From sle-updates at lists.suse.com Fri May 2 15:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 May 2014 23:04:11 +0200 (CEST) Subject: SUSE-SU-2014:0430-4: Security update for rubygem-activerecord-2_3 and rubygem-activesupport-2_3 Message-ID: <20140502210411.2EB1632089@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activerecord-2_3 and rubygem-activesupport-2_3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0430-4 Rating: low References: #864873 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Cloud 2.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: Various Ruby gems were released where the unpacked tree was patched for the current security issues, but the included gem file (gem archive) was not adjusted. This update rolls the current updates to also contain the fixes in the .gem files. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rails-fixgem-201402-8995 - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-rails-fixgem-201402-8995 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): rubygem-activerecord-2_3-2.3.17-0.13.1 rubygem-activesupport-2_3-2.3.17-0.13.1 - SUSE Cloud 2.0 (x86_64): rubygem-activerecord-2_3-2.3.17-0.13.1 rubygem-activesupport-2_3-2.3.17-0.13.1 References: https://bugzilla.novell.com/864873 http://download.suse.com/patch/finder/?keywords=3610d5fab7c3f103da2b40b9185f004b From sle-updates at lists.suse.com Fri May 2 15:04:25 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 May 2014 23:04:25 +0200 (CEST) Subject: SUSE-SU-2014:0457-2: moderate: Security update for rubygem-actionpack-2_3 Message-ID: <20140502210425.D94C632069@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-2_3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0457-2 Rating: moderate References: #864433 #864873 Cross-References: CVE-2014-0081 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Cloud 2.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: Rubygem Actionpack was updated to fix a cross-site scripting vulnerability: * CVE-2014-0081: XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human. Security Issue reference: * CVE-2014-0081 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-rubygem-actionpack-2_3-8993 - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-rubygem-actionpack-2_3-8993 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): rubygem-actionpack-2_3-2.3.17-0.15.2 - SUSE Cloud 2.0 (x86_64): rubygem-actionpack-2_3-2.3.17-0.15.2 References: http://support.novell.com/security/cve/CVE-2014-0081.html https://bugzilla.novell.com/864433 https://bugzilla.novell.com/864873 http://download.suse.com/patch/finder/?keywords=e3856666b1523e9b146a3fb29574a8b8 From sle-updates at lists.suse.com Fri May 2 17:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 May 2014 01:04:12 +0200 (CEST) Subject: SUSE-SU-2014:0605-1: important: Security update for flash-player Message-ID: <20140502230412.68E543208D@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0605-1 Rating: important References: #875577 Cross-References: CVE-2014-0515 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This flash-player update to version 11.2.202.356 fixes the following critical security issue: * bnc#875577: buffer overflow vulnerability that leads to arbitrary code execution (CVE-2014-0515) Adobe Security Bulletin (APSB14-13) http://helpx.adobe.com/security/products/flash-player/apsb14 -13.html Security Issue reference: * CVE-2014-0515 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-9180 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.356]: flash-player-11.2.202.356-0.3.1 flash-player-gnome-11.2.202.356-0.3.1 flash-player-kde4-11.2.202.356-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-0515.html https://bugzilla.novell.com/875577 http://download.suse.com/patch/finder/?keywords=13b3990a87aeceff827af4e5eea4b6a1 From sle-updates at lists.suse.com Mon May 5 15:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 May 2014 23:04:11 +0200 (CEST) Subject: SUSE-RU-2014:0613-1: Recommended update for kiwi Message-ID: <20140505210411.BDDE3320A0@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0613-1 Rating: low References: #822247 #829504 #829537 #838921 #839157 #853253 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Point of Service 11 SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. It includes one version update. Description: This consolidated update for KIWI provides the following fixes and enhancements: * Move kiwi-tools from the Software Development Kit Add-On to SUSE Linux Enterprise Server * Fixed creation of mdadm.conf. The file is missing if the original RAID setup is used without formatting. (bnc#829504) * Fixed broken shell string comparison in KIWILinuxRC if the variable $loader is not set. (bnc#829537) * Fixed getSingleInstSourceSatSolvable() in terms of pattern handling. The function stores projectxml always with the suffix .gz which indicates a compressed version of the file. But the patterns information file could also contain a non-compressed version of patterns.xml which is then wrongly used as a compressed file. (bnc#822247) * Make sure IFS change in kernelCheck function will be applied only in local scope. (bnc#838921) * Follow up fix for the IFS restore in kernelCheck function. The local scope of IFS is visible to functions called from inside this block. Thus localizing IFS does not help, we have to reset the value inside the function. (bnc#838921) * Make sure systemIntegrity is set correctly to 'clean' for netboot deployments into a ramdisk. (bnc#839157) * Follow up patch for setting systemIntegrity for netboot deployments into a ramdisk. Along with systemIntegrity the partition code has to check for haveRamDisk too. (bnc#839157) * Fixed partition alignment for optimal performance on images and repartitioning images with more than one partition. This patch also ensures the repartition code creates an aligned table. (bnc#853253) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-kiwi-8920 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kiwi-8920 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kiwi-8920 - SUSE Linux Enterprise Point of Service 11 SP3: zypper in -t patch sleposp3-kiwi-8920 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.85.116]: kiwi-4.85.116-0.7.1 kiwi-instsource-4.85.116-0.7.1 kiwi-tools-4.85.116-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 s390x x86_64) [New Version: 4.85.116]: kiwi-desc-oemboot-4.85.116-0.7.1 kiwi-desc-vmxboot-4.85.116-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 4.85.116]: kiwi-desc-isoboot-4.85.116-0.7.1 kiwi-desc-netboot-4.85.116-0.7.1 kiwi-doc-4.85.116-0.7.1 kiwi-pxeboot-4.85.116-0.7.1 kiwi-pxeboot-prebuild-3.74.2-0.83.182 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): kiwi-tools-4.85.116-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): kiwi-tools-4.85.116-0.7.1 - SUSE Linux Enterprise Point of Service 11 SP3 (i586 x86_64) [New Version: 4.85.116]: kiwi-4.85.116-0.7.1 kiwi-desc-isoboot-4.85.116-0.7.1 kiwi-desc-netboot-4.85.116-0.7.1 kiwi-desc-oemboot-4.85.116-0.7.1 kiwi-doc-4.85.116-0.7.1 kiwi-tools-4.85.116-0.7.1 References: https://bugzilla.novell.com/822247 https://bugzilla.novell.com/829504 https://bugzilla.novell.com/829537 https://bugzilla.novell.com/838921 https://bugzilla.novell.com/839157 https://bugzilla.novell.com/853253 http://download.suse.com/patch/finder/?keywords=5b4fdd8e689c728cb151bde0b7fdc8f9 From sle-updates at lists.suse.com Tue May 6 13:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 May 2014 21:04:14 +0200 (CEST) Subject: SUSE-RU-2014:0614-1: moderate: Recommended update for gcc47 Message-ID: <20140506190414.69DEA320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc47 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0614-1 Rating: moderate References: #871552 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes an issue in libstdc++ where it wrongly identified exceptions in construction as being uncaught. This problem could affect some newer C++ applications. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-cpp47-9125 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cpp47-9125 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cpp47-9125 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cpp47-9125 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): cpp47-4.7.2_20130108-0.17.2 gcc47-4.7.2_20130108-0.17.2 gcc47-c++-4.7.2_20130108-0.17.2 gcc47-fortran-4.7.2_20130108-0.17.2 gcc47-info-4.7.2_20130108-0.17.2 gcc47-locale-4.7.2_20130108-0.17.2 libgfortran3-4.7.2_20130108-0.17.2 libstdc++47-devel-4.7.2_20130108-0.17.2 libstdc++47-doc-4.7.2_20130108-0.17.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): gcc47-32bit-4.7.2_20130108-0.17.2 gcc47-fortran-32bit-4.7.2_20130108-0.17.2 libgfortran3-32bit-4.7.2_20130108-0.17.2 libstdc++47-devel-32bit-4.7.2_20130108-0.17.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 x86_64): libquadmath0-4.7.2_20130108-0.17.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): libquadmath0-32bit-4.7.2_20130108-0.17.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libgcc_s1-4.7.2_20130108-0.17.2 libgomp1-4.7.2_20130108-0.17.2 libstdc++6-4.7.2_20130108-0.17.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libgcc_s1-32bit-4.7.2_20130108-0.17.2 libgomp1-32bit-4.7.2_20130108-0.17.2 libstdc++6-32bit-4.7.2_20130108-0.17.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgcc_s1-4.7.2_20130108-0.17.2 libgomp1-4.7.2_20130108-0.17.2 libstdc++6-4.7.2_20130108-0.17.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libgcc_s1-32bit-4.7.2_20130108-0.17.2 libgomp1-32bit-4.7.2_20130108-0.17.2 libstdc++6-32bit-4.7.2_20130108-0.17.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): libgcc_s1-x86-4.7.2_20130108-0.17.2 libstdc++6-x86-4.7.2_20130108-0.17.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libgcc_s1-4.7.2_20130108-0.17.2 libgomp1-4.7.2_20130108-0.17.2 libstdc++6-4.7.2_20130108-0.17.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libgcc_s1-32bit-4.7.2_20130108-0.17.2 libgomp1-32bit-4.7.2_20130108-0.17.2 libstdc++6-32bit-4.7.2_20130108-0.17.2 References: https://bugzilla.novell.com/871552 http://download.suse.com/patch/finder/?keywords=4773d79c31f9a06a216c68b95f439841 From sle-updates at lists.suse.com Wed May 7 05:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 May 2014 13:04:13 +0200 (CEST) Subject: SUSE-SU-2014:0547-2: moderate: Security update for openstack-swift Message-ID: <20140507110413.1FB89320A9@maintenance.suse.de> SUSE Security Update: Security update for openstack-swift ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0547-2 Rating: moderate References: #858459 Cross-References: CVE-2014-0006 Affected Products: SUSE Cloud 2.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: A timing attack vulnerability has been fixed in openstack-swift, namely in the Swift TempURL middleware. By analyzing response times to arbitrary TempURL requests, an attacker may be able to guess valid secret URLs and get access to objects that were only intended to be publicly shared with specific recipients. In order to use this attack, the attacker needs to know the targeted object name, and the object account needs to have a TempURL key set. Only Swift setups enabling the TempURL middleware are affected. Security Issues: * CVE-2014-0006 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 2.0: zypper in -t patch sleclo20sp3-openstack-swift-8958 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 2.0 (x86_64): openstack-swift-1.8.0.1+git.1375920359.1f4ec23-0.9.1 openstack-swift-account-1.8.0.1+git.1375920359.1f4ec23-0.9.1 openstack-swift-container-1.8.0.1+git.1375920359.1f4ec23-0.9.1 openstack-swift-object-1.8.0.1+git.1375920359.1f4ec23-0.9.1 openstack-swift-proxy-1.8.0.1+git.1375920359.1f4ec23-0.9.1 python-swift-1.8.0.1+git.1375920359.1f4ec23-0.9.1 - SUSE Cloud 2.0 (noarch): openstack-swift-doc-1.8.0.1+git.1375920359.1f4ec23-0.9.1 References: http://support.novell.com/security/cve/CVE-2014-0006.html https://bugzilla.novell.com/858459 http://download.suse.com/patch/finder/?keywords=eba9f698e0559857cea64e69463841bc From sle-updates at lists.suse.com Wed May 7 11:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 May 2014 19:04:11 +0200 (CEST) Subject: SUSE-RU-2014:0621-1: Recommended update for x11-input-wacom Message-ID: <20140507170411.DA78C320AA@maintenance.suse.de> SUSE Recommended Update: Recommended update for x11-input-wacom ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0621-1 Rating: low References: #860803 #869431 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This updates provides a new version of X.Org's Wacom input driver, fixing issues and bringing various enhancements: * Fix namespace of non-static driver functions to not conflict with other drivers. * Make sure serial number is available for proximity event logging. * Fix the 'lost button event' issue when pen hits the tablet too fast. * Implement logging of events and fix up some of the existing debug messages in the driver. * Add new options to the wacom(4) man page. (bnc#869431, bnc#860803, FATE#316712) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-x11-input-wacom-9061 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-x11-input-wacom-9061 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 x86_64) [New Version: 0.9.8]: x11-input-wacom-0.9.8-0.7.1 x11-input-wacom-devel-0.9.8-0.7.1 x11-input-wacom-tools-0.9.8-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.9.8]: x11-input-wacom-0.9.8-0.7.1 x11-input-wacom-tools-0.9.8-0.7.1 References: https://bugzilla.novell.com/860803 https://bugzilla.novell.com/869431 http://download.suse.com/patch/finder/?keywords=bf5d18e183dcf3e3aa273de5237bbe95 From sle-updates at lists.suse.com Wed May 7 15:04:35 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 May 2014 23:04:35 +0200 (CEST) Subject: SUSE-RU-2014:0622-1: important: Recommended update for suse-build-key Message-ID: <20140507210435.D6130320AA@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-build-key ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0622-1 Rating: important References: #868259 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE GPG signing keys that are used for repository integrity checking have been extended to March 17th, 2018. