From sle-updates at lists.suse.com Thu Jan 2 13:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jan 2014 21:04:11 +0100 (CET) Subject: SUSE-RU-2013:1970-2: important: Recommended update for timezone Message-ID: <20140102200411.4D3943213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2013:1970-2 Rating: important References: #856305 Affected Products: SUSE Linux Enterprise Server 11 SP1 for VMware LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest timezone information for your system. The changes in detail are: * Jordan switches back to standard time at 00:00 on December 20 2013 * The compile-time flag NOSOLAR has been removed * The files solar87, solar88, solar89 are no longer distributed. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS: zypper in -t patch slessp1-timezone-2013i-8695 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-timezone-2013i-8695 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (i586 x86_64) [New Version: 2013i]: timezone-2013i-0.6.1 - SUSE Linux Enterprise Server 11 SP1 for VMware LTSS (noarch) [New Version: 2013i]: timezone-java-2013i-0.6.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2013i]: timezone-2013i-0.6.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch) [New Version: 2013i]: timezone-java-2013i-0.6.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 2013i]: timezone-2013i-0.5.1 References: https://bugzilla.novell.com/856305 http://download.novell.com/patch/finder/?keywords=0188cd2a09784b172de3dbe4983ef1b0 http://download.novell.com/patch/finder/?keywords=7dd121115f0473fc921c18bc84676ae0 From sle-updates at lists.suse.com Thu Jan 2 14:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jan 2014 22:04:10 +0100 (CET) Subject: SUSE-SU-2014:0002-1: moderate: Security update for curl Message-ID: <20140102210410.9A5EF3213F@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0002-1 Rating: moderate References: #810760 #849596 Cross-References: CVE-2013-4545 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the following security issues with curl: * bnc#849596: ssl cert checks with unclear behaviour (CVE-2013-4545) * bnc#810760: wrap tftp sequence number, fixes large files transfer Security Issue reference: * CVE-2013-4545 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-8621 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-curl-8621 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-curl-8621 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-curl-8621 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-curl-8621 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.29.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.20.29.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): curl-7.19.7-1.20.29.1 libcurl4-7.19.7-1.20.29.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libcurl4-32bit-7.19.7-1.20.29.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.20.29.1 libcurl4-7.19.7-1.20.29.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.20.29.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libcurl4-x86-7.19.7-1.20.29.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): curl-7.19.7-1.20.29.1 libcurl4-7.19.7-1.20.29.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libcurl4-32bit-7.19.7-1.20.29.1 References: http://support.novell.com/security/cve/CVE-2013-4545.html https://bugzilla.novell.com/810760 https://bugzilla.novell.com/849596 http://download.novell.com/patch/finder/?keywords=035dfe55bda2e3e09951a60bb82ba296 From sle-updates at lists.suse.com Thu Jan 2 15:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jan 2014 23:04:11 +0100 (CET) Subject: SUSE-YU-2014:0003-1: moderate: YOU update for yast2-pkg-bindings Message-ID: <20140102220411.3F17A3213F@maintenance.suse.de> SUSE YOU Update: YOU update for yast2-pkg-bindings ______________________________________________________________________________ Announcement ID: SUSE-YU-2014:0003-1 Rating: moderate References: #853654 Affected Products: SLE CLIENT TOOLS 10 for x86_64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for ia64 SLE CLIENT TOOLS 10 for PPC SLE CLIENT TOOLS 10 ______________________________________________________________________________ An update that has one YOU fix can now be installed. Description: This update for yast2-pkg-bindings fixes a software installation issue when using YaST on SLES 10 systems that is connected to SUSE Manager. The error message was: /usr/lib/YaST2/bin/y2base: symbol lookup error: /usr/lib64/YaST2/plugin/libpy2Pkg.so.2: undefined symbol: \_ZNK18PkgModuleFunctions16LastReportedRepoEv Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Package List: - SLE CLIENT TOOLS 10 for x86_64 (x86_64): yast2-pkg-bindings-2.13.1001-0.5.1 - SLE CLIENT TOOLS 10 for s390x (s390x): yast2-pkg-bindings-2.13.1001-0.5.1 - SLE CLIENT TOOLS 10 for ia64 (ia64): yast2-pkg-bindings-2.13.1001-0.5.1 - SLE CLIENT TOOLS 10 for PPC (ppc): yast2-pkg-bindings-2.13.1001-0.5.1 - SLE CLIENT TOOLS 10 (i586): yast2-pkg-bindings-2.13.1001-0.5.1 References: https://bugzilla.novell.com/853654 http://download.novell.com/patch/finder/?keywords=71e29ab30053c4f2708f6fd31a22195a From sle-updates at lists.suse.com Thu Jan 2 15:04:26 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jan 2014 23:04:26 +0100 (CET) Subject: SUSE-SU-2014:0004-1: moderate: Security update for curl Message-ID: <20140102220426.B607D3213F@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0004-1 Rating: moderate References: #849596 Cross-References: CVE-2013-4545 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issues with curl: * bnc#849596: ssl cert checks with unclear behaviour (CVE-2013-4545) Security Issue reference: * CVE-2013-4545 Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-curl-8617 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-curl-8617 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-curl-8617 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-curl-8617 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.30.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): curl-7.19.7-1.30.1 libcurl4-7.19.7-1.30.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libcurl4-32bit-7.19.7-1.30.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.30.1 libcurl4-7.19.7-1.30.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.30.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libcurl4-x86-7.19.7-1.30.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): curl-7.19.7-1.30.1 libcurl4-7.19.7-1.30.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libcurl4-32bit-7.19.7-1.30.1 References: http://support.novell.com/security/cve/CVE-2013-4545.html https://bugzilla.novell.com/849596 http://download.novell.com/patch/finder/?keywords=6696ea7568dc85f57f47a079047688a4 From sle-updates at lists.suse.com Fri Jan 3 08:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jan 2014 16:04:10 +0100 (CET) Subject: SUSE-RU-2014:0005-1: moderate: Recommended update for ethtool Message-ID: <20140103150410.897B73213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ethtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0005-1 Rating: moderate References: #838396 #848811 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ethtool includes the following fixes and enhancements: * Recognize 20Gbps and 40Gbps link speed modes. (bnc#838396) * Fix dumping of registers on certain ixgbe network cards. (bnc#848811) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ethtool-8616 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ethtool-8616 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ethtool-8615 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ethtool-8615 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ethtool-8616 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ethtool-8615 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ethtool-6.2.6.39-0.20.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ethtool-6.2.6.39-0.20.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ethtool-6.2.6.39-0.15.15.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ethtool-6.2.6.39-0.15.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ethtool-6.2.6.39-0.20.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ethtool-6.2.6.39-0.15.15.1 References: https://bugzilla.novell.com/838396 https://bugzilla.novell.com/848811 http://download.novell.com/patch/finder/?keywords=3d78b415d06ec7ec0736b3e27aed0184 http://download.novell.com/patch/finder/?keywords=7e435651eef5e6ac7dc97e720c2f0afa From sle-updates at lists.suse.com Mon Jan 6 08:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jan 2014 16:04:10 +0100 (CET) Subject: SUSE-SU-2014:0022-1: important: Security update for WebYaST Message-ID: <20140106150410.EF88732020@maintenance.suse.de> SUSE Security Update: Security update for WebYaST ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0022-1 Rating: important References: #851116 Cross-References: CVE-2013-3709 Affected Products: WebYaST 1.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: In the past WebYAST was installed with world readable secret tokens. Although these were modified on the start of the webyast service and so could not be read from remote, it was possible for local attackers on the same machine to read the secrets and so gain local root access via the webyast services. This has been fixed. (CVE-2013-3709) Security Issue reference: * CVE-2013-3709 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.2: zypper in -t patch slewyst12-webyast-base-ui-8706 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.2 (noarch) [New Version: 0.2.64]: webyast-base-ui-0.2.64-0.3.1 webyast-base-ui-branding-default-0.2.64-0.3.1 webyast-base-ui-testsuite-0.2.64-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-3709.html https://bugzilla.novell.com/851116 http://download.novell.com/patch/finder/?keywords=af7e4362e22d530ab6e447346f0afdfb From sle-updates at lists.suse.com Mon Jan 6 16:04:18 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jan 2014 00:04:18 +0100 (CET) Subject: SUSE-SU-2014:0023-1: moderate: Security update for pixman Message-ID: <20140106230418.3B7503205C@maintenance.suse.de> SUSE Security Update: Security update for pixman ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0023-1 Rating: moderate References: #853824 Cross-References: CVE-2013-6425 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue with pixman: * Integer underflow when handling trapezoids. (bnc#853824, CVE-2013-6425) Security Issues: * CVE-2013-6425 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libpixman-1-0-8697 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libpixman-1-0-8701 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libpixman-1-0-8697 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libpixman-1-0-8697 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libpixman-1-0-8701 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libpixman-1-0-8701 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libpixman-1-0-8697 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libpixman-1-0-8701 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpixman-1-0-devel-0.24.4-0.15.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libpixman-1-0-devel-0.16.0-1.4.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libpixman-1-0-0.24.4-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libpixman-1-0-32bit-0.24.4-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpixman-1-0-0.24.4-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libpixman-1-0-32bit-0.24.4-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libpixman-1-0-x86-0.24.4-0.15.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libpixman-1-0-0.16.0-1.4.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libpixman-1-0-32bit-0.16.0-1.4.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libpixman-1-0-0.16.0-1.4.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libpixman-1-0-32bit-0.16.0-1.4.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libpixman-1-0-x86-0.16.0-1.4.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libpixman-1-0-0.24.4-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libpixman-1-0-32bit-0.24.4-0.15.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libpixman-1-0-0.16.0-1.4.1 libpixman-1-0-devel-0.16.0-1.4.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libpixman-1-0-32bit-0.16.0-1.4.1 References: http://support.novell.com/security/cve/CVE-2013-6425.html https://bugzilla.novell.com/853824 http://download.novell.com/patch/finder/?keywords=1fc79e726107e92e1e2aec08550e036e http://download.novell.com/patch/finder/?keywords=91193a18682bc9249c55cfc64718cdf3 From sle-updates at lists.suse.com Mon Jan 6 16:04:33 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jan 2014 00:04:33 +0100 (CET) Subject: SUSE-SU-2014:0024-1: important: Security update for Samba Message-ID: <20140106230433.9A9BF32052@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0024-1 Rating: important References: #817880 #838472 #844720 #848101 #849226 #853021 #853347 #854520 Cross-References: CVE-2012-6150 CVE-2013-4408 CVE-2013-4475 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update fixes the following security issues with Samba: * bnc#844720: DCERPC frag_len not checked (CVE-2013-4408) * bnc#853347: winbind pam security problem (CVE-2012-6150) * bnc#848101: No access check verification on stream files (CVE-2013-4475) And fixes the following non-security issues: * bnc#853021: libsmbclient0 package description contains comments * bnc#817880: rpcclient adddriver and setdrive do not set all needed registry entries * bnc#838472: Client trying to delete print job fails: Samba returns: WERR_INVALID_PRINTER_NAME * bnc#854520 and bnc#849226: various upstream fixes Security Issue references: * CVE-2012-6150 * CVE-2013-4408 * CVE-2013-4475 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-cifs-mount-8655 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-cifs-mount-8656 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cifs-mount-8655 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cifs-mount-8655 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-cifs-mount-8656 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-cifs-mount-8656 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cifs-mount-8655 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-cifs-mount-8656 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.46.1 libnetapi-devel-3.6.3-0.46.1 libnetapi0-3.6.3-0.46.1 libsmbclient-devel-3.6.3-0.46.1 libsmbsharemodes-devel-3.6.3-0.46.1 libsmbsharemodes0-3.6.3-0.46.1 libtalloc-devel-3.6.3-0.46.1 libtdb-devel-3.6.3-0.46.1 libtevent-devel-3.6.3-0.46.1 libwbclient-devel-3.6.3-0.46.1 samba-devel-3.6.3-0.46.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.33.39.1 libnetapi-devel-3.6.3-0.33.39.1 libnetapi0-3.6.3-0.33.39.1 libsmbclient-devel-3.6.3-0.33.39.1 libsmbsharemodes-devel-3.6.3-0.33.39.1 libsmbsharemodes0-3.6.3-0.33.39.1 libtalloc-devel-3.6.3-0.33.39.1 libtdb-devel-3.6.3-0.33.39.1 libtevent-devel-3.6.3-0.33.39.1 libwbclient-devel-3.6.3-0.33.39.1 samba-devel-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ldapsmb-1.34b-12.46.1 libldb1-3.6.3-0.46.1 libsmbclient0-3.6.3-0.46.1 libtalloc2-3.6.3-0.46.1 libtdb1-3.6.3-0.46.1 libtevent0-3.6.3-0.46.1 libwbclient0-3.6.3-0.46.1 samba-3.6.3-0.46.1 samba-client-3.6.3-0.46.1 samba-krb-printing-3.6.3-0.46.1 samba-winbind-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.46.1 libtalloc2-32bit-3.6.3-0.46.1 libtdb1-32bit-3.6.3-0.46.1 libtevent0-32bit-3.6.3-0.46.1 libwbclient0-32bit-3.6.3-0.46.1 samba-32bit-3.6.3-0.46.1 samba-client-32bit-3.6.3-0.46.1 samba-winbind-32bit-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): samba-doc-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.46.1 libldb1-3.6.3-0.46.1 libsmbclient0-3.6.3-0.46.1 libtalloc2-3.6.3-0.46.1 libtdb1-3.6.3-0.46.1 libtevent0-3.6.3-0.46.1 libwbclient0-3.6.3-0.46.1 samba-3.6.3-0.46.1 samba-client-3.6.3-0.46.1 samba-krb-printing-3.6.3-0.46.1 samba-winbind-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.46.1 libtalloc2-32bit-3.6.3-0.46.1 libtdb1-32bit-3.6.3-0.46.1 libtevent0-32bit-3.6.3-0.46.1 libwbclient0-32bit-3.6.3-0.46.1 samba-32bit-3.6.3-0.46.1 samba-client-32bit-3.6.3-0.46.1 samba-winbind-32bit-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): samba-doc-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libsmbclient0-x86-3.6.3-0.46.1 libtalloc2-x86-3.6.3-0.46.1 libtdb1-x86-3.6.3-0.46.1 libwbclient0-x86-3.6.3-0.46.1 samba-client-x86-3.6.3-0.46.1 samba-winbind-x86-3.6.3-0.46.1 samba-x86-3.6.3-0.46.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ldapsmb-1.34b-12.33.39.1 libldb1-3.6.3-0.33.39.1 libsmbclient0-3.6.3-0.33.39.1 libtalloc1-3.4.3-1.50.1 libtalloc2-3.6.3-0.33.39.1 libtdb1-3.6.3-0.33.39.1 libtevent0-3.6.3-0.33.39.1 libwbclient0-3.6.3-0.33.39.1 samba-3.6.3-0.33.39.1 samba-client-3.6.3-0.33.39.1 samba-krb-printing-3.6.3-0.33.39.1 samba-winbind-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.33.39.1 libtalloc1-32bit-3.4.3-1.50.1 libtalloc2-32bit-3.6.3-0.33.39.1 libtdb1-32bit-3.6.3-0.33.39.1 libtevent0-32bit-3.6.3-0.33.39.1 libwbclient0-32bit-3.6.3-0.33.39.1 samba-32bit-3.6.3-0.33.39.1 samba-client-32bit-3.6.3-0.33.39.1 samba-winbind-32bit-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): samba-doc-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.33.39.1 libldb1-3.6.3-0.33.39.1 libsmbclient0-3.6.3-0.33.39.1 libtalloc1-3.4.3-1.50.1 libtalloc2-3.6.3-0.33.39.1 libtdb1-3.6.3-0.33.39.1 libtevent0-3.6.3-0.33.39.1 libwbclient0-3.6.3-0.33.39.1 samba-3.6.3-0.33.39.1 samba-client-3.6.3-0.33.39.1 samba-krb-printing-3.6.3-0.33.39.1 samba-winbind-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.33.39.1 libtalloc1-32bit-3.4.3-1.50.1 libtalloc2-32bit-3.6.3-0.33.39.1 libtdb1-32bit-3.6.3-0.33.39.1 libtevent0-32bit-3.6.3-0.33.39.1 libwbclient0-32bit-3.6.3-0.33.39.1 samba-32bit-3.6.3-0.33.39.1 samba-client-32bit-3.6.3-0.33.39.1 samba-winbind-32bit-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): samba-doc-3.6.3-0.33.39.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libsmbclient0-x86-3.6.3-0.33.39.1 libtalloc1-x86-3.4.3-1.50.1 libtalloc2-x86-3.6.3-0.33.39.1 libtdb1-x86-3.6.3-0.33.39.1 libwbclient0-x86-3.6.3-0.33.39.1 samba-client-x86-3.6.3-0.33.39.1 samba-winbind-x86-3.6.3-0.33.39.1 samba-x86-3.6.3-0.33.39.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libldb1-3.6.3-0.46.1 libsmbclient0-3.6.3-0.46.1 libtalloc2-3.6.3-0.46.1 libtdb1-3.6.3-0.46.1 libtevent0-3.6.3-0.46.1 libwbclient0-3.6.3-0.46.1 samba-3.6.3-0.46.1 samba-client-3.6.3-0.46.1 samba-krb-printing-3.6.3-0.46.1 samba-winbind-3.6.3-0.46.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libldb1-32bit-3.6.3-0.46.1 libsmbclient0-32bit-3.6.3-0.46.1 libtalloc2-32bit-3.6.3-0.46.1 libtdb1-32bit-3.6.3-0.46.1 libtevent0-32bit-3.6.3-0.46.1 libwbclient0-32bit-3.6.3-0.46.1 samba-32bit-3.6.3-0.46.1 samba-client-32bit-3.6.3-0.46.1 samba-winbind-32bit-3.6.3-0.46.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): samba-doc-3.6.3-0.46.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libldb1-3.6.3-0.33.39.1 libsmbclient0-3.6.3-0.33.39.1 libtalloc1-3.4.3-1.50.1 libtalloc2-3.6.3-0.33.39.1 libtdb1-3.6.3-0.33.39.1 libtevent0-3.6.3-0.33.39.1 libwbclient0-3.6.3-0.33.39.1 samba-3.6.3-0.33.39.1 samba-client-3.6.3-0.33.39.1 samba-krb-printing-3.6.3-0.33.39.1 samba-winbind-3.6.3-0.33.39.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libldb1-32bit-3.6.3-0.33.39.1 libsmbclient0-32bit-3.6.3-0.33.39.1 libtalloc1-32bit-3.4.3-1.50.1 libtalloc2-32bit-3.6.3-0.33.39.1 libtdb1-32bit-3.6.3-0.33.39.1 libtevent0-32bit-3.6.3-0.33.39.1 libwbclient0-32bit-3.6.3-0.33.39.1 samba-32bit-3.6.3-0.33.39.1 samba-client-32bit-3.6.3-0.33.39.1 samba-winbind-32bit-3.6.3-0.33.39.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): samba-doc-3.6.3-0.33.39.1 References: http://support.novell.com/security/cve/CVE-2012-6150.html http://support.novell.com/security/cve/CVE-2013-4408.html http://support.novell.com/security/cve/CVE-2013-4475.html https://bugzilla.novell.com/817880 https://bugzilla.novell.com/838472 https://bugzilla.novell.com/844720 https://bugzilla.novell.com/848101 https://bugzilla.novell.com/849226 https://bugzilla.novell.com/853021 https://bugzilla.novell.com/853347 https://bugzilla.novell.com/854520 http://download.novell.com/patch/finder/?keywords=7c9c4ddeaf5362a86442d4bcd791d030 http://download.novell.com/patch/finder/?keywords=8c60b7480fc521d7eeb322955b387165 From sle-updates at lists.suse.com Mon Jan 6 17:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jan 2014 01:04:10 +0100 (CET) Subject: SUSE-SU-2014:0025-1: important: Security update for openssl-certs Message-ID: <20140107000410.C59E732052@maintenance.suse.de> SUSE Security Update: Security update for openssl-certs ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0025-1 Rating: important References: #796628 #854367 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: openssl-certs was updated with the current certificate data available from mozilla.org. Changes: * Updated certificates to revision 1.95 Distrust a sub-ca that issued google.com certificates. "Distrusted AC DG Tresor SSL" (bnc#854367) Many CA updates from Mozilla: * new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt server auth, code signing, email signing * new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt server auth, code signing, email signing * new: China_Internet_Network_Information_Center_EV_Certificates_Ro ot:2.4.72.159.0.1.crt server auth * changed: Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.cr t removed code signing and server auth abilities * changed: Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.c rt removed code signing and server auth abilities * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt server auth * new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server auth * removed: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102. crt * new: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248. crt * removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt * new: PSCProcert:2.1.11.crt server auth, code signing, email signing * new: Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124 .74.30.90.24.103.182.crt server auth, code signing, email signing * new: Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141. 253.16.29.4.31.118.202.88.crt server auth, code signing * changed: TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51 .21.2.228.108.244.crt removed all abilities * new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt server auth, code signing * changed: TWCA_Root_Certification_Authority:2.1.1.crt added code signing ability * new "EE Certification Centre Root CA" * new "T-TeleSec GlobalRoot Class 3" * revoke mis-issued intermediate CAs from TURKTRUST. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-openssl-certs-8682 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-openssl-certs-8682 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-openssl-certs-8681 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-openssl-certs-8681 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-openssl-certs-8682 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-openssl-certs-8681 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 References: https://bugzilla.novell.com/796628 https://bugzilla.novell.com/854367 http://download.novell.com/patch/finder/?keywords=01d9e4cf8922756e2ff6eda21c67ab47 http://download.novell.com/patch/finder/?keywords=614f90966ba2255b839d3ad76b087c11 From sle-updates at lists.suse.com Tue Jan 7 10:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jan 2014 18:04:11 +0100 (CET) Subject: SUSE-RU-2014:0038-1: Recommended update for s390-tools Message-ID: <20140107170411.E849832085@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0038-1 Rating: low References: #749094 #824766 #830288 #830321 #832428 #837742 Affected Products: SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for s390-tools contains the following changes: * Add robustness against missing interrupts to non-path-grouped internal IO requests (bnc#837742) * IBM s390-tools-1.15.0 Maintenance Patches (#1) (bnc#824766) * Convert the user-entered PEER_USERID to all upper case so the user doesn't have to. (bnc#749094) * Updated mkinitrd-setup-qeth.sh o It now handles both VLAN and bonded channel interfaces o Restructured the code to better handle the new functionality. * Updated zfcp_host_configure to add a missing udev rule. (bnc#830321) * Added misc enhancements to zpxe.rexx. * Updated scripts to replace $SYSFS with /sysfs in the one instance where $SYSFS would be null * some spec file changes to remove dangling symlinks before creating new ones. (bnc#830288) * Added the package 'shadow' to PreReq in the spec file to fix a build issue. (bnc#832428) * Added man pages for ctc_configure, dasd_configure, iucv_configure, qeth_configure, zfcp_disk_configure and zfcp_host_configure. