8866.html http://support.novell.com/security/cve/CVE-2014-8867.html http://support.novell.com/security/cve/CVE-2014-9030.html https://bugzilla.suse.com/show_bug.cgi?id=866902 https://bugzilla.suse.com/show_bug.cgi?id=882089 https://bugzilla.suse.com/show_bug.cgi?id=896023 https://bugzilla.suse.com/show_bug.cgi?id=901317 https://bugzilla.suse.com/show_bug.cgi?id=903850 https://bugzilla.suse.com/show_bug.cgi?id=903967 https://bugzilla.suse.com/show_bug.cgi?id=903970 https://bugzilla.suse.com/show_bug.cgi?id=905465 https://bugzilla.suse.com/show_bug.cgi?id=905467 https://bugzilla.suse.com/show_bug.cgi?id=906439 http://download.suse.com/patch/finder/?keywords=b64990dee077b443be24ed84558ed00b From sle-updates at lists.suse.com Wed Dec 24 00:08:45 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Dec 2014 08:08:45 +0100 (CET) Subject: SUSE-SU-2014:1693-2: important: Security update for Linux kernel Message-ID: <20141224070845.9D8F03235D@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1693-2 Rating: important References: #755743 #779488 #800255 #835839 #851603 #853040 #857643 #860441 #868049 #873228 #876633 #883724 #883948 #885077 #887418 #888607 #891211 #891368 #891790 #892782 #893758 #894058 #894895 #895387 #895468 #896382 #896390 #896391 #896392 #896415 #897502 #897694 #897708 #898295 #898375 #898554 #899192 #899574 #899843 #901638 #902346 #902349 #903331 #903653 #904013 #904358 #904700 #905100 #905522 Cross-References: CVE-2012-4398 CVE-2013-2889 CVE-2013-2893 CVE-2013-2897 CVE-2013-2899 CVE-2013-7263 CVE-2014-3181 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3601 CVE-2014-3610 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-4508 CVE-2014-4608 CVE-2014-7826 CVE-2014-7841 CVE-2014-8709 CVE-2014-8884 Affected Products: SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 28 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed: * CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). * CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device (bnc#835839). * CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). * CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#853040, bnc#857643). * CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). * CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). * CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). * CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). * CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349). * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (bnc#883724). * CVE-2014-4608: * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype (bnc#883948). * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). * CVE-2014-7841: An SCTP server doing ASCONF would panic on malformed INIT ping-of-death (bnc#905100). * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). * CVE-2014-8884: A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed: * Build the KOTD against the SP3 Update project * HID: fix kabi breakage. * NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. * NFS: fix inverted test for delegation in nfs4_reclaim_open_state (bnc#903331). * NFS: remove incorrect Lock reclaim failed! warning (bnc#903331). * NFSv4: nfs4_open_done first must check that GETATTR decoded a file type (bnc#899574). * PCI: pciehp: Clear Data Link Layer State Changed during init (bnc#898295). * PCI: pciehp: Enable link state change notifications (bnc#898295). * PCI: pciehp: Handle push button event asynchronously (bnc#898295). * PCI: pciehp: Make check_link_active() non-static (bnc#898295). * PCI: pciehp: Use link change notifications for hot-plug and removal (bnc#898295). * PCI: pciehp: Use per-slot workqueues to avoid deadlock (bnc#898295). * PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898295). * PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * be2net: Fix invocation of be_close() after be_clear() (bnc#895468). * block: Fix bogus partition statistics reports (bnc#885077 bnc#891211). * block: Fix computation of merged request priority. * btrfs: Fix wrong device size when we are resizing the device. * btrfs: Return right extent when fiemap gives unaligned offset and len. * btrfs: abtract out range locking in clone ioctl(). * btrfs: always choose work from prio_head first. * btrfs: balance delayed inode updates. * btrfs: cache extent states in defrag code path. * btrfs: check file extent type before anything else (bnc#897694). * btrfs: clone, do not create invalid hole extent map. * btrfs: correctly determine if blocks are shared in btrfs_compare_trees. * btrfs: do not bug_on if we try to cow a free space cache inode. * btrfs: ensure btrfs_prev_leaf does not miss 1 item. * btrfs: ensure readers see new data after a clone operation. * btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. * btrfs: filter invalid arg for btrfs resize. * btrfs: fix