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-suse-build-key-9190 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-suse-build-key-9190 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-suse-build-key-9190 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): suse-build-key-1.0-907.44.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): suse-build-key-1.0-907.44.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): suse-build-key-1.0-907.44.1 References: https://bugzilla.novell.com/868259 http://download.suse.com/patch/finder/?keywords=24701ce983087dbf5baaf2037d81387c From sle-updates at lists.suse.com Thu May 8 11:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 May 2014 19:04:13 +0200 (CEST) Subject: SUSE-SU-2014:0623-1: important: Security update for kvm Message-ID: <20140508170413.4AA5F320DF@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0623-1 Rating: important References: #812983 #817593 #842006 #864802 #870439 Cross-References: CVE-2013-2016 CVE-2013-4344 CVE-2013-4541 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 Affected Products: SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. It includes one version update. Description: The QEMU embedded within KVM received various security fixes. Various issues in the block layer have been fixed: * A virtio security issue in config io space handling (CVE-2013-2016). * A SCSI report LUNs buffer overflow (CVE-2013-4344). * A buffer overflow in the QEMU USB stack (CVE-2013-4541). Security Issue references: * CVE-2013-2016 * CVE-2013-4344 * CVE-2013-4541 * CVE-2014-0142 * CVE-2014-0143 * CVE-2014-0144 * CVE-2014-0145 * CVE-2014-0146 * CVE-2014-0147 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kvm-9142 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kvm-9142 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (i586 s390x x86_64) [New Version: 1.4.2]: kvm-1.4.2-0.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.4.2]: kvm-1.4.2-0.11.1 References: http://support.novell.com/security/cve/CVE-2013-2016.html http://support.novell.com/security/cve/CVE-2013-4344.html http://support.novell.com/security/cve/CVE-2013-4541.html http://support.novell.com/security/cve/CVE-2014-0142.html http://support.novell.com/security/cve/CVE-2014-0143.html http://support.novell.com/security/cve/CVE-2014-0144.html http://support.novell.com/security/cve/CVE-2014-0145.html http://support.novell.com/security/cve/CVE-2014-0146.html http://support.novell.com/security/cve/CVE-2014-0147.html https://bugzilla.novell.com/812983 https://bugzilla.novell.com/817593 https://bugzilla.novell.com/842006 https://bugzilla.novell.com/864802 https://bugzilla.novell.com/870439 http://download.suse.com/patch/finder/?keywords=7b040d1de764d7e94156d09f838af746 From sle-updates at lists.suse.com Thu May 8 11:05:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 May 2014 19:05:10 +0200 (CEST) Subject: SUSE-RU-2014:0622-2: important: Recommended update for suse-build-key Message-ID: <20140508170510.F0AA2320B9@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-build-key ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0622-2 Rating: important References: #868259 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The SUSE GPG signing keys that are used for repository integrity checking have been extended to March 17th, 2018. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-suse-build-key-9191 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-suse-build-key-9192 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (noarch): suse-build-key-1.0-907.39.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch): suse-build-key-1.0-907.36.36.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (noarch): suse-build-key-1.0-685.20.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (noarch): suse-build-key-1.0-685.20.1 References: https://bugzilla.novell.com/868259 http://download.suse.com/patch/finder/?keywords=0c7cb3e4c323c0e9101092bca6900051 http://download.suse.com/patch/finder/?keywords=5e27693f2b34e1e8ca1468f7b3d46a33 http://download.suse.com/patch/finder/?keywords=a39e97353e29beab2c0566e455f8411e http://download.suse.com/patch/finder/?keywords=d9e564f6fdfae100b8ebacb1ef1ecad6 From sle-updates at lists.suse.com Fri May 9 12:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 May 2014 20:04:13 +0200 (CEST) Subject: SUSE-RU-2014:0624-1: important: Recommended update for sm-ncc-sync-data Message-ID: <20140509180413.AC720320DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sm-ncc-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0624-1 Rating: important References: #874645 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update adds support for the SUSE Linux Enterprise Security Module 11 SP3 in SUSE Manager. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-sm-ncc-sync-data-9184 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.18]: sm-ncc-sync-data-1.7.18-0.5.1 References: https://bugzilla.novell.com/874645 http://download.suse.com/patch/finder/?keywords=630f941028f91253a772546414501086 From sle-updates at lists.suse.com Mon May 12 11:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 May 2014 19:04:12 +0200 (CEST) Subject: SUSE-SU-2014:0630-1: moderate: Security update for oracle-update Message-ID: <20140512170412.D46D9320F3@maintenance.suse.de> SUSE Security Update: Security update for oracle-update ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0630-1 Rating: moderate References: #873982 Cross-References: CVE-2014-2406 CVE-2014-2408 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update contains 2 new security fixes for the Oracle Database Server. * Fixed two security issues with the Oracle Database Server (2014/04) (bnc#873982) o CVE-2014-2406 Core RDBMS Oracle Net o CVE-2014-2408 Core RDBMS Oracle Net http://www.oracle.com/technetwork/topics/security/cpuapr2014 -1972952.html#AppendixDB Security Issue references: * CVE-2014-2406 * CVE-2014-2408 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-oracle-update-9148 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): oracle-update-1.7-0.25.1 References: http://support.novell.com/security/cve/CVE-2014-2406.html http://support.novell.com/security/cve/CVE-2014-2408.html https://bugzilla.novell.com/873982 http://download.suse.com/patch/finder/?keywords=b6bfa300835a840de95bfce73e3f83f7 From sle-updates at lists.suse.com Mon May 12 15:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 May 2014 23:04:11 +0200 (CEST) Subject: SUSE-SU-2014:0631-1: moderate: Security update for pam Message-ID: <20140512210411.824CB320F2@maintenance.suse.de> SUSE Security Update: Security update for pam ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0631-1 Rating: moderate References: #848417 #870433 Cross-References: CVE-2014-2583 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update changes the broken default behavior of pam_pwhistory to not enforce checks when the root user requests password changes. In order to enforce pwhistory checks on the root user, the "enforce_for_root" parameter needs to be set for the pam_pwhistory.so module. This pam update fixes the following security and non-security issues: * bnc#870433: Fixed pam_timestamp path injection problem (CVE-2014-2583) * bnc#848417: Fixed pam_pwhistory root password enforcement when resetting non-root user's password Security Issue references: * CVE-2014-2583 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-pam-9119 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-pam-9119 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-pam-9119 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-pam-9119 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): pam-devel-1.1.5-0.12.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): pam-devel-32bit-1.1.5-0.12.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): pam-1.1.5-0.12.1 pam-doc-1.1.5-0.12.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): pam-32bit-1.1.5-0.12.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): pam-1.1.5-0.12.1 pam-doc-1.1.5-0.12.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): pam-32bit-1.1.5-0.12.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): pam-x86-1.1.5-0.12.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): pam-1.1.5-0.12.1 pam-doc-1.1.5-0.12.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): pam-32bit-1.1.5-0.12.1 References: http://support.novell.com/security/cve/CVE-2014-2583.html https://bugzilla.novell.com/848417 https://bugzilla.novell.com/870433 http://download.suse.com/patch/finder/?keywords=27475b4ff1af664e165515820a6769ef From sle-updates at lists.suse.com Tue May 13 17:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 May 2014 01:04:14 +0200 (CEST) Subject: SUSE-SU-2014:0638-1: important: Security update for Mozilla Firefox Message-ID: <20140513230414.B707A320F0@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0638-1 Rating: important References: #865539 #869827 #875378 #875803 Cross-References: CVE-2014-1518 CVE-2014-1520 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes three new package versions. Description: This Mozilla Firefox and Mozilla NSS update to 24.5.0esr fixes the following several security and non-security issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16: * required for Firefox 29 * CVE-2014-1492: In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. Security Issue references: * CVE-2014-1532 * CVE-2014-1531 * CVE-2014-1530 * CVE-2014-1529 * CVE-2014-1524 * CVE-2014-1523 * CVE-2014-1520 * CVE-2014-1518 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-MozillaFirefox-201404-9185 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-MozillaFirefox-201404-9185 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-MozillaFirefox-201404-9185 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-MozillaFirefox-201404-9185 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.16 and 4.10.4]: MozillaFirefox-devel-24.5.0esr-0.8.1 mozilla-nspr-devel-4.10.4-0.3.1 mozilla-nss-devel-3.16-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.5.0esr,3.16 and 4.10.4]: MozillaFirefox-24.5.0esr-0.8.1 MozillaFirefox-translations-24.5.0esr-0.8.1 libfreebl3-3.16-0.8.1 libsoftokn3-3.16-0.8.1 mozilla-nspr-4.10.4-0.3.1 mozilla-nss-3.16-0.8.1 mozilla-nss-tools-3.16-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.16 and 4.10.4]: libfreebl3-32bit-3.16-0.8.1 libsoftokn3-32bit-3.16-0.8.1 mozilla-nspr-32bit-4.10.4-0.3.1 mozilla-nss-32bit-3.16-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.5.0esr,3.16 and 4.10.4]: MozillaFirefox-24.5.0esr-0.8.1 MozillaFirefox-branding-SLED-24-0.7.36 MozillaFirefox-translations-24.5.0esr-0.8.1 libfreebl3-3.16-0.8.1 libsoftokn3-3.16-0.8.1 mozilla-nspr-4.10.4-0.3.1 mozilla-nss-3.16-0.8.1 mozilla-nss-tools-3.16-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.16 and 4.10.4]: libfreebl3-32bit-3.16-0.8.1 libsoftokn3-32bit-3.16-0.8.1 mozilla-nspr-32bit-4.10.4-0.3.1 mozilla-nss-32bit-3.16-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.16 and 4.10.4]: libfreebl3-x86-3.16-0.8.1 libsoftokn3-x86-3.16-0.8.1 mozilla-nspr-x86-4.10.4-0.3.1 mozilla-nss-x86-3.16-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.5.0esr,3.16 and 4.10.4]: MozillaFirefox-24.5.0esr-0.8.1 MozillaFirefox-branding-SLED-24-0.7.36 MozillaFirefox-translations-24.5.0esr-0.8.1 libfreebl3-3.16-0.8.1 libsoftokn3-3.16-0.8.1 mozilla-nspr-4.10.4-0.3.1 mozilla-nss-3.16-0.8.1 mozilla-nss-tools-3.16-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.16 and 4.10.4]: libfreebl3-32bit-3.16-0.8.1 libsoftokn3-32bit-3.16-0.8.1 mozilla-nspr-32bit-4.10.4-0.3.1 mozilla-nss-32bit-3.16-0.8.1 References: http://support.novell.com/security/cve/CVE-2014-1518.html http://support.novell.com/security/cve/CVE-2014-1520.html http://support.novell.com/security/cve/CVE-2014-1523.html http://support.novell.com/security/cve/CVE-2014-1524.html http://support.novell.com/security/cve/CVE-2014-1529.html http://support.novell.com/security/cve/CVE-2014-1530.html http://support.novell.com/security/cve/CVE-2014-1531.html http://support.novell.com/security/cve/CVE-2014-1532.html https://bugzilla.novell.com/865539 https://bugzilla.novell.com/869827 https://bugzilla.novell.com/875378 https://bugzilla.novell.com/875803 http://download.suse.com/patch/finder/?keywords=10e2fe4f221c02f421ee93cc33680e53 From sle-updates at lists.suse.com Tue May 13 17:05:03 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 May 2014 01:05:03 +0200 (CEST) Subject: SUSE-SU-2014:0639-1: important: Security update for OpenJDK Message-ID: <20140513230503.89DB1320A4@maintenance.suse.de> SUSE Security Update: Security update for OpenJDK ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0639-1 Rating: important References: #873873 Cross-References: CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 26 vulnerabilities is now available. Description: This java-1_7_0-openjdk update to version 2.4.7 fixes the following security and non-security issues: * Security fixes o S8023046: Enhance splashscreen support o S8025005: Enhance CORBA initializations o S8025010, CVE-2014-2412: Enhance AWT contexts o S8025030, CVE-2014-2414: Enhance stream handling o S8025152, CVE-2014-0458: Enhance activation set up o S8026067: Enhance signed jar verification o S8026163, CVE-2014-2427: Enhance media provisioning o S8026188, CVE-2014-2423: Enhance envelope factory o S8026200: Enhance RowSet Factory o S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling o S8026736, CVE-2014-2398: Enhance Javadoc pages o S8026797, CVE-2014-0451: Enhance data transfers o S8026801, CVE-2014-0452: Enhance endpoint addressing o S8027766, CVE-2014-0453: Enhance RSA processing o S8027775: Enhance ICU code. o S8027841, CVE-2014-0429: Enhance pixel manipulations o S8028385: Enhance RowSet Factory o S8029282, CVE-2014-2403: Enhance CharInfo set up o S8029286: Enhance subject delegation o S8029699: Update Poller demo o