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-osasnmpd-8326 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (s390x): osasnmpd-1.15.0-0.138.2 s390-tools-1.15.0-0.138.2 References: https://bugzilla.novell.com/749094 https://bugzilla.novell.com/824766 https://bugzilla.novell.com/830288 https://bugzilla.novell.com/830321 https://bugzilla.novell.com/832428 https://bugzilla.novell.com/837742 http://download.novell.com/patch/finder/?keywords=0be9718af421e378bd204b34bfa7333c From sle-updates at lists.suse.com Wed Jan 8 13:04:15 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jan 2014 21:04:15 +0100 (CET) Subject: SUSE-RU-2014:0041-1: moderate: Recommended update for aide Message-ID: <20140108200415.6BFAD3208B@maintenance.suse.de> SUSE Recommended Update: Recommended update for aide ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0041-1 Rating: moderate References: #852158 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The filesystem intrusion detection tool "aide" was not able to load gzip compressed databases anymore on SUSE Linux Enterprise Server 11 SP3 as the zlib API was changed slightly. This update fixes this problem and gzip compressed databases can be opened again. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-aide-8653 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-aide-8653 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-aide-8653 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): aide-0.13.1-40.16.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): aide-0.13.1-40.16.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): aide-0.13.1-40.16.1 References: https://bugzilla.novell.com/852158 http://download.novell.com/patch/finder/?keywords=260e6e909a76cd6da1143c6522622f19 From sle-updates at lists.suse.com Wed Jan 8 15:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jan 2014 23:04:11 +0100 (CET) Subject: SUSE-RU-2014:0042-1: Recommended update for release-notes-sdk Message-ID: <20140108220411.272FC320A1@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0042-1 Rating: low References: #835413 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest version of the Release Notes for SUSE Linux Enterprise 11 SP3 Software Development Kit. The changes in detail are: * Clarify scope of SDK packages regarding SLES/SLED. (bnc#835413) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-release-notes-sdk-8630 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 11.3.12]: release-notes-sdk-11.3.12-0.10.1 References: https://bugzilla.novell.com/835413 http://download.novell.com/patch/finder/?keywords=d03684f4a4d4b553d73e83530d975aa6 From sle-updates at lists.suse.com Thu Jan 9 12:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jan 2014 20:04:11 +0100 (CET) Subject: SUSE-RU-2014:0043-1: Recommended update for libHBAAPI2 Message-ID: <20140109190411.5D69E320DF@maintenance.suse.de> SUSE Recommended Update: Recommended update for libHBAAPI2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0043-1 Rating: low References: #854160 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libHBAAPI2 fixes the library linkage against libdl, allowing it to dynamically load other libraries. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libHBAAPI2-8643 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libHBAAPI2-8643 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libHBAAPI2-8643 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libHBAAPI2-devel-2.2.7-0.9.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libHBAAPI2-2.2.7-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libHBAAPI2-2.2.7-0.9.1 References: https://bugzilla.novell.com/854160 http://download.novell.com/patch/finder/?keywords=1223452f4aad67e885a33a3e979f92c0 From sle-updates at lists.suse.com Thu Jan 9 16:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jan 2014 00:04:11 +0100 (CET) Subject: SUSE-RU-2014:0044-1: moderate: Recommended update for yast2-storage Message-ID: <20140109230411.7B9B5320DF@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0044-1 Rating: moderate References: #826384 #832196 #848821 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This collective update for yast2-storage disables unintended use of unsupported btrfs features. Additionally, it provides the following fixes: * Fix handling of default subvolumes for root fs when formatting but not creating a partition. * Fix add volumes to btrfs when format is true and primary volume was not btrfs previously. * Fix encrypted volumes on multiple disks via AutoYaST. * Fix update with EVMS. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-yast2-storage-8652 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-yast2-storage-8652 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-yast2-storage-8652 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-yast2-storage-8652 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.145]: yast2-storage-devel-2.17.145-0.7.3 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.17.145]: yast2-storage-2.17.145-0.7.3 yast2-storage-lib-2.17.145-0.7.3 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.145]: yast2-storage-2.17.145-0.7.3 yast2-storage-lib-2.17.145-0.7.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.17.145]: yast2-storage-2.17.145-0.7.3 yast2-storage-lib-2.17.145-0.7.3 References: https://bugzilla.novell.com/826384 https://bugzilla.novell.com/832196 https://bugzilla.novell.com/848821 http://download.novell.com/patch/finder/?keywords=5fa65a5fd456344a7dc189596d5843f3 From sle-updates at lists.suse.com Fri Jan 10 08:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jan 2014 16:04:12 +0100 (CET) Subject: SUSE-RU-2014:0046-1: moderate: Recommended update for grub2 Message-ID: <20140110150412.D42CC320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0046-1 Rating: moderate References: #841426 #841466 #852055 #852070 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for Grub2 provides the following fixes and enhancements: * UEFI/PXE fails with error "couldn't send network packet". (bnc#841466) * Disable kernel module loading in grub.efi if secure boot is enabled. (bnc#852070) * Misaligned stack could crash grub2 randomly. (bnc#852055, bnc#841426) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-grub2-8663 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-grub2-8663 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-grub2-8663 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): grub2-x86_64-efi-2.00-0.41.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64): grub2-x86_64-efi-2.00-0.41.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): grub2-x86_64-efi-2.00-0.41.1 References: https://bugzilla.novell.com/841426 https://bugzilla.novell.com/841466 https://bugzilla.novell.com/852055 https://bugzilla.novell.com/852070 http://download.novell.com/patch/finder/?keywords=99cf9fac34eaf8fb3b0d5a6bab9db84b From sle-updates at lists.suse.com Fri Jan 10 17:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Jan 2014 01:04:11 +0100 (CET) Subject: SUSE-RU-2014:0047-1: Recommended update for lsscsi Message-ID: <20140111000411.2089F32075@maintenance.suse.de> SUSE Recommended Update: Recommended update for lsscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0047-1 Rating: low References: #844851 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lsscsi provides the following fixes and enhancements: * Merge FC layout fixes. * Print additional SAS information. * Print additional FC information. (bnc#844851) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-lsscsi-8618 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-lsscsi-8618 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-lsscsi-8618 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-lsscsi-8618 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): lsscsi-0.23-0.12.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): lsscsi-0.23-0.12.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): lsscsi-0.23-0.12.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): lsscsi-0.23-0.12.1 References: https://bugzilla.novell.com/844851 http://download.novell.com/patch/finder/?keywords=4f3aab2df94729b53c99f8cc07f13abf From sle-updates at lists.suse.com Mon Jan 13 12:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jan 2014 20:04:11 +0100 (CET) Subject: SUSE-SU-2014:0050-1: moderate: Security update for lighttpd Message-ID: <20140113190411.3632C3213E@maintenance.suse.de> SUSE Security Update: Security update for lighttpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0050-1 Rating: moderate References: #801071 #850468 #850469 Cross-References: CVE-2013-4560 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: lighthttpd received fixes for the following security issues: * CVE-2013-4559: lighttpd did not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might have caused lighttpd to run as root if it is restarted and allowed remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. * CVE-2013-4560: Use-after-free vulnerability in lighttpd allowed remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. * CVE-2011-1473: Added support for disabling client side initiated renegotation to avoid potential computational denial of service (unbalanced computation efforts server vs client). Security Issue reference: * CVE-2013-4559 * CVE-2013-4560 * CVE-2011-1473 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-lighttpd-8645 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-lighttpd-8644 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-lighttpd-8645 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-lighttpd-8644 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.52.1 lighttpd-mod_cml-1.4.20-2.52.1 lighttpd-mod_magnet-1.4.20-2.52.1 lighttpd-mod_mysql_vhost-1.4.20-2.52.1 lighttpd-mod_rrdtool-1.4.20-2.52.1 lighttpd-mod_trigger_b4_dl-1.4.20-2.52.1 lighttpd-mod_webdav-1.4.20-2.52.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.52.1 lighttpd-mod_cml-1.4.20-2.52.1 lighttpd-mod_magnet-1.4.20-2.52.1 lighttpd-mod_mysql_vhost-1.4.20-2.52.1 lighttpd-mod_rrdtool-1.4.20-2.52.1 lighttpd-mod_trigger_b4_dl-1.4.20-2.52.1 lighttpd-mod_webdav-1.4.20-2.52.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.52.1 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): lighttpd-1.4.20-2.52.1 References: http://support.novell.com/security/cve/CVE-2013-4560.html https://bugzilla.novell.com/801071 https://bugzilla.novell.com/850468 https://bugzilla.novell.com/850469 http://download.novell.com/patch/finder/?keywords=bfe99f3db932bd71cf3b8413b2374ba5 http://download.novell.com/patch/finder/?keywords=def7a5cbed6ad6036f50fdb5d6eb8ffd From sle-updates at lists.suse.com Mon Jan 13 15:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jan 2014 23:04:11 +0100 (CET) Subject: SUSE-SU-2014:0051-1: moderate: Security update for xorg-x11-server Message-ID: <20140113220411.47D743213F@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0051-1 Rating: moderate References: #853846 Cross-References: CVE-2013-6424 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue with xorg-x11-server: * bnc#853846: integer underflow when handling trapezoids (CVE-2013-6424) Security Issue reference: * CVE-2013-6424 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-xorg-x11-Xvnc-8687 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-Xvnc-8687 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-Xvnc-8687 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-Xvnc-8687 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.85.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-Xvnc-7.4-27.85.1 xorg-x11-server-7.4-27.85.1 xorg-x11-server-extra-7.4-27.85.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.85.1 xorg-x11-server-7.4-27.85.1 xorg-x11-server-extra-7.4-27.85.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-Xvnc-7.4-27.85.1 xorg-x11-server-7.4-27.85.1 xorg-x11-server-extra-7.4-27.85.1 References: http://support.novell.com/security/cve/CVE-2013-6424.html https://bugzilla.novell.com/853846 http://download.novell.com/patch/finder/?keywords=9d5f8559d9c8c32f4040ba7c821ce013 From sle-updates at lists.suse.com Tue Jan 14 10:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jan 2014 18:04:10 +0100 (CET) Subject: SUSE-SU-2014:0061-1: moderate: Security update for python-suds Message-ID: <20140114170410.89F50320AE@maintenance.suse.de> SUSE Security Update: Security update for python-suds ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0061-1 Rating: moderate References: #827568 Cross-References: CVE-2013-2217 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue with python-suds: * Insecure temporary directory use when initializing file-based URL cache (CVE-2013-2217). Security Issue reference: * CVE-2013-2217 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-python-suds-8629 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64): python-suds-0.4-0.18.1 References: http://support.novell.com/security/cve/CVE-2013-2217.html https://bugzilla.novell.com/827568 http://download.novell.com/patch/finder/?keywords=64ff5afe4a2a9fd9ee28d2024fb47e4e From sle-updates at lists.suse.com Tue Jan 14 10:04:25 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jan 2014 18:04:25 +0100 (CET) Subject: SUSE-SU-2014:0051-2: moderate: Security update for xorg-x11-server Message-ID: <20140114170425.4F6C1320AE@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0051-2 Rating: moderate References: #853846 Cross-References: CVE-2013-6424 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue with xorg-x11-server: * bnc#853846: integer underflow when handling trapezoids (CVE-2013-6424) Security Issue reference: * CVE-2013-6424 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-xorg-x11-Xvnc-8686 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-xorg-x11-Xvnc-8686 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-xorg-x11-Xvnc-8686 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-xorg-x11-Xvnc-8686 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.70.76.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): xorg-x11-Xvnc-7.4-27.70.76.1 xorg-x11-server-7.4-27.70.76.1 xorg-x11-server-extra-7.4-27.70.76.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.70.76.1 xorg-x11-server-7.4-27.70.76.1 xorg-x11-server-extra-7.4-27.70.76.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): xorg-x11-Xvnc-7.4-27.70.76.1 xorg-x11-server-7.4-27.70.76.1 xorg-x11-server-extra-7.4-27.70.76.1 References: http://support.novell.com/security/cve/CVE-2013-6424.html https://bugzilla.novell.com/853846 http://download.novell.com/patch/finder/?keywords=22374bf939aee384066e9c9124ef3ba0 From sle-updates at lists.suse.com Tue Jan 14 12:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jan 2014 20:04:11 +0100 (CET) Subject: SUSE-SU-2014:0062-1: moderate: Security update for PHP5 Message-ID: <20140114190411.AE183320F0@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0062-1 Rating: moderate References: #837746 #854880 Cross-References: CVE-2013-4248 CVE-2013-6420 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) Security Issue references: * CVE-2013-6420 * CVE-2013-4248 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php5-8710 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_php5-8710 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_php5-8710 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): php5-devel-5.2.14-0.7.30.50.1 php5-imap-5.2.14-0.7.30.50.1 php5-ncurses-5.2.14-0.7.30.50.1 php5-posix-5.2.14-0.7.30.50.1 php5-readline-5.2.14-0.7.30.50.1 php5-sockets-5.2.14-0.7.30.50.1 php5-sqlite-5.2.14-0.7.30.50.1 php5-tidy-5.2.14-0.7.30.50.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): apache2-mod_php5-5.2.14-0.7.30.50.1 php5-5.2.14-0.7.30.50.1 php5-bcmath-5.2.14-0.7.30.50.1 php5-bz2-5.2.14-0.7.30.50.1 php5-calendar-5.2.14-0.7.30.50.1 php5-ctype-5.2.14-0.7.30.50.1 php5-curl-5.2.14-0.7.30.50.1 php5-dba-5.2.14-0.7.30.50.1 php5-dbase-5.2.14-0.7.30.50.1 php5-dom-5.2.14-0.7.30.50.1 php5-exif-5.2.14-0.7.30.50.1 php5-fastcgi-5.2.14-0.7.30.50.1 php5-ftp-5.2.14-0.7.30.50.1 php5-gd-5.2.14-0.7.30.50.1 php5-gettext-5.2.14-0.7.30.50.1 php5-gmp-5.2.14-0.7.30.50.1 php5-hash-5.2.14-0.7.30.50.1 php5-iconv-5.2.14-0.7.30.50.1 php5-json-5.2.14-0.7.30.50.1 php5-ldap-5.2.14-0.7.30.50.1 php5-mbstring-5.2.14-0.7.30.50.1 php5-mcrypt-5.2.14-0.7.30.50.1 php5-mysql-5.2.14-0.7.30.50.1 php5-odbc-5.2.14-0.7.30.50.1 php5-openssl-5.2.14-0.7.30.50.1 php5-pcntl-5.2.14-0.7.30.50.1 php5-pdo-5.2.14-0.7.30.50.1 php5-pear-5.2.14-0.7.30.50.1 php5-pgsql-5.2.14-0.7.30.50.1 php5-pspell-5.2.14-0.7.30.50.1 php5-shmop-5.2.14-0.7.30.50.1 php5-snmp-5.2.14-0.7.30.50.1 php5-soap-5.2.14-0.7.30.50.1 php5-suhosin-5.2.14-0.7.30.50.1 php5-sysvmsg-5.2.14-0.7.30.50.1 php5-sysvsem-5.2.14-0.7.30.50.1 php5-sysvshm-5.2.14-0.7.30.50.1 php5-tokenizer-5.2.14-0.7.30.50.1 php5-wddx-5.2.14-0.7.30.50.1 php5-xmlreader-5.2.14-0.7.30.50.1 php5-xmlrpc-5.2.14-0.7.30.50.1 php5-xmlwriter-5.2.14-0.7.30.50.1 php5-xsl-5.2.14-0.7.30.50.1 php5-zip-5.2.14-0.7.30.50.1 php5-zlib-5.2.14-0.7.30.50.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_php5-5.2.14-0.7.30.50.1 php5-5.2.14-0.7.30.50.1 php5-bcmath-5.2.14-0.7.30.50.1 php5-bz2-5.2.14-0.7.30.50.1 php5-calendar-5.2.14-0.7.30.50.1 php5-ctype-5.2.14-0.7.30.50.1 php5-curl-5.2.14-0.7.30.50.1 php5-dba-5.2.14-0.7.30.50.1 php5-dbase-5.2.14-0.7.30.50.1 php5-dom-5.2.14-0.7.30.50.1 php5-exif-5.2.14-0.7.30.50.1 php5-fastcgi-5.2.14-0.7.30.50.1 php5-ftp-5.2.14-0.7.30.50.1 php5-gd-5.2.14-0.7.30.50.1 php5-gettext-5.2.14-0.7.30.50.1 php5-gmp-5.2.14-0.7.30.50.1 php5-hash-5.2.14-0.7.30.50.1 php5-iconv-5.2.14-0.7.30.50.1 php5-json-5.2.14-0.7.30.50.1 php5-ldap-5.2.14-0.7.30.50.1 php5-mbstring-5.2.14-0.7.30.50.1 php5-mcrypt-5.2.14-0.7.30.50.1 php5-mysql-5.2.14-0.7.30.50.1 php5-odbc-5.2.14-0.7.30.50.1 php5-openssl-5.2.14-0.7.30.50.1 php5-pcntl-5.2.14-0.7.30.50.1 php5-pdo-5.2.14-0.7.30.50.1 php5-pear-5.2.14-0.7.30.50.1 php5-pgsql-5.2.14-0.7.30.50.1 php5-pspell-5.2.14-0.7.30.50.1 php5-shmop-5.2.14-0.7.30.50.1 php5-snmp-5.2.14-0.7.30.50.1 php5-soap-5.2.14-0.7.30.50.1 php5-suhosin-5.2.14-0.7.30.50.1 php5-sysvmsg-5.2.14-0.7.30.50.1 php5-sysvsem-5.2.14-0.7.30.50.1 php5-sysvshm-5.2.14-0.7.30.50.1 php5-tokenizer-5.2.14-0.7.30.50.1 php5-wddx-5.2.14-0.7.30.50.1 php5-xmlreader-5.2.14-0.7.30.50.1 php5-xmlrpc-5.2.14-0.7.30.50.1 php5-xmlwriter-5.2.14-0.7.30.50.1 php5-xsl-5.2.14-0.7.30.50.1 php5-zip-5.2.14-0.7.30.50.1 php5-zlib-5.2.14-0.7.30.50.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php5-5.2.14-0.7.30.50.1 php5-5.2.14-0.7.30.50.1 php5-bcmath-5.2.14-0.7.30.50.1 php5-bz2-5.2.14-0.7.30.50.1 php5-calendar-5.2.14-0.7.30.50.1 php5-ctype-5.2.14-0.7.30.50.1 php5-curl-5.2.14-0.7.30.50.1 php5-dba-5.2.14-0.7.30.50.1 php5-dbase-5.2.14-0.7.30.50.1 php5-dom-5.2.14-0.7.30.50.1 php5-exif-5.2.14-0.7.30.50.1 php5-fastcgi-5.2.14-0.7.30.50.1 php5-ftp-5.2.14-0.7.30.50.1 php5-gd-5.2.14-0.7.30.50.1 php5-gettext-5.2.14-0.7.30.50.1 php5-gmp-5.2.14-0.7.30.50.1 php5-hash-5.2.14-0.7.30.50.1 php5-iconv-5.2.14-0.7.30.50.1 php5-json-5.2.14-0.7.30.50.1 php5-ldap-5.2.14-0.7.30.50.1 php5-mbstring-5.2.14-0.7.30.50.1 php5-mcrypt-5.2.14-0.7.30.50.1 php5-mysql-5.2.14-0.7.30.50.1 php5-odbc-5.2.14-0.7.30.50.1 php5-openssl-5.2.14-0.7.30.50.1 php5-pcntl-5.2.14-0.7.30.50.1 php5-pdo-5.2.14-0.7.30.50.1 php5-pear-5.2.14-0.7.30.50.1 php5-pgsql-5.2.14-0.7.30.50.1 php5-pspell-5.2.14-0.7.30.50.1 php5-shmop-5.2.14-0.7.30.50.1 php5-snmp-5.2.14-0.7.30.50.1 php5-soap-5.2.14-0.7.30.50.1 php5-suhosin-5.2.14-0.7.30.50.1 php5-sysvmsg-5.2.14-0.7.30.50.1 php5-sysvsem-5.2.14-0.7.30.50.1 php5-sysvshm-5.2.14-0.7.30.50.1 php5-tokenizer-5.2.14-0.7.30.50.1 php5-wddx-5.2.14-0.7.30.50.1 php5-xmlreader-5.2.14-0.7.30.50.1 php5-xmlrpc-5.2.14-0.7.30.50.1 php5-xmlwriter-5.2.14-0.7.30.50.1 php5-xsl-5.2.14-0.7.30.50.1 php5-zip-5.2.14-0.7.30.50.1 php5-zlib-5.2.14-0.7.30.50.1 References: http://support.novell.com/security/cve/CVE-2013-4248.html http://support.novell.com/security/cve/CVE-2013-6420.html https://bugzilla.novell.com/837746 https://bugzilla.novell.com/854880 http://download.novell.com/patch/finder/?keywords=87b01e1c5215269d5c128d2816ac15ed From sle-updates at lists.suse.com Tue Jan 14 12:04:35 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jan 2014 20:04:35 +0100 (CET) Subject: SUSE-SU-2014:0063-1: moderate: Security update for PHP5 Message-ID: <20140114190435.8C855320F0@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0063-1 Rating: moderate References: #837746 #842676 #853045 #854880 Cross-References: CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * Heap buffer over-read in DateInterval (CVE-2013-6712) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) Security Issue references: * CVE-2013-6420 * CVE-2013-6712 * CVE-2013-4248 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_php53-8684 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_php53-8684 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_php53-8684 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-0.17.1 php53-imap-5.3.17-0.17.1 php53-posix-5.3.17-0.17.1 php53-readline-5.3.17-0.17.1 php53-sockets-5.3.17-0.17.1 php53-sqlite-5.3.17-0.17.1 php53-tidy-5.3.17-0.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_php53-5.3.17-0.17.1 php53-5.3.17-0.17.1 php53-bcmath-5.3.17-0.17.1 php53-bz2-5.3.17-0.17.1 php53-calendar-5.3.17-0.17.1 php53-ctype-5.3.17-0.17.1 php53-curl-5.3.17-0.17.1 php53-dba-5.3.17-0.17.1 php53-dom-5.3.17-0.17.1 php53-exif-5.3.17-0.17.1 php53-fastcgi-5.3.17-0.17.1 php53-fileinfo-5.3.17-0.17.1 php53-ftp-5.3.17-0.17.1 php53-gd-5.3.17-0.17.1 php53-gettext-5.3.17-0.17.1 php53-gmp-5.3.17-0.17.1 php53-iconv-5.3.17-0.17.1 php53-intl-5.3.17-0.17.1 php53-json-5.3.17-0.17.1 php53-ldap-5.3.17-0.17.1 php53-mbstring-5.3.17-0.17.1 php53-mcrypt-5.3.17-0.17.1 php53-mysql-5.3.17-0.17.1 php53-odbc-5.3.17-0.17.1 php53-openssl-5.3.17-0.17.1 php53-pcntl-5.3.17-0.17.1 php53-pdo-5.3.17-0.17.1 php53-pear-5.3.17-0.17.1 php53-pgsql-5.3.17-0.17.1 php53-pspell-5.3.17-0.17.1 php53-shmop-5.3.17-0.17.1 php53-snmp-5.3.17-0.17.1 php53-soap-5.3.17-0.17.1 php53-suhosin-5.3.17-0.17.1 php53-sysvmsg-5.3.17-0.17.1 php53-sysvsem-5.3.17-0.17.1 php53-sysvshm-5.3.17-0.17.1 php53-tokenizer-5.3.17-0.17.1 php53-wddx-5.3.17-0.17.1 php53-xmlreader-5.3.17-0.17.1 php53-xmlrpc-5.3.17-0.17.1 php53-xmlwriter-5.3.17-0.17.1 php53-xsl-5.3.17-0.17.1 php53-zip-5.3.17-0.17.1 php53-zlib-5.3.17-0.17.