EINVAL checks in btrfs_clone. * btrfs: fix EIO on reading file after ioctl clone works on it. * btrfs: fix a crash of clone with inline extents split. * btrfs: fix crash of compressed writes (bnc#898375). * btrfs: fix crash when starting transaction. * btrfs: fix deadlock with nested trans handles. * btrfs: fix hang on error (such as ENOSPC) when writing extent pages. * btrfs: fix leaf corruption after __btrfs_drop_extents. * btrfs: fix race between balance recovery and root deletion. * btrfs: fix wrong extent mapping for DirectIO. * btrfs: handle a missing extent for the first file extent. * btrfs: limit delalloc pages outside of find_delalloc_range (bnc#898375). * btrfs: read lock extent buffer while walking backrefs. * btrfs: remove unused wait queue in struct extent_buffer. * btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. * btrfs: replace error code from btrfs_drop_extents. * btrfs: unlock extent and pages on error in cow_file_range. * btrfs: unlock inodes in correct order in clone ioctl. * btrfs_ioctl_clone: Move clone code into its own function. * cifs: delay super block destruction until all cifsFileInfo objects are gone (bnc#903653). * drm/i915: Flush the PTEs after updating them before suspend (bnc#901638). * drm/i915: Undo gtt scratch pte unmapping again (bnc#901638). * ext3: return 32/64-bit dir name hash according to usage type (bnc#898554). * ext4: return 32/64-bit dir name hash according to usage type (bnc#898554). * fix: use after free of xfs workqueues (bnc#894895). * fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash (bnc#898554). * futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). * futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). * ipv6: add support of peer address (bnc#896415). * ipv6: fix a refcnt leak with peer addr (bnc#896415). * megaraid_sas: Disable fastpath writes for non-RAID0 (bnc#897502). * mm: change __remove_pages() to call release_mem_region_adjustable() (bnc#891790). * netxen: Fix link event handling (bnc#873228). * netxen: fix link notification order (bnc#873228). * nfsd: rename int access to int may_flags in nfsd_open() (bnc#898554). * nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes) (bnc#898554). * ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page (bnc#899843). * powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). * powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). * powerpc: Add support for the optimised lockref implementation (bsc#893758). * powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). * refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). * remove filesize checks for sync I/O journal commit (bnc#800255). * resource: add __adjust_resource() for internal use (bnc#891790). * resource: add release_mem_region_adjustable() (bnc#891790). * revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free() (bnc#860441). * rpm/mkspec: Generate specfiles according to Factory requirements. * rpm/mkspec: Generate a per-architecture per-package _constraints file * sched: Fix unreleased llc_shared_mask bit during CPU hotplug (bnc#891368). * scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). * usb: Do not re-read descriptors for wired devices in usb_authorize_device() (bnc#904358). * usbback: Do not access request fields in shared ring more than once. * usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#888607). * vfs,proc: guarantee unique inodes in /proc (bnc#868049). * x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable() (bnc#887418). * x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). * x86: Add check for number of available vectors before CPU down (bnc#887418). * x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). * x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). * xfs: Do not free EFIs before the EFDs are committed (bsc#755743). * xfs: Do not reference the EFI after it is freed (bsc#755743). * xfs: fix cil push sequence after log recovery (bsc#755743). * zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). * zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041). Security Issues: * CVE-2012-4398 * CVE-2013-2889 * CVE-2013-2893 * CVE-2013-2897 * CVE-2013-2899 * CVE-2013-7263 * CVE-2014-3181 * CVE-2014-3184 * CVE-2014-3185 * CVE-2014-3186 * CVE-2014-3601 * CVE-2014-3610 * CVE-2014-3646 * CVE-2014-3647 * CVE-2014-4508 * CVE-2014-4608 * CVE-2014-7826 * CVE-2014-7841 * CVE-2014-8709 * CVE-2014-8884 * CVE-2014-3673 Indications: Everyone using the Linux Kernel on s390x architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-10038 slessp3-kernel-10039 slessp3-kernel-10040 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-10038 slehasp3-kernel-10039 slehasp3-kernel-10040 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (ia64 ppc64 s390x) [New Version: 3.0.101]: kernel-default-3.0.101-0.42.1 kernel-default-base-3.0.101-0.42.1 kernel-default-devel-3.0.101-0.42.1 kernel-source-3.0.101-0.42.1 kernel-syms-3.0.101-0.42.1 kernel-trace-3.0.101-0.42.1 kernel-trace-base-3.0.101-0.42.1 kernel-trace-devel-3.0.101-0.42.1 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.42.