S8029730: Improve audio device additions o S8029735: Enhance service mgmt natives o S8029740, CVE-2014-0446: Enhance handling of loggers o S8029745, CVE-2014-0454: Enhance algorithm checking o S8029750: Enhance LCMS color processing (in-tree LCMS) o S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) o S8029844, CVE-2014-0455: Enhance argument validation o S8029854, CVE-2014-2421: Enhance JPEG decodings o S8029858, CVE-2014-0456: Enhance array copies o S8030731, CVE-2014-0460: Improve name service robustness o S8031330: Refactor ObjectFactory o S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) o S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) o S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader o S8031395: Enhance LDAP processing o S8032686, CVE-2014-2413: Issues with method invoke o S8033618, CVE-2014-1876: Correct logging output o S8034926, CVE-2014-2397: Attribute classes properly o S8036794, CVE-2014-0461: Manage JavaScript instances * Backports o S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. o S8007625: race with nested repos in /common/bin/hgforest.sh o S8011178: improve common/bin/hgforest.sh python detection (MacOS) o S8011342: hgforest.sh : 'python --version' not supported on older python o S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells o S8024200: handle hg wrapper with space after #! o S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations o S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException o S8031477: [macosx] Loading AWT native library fails o S8032370: No "Truncated file" warning from IIOReadWarningListener on JPEGImageReader o S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed * Bug fixes o PR1393: JPEG support in build is broken on non-system-libjpeg builds o PR1726: configure fails looking for ecj.jar before even trying to find javac o Red Hat local: Fix for repo with path statting with / . o Remove unused hgforest script Security Issue references: * CVE-2014-2412 * CVE-2014-2414 * CVE-2014-0458 * CVE-2014-2427 * CVE-2014-2423 * CVE-2014-2402 * CVE-2014-2398 * CVE-2014-0451 * CVE-2014-0452 * CVE-2014-0453 * CVE-2014-0429 * CVE-2014-2403 * CVE-2014-0446 * CVE-2014-0454 * CVE-2013-6629 * CVE-2014-0455 * CVE-2014-2421 * CVE-2014-0456 * CVE-2014-0460 * CVE-2014-0459 * CVE-2013-6954 * CVE-2014-0457 * CVE-2014-2413 * CVE-2014-1876 * CVE-2014-2397 * CVE-2014-0461 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-java-1_7_0-openjdk-9209 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): java-1_7_0-openjdk-1.7.0.6-0.27.1 java-1_7_0-openjdk-demo-1.7.0.6-0.27.1 java-1_7_0-openjdk-devel-1.7.0.6-0.27.1 References: http://support.novell.com/security/cve/CVE-2013-6629.html http://support.novell.com/security/cve/CVE-2013-6954.html http://support.novell.com/security/cve/CVE-2014-0429.html http://support.novell.com/security/cve/CVE-2014-0446.html http://support.novell.com/security/cve/CVE-2014-0451.html http://support.novell.com/security/cve/CVE-2014-0452.html http://support.novell.com/security/cve/CVE-2014-0453.html http://support.novell.com/security/cve/CVE-2014-0454.html http://support.novell.com/security/cve/CVE-2014-0455.html http://support.novell.com/security/cve/CVE-2014-0456.html http://support.novell.com/security/cve/CVE-2014-0457.html http://support.novell.com/security/cve/CVE-2014-0458.html http://support.novell.com/security/cve/CVE-2014-0459.html http://support.novell.com/security/cve/CVE-2014-0460.html http://support.novell.com/security/cve/CVE-2014-0461.html http://support.novell.com/security/cve/CVE-2014-1876.html http://support.novell.com/security/cve/CVE-2014-2397.html http://support.novell.com/security/cve/CVE-2014-2398.html http://support.novell.com/security/cve/CVE-2014-2402.html http://support.novell.com/security/cve/CVE-2014-2403.html http://support.novell.com/security/cve/CVE-2014-2412.html http://support.novell.com/security/cve/CVE-2014-2413.html http://support.novell.com/security/cve/CVE-2014-2414.html http://support.novell.com/security/cve/CVE-2014-2421.html http://support.novell.com/security/cve/CVE-2014-2423.html http://support.novell.com/security/cve/CVE-2014-2427.html https://bugzilla.novell.com/873873 http://download.suse.com/patch/finder/?keywords=9e107d0028325fe6789728abca9fee1d From sle-updates at lists.suse.com Wed May 14 11:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 May 2014 19:04:14 +0200 (CEST) Subject: SUSE-RU-2014:0642-1: moderate: Recommended update for microcode_ctl Message-ID: <20140514170414.3474E320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0642-1 Rating: moderate References: #876073 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Intel's CPU microcode version 20140430. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-microcode_ctl-9196 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-microcode_ctl-9196 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-microcode_ctl-9196 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): microcode_ctl-1.17-102.72.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): microcode_ctl-1.17-102.72.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): microcode_ctl-1.17-102.72.1 References: https://bugzilla.novell.com/876073 http://download.suse.com/patch/finder/?keywords=608667055b9b214d8e2412226ff8d6b0 From sle-updates at lists.suse.com Wed May 14 16:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 00:04:13 +0200 (CEST) Subject: SUSE-SU-2014:0643-1: Security update for lxc Message-ID: <20140514220413.39F14320F2@maintenance.suse.de> SUSE Security Update: Security update for lxc ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0643-1 Rating: low References: #839653 #839663 #855809 #869663 Cross-References: CVE-2013-6441 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. It includes one version update. Description: The container framework LXC has been updated to fix various bugs and a security issue: * CVE-2013-6441: The sshd template allowed privilege escalation on the host. * SLES container time not aligned with host time (bnc#839653) * SLES container boot takes ages (bnc#839663) * lxc mounts /dev/pts with wrong options (bnc#869663) Security Issues: * CVE-2013-6441 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-lxc-9084 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-lxc-9084 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-lxc-9084 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-lxc-9084 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.8.0]: lxc-devel-0.8.0-0.21.6 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 0.8.0]: lxc-0.8.0-0.21.6 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): lxc-0.8.0-0.21.6 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): lxc-0.8.0-0.21.6 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): lxc-0.8.0-0.21.6 References: http://support.novell.com/security/cve/CVE-2013-6441.html https://bugzilla.novell.com/839653 https://bugzilla.novell.com/839663 https://bugzilla.novell.com/855809 https://bugzilla.novell.com/869663 http://download.suse.com/patch/finder/?keywords=61ec747452b7ab31ceb87c9fe831946e From sle-updates at lists.suse.com Thu May 15 09:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 17:04:14 +0200 (CEST) Subject: SUSE-RU-2014:0651-1: moderate: Recommended update for Client Tools 1.7 Message-ID: <20140515150414.23905320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for Client Tools 1.7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0651-1 Rating: moderate References: #853913 #854090 #865934 #866490 #871103 Affected Products: SLE CLIENT TOOLS 10 for x86_64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 for ia64 SLE CLIENT TOOLS 10 for PPC SLE CLIENT TOOLS 10 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This collective update for the SUSE Manager Client Tools 1.7 provides the following fixes and enhancements: spacewalk-backend-libs: * Miscellaneous bug fixes in the main package. (bnc#866490, bnc#865934, bnc#853913, bnc#854090) spacewalk-remote-utils: * Add channel definitions for RHEL 6.4 and 6.5. (bnc#871103) * Add channel definitions for RHEL 5.9 and 5.10. (bnc#871103) * Sort 6.1 and 6.2 Supplementary content. * Add RHEL 4.9-Extras channel definitions. * Add optional and supplementary RHEL 6.3 channel definitions. * Fix dir to match RHEL6 supplementary and optional channels. Package List: - SLE CLIENT TOOLS 10 for x86_64 (x86_64): spacewalk-backend-libs-1.7.38.32-0.5.1 - SLE CLIENT TOOLS 10 for x86_64 (noarch): spacewalk-remote-utils-1.7.1.5-0.5.1 - SLE CLIENT TOOLS 10 for s390x (noarch): spacewalk-remote-utils-1.7.1.5-0.5.1 - SLE CLIENT TOOLS 10 for s390x (s390x): spacewalk-backend-libs-1.7.38.32-0.5.1 - SLE CLIENT TOOLS 10 for ia64 (noarch): spacewalk-remote-utils-1.7.1.5-0.5.1 - SLE CLIENT TOOLS 10 for ia64 (ia64): spacewalk-backend-libs-1.7.38.32-0.5.1 - SLE CLIENT TOOLS 10 for PPC (noarch): spacewalk-remote-utils-1.7.1.5-0.5.1 - SLE CLIENT TOOLS 10 for PPC (ppc): spacewalk-backend-libs-1.7.38.32-0.5.1 - SLE CLIENT TOOLS 10 (noarch): spacewalk-remote-utils-1.7.1.5-0.5.1 - SLE CLIENT TOOLS 10 (i586): spacewalk-backend-libs-1.7.38.32-0.5.1 References: https://bugzilla.novell.com/853913 https://bugzilla.novell.com/854090 https://bugzilla.novell.com/865934 https://bugzilla.novell.com/866490 https://bugzilla.novell.com/871103 http://download.suse.com/patch/finder/?keywords=f97a460d5ef7232ac84f4edeee25b401 From sle-updates at lists.suse.com Thu May 15 09:05:15 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 17:05:15 +0200 (CEST) Subject: SUSE-RU-2014:0652-1: moderate: Recommended update for Client Tools 1.7 Message-ID: <20140515150515.D5098320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for Client Tools 1.7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0652-1 Rating: moderate References: #865934 #866490 #871103 Affected Products: SUSE Manager Client Tools for SLE 11 SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This collective update for the SUSE Manager Client Tools 1.7 provides the following fixes and enhancements: spacewalk-backend-libs: * Miscellaneous bug fixes in the main package. (bnc#866490, bnc#865934) spacewalk-remote-utils: * Add channel definitions for RHEL 6.4 and 6.5. (bnc#871103) * Add channel definitions for RHEL 5.9 and 5.10. (bnc#871103) * Sort 6.1 and 6.2 Supplementary content. * Add RHEL 4.9-Extras channel definitions. * Add optional and supplementary RHEL 6.3 channel definitions. * Fix dir to match RHEL6 supplementary and optional channels. supportutils-plugin-susemanager-client: * Add SUSE Manager Client plugin for supportconfig. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP2: zypper in -t patch slesctsp2-client-tools-201404-9096 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP2 (i586 ia64 ppc64 s390x x86_64): spacewalk-backend-libs-1.7.38.32-0.5.1 - SUSE Manager Client Tools for SLE 11 SP2 (noarch): spacewalk-remote-utils-1.7.1.5-0.5.1 supportutils-plugin-susemanager-client-1.0.3-0.5.1 References: https://bugzilla.novell.com/865934 https://bugzilla.novell.com/866490 https://bugzilla.novell.com/871103 http://download.suse.com/patch/finder/?keywords=1bd4b6bbf9afb51c08457b5999af4c03 From sle-updates at lists.suse.com Thu May 15 11:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 19:04:14 +0200 (CEST) Subject: SUSE-RU-2014:0653-1: moderate: Recommended update for jabberd Message-ID: <20140515170415.15E4D320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for jabberd ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0653-1 Rating: moderate References: #787621 Affected Products: SUSE Manager Proxy 1.7 for SLE 11 SP2 SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: The Jabber Open Source Server (jabberd) was updated to version 2.2.17, bringing many fixes and enhancements: * Enhancements from the Apple ChatServer fork were merged into mainline. * Shortcut DNS resolution failure in cases when given domain name is invalid. * Implement XEP-0138: Stream Compression for S2S connections. * Prevent /usr/bin/jabberd from busy-looping. * Many stability fixes, memory leak fixes, and connection handling fixes. (bnc#787621). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 1.7 for SLE 11 SP2: zypper in -t patch slemap17sp2-jabberd-9092 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-jabberd-9092 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 1.7 for SLE 11 SP2 (x86_64) [New Version: 2.2.17]: jabberd-2.2.17-0.4.2.1 jabberd-db-2.2.17-0.4.2.1 - SUSE Manager 1.7 for SLE 11 SP2 (x86_64) [New Version: 2.2.17]: jabberd-2.2.17-0.4.2.1 jabberd-db-2.2.17-0.4.2.1 References: https://bugzilla.novell.com/787621 http://download.suse.com/patch/finder/?keywords=7e6a326100cc0c1796760d7467dee832 From sle-updates at lists.suse.com Thu May 15 11:04:33 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 19:04:33 +0200 (CEST) Subject: SUSE-RU-2014:0654-1: Recommended update for supportutils-plugin-susecloud Message-ID: <20140515170433.CAEC6320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-susecloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0654-1 Rating: low References: #875511 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest version of SUSE Cloud's plug-in for the supportconfig tool, which includes the following enhancements: * Capture openvswitch files * Update list of RPMs with current content of media * Collect neutron (and not quantum) logs * Gather corosync configuration files * Add cluster log files in support check * Capture /var/chef/cache/failed-run-data.json. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-supportutils-plugin-susecloud-9174 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (noarch) [New Version: 3.0.1396939525.4cb9bec]: supportutils-plugin-susecloud-3.0.1396939525.4cb9bec-0.7.1 References: https://bugzilla.novell.com/875511 http://download.suse.com/patch/finder/?keywords=2b8ec36167baf7ddd94faafa16ee0cf2 From sle-updates at lists.suse.com Thu May 15 11:04:47 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 19:04:47 +0200 (CEST) Subject: SUSE-RU-2014:0655-1: moderate: Recommended update for SUSE Manager Proxy 1.7 Message-ID: <20140515170447.33D61320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 1.7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0655-1 Rating: moderate References: #823853 #853317 #862043 #863396 #864787 #865934 #866490 #871103 Affected Products: SUSE Manager Proxy 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. It includes 6 new package versions. Description: This collective update for SUSE Manager Proxy 1.7 provides the following fixes and enhancements: nocpulse-common: * Rotate root owned logfiles as user nocpulse but do not compress rotated files. * Rotate log files with correct permissions. (bnc#863396) spacewalk-backend: * reposync: Remove interrupted downloads. (bnc#866490) * spacewalk-debug: Dereference links. (bnc#865934) * Inter server sync: Export also errata's severity. * Allow CVE-IDs with more than 13 chars to support new CVE-ID syntax. spacewalk-certs-tools: * bootstrap: Disable local yum repositories on RHEL systems. (bnc#864787) spacewalk-remote-utils: * Add channel definitions for RHEL 6.4 and 6.5. (bnc#871103) * Add channel definitions for RHEL 5.9 and 5.10. (bnc#871103) * Sort 6.1 and 6.2 Supplementary content. * Add RHEL 4.9-Extras channel definitions. * Add optional and supplementary RHEL 6.3 channel definitions. * Fix dir to match RHEL6 supplementary and optional channels. spacewalk-setup-jabberd: * s2s: Enable resolve-ipv6. spacewalk-web: * Fail if rhnPackage.path is NULL. (bnc#862043) * Make sure not to submit the placeholder as a password. (bnc#823853) * Set 0 (false) as the default for 'ssh_push_use_hostname'. (bnc#853317) supportutils-plugin-susemanager-proxy: * Add SUSE Manager Proxy plugin for supportconfig. supportutils-plugin-susemanager-client: * Add SUSE Manager Client plugin for supportconfig. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 1.7 for SLE 11 SP2: zypper in -t patch slemap17sp2-suse-manager-proxy-201404-9095 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 1.7 for SLE 11 SP2 (x86_64) [New Version: 1.7.38.32]: spacewalk-backend-1.7.38.32-0.5.1 spacewalk-backend-libs-1.7.38.32-0.5.1 - SUSE Manager Proxy 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.0.6,1.7.1.5,1.7.28.21,1.7.3.12 and 2.2.4.3]: nocpulse-common-2.2.4.3-0.5.1 spacewalk-base-minimal-1.7.28.21-0.5.1 spacewalk-certs-tools-1.7.3.12-0.5.1 spacewalk-remote-utils-1.7.1.5-0.5.1 spacewalk-setup-jabberd-1.7.0.6-0.5.1 supportutils-plugin-susemanager-client-1.0.3-0.5.1 supportutils-plugin-susemanager-proxy-1.0.2-0.5.1 References: https://bugzilla.novell.com/823853 https://bugzilla.novell.com/853317 https://bugzilla.novell.com/862043 https://bugzilla.novell.com/863396 https://bugzilla.novell.com/864787 https://bugzilla.novell.com/865934 https://bugzilla.novell.com/866490 https://bugzilla.novell.com/871103 http://download.suse.com/patch/finder/?keywords=66f8be798f4aec431228fef07b1c74e8 From sle-updates at lists.suse.com Thu May 15 11:06:35 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 19:06:35 +0200 (CEST) Subject: SUSE-RU-2014:0656-1: Feature-update to provide High Availability support for SUSE Cloud 3 Message-ID: <20140515170635.8B40C320FF@maintenance.suse.de> SUSE Recommended Update: Feature-update to provide High Availability support for SUSE Cloud 3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0656-1 Rating: low References: #840255 #847189 #861551 #863719 #865733 #869078 #869570 #870175 #870898 #871199 #871855 #872116 #872361 #872700 #872915 #873127 #874171 #874611 #874755 #876326 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 15 fixes is now available. It includes 33 new package versions. Description: This collective update provides the ability to remove single point of failures from a SUSE Cloud deployment by enabling High Availability support for the OpenStack services. Please refer to the updated deployment guide to learn about how to configure High Availability support. The update also includes fixes for several bugs and some security issues. The following new packages have been added to the product: haproxy, crowbar-barclamp-pacemaker, openstack-resource-agents, rubygem-bson-1_9, rubygem-mongo and patterns-cloud. Crowbar and the following Barclamps have been updated: ceilometer, ceph, cinder, crowbar, database, deployer, dns, glance, heat, ipmi, keystone, logging, network, neutron, nfs_client, nova, nova_dashboard, ntp, provisioner, rabbitmq, suse-manager-client, swift and updater. The following OpenStack modules have been updated: ceilometer, dashboard, keystone, neutron, nova and suse. The following Python modules have been updated: heatclient, neutronclient, psycopg2 and amqp. The YaST2 Crowbar module was also updated to enable the new High Availability feature. Finally, the update ships with the latest revision of the SUSE Cloud Guide, now including information about how to make SUSE Cloud highly available. References to non-security issues fixed by this update: * crowbar-barclamp-ceph: Recipe fails if libvirt is available but not started. (bnc#861551) * crowbar-barclamp-crowbar: Add crowbar_reset* scripts as unsupported workarounds for bricked proposals. (bnc#840255) * crowbar-barclamp-neutron: Make sure that the VLAN range is valid. (bnc#870898) * crowbar-barclamp-nova: Use neutron dhcp_domain in nova.conf. (bnc#865733) * crowbar-barclamp-nova: Recipe fails if libvirt is available but not started. (bnc#861551) * mongodb: Tell logrotate about log file ownership. (bnc#863719) * mongodb: Avoid hitting virtual memory limits with mmaps. (bnc#876326) * openstack-neutron: Fixes an issue where Neutron wouldn't reconnect to DB after fail-over. (bnc#872361) * openstack-nova: Fixes an issue where Nova wouldn't reconnect to DB after fail-over. (bnc#872361) * openstack-suse: Remove case of magic sed'ing that breaks OpenStack. (bnc#871199) * openstack-suse: Drop eventlet_backdoor.py and it's sole usage in oslo-incubator code. (bnc#847189) * python-amqp: Set TIMEOUT and KEEPALIVE values for TCP sockets in the amqp library. (bnc#872700) * yast2-crowbar: Added HA repositories. (bnc#870175) References to security issues fixed by this update: * openstack-dashboard: Introduces escaping in Horizon/Orchestration. (bnc#871855, CVE-2014-0157) * openstack-keystone: Sanitizes authentication methods received in requests. (bnc#873127, CVE-2014-2828) * openstack-neutron: Prevent cross plugging router ports from other tenants (bnc#869570, CVE-2014-0056) * openstack-nova: Add RBAC policy for ec2 API security groups calls. (bnc#872116, CVE-2014-0167) * openstack-nova: Persist image format to a file, to prevent attacks based on changing it. (bnc#869078, CVE-2014-0134) For a comprehensive list of changes and bugs fixed by this update, please refer to the packages' change log. Security Issues: * CVE-2014-0157 * CVE-2014-2828 * CVE-2014-0056 * CVE-2014-0167 * CVE-2014-0134 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-cloud3-ha-201405-9200 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64) [New Version: 0.2.6,2.3.4,2.5.2,2013.2.3.dev1.g54ec015,2013.2.3.dev38.g1b9ceaf,2013.2.4.dev10.g155262c,2013.2.4.dev2.ge7c2987 and 2013.2.4.dev3.gd7b0634]: haproxy-1.4.24-0.9.2 mongodb-2.4.3-0.13.1 openstack-ceilometer-2013.2.4.dev3.gd7b0634-0.9.1 openstack-ceilometer-agent-central-2013.2.4.dev3.gd7b0634-0.9.1 openstack-ceilometer-agent-compute-2013.2.4.dev3.gd7b0634-0.9.1 openstack-ceilometer-alarm-evaluator-2013.2.4.dev3.gd7b0634-0.9.1 openstack-ceilometer-alarm-notifier-2013.2.4.dev3.gd7b0634-0.9.1 openstack-ceilometer-api-2013.2.4.dev3.gd7b0634-0.9.1 openstack-ceilometer-collector-2013.2.4.dev3.gd7b0634-0.9.1 openstack-dashboard-2013.2.3.dev1.g54ec015-0.7.3 openstack-keystone-2013.2.4.dev2.ge7c2987-0.7.3 openstack-neutron-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-dhcp-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-ha-tool-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-l3-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-lbaas-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-linuxbridge-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-metadata-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-metering-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-mlnx-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-nec-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-openvswitch-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-plugin-cisco-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-ryu-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-server-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-vmware-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-neutron-vpn-agent-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-nova-2013.2.4.dev10.g155262c-0.7.3 openstack-nova-api-2013.2.4.dev10.g155262c-0.7.3 openstack-nova-cells-2013.2.4.dev10.g155262c-0.7.3 openstack-nova-cert-2013.2.4.dev10.g155262c-0.7.3 openstack-nova-compute-2013.2.4.dev10.g155262c-0.7.3 openstack-nova-conductor-2013.2.4.dev10.g155262c-0.7.3 openstack-nova-console-2013.2.4.dev10.g155262c-0.7.3 openstack-nova-consoleauth-2013.2.4.dev10.g155262c-0.7.3 openstack-nova-novncproxy-2013.2.4.dev10.g155262c-0.7.3 openstack-nova-objectstore-2013.2.4.dev10.g155262c-0.7.3 openstack-nova-scheduler-2013.2.4.dev10.g155262c-0.7.3 openstack-nova-vncproxy-2013.2.4.dev10.g155262c-0.7.3 patterns-cloud-20140224-0.21.2 python-amqp-1.2.0-0.9.1 python-ceilometer-2013.2.4.dev3.gd7b0634-0.9.1 python-heatclient-0.2.6-0.7.2 python-heatclient-doc-0.2.6-0.7.2 python-horizon-2013.2.3.dev1.g54ec015-0.7.3 python-keystone-2013.2.4.dev2.ge7c2987-0.7.3 python-neutron-2013.2.3.dev38.g1b9ceaf-0.7.3 python-neutronclient-2.3.4-0.7.3 python-nova-2013.2.4.dev10.g155262c-0.7.3 python-psycopg2-2.5.2-0.7.2 rubygem-bson-1_9-1.9.2-0.7.2 rubygem-mongo-1.9.2-0.7.2 - SUSE Cloud 3 (noarch) [New Version: 2.17.35,2013.2.3.dev38.g1b9ceaf,2013.2.4.dev10.g155262c,2013.2.4.dev2.ge7c2987 and 2013.2.4.dev3.gd7b0634]: crowbar-1.7+git.1393415366.c7d7ed2-0.9.1 crowbar-barclamp-ceilometer-1.7+git.1397725532.6562e99-0.11.1 crowbar-barclamp-ceph-1.7+git.1394531703.94bc662-0.7.4 crowbar-barclamp-cinder-1.7+git.1397563537.c0e3c1f-0.7.4 crowbar-barclamp-crowbar-1.7+git.1397546986.0138729-0.7.5 crowbar-barclamp-database-1.7+git.1398437917.4d9d949-0.7.4 crowbar-barclamp-deployer-1.7+git.1395841488.9bd9b18-0.7.4 crowbar-barclamp-dns-1.7+git.1395139533.d8065e0-0.7.4 crowbar-barclamp-glance-1.7+git.1397563542.7f7adbd-0.7.4 crowbar-barclamp-heat-1.7+git.1397563528.5365573-0.7.4 crowbar-barclamp-ipmi-1.7+git.1394447661.823417e-0.7.4 crowbar-barclamp-keystone-1.7+git.1397563548.5e1f6f4-0.7.4 crowbar-barclamp-logging-1.7+git.1394447795.1352678-0.7.4 crowbar-barclamp-network-1.7+git.1397462393.b75b4a2-0.7.4 crowbar-barclamp-neutron-1.7+git.1399280715.7a6d30c-0.7.1 crowbar-barclamp-nfs_client-1.7+git.1394448673.eec60d0-0.7.4 crowbar-barclamp-nova-1.7+git.1397563532.b0a2cf3-0.7.4 crowbar-barclamp-nova_dashboard-1.7+git.1397195786.72f875c-0.7.4 crowbar-barclamp-ntp-1.7+git.1394526594.bd0925a-0.7.4 crowbar-barclamp-pacemaker-1.7+git.1399292086.c9d262e-0.7.1 crowbar-barclamp-provisioner-1.7+git.1398437839.2078a3c-0.7.1 crowbar-barclamp-rabbitmq-1.7+git.1398437927.2b9a534-0.7.4 crowbar-barclamp-suse-manager-client-1.7+git.1394449068.c91f840-0.7.4 crowbar-barclamp-swift-1.7+git.1398348658.e9aadc4-0.7.4 crowbar-barclamp-updater-1.7+git.1394449074.c15a84e-0.7.4 openstack-ceilometer-doc-2013.2.4.dev3.gd7b0634-0.9.1 openstack-keystone-doc-2013.2.4.dev2.ge7c2987-0.7.3 openstack-neutron-doc-2013.2.3.dev38.g1b9ceaf-0.7.3 openstack-nova-doc-2013.2.4.dev10.g155262c-0.7.3 openstack-resource-agents-1.0+git.1392632006.9b9b934-0.7.2 openstack-suse-sudo-2013.2-0.11.2 susecloud-admin_en-pdf-3.0-0.34.1 susecloud-deployment_en-pdf-3.0-0.34.1 susecloud-manuals_en-3.0-0.34.1 susecloud-user_en-pdf-3.0-0.34.1 yast2-crowbar-2.17.35-0.7.2 References: http://support.novell.com/security/cve/CVE-2014-0056.html http://support.novell.com/security/cve/CVE-2014-0134.html http://support.novell.com/security/cve/CVE-2014-0157.html http://support.novell.com/security/cve/CVE-2014-0167.html http://support.novell.com/security/cve/CVE-2014-2828.html https://bugzilla.novell.com/840255 https://bugzilla.novell.com/847189 https://bugzilla.novell.com/861551 https://bugzilla.novell.com/863719 https://bugzilla.novell.com/865733 https://bugzilla.novell.com/869078 https://bugzilla.novell.com/869570 https://bugzilla.novell.com/870175 https://bugzilla.novell.com/870898 https://bugzilla.novell.com/871199 https://bugzilla.novell.com/871855 https://bugzilla.novell.com/872116 https://bugzilla.novell.com/872361 https://bugzilla.novell.com/872700 https://bugzilla.novell.com/872915 https://bugzilla.novell.com/873127 https://bugzilla.novell.com/874171 https://bugzilla.novell.com/874611 https://bugzilla.novell.com/874755 https://bugzilla.novell.com/876326 http://download.suse.com/patch/finder/?keywords=6b6c2ab2019cacb05895c4274ff8b7b3 From sle-updates at lists.suse.com Thu May 15 11:10:24 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 19:10:24 +0200 (CEST) Subject: SUSE-RU-2014:0657-1: Recommended update for rabbitmq-server Message-ID: <20140515171024.1C4E8320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0657-1 Rating: low References: #875504 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rabbitmq-server provides the following non-security-fixes: * Use the wrapper function to call rabbitmqctl for stop, so that we interpret correctly the exit code. * Accept 1 as valid exit code from "rabbitmqctl status". Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-rabbitmq-server-9178 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64): rabbitmq-server-2.8.7-0.9.2 References: https://bugzilla.novell.com/875504 http://download.suse.com/patch/finder/?keywords=aad1253e91b55d44f46241396165643a From sle-updates at lists.suse.com Thu May 15 11:10:39 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 19:10:39 +0200 (CEST) Subject: SUSE-RU-2014:0658-1: Recommended update for python-SQLAlchemy Message-ID: <20140515171039.2F6B5320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-SQLAlchemy ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0658-1 Rating: low References: #875509 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-SQLAlchemy provides enhancements for detecting disconnects with psycopg2. Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-python-SQLAlchemy-9172 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64): python-SQLAlchemy-0.7.10-0.11.1 References: https://bugzilla.novell.com/875509 http://download.suse.com/patch/finder/?keywords=b1a4cd850d444a118f07bc8e6adf90ca From sle-updates at lists.suse.com Thu May 15 11:10:54 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 19:10:54 +0200 (CEST) Subject: SUSE-SU-2014:0659-1: Security update for erlang Message-ID: <20140515171054.1A1DB320F2@maintenance.suse.de> SUSE Security Update: Security update for erlang ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0659-1 Rating: low References: #861573 Cross-References: CVE-2014-1693 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes a command injection vulnerability in Erlang's ftp module. Security Issues: * CVE-2014-1693 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-erlang-9176 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64): erlang-R14B-0.14.3 References: http://support.novell.com/security/cve/CVE-2014-1693.html https://bugzilla.novell.com/861573 http://download.suse.com/patch/finder/?keywords=1f64008367f8d9cf388281f16249085c From sle-updates at lists.suse.com Thu May 15 12:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 20:04:13 +0200 (CEST) Subject: SUSE-RU-2014:0660-1: moderate: Recommended update for SUSE Manager Server 1.7 Message-ID: <20140515180413.5C342320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 1.7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0660-1 Rating: moderate References: #775243 #823853 #849119 #849333 #852582 #853317 #854461 #859637 #859762 #862043 #862406 #863396 #864028 #864787 #865141 #865934 #866045 #866490 #870415 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has 19 recommended fixes can now be installed. It includes 9 new package versions. Description: This collective update for SUSE Manager 1.7 provides the following fixes and enhancements: nocpulse-common: * Rotate root owned logfiles as user nocpulse but do not compress rotated files. * Rotate log files with correct permissions. (bnc#863396) spacewalk-backend: * reposync: Remove interrupted downloads. (bnc#866490) * spacewalk-debug: Dereference links. (bnc#865934) * Inter server sync: Export also errata's severity. * Allow CVE-IDs with more than 13 chars to support new CVE-ID syntax. spacewalk-certs-tools: * bootstrap: Disable local yum repositories on RHEL systems. (bnc#864787) spacewalk-java: * Propose cloned children as compatible. (bnc#866045) * Propose children correctly if old and new are equal. (bnc#866045) * Fail if rhnPackage.path is NULL. (bnc#862043) * Use rhnPackage.path as rhnErrataFile.filename like Perl does. (bnc#862043) * Delete outdated repo-sync schedules. (bnc#865141) * Do not offer compatible child channel if not unique (when changing base channel). (bnc#849119) * Improve error handling when deleting a channel. (bnc#865141) * Fix (virt) system icons on system group pages. (bnc#854461) * For clones, extend search for update tag to original channels. (bnc#864028) * Transfer the origin's update tag to any cloned channels. (bnc#864028) * Fix cloned channels not available for SP migration. (bnc#852582) * Fix GMT+3 timezone missing. (bnc#862406) * SUSE Studio endpoint stops working via unencrypted HTTP. (bnc#859762) * Increase column length for CVE IDs to support new CVE ID syntax. * Fix CVE URL in updateinfo references. (bnc#859637) * Use hostname or address in log messages instead of system.name. * New config option for using the hostname to connect via ssh push. (bnc#853317) spacewalk-setup-jabberd: * s2s: Enable resolve-ipv6. spacewalk-web: * Fail if rhnPackage.path is NULL. (bnc#862043) * Make sure not to submit the placeholder as a password. (bnc#823853) * Set 0 (false) as the default for 'ssh_push_use_hostname'. (bnc#853317) susemanager-jsp_en: * Link static dir into every book of the set. (bnc#775243) susemanager-schema: * Fix GMT+3 timezone missing. (bnc#862406) * Increase length of rhnCVE name column to support new CVE ID syntax. susemanager: * Fix typo in bootstrap data. (bnc#870415) * Fix crash inside of mgr_register. * Add option --from-mirror to download RPMs from an alternative mirror. * Catch SyntaxError in registration server response. (bnc#849333) * Added more packages to the SLE 11 bootstrap repository. supportutils-plugin-susemanager: * Add SUSE Manager Server plugin for supportconfig. How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema with spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-suse-manager-201404-9094 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64) [New Version: 1.2.2,1.7.28 and 1.7.38.32]: smdba-1.2.2-0.14.14.1 spacewalk-backend-1.7.38.32-0.5.1 spacewalk-backend-app-1.7.38.32-0.5.1 spacewalk-backend-applet-1.7.38.32-0.5.1 spacewalk-backend-config-files-1.7.38.32-0.5.1 spacewalk-backend-config-files-common-1.7.38.32-0.5.1 spacewalk-backend-config-files-tool-1.7.38.32-0.5.1 spacewalk-backend-iss-1.7.38.32-0.5.1 spacewalk-backend-iss-export-1.7.38.32-0.5.1 spacewalk-backend-libs-1.7.38.32-0.5.1 spacewalk-backend-package-push-server-1.7.38.32-0.5.1 spacewalk-backend-server-1.7.38.32-0.5.1 spacewalk-backend-sql-1.7.38.32-0.5.1 spacewalk-backend-sql-oracle-1.7.38.32-0.5.1 spacewalk-backend-sql-postgresql-1.7.38.32-0.5.1 spacewalk-backend-tools-1.7.38.32-0.5.1 spacewalk-backend-xml-export-libs-1.7.38.32-0.5.1 spacewalk-backend-xmlrpc-1.7.38.32-0.5.1 spacewalk-backend-xp-1.7.38.32-0.5.1 susemanager-1.7.28-0.5.2 susemanager-tools-1.7.28-0.5.2 - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.0.6,1.7.28.21,1.7.3.12,1.7.54.31,1.7.56.23 and 2.2.4.3]: nocpulse-common-2.2.4.3-0.5.1 sm-network-discovery-0.1-0.10.10.1 sm-network-discovery-client-0.1-0.10.10.1 spacewalk-base-1.7.28.21-0.5.1 spacewalk-base-minimal-1.7.28.21-0.5.1 spacewalk-certs-tools-1.7.3.12-0.5.1 spacewalk-grail-1.7.28.21-0.5.1 spacewalk-html-1.7.28.21-0.5.1 spacewalk-java-1.7.54.31-0.5.1 spacewalk-java-config-1.7.54.31-0.5.1 spacewalk-java-lib-1.7.54.31-0.5.1 spacewalk-java-oracle-1.7.54.31-0.5.1 spacewalk-java-postgresql-1.7.54.31-0.5.1 spacewalk-pxt-1.7.28.21-0.5.1 spacewalk-setup-jabberd-1.7.0.6-0.5.1 spacewalk-sniglets-1.7.28.21-0.5.1 spacewalk-taskomatic-1.7.54.31-0.5.1 supportutils-plugin-susemanager-1.0.2-0.5.1 susemanager-jsp_en-1.7-0.23.23.2 susemanager-schema-1.7.56.23-0.5.1 References: https://bugzilla.novell.com/775243 https://bugzilla.novell.com/823853 https://bugzilla.novell.com/849119 https://bugzilla.novell.com/849333 https://bugzilla.novell.com/852582 https://bugzilla.novell.com/853317 https://bugzilla.novell.com/854461 https://bugzilla.novell.com/859637 https://bugzilla.novell.com/859762 https://bugzilla.novell.com/862043 https://bugzilla.novell.com/862406 https://bugzilla.novell.com/863396 https://bugzilla.novell.com/864028 https://bugzilla.novell.com/864787 https://bugzilla.novell.com/865141 https://bugzilla.novell.com/865934 https://bugzilla.novell.com/866045 https://bugzilla.novell.com/866490 https://bugzilla.novell.com/870415 http://download.suse.com/patch/finder/?keywords=fd81a68f6d2be31894f18e9b4ca3c96e From sle-updates at lists.suse.com Thu May 15 13:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 21:04:10 +0200 (CEST) Subject: SUSE-RU-2014:0661-1: important: Recommended update for timezone Message-ID: <20140515190410.A8E4E320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0661-1 Rating: important References: #870375 #871594 #877535 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update provides the latest timezone information for your system. The changes in detail are: * Egypt observes DST starting 2014-05-15 at 24:00 * Crimea switched to Moscow time on 2014-03-30 at 02:00 local time * New entry for Troll Station, Antarctica. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-timezone-2014c-9244 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-timezone-2014c-9244 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-timezone-2014c-9244 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-timezone-2014c-9246 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-timezone-2014c-9247 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-timezone-2014c-9244 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 2014c]: timezone-java-2014c-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2014c]: timezone-2014c-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2014c]: timezone-java-2014c-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2014c]: timezone-2014c-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2014c]: timezone-java-2014c-0.3.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 2014c]: timezone-2014c-0.3.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (noarch) [New Version: 2014c]: timezone-java-2014c-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2014c]: timezone-2014c-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch) [New Version: 2014c]: timezone-java-2014c-0.3.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 2014c]: timezone-2014c-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 2014c]: timezone-2014c-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2014c]: timezone-2014c-0.3.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2014c]: timezone-java-2014c-0.3.1 References: https://bugzilla.novell.com/870375 https://bugzilla.novell.com/871594 https://bugzilla.novell.com/877535 http://download.suse.com/patch/finder/?keywords=23737848a23c0167702d68d47205119d http://download.suse.com/patch/finder/?keywords=6e4260672d184acce4e6e2d453a4cb83 http://download.suse.com/patch/finder/?keywords=83c95b58c7ef3b6f92b2baafa8237b68 http://download.suse.com/patch/finder/?keywords=86c52e0a7e771d0b5cf1f77cfc58ecf6 http://download.suse.com/patch/finder/?keywords=99a54c8e2dd7622c9b052e3fe0aa6383 From sle-updates at lists.suse.com Thu May 15 15:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 May 2014 23:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0662-1: moderate: Recommended update for python-dmidecode Message-ID: <20140515210412.7E4E5320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-dmidecode ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0662-1 Rating: moderate References: #852137 Affected Products: SUSE Manager Client Tools for SLE 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-dmidecode fixes an "Illegal instruction" exception that could occur on systems under heavy memory load. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP2: zypper in -t patch slesctsp2-python-dmidecode-9166 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP2 (i586 ia64 ppc64 s390x x86_64): python-dmidecode-3.10.11-0.12.1 References: https://bugzilla.novell.com/852137 http://download.suse.com/patch/finder/?keywords=784d12cf74a3efe97a62041b3d1e83a4 From sle-updates at lists.suse.com Thu May 15 17:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 May 2014 01:04:14 +0200 (CEST) Subject: SUSE-RU-2014:0663-1: Recommended update for yast2 Message-ID: <20140515230415.184A7320A4@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0663-1 Rating: low References: #868483 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for YaST2 improves the check for a running chef-client to avoid false positives. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-yast2-9081 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-yast2-9081 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-yast2-9081 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-yast2-9081 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.135]: yast2-devel-doc-2.17.135-0.7.6 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.17.135]: yast2-2.17.135-0.7.6 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.135]: yast2-2.17.135-0.7.6 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.17.135]: yast2-2.17.135-0.7.6 References: https://bugzilla.novell.com/868483 http://download.suse.com/patch/finder/?keywords=669fc1afd1e45f6dfad5947220e06777 From sle-updates at lists.suse.com Thu May 15 17:04:32 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 May 2014 01:04:32 +0200 (CEST) Subject: SUSE-RU-2014:0664-1: Recommended update for release-notes-suse-cloud Message-ID: <20140515230432.70CE7320A4@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-suse-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0664-1 Rating: low References: #834046 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest version of the Release Notes for SUSE Cloud 3 with additions for HA-support. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-release-notes-suse-cloud-9231 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (noarch) [New Version: 3.0.2]: release-notes-suse-cloud-3.0.2-0.7.2 References: https://bugzilla.novell.com/834046 http://download.suse.com/patch/finder/?keywords=f04f6107a16039c324767bfbc19c8cd5 From sle-updates at lists.suse.com Thu May 15 18:04:16 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 May 2014 02:04:16 +0200 (CEST) Subject: SUSE-SU-2014:0638-2: important: Security update for Mozilla Firefox Message-ID: <20140516000416.28338320D9@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0638-2 Rating: important References: #865539 #869827 #875378 #875803 Cross-References: CVE-2014-1518 CVE-2014-1520 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes three new package versions. Description: This MozillaFirefox and mozilla-nss update fixes several security and non-security issues. MozillaFirefox has been updated to version 24.5.0esr which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to version 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. Security Issue references: * CVE-2014-1532 * CVE-2014-1531 * CVE-2014-1530 * CVE-2014-1529 * CVE-2014-1524 * CVE-2014-1523 * CVE-2014-1520 * CVE-2014-1518 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-MozillaFirefox-201404-9186 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 24.5.0esr,3.16 and 4.10.4]: MozillaFirefox-24.5.0esr-0.3.1 MozillaFirefox-branding-SLED-24-0.4.10.14 MozillaFirefox-translations-24.5.0esr-0.3.1 libfreebl3-3.16-0.3.1 mozilla-nspr-4.10.4-0.3.1 mozilla-nspr-devel-4.10.4-0.3.1 mozilla-nss-3.16-0.3.1 mozilla-nss-devel-3.16-0.3.1 mozilla-nss-tools-3.16-0.3.