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-0.17.1 php53-5.3.17-0.17.1 php53-bcmath-5.3.17-0.17.1 php53-bz2-5.3.17-0.17.1 php53-calendar-5.3.17-0.17.1 php53-ctype-5.3.17-0.17.1 php53-curl-5.3.17-0.17.1 php53-dba-5.3.17-0.17.1 php53-dom-5.3.17-0.17.1 php53-exif-5.3.17-0.17.1 php53-fastcgi-5.3.17-0.17.1 php53-fileinfo-5.3.17-0.17.1 php53-ftp-5.3.17-0.17.1 php53-gd-5.3.17-0.17.1 php53-gettext-5.3.17-0.17.1 php53-gmp-5.3.17-0.17.1 php53-iconv-5.3.17-0.17.1 php53-intl-5.3.17-0.17.1 php53-json-5.3.17-0.17.1 php53-ldap-5.3.17-0.17.1 php53-mbstring-5.3.17-0.17.1 php53-mcrypt-5.3.17-0.17.1 php53-mysql-5.3.17-0.17.1 php53-odbc-5.3.17-0.17.1 php53-openssl-5.3.17-0.17.1 php53-pcntl-5.3.17-0.17.1 php53-pdo-5.3.17-0.17.1 php53-pear-5.3.17-0.17.1 php53-pgsql-5.3.17-0.17.1 php53-pspell-5.3.17-0.17.1 php53-shmop-5.3.17-0.17.1 php53-snmp-5.3.17-0.17.1 php53-soap-5.3.17-0.17.1 php53-suhosin-5.3.17-0.17.1 php53-sysvmsg-5.3.17-0.17.1 php53-sysvsem-5.3.17-0.17.1 php53-sysvshm-5.3.17-0.17.1 php53-tokenizer-5.3.17-0.17.1 php53-wddx-5.3.17-0.17.1 php53-xmlreader-5.3.17-0.17.1 php53-xmlrpc-5.3.17-0.17.1 php53-xmlwriter-5.3.17-0.17.1 php53-xsl-5.3.17-0.17.1 php53-zip-5.3.17-0.17.1 php53-zlib-5.3.17-0.17.1 References: http://support.novell.com/security/cve/CVE-2013-4248.html http://support.novell.com/security/cve/CVE-2013-6420.html http://support.novell.com/security/cve/CVE-2013-6712.html https://bugzilla.novell.com/837746 https://bugzilla.novell.com/842676 https://bugzilla.novell.com/853045 https://bugzilla.novell.com/854880 http://download.novell.com/patch/finder/?keywords=2766581a0b71772fb5847e9de0ca1ddd From sle-updates at lists.suse.com Tue Jan 14 13:04:09 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jan 2014 21:04:09 +0100 (CET) Subject: SUSE-SU-2014:0064-1: moderate: Security update for PHP5 Message-ID: <20140114200409.DB0A2320E8@maintenance.suse.de> SUSE Security Update: Security update for PHP5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0064-1 Rating: moderate References: #854880 Cross-References: CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update fixes the following issues: * memory corruption in openssl_parse_x509 (CVE-2013-6420) * Heap buffer over-read in DateInterval (CVE-2013-6712) * man-in-the-middle attacks by specially crafting certificates (CVE-2013-4248) Security Issue references: * CVE-2013-6420 * CVE-2013-6712 * CVE-2013-4248 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php53-8683 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-mod_php53-8683 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-mod_php53-8683 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.8-0.43.1 php53-imap-5.3.8-0.43.1 php53-posix-5.3.8-0.43.1 php53-readline-5.3.8-0.43.1 php53-sockets-5.3.8-0.43.1 php53-sqlite-5.3.8-0.43.1 php53-tidy-5.3.8-0.43.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-mod_php53-5.3.8-0.43.1 php53-5.3.8-0.43.1 php53-bcmath-5.3.8-0.43.1 php53-bz2-5.3.8-0.43.1 php53-calendar-5.3.8-0.43.1 php53-ctype-5.3.8-0.43.1 php53-curl-5.3.8-0.43.1 php53-dba-5.3.8-0.43.1 php53-dom-5.3.8-0.43.1 php53-exif-5.3.8-0.43.1 php53-fastcgi-5.3.8-0.43.1 php53-fileinfo-5.3.8-0.43.1 php53-ftp-5.3.8-0.43.1 php53-gd-5.3.8-0.43.1 php53-gettext-5.3.8-0.43.1 php53-gmp-5.3.8-0.43.1 php53-iconv-5.3.8-0.43.1 php53-intl-5.3.8-0.43.1 php53-json-5.3.8-0.43.1 php53-ldap-5.3.8-0.43.1 php53-mbstring-5.3.8-0.43.1 php53-mcrypt-5.3.8-0.43.1 php53-mysql-5.3.8-0.43.1 php53-odbc-5.3.8-0.43.1 php53-openssl-5.3.8-0.43.1 php53-pcntl-5.3.8-0.43.1 php53-pdo-5.3.8-0.43.1 php53-pear-5.3.8-0.43.1 php53-pgsql-5.3.8-0.43.1 php53-pspell-5.3.8-0.43.1 php53-shmop-5.3.8-0.43.1 php53-snmp-5.3.8-0.43.1 php53-soap-5.3.8-0.43.1 php53-suhosin-5.3.8-0.43.1 php53-sysvmsg-5.3.8-0.43.1 php53-sysvsem-5.3.8-0.43.1 php53-sysvshm-5.3.8-0.43.1 php53-tokenizer-5.3.8-0.43.1 php53-wddx-5.3.8-0.43.1 php53-xmlreader-5.3.8-0.43.1 php53-xmlrpc-5.3.8-0.43.1 php53-xmlwriter-5.3.8-0.43.1 php53-xsl-5.3.8-0.43.1 php53-zip-5.3.8-0.43.1 php53-zlib-5.3.8-0.43.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.8-0.43.1 php53-5.3.8-0.43.1 php53-bcmath-5.3.8-0.43.1 php53-bz2-5.3.8-0.43.1 php53-calendar-5.3.8-0.43.1 php53-ctype-5.3.8-0.43.1 php53-curl-5.3.8-0.43.1 php53-dba-5.3.8-0.43.1 php53-dom-5.3.8-0.43.1 php53-exif-5.3.8-0.43.1 php53-fastcgi-5.3.8-0.43.1 php53-fileinfo-5.3.8-0.43.1 php53-ftp-5.3.8-0.43.1 php53-gd-5.3.8-0.43.1 php53-gettext-5.3.8-0.43.1 php53-gmp-5.3.8-0.43.1 php53-iconv-5.3.8-0.43.1 php53-intl-5.3.8-0.43.1 php53-json-5.3.8-0.43.1 php53-ldap-5.3.8-0.43.1 php53-mbstring-5.3.8-0.43.1 php53-mcrypt-5.3.8-0.43.1 php53-mysql-5.3.8-0.43.1 php53-odbc-5.3.8-0.43.1 php53-openssl-5.3.8-0.43.1 php53-pcntl-5.3.8-0.43.1 php53-pdo-5.3.8-0.43.1 php53-pear-5.3.8-0.43.1 php53-pgsql-5.3.8-0.43.1 php53-pspell-5.3.8-0.43.1 php53-shmop-5.3.8-0.43.1 php53-snmp-5.3.8-0.43.1 php53-soap-5.3.8-0.43.1 php53-suhosin-5.3.8-0.43.1 php53-sysvmsg-5.3.8-0.43.1 php53-sysvsem-5.3.8-0.43.1 php53-sysvshm-5.3.8-0.43.1 php53-tokenizer-5.3.8-0.43.1 php53-wddx-5.3.8-0.43.1 php53-xmlreader-5.3.8-0.43.1 php53-xmlrpc-5.3.8-0.43.1 php53-xmlwriter-5.3.8-0.43.1 php53-xsl-5.3.8-0.43.1 php53-zip-5.3.8-0.43.1 php53-zlib-5.3.8-0.43.1 References: http://support.novell.com/security/cve/CVE-2013-4248.html http://support.novell.com/security/cve/CVE-2013-6420.html http://support.novell.com/security/cve/CVE-2013-6712.html https://bugzilla.novell.com/854880 http://download.novell.com/patch/finder/?keywords=8819817181dd7026cfe3ff43214688c6 From sle-updates at lists.suse.com Wed Jan 15 17:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jan 2014 01:04:10 +0100 (CET) Subject: SUSE-RU-2014:0076-1: Recommended update for ipmitool Message-ID: <20140116000410.C25F4320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmitool ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0076-1 Rating: low References: #852176 #854886 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ipmitool provides the following fixes: * Add an explicit requirement on insserv, fixing installation problems on minimal environments. (bnc#852176) * Implement the "status" operation in the ipmievd init script. (bnc#854886) * Fix pid file reference in ipmievd init script. (bnc#854886) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ipmitool-8768 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ipmitool-8768 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ipmitool-8767 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ipmitool-8767 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ipmitool-8768 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ipmitool-8767 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ipmitool-1.8.12-0.21.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 x86_64): ipmitool-1.8.12-0.21.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x): ipmitool-1.8.11-0.20.30.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ipmitool-1.8.11-0.20.30.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ipmitool-1.8.11-0.20.30.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ipmitool-1.8.12-0.21.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): ipmitool-1.8.11-0.20.30.1 References: https://bugzilla.novell.com/852176 https://bugzilla.novell.com/854886 http://download.novell.com/patch/finder/?keywords=3d32d7ba6d23a07c6986b75df6417ae4 http://download.novell.com/patch/finder/?keywords=dd3d75cad9cf0567d100337f346c0d2e From sle-updates at lists.suse.com Thu Jan 16 14:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jan 2014 22:04:10 +0100 (CET) Subject: SUSE-RU-2014:0082-1: Recommended update for dnsmasq Message-ID: <20140116210410.611BB320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0082-1 Rating: low References: #776496 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dnsmasq provides new utilities dhcp_lease_time and dhcp_release. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-dnsmasq-8626 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-dnsmasq-8626 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-dnsmasq-8625 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-dnsmasq-8625 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-dnsmasq-8626 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-dnsmasq-8625 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): dnsmasq-2.45-12.25.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): dnsmasq-2.45-12.25.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): dnsmasq-2.45-12.25.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): dnsmasq-2.45-12.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): dnsmasq-2.45-12.25.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): dnsmasq-2.45-12.25.1 References: https://bugzilla.novell.com/776496 http://download.novell.com/patch/finder/?keywords=5107fd994b1b5ebf08561bbf0565749b http://download.novell.com/patch/finder/?keywords=f4fb2163c436fe8b6800a51e88f8aeb3 From sle-updates at lists.suse.com Thu Jan 16 14:04:24 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jan 2014 22:04:24 +0100 (CET) Subject: SUSE-RU-2014:0083-1: Recommended update for openldap2 Message-ID: <20140116210424.CC958320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0083-1 Rating: low References: #844960 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes an issue in the package's pre-installation script that could cause an install error when building images with Kiwi. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-openldap2-201312-8599 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-openldap2-201312-8599 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-openldap2-201312-8599 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-openldap2-201312-8599 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): openldap2-back-perl-2.4.26-0.26.1 openldap2-devel-2.4.26-0.26.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): openldap2-devel-32bit-2.4.26-0.26.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): openldap2-2.4.26-0.26.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): compat-libldap-2_3-0-2.3.37-2.26.1 libldap-2_4-2-2.4.26-0.26.1 openldap2-2.4.26-0.26.1 openldap2-back-meta-2.4.26-0.26.1 openldap2-client-2.4.26-0.26.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libldap-2_4-2-32bit-2.4.26-0.26.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): compat-libldap-2_3-0-2.3.37-2.26.1 libldap-2_4-2-2.4.26-0.26.1 openldap2-2.4.26-0.26.1 openldap2-back-meta-2.4.26-0.26.1 openldap2-client-2.4.26-0.26.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libldap-2_4-2-32bit-2.4.26-0.26.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libldap-2_4-2-x86-2.4.26-0.26.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libldap-2_4-2-2.4.26-0.26.1 openldap2-client-2.4.26-0.26.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libldap-2_4-2-32bit-2.4.26-0.26.1 References: https://bugzilla.novell.com/844960 http://download.novell.com/patch/finder/?keywords=ef63a3f27d4cab1f181e322bd62d8d5e From sle-updates at lists.suse.com Fri Jan 17 11:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jan 2014 19:04:10 +0100 (CET) Subject: SUSE-SU-2014:0089-1: moderate: Security update for python-keystoneclient Message-ID: <20140117180410.518763213C@maintenance.suse.de> SUSE Security Update: Security update for python-keystoneclient ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0089-1 Rating: moderate References: #824818 #829080 Cross-References: CVE-2013-2166 CVE-2013-2167 CVE-2013-2255 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update fixes the following security issues with python-keystoneclient: * bnc#829080: OpenStack: various SSL hostname checking problems. (CVE-2013-2255) * bnc#824818: Bypass encryption or signing security strategy. (CVE-2013-2166, CVE-2013-2167) Security Issues: * CVE-2013-2255 * CVE-2013-2167 * CVE-2013-2166 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-python-keystoneclient-8619 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64): python-keystoneclient-0.2.3-0.19.1 python-keystoneclient-doc-0.2.3-0.19.1 References: http://support.novell.com/security/cve/CVE-2013-2166.html http://support.novell.com/security/cve/CVE-2013-2167.html http://support.novell.com/security/cve/CVE-2013-2255.html https://bugzilla.novell.com/824818 https://bugzilla.novell.com/829080 http://download.novell.com/patch/finder/?keywords=0eaed759e7a435e4b5bbd29a390653bf From sle-updates at lists.suse.com Fri Jan 17 14:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jan 2014 22:04:10 +0100 (CET) Subject: SUSE-YU-2014:0090-1: moderate: YOU update for Software Update Stack Message-ID: <20140117210410.95AE33213F@maintenance.suse.de> SUSE YOU Update: YOU update for Software Update Stack ______________________________________________________________________________ Announcement ID: SUSE-YU-2014:0090-1 Rating: moderate References: #793809 #846565 #850907 #852943 #854784 Affected Products: SUSE Manager Client Tools for SLE 11 SP1 ______________________________________________________________________________ An update that has 5 YOU fixes can now be installed. Description: This update for the Software Update Stack provides the following fixes and enhancements: libzypp: * Fix disk usage computation for single packages. (bnc#852943) * Filter control chars illegal in XML 1.0. (bnc#850907) * Always properly initialize pool storage. (bnc#846565) zypper: * Fix groff .TP commands in manpage. (bnc#854784) * Fix -x printing edition values for arch-old. (bnc#793809) Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this SUSE YOU Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP1: zypper in -t patch slesctsp1-softwaremgmt-201312-8712 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP1 (i586 ia64 ppc64 s390x x86_64): libzypp-6.39.3-0.3.1 zypper-1.3.25-0.3.1 References: https://bugzilla.novell.com/793809 https://bugzilla.novell.com/846565 https://bugzilla.novell.com/850907 https://bugzilla.novell.com/852943 https://bugzilla.novell.com/854784 http://download.novell.com/patch/finder/?keywords=9d376c33a14f45e7d9c5c7fb62a2c702 From sle-updates at lists.suse.com Fri Jan 17 16:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Jan 2014 00:04:10 +0100 (CET) Subject: SUSE-YU-2014:0091-1: moderate: YOU update for Software Update Stack Message-ID: <20140117230410.D127C3213F@maintenance.suse.de> SUSE YOU Update: YOU update for Software Update Stack ______________________________________________________________________________ Announcement ID: SUSE-YU-2014:0091-1 Rating: moderate References: #841473 #844373 #845619 #846565 #850907 #852943 #854784 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has 7 YOU fixes can now be installed. It includes four new package versions. Description: This update for the Software Update Stack provides the following fixes and enhancements: libzypp: * Fix disk usage computation for single packages. (bnc#852943) * Filter control chars illegal in XML 1.0. (bnc#850907) * Always properly initialize pool storage. (bnc#846565) zypper: * Fix groff .TP commands in manpage. (bnc#854784) * Fix callback handling if media download error is ignored. * Fix detection of multiversion packages in transaction summary. (bnc#844373) * Improve prompt with more options hidden behind '?'. (bnc#844373) * Fix message typo. (bnc#845619) * Avoid duplicated product entries. (bnc#841473) Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this SUSE YOU Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-softwaremgmt-201312-8704 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-softwaremgmt-201312-8703 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-softwaremgmt-201312-8704 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-softwaremgmt-201312-8704 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-softwaremgmt-201312-8703 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-softwaremgmt-201312-8703 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-softwaremgmt-201312-8704 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-softwaremgmt-201312-8703 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.37.4]: libzypp-devel-9.37.4-0.7.2 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.16.4]: libzypp-devel-9.16.4-0.5.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.6.311 and 9.37.4]: libzypp-9.37.4-0.7.2 zypper-1.6.311-0.7.3 zypper-log-1.6.311-0.7.3 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.6.311 and 9.37.4]: libzypp-9.37.4-0.7.2 zypper-1.6.311-0.7.3 zypper-log-1.6.311-0.7.3 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 1.6.178 and 9.16.4]: libzypp-9.16.4-0.5.2 zypper-1.6.178-0.5.3 zypper-log-1.6.178-0.5.3 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.6.178 and 9.16.4]: libzypp-9.16.4-0.5.2 zypper-1.6.178-0.5.3 zypper-log-1.6.178-0.5.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.6.311 and 9.37.4]: libzypp-9.37.4-0.7.2 zypper-1.6.311-0.7.3 zypper-log-1.6.311-0.7.3 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.6.178 and 9.16.4]: libzypp-9.16.4-0.5.2 zypper-1.6.178-0.5.3 zypper-log-1.6.178-0.5.3 References: https://bugzilla.novell.com/841473 https://bugzilla.novell.com/844373 https://bugzilla.novell.com/845619 https://bugzilla.novell.com/846565 https://bugzilla.novell.com/850907 https://bugzilla.novell.com/852943 https://bugzilla.novell.com/854784 http://download.novell.com/patch/finder/?keywords=33a02f1f33948e11edf8d182f10fbade http://download.novell.com/patch/finder/?keywords=e18be6c5f05b3a9d3d1c780586060f80 From sle-updates at lists.suse.com Mon Jan 20 10:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jan 2014 18:04:10 +0100 (CET) Subject: SUSE-RU-2014:0101-1: Recommended update for slepos-guide_en Message-ID: <20140120170410.A26673214F@maintenance.suse.de> SUSE Recommended Update: Recommended update for slepos-guide_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0101-1 Rating: low References: #772090 #772780 #774204 #774606 #825053 #829718 #829733 #830900 #831181 #833130 #833558 #834433 #834437 #834451 #834497 #834655 #834861 #835625 #837604 #837752 #837760 #837764 #837835 #837840 #837854 #837859 #838085 #838093 #838250 #838257 #839956 #840206 #841065 #842570 #849887 Affected Products: SUSE Linux Enterprise Point of Service 11 SP3 ______________________________________________________________________________ An update that has 35 recommended fixes can now be installed. Description: This update provides the latest version of the SUSE Linux Enterprise Point of Service 11 SP3 Guide. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Service 11 SP3: zypper in -t patch sleposp3-slepos-guide_en-8581 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Point of Service 11 SP3 (noarch): slepos-guide_en-11.3-0.17.1 slepos-guide_en-pdf-11.3-0.17.1 References: https://bugzilla.novell.com/772090 https://bugzilla.novell.com/772780 https://bugzilla.novell.com/774204 https://bugzilla.novell.com/774606 https://bugzilla.novell.com/825053 https://bugzilla.novell.com/829718 https://bugzilla.novell.com/829733 https://bugzilla.novell.com/830900 https://bugzilla.novell.com/831181 https://bugzilla.novell.com/833130 https://bugzilla.novell.com/833558 https://bugzilla.novell.com/834433 https://bugzilla.novell.com/834437 https://bugzilla.novell.com/834451 https://bugzilla.novell.com/834497 https://bugzilla.novell.com/834655 https://bugzilla.novell.com/834861 https://bugzilla.novell.com/835625 https://bugzilla.novell.com/837604 https://bugzilla.novell.com/837752 https://bugzilla.novell.com/837760 https://bugzilla.novell.com/837764 https://bugzilla.novell.com/837835 https://bugzilla.novell.com/837840 https://bugzilla.novell.com/837854 https://bugzilla.novell.com/837859 https://bugzilla.novell.com/838085 https://bugzilla.novell.com/838093 https://bugzilla.novell.com/838250 https://bugzilla.novell.com/838257 https://bugzilla.novell.com/839956 https://bugzilla.novell.com/840206 https://bugzilla.novell.com/841065 https://bugzilla.novell.com/842570 https://bugzilla.novell.com/849887 http://download.novell.com/patch/finder/?keywords=f5b6552dbbdeb3ba9b2884f980935f50 From sle-updates at lists.suse.com Mon Jan 20 14:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jan 2014 22:04:11 +0100 (CET) Subject: SUSE-SU-2014:0102-1: moderate: Security update for openstack-glance Message-ID: <20140120210411.54F4632149@maintenance.suse.de> SUSE Security Update: Security update for openstack-glance ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0102-1 Rating: moderate References: #846197 #852600 Cross-References: CVE-2013-4428 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This openstack-glance version update enforces the image_download policy for cached images. CVE-2013-4428 has been assigned to this issue. Security Issue reference: * CVE-2013-4428 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-openstack-glance-8674 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64) [New Version: 2013.1.5.a2.gf4aaf8e]: openstack-glance-2013.1.5.a2.gf4aaf8e-0.7.1 python-glance-2013.1.5.a2.gf4aaf8e-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-4428.html https://bugzilla.novell.com/846197 https://bugzilla.novell.com/852600 http://download.novell.com/patch/finder/?keywords=eff99acea3a1f90185eac59915fd3708 From sle-updates at lists.suse.com Mon Jan 20 14:04:38 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jan 2014 22:04:38 +0100 (CET) Subject: SUSE-RU-2014:0103-1: Recommended update for mailx Message-ID: <20140120210438.E2D5032154@maintenance.suse.de> SUSE Recommended Update: Recommended update for mailx ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0103-1 Rating: low References: #827010 #853246 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for mailx enables IPv6 support and includes the following fixes: * Crop off the brackets of an ipv6 address if found. (bnc#853246) * Enable mailx to parse IPv6 addresses including a port ([ipv6]:port). (bnc#853246) * Do not pseudo detect Latin nor UTF-8 in binary attachments. (bnc#827010) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-mailx-8628 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-mailx-8628 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-mailx-8627 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-mailx-8627 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-mailx-8628 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-mailx-8627 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): mailx-12.5-1.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): mailx-12.5-1.5.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 12.5]: mailx-12.5-1.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 12.5]: mailx-12.5-1.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): mailx-12.5-1.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 12.5]: mailx-12.5-1.5.1 References: https://bugzilla.novell.com/827010 https://bugzilla.novell.com/853246 http://download.novell.com/patch/finder/?keywords=84e1e19cbb012895efbe040b84124608 http://download.novell.com/patch/finder/?keywords=e2f6af30f8140ba8166592feca7703f5 From sle-updates at lists.suse.com Mon Jan 20 15:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jan 2014 23:04:10 +0100 (CET) Subject: SUSE-RU-2014:0104-1: Recommended update for release-notes-sles and release-notes-SLES-for-VMware Message-ID: <20140120220410.A671632149@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles and release-notes-SLES-for-VMware ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0104-1 Rating: low References: #833778 #847006 #847621 #852291 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. It includes one version update. Description: This update provides the following changes to the Release Notes for SUSE Linux Enterprise Server 11 SP3: * New entries: o Systems with HP Smart Array Controller fail to boot after the update (bnc#847621 via fate#313833) o Providing TLS 1.2 support for Apache2 via mod_nss (bnc#847006 via fate#316419). * Obsolete and now removed entries: o YaST Repair Tool Limitation (bnc#852291) o update other info (bnc#833778). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-release-notes-sles-201402-8733 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-release-notes-sles-201402-8733 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 11.3.28]: release-notes-SLES-for-VMware-11.3.28-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 11.3.28]: release-notes-sles-11.3.28-0.8.1 References: https://bugzilla.novell.com/833778 https://bugzilla.novell.com/847006 https://bugzilla.novell.com/847621 https://bugzilla.novell.com/852291 http://download.novell.com/patch/finder/?keywords=e81bc006a01e6c56cc0ba39221b044d0 From sle-updates at lists.suse.com Mon Jan 20 15:04:58 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jan 2014 23:04:58 +0100 (CET) Subject: SUSE-RU-2014:0105-1: Recommended update for crash Message-ID: <20140120220458.1475A32154@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0105-1 Rating: low References: #826507 #828260 #835850 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This collective update for crash provides the following fixes: * Fix a bug that could cause removal of the booted kernel's vmlinux image. (bnc#828260) * Display tasks on a priority array of a CPU's RT runqueue. (bnc#826507) * Display the RT runqueue when using CFS scheduler. (bnc#826507) * Fix RT not support group sched bug. (bnc#826507) * Fix segmentation fault when trying to analyze vmcore of hypervisor panic. (bnc#835850) * Add many improvements and fixes for handling Xen vmcores. (bnc#835850) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-crash-8622 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-crash-8622 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-crash-8622 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): crash-devel-6.0.7-0.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): crash-6.0.7-0.12.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): crash-6.0.7-0.12.1 crash-sial-6.0.7-0.12.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): crash-6.0.7-0.12.1 crash-sial-6.0.7-0.12.1 References: https://bugzilla.novell.com/826507 https://bugzilla.novell.com/828260 https://bugzilla.novell.com/835850 http://download.novell.com/patch/finder/?keywords=65af870aeb38ffc62e62533ed79eb270 From sle-updates at lists.suse.com Mon Jan 20 15:05:38 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jan 2014 23:05:38 +0100 (CET) Subject: SUSE-RU-2014:0106-1: Recommended update for crash Message-ID: <20140120220538.370CC32154@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0106-1 Rating: low References: #777516 #819052 #826507 #828260 #835850 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes one version update. Description: This collective update for crash provides the following fixes: * Fix a bug that could cause removal of the booted kernel's vmlinux image. (bnc#828260) * Display tasks on a priority array of a CPU's RT runqueue. (bnc#826507) * Display the RT runqueue when using CFS scheduler. (bnc#826507) * Fix rt not support group sched bug. (bnc#826507) * Fix segmentation fault when trying to analyze vmcore of hypervisor panic. (bnc#835850) * Add many improvements and fixes for handling Xen vmcores. (bnc#835850) * Avoid negative RSS values when RSS counting is split. (bnc#819052) * Add fix for "crash when invoked without arguments fails to analyze the live system". (bnc#777516) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-crash-8623 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-crash-8623 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-crash-8623 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 6.0.7]: crash-devel-6.0.7-0.7.11.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 6.0.7]: crash-6.0.7-0.7.11.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 6.0.7]: crash-6.0.7-0.7.11.1 crash-sial-6.0.7-0.7.11.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 6.0.7]: crash-6.0.7-0.7.11.1 crash-sial-6.0.7-0.7.11.1 References: https://bugzilla.novell.com/777516 https://bugzilla.novell.com/819052 https://bugzilla.novell.com/826507 https://bugzilla.novell.com/828260 https://bugzilla.novell.com/835850 http://download.novell.com/patch/finder/?keywords=102ea10e6c3b571e1cf774dbb1736564 From sle-updates at lists.suse.com Tue Jan 21 04:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jan 2014 12:04:11 +0100 (CET) Subject: SUSE-RU-2014:0113-1: Recommended update for release-notes-sles and release-notes-SLES-for-VMware Message-ID: <20140121110411.2E3A23214F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles and release-notes-SLES-for-VMware ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0113-1 Rating: low References: #832264 #847006 #847621 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update provides three additions to the Release Notes for SUSE Linux Enterprise Server 11 SP2: * Enabling NFS 4.1 for nfsd (bnc#832264) * Systems with HP Smart Array Controller fail to boot after the update (bnc#847621 via fate#313833) * Providing TLS 1.2 support for Apache2 via mod_nss (bnc#847006 via fate#316419). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-release-notes-sles-201401-8728 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-release-notes-sles-201401-8728 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 11.2.0.50]: release-notes-SLES-for-VMware-11.2.0.50-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 11.2.0.50]: release-notes-sles-11.2.0.50-0.6.1 References: https://bugzilla.novell.com/832264 https://bugzilla.novell.com/847006 https://bugzilla.novell.com/847621 http://download.novell.com/patch/finder/?keywords=a519bd35cf3e4932b519410238ca0070 From sle-updates at lists.suse.com Tue Jan 21 12:04:09 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jan 2014 20:04:09 +0100 (CET) Subject: SUSE-SU-2014:0115-1: moderate: Security update for wireshark Message-ID: <20140121190410.0EFEB32159@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0115-1 Rating: moderate References: #855980 #856496 #856498 Cross-References: CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: wireshark was updated to security update version 1.8.12, fixing bugs and security issues. * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.htm l Security Issue references: * CVE-2013-7112 * CVE-2013-7113 * CVE-2013-7114 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-wireshark-8709 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-wireshark-8708 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-wireshark-8709 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-wireshark-8709 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-wireshark-8708 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-wireshark-8708 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-wireshark-8709 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-wireshark-8708 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.12]: wireshark-devel-1.8.12-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.12]: wireshark-devel-1.8.12-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 1.8.12]: wireshark-1.8.12-0.2.1 References: http://support.novell.com/security/cve/CVE-2013-7112.html http://support.novell.com/security/cve/CVE-2013-7113.html http://support.novell.com/security/cve/CVE-2013-7114.html https://bugzilla.novell.com/855980 https://bugzilla.novell.com/856496 https://bugzilla.novell.com/856498 http://download.novell.com/patch/finder/?keywords=b94c1e7c0199732af659caafafef6d7c http://download.novell.com/patch/finder/?keywords=f0d10203582ba7a6abdae8ec0de87eb2 From sle-updates at lists.suse.com Tue Jan 21 12:04:46 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jan 2014 20:04:46 +0100 (CET) Subject: SUSE-SU-2014:0116-1: moderate: Security update for flash-player Message-ID: <20140121190446.DDF573214F@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0116-1 Rating: moderate References: #858822 Cross-References: CVE-2014-0491 CVE-2014-0492 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This update fixes the following security issues with flash-player: * flash-player: security protection bypass (bnc#858822)(APSB14-02) o These updates resolve a vulnerability that could be used to bypass Flash Player security protections (CVE-2014-0491). o These updates resolve an address leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0492). o Ref.: http://helpx.adobe.com/security/products/flash-player/apsb14 -02.html Security Issue references: * CVE-2014-0491 * CVE-2014-0492 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-8774 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-flash-player-8773 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.335]: flash-player-11.2.202.335-0.4.1 flash-player-gnome-11.2.202.335-0.4.1 flash-player-kde4-11.2.202.335-0.4.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 11.2.202.335]: flash-player-11.2.202.335-0.4.1 flash-player-gnome-11.2.202.335-0.4.1 flash-player-kde4-11.2.202.335-0.4.1 References: http://support.novell.com/security/cve/CVE-2014-0491.html http://support.novell.com/security/cve/CVE-2014-0492.html https://bugzilla.novell.com/858822 http://download.novell.com/patch/finder/?keywords=f52d1952bf6e60475b16a31db971b133 http://download.novell.com/patch/finder/?keywords=fcde8605eb6348521c5fed404b1fa3b5 From sle-updates at lists.suse.com Thu Jan 23 15:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jan 2014 23:04:12 +0100 (CET) Subject: SUSE-RU-2014:0121-1: Recommended update for perl-Bootloader and yast2-bootloader Message-ID: <20140123220412.39D483215A@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Bootloader and yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0121-1 Rating: low References: #823601 #826632 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes two new package versions. Description: This combined update for perl-Bootloader and yast2-bootloader speeds up device scanning, significantly reducing the time needed to setup the boot loader on systems with many disks and LUNs (bnc#823601, bnc#826632). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-perl-yast-bootloader-201312-8649 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-perl-yast-bootloader-201312-8649 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-perl-yast-bootloader-201312-8649 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 0.4.89.57 and 2.17.97]: perl-Bootloader-0.4.89.57-0.7.5 yast2-bootloader-2.17.97-0.7.28 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.4.89.57 and 2.17.97]: perl-Bootloader-0.4.89.57-0.7.5 yast2-bootloader-2.17.97-0.7.28 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.4.89.57 and 2.17.97]: perl-Bootloader-0.4.89.57-0.7.5 yast2-bootloader-2.17.97-0.7.28 References: https://bugzilla.novell.com/823601 https://bugzilla.novell.com/826632 http://download.novell.com/patch/finder/?keywords=cc388689e0d1c7dfcd991238b1952704 From sle-updates at lists.suse.com Fri Jan 24 09:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jan 2014 17:04:11 +0100 (CET) Subject: SUSE-RU-2014:0124-1: moderate: Recommended update for autofs Message-ID: <20140124160411.63D8D3215C@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0124-1 Rating: moderate References: #820585 #833733 #842622 #853469 #855883 #859969 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for AutoFS provides fixes for the following issues: * A segmentation fault caused by thread-unsafe initialization and clean-up of libldap. (bnc#820585, bnc#853469) * A segmentation fault caused by thread-unsafe usage of glibc's netconfig() functions. (bnc#842622, bnc#833733) * A race condition that could make automount quit after receiving a SIGHUP. (bnc#855883) * A deadlock when trying to lock a mutex that's already owned by the same thread. (bnc#859969) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-autofs-8820 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-autofs-8820 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-autofs-8820 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): autofs-5.0.6-3.10.16.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): autofs-5.0.6-3.10.16.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): autofs-5.0.6-3.10.16.1 References: https://bugzilla.novell.com/820585 https://bugzilla.novell.com/833733 https://bugzilla.novell.com/842622 https://bugzilla.novell.com/853469 https://bugzilla.novell.com/855883 https://bugzilla.novell.com/859969 http://download.novell.com/patch/finder/?keywords=414a9fba6b9d24118a016074658c366c From sle-updates at lists.suse.com Fri Jan 24 22:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Jan 2014 06:04:11 +0100 (CET) Subject: SUSE-SU-2014:0129-1: moderate: Security update for subversion Message-ID: <20140125050411.8DD563215C@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0129-1 Rating: moderate References: #850667 Cross-References: CVE-2013-4505 CVE-2013-4558 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The following issues have been fixed in subversion: * mod_dontdothat did not restrict requests from serf based clients (CVE-2013-4505) * DoS via an assert in mod_dav_svn (CVE-2013-4558) Security Issue references: * CVE-2013-4505 * CVE-2013-4558 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-subversion-8770 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-subversion-8771 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-subversion-8770 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): subversion-1.6.17-1.25.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.25.1 subversion-devel-1.6.17-1.25.1 subversion-perl-1.6.17-1.25.1 subversion-python-1.6.17-1.25.1 subversion-server-1.6.17-1.25.1 subversion-tools-1.6.17-1.25.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.25.1 subversion-devel-1.6.17-1.25.1 subversion-perl-1.6.17-1.25.1 subversion-python-1.6.17-1.25.1 subversion-server-1.6.17-1.25.1 subversion-tools-1.6.17-1.25.1 References: http://support.novell.com/security/cve/CVE-2013-4505.html http://support.novell.com/security/cve/CVE-2013-4558.html https://bugzilla.novell.com/850667 http://download.novell.com/patch/finder/?keywords=2049928450e987f08e12a06dc79272fd http://download.novell.com/patch/finder/?keywords=8fb03f08094944d594f078df4a036170 From sle-updates at lists.suse.com Fri Jan 24 22:04:28 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Jan 2014 06:04:28 +0100 (CET) Subject: SUSE-SU-2014:0130-1: important: Security update for oracle-update Message-ID: <20140125050428.B15923215C@maintenance.suse.de> SUSE Security Update: Security update for oracle-update ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0130-1 Rating: important References: #859033 Cross-References: CVE-2013-5764 CVE-2013-5853 CVE-2013-5858 CVE-2014-0377 CVE-2014-0378 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This oracle-server update fixes the issues from the January 2014 Oracle Critical Patch Update: CVE-2013-5858, CVE-2013-5853, CVE-2014-0377, CVE-2013-5764 and CVE-2014-0378. Security Issue references: * CVE-2013-5858 * CVE-2013-5853 * CVE-2014-0377 * CVE-2013-5764 * CVE-2014-0378 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-oracle-update-8816 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): oracle-update-1.7-0.23.1 References: http://support.novell.com/security/cve/CVE-2013-5764.html http://support.novell.com/security/cve/CVE-2013-5853.html http://support.novell.com/security/cve/CVE-2013-5858.html http://support.novell.com/security/cve/CVE-2014-0377.html http://support.novell.com/security/cve/CVE-2014-0378.html https://bugzilla.novell.com/859033 http://download.novell.com/patch/finder/?keywords=b29bf6be21e017ded3464349daae8ab9 From sle-updates at lists.suse.com Fri Jan 24 22:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Jan 2014 06:04:43 +0100 (CET) Subject: SUSE-RU-2014:0131-1: Recommended update for pesign-obs-integration Message-ID: <20140125050443.0C4E33215E@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign-obs-integration ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0131-1 Rating: low References: #841627 #857599 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The modsign-repackage tool from the pesign-obs-repackage package has a new option --signatures. Its argument is a directory with *.sig files for each module in the KMPs to be repackaged. When this option is used, the --key option is not needed: $ find ./dir ./dir/lib/modules/3.0.76-0.11-default/updates/module.ko.sig ./dir/lib/modules/3.0.76-0.11-xen/updates/module.ko.sig ... $ modsign-repackage --certificate cert.x509 --signatures ./dir exaple-kmp-default.rpm example-kmp-xen.rpm Additionally, the buildservice signing now defaults to sign all *.ko and /lib/firmware files. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-pesign-obs-integration-8787 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-pesign-obs-integration-8787 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-pesign-obs-integration-8787 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): pesign-obs-integration-10.0-0.20.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): pesign-obs-integration-10.0-0.20.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): pesign-obs-integration-10.0-0.20.1 References: https://bugzilla.novell.com/841627 https://bugzilla.novell.com/857599 http://download.novell.com/patch/finder/?keywords=de3b41690be751bd7c01999d01f9f298 From sle-updates at lists.suse.com Fri Jan 24 22:05:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Jan 2014 06:05:13 +0100 (CET) Subject: SUSE-RU-2014:0132-1: moderate: Recommended update for sysstat Message-ID: <20140125050513.A30763215E@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0132-1 Rating: moderate References: #816833 #839091 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sysstat provides the following fixes: * Handle overflow of the {rd,wr}_ticks counters. (bnc#839091) * Inform user if sar is called without parameters and data collecting isn't enabled. (bnc#816833) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-sysstat-8717 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-sysstat-8717 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-sysstat-8717 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): sysstat-8.1.5-7.47.1 sysstat-isag-8.1.5-7.47.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): sysstat-8.1.5-7.47.1 sysstat-isag-8.1.5-7.47.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): sysstat-8.1.5-7.47.1 References: https://bugzilla.novell.com/816833 https://bugzilla.novell.com/839091 http://download.novell.com/patch/finder/?keywords=28805b7cb660c62333debe79c005d597 From sle-updates at lists.suse.com Fri Jan 24 22:05:42 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Jan 2014 06:05:42 +0100 (CET) Subject: SUSE-RU-2014:0133-1: moderate: Recommended update for sysstat Message-ID: <20140125050542.27CF83215E@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0133-1 Rating: moderate References: #799920 #816833 #839091 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sysstat provides the following fixes: * Fix 'iostat -n' crashing on nfs volumes. (bnc#799920) * Handle overflow of the {rd,wr}_ticks counters. (bnc#839091) * Inform user if sar is called without parameters and data collecting isn't enabled. (bnc#816833) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-sysstat-8718 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-sysstat-8718 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-sysstat-8718 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): sysstat-8.1.5-7.38.40.1 sysstat-isag-8.1.5-7.38.40.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): sysstat-8.1.5-7.38.40.1 sysstat-isag-8.1.5-7.38.40.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): sysstat-8.1.5-7.38.40.1 References: https://bugzilla.novell.com/799920 https://bugzilla.novell.com/816833 https://bugzilla.novell.com/839091 http://download.novell.com/patch/finder/?keywords=6f6fa7ad2e166aa4e95eeb3642c7d2b2 From sle-updates at lists.suse.com Fri Jan 24 22:06:19 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Jan 2014 06:06:19 +0100 (CET) Subject: SUSE-RU-2014:0124-2: moderate: Recommended update for autofs Message-ID: <20140125050619.EB4063215E@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0124-2 Rating: moderate References: #820585 #833733 #842622 #853469 #855883 #859969 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. It includes one version update. Description: This update for AutoFS provides fixes for the following issues: * A segmentation fault caused by thread-unsafe initialization and clean-up of libldap. (bnc#820585, bnc#853469) * A segmentation fault caused by thread-unsafe usage of glibc's netconfig() functions. (bnc#842622, bnc#833733) * A race condition that could make automount quit after receiving a SIGHUP. (bnc#855883) * A deadlock when trying to lock a mutex that's already owned by the same thread. (bnc#859969) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-autofs-8819 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-autofs-8819 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-autofs-8819 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 5.0.6]: autofs-5.0.6-3.10.16.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.0.6]: autofs-5.0.6-3.10.16.