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.42.1 kernel-ppc64-base-3.0.101-0.42.1 kernel-ppc64-devel-3.0.101-0.42.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ia64 ppc64 s390x): cluster-network-kmp-default-1.4_3.0.101_0.42-2.27.115 cluster-network-kmp-trace-1.4_3.0.101_0.42-2.27.115 gfs2-kmp-default-2_3.0.101_0.42-0.16.121 gfs2-kmp-trace-2_3.0.101_0.42-0.16.121 ocfs2-kmp-default-1.6_3.0.101_0.42-0.20.115 ocfs2-kmp-trace-1.6_3.0.101_0.42-0.20.115 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.42-2.27.115 gfs2-kmp-ppc64-2_3.0.101_0.42-0.16.121 ocfs2-kmp-ppc64-1.6_3.0.101_0.42-0.20.115 References: http://support.novell.com/security/cve/CVE-2012-4398.html http://support.novell.com/security/cve/CVE-2013-2889.html http://support.novell.com/security/cve/CVE-2013-2893.html http://support.novell.com/security/cve/CVE-2013-2897.html http://support.novell.com/security/cve/CVE-2013-2899.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2014-3181.html http://support.novell.com/security/cve/CVE-2014-3184.html http://support.novell.com/security/cve/CVE-2014-3185.html http://support.novell.com/security/cve/CVE-2014-3186.html http://support.novell.com/security/cve/CVE-2014-3601.html http://support.novell.com/security/cve/CVE-2014-3610.html http://support.novell.com/security/cve/CVE-2014-3646.html http://support.novell.com/security/cve/CVE-2014-3647.html http://support.novell.com/security/cve/CVE-2014-3673.html http://support.novell.com/security/cve/CVE-2014-4508.html http://support.novell.com/security/cve/CVE-2014-4608.html http://support.novell.com/security/cve/CVE-2014-7826.html http://support.novell.com/security/cve/CVE-2014-7841.html http://support.novell.com/security/cve/CVE-2014-8709.html http://support.novell.com/security/cve/CVE-2014-8884.html https://bugzilla.suse.com/show_bug.cgi?id=755743 https://bugzilla.suse.com/show_bug.cgi?id=779488 https://bugzilla.suse.com/show_bug.cgi?id=800255 https://bugzilla.suse.com/show_bug.cgi?id=835839 https://bugzilla.suse.com/show_bug.cgi?id=851603 https://bugzilla.suse.com/show_bug.cgi?id=853040 https://bugzilla.suse.com/show_bug.cgi?id=857643 https://bugzilla.suse.com/show_bug.cgi?id=860441 https://bugzilla.suse.com/show_bug.cgi?id=868049 https://bugzilla.suse.com/show_bug.cgi?id=873228 https://bugzilla.suse.com/show_bug.cgi?id=876633 https://bugzilla.suse.com/show_bug.cgi?id=883724 https://bugzilla.suse.com/show_bug.cgi?id=883948 https://bugzilla.suse.com/show_bug.cgi?id=885077 https://bugzilla.suse.com/show_bug.cgi?id=887418 https://bugzilla.suse.com/show_bug.cgi?id=888607 https://bugzilla.suse.com/show_bug.cgi?id=891211 https://bugzilla.suse.com/show_bug.cgi?id=891368 https://bugzilla.suse.com/show_bug.cgi?id=891790 https://bugzilla.suse.com/show_bug.cgi?id=892782 https://bugzilla.suse.com/show_bug.cgi?id=893758 https://bugzilla.suse.com/show_bug.cgi?id=894058 https://bugzilla.suse.com/show_bug.cgi?id=894895 https://bugzilla.suse.com/show_bug.cgi?id=895387 https://bugzilla.suse.com/show_bug.cgi?id=895468 https://bugzilla.suse.com/show_bug.cgi?id=896382 https://bugzilla.suse.com/show_bug.cgi?id=896390 https://bugzilla.suse.com/show_bug.cgi?id=896391 https://bugzilla.suse.com/show_bug.cgi?id=896392 https://bugzilla.suse.com/show_bug.cgi?id=896415 https://bugzilla.suse.com/show_bug.cgi?id=897502 https://bugzilla.suse.com/show_bug.cgi?id=897694 https://bugzilla.suse.com/show_bug.cgi?id=897708 https://bugzilla.suse.com/show_bug.cgi?id=898295 https://bugzilla.suse.com/show_bug.cgi?id=898375 https://bugzilla.suse.com/show_bug.cgi?id=898554 https://bugzilla.suse.com/show_bug.cgi?id=899192 https://bugzilla.suse.com/show_bug.cgi?id=899574 https://bugzilla.suse.com/show_bug.cgi?id=899843 https://bugzilla.suse.com/show_bug.cgi?id=901638 https://bugzilla.suse.com/show_bug.cgi?id=902346 https://bugzilla.suse.com/show_bug.cgi?id=902349 https://bugzilla.suse.com/show_bug.cgi?id=903331 https://bugzilla.suse.com/show_bug.cgi?id=903653 https://bugzilla.suse.com/show_bug.cgi?id=904013 https://bugzilla.suse.com/show_bug.cgi?id=904358 https://bugzilla.suse.com/show_bug.cgi?id=904700 https://bugzilla.suse.com/show_bug.cgi?id=905100 https://bugzilla.suse.com/show_bug.cgi?id=905522 http://download.suse.com/patch/finder/?keywords=759bd5232756bc1601d59154022f3e0a http://download.suse.com/patch/finder/?keywords=7c8bcdf8aeebe75105e56721788b47f9 http://download.suse.com/patch/finder/?keywords=ccd0e8b5f2fdf4059ed078e5d1f571b3 From sle-updates at lists.suse.com Wed Dec 24 11:04:40 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Dec 2014 19:04:40 +0100 (CET) Subject: SUSE-SU-2014:1686-3: critical: Security update for ntp Message-ID: <20141224180440.38DC83235B@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1686-3 Rating: critical References: #910764 Cross-References: CVE-2014-9295 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This ntp update fixes the following critical security issue: * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication) and ctl_putdata() where updated to avoid buffer overflows that could have been exploited. (CVE-2014-9295 / VU#852879) Security Issues: * CVE-2014-9295 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-ntp-10119 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): ntp-4.2.4p8-1.28.1 ntp-doc-4.2.4p8-1.28.1 References: http://support.novell.com/security/cve/CVE-2014-9295.html https://bugzilla.suse.com/show_bug.cgi?id=910764 http://download.suse.com/patch/finder/?keywords=847d35fe22b8284a157febdb511ea747 From sle-updates at lists.suse.com Wed Dec 24 11:04:58 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Dec 2014 19:04:58 +0100 (CET) Subject: SUSE-SU-2014:1710-1: moderate: Security update for xen Message-ID: <20141224180458.62E8E3235D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1710-1 Rating: moderate References: #826717 #867910 #875668 #880751 #895798 #895799 #895802 #897657 #901317 #903850 #903967 #903970 #905465 #905467 #906439 Cross-References: CVE-2013-3495 CVE-2014-2599 CVE-2014-3124 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that solves 13 vulnerabilities and has two fixes is now available. Description: xen was updated to fix 14 security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (CVE-2014-8867). * Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155). * Hypervisor heap contents leaked to guests (CVE-2014-4021). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594). * Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts (CVE-2013-3495). * Missing privilege level checks in x86 emulation of software interrupts (CVE-2014-7156). * Race condition in HVMOP_track_dirty_vram (CVE-2014-7154). * Improper MSR range used for x2APIC emulation (CVE-2014-7188). * HVMOP_set_mem_type allows invalid P2M entries to be created (CVE-2014-3124). * HVMOP_set_mem_access is not preemptible (CVE-2014-2599). * Excessive checking in compatibility mode hypercall argument translation (CVE-2014-8866). * Guest user mode triggerable VM exits not handled by hypervisor (bnc#903850). This non-security bug was fixed: * Increase limit domUloader to 32MB (bnc#901317). Security Issues: * CVE-2014-9030 * CVE-2014-8867 * CVE-2014-7155 * CVE-2014-4021 * CVE-2014-8595 * CVE-2014-8594 * CVE-2013-3495 * CVE-2014-7156 * CVE-2014-7154 * CVE-2014-7188 * CVE-2014-3124 * CVE-2014-2599 * CVE-2014-8866 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-xen-11sp2-20141204-10081 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64): xen-devel-4.1.6_08-0.5.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.23-0.5.1 xen-kmp-trace-4.1.6_08_3.0.101_0.7.23-0.5.1 xen-libs-4.1.6_08-0.5.1 xen-tools-domU-4.1.6_08-0.5.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (x86_64): xen-4.1.6_08-0.5.1 xen-doc-html-4.1.6_08-0.5.1 xen-doc-pdf-4.1.6_08-0.5.1 xen-libs-32bit-4.1.6_08-0.5.1 xen-tools-4.1.6_08-0.5.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586): xen-kmp-pae-4.1.6_08_3.0.101_0.7.23-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-3495.html http://support.novell.com/security/cve/CVE-2014-2599.html http://support.novell.com/security/cve/CVE-2014-3124.html http://support.novell.com/security/cve/CVE-2014-4021.html http://support.novell.com/security/cve/CVE-2014-7154.html http://support.novell.com/security/cve/CVE-2014-7155.html http://support.novell.com/security/cve/CVE-2014-7156.html http://support.novell.com/security/cve/CVE-2014-7188.html http://support.novell.com/security/cve/CVE-2014-8594.html http://support.novell.com/security/cve/CVE-2014-8595.html http://support.novell.com/security/cve/CVE-2014-8866.html http://support.novell.com/security/cve/CVE-2014-8867.html http://support.novell.com/security/cve/CVE-2014-9030.html https://bugzilla.suse.com/show_bug.cgi?id=826717 https://bugzilla.suse.com/show_bug.cgi?id=867910 https://bugzilla.suse.com/show_bug.cgi?id=875668 https://bugzilla.suse.com/show_bug.cgi?id=880751 https://bugzilla.suse.com/show_bug.cgi?id=895798 https://bugzilla.suse.com/show_bug.cgi?id=895799 https://bugzilla.suse.com/show_bug.cgi?id=895802 https://bugzilla.suse.com/show_bug.cgi?id=897657 https://bugzilla.suse.com/show_bug.cgi?id=901317 https://bugzilla.suse.com/show_bug.cgi?id=903850 https://bugzilla.suse.com/show_bug.cgi?id=903967 https://bugzilla.suse.com/show_bug.cgi?id=903970 https://bugzilla.suse.com/show_bug.cgi?id=905465 https://bugzilla.suse.com/show_bug.cgi?id=905467 https://bugzilla.suse.com/show_bug.cgi?id=906439 