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 3.16 and 4.10.4]: libfreebl3-32bit-3.16-0.3.1 mozilla-nspr-32bit-4.10.4-0.3.1 mozilla-nss-32bit-3.16-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-1518.html http://support.novell.com/security/cve/CVE-2014-1520.html http://support.novell.com/security/cve/CVE-2014-1523.html http://support.novell.com/security/cve/CVE-2014-1524.html http://support.novell.com/security/cve/CVE-2014-1529.html http://support.novell.com/security/cve/CVE-2014-1530.html http://support.novell.com/security/cve/CVE-2014-1531.html http://support.novell.com/security/cve/CVE-2014-1532.html https://bugzilla.novell.com/865539 https://bugzilla.novell.com/869827 https://bugzilla.novell.com/875378 https://bugzilla.novell.com/875803 http://download.suse.com/patch/finder/?keywords=147e419c487f42538a6cd744c37b1186 From sle-updates at lists.suse.com Thu May 15 18:05:04 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 May 2014 02:05:04 +0200 (CEST) Subject: SUSE-SU-2014:0665-1: important: Security update for Mozilla Firefox Message-ID: <20140516000504.1B277320D9@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0665-1 Rating: important References: #865539 #869827 #875378 Cross-References: CVE-2014-1492 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes four new package versions. Description: This Mozilla Firefox and Mozilla NSS update fixes several security and non-security issues. Mozilla Firefox has been updated to 24.5.0esr which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. Security Issue references: * CVE-2014-1532 * CVE-2014-1531 * CVE-2014-1530 * CVE-2014-1529 * CVE-2014-1524 * CVE-2014-1523 * CVE-2014-1518 * CVE-2014-1492 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-MozillaFirefox-201404-9187 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 24,24.5.0esr,3.16 and 4.10.4]: MozillaFirefox-24.5.0esr-0.3.1 MozillaFirefox-branding-SLED-24-0.4.10.14 MozillaFirefox-translations-24.5.0esr-0.3.1 libfreebl3-3.16-0.3.1 mozilla-nspr-4.10.4-0.3.1 mozilla-nss-3.16-0.3.1 mozilla-nss-tools-3.16-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.16 and 4.10.4]: libfreebl3-32bit-3.16-0.3.1 mozilla-nspr-32bit-4.10.4-0.3.1 mozilla-nss-32bit-3.16-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-1492.html http://support.novell.com/security/cve/CVE-2014-1518.html http://support.novell.com/security/cve/CVE-2014-1523.html http://support.novell.com/security/cve/CVE-2014-1524.html http://support.novell.com/security/cve/CVE-2014-1529.html http://support.novell.com/security/cve/CVE-2014-1530.html http://support.novell.com/security/cve/CVE-2014-1531.html http://support.novell.com/security/cve/CVE-2014-1532.html https://bugzilla.novell.com/865539 https://bugzilla.novell.com/869827 https://bugzilla.novell.com/875378 http://download.suse.com/patch/finder/?keywords=02d70d3c9e25d9db60e36b3f80b0bc27 From sle-updates at lists.suse.com Thu May 15 18:05:43 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 May 2014 02:05:43 +0200 (CEST) Subject: SUSE-RU-2014:0666-1: moderate: Recommended update for ZMD Message-ID: <20140516000543.80A1A320D9@maintenance.suse.de> SUSE Recommended Update: Recommended update for ZMD ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0666-1 Rating: moderate References: #719869 #722339 #723034 #731031 #751782 #754502 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: ZMD was updated to roll in fixes already done in SUSE Linux Enterprise 10 SP4 branch, and to enable the usage of the current nu.novell.com certificates. ZMD was switched to use /etc/ssl/certs as trust storage. (bnc#723034) Various SSL certificate handling issues were fixed as follows: * Skip password protected or invalid PKCS12 certificates. (bnc#751782) * Skip invalid SPC certificates. (bnc#754502) * Skip broken certificates. (bnc#751782) Bugs in the logrotate scripts were fixed. (bnc#719869) ZMD now also retrieves and handles susedata.xml.gz. (bnc#722339) Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): zmd-7.3.0.0-0.20.63 zmd-devel-7.3.0.0-0.20.63 References: https://bugzilla.novell.com/719869 https://bugzilla.novell.com/722339 https://bugzilla.novell.com/723034 https://bugzilla.novell.com/731031 https://bugzilla.novell.com/751782 https://bugzilla.novell.com/754502 http://download.suse.com/patch/finder/?keywords=5e1ee6c9be87e053f69b91d3a1ac24a4 From sle-updates at lists.suse.com Thu May 15 19:04:17 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 May 2014 03:04:17 +0200 (CEST) Subject: SUSE-SU-2014:0667-1: important: Security update for Linux Kernel Message-ID: <20140516010417.34B52320D9@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0667-1 Rating: important References: #875690 #875798 Cross-References: CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the following severe security issues: * CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-1738: The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (bnc#875690) Security Issues references: * CVE-2014-0196 * CVE-2014-1737 * CVE-2014-1738 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel-9233 slessp3-kernel-9237 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel-9233 slessp3-kernel-9234 slessp3-kernel-9235 slessp3-kernel-9236 slessp3-kernel-9237 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel-9233 slehasp3-kernel-9234 slehasp3-kernel-9235 slehasp3-kernel-9236 slehasp3-kernel-9237 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel-9233 sledsp3-kernel-9237 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.29.1 kernel-default-base-3.0.101-0.29.1 kernel-default-devel-3.0.101-0.29.1 kernel-source-3.0.101-0.29.1 kernel-syms-3.0.101-0.29.1 kernel-trace-3.0.101-0.29.1 kernel-trace-base-3.0.101-0.29.1 kernel-trace-devel-3.0.101-0.29.1 kernel-xen-devel-3.0.101-0.29.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.29.1 kernel-pae-base-3.0.101-0.29.1 kernel-pae-devel-3.0.101-0.29.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.29.1 kernel-default-base-3.0.101-0.29.1 kernel-default-devel-3.0.101-0.29.1 kernel-source-3.0.101-0.29.1 kernel-syms-3.0.101-0.29.1 kernel-trace-3.0.101-0.29.1 kernel-trace-base-3.0.101-0.29.1 kernel-trace-devel-3.0.101-0.29.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.29.1 kernel-ec2-base-3.0.101-0.29.1 kernel-ec2-devel-3.0.101-0.29.1 kernel-xen-3.0.101-0.29.1 kernel-xen-base-3.0.101-0.29.1 kernel-xen-devel-3.0.101-0.29.1 xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.29.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.29.1 kernel-ppc64-base-3.0.101-0.29.1 kernel-ppc64-devel-3.0.101-0.29.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.29.1 kernel-pae-base-3.0.101-0.29.1 kernel-pae-devel-3.0.101-0.29.1 xen-kmp-pae-4.2.4_02_3.0.101_0.29-0.7.24 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.29-2.27.63 cluster-network-kmp-trace-1.4_3.0.101_0.29-2.27.63 gfs2-kmp-default-2_3.0.101_0.29-0.16.69 gfs2-kmp-trace-2_3.0.101_0.29-0.16.69 ocfs2-kmp-default-1.6_3.0.101_0.29-0.20.63 ocfs2-kmp-trace-1.6_3.0.101_0.29-0.20.63 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.29-2.27.63 gfs2-kmp-xen-2_3.0.101_0.29-0.16.69 ocfs2-kmp-xen-1.6_3.0.101_0.29-0.20.63 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.29-2.27.63 gfs2-kmp-ppc64-2_3.0.101_0.29-0.16.69 ocfs2-kmp-ppc64-1.6_3.0.101_0.29-0.20.63 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.29-2.27.63 gfs2-kmp-pae-2_3.0.101_0.29-0.16.69 ocfs2-kmp-pae-1.6_3.0.101_0.29-0.20.63 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.29.1 kernel-default-base-3.0.101-0.29.1 kernel-default-devel-3.0.101-0.29.1 kernel-default-extra-3.0.101-0.29.1 kernel-source-3.0.101-0.29.1 kernel-syms-3.0.101-0.29.1 kernel-trace-devel-3.0.101-0.29.1 kernel-xen-3.0.101-0.29.1 kernel-xen-base-3.0.101-0.29.1 kernel-xen-devel-3.0.101-0.29.1 kernel-xen-extra-3.0.101-0.29.1 xen-kmp-default-4.2.4_02_3.0.101_0.29-0.7.24 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.29.1 kernel-pae-base-3.0.101-0.29.1 kernel-pae-devel-3.0.101-0.29.1 kernel-pae-extra-3.0.101-0.29.1 xen-kmp-pae-4.2.4_02_3.0.101_0.29-0.7.24 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.29.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.29.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.29.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.29.1 References: http://support.novell.com/security/cve/CVE-2014-0196.html http://support.novell.com/security/cve/CVE-2014-1737.html http://support.novell.com/security/cve/CVE-2014-1738.html https://bugzilla.novell.com/875690 https://bugzilla.novell.com/875798 http://download.suse.com/patch/finder/?keywords=0a2dcb948e608bd43076195098633c81 http://download.suse.com/patch/finder/?keywords=274275aae87b7f5717f22fbbcefc8d6c http://download.suse.com/patch/finder/?keywords=74a759a760793246603bb46c1f236d66 http://download.suse.com/patch/finder/?keywords=843a01b2e875a9432b273760df408cf6 http://download.suse.com/patch/finder/?keywords=92be4af46975d1cbad507b6d3ff3a1b0 http://download.suse.com/patch/finder/?keywords=9a4b69a3f37b4e66442334473595bfb3 http://download.suse.com/patch/finder/?keywords=e8725e10de339002adb8d4cccd0ec112 http://download.suse.com/patch/finder/?keywords=f07cfd49365f51f26faddaf62d0a2652 http://download.suse.com/patch/finder/?keywords=f83b1e3a46f672548bf90e07d1b9554b http://download.suse.com/patch/finder/?keywords=fbbbacd1258eed8745c184e7d6e9eddb From sle-updates at lists.suse.com Fri May 16 16:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 May 2014 00:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0662-2: moderate: Recommended update for python-dmidecode Message-ID: <20140516220412.230F532148@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-dmidecode ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0662-2 Rating: moderate References: #852137 Affected Products: SUSE Manager Client Tools for SLE 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-dmidecode fixes an "Illegal instruction" exception that could occur on systems under heavy memory load. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP3: zypper in -t patch slesctsp3-python-dmidecode-9168 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-dmidecode-9168 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-dmidecode-9168 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-python-dmidecode-9168 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-dmidecode-3.10.11-0.12.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): python-dmidecode-3.10.11-0.12.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-dmidecode-3.10.11-0.12.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): python-dmidecode-3.10.11-0.12.1 References: https://bugzilla.novell.com/852137 http://download.suse.com/patch/finder/?keywords=e0b741629d588d385767e533d010c347 From sle-updates at lists.suse.com Fri May 16 17:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 May 2014 01:04:13 +0200 (CEST) Subject: SUSE-SU-2014:0670-1: Security update for file Message-ID: <20140516230413.D6D41320A4@maintenance.suse.de> SUSE Security Update: Security update for file ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0670-1 Rating: low References: #863450 #866750 Cross-References: CVE-2014-2270 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The command line tool file(1) and its library libmagic have been updated to fix the following issues: * file(1) crashed when parsing some PE executables. (CVE-2014-2270, bnc#866750) * file(1) did not set return code on non-existing files. (bnc#863450) Security Issue reference: * CVE-2014-2270 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-file-9066 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-file-9066 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-file-9066 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-file-9066 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): file-devel-4.24-43.25.1 python-magic-4.24-43.25.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): file-4.24-43.25.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): file-32bit-4.24-43.25.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): file-4.24-43.25.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): file-32bit-4.24-43.25.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): file-x86-4.24-43.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): file-4.24-43.