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 5.0.6]: autofs-5.0.6-3.10.16.1 References: https://bugzilla.novell.com/820585 https://bugzilla.novell.com/833733 https://bugzilla.novell.com/842622 https://bugzilla.novell.com/853469 https://bugzilla.novell.com/855883 https://bugzilla.novell.com/859969 http://download.novell.com/patch/finder/?keywords=a0dc387cb69b2de4983b2fae0e7e78aa From sle-updates at lists.suse.com Mon Jan 27 09:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jan 2014 17:04:11 +0100 (CET) Subject: SUSE-SU-2014:0137-1: moderate: Security update for rubygem-activemodel-3_1 Message-ID: <20140127160411.992F332163@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activemodel-3_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0137-1 Rating: moderate References: #846239 Cross-References: CVE-2013-4389 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes two new package versions. Description: The Rubygem ActiveModel was updated to version 3.1.4 to fix some bugs: * Small documentation fix in Active Model callbacks module. * Improve cache on route_key lookup. * Fix ActiveModel::Errors#dup. * Ruby 2.0 makes protected methods return false for respond_to, so pass true as the second parameter. Security Issue reference: * CVE-2013-4389 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-rubygem-actionmailer-3_2-8665 slewyst13-rubygem-activesupport-3_2-8669 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-actionmailer-3_2-8665 slestso13-rubygem-activesupport-3_2-8669 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rubygem-actionmailer-3_1-8664 sdksp3-rubygem-activemodel-3_1-8677 sdksp3-rubygem-activesupport-3_1-8668 sdksp3-rubygem-activesupport-3_2-8670 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-rubygem-activesupport-3_2-8669 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-actionmailer-3_2-8665 sleslms13-rubygem-activesupport-3_2-8669 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.2.12]: rubygem-actionmailer-3_2-3.2.12-0.7.3 rubygem-activesupport-3_2-3.2.12-0.7.1 - SUSE Studio Onsite 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionmailer-3_2-3.2.12-0.7.3 rubygem-activesupport-3_2-3.2.12-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.1.4]: rubygem-actionmailer-3_1-3.1.4-0.7.3 rubygem-activemodel-3_1-3.1.4-0.7.1 rubygem-activesupport-3_1-3.1.4-0.7.1 rubygem-activesupport-3_2-3.2.12-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): rubygem-activesupport-3_2-3.2.12-0.7.1 - SUSE Lifecycle Management Server 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionmailer-3_2-3.2.12-0.7.3 rubygem-activesupport-3_2-3.2.12-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-4389.html https://bugzilla.novell.com/846239 http://download.novell.com/patch/finder/?keywords=2f5f8746fdd59e317fd670d6992aa769 http://download.novell.com/patch/finder/?keywords=8b56e11bc155aa2e747853d6e5ef6f77 http://download.novell.com/patch/finder/?keywords=96ba098b416c982a0173facf263c7f54 http://download.novell.com/patch/finder/?keywords=a54ac06340589b745aa0713384211b72 http://download.novell.com/patch/finder/?keywords=ac7fe3b0288f63e45fba4cdd477d4a8f http://download.novell.com/patch/finder/?keywords=fd30ac9ae0ce346115ab0e4899f05508 From sle-updates at lists.suse.com Mon Jan 27 09:05:06 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jan 2014 17:05:06 +0100 (CET) Subject: SUSE-SU-2014:0140-1: moderate: Security update for Linux kernel Message-ID: <20140127160506.CF37432163@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0140-1 Rating: moderate References: #708296 #769644 #787843 #789359 #798050 #806988 #807434 #810323 #813245 #818545 #819979 #820102 #820338 #821980 #823618 #825696 #825896 #826602 #826756 #827767 #828236 #831168 #834473 #834708 #834808 #835074 #835186 #836718 #837739 #838623 #839407 #840226 #841445 #842239 #843419 #843429 #843445 #843642 #843645 #845621 #845729 #846036 #846984 #847261 #848321 #848336 #848544 #848652 #849021 #849029 #849034 #849404 #849675 #849809 #849848 #849950 #850640 #851066 #851101 #851314 #852373 #852558 #852559 #852624 #853050 #853051 #853052 #854546 #854634 #854722 #855037 Cross-References: CVE-2013-4345 CVE-2013-4483 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4587 CVE-2013-4592 CVE-2013-6367 CVE-2013-6368 CVE-2013-6378 CVE-2013-6380 CVE-2013-6383 CVE-2013-6463 CVE-2013-7027 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 57 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added: * supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed: * CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) * CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) * CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) * CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) * CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) * CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) * CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) * CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) * CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) * CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) * CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) * CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) * CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) * CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) Also the following non-security bugs have been fixed: * kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). * printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). * blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). * x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). * futex: fix handling of read-only-mapped hugepages (VM Functionality). * random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). * Provide realtime priority kthread and workqueue boot options (bnc#836718). * sched: Fix several races in CFS_BANDWIDTH (bnc#848336). * sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). * sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). * sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). * sched: Fix buglet in return_cfs_rq_runtime(). * sched: Guarantee new group-entities always have weight (bnc#848336). * sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). * watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). * tcp: bind() fix autoselection to share ports (bnc#823618). * tcp: bind() use stronger condition for bind_conflict (bnc#823618). * tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). * macvlan: disable LRO on lower device instead of macvlan (bnc#846984). * macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). * macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). * xen: netback: bump tx queue length (bnc#849404). * xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). * xen: fixed USB passthrough issue (bnc#852624). * netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). * xfrm: invalidate dst on policy insertion/deletion (bnc#842239). * xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). * crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). * crypto: gf128mul - fix call to memset() (obvious fix). * autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). * autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). * autofs4: close the races around autofs4_notify_daemon() (bnc#851314). * autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). * autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). * autofs4 - fix deal with autofs4_write races (bnc#851314). * autofs4 - use simple_empty() for empty directory check (bnc#851314). * blkdev_max_block: make private to fs/buffer.c (bnc#820338). * Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). * dlm: set zero linger time on sctp socket (bnc#787843). * SUNRPC: Fix a data corruption issue when retransmitting RPC calls (bnc#855037) * nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). * nfs: Adapt readdirplus to application usage patterns (bnc#834708). * xfs: Account log unmount transaction correctly (bnc#849950). * xfs: improve ioend error handling (bnc#846036). * xfs: reduce ioend latency (bnc#846036). * xfs: use per-filesystem I/O completion workqueues (bnc#846036). * xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). * vfs: avoid "attempt to access beyond end of device" warnings (bnc#820338). * vfs: fix O_DIRECT read past end of block device (bnc#820338). * cifs: Improve performance of browsing directories with several files (bnc#810323). * cifs: Ensure cifs directories do not show up as files (bnc#826602). * sd: avoid deadlocks when running under multipath (bnc#818545). * sd: fix crash when UA received on DIF enabled device (bnc#841445). * sg: fix blk_get_queue usage (bnc#834808). * block: factor out vector mergeable decision to a helper function (bnc#769644). * block: modify __bio_add_page check to accept pages that do not start a new segment (bnc#769644). * dm-multipath: abort all requests when failing a path (bnc#798050). * scsi: Add "eh_deadline" to limit SCSI EH runtime (bnc#798050). * scsi: Allow error handling timeout to be specified (bnc#798050). * scsi: Fixup compilation warning (bnc#798050). * scsi: Retry failfast commands after EH (bnc#798050). * scsi: Warn on invalid command completion (bnc#798050). * scsi: kABI fixes (bnc#798050). * scsi: remove check for "resetting" (bnc#798050). * advansys: Remove "last_reset" references (bnc#798050). * cleanup setting task state in scsi_error_handler() (bnc#798050). * dc395: Move "last_reset" into internal host structure (bnc#798050). * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). * tmscsim: Move "last_reset" into host structure (bnc#798050). * scsi_dh: invoke callback if ->activate is not present (bnc#708296). * scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). * scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). * scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). * scsi_dh_alua: Evaluate state for all port groups (bnc#708296). * scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). * scsi_dh_alua: Make stpg synchronous (bnc#708296). * scsi_dh_alua: Pass buffer as function argument (bnc#708296). * scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). * scsi_dh_alua: Recheck state on transitioning (bnc#708296). * scsi_dh_alua: Rework rtpg workqueue (bnc#708296). * scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). * scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). * scsi_dh_alua: asynchronous RTPG (bnc#708296). * scsi_dh_alua: correctly terminate target port strings (bnc#708296). * scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). * scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). * scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). * scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). * scsi_dh_alua: invalid state information for "optimized" paths (bnc#843445). * scsi_dh_alua: move RTPG to workqueue (bnc#708296). * scsi_dh_alua: move "expiry" into PG structure (bnc#708296). * scsi_dh_alua: move some sense code handling into generic code (bnc#813245). * scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). * scsi_dh_alua: parse target device id (bnc#708296). * scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). * scsi_dh_alua: put sense buffer on stack (bnc#708296). * scsi_dh_alua: reattaching device handler fails with "Error 15" (bnc#843429). * scsi_dh_alua: remove locking when checking state (bnc#708296). * scsi_dh_alua: remove stale variable (bnc#708296). * scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). * scsi_dh_alua: retry command on "mode parameter changed" sense code (bnc#843645). * scsi_dh_alua: simplify alua_check_sense() (bnc#843642). * scsi_dh_alua: simplify state update (bnc#708296). * scsi_dh_alua: use delayed_work (bnc#708296). * scsi_dh_alua: use flag for RTPG extended header (bnc#708296). * scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). * scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). * lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). * lpfc: Fix kernel warning on spinlock usage (bnc#806988). * lpfc: Fixed system panic due to midlayer abort (bnc#806988). * qla2xxx: Add module parameter to override the default request queue size (bnc#826756). * qla2xxx: Module parameter "ql2xasynclogin" (bnc#825896). * bna: do not register ndo_set_rx_mode callback (bnc#847261). * hv: handle more than just WS2008 in KVP negotiation (bnc#850640). * drm: do not add inferred modes for monitors that do not support them (bnc#849809). * pci/quirks: Modify reset method for Chelsio T4 (bnc#831168). * pci: fix truncation of resource size to 32 bits (bnc#843419). * pci: pciehp: Retrieve link speed after link is trained (bnc#820102). * pci: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). * pci: pciehp: replace unconditional sleep with config space access check (bnc#820102). * pci: pciehp: make check_link_active more helpful (bnc#820102). * pci: pciehp: Add pcie_wait_link_not_active() (bnc#820102). * pci: pciehp: Add Disable/enable link functions (bnc#820102). * pci: pciehp: Disable/enable link during slot power off/on (bnc#820102). * mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). * mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). * net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). * qeth: request length checking in snmp ioctl (bnc#849848, LTC#99511). * cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). * s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). * s390/cio: skip broken paths (bnc#837739,LTC#97047). * s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). * s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047). Security Issue references: * CVE-2013-4345 * CVE-2013-4483 * CVE-2013-4511 * CVE-2013-4514 * CVE-2013-4515 * CVE-2013-4587 * CVE-2013-4592 * CVE-2013-6367 * CVE-2013-6368 * CVE-2013-6378 * CVE-2013-6380 * CVE-2013-6383 * CVE-2013-6463 * CVE-2013-7027 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-kernel-8779 slessp2-kernel-8791 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-kernel-8779 slessp2-kernel-8780 slessp2-kernel-8781 slessp2-kernel-8791 slessp2-kernel-8792 - SUSE Linux Enterprise High Availability Extension 11 SP2: zypper in -t patch sleshasp2-kernel-8779 sleshasp2-kernel-8780 sleshasp2-kernel-8781 sleshasp2-kernel-8791 sleshasp2-kernel-8792 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-kernel-8779 sledsp2-kernel-8791 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.15.1 kernel-default-base-3.0.101-0.7.15.1 kernel-default-devel-3.0.101-0.7.15.1 kernel-source-3.0.101-0.7.15.1 kernel-syms-3.0.101-0.7.15.1 kernel-trace-3.0.101-0.7.15.1 kernel-trace-base-3.0.101-0.7.15.1 kernel-trace-devel-3.0.101-0.7.15.1 kernel-xen-devel-3.0.101-0.7.15.1 xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.15.1 kernel-pae-base-3.0.101-0.7.15.1 kernel-pae-devel-3.0.101-0.7.15.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.15.1 kernel-default-base-3.0.101-0.7.15.1 kernel-default-devel-3.0.101-0.7.15.1 kernel-source-3.0.101-0.7.15.1 kernel-syms-3.0.101-0.7.15.1 kernel-trace-3.0.101-0.7.15.1 kernel-trace-base-3.0.101-0.7.15.1 kernel-trace-devel-3.0.101-0.7.15.1 - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.7.15.1 kernel-ec2-base-3.0.101-0.7.15.1 kernel-ec2-devel-3.0.101-0.7.15.1 kernel-xen-3.0.101-0.7.15.1 kernel-xen-base-3.0.101-0.7.15.1 kernel-xen-devel-3.0.101-0.7.15.1 xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12 xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12 - SUSE Linux Enterprise Server 11 SP2 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.7.15.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.7.15.1 kernel-ppc64-base-3.0.101-0.7.15.1 kernel-ppc64-devel-3.0.101-0.7.15.1 - SUSE Linux Enterprise Server 11 SP2 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.15.1 kernel-pae-base-3.0.101-0.7.15.1 kernel-pae-devel-3.0.101-0.7.15.1 xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.7.15-2.18.79 cluster-network-kmp-trace-1.4_3.0.101_0.7.15-2.18.79 gfs2-kmp-default-2_3.0.101_0.7.15-0.7.107 gfs2-kmp-trace-2_3.0.101_0.7.15-0.7.107 ocfs2-kmp-default-1.6_3.0.101_0.7.15-0.11.78 ocfs2-kmp-trace-1.6_3.0.101_0.7.15-0.11.78 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.7.15-2.18.79 gfs2-kmp-xen-2_3.0.101_0.7.15-0.7.107 ocfs2-kmp-xen-1.6_3.0.101_0.7.15-0.11.78 - SUSE Linux Enterprise High Availability Extension 11 SP2 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.7.15-2.18.79 gfs2-kmp-ppc64-2_3.0.101_0.7.15-0.7.107 ocfs2-kmp-ppc64-1.6_3.0.101_0.7.15-0.11.78 - SUSE Linux Enterprise High Availability Extension 11 SP2 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.7.15-2.18.79 gfs2-kmp-pae-2_3.0.101_0.7.15-0.7.107 ocfs2-kmp-pae-1.6_3.0.101_0.7.15-0.11.78 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.15.1 kernel-default-base-3.0.101-0.7.15.1 kernel-default-devel-3.0.101-0.7.15.1 kernel-default-extra-3.0.101-0.7.15.1 kernel-source-3.0.101-0.7.15.1 kernel-syms-3.0.101-0.7.15.1 kernel-trace-3.0.101-0.7.15.1 kernel-trace-base-3.0.101-0.7.15.1 kernel-trace-devel-3.0.101-0.7.15.1 kernel-trace-extra-3.0.101-0.7.15.1 kernel-xen-3.0.101-0.7.15.1 kernel-xen-base-3.0.101-0.7.15.1 kernel-xen-devel-3.0.101-0.7.15.1 kernel-xen-extra-3.0.101-0.7.15.1 xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12 xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.15.1 kernel-pae-base-3.0.101-0.7.15.1 kernel-pae-devel-3.0.101-0.7.15.1 kernel-pae-extra-3.0.101-0.7.15.1 xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): ext4-writeable-kmp-default-0_3.0.101_0.7.15-0.14.88 ext4-writeable-kmp-trace-0_3.0.101_0.7.15-0.14.88 kernel-default-extra-3.0.101-0.7.15.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): ext4-writeable-kmp-xen-0_3.0.101_0.7.15-0.14.88 kernel-xen-extra-3.0.101-0.7.15.1 - SLE 11 SERVER Unsupported Extras (ppc64): ext4-writeable-kmp-ppc64-0_3.0.101_0.7.15-0.14.88 kernel-ppc64-extra-3.0.101-0.7.15.1 - SLE 11 SERVER Unsupported Extras (i586): ext4-writeable-kmp-pae-0_3.0.101_0.7.15-0.14.88 kernel-pae-extra-3.0.101-0.7.15.1 References: http://support.novell.com/security/cve/CVE-2013-4345.html http://support.novell.com/security/cve/CVE-2013-4483.html http://support.novell.com/security/cve/CVE-2013-4511.html http://support.novell.com/security/cve/CVE-2013-4514.html http://support.novell.com/security/cve/CVE-2013-4515.html http://support.novell.com/security/cve/CVE-2013-4587.html http://support.novell.com/security/cve/CVE-2013-4592.html http://support.novell.com/security/cve/CVE-2013-6367.html http://support.novell.com/security/cve/CVE-2013-6368.html http://support.novell.com/security/cve/CVE-2013-6378.html http://support.novell.com/security/cve/CVE-2013-6380.html http://support.novell.com/security/cve/CVE-2013-6383.html http://support.novell.com/security/cve/CVE-2013-6463.html http://support.novell.com/security/cve/CVE-2013-7027.html https://bugzilla.novell.com/708296 https://bugzilla.novell.com/769644 https://bugzilla.novell.com/787843 https://bugzilla.novell.com/789359 https://bugzilla.novell.com/798050 https://bugzilla.novell.com/806988 https://bugzilla.novell.com/807434 https://bugzilla.novell.com/810323 https://bugzilla.novell.com/813245 https://bugzilla.novell.com/818545 https://bugzilla.novell.com/819979 https://bugzilla.novell.com/820102 https://bugzilla.novell.com/820338 https://bugzilla.novell.com/821980 https://bugzilla.novell.com/823618 https://bugzilla.novell.com/825696 https://bugzilla.novell.com/825896 https://bugzilla.novell.com/826602 https://bugzilla.novell.com/826756 https://bugzilla.novell.com/827767 https://bugzilla.novell.com/828236 https://bugzilla.novell.com/831168 https://bugzilla.novell.com/834473 https://bugzilla.novell.com/834708 https://bugzilla.novell.com/834808 https://bugzilla.novell.com/835074 https://bugzilla.novell.com/835186 https://bugzilla.novell.com/836718 https://bugzilla.novell.com/837739 https://bugzilla.novell.com/838623 https://bugzilla.novell.com/839407 https://bugzilla.novell.com/840226 https://bugzilla.novell.com/841445 https://bugzilla.novell.com/842239 https://bugzilla.novell.com/843419 https://bugzilla.novell.com/843429 https://bugzilla.novell.com/843445 https://bugzilla.novell.com/843642 https://bugzilla.novell.com/843645 https://bugzilla.novell.com/845621 https://bugzilla.novell.com/845729 https://bugzilla.novell.com/846036 https://bugzilla.novell.com/846984 https://bugzilla.novell.com/847261 https://bugzilla.novell.com/848321 https://bugzilla.novell.com/848336 https://bugzilla.novell.com/848544 https://bugzilla.novell.com/848652 https://bugzilla.novell.com/849021 https://bugzilla.novell.com/849029 https://bugzilla.novell.com/849034 https://bugzilla.novell.com/849404 https://bugzilla.novell.com/849675 https://bugzilla.novell.com/849809 https://bugzilla.novell.com/849848 https://bugzilla.novell.com/849950 https://bugzilla.novell.com/850640 https://bugzilla.novell.com/851066 https://bugzilla.novell.com/851101 https://bugzilla.novell.com/851314 https://bugzilla.novell.com/852373 https://bugzilla.novell.com/852558 https://bugzilla.novell.com/852559 https://bugzilla.novell.com/852624 https://bugzilla.novell.com/853050 https://bugzilla.novell.com/853051 https://bugzilla.novell.com/853052 https://bugzilla.novell.com/854546 https://bugzilla.novell.com/854634 https://bugzilla.novell.com/854722 https://bugzilla.novell.com/855037 http://download.novell.com/patch/finder/?keywords=282330ca15c25c5d414afa797fd00055 http://download.novell.com/patch/finder/?keywords=3d92bf18525263d6502455d7bb30778d http://download.novell.com/patch/finder/?keywords=457afa810386e3c89cbe7d34f2669ec6 http://download.novell.com/patch/finder/?keywords=67177844fdc4ad7928d0b72e827b1792 http://download.novell.com/patch/finder/?keywords=6d440d2c2b586181d099e77b38c3f10c http://download.novell.com/patch/finder/?keywords=7e6471ccc2fab115e43fdd4825b2703d http://download.novell.com/patch/finder/?keywords=8f7b9d1a1e950072493fafe9d3ce7b0b http://download.novell.com/patch/finder/?keywords=96c8b378c86a8c1970d130e0ca6c215e http://download.novell.com/patch/finder/?keywords=9a3c3a81214dce764b5a30eb1137ff05 http://download.novell.com/patch/finder/?keywords=a3c4d33c79469ac8a1f49845dce098d2 From sle-updates at lists.suse.com Mon Jan 27 13:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jan 2014 21:04:10 +0100 (CET) Subject: SUSE-RU-2014:0141-1: moderate: Recommended update for crmsh Message-ID: <20140127200410.CA46E32163@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0141-1 Rating: moderate References: #841764 #858257 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for crmsh provides the following fixes: * Handle role assignment in location constraints as generated by updated Pacemaker. (bnc#858257) * Update fix for configure load method. (bnc#841764) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-crmsh-8765 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.2.6]: crmsh-1.2.6-0.27.1 References: https://bugzilla.novell.com/841764 https://bugzilla.novell.com/858257 http://download.novell.com/patch/finder/?keywords=f36c5dacbe8e9a5b99777a343f73d0dd From sle-updates at lists.suse.com Tue Jan 28 08:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jan 2014 16:04:11 +0100 (CET) Subject: SUSE-SU-2014:0149-1: moderate: Security update for openstack-nova Message-ID: <20140128150411.6F68E32166@maintenance.suse.de> SUSE Security Update: Security update for openstack-nova ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0149-1 Rating: moderate References: #847648 #848825 Cross-References: CVE-2013-4463 CVE-2013-4497 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: This version update of openstack-nova fixes the following issues: * Ensure that oversized images are not booted. (CVE-2013-4463) * Ensure that XenAPI security groups are kept through migrate or resize. (CVE-2013-4497) Security Issues references: * CVE-2013-4463 * CVE-2013-4497 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-openstack-nova-8676 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64) [New Version: 2013.1.5.a17.g4655df1]: openstack-nova-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-api-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-cells-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-cert-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-compute-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-conductor-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-console-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-consoleauth-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-novncproxy-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-objectstore-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-scheduler-2013.1.5.a17.g4655df1-0.7.1 openstack-nova-vncproxy-2013.1.5.a17.g4655df1-0.7.1 python-nova-2013.1.5.a17.g4655df1-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-4463.html http://support.novell.com/security/cve/CVE-2013-4497.html https://bugzilla.novell.com/847648 https://bugzilla.novell.com/848825 http://download.novell.com/patch/finder/?keywords=963d3704946a714b607c467e353bc9dd From sle-updates at lists.suse.com Tue Jan 28 09:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jan 2014 17:04:10 +0100 (CET) Subject: SUSE-SU-2014:0150-1: Security update for libxml2 Message-ID: <20140128160410.CD6DB32167@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0150-1 Rating: low References: #829077 #854869 Cross-References: CVE-2013-2877 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes a DoS vulnerability in libxml2. CVE-2013-2877 has been assigned to this issue. Security Issue reference: * CVE-2013-2877 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libxml2-8714 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-libxml2-8713 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libxml2-8714 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libxml2-8714 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-libxml2-8713 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-libxml2-8713 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libxml2-8715 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libxml2-8714 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-libxml2-8713 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.25.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.25.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libxml2-2.7.6-0.25.1 libxml2-doc-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.25.1 libxml2-doc-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libxml2-x86-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): libxml2-2.7.6-0.25.1 libxml2-doc-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.25.1 libxml2-doc-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libxml2-x86-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): libxml2-2.7.6-0.25.1 libxml2-doc-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libxml2-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libxml2-32bit-2.7.6-0.25.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libxml2-2.7.6-0.25.1 libxml2-python-2.7.6-0.25.