http://download.suse.com/patch/finder/?keywords=c3ad0fd02909cf041596ac8a665c5844 From sle-updates at lists.suse.com Mon Dec 29 03:04:47 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Dec 2014 11:04:47 +0100 (CET) Subject: SUSE-SU-2014:1723-1: moderate: Security update for tcpdump Message-ID: <20141229100447.6BD9E3235B@maintenance.suse.de> SUSE Security Update: Security update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1723-1 Rating: moderate References: #905870 #905871 #905872 Cross-References: CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This tcpdump update fixes the following security issues: - fix CVE-2014-8767 (bnc#905870) * denial of service in verbose mode using malformed OLSR payload - fix CVE-2014-8768 (bnc#905871) * denial of service in verbose mode using malformed Geonet payload - fix CVE-2014-8769 (bnc#905872) * unreliable output using malformed AOVD payload Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-122 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-122 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tcpdump-4.5.1-4.1 tcpdump-debuginfo-4.5.1-4.1 tcpdump-debugsource-4.5.1-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): tcpdump-4.5.1-4.1 tcpdump-debuginfo-4.5.1-4.1 tcpdump-debugsource-4.5.1-4.1 References: http://support.novell.com/security/cve/CVE-2014-8767.html http://support.novell.com/security/cve/CVE-2014-8768.html http://support.novell.com/security/cve/CVE-2014-8769.html https://bugzilla.suse.com/show_bug.cgi?id=905870 https://bugzilla.suse.com/show_bug.cgi?id=905871 https://bugzilla.suse.com/show_bug.cgi?id=905872 From sle-updates at lists.suse.com Mon Dec 29 03:05:29 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Dec 2014 11:05:29 +0100 (CET) Subject: SUSE-SU-2014:1724-1: moderate: Security update for dbus-1 Message-ID: <20141229100529.C39B23235D@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1724-1 Rating: moderate References: #904017 Cross-References: CVE-2014-3636 CVE-2014-7824 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: dbus-1 was updated to version 1.8.12 to fix one security issue. This security issue was fixed: - Increase dbus-daemons RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the file descriptors of the system bus (CVE-2014-7824). Note: This already includes the fix for the regression that was introduced by the first fix for CVE-2014-7824 in 1.8.10. On fast systems where local users are considered particularly hostile, administrators can return to the 5 second timeout (or any other value in milliseconds) by saving this as /etc/dbus-1/system-local.conf: 5000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-121 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-121 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-121 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): dbus-1-debugsource-1.8.12-6.1 dbus-1-devel-1.8.12-6.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): dbus-1-devel-doc-1.8.12-6.5 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): dbus-1-1.8.12-6.5 dbus-1-debuginfo-1.8.12-6.5 dbus-1-debugsource-1.8.12-6.1 dbus-1-x11-1.8.12-6.5 dbus-1-x11-debuginfo-1.8.12-6.5 dbus-1-x11-debugsource-1.8.12-6.5 libdbus-1-3-1.8.12-6.1 libdbus-1-3-debuginfo-1.8.12-6.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libdbus-1-3-32bit-1.8.12-6.1 libdbus-1-3-debuginfo-32bit-1.8.12-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): dbus-1-1.8.12-6.5 dbus-1-debuginfo-1.8.12-6.5 dbus-1-debugsource-1.8.12-6.1 dbus-1-x11-1.8.12-6.5 dbus-1-x11-debuginfo-1.8.12-6.5 dbus-1-x11-debugsource-1.8.12-6.5 libdbus-1-3-1.8.12-6.1 libdbus-1-3-32bit-1.8.12-6.1 libdbus-1-3-debuginfo-1.8.12-6.1 libdbus-1-3-debuginfo-32bit-1.8.12-6.1 References: http://support.novell.com/security/cve/CVE-2014-3636.html http://support.novell.com/security/cve/CVE-2014-7824.html https://bugzilla.suse.com/show_bug.cgi?id=904017 From sle-updates at lists.suse.com Tue Dec 30 01:04:47 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Dec 2014 09:04:47 +0100 (CET) Subject: SUSE-RU-2014:1728-1: moderate: Recommended update for libXi Message-ID: <20141230080447.9E5AB3235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libXi ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1728-1 Rating: moderate References: #883553 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libXi fixes a double unlock issue when connecting to an X server with XInputExtension version lower than 2.0. This could result, for example, in a segmentation fault when starting YaST over an ssh connection from SUSE Linux Enterprise 11. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-123 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-123 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le): libXi-debugsource-1.7.2-6.1 libXi-devel-1.7.2-6.1 - SUSE Linux Enterprise Server 12 (ppc64le): libXi-debugsource-1.7.2-6.1 libXi6-1.7.2-6.1 libXi6-debuginfo-1.7.2-6.1 References: https://bugzilla.suse.com/show_bug.cgi?id=883553 From sle-updates at lists.suse.com Tue Dec 30 02:04:42 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Dec 2014 10:04:42 +0100 (CET) Subject: SUSE-RU-2014:1728-2: moderate: Recommended update for libXi Message-ID: <20141230090442.A34023235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libXi ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1728-2 Rating: moderate References: #883553 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libXi fixes a double unlock issue when connecting to an X server with XInputExtension version lower than 2.0. This could result, for example, in a segmentation fault when starting YaST over an ssh connection from SUSE Linux Enterprise 11. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-123 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-123 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (s390x): libXi-debugsource-1.7.2-6.1 libXi-devel-1.7.2-6.1 - SUSE Linux Enterprise Server 12 (s390x): libXi-debugsource-1.7.2-6.1 libXi6-1.7.2-6.1 libXi6-32bit-1.7.2-6.1 libXi6-debuginfo-1.7.2-6.1 libXi6-debuginfo-32bit-1.7.2-6.1 References: https://bugzilla.suse.com/show_bug.cgi?id=883553 From sle-updates at lists.suse.com Tue Dec 30 03:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Dec 2014 11:04:43 +0100 (CET) Subject: SUSE-RU-2014:1728-3: moderate: Recommended update for libXi Message-ID: <20141230100443.5DA753235B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libXi ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1728-3 Rating: moderate References: #883553 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libXi fixes a double unlock issue when connecting to an X server with XInputExtension version lower than 2.0. This could result, for example, in a segmentation fault when starting YaST over an ssh connection from SUSE Linux Enterprise 11. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-123 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-123 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-123 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): libXi-debugsource-1.7.2-6.1 libXi-devel-1.7.2-6.1 - SUSE Linux Enterprise Server 12 (x86_64): libXi-debugsource-1.7.2-6.1 libXi6-1.7.2-6.1 libXi6-32bit-1.7.2-6.1 libXi6-debuginfo-1.7.2-6.1 libXi6-debuginfo-32bit-1.7.2-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libXi-debugsource-1.7.2-6.1 libXi6-1.7.2-6.1 libXi6-32bit-1.7.2-6.1 libXi6-debuginfo-1.7.2-6.1 libXi6-debuginfo-32bit-1.7.2-6.1 References: https://bugzilla.suse.com/show_bug.cgi?id=883553 From sle-updates at lists.suse.com Tue Dec 30 06:05:27 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Dec 2014 14:05:27 +0100 (CET) Subject: SUSE-SU-2014:1729-1: moderate: Security update for libreoffice Message-ID: <20141230130527.7B9AC3235B@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1729-1 Rating: moderate References: #884942 #907636 Cross-References: CVE-2014-9093 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This libreoffice update fixes the following security and non security issues: - Version bump to 4.3.5 release: * Various small fixes * Fix for CVE-2014-9093 bnc#907636 - Remove dangling symlinks from previous versions bnc#884942 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-125 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-125 - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2014-125 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libreoffice-4.3.5.2-10.1 libreoffice-base-4.3.5.2-10.1 libreoffice-base-debuginfo-4.3.5.2-10.1 libreoffice-base-drivers-mysql-4.3.5.2-10.1 libreoffice-base-drivers-mysql-debuginfo-4.3.5.2-10.1 libreoffice-base-drivers-postgresql-4.3.5.2-10.1 libreoffice-base-drivers-postgresql-debuginfo-4.3.5.2-10.1 libreoffice-calc-4.3.5.2-10.1 libreoffice-calc-debuginfo-4.3.5.2-10.1 libreoffice-calc-extensions-4.3.5.2-10.1 libreoffice-debuginfo-4.3.5.2-10.1 libreoffice-debugsource-4.3.5.2-10.1 libreoffice-draw-4.3.5.2-10.1 libreoffice-draw-debuginfo-4.3.5.2-10.1 libreoffice-filters-optional-4.3.5.2-10.1 libreoffice-gnome-4.3.5.2-10.1 libreoffice-gnome-debuginfo-4.3.5.2-10.1 libreoffice-impress-4.3.5.2-10.1 libreoffice-impress-debuginfo-4.3.5.2-10.1 libreoffice-mailmerge-4.3.5.2-10.1 libreoffice-math-4.3.5.2-10.1 libreoffice-math-debuginfo-4.3.5.2-10.1 libreoffice-officebean-4.3.5.2-10.1 libreoffice-officebean-debuginfo-4.3.5.2-10.1 libreoffice-pyuno-4.3.5.2-10.1 libreoffice-pyuno-debuginfo-4.3.5.2-10.1 libreoffice-writer-4.3.5.2-10.1 libreoffice-writer-debuginfo-4.3.5.2-10.1 libreoffice-writer-extensions-4.3.5.2-10.1 - SUSE Linux Enterprise Workstation Extension 12 (noarch): libreoffice-icon-theme-tango-4.3.5.2-10.1 libreoffice-l10n-af-4.3.5.2-10.1 