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): file-32bit-4.24-43.25.1 References: http://support.novell.com/security/cve/CVE-2014-2270.html https://bugzilla.novell.com/863450 https://bugzilla.novell.com/866750 http://download.suse.com/patch/finder/?keywords=16680a2740712d01132abedf7369f241 From sle-updates at lists.suse.com Fri May 16 18:05:25 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 May 2014 02:05:25 +0200 (CEST) Subject: SUSE-SU-2014:0671-1: important: Security update for flash-player Message-ID: <20140517000525.54DCC32148@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0671-1 Rating: important References: #877649 Cross-References: CVE-2014-0510 CVE-2014-0516 CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. It includes one version update. Description: Adobe flash-player was updated to version 11.2.202.359 to resolve several security issues: * Remote attackers could execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors. (CVE-2014-0510) * Remote attackers could bypass the Same Origin Policy via unspecified vectors. (CVE-2014-0516) * Bypass intended access restrictions via unspecified vectors. (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520) More information can be found at http://helpx.adobe.com/security/products/flash-player/apsb14-14.html . Security Issues references: * CVE-2014-0510 * CVE-2014-0516 * CVE-2014-0517 * CVE-2014-0518 * CVE-2014-0519 * CVE-2014-0520 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-9259 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.359]: flash-player-11.2.202.359-0.3.1 flash-player-gnome-11.2.202.359-0.3.1 flash-player-kde4-11.2.202.359-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-0510.html http://support.novell.com/security/cve/CVE-2014-0516.html http://support.novell.com/security/cve/CVE-2014-0517.html http://support.novell.com/security/cve/CVE-2014-0518.html http://support.novell.com/security/cve/CVE-2014-0519.html http://support.novell.com/security/cve/CVE-2014-0520.html https://bugzilla.novell.com/877649 http://download.suse.com/patch/finder/?keywords=e6f931e48dbfb5069e57b62247a09f7a From sle-updates at lists.suse.com Fri May 16 19:04:51 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 May 2014 03:04:51 +0200 (CEST) Subject: SUSE-RU-2014:0672-1: Recommended update for man-pages Message-ID: <20140517010451.7E83A3214F@maintenance.suse.de> SUSE Recommended Update: Recommended update for man-pages ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0672-1 Rating: low References: #659120 #782157 #833723 #835749 #870895 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for man-pages provides the following fixes: * fseek.3: Complete EINVAL return code description. * core.5: PID in core file name. * proc.5: Extend descriptions of /proc/[pid]/smaps fields. * pthread_attr_setaffinity_np.3: Fix function prototypes. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-man-pages-9211 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-man-pages-9211 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-man-pages-9211 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): man-pages-3.15-2.27.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): man-pages-3.15-2.27.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): man-pages-3.15-2.27.1 References: https://bugzilla.novell.com/659120 https://bugzilla.novell.com/782157 https://bugzilla.novell.com/833723 https://bugzilla.novell.com/835749 https://bugzilla.novell.com/870895 http://download.suse.com/patch/finder/?keywords=d9c544ae3f01491623f5cf33e048e3c6 From sle-updates at lists.suse.com Tue May 20 11:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 May 2014 19:04:12 +0200 (CEST) Subject: SUSE-SU-2014:0682-1: important: Security update for nagios-nrpe, nagios-nrpe-debuginfo, nagios-nrpe-debugsource, nagios-nrpe-doc, nagios-plugins-nrpe Message-ID: <20140520170412.BC0893205C@maintenance.suse.de> SUSE Security Update: Security update for nagios-nrpe, nagios-nrpe-debuginfo, nagios-nrpe-debugsource, nagios-nrpe-doc, nagios-plugins-nrpe ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0682-1 Rating: important References: #874743 Cross-References: CVE-2014-2913 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: nagios-nrpe has been updated to prevent possible remote command execution when command arguments are enabled. This issue affects versions 2.15 and older. Further information is available at http://seclists.org/fulldisclosure/2014/Apr/240 These security issues have been fixed: * Remote command execution (CVE-2014-2913) Security Issue references: * CVE-2014-2913 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-nagios-nrpe-9204 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-nagios-nrpe-9204 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): nagios-nrpe-2.12-24.4.10.1 nagios-nrpe-doc-2.12-24.4.10.1 nagios-plugins-nrpe-2.12-24.4.10.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): nagios-nrpe-2.12-24.4.10.1 nagios-nrpe-doc-2.12-24.4.10.1 nagios-plugins-nrpe-2.12-24.4.10.1 References: http://support.novell.com/security/cve/CVE-2014-2913.html https://bugzilla.novell.com/874743 http://download.suse.com/patch/finder/?keywords=5c4ec51db20294eb2e261a8c624a9f1d From sle-updates at lists.suse.com Tue May 20 11:04:34 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 May 2014 19:04:34 +0200 (CEST) Subject: SUSE-SU-2014:0683-1: important: Security update for Linux kernel Message-ID: <20140520170434.656B832065@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0683-1 Rating: important References: #875690 #875798 Cross-References: CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 Affected Products: SUSE Linux Enterprise Real Time Extension 11 SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel has been updated to fix two critical security issues. The following security bugs have been fixed: * CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-1738: The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (bnc#875690) Security Issue references: * CVE-2014-0196 * CVE-2014-1737 * CVE-2014-1738 Indications: Everyone using the Real Time Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11 SP3: zypper in -t patch slertesp3-kernel-9260 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11 SP3 (x86_64) [New Version: 3.0.101.rt130]: cluster-network-kmp-rt-1.4_3.0.101_rt130_0.16-2.27.65 cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.16-2.27.65 drbd-kmp-rt-8.4.4_3.0.101_rt130_0.16-0.22.31 drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.16-0.22.31 iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.16-0.38.50 iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.16-0.38.50 kernel-rt-3.0.101.rt130-0.16.1 kernel-rt-base-3.0.101.rt130-0.16.1 kernel-rt-devel-3.0.101.rt130-0.16.1 kernel-rt_trace-3.0.101.rt130-0.16.1 kernel-rt_trace-base-3.0.101.rt130-0.16.1 kernel-rt_trace-devel-3.0.101.rt130-0.16.1 kernel-source-rt-3.0.101.rt130-0.16.1 kernel-syms-rt-3.0.101.rt130-0.16.1 lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.16-0.11.45 lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.16-0.11.45 ocfs2-kmp-rt-1.6_3.0.101_rt130_0.16-0.20.65 ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.16-0.20.65 ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.16-0.13.56 ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.16-0.13.56 References: http://support.novell.com/security/cve/CVE-2014-0196.html http://support.novell.com/security/cve/CVE-2014-1737.html http://support.novell.com/security/cve/CVE-2014-1738.html https://bugzilla.novell.com/875690 https://bugzilla.novell.com/875798 http://download.suse.com/patch/finder/?keywords=cce936fb7796bd584f137b79a0cb3b04 From sle-updates at lists.suse.com Tue May 20 16:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 May 2014 00:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0684-1: important: Recommended update for OpenSSL Message-ID: <20140520220412.ED1493207C@maintenance.suse.de> SUSE Recommended Update: Recommended update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0684-1 Rating: important References: #875638 Affected Products: SLE CLIENT TOOLS 10 for x86_64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The latest openssl and openssl-certs packages released for SLES 10-SP4 LTSS have been pushed to SUSE Manager's Client Tools 10 update repository to ease bootstraping of SLES 10-SP4. These updates include the following fixes and enhancements: * The TLS/SSL library OpenSSL was updated to provide support for SSL X.509 certificate hashes sha256, sha384 and sha512, which become more common. The Novell Update servers that host updates for SUSE Linux Enterprise will switch to these certificates in the near future. * OpenSSL has been updated to fix an attack on ECDSA Nonces. Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could have been recovered. (CVE-2014-0076) * The openssl-certs package has been updated to match the certificates contained in the Mozilla NSS 3.15.4 release. Security Issue reference: * CVE-2014-0076 Package List: - SLE CLIENT TOOLS 10 for x86_64 (x86_64): openssl-0.9.8a-18.80.5 openssl-32bit-0.9.8a-18.80.5 openssl-devel-0.9.8a-18.80.5 openssl-devel-32bit-0.9.8a-18.80.5 openssl-doc-0.9.8a-18.80.5 - SLE CLIENT TOOLS 10 for x86_64 (noarch): openssl-certs-1.96-0.18.1 - SLE CLIENT TOOLS 10 for s390x (noarch): openssl-certs-1.96-0.18.1 - SLE CLIENT TOOLS 10 for s390x (s390x): openssl-0.9.8a-18.80.5 openssl-32bit-0.9.8a-18.80.5 openssl-devel-0.9.8a-18.80.5 openssl-devel-32bit-0.9.8a-18.80.5 openssl-doc-0.9.8a-18.80.5 - SLE CLIENT TOOLS 10 (noarch): openssl-certs-1.96-0.18.1 - SLE CLIENT TOOLS 10 (i586): openssl-0.9.8a-18.80.5 openssl-devel-0.9.8a-18.80.5 openssl-doc-0.9.8a-18.80.5 References: http://support.novell.com/security/cve/CVE-2014-0076.html https://bugzilla.novell.com/875638 http://download.suse.com/patch/finder/?keywords=8e5c4e370d2b0280ab45760772f87e68 From sle-updates at lists.suse.com Tue May 20 17:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 May 2014 01:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0685-1: Recommended update for release-notes-sled Message-ID: <20140520230412.3B0F732085@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0685-1 Rating: low References: #873438 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for the Release Notes for SUSE Linux Enterprise Desktop 11 SP3 provides the following changes: * Cosmetic changes: delete now empty section; fix wording and typos. (bnc#873438) * New entry: X.Org: fbdev Used in UEFI Secure Boot Mode (ASpeed Chipset). (FATE#314487) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-release-notes-sled-9167 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 11.3.26]: release-notes-sled-11.3.26-0.7.1 References: https://bugzilla.novell.com/873438 http://download.suse.com/patch/finder/?keywords=d849941ca5aa5ace15d61c930ec0b0b5 From sle-updates at lists.suse.com Tue May 20 19:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 May 2014 03:04:12 +0200 (CEST) Subject: SUSE-SU-2014:0686-1: moderate: Security update for hawk Message-ID: <20140521010412.0A43A32085@maintenance.suse.de> SUSE Security Update: Security update for hawk ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0686-1 Rating: moderate References: #846239 #853625 #853627 #853632 #853633 #854060 Cross-References: CVE-2013-4389 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 Affected Products: SUSE Linux Enterprise High Availability Extension 11 SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: hawk has been updated to fix security issues in the embedded rubygems: * CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS vulnerability in the log subscriber component (bnc#846239) * CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS (bnc#853625). * CVE-2013-6414: rubygem-actionpack: Action View DoS (bnc#853633). * CVE-2013-6415: rubygem-actionpack: number_to_currency XSS (bnc#853632). * CVE-2013-6417: rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013-0155) (bnc#853627). Also a minor bug has been fixed: * Misc: hb_report: Catch ArgumentError when parsing hb_report output (bnc#854060) Security Issue references: * CVE-2013-4389 * CVE-2013-4491 * CVE-2013-6414 * CVE-2013-6415 * CVE-2013-6417 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-hawk-9208 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): hawk-0.6.1-0.17.1 hawk-templates-0.6.1-0.17.1 References: http://support.novell.com/security/cve/CVE-2013-4389.html http://support.novell.com/security/cve/CVE-2013-4491.html http://support.novell.com/security/cve/CVE-2013-6414.html http://support.novell.com/security/cve/CVE-2013-6415.html http://support.novell.com/security/cve/CVE-2013-6417.html https://bugzilla.novell.com/846239 https://bugzilla.novell.com/853625 https://bugzilla.novell.com/853627 https://bugzilla.novell.com/853632 https://bugzilla.novell.com/853633 https://bugzilla.novell.com/854060 http://download.suse.com/patch/finder/?keywords=3ee6b7518e2abed8cdf7d14760b0ab01 From sle-updates at lists.suse.com Tue May 20 19:05:30 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 May 2014 03:05:30 +0200 (CEST) Subject: SUSE-RU-2014:0687-1: Recommended update for release-notes-sles Message-ID: <20140521010531.010AE3208D@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0687-1 Rating: low References: #815356 #867969 #868654 #868656 #872172 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes one version update. Description: This update provides the latest version of the Release Notes for SUSE Linux Enterprise Server 11 SP3. * Fix profiling for the PDF of the SLES for VMware product (bnc#872172) * Updated entries: XFS Stack Overflow (bnc#815356); VMware link (bnc#867969) * Updated entries: Insecurity with XEN on some AMD Processors (bnc#872172) * New entry: WebSphere removed (FATE#314973) * Remove entry from the future (SLES 12) (bnc#868654) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-release-notes-sles-201404-9121 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-release-notes-sles-201404-9121 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 11.3.32]: release-notes-SLES-for-VMware-11.3.32-0.7.3 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 11.3.32]: release-notes-sles-11.3.32-0.7.3 References: https://bugzilla.novell.com/815356 https://bugzilla.novell.com/867969 https://bugzilla.novell.com/868654 https://bugzilla.novell.com/868656 https://bugzilla.novell.com/872172 http://download.suse.com/patch/finder/?keywords=066ec7496e99b1e3071eea1c55377f9f From sle-updates at lists.suse.com Tue May 20 21:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 May 2014 05:04:12 +0200 (CEST) Subject: SUSE-RU-2014:0688-1: Recommended update for yast2-slp-server Message-ID: <20140521030412.B64483208D@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-slp-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0688-1 Rating: low References: #291301 #825505 #868231 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update for yast2-slp-server provides the following fixes: * Fix configuration of the SLP service in SUSE Firewall. (bnc#825505) * Parse configuration file as case sensitive. (bnc#291301, bnc#868231) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-yast2-slp-server-9206 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-yast2-slp-server-9206 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-yast2-slp-server-9206 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 2.17.6]: yast2-slp-server-2.17.6-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2.17.6]: yast2-slp-server-2.17.6-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2.17.6]: yast2-slp-server-2.17.6-0.3.1 References: https://bugzilla.novell.com/291301 https://bugzilla.novell.com/825505 https://bugzilla.novell.com/868231 http://download.suse.com/patch/finder/?keywords=a8904b6e93075d47d3ba631d526eb2ce From sle-updates at lists.suse.com Tue May 20 21:04:51 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 May 2014 05:04:51 +0200 (CEST) Subject: SUSE-SU-2014:0689-1: moderate: Security update for Ruby Message-ID: <20140521030451.1C67432096@maintenance.suse.de> SUSE Security Update: Security update for Ruby ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0689-1 Rating: moderate References: #808137 Cross-References: CVE-2013-1821 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This Ruby update fixes the following security issue: * bnc#808137: Fixed entity expansion DoS vulnerability in REXML (CVE-2013-1821). Security Issue reference: * CVE-2013-1821 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-ruby-9136 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ruby-9136 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ruby-9136 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ruby-9136 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): ruby-devel-1.8.7.p357-0.9.15.1 ruby-doc-html-1.8.7.p357-0.9.15.1 ruby-doc-ri-1.8.7.p357-0.9.15.1 ruby-examples-1.8.7.p357-0.9.15.1 ruby-test-suite-1.8.7.p357-0.9.15.1 ruby-tk-1.8.7.p357-0.9.