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libxml2-32bit-2.7.6-0.25.1 References: http://support.novell.com/security/cve/CVE-2013-2877.html https://bugzilla.novell.com/829077 https://bugzilla.novell.com/854869 http://download.novell.com/patch/finder/?keywords=0c936564803f98a5cd705410a42ff5d7 http://download.novell.com/patch/finder/?keywords=192bc6cf648429344756348581fe18f9 http://download.novell.com/patch/finder/?keywords=289bdd1d9305ac3ded648c5dc9315daf From sle-updates at lists.suse.com Tue Jan 28 11:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jan 2014 19:04:10 +0100 (CET) Subject: SUSE-RU-2014:0151-1: moderate: Recommended update for sm-ncc-sync-data Message-ID: <20140128180410.C895532167@maintenance.suse.de> SUSE Recommended Update: Recommended update for sm-ncc-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0151-1 Rating: moderate References: #845533 #847374 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update provides the following additions: * Enable OES 11-SP2 channels on SUSE Manager. (bnc#847374) * Add support for RES6-HA channels. (bnc#845533) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-sm-ncc-sync-data-8813 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.15]: sm-ncc-sync-data-1.7.15-0.5.1 References: https://bugzilla.novell.com/845533 https://bugzilla.novell.com/847374 http://download.novell.com/patch/finder/?keywords=07ce77a583a23244410ff38489f24ff6 From sle-updates at lists.suse.com Tue Jan 28 11:04:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jan 2014 19:04:43 +0100 (CET) Subject: SUSE-SU-2014:0152-1: moderate: Security update for rubygem-actionpack-3_2 Message-ID: <20140128180443.53CC732164@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-3_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0152-1 Rating: moderate References: #846239 #853625 #853627 #853632 #853633 Cross-References: CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. It includes one version update. Description: This update fixes the following security issues with rubygem-actionpack: * bnc#853625: i18n missing translation XSS (CVE-2013-4491) * bnc#853627: unsafe query generation risk (incomplete fix for CVE-2013-0155) (CVE-2013-6417) * bnc#853632: number_to_currency XSS (CVE-2013-6415) * bnc#853633: Action View DoS (CVE-2013-6414) * bnc#846239: fix possible DoS vulnerability in the log subscriber component (CVE-2013-4389) Security Issue references: * CVE-2013-4491 * CVE-2013-6417 * CVE-2013-6415 * CVE-2013-6414 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-rubygem-actionpack-3_2-8667 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-actionpack-3_2-8667 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-actionpack-3_2-8667 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.2.12]: rubygem-actionpack-3_2-3.2.12-0.11.1 - SUSE Studio Onsite 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionpack-3_2-3.2.12-0.11.1 - SUSE Lifecycle Management Server 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionpack-3_2-3.2.12-0.11.1 References: http://support.novell.com/security/cve/CVE-2013-4491.html http://support.novell.com/security/cve/CVE-2013-6414.html http://support.novell.com/security/cve/CVE-2013-6415.html http://support.novell.com/security/cve/CVE-2013-6417.html https://bugzilla.novell.com/846239 https://bugzilla.novell.com/853625 https://bugzilla.novell.com/853627 https://bugzilla.novell.com/853632 https://bugzilla.novell.com/853633 http://download.novell.com/patch/finder/?keywords=4f7a3b6109dc5ea4e4fb5301ae244222 From sle-updates at lists.suse.com Tue Jan 28 11:06:02 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jan 2014 19:06:02 +0100 (CET) Subject: SUSE-SU-2014:0153-1: moderate: Security update for rubygem-actionpack-2_3 Message-ID: <20140128180602.0370B32167@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-2_3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0153-1 Rating: moderate References: #853632 Cross-References: CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: This update fixes the following security issues with rubygem-actionpack: * CVE-2013-6415: rubygem-actionpack: number_to_currency XSS (bnc#853632). Security Issue references: * CVE-2013-4491 * CVE-2013-6417 * CVE-2013-6415 * CVE-2013-6414 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-rubygem-actionpack-2_3-8702 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.3.17]: rubygem-actionpack-2_3-2.3.17-0.13.2 References: http://support.novell.com/security/cve/CVE-2013-4491.html http://support.novell.com/security/cve/CVE-2013-6414.html http://support.novell.com/security/cve/CVE-2013-6415.html http://support.novell.com/security/cve/CVE-2013-6417.html https://bugzilla.novell.com/853632 http://download.novell.com/patch/finder/?keywords=eed33b2944b04d2b779d8d32db4cc8e3 From sle-updates at lists.suse.com Tue Jan 28 11:06:21 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jan 2014 19:06:21 +0100 (CET) Subject: SUSE-SU-2014:0154-1: moderate: Security update for rubygem-actionpack-2_1 Message-ID: <20140128180621.3355432167@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-2_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0154-1 Rating: moderate References: #853632 Cross-References: CVE-2013-6415 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue with rubygem-actionpack: * bnc#853632: number_to_currency XSS (CVE-2013-6415) Security Issue reference: * CVE-2013-6415 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rubygem-actionpack-2_1-8637 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-rubygem-actionpack-2_1-8636 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): rubygem-actionpack-2_1-2.1.2-1.14.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): rubygem-actionpack-2_1-2.1.2-1.14.1 References: http://support.novell.com/security/cve/CVE-2013-6415.html https://bugzilla.novell.com/853632 http://download.novell.com/patch/finder/?keywords=96afa834d89354388e6936917f331849 http://download.novell.com/patch/finder/?keywords=e0dcf6f359c57c79d985cd0edfbf591d From sle-updates at lists.suse.com Tue Jan 28 11:06:39 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jan 2014 19:06:39 +0100 (CET) Subject: SUSE-SU-2014:0155-1: important: Security update for puppet Message-ID: <20140128180639.15FE332164@maintenance.suse.de> SUSE Security Update: Security update for puppet ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0155-1 Rating: important References: #835122 #853982 Cross-References: CVE-2013-4761 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update for puppet fixes a remote code execution vulnerability in the "resource_type" service. (CVE-2013-4761) Additionally, the update prevents puppet from executing initialization scripts that could trigger a system reboot when handling "puppet resource service" calls. Security Issue reference: * CVE-2013-4761 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-puppet-8812 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-puppet-8812 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-puppet-8811 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-puppet-8811 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-puppet-8812 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-puppet-8811 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): puppet-2.6.18-0.12.1 puppet-server-2.6.18-0.12.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): puppet-2.6.18-0.12.1 puppet-server-2.6.18-0.12.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 2.6.18]: puppet-2.6.18-0.12.1 puppet-server-2.6.18-0.12.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.6.18]: puppet-2.6.18-0.12.1 puppet-server-2.6.18-0.12.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): puppet-2.6.18-0.12.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 2.6.18]: puppet-2.6.18-0.12.1 References: http://support.novell.com/security/cve/CVE-2013-4761.html https://bugzilla.novell.com/835122 https://bugzilla.novell.com/853982 http://download.novell.com/patch/finder/?keywords=7107f4238800d8be5194203b85b2b3f8 http://download.novell.com/patch/finder/?keywords=d16a0df5a7c526b2fb71f3b5f9a79da8 From sle-updates at lists.suse.com Tue Jan 28 14:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jan 2014 22:04:12 +0100 (CET) Subject: SUSE-SU-2014:0156-1: moderate: Security update for nagios Message-ID: <20140128210412.1317032164@maintenance.suse.de> SUSE Security Update: Security update for nagios ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0156-1 Rating: moderate References: #856837 Cross-References: CVE-2013-7108 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a DoS vulnerability in process_cgivars() of the nagios package. CVE-2013-7108 has been assigned to this issue. Security Issue reference: * CVE-2013-7108 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-nagios-8727 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-nagios-8726 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-nagios-8727 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-nagios-8727 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-nagios-8726 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-nagios-8726 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): nagios-devel-3.0.6-1.25.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): nagios-devel-3.0.6-1.25.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): nagios-3.0.6-1.25.34.1 nagios-www-3.0.6-1.25.34.1 References: http://support.novell.com/security/cve/CVE-2013-7108.html https://bugzilla.novell.com/856837 http://download.novell.com/patch/finder/?keywords=8a6864e60da3a72a78cdb920058e30a9 http://download.novell.com/patch/finder/?keywords=8fc494de0036590c9a022f803caa64bb From sle-updates at lists.suse.com Tue Jan 28 17:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jan 2014 01:04:11 +0100 (CET) Subject: SUSE-RU-2014:0157-1: Recommended update for rubygems Message-ID: <20140129000411.6C44432164@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygems ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0157-1 Rating: low References: #855139 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Lifecycle Management Server 1.3 SUSE Cloud 2.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for Rubygems adds an explicit run-time dependency on Ruby. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-rubygems-8650 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygems-8650 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rubygems-8654 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-rubygems-8650 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-rubygems-8654 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygems-8650 - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-rubygems-8654 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64): rubygems-1.8.15-0.7.9.1 - SUSE Studio Onsite 1.3 (x86_64): rubygems-1.8.15-0.7.9.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): rubygems-1.8.15-0.14.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.8.15]: rubygems-1.8.15-0.7.9.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): rubygems-1.8.15-0.14.1 - SUSE Lifecycle Management Server 1.3 (x86_64): rubygems-1.8.15-0.7.9.1 - SUSE Cloud 2.0 (x86_64): rubygems-1.8.15-0.14.1 References: https://bugzilla.novell.com/855139 http://download.novell.com/patch/finder/?keywords=d413a70828ed2c99a50b24e4c2124f6b http://download.novell.com/patch/finder/?keywords=e524f865d1bf5fe73ec044ad66ded7f5 From sle-updates at lists.suse.com Wed Jan 29 11:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jan 2014 19:04:12 +0100 (CET) Subject: SUSE-SU-2014:0154-2: moderate: Security update for rubygem-actionpack-2_3 Message-ID: <20140129180412.2AFED32164@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-2_3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0154-2 Rating: moderate References: #853632 Cross-References: CVE-2013-6415 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Cloud 2.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issues with rubygem-actionpack: * CVE-2013-6415: rubygem-actionpack: number_to_currency XSS (bnc#853632). Security Issue reference: * CVE-2013-6415 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rubygem-actionpack-2_3-8698 - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-rubygem-actionpack-2_3-8698 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): rubygem-actionpack-2_3-2.3.17-0.13.1 - SUSE Cloud 2.0 (x86_64): rubygem-actionpack-2_3-2.3.17-0.13.1 References: http://support.novell.com/security/cve/CVE-2013-6415.html https://bugzilla.novell.com/853632 http://download.novell.com/patch/finder/?keywords=11fe2cd6802619c2d89b0b300584b56e From sle-updates at lists.suse.com Thu Jan 30 14:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jan 2014 22:04:11 +0100 (CET) Subject: SUSE-SU-2014:0161-1: moderate: Security update for rubygem-will_paginate Message-ID: <20140130210411.907CD3216D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-will_paginate ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0161-1 Rating: moderate References: #856831 Cross-References: CVE-2013-6459 Affected Products: SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of rubygem-will_paginate fixes XSS vulnerabilities. CVE-2013-6459 has been assigned to this update. Security Issue reference: * CVE-2013-6459 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-will_paginate-8788 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-will_paginate-3.0.3-0.9.1 References: http://support.novell.com/security/cve/CVE-2013-6459.html https://bugzilla.novell.com/856831 http://download.novell.com/patch/finder/?keywords=e2cb0f1d9e9851cd14bb6b279de35c60 From sle-updates at lists.suse.com Thu Jan 30 14:04:31 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jan 2014 22:04:31 +0100 (CET) Subject: SUSE-SU-2014:0162-1: moderate: Security update for libvirt Message-ID: <20140130210431.4DFA43216A@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0162-1 Rating: moderate References: #841720 #842016 #854486 Cross-References: CVE-2013-6436 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. It includes one version update. Description: This update fixes a crash in LXC's memtune code. CVE-2013-6436 has been assigned to this issue. Security Issue reference: * CVE-2013-6436 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libvirt-8705 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libvirt-8705 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libvirt-8705 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5.8]: libvirt-devel-1.0.5.8-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 1.0.5.8]: libvirt-devel-32bit-1.0.5.8-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5.8]: libvirt-1.0.5.8-0.7.1 libvirt-client-1.0.5.8-0.7.1 libvirt-doc-1.0.5.8-0.7.1 libvirt-lock-sanlock-1.0.5.8-0.7.1 libvirt-python-1.0.5.8-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 1.0.5.8]: libvirt-client-32bit-1.0.5.8-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.0.5.8]: libvirt-1.0.5.8-0.7.1 libvirt-client-1.0.5.8-0.7.1 libvirt-doc-1.0.5.8-0.7.1 libvirt-python-1.0.5.8-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 1.0.5.8]: libvirt-client-32bit-1.0.5.8-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-6436.html https://bugzilla.novell.com/841720 https://bugzilla.novell.com/842016 https://bugzilla.novell.com/854486 http://download.novell.com/patch/finder/?keywords=eb6c071b757a4d31edd18f2de7480658 From sle-updates at lists.suse.com Thu Jan 30 14:05:15 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jan 2014 22:05:15 +0100 (CET) Subject: SUSE-SU-2014:0163-1: moderate: Security update for openstack-keystone Message-ID: <20140130210515.A6DDA3216C@maintenance.suse.de> SUSE Security Update: Security update for openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0163-1 Rating: moderate References: #837800 #839876 #843443 #848066 Cross-References: CVE-2013-4222 CVE-2013-4477 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. It includes one version update. Description: This version update fixes the following security issues: * remove role assignment adds role using LDAP assignment (CVE-2013-4477) * revoke user tokens when disabling/deleting a project (CVE-2013-4222) Security Issue references: * CVE-2013-4477 * CVE-2013-4222 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-openstack-keystone-8675 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64) [New Version: 2013.1.5.a2.g82dcde0]: openstack-keystone-2013.1.5.a2.g82dcde0-0.7.1 python-keystone-2013.1.5.a2.g82dcde0-0.7.1 - SUSE Cloud 2.0 (noarch) [New Version: 2013.1.5.a2.g82dcde0]: openstack-keystone-doc-2013.1.5.a2.g82dcde0-0.7.1 References: http://support.novell.com/security/cve/CVE-2013-4222.html http://support.novell.com/security/cve/CVE-2013-4477.html https://bugzilla.novell.com/837800 https://bugzilla.novell.com/839876 https://bugzilla.novell.com/843443 https://bugzilla.novell.com/848066 http://download.novell.com/patch/finder/?keywords=3ac1770b48f8df2913e60fe8fc0e81ab From sle-updates at lists.suse.com Thu Jan 30 16:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jan 2014 00:04:10 +0100 (CET) Subject: SUSE-RU-2014:0164-1: Recommended update for mdadm Message-ID: <20140130230410.7B2593216A@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0164-1 Rating: low References: #749353 #772163 #773010 #790732 #797116 #799939 #806508 #808302 #808647 #808893 #808965 #812538 #812920 #814770 #815778 #816382 #817587 #817805 #817841 #819725 #819930 #820146 #820377 #821146 #821861 #821934 #822149 #827013 #828436 #839559 #840526 #841796 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has 32 recommended fixes can now be installed. Description: This update for mdadm provides many fixes and enhancements: * Clarify connection between action=re-add and bitmaps in mdadm.conf.5. (bnc#773010) * Add documentation for --data-offset flag for Create and Grow. (bnc#812920, bnc#820377) * Improve locking between multiple concurrent mdadm instances. (bnc#790732) * Fix race condition when multiple "mdadm -A devname" run in parallel. (bnc#749353) * Various performance improvements for mdadm. (bnc#790732) * Remove partitions from device when included in an 'external' array. (bnc#817841) * Allow mdadm to create arrays with more than 1000 devices. (bnc#819930) * Don't wait so long when creating arrays. (bnc#816382) * Don't assemble the same array with two different names. (bnc#828436) * Fix size handling for RAID0 arrays during reshape. (bnc#821934) * Allow array to be stopped using the kernel name. (bnc#821861) * Retry failed removes in mdadm. (bnc#808647) * imsm: Do not finish migration if there are no failed disks. (bnc#815778) * imsm: Ensure a rebuild started in OROM completes in md. (bnc#815778) * imsm: Allow IMSM arrays greater than 2TB to work. (bnc#797116) The update also includes md_monitor 5.0 which fixes the following issues: * Fix incorrect disk detach on arrays with lots of DASDs. (bnc#827013) * Fix locking sequence in reset_mirror(). (bnc#840526) * Do not call ioctl on timeout to avoid blocking. (bnc#839559) * Fix typo in discover_md_components. (bnc#841796) * Return correct length for status messages. (bnc#817805) * Reset ioctl flags when re-starting monitor. (bnc#817805) * Enable the corresponding short option for '--open-file-limits' (-O num) and '--process-limit' (-P num). (bnc#822149) * Improve documentation for the option "-a, --adjust-timeout". (bnc#821146) * Update of the MD Mirror documentation in "How to operate a disk mirrored target with SUSE". (bnc#772163) * Fix segmentation fault caused by reference count issue. (bnc#819725) * Increase the number of open files to 4096. (bnc#820146) * Fix automatic re-adding of DASD(s) after channel path(s) come back online. (bnc#808647) * Terminate and don't hold arrays open when an ioctl fails. (bnc#812538) * Fix an issue where "mdadm --wait" returns while it is still in recovery. (bnc#817587) * Use correct buffer size when sending messages. (bnc#814770) * Do not set the slot number to -1. (bnc#799939) * Fix incorrect RAID status for RAID 10 mdraid (bnc#806508) * Fix scalability issues when using more than 1000 disks. (bnc#808965) * Fix option -m in long I/O test scenario on s390x RAID10. (bnc#808893) * Correctly restart I/O according to the timeout in long I/O scenario. (bnc#808302) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-mdadm-8778 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-mdadm-8778 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-mdadm-8778 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): mdadm-3.2.2-0.47.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): mdadm-3.2.2-0.47.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): mdadm-3.2.2-0.47.1 References: https://bugzilla.novell.com/749353 https://bugzilla.novell.com/772163 https://bugzilla.novell.com/773010 https://bugzilla.novell.com/790732 https://bugzilla.novell.com/797116 https://bugzilla.novell.com/799939 https://bugzilla.novell.com/806508 https://bugzilla.novell.com/808302 https://bugzilla.novell.com/808647 https://bugzilla.novell.com/808893 https://bugzilla.novell.com/808965 https://bugzilla.novell.com/812538 https://bugzilla.novell.com/812920 https://bugzilla.novell.com/814770 https://bugzilla.novell.com/815778 https://bugzilla.novell.com/816382 https://bugzilla.novell.com/817587 https://bugzilla.novell.com/817805 https://bugzilla.novell.com/817841 https://bugzilla.novell.com/819725 https://bugzilla.novell.com/819930 https://bugzilla.novell.com/820146 https://bugzilla.novell.com/820377 https://bugzilla.novell.com/821146 https://bugzilla.novell.com/821861 https://bugzilla.novell.com/821934 https://bugzilla.novell.com/822149 https://bugzilla.novell.com/827013 https://bugzilla.novell.com/828436 https://bugzilla.novell.com/839559 https://bugzilla.novell.com/840526 https://bugzilla.novell.com/841796 http://download.novell.com/patch/finder/?keywords=5c057cfba3175a33f593958006819198 From sle-updates at lists.suse.com Thu Jan 30 17:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jan 2014 01:04:11 +0100 (CET) Subject: SUSE-RU-2014:0165-1: Recommended update for s390-tools Message-ID: <20140131000411.225303215B@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0165-1 Rating: low References: #792991 #837743 #852164 Affected Products: SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides the following fixes: * s390-tools-1.15.0 Maintenance Patches (#14) (bnc#852164) o dbginfo.sh: avoid double data collection o dbginfo.sh: Improvements on logging, content and collecting sysfs. o dbginfo.sh: Avoiding eclusion list for pipes in sysfs o dbginfo.sh: enhancement for cryptographic adapters o dbginfo.sh: enhancements for script execution and man page * Add robustness against missing interrupts to non-path-grouped internal IO requests. (bnc#837743) * Added udev rules (59-graf.rules) for 3270 devices. (bnc#792991) * Marked /etc/zipl.conf.sample and /etc/udev/rules.d/57-osasnmpd.rules as config files in s390-tools.spec. * Excluded /etc/udev/rules.d/57-osasnmpd.rules from the s390-tools package. * Added missing /sbin/rc* symbolic links for cpuplugd and mon_statd. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-osasnmpd-8794 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 (s390x): osasnmpd-1.15.0-0.111.121.1 s390-tools-1.15.0-0.111.121.1 References: https://bugzilla.novell.com/792991 https://bugzilla.novell.com/837743 https://bugzilla.novell.com/852164 http://download.novell.com/patch/finder/?keywords=47bb98f160fd9b7a2831a41a80b5c1bf From sle-updates at lists.suse.com Thu Jan 30 17:05:05 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jan 2014 01:05:05 +0100 (CET) Subject: SUSE-RU-2014:0166-1: Recommended update for release-notes-sled Message-ID: <20140131000505.969BB3215B@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0166-1 Rating: low References: #847002 #858047 #860086 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update for the Release Notes for SUSE Linux Enterprise Desktop 11 SP3 provides the following changes: * New entry: Adobe Discontinues Support for Adobe Reader on Linux. (bnc#847002 via fate#316596). * Obsolete entries: Firefox lockdown. (bnc#860086) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-release-notes-sled-8853 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 11.3.25]: release-notes-sled-11.3.25-0.7.1 References: https://bugzilla.novell.com/847002 https://bugzilla.novell.com/858047 https://bugzilla.novell.com/860086 http://download.novell.com/patch/finder/?keywords=549f0b2ed15d8ab1f1e6cabf8f3fbb10 From sle-updates at lists.suse.com Thu Jan 30 17:05:50 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jan 2014 01:05:50 +0100 (CET) Subject: SUSE-RU-2014:0167-1: Recommended update for release-notes-sled Message-ID: <20140131000550.88FE63216A@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0167-1 Rating: low References: #847002 #858048 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for the Release Notes for SUSE Linux Enterprise Desktop 11 SP2 provides the following change: * New entry: Adobe Discontinues Support for Adobe Reader on Linux. (bnc#847002 via fate#316596). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-release-notes-sled-8735 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 11.2.27]: release-notes-sled-11.2.27-0.7.1 References: https://bugzilla.novell.com/847002 https://bugzilla.novell.com/858048 http://download.novell.com/patch/finder/?keywords=c9dd7529d53aa366bcebd3cd07460ee9 From sle-updates at lists.suse.com Fri Jan 31 08:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jan 2014 16:04:14 +0100 (CET) Subject: SUSE-SU-2014:0168-1: moderate: Security update for Real Time Linux Kernel Message-ID: <20140131150414.1BB763216F@maintenance.suse.de> SUSE Security Update: Security update for Real Time Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0168-1 Rating: moderate References: #708296 #733022 #770541 #787843 #789359 #803174 #806988 #810323 #813245 #818064 #818545 #819979 #820102 #820338 #821619 #821980 #825006 #825696 #825896 #826602 #826756 #826978 #827527 #827767 #828236 #831103 #833097 #834473 #834708 #834808 #835074 #835186 #836718 #837206 #837739 #838623 #839407 #839973 #840116 #840226 #841445 #841654 #842239 #843185 #843419 #843429 #843445 #843642 #843645 #843654 #845352 #845378 #845729 #846036 #846298 #846989 #847261 #847660 #847842 #848317 #848321 #848335 #848336 #848544 #848864 #849021 #849029 #849034 #849256 #849362 #849404 #849675 #849809 #849950 #850072 #850103 #850324 #850493 #850640 #851066 #851101 #851290 #851314 #851879 #852373 #852558 #852559 #852652 #852761 #853050 #853051 #853053 #853428 #853465 #854546 #854634 #854722 #856307 #856481 Cross-References: CVE-2013-2146 CVE-2013-2930 CVE-2013-4345 CVE-2013-4483 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4587 CVE-2013-4592 CVE-2013-6367 CVE-2013-6376 CVE-2013-6378 CVE-2013-6380 CVE-2013-6383 CVE-2013-6463 CVE-2013-7027 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 83 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel was updated to version 3.0.101, fixing various bugs and security issues. The following feature has been added: * supported.conf: Mark net/netfilter/xt_set as supported. (bnc#851066, FATE#313309) The following security issues have been fixed: * CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) * CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) * CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) * CVE-2013-6376: The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053) * CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) * CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) * CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) * CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) * CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) * CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) * CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) * CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) * CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) * CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) * CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006) * CVE-2013-2930: The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362) The following non-security issues have been fixed: * rt: upstream sysv semaphore scalability fixes (bnc#803174). * kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). * kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). * kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). * asm-generic: io: Fix ioread16/32be and iowrite16/32be (bnc#848335,LTC#94737). * watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). * random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). * blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). * printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). * Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ * Honor state disabling in the cpuidle ladder governor (bnc#845378). * cpuidle: add a sysfs entry to disable specific C state for debug purpose (bnc#845378). * tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). * tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). * sched: Avoid throttle_cfs_rq() racing with period_timer stopping (bnc#848336). * sched/balancing: Periodically decay max cost of idle balance (bnc#849256). * sched: Consider max cost of idle balance per sched domain (bnc#849256). * sched: Reduce overestimating rq->avg_idle (bnc#849256). * sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). * sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). * sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). * sched: Guarantee new group-entities always have weight (bnc#848336). * sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). * sched: Fix several races in CFS_BANDWIDTH (bnc#848336). * futex: fix handling of read-only-mapped hugepages (VM Functionality). * mutex: Make more scalable by doing fewer atomic operations (bnc#849256). * powerpc: Fix memory hotplug with sparse vmemmap (bnc#827527). * powerpc: Add System RAM to /proc/iomem (bnc#827527). * powerpc/mm: Mark Memory Resources as busy (bnc#827527). * powerpc: Fix fatal SLB miss when restoring PPR (bnc#853465). * powerpc: Make function that parses RTAS error logs global (bnc#852761). * powerpc/pseries: Parse and handle EPOW interrupts (bnc#852761). * powerpc/rtas_flash: Fix validate_flash buffer overflow issue (bnc#847842). * powerpc/rtas_flash: Fix bad memory access (bnc#847842). * x86: Update UV3 hub revision ID (bnc#846298 fate#314987). * x86: Remove some noise from boot log when starting cpus (bnc#770541). * x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error (bnc#843654). * ipv6: fix race condition regarding dst->expires and dst->from (bnc#843185). * net/mlx4_core: Fix endianness bug in set_param_l (bnc#848335,LTC#94737). * netback: bump tx queue length (bnc#849404). * xfrm: invalidate dst on policy insertion/deletion (bnc#842239). * xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). * fs: Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). * blkdev_max_block: make private to fs/buffer.c (bnc#820338). * storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk (bnc#850324). * autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). * autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). * autofs4: close the races around autofs4_notify_daemon() (bnc#851314). * autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). * autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). * autofs4: fix deal with autofs4_write races (bnc#851314). * autofs4: use simple_empty() for empty directory check (bnc#851314). * dlm: set zero linger time on sctp socket (bnc#787843). * SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). * nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). * nfs: Adapt readdirplus to application usage patterns (bnc#834708). * xfs: Account log unmount transaction correctly (bnc#849950). * xfs: improve ioend error handling (bnc#846036). * xfs: reduce ioend latency (bnc#846036). * xfs: use per-filesystem I/O completion workqueues (bnc#846036). * xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). * Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). * vfs: avoid "attempt to access beyond end of device" warnings (bnc#820338). * vfs: fix O_DIRECT read past end of block device (bnc#820338). * cifs: Improve performance of browsing directories with several files (bnc#810323). * cifs: Ensure cifs directories do not show up as files (bnc#826602). * SCSI & usb-storage: add try_rc_10_first flag (bnc#853428). * iscsi_target: race condition on shutdown (bnc#850072). * libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception (bnc#837206). * lpfc 8.3.42: Fixed issue of task management commands having a fixed timeout (bnc#856481). * advansys: Remove "last_reset" references (bnc#856481). * dc395: Move "last_reset" into internal host structure (bnc#856481). * Add "eh_deadline" to limit SCSI EH runtime (bnc#856481). * remove check for "resetting" (bnc#856481). * tmscsim: Move "last_reset" into host structure (bnc#856481). * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#856481). * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#856481). * crypto: unload of aes_s390 module causes kernel panic (bnc#847660, LTC#98706). * crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). * crypto: gf128mul - fix call to memset() (obvious fix). * pcifront: Deal with toolstack missing "XenbusStateClosing" state. * xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652). * netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). * igb: Fix get_fw_version function for all parts (bnc#848317). * igb: Refactor of init_nvm_params (bnc#848317). * r8169: check ALDPS bit and disable it if enabled for the 8168g (bnc#845352). * qeth: request length checking in snmp ioctl (bnc#847660, LTC#99511). * usb: Fix xHCI host issues on remote wakeup (bnc#846989). * xhci: Limit the spurious wakeup fix only to HP machines (bnc#833097). * Intel xhci: refactor EHCI/xHCI port switching (bnc#840116). * xhci-hub.c: preserved kABI (bnc#840116). * xhci: Refactor port status into a new function (bnc#840116). * ALSA: hda - Fix inconsistent mic-mute LED (bnc#848864). * ALSA: hda - load EQ params into IDT codec on HP bNB13 systems (bnc#850493). * lpfc: correct some issues with txcomplq processing (bnc#818064). * lpfc: correct an issue with rrq processing (bnc#818064). * sd: avoid deadlocks when running under multipath (bnc#818545). * sd: fix crash when UA received on DIF enabled device (bnc#841445). * sg: fix blk_get_queue usage (bnc#834808). * lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). * lpfc: Fix kernel warning on spinlock usage (bnc#806988). * lpfc: Fixed system panic due to midlayer abort (bnc#806988). * qla2xxx: Add module parameter to override the default request queue size (bnc#826756). * qla2xxx: Module parameter "ql2xasynclogin" (bnc#825896). * Pragmatic workaround for realtime class abuse induced latency issues. * Provide realtime priority kthread and workqueue boot options (bnc#836718). * mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). * mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). * net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). * bna: do not register ndo_set_rx_mode callback (bnc#847261). * PCI: pciehp: Retrieve link speed after link is trained (bnc#820102). * PCI: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). * PCI: pciehp: replace unconditional sleep with config space access check (bnc#820102). * PCI: pciehp: make check_link_active more helpful (bnc#820102). * PCI: pciehp: Add pcie_wait_link_not_active() (bnc#820102). * PCI: pciehp: Add Disable/enable link functions (bnc#820102). * PCI: pciehp: Disable/enable link during slot power off/on (bnc#820102). * PCI: Add pcibios_pm_ops for optional arch-specific hibernate functionality (bnc#848335,FATE#83037,LTC#94737). * PCI: Add pcibios_release_device() (bnc#848335,FATE#83037,LTC#94737). * PCI: fix truncation of resource size to 32 bits (bnc#843419). * hv: handle more than just WS2008 in KVP negotiation (bnc#850640). * mei: ME hardware reset needs to be synchronized (bnc#821619). * kabi: Restore struct irq_desc::timer_rand_state. * fs3270: unloading module does not remove device (bnc#851879, LTC#100284). * cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). * isci: Fix a race condition in the SSP task management path (bnc#826978). * ptp: dynamic allocation of PHC char devices (bnc#851290). * dm-mpath: Fixup race condition in activate_path() (bnc#708296). * dm-mpath: do not detach stale hardware handler (bnc#708296). * dm-multipath: Improve logging (bnc#708296). * scsi_dh: invoke callback if ->activate is not present (bnc#708296). * scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). * scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). * scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). * scsi_dh_alua: Evaluate state for all port groups (bnc#708296). * scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). * scsi_dh_alua: Make stpg synchronous (bnc#708296). * scsi_dh_alua: Pass buffer as function argument (bnc#708296). * scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). * scsi_dh_alua: Recheck state on transitioning (bnc#708296). * scsi_dh_alua: Rework rtpg workqueue (bnc#708296). * scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). * scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). * scsi_dh_alua: asynchronous RTPG (bnc#708296). * scsi_dh_alua: correctly terminate target port strings (bnc#708296). * scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). * scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). * scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). * scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). * scsi_dh_alua: invalid state information for "optimized" paths (bnc#843445). * scsi_dh_alua: move RTPG to workqueue (bnc#708296). * scsi_dh_alua: move "expiry" into PG structure (bnc#708296). * scsi_dh_alua: move some sense code handling into generic code (bnc#813245). * scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). * scsi_dh_alua: parse target device id (bnc#708296). * scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). * scsi_dh_alua: put sense buffer on stack (bnc#708296). * scsi_dh_alua: reattaching device handler fails with "Error 15" (bnc#843429). * scsi_dh_alua: remove locking when checking state (bnc#708296). * scsi_dh_alua: remove stale variable (bnc#708296). * scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). * scsi_dh_alua: retry command on "mode parameter changed" sense code (bnc#843645). * scsi_dh_alua: simplify alua_check_sense() (bnc#843642). * scsi_dh_alua: simplify state update (bnc#708296). * scsi_dh_alua: use delayed_work (bnc#708296). * scsi_dh_alua: use flag for RTPG extended header (bnc#708296). * scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). * scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). * scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). * scsi_dh_alua: Rework rtpg workqueue (bnc#708296). * scsi_dh_alua: use delayed_work (bnc#708296). * scsi_dh_alua: move "expiry" into PG structure (bnc#708296). * scsi_dh: invoke callback if ->activate is not present (bnc#708296). * scsi_dh_alua: correctly terminate target port strings (bnc#708296). * scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). * scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). * scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). * scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). * scsi_dh_alua: remove locking when checking state (bnc#708296). * scsi_dh_alua: remove stale variable (bnc#708296). * scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). * drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam (bnc#831103,FATE#316109). * drm/i915: add I915_EXEC_VEBOX to i915_gem_do_execbuffer() (bnc#831103,FATE#316109). * drm/i915: add VEBOX into debugfs (bnc#831103,FATE#316109). * drm/i915: Enable vebox interrupts (bnc#831103,FATE#316109). * drm/i915: vebox interrupt get/put (bnc#831103,FATE#316109). * drm/i915: consolidate interrupt naming scheme (bnc#831103,FATE#316109). * drm/i915: Convert irq_refounct to struct (bnc#831103,FATE#316109). * drm/i915: make PM interrupt writes non-destructive (bnc#831103,FATE#316109). * drm/i915: Add PM regs to pre/post install (bnc#831103,FATE#316109). * drm/i915: Create an ivybridge_irq_preinstall (bnc#831103,FATE#316109). * drm/i915: Create a more generic pm handler for hsw+ (bnc#831103,FATE#316109). * drm/i915: Vebox ringbuffer init (bnc#831103,FATE#316109). * drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109). * drm/i915: Rename ring flush functions (bnc#831103,FATE#316109). * drm/i915: Add VECS semaphore bits (bnc#831103,FATE#316109). * drm/i915: Introduce VECS: the 4th ring (bnc#831103,FATE#316109). * drm/i915: Semaphore MBOX update generalization (bnc#831103,FATE#316109). * drm/i915: Comments for semaphore clarification (bnc#831103,FATE#316109). * drm/i915: fix gen4 digital port hotplug definitions (bnc#850103). * drm/mgag200: Bug fix: Modified pll algorithm for EH project (bnc#841654). * drm: do not add inferred modes for monitors that do not support them (bnc #849809). Security Issues: * CVE-2013-2146 * CVE-2013-2930 * CVE-2013-4345 * CVE-2013-4483 * CVE-2013-4511 * CVE-2013-4514 * CVE-2013-4515 * CVE-2013-4587 * CVE-2013-4592 * CVE-2013-6367 * CVE-2013-6376 * CVE-2013-6378 * CVE-2013-6380 * CVE-2013-6383 * CVE-2013-6463 * CVE-2013-7027 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-kernel-8793 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.10-2.27.37 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.10-2.27.37 drbd-kmp-rt-8.4.4_3.0.101_rt130_0.10-0.22.3 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.10-0.22.3 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.10-0.38.22 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.10-0.38.22 kernel-rt-3.0.101.rt130-0.10.1 kernel-rt-base-3.0.101.rt130-0.10.1 kernel-rt-devel-3.0.101.rt130-0.10.1 kernel-rt_trace-3.0.101.rt130-0.10.1 kernel-rt_trace-base-3.0.101.rt130-0.10.1 kernel-rt_trace-devel-3.0.101.rt130-0.10.1 kernel-source-rt-3.0.101.rt130-0.10.1 kernel-syms-rt-3.0.101.rt130-0.10.1 lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.10-0.11.22 lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.10-0.11.22 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.10-0.20.37 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.10-0.20.37 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.10-0.13.28 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.10-0.13.28 References: http://support.novell.com/security/cve/CVE-2013-2146.html http://support.novell.com/security/cve/CVE-2013-2930.html http://support.novell.com/security/cve/CVE-2013-4345.html http://support.novell.com/security/cve/CVE-2013-4483.html http://support.novell.com/security/cve/CVE-2013-4511.html http://support.novell.com/security/cve/CVE-2013-4514.html http://support.novell.com/security/cve/CVE-2013-4515.html http://support.novell.com/security/cve/CVE-2013-4587.html http://support.novell.com/security/cve/CVE-2013-4592.html http://support.novell.com/security/cve/CVE-2013-6367.html http://support.novell.com/security/cve/CVE-2013-6376.html http://support.novell.com/security/cve/CVE-2013-6378.html http://support.novell.com/security/cve/CVE-2013-6380.html http://support.novell.com/security/cve/CVE-2013-6383.html http://support.novell.com/security/cve/CVE-2013-6463.html http://support.novell.com/security/cve/CVE-2013-7027.html https://bugzilla.novell.com/708296 https://bugzilla.novell.com/733022 https://bugzilla.novell.com/770541 https://bugzilla.novell.com/787843 https://bugzilla.novell.com/789359 https://bugzilla.novell.com/803174 https://bugzilla.novell.com/806988 https://bugzilla.novell.com/810323 https://bugzilla.novell.com/813245 https://bugzilla.novell.com/818064 https://bugzilla.novell.com/818545 https://bugzilla.novell.com/819979 https://bugzilla.novell.com/820102 https://bugzilla.novell.com/820338 https://bugzilla.novell.com/821619 https://bugzilla.novell.com/821980 https://bugzilla.novell.com/825006 https://bugzilla.novell.com/825696 https://bugzilla.novell.com/825896 https://bugzilla.novell.com/826602 https://bugzilla.novell.com/826756 https://bugzilla.novell.com/826978 https://bugzilla.novell.com/827527 https://bugzilla.novell.com/827767 https://bugzilla.novell.com/828236 https://bugzilla.novell.com/831103 https://bugzilla.novell.com/833097 https://bugzilla.novell.com/834473 https://bugzilla.novell.com/834708 https://bugzilla.novell.com/834808 https://bugzilla.novell.com/835074 https://bugzilla.novell.com/835186 https://bugzilla.novell.com/836718 https://bugzilla.novell.com/837206 https://bugzilla.novell.com/837739 https://bugzilla.novell.com/838623 https://bugzilla.novell.com/839407 https://bugzilla.novell.com/839973 https://bugzilla.novell.com/840116 https://bugzilla.novell.com/840226 https://bugzilla.novell.com/841445 https://bugzilla.novell.com/841654 https://bugzilla.novell.com/842239 https://bugzilla.novell.com/843185 https://bugzilla.novell.com/843419 https://bugzilla.novell.com/843429 https://bugzilla.novell.com/843445 https://bugzilla.novell.com/843642 https://bugzilla.novell.com/843645 https://bugzilla.novell.com/843654 https://bugzilla.novell.com/845352 https://bugzilla.novell.com/845378 https://bugzilla.novell.com/845729 https://bugzilla.novell.com/846036 https://bugzilla.novell.com/846298 https://bugzilla.novell.com/846989 https://bugzilla.novell.com/847261 https://bugzilla.novell.com/847660 https://bugzilla.novell.com/847842 https://bugzilla.novell.com/848317 https://bugzilla.novell.com/848321 https://bugzilla.novell.com/848335 https://bugzilla.novell.com/848336 https://bugzilla.novell.com/848544 https://bugzilla.novell.com/848864 https://bugzilla.novell.com/849021 https://bugzilla.novell.com/849029 https://bugzilla.novell.com/849034 https://bugzilla.novell.com/849256 https://bugzilla.novell.com/849362 https://bugzilla.novell.com/849404 https://bugzilla.novell.com/849675 https://bugzilla.novell.com/849809 https://bugzilla.novell.com/849950 https://bugzilla.novell.com/850072 https://bugzilla.novell.com/850103 https://bugzilla.novell.com/850324 https://bugzilla.novell.com/850493 https://bugzilla.novell.com/850640 https://bugzilla.novell.com/851066 https://bugzilla.novell.com/851101 https://bugzilla.novell.com/851290 https://bugzilla.novell.com/851314 https://bugzilla.novell.com/851879 https://bugzilla.novell.com/852373 https://bugzilla.novell.com/852558 https://bugzilla.novell.com/852559 https://bugzilla.novell.com/852652 https://bugzilla.novell.com/852761 https://bugzilla.novell.com/853050 https://bugzilla.novell.com/853051 https://bugzilla.novell.com/853053 https://bugzilla.novell.com/853428 https://bugzilla.novell.com/853465 https://bugzilla.novell.com/854546 https://bugzilla.novell.com/854634 https://bugzilla.novell.com/854722 https://bugzilla.novell.com/856307 https://bugzilla.novell.com/856481 http://download.novell.com/patch/finder/?keywords=d10502547c5fe6d29cecad7489074294 From sle-updates at lists.suse.com Fri Jan 31 08:38:57 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jan 2014 16:38:57 +0100 (CET) Subject: SUSE-SU-2014:0169-1: moderate: Security update for Real Time Linux Kernel Message-ID: <20140131153857.69FCE3216C@maintenance.suse.de> SUSE Security Update: Security update for Real Time Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0169-1 Rating: moderate References: #708296 #769644 #787843 #789359 #806988 #810323 #813245 #818545 #819979 #820102 #820338 #821980 #823618 #825696 #825896 #826602 #826756 #827767 #828236 #831168 #834473 #834708 #834808 #835074 #835186 #836718 #837739 #838623 #839407 #840226 #841445 #842239 #843419 #843429 #843445 #843642 #843645 #845621 #845729 #846036 #846984 #847261 #848321 #848336 #848544 #849021 #849029 #849034 #849404 #849675 #849809 #849848 #849950 #850640 #851066 #851101 #851314 #852373 #852558 #852559 #853050 #853051 #853052 #854546 #854634 #854722 #855037 Cross-References: CVE-2013-4345 CVE-2013-4483 CVE-2013-4511 CVE-2013-4514 CVE-2013-4515 CVE-2013-4587 CVE-2013-4592 CVE-2013-6367 CVE-2013-6368 