libreoffice-l10n-ar-4.3.5.2-10.1 libreoffice-l10n-ca-4.3.5.2-10.1 libreoffice-l10n-cs-4.3.5.2-10.1 libreoffice-l10n-da-4.3.5.2-10.1 libreoffice-l10n-de-4.3.5.2-10.1 libreoffice-l10n-en-4.3.5.2-10.1 libreoffice-l10n-es-4.3.5.2-10.1 libreoffice-l10n-fi-4.3.5.2-10.1 libreoffice-l10n-fr-4.3.5.2-10.1 libreoffice-l10n-gu-4.3.5.2-10.1 libreoffice-l10n-hi-4.3.5.2-10.1 libreoffice-l10n-hu-4.3.5.2-10.1 libreoffice-l10n-it-4.3.5.2-10.1 libreoffice-l10n-ja-4.3.5.2-10.1 libreoffice-l10n-ko-4.3.5.2-10.1 libreoffice-l10n-nb-4.3.5.2-10.1 libreoffice-l10n-nl-4.3.5.2-10.1 libreoffice-l10n-nn-4.3.5.2-10.1 libreoffice-l10n-pl-4.3.5.2-10.1 libreoffice-l10n-pt-BR-4.3.5.2-10.1 libreoffice-l10n-pt-PT-4.3.5.2-10.1 libreoffice-l10n-ru-4.3.5.2-10.1 libreoffice-l10n-sk-4.3.5.2-10.1 libreoffice-l10n-sv-4.3.5.2-10.1 libreoffice-l10n-xh-4.3.5.2-10.1 libreoffice-l10n-zh-Hans-4.3.5.2-10.1 libreoffice-l10n-zh-Hant-4.3.5.2-10.1 libreoffice-l10n-zu-4.3.5.2-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libreoffice-4.3.5.2-10.1 libreoffice-base-4.3.5.2-10.1 libreoffice-base-debuginfo-4.3.5.2-10.1 libreoffice-base-drivers-mysql-4.3.5.2-10.1 libreoffice-base-drivers-mysql-debuginfo-4.3.5.2-10.1 libreoffice-base-drivers-postgresql-4.3.5.2-10.1 libreoffice-base-drivers-postgresql-debuginfo-4.3.5.2-10.1 libreoffice-calc-4.3.5.2-10.1 libreoffice-calc-debuginfo-4.3.5.2-10.1 libreoffice-calc-extensions-4.3.5.2-10.1 libreoffice-debuginfo-4.3.5.2-10.1 libreoffice-debugsource-4.3.5.2-10.1 libreoffice-draw-4.3.5.2-10.1 libreoffice-draw-debuginfo-4.3.5.2-10.1 libreoffice-filters-optional-4.3.5.2-10.1 libreoffice-gnome-4.3.5.2-10.1 libreoffice-gnome-debuginfo-4.3.5.2-10.1 libreoffice-impress-4.3.5.2-10.1 libreoffice-impress-debuginfo-4.3.5.2-10.1 libreoffice-mailmerge-4.3.5.2-10.1 libreoffice-math-4.3.5.2-10.1 libreoffice-math-debuginfo-4.3.5.2-10.1 libreoffice-officebean-4.3.5.2-10.1 libreoffice-officebean-debuginfo-4.3.5.2-10.1 libreoffice-pyuno-4.3.5.2-10.1 libreoffice-pyuno-debuginfo-4.3.5.2-10.1 libreoffice-writer-4.3.5.2-10.1 libreoffice-writer-debuginfo-4.3.5.2-10.1 libreoffice-writer-extensions-4.3.5.2-10.1 - SUSE Linux Enterprise Desktop 12 (noarch): libreoffice-icon-theme-tango-4.3.5.2-10.1 libreoffice-l10n-af-4.3.5.2-10.1 libreoffice-l10n-ar-4.3.5.2-10.1 libreoffice-l10n-ca-4.3.5.2-10.1 libreoffice-l10n-cs-4.3.5.2-10.1 libreoffice-l10n-da-4.3.5.2-10.1 libreoffice-l10n-de-4.3.5.2-10.1 libreoffice-l10n-en-4.3.5.2-10.1 libreoffice-l10n-es-4.3.5.2-10.1 libreoffice-l10n-fi-4.3.5.2-10.1 libreoffice-l10n-fr-4.3.5.2-10.1 libreoffice-l10n-gu-4.3.5.2-10.1 libreoffice-l10n-hi-4.3.5.2-10.1 libreoffice-l10n-hu-4.3.5.2-10.1 libreoffice-l10n-it-4.3.5.2-10.1 libreoffice-l10n-ja-4.3.5.2-10.1 libreoffice-l10n-ko-4.3.5.2-10.1 libreoffice-l10n-nb-4.3.5.2-10.1 libreoffice-l10n-nl-4.3.5.2-10.1 libreoffice-l10n-nn-4.3.5.2-10.1 libreoffice-l10n-pl-4.3.5.2-10.1 libreoffice-l10n-pt-BR-4.3.5.2-10.1 libreoffice-l10n-pt-PT-4.3.5.2-10.1 libreoffice-l10n-ru-4.3.5.2-10.1 libreoffice-l10n-sk-4.3.5.2-10.1 libreoffice-l10n-sv-4.3.5.2-10.1 libreoffice-l10n-xh-4.3.5.2-10.1 libreoffice-l10n-zh-Hans-4.3.5.2-10.1 libreoffice-l10n-zh-Hant-4.3.5.2-10.1 libreoffice-l10n-zu-4.3.5.2-10.1 - SUSE Linux Enterprise Build System Kit 12 (x86_64): libreoffice-debuginfo-4.3.5.2-10.1 libreoffice-debugsource-4.3.5.2-10.1 libreoffice-sdk-4.3.5.2-10.1 libreoffice-sdk-debuginfo-4.3.5.2-10.1 References: http://support.novell.com/security/cve/CVE-2014-9093.html https://bugzilla.suse.com/show_bug.cgi?id=884942 https://bugzilla.suse.com/show_bug.cgi?id=907636 From sle-updates at lists.suse.com Tue Dec 30 06:05:57 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Dec 2014 14:05:57 +0100 (CET) Subject: SUSE-SU-2014:1730-1: moderate: Security update for file Message-ID: <20141230130557.F35C23235D@maintenance.suse.de> SUSE Security Update: Security update for file ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1730-1 Rating: moderate References: #910252 #910253 Cross-References: CVE-2014-8116 CVE-2014-8117 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This file update fixes the following security issues: - bsc#910252: multiple denial of service issues (resource consumption) (CVE-2014-8116) - bsc#910253: denial of service issue (resource consumption) (CVE-2014-8117) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-126 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-126 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-126 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): file-debuginfo-5.19-9.1 file-debugsource-5.19-9.1 file-devel-5.19-9.1 python-magic-5.19-9.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): file-5.19-9.1 file-debuginfo-5.19-9.1 file-debugsource-5.19-9.1 file-magic-5.19-9.1 libmagic1-5.19-9.1 libmagic1-debuginfo-5.19-9.