CVE-2013-6378 CVE-2013-6380 CVE-2013-6383 CVE-2013-6463 CVE-2013-7027 Affected Products: SUSE Linux Enterprise Real Time 11 SP2 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 53 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 2 kernel for RealTime was updated to version 3.0.101 and also includes various other bug and security fixes. The following feature has been added: * supported.conf: Mark net/netfilter/xt_set as supported. (bnc#851066, FATE#313309) The following security issues have been fixed: * CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) * CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) * CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) * CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) * CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) * CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) * CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) * CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) * CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) * CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) * CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) * CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) * CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) * CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) The following non-security issues have been fixed: * kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). * printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). * blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). * x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). * futex: fix handling of read-only-mapped hugepages (VM Functionality). * random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). * Provide realtime priority kthread and workqueue boot options (bnc#836718). * sched: Fix several races in CFS_BANDWIDTH (bnc#848336). * sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). * sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). * sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). * sched: Fix buglet in return_cfs_rq_runtime(). * sched: Guarantee new group-entities always have weight (bnc#848336). * sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). * watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). * tcp: bind() fix autoselection to share ports (bnc#823618). * tcp: bind() use stronger condition for bind_conflict (bnc#823618). * tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). * macvlan: disable LRO on lower device instead of macvlan (bnc#846984). * macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). * macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). * xen: netback: bump tx queue length (bnc#849404). * netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). * xfrm: invalidate dst on policy insertion/deletion (bnc#842239). * xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). * crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). * crypto: gf128mul - fix call to memset() (obvious fix). * autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). * autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). * autofs4: close the races around autofs4_notify_daemon() (bnc#851314). * autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). * autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). * autofs4 - fix deal with autofs4_write races (bnc#851314). * autofs4 - use simple_empty() for empty directory check (bnc#851314). * blkdev_max_block: make private to fs/buffer.c (bnc#820338). * Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). * dlm: set zero linger time on sctp socket (bnc#787843). * SUNRPC: Fix a data corruption issue when retransmitting RPC calls (bnc#855037) * nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). * nfs: Adapt readdirplus to application usage patterns (bnc#834708). * xfs: improve ioend error handling (bnc#846036). * xfs: reduce ioend latency (bnc#846036). * xfs: use per-filesystem I/O completion workqueues (bnc#846036). * xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). * xfs: Account log unmount transaction correctly (bnc#849950). * vfs: avoid "attempt to access beyond end of device" warnings (bnc#820338). * vfs: fix O_DIRECT read past end of block device (bnc#820338). * cifs: Improve performance of browsing directories with several files (bnc#810323). * cifs: Ensure cifs directories don't show up as files (bnc#826602). * sd: avoid deadlocks when running under multipath (bnc#818545). * sd: fix crash when UA received on DIF enabled device (bnc#841445). * sg: fix blk_get_queue usage (bnc#834808). * block: factor out vector mergeable decision to a helper function (bnc#769644). * block: modify __bio_add_page check to accept pages that don't start a new segment (bnc#769644). * scsi_dh: invoke callback if ->activate is not present (bnc#708296). * scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). * scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). * scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). * scsi_dh_alua: Evaluate state for all port groups (bnc#708296). * scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). * scsi_dh_alua: Make stpg synchronous (bnc#708296). * scsi_dh_alua: Pass buffer as function argument (bnc#708296). * scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). * scsi_dh_alua: Recheck state on transitioning (bnc#708296). * scsi_dh_alua: Rework rtpg workqueue (bnc#708296). * scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). * scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). * scsi_dh_alua: asynchronous RTPG (bnc#708296). * scsi_dh_alua: correctly terminate target port strings (bnc#708296). * scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). * scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). * scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). * scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). * scsi_dh_alua: invalid state information for 'optimized' paths (bnc#843445). * scsi_dh_alua: move RTPG to workqueue (bnc#708296). * scsi_dh_alua: move 'expiry' into PG structure (bnc#708296). * scsi_dh_alua: move some sense code handling into generic code (bnc#813245). * scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). * scsi_dh_alua: parse target device id (bnc#708296). * scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). * scsi_dh_alua: put sense buffer on stack (bnc#708296). * scsi_dh_alua: reattaching device handler fails with 'Error 15' (bnc#843429). * scsi_dh_alua: remove locking when checking state (bnc#708296). * scsi_dh_alua: remove stale variable (bnc#708296). * scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). * scsi_dh_alua: retry command on 'mode parameter changed' sense code (bnc#843645). * scsi_dh_alua: simplify alua_check_sense() (bnc#843642). * scsi_dh_alua: simplify state update (bnc#708296). * scsi_dh_alua: use delayed_work (bnc#708296). * scsi_dh_alua: use flag for RTPG extended header (bnc#708296). * scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). * scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). * lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). * lpfc: Fix kernel warning on spinlock usage (bnc#806988). * lpfc: Fixed system panic due to midlayer abort (bnc#806988). * qla2xxx: Add module parameter to override the default request queue size (bnc#826756). * qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896). * bna: do not register ndo_set_rx_mode callback (bnc#847261). * hv: handle more than just WS2008 in KVP negotiation (bnc#850640). * drm: don't add inferred modes for monitors that don't support them (bnc #849809). * pci/quirks: Modify reset method for Chelsio T4 (bnc#831168). * pci: fix truncation of resource size to 32 bits (bnc#843419). * pci: pciehp: Retrieve link speed after link is trained (bnc#820102). * pci: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). * pci: pciehp: replace unconditional sleep with config space access check (bnc#820102). * pci: pciehp: make check_link_active more helpful (bnc#820102). * pci: pciehp: Add pcie_wait_link_not_active() (bnc#820102). * pci: pciehp: Add Disable/enable link functions (bnc#820102). * pci: pciehp: Disable/enable link during slot power off/on (bnc#820102). * mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). * mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). * net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). * qeth: request length checking in snmp ioctl (bnc#849848, LTC#99511). * cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). * s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). * s390/cio: skip broken paths (bnc#837739,LTC#97047). * s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). * s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047). Security Issues: * CVE-2013-4345 * CVE-2013-4483 * CVE-2013-4511 * CVE-2013-4514 * CVE-2013-4515 * CVE-2013-4587 * CVE-2013-4592 * CVE-2013-6367 * CVE-2013-6368 * CVE-2013-6378 * CVE-2013-6380 * CVE-2013-6383 * CVE-2013-6463 * CVE-2013-7027 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time 11 SP2: zypper in -t patch slertesp2-kernel-8790 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.7.9-2.18.79 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.7.9-2.18.79 drbd-kmp-rt-8.4.2_3.0.101_rt130_0.7.9-0.6.6.70 drbd-kmp-rt_trace-8.4.2_3.0.101_rt130_0.7.9-0.6.6.70 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.7.9-0.25.25.18 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.7.9-0.25.25.18 kernel-rt-3.0.101.rt130-0.7.9.1 kernel-rt-base-3.0.101.rt130-0.7.9.1 kernel-rt-devel-3.0.101.rt130-0.7.9.1 kernel-rt_trace-3.0.101.rt130-0.7.9.1 kernel-rt_trace-base-3.0.101.rt130-0.7.9.1 kernel-rt_trace-devel-3.0.101.rt130-0.7.9.1 kernel-source-rt-3.0.101.rt130-0.7.9.1 kernel-syms-rt-3.0.101.rt130-0.7.9.1 lttng-modules-kmp-rt-2.0.4_3.0.101_rt130_0.7.9-0.9.9.6 lttng-modules-kmp-rt_trace-2.0.4_3.0.101_rt130_0.7.9-0.9.9.6 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.7.9-0.11.78 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.7.9-0.11.78 ofed-kmp-rt-1.5.2_3.0.101_rt130_0.7.9-0.28.28.50 ofed-kmp-rt_trace-1.5.2_3.0.101_rt130_0.7.9-0.28.28.50 References: http://support.novell.com/security/cve/CVE-2013-4345.html http://support.novell.com/security/cve/CVE-2013-4483.html http://support.novell.com/security/cve/CVE-2013-4511.html http://support.novell.com/security/cve/CVE-2013-4514.html http://support.novell.com/security/cve/CVE-2013-4515.html http://support.novell.com/security/cve/CVE-2013-4587.html http://support.novell.com/security/cve/CVE-2013-4592.html http://support.novell.com/security/cve/CVE-2013-6367.html http://support.novell.com/security/cve/CVE-2013-6368.html http://support.novell.com/security/cve/CVE-2013-6378.html http://support.novell.com/security/cve/CVE-2013-6380.html http://support.novell.com/security/cve/CVE-2013-6383.html http://support.novell.com/security/cve/CVE-2013-6463.html http://support.novell.com/security/cve/CVE-2013-7027.html https://bugzilla.novell.com/708296 https://bugzilla.novell.com/769644 https://bugzilla.novell.com/787843 https://bugzilla.novell.com/789359 https://bugzilla.novell.com/806988 https://bugzilla.novell.com/810323 https://bugzilla.novell.com/813245 https://bugzilla.novell.com/818545 https://bugzilla.novell.com/819979 https://bugzilla.novell.com/820102 https://bugzilla.novell.com/820338 https://bugzilla.novell.com/821980 https://bugzilla.novell.com/823618 https://bugzilla.novell.com/825696 https://bugzilla.novell.com/825896 https://bugzilla.novell.com/826602 https://bugzilla.novell.com/826756 https://bugzilla.novell.com/827767 https://bugzilla.novell.com/828236 https://bugzilla.novell.com/831168 https://bugzilla.novell.com/834473 https://bugzilla.novell.com/834708 https://bugzilla.novell.com/834808 https://bugzilla.novell.com/835074 https://bugzilla.novell.com/835186 https://bugzilla.novell.com/836718 https://bugzilla.novell.com/837739 https://bugzilla.novell.com/838623 https://bugzilla.novell.com/839407 https://bugzilla.novell.com/840226 https://bugzilla.novell.com/841445 https://bugzilla.novell.com/842239 https://bugzilla.novell.com/843419 https://bugzilla.novell.com/843429 https://bugzilla.novell.com/843445 https://bugzilla.novell.com/843642 https://bugzilla.novell.com/843645 https://bugzilla.novell.com/845621 https://bugzilla.novell.com/845729 https://bugzilla.novell.com/846036 https://bugzilla.novell.com/846984 https://bugzilla.novell.com/847261 https://bugzilla.novell.com/848321 https://bugzilla.novell.com/848336 https://bugzilla.novell.com/848544 https://bugzilla.novell.com/849021 https://bugzilla.novell.com/849029 https://bugzilla.novell.com/849034 https://bugzilla.novell.com/849404 https://bugzilla.novell.com/849675 https://bugzilla.novell.com/849809 https://bugzilla.novell.com/849848 https://bugzilla.novell.com/849950 https://bugzilla.novell.com/850640 https://bugzilla.novell.com/851066 https://bugzilla.novell.com/851101 https://bugzilla.novell.com/851314 https://bugzilla.novell.com/852373 https://bugzilla.novell.com/852558 https://bugzilla.novell.com/852559 https://bugzilla.novell.com/853050 https://bugzilla.novell.com/853051 https://bugzilla.novell.com/853052 https://bugzilla.novell.com/854546 https://bugzilla.novell.com/854634 https://bugzilla.novell.com/854722 https://bugzilla.novell.com/855037 http://download.novell.com/patch/finder/?keywords=0855fc56b50ab47ce7ab0cc80d988145 From sle-updates at lists.suse.com Fri Jan 31 13:28:24 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jan 2014 21:28:24 +0100 (CET) Subject: SUSE-RU-2014:0170-1: important: Recommended update for apache2 Message-ID: <20140131202824.2095C3216B@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0170-1 Rating: important References: #844212 #852401 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for apache2 provides the following fixes: * Make sure that the tty from which Apache starts has echo mode set to on; otherwise, subsequently checking if echo mode was off results in the false detection that Apache is still waiting for a certificate pass-phrase to be entered, leading to a failure with Xen virtual guests that may have the terminal set to -echo. (bnc#852401) * Partially revert the fix for bnc#815621 (PR50481); this upstream change has unwanted side effects with large request headers, where the LimitRequestFieldsize option is ignored. (bnc#844212) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-apache2-8737 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-8738 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-8737 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-8738 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-8738 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-8737 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-8737 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): apache2-devel-2.2.12-1.42.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-devel-2.2.12-1.42.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-devel-2.2.12-1.42.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 References: https://bugzilla.novell.com/844212 https://bugzilla.novell.com/852401 http://download.novell.com/patch/finder/?keywords=3d9d4a0fc6e4c05c476562a631dcecec http://download.novell.com/patch/finder/?keywords=db6b77c786d53d5062898a76bd3c346b From sle-updates at lists.suse.com Fri Jan 31 13:28:53 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jan 2014 21:28:53 +0100 (CET) Subject: SUSE-SU-2014:0171-1: moderate: Security update for curl Message-ID: <20140131202853.E5DCB3216B@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0171-1 Rating: moderate References: #858673 Cross-References: CVE-2014-0015 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015) Security Issue reference: * CVE-2014-0015 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-8796 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-curl-8796 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-curl-8796 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-curl-8796 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-curl-8796 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libcurl4-32bit-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libcurl4-x86-7.19.7-1.20.31.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libcurl4-32bit-7.19.7-1.20.31.1 References: http://support.novell.com/security/cve/CVE-2014-0015.html https://bugzilla.novell.com/858673 http://download.novell.com/patch/finder/?keywords=606b18dd1e3a0fbfccb8d264a48c81a4 From sle-updates at lists.suse.com Fri Jan 31 14:04:09 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jan 2014 22:04:09 +0100 (CET) Subject: SUSE-RU-2014:0172-1: important: Recommended update for apache2 Message-ID: <20140131210409.AD0093216B@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0172-1 Rating: important References: #844212 #852401 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for apache2 provides the following fixes: * Make sure that the tty from which Apache starts has echo mode set to on; otherwise, subsequently checking if echo mode was off results in the false detection that Apache is still waiting for a certificate pass-phrase to be entered, leading to a failure with Xen virtual guests that may have the terminal set to -echo. (bnc#852401) * Partially revert the fix for bnc#815621 (PR50481); this upstream change has unwanted side effects with large request headers, where the LimitRequestFieldsize option is ignored. (bnc#844212) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-apache2-8737 - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-8738 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-8737 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-8738 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-8738 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-apache2-8737 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-apache2-8737 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): apache2-devel-2.2.12-1.42.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-devel-2.2.12-1.42.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-devel-2.2.12-1.42.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): apache2-2.2.12-1.42.1 apache2-doc-2.2.12-1.42.1 apache2-example-pages-2.2.12-1.42.1 apache2-prefork-2.2.12-1.42.1 apache2-utils-2.2.12-1.42.1 apache2-worker-2.2.12-1.42.1 References: https://bugzilla.novell.com/844212 https://bugzilla.novell.com/852401 http://download.novell.com/patch/finder/?keywords=3d9d4a0fc6e4c05c476562a631dcecec http://download.novell.com/patch/finder/?keywords=db6b77c786d53d5062898a76bd3c346b From sle-updates at lists.suse.com Fri Jan 31 14:05:00 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jan 2014 22:05:00 +0100 (CET) Subject: SUSE-SU-2014:0175-1: moderate: Security update for curl Message-ID: <20140131210500.621323216D@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0175-1 Rating: moderate References: #858673 Cross-References: CVE-2014-0015 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015) Security Issue reference: * CVE-2014-0015 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-curl-8796 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-curl-8796 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-curl-8796 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-curl-8796 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-curl-8796 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libcurl-devel-7.19.7-1.20.31.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libcurl4-32bit-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.20.31.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libcurl4-x86-7.19.7-1.20.31.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): curl-7.19.7-1.20.31.1 libcurl4-7.19.7-1.20.31.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libcurl4-32bit-7.19.7-1.20.31.1 References: http://support.novell.com/security/cve/CVE-2014-0015.html https://bugzilla.novell.com/858673 http://download.novell.com/patch/finder/?keywords=606b18dd1e3a0fbfccb8d264a48c81a4 From sle-updates at lists.suse.com Fri Jan 31 15:04:41 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jan 2014 23:04:41 +0100 (CET) Subject: SUSE-SU-2014:0178-1: moderate: Security update for openswan Message-ID: <20140131220441.A66123216B@maintenance.suse.de> SUSE Security Update: Security update for openswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0178-1 Rating: moderate References: #859220 Cross-References: CVE-2013-7294 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a Denial of Service (DoS) vulnerability via IKEv2 I1 notifications in openswan. CVE-2013-7294 has been assigned to this issue. Security Issues: * CVE-2013-7294 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-openswan-8815 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-openswan-8815 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): openswan-2.6.16-1.40.1 openswan-doc-2.6.16-1.40.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): openswan-2.6.16-1.40.1 openswan-doc-2.6.16-1.40.1 References: http://support.novell.com/security/cve/CVE-2013-7294.html https://bugzilla.novell.com/859220 http://download.novell.com/patch/finder/?keywords=8c03a9c6bc7982384112974547389842 From sle-updates at lists.suse.com Fri Jan 31 17:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Feb 2014 01:04:11 +0100 (CET) Subject: SUSE-SU-2014:0179-1: moderate: Security update for bind Message-ID: <20140201000411.B4D433216D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0179-1 Rating: moderate References: #858639 Cross-References: CVE-2014-0591 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update fixes a DoS vulnerability in bind when handling malformed NSEC3-signed zones. CVE-2014-0591 has been assigned to this issue. Security Issue references: * CVE-2014-0591 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-bind-8835 - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-bind-8834 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-bind-8835 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-bind-8835 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-bind-8834 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-bind-8834 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-bind-8835 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-bind-8834 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-devel-9.9.4P2-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64) [New Version: 9.9.4P2]: bind-devel-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-devel-9.9.4P2-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP2 (ppc64) [New Version: 9.9.4P2]: bind-devel-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 9.9.4P2]: bind-9.9.4P2-0.6.1 bind-chrootenv-9.9.4P2-0.6.1 bind-doc-9.9.4P2-0.6.1 bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-9.9.4P2-0.6.1 bind-chrootenv-9.9.4P2-0.6.1 bind-doc-9.9.4P2-0.6.1 bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 9.9.4P2]: bind-libs-x86-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 9.9.4P2]: bind-9.9.4P2-0.6.1 bind-chrootenv-9.9.4P2-0.6.1 bind-doc-9.9.4P2-0.6.1 bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-9.9.4P2-0.6.1 bind-chrootenv-9.9.4P2-0.6.1 bind-doc-9.9.4P2-0.6.1 bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Server 11 SP2 (ia64) [New Version: 9.9.4P2]: bind-libs-x86-9.9.4P2-0.6.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 9.9.4P2]: bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 9.9.4P2]: bind-libs-9.9.4P2-0.6.1 bind-utils-9.9.4P2-0.6.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64) [New Version: 9.9.4P2]: bind-libs-32bit-9.9.4P2-0.6.1 References: http://support.novell.com/security/cve/CVE-2014-0591.html https://bugzilla.novell.com/858639 http://download.novell.com/patch/finder/?keywords=c75339b104a030740707866f9580789b http://download.novell.com/patch/finder/?keywords=ce84da90d80e1d2a41882cba36acdeac