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libmagic1-32bit-5.19-9.1 libmagic1-debuginfo-32bit-5.19-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): file-5.19-9.1 file-debuginfo-5.19-9.1 file-debugsource-5.19-9.1 file-magic-5.19-9.1 libmagic1-32bit-5.19-9.1 libmagic1-5.19-9.1 libmagic1-debuginfo-32bit-5.19-9.1 libmagic1-debuginfo-5.19-9.1 References: http://support.novell.com/security/cve/CVE-2014-8116.html http://support.novell.com/security/cve/CVE-2014-8117.html https://bugzilla.suse.com/show_bug.cgi?id=910252 https://bugzilla.suse.com/show_bug.cgi?id=910253 From sle-updates at lists.suse.com Tue Dec 30 06:06:26 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Dec 2014 14:06:26 +0100 (CET) Subject: SUSE-SU-2014:1731-1: moderate: Security update for libssh Message-ID: <20141230130626.34E7E3235D@maintenance.suse.de> SUSE Security Update: Security update for libssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1731-1 Rating: moderate References: #910790 Cross-References: CVE-2014-8132 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This libssh update fixes the following security issue: - bsc#910790: Double free on dangling pointers in initial key exchange packet (CVE-2014-8132). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2014-124 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-124 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-124 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libssh-debugsource-0.6.3-4.1 libssh4-0.6.3-4.1 libssh4-debuginfo-0.6.3-4.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libssh-debugsource-0.6.3-4.1 libssh-devel-0.6.3-4.1 libssh-devel-doc-0.6.3-4.1 libssh4-0.6.3-4.1 libssh4-debuginfo-0.6.3-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libssh-debugsource-0.6.3-4.1 libssh4-0.6.3-4.1 libssh4-debuginfo-0.6.3-4.1 References: http://support.novell.com/security/cve/CVE-2014-8132.html https://bugzilla.suse.com/show_bug.cgi?id=910790 From sle-updates at lists.suse.com Tue Dec 30 12:04:45 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Dec 2014 20:04:45 +0100 (CET) Subject: SUSE-SU-2014:1732-1: moderate: Security update for xen Message-ID: <20141230190445.3BFA73235E@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1732-1 Rating: moderate References: #826717 #880751 #895798 #895799 #895802 #903967 #903970 #905467 #906439 Cross-References: CVE-2013-3495 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-8594 CVE-2014-8595 CVE-2014-8867 CVE-2014-9030 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: xen was updated to fix 10 security issues: * Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). * Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (CVE-2014-8867). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155). * Hypervisor heap contents leaked to guests (CVE-2014-4021). * Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). * Insufficient restrictions on certain MMU update hypercalls (CVE-2014-8594). * Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts (CVE-2013-3495). * Missing privilege level checks in x86 emulation of software interrupts (CVE-2014-7156). * Race condition in HVMOP_track_dirty_vram (CVE-2014-7154). Security Issues: * CVE-2014-9030 * CVE-2014-8867 * CVE-2014-8595 * CVE-2014-7155 * CVE-2014-4021 * CVE-2014-8595 * CVE-2014-8594 * CVE-2013-3495 * CVE-2014-7156 * CVE-2014-7154 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-xen-10080 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64): xen-4.0.3_21548_18-0.9.1 xen-doc-html-4.0.3_21548_18-0.9.1 xen-doc-pdf-4.0.3_21548_18-0.9.1 xen-kmp-default-4.0.3_21548_18_2.6.32.59_0.15-0.9.1 xen-kmp-trace-4.0.3_21548_18_2.6.32.59_0.15-0.9.1 xen-libs-4.0.3_21548_18-0.9.1 xen-tools-4.0.3_21548_18-0.9.1 xen-tools-domU-4.0.3_21548_18-0.9.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586): xen-kmp-pae-4.0.3_21548_18_2.6.32.59_0.15-0.9.1 References: http://support.novell.com/security/cve/CVE-2013-3495.html http://support.novell.com/security/cve/CVE-2014-4021.html http://support.novell.com/security/cve/CVE-2014-7154.html http://support.novell.com/security/cve/CVE-2014-7155.html http://support.novell.com/security/cve/CVE-2014-7156.html http://support.novell.com/security/cve/CVE-2014-8594.html http://support.novell.com/security/cve/CVE-2014-8595.html http://support.novell.com/security/cve/CVE-2014-8867.html http://support.novell.com/security/cve/CVE-2014-9030.html https://bugzilla.suse.com/show_bug.cgi?id=826717 https://bugzilla.suse.com/show_bug.cgi?id=880751 https://bugzilla.suse.com/show_bug.cgi?id=895798 https://bugzilla.suse.com/show_bug.cgi?id=895799 https://bugzilla.suse.com/show_bug.cgi?id=895802 https://bugzilla.suse.com/show_bug.cgi?id=903967 https://bugzilla.suse.com/show_bug.cgi?id=903970 https://bugzilla.suse.com/show_bug.cgi?id=905467 https://bugzilla.suse.com/show_bug.cgi?id=906439 http://download.suse.com/patch/finder/?keywords=39575907259e980068f0caf772c05144