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ruby-1.8.7.p357-0.9.15.1 ruby-doc-html-1.8.7.p357-0.9.15.1 ruby-tk-1.8.7.p357-0.9.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ruby-1.8.7.p357-0.9.15.1 ruby-doc-html-1.8.7.p357-0.9.15.1 ruby-tk-1.8.7.p357-0.9.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ruby-1.8.7.p357-0.9.15.1 References: http://support.novell.com/security/cve/CVE-2013-1821.html https://bugzilla.novell.com/808137 http://download.suse.com/patch/finder/?keywords=5e56a8dbce9146f80eb1c8017375f96a From sle-updates at lists.suse.com Tue May 20 22:04:23 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 May 2014 06:04:23 +0200 (CEST) Subject: SUSE-RU-2014:0690-1: moderate: Recommended update for crash Message-ID: <20140521040423.A4B333208D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0690-1 Rating: moderate References: #829646 #839999 #841145 #847353 #849621 #854600 #861981 #864910 #874179 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This collective update for the Kdump stack provides the following fixes and enhancements: crash: * Fix display of the CPU number in back traces on systems with more than 255 cores. (bnc#847353) * Add support for kernel dumps from systems with 46-bit addressing enabled. (bnc#841145, FATE#316838) * Fix NMI backtrace for kernels patched to handle nested NMIs. (bnc#874179) kdump: * Unmount all filesystems prior to reboot. (bnc#849621) * Provide per-filesystem mount points in kdump environment. (bnc#839999) * Add disable_cpu_apicid for BSP to the crash kernel commandline. (bnc#861981) * Add NOSPLIT flag to disable makedumpfile split mode. (bnc#854600) * Add '-X' to makedumpfile when dumping a Xen host. (bnc#864910) makedumpfile: * Add support for kernel dumps on systems with 46-bit addressing enabled. (bnc#841145, FATE#316838) * Allow --dump-dmesg for Xen vmcores. (bnc#864910, bnc#829646) * Fix creation of kernel dumps on Xen systems. (bnc#864910, bnc#829646) * Calculate cyclic buffer size according to info->num_dumpfile. (bnc#854600) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-kdump-stack-201404-9183 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kdump-stack-201404-9183 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kdump-stack-201404-9183 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kdump-stack-201404-9183 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): crash-devel-6.0.7-0.16.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): crash-6.0.7-0.16.1 makedumpfile-1.5.1-0.15.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): crash-6.0.7-0.16.1 crash-sial-6.0.7-0.16.1 kdump-0.8.4-0.39.2 makedumpfile-1.5.1-0.15.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): crash-6.0.7-0.16.1 crash-sial-6.0.7-0.16.1 kdump-0.8.4-0.39.2 makedumpfile-1.5.1-0.15.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): kdump-0.8.4-0.39.2 makedumpfile-1.5.1-0.15.1 References: https://bugzilla.novell.com/829646 https://bugzilla.novell.com/839999 https://bugzilla.novell.com/841145 https://bugzilla.novell.com/847353 https://bugzilla.novell.com/849621 https://bugzilla.novell.com/854600 https://bugzilla.novell.com/861981 https://bugzilla.novell.com/864910 https://bugzilla.novell.com/874179 http://download.suse.com/patch/finder/?keywords=03e6d4e3fe11abed0645c384aaf0f07c From sle-updates at lists.suse.com Tue May 20 23:04:46 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 May 2014 07:04:46 +0200 (CEST) Subject: SUSE-SU-2014:0691-1: moderate: Security update for curl Message-ID: <20140521050446.192B83208D@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0691-1 Rating: moderate References: #868627 #868629 #870444 Cross-References: CVE-2014-0138 CVE-2014-0139 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This curl update fixes the following security issues: * bnc#868627: wrong re-use of connections (CVE-2014-0138). * bnc#868629: IP address wildcard certificate validation (CVE-2014-0139). * bnc#870444: --insecure option inappropriately enforcing security safeguard. Security Issue references: * CVE-2014-0138 * CVE-2014-0139 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-curl-9133 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-curl-9133 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-curl-9133 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-curl-9133 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.38.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): curl-7.19.7-1.38.1 libcurl4-7.19.7-1.38.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libcurl4-32bit-7.19.7-1.38.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.38.1 libcurl4-7.19.7-1.38.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.38.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libcurl4-x86-7.19.7-1.38.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): curl-7.19.7-1.38.1 libcurl4-7.19.7-1.38.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libcurl4-32bit-7.19.7-1.38.1 References: http://support.novell.com/security/cve/CVE-2014-0138.html http://support.novell.com/security/cve/CVE-2014-0139.html https://bugzilla.novell.com/868627 https://bugzilla.novell.com/868629 https://bugzilla.novell.com/870444 http://download.suse.com/patch/finder/?keywords=1f21cb714b296d3c2a2df3cd78b559f3 From sle-updates at lists.suse.com Wed May 21 18:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 May 2014 02:04:13 +0200 (CEST) Subject: SUSE-SU-2014:0696-1: important: Security update for Linux kernel Message-ID: <20140522000413.8104932085@maintenance.suse.de> SUSE Security Update: Security update for Linux kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0696-1 Rating: important References: #708296 #736697 #746500 #814788 #819351 #831029 #836347 #843185 #844513 #847672 #849364 #851426 #852488 #852553 #852967 #853455 #854025 #855347 #855885 #856083 #857499 #857643 #858280 #858534 #858604 #858869 #858870 #858872 #862429 #863300 #863335 #864025 #864833 #865307 #865310 #865330 #865342 #865783 #866102 #867953 #868528 #868653 #869033 #869563 #870801 #871325 #871561 #871861 #873061 #874108 #875690 #875798 #876102 Cross-References: CVE-2013-4470 CVE-2013-4579 CVE-2013-6382 CVE-2013-6885 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 CVE-2014-0069 CVE-2014-0101 CVE-2014-0196 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1737 CVE-2014-1738 CVE-2014-1874 CVE-2014-2039 CVE-2014-2523 CVE-2014-2678 CVE-2014-3122 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 32 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise Server 11 SP2 LTSS kernel received a roll-up update to fix security and non-security issues. The following security bugs have been fixed: * CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) * CVE-2013-4579: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (bnc#851426) * CVE-2013-6382: Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (bnc#852553) * CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#852967) * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643) * CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#857643) * CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#857643) * CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#869563) * CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (bnc#864025) * CVE-2014-0101: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. (bnc#866102) * CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (bnc#875690) * CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) * CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) * CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) * CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-1738: The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. (bnc#863335) * CVE-2014-2039: arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction. (bnc#865307) * CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (bnc#868653) * CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#871561) * CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. (bnc#876102) Also the following non-security bugs have been fixed: * kabi: protect symbols modified by bnc#864833 fix (bnc#864833). * arch: Fix incorrect config symbol in #ifdef (bnc#844513). * ACPICA: Add a lock to the internal object reference count mechanism (bnc#857499). * x86/PCI: reduce severity of host bridge window conflict warnings (bnc#858534). * ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237) (bnc#874108). * timer: Prevent overflow in apply_slack (bnc#873061). * xen: Close a race condition in Xen nested spinlock (bnc#858280, bnc#819351). * storvsc: NULL pointer dereference fix (bnc#865330). * sched: Make scale_rt_power() deal with backward clocks (bnc#865310). * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check (bnc#871861). * sched: update_rq_clock() must skip ONE update (bnc#868528, bnc#869033). * md: Change handling of save_raid_disk and metadata update during recovery (bnc#849364). * dm-mpath: Fixup race condition in activate_path() (bnc#708296). * dm-mpath: do not detach stale hardware handler (bnc#708296). * dm-multipath: Improve logging (bnc#708296). * scsi_dh_alua: Simplify state machine (bnc#854025). * scsi_dh_alua: endless STPG retries for a failed LUN (bnc#865342). * scsi_dh_alua: fixup RTPG retry delay miscalculation (bnc#854025). * vfs,proc: guarantee unique inodes in /proc. * FS-Cache: Handle removal of unadded object to the fscache_object_list rb tree (bnc#855885). * NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure (bnc#853455). * NFS: Avoid occasional hang with NFS (bnc#852488). * NFS: do not try to use lock state when we hold a delegation (bnc#831029) - add to series.conf * btrfs: do not loop on large offsets in readdir (bnc#863300). * btrfs: restrict snapshotting to own subvolumes (bnc#736697). * btrfs: fix extent boundary check in bio_readpage_error. * btrfs: fix extent_map block_len after merging. * net: add missing bh_unlock_sock() calls (bnc#862429). * inet: Pass inetpeer root into inet_getpeer*() interfaces (bnc#864833). * inet: Hide route peer accesses behind helpers (bnc#864833). * inet: Avoid potential NULL peer dereference (bnc#864833). * inet: handle rt{,6}_bind_peer() failure correctly (bnc#870801). * inetpeer: prevent unlinking from unused list twice (bnc#867953). * net/mlx4_en: Fix pages never dma unmapped on rx (bnc#858604). * tcp: clear xmit timers in tcp_v4_syn_recv_sock() (bnc#862429). * ipv6: fix race condition regarding dst->expires and dst->from (bnc#843185). * ipv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support, warn about missing CREATE flag (bnc#865783). * mpt2sas: Do not check DIF for unwritten blocks (bnc#746500, bnc#836347). * mpt2sas: Add a module parameter that permits overriding protection capabilities (bnc#746500). * mpt2sas: Return the correct sense key for DIF errors (bnc#746500). * s390/cio: Delay scan for newly available I/O devices (bnc#855347, bnc#814788, bnc#856083). * s390/cio: More efficient handling of CHPID availability events (bnc#855347, bnc#814788, bnc#856083). * s390/cio: Relax subchannel scan loop (bnc#855347, bnc#814788, bnc#856083). * s390/css: stop stsch loop after cc 3 (bnc#855347, bnc#814788, bnc#856083). * supported.conf: Driver corgi_bl was renamed to generic_bl in kernel 2.6.29. * supported.conf: Add drivers/of/of_mdio That was a missing dependency for mdio-gpio on ppc64. * supported.conf: Fix mdio-gpio module name Module mdio-ofgpio was renamed to mdio-gpio in kernel 2.6.29, this should have been reflected in supported.conf. * supported.conf: Adjust radio-si470x module names * Update config files: re-enable twofish crypto support. (bnc#871325) Security Issue references: * CVE-2013-4470 * CVE-2013-4579 * CVE-2013-6382 * CVE-2013-6885 * CVE-2013-7263 * CVE-2013-7264 * CVE-2013-7265 * CVE-2013-7339 * CVE-2014-0069 * CVE-2014-0101 * CVE-2014-0196 * CVE-2014-1444 * CVE-2014-1445 * CVE-2014-1446 * CVE-2014-1737 * CVE-2014-1738 * CVE-2014-1874 * CVE-2014-2039 * CVE-2014-2523 * CVE-2014-2678 * CVE-2014-3122 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-kernel-9248 slessp2-kernel-9249 slessp2-kernel-9254 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.19.1 kernel-default-base-3.0.101-0.7.19.1 kernel-default-devel-3.0.101-0.7.19.1 kernel-source-3.0.101-0.7.19.1 kernel-syms-3.0.101-0.7.19.1 kernel-trace-3.0.101-0.7.19.1 kernel-trace-base-3.0.101-0.7.19.1 kernel-trace-devel-3.0.101-0.7.19.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.7.19.1 kernel-ec2-base-3.0.101-0.7.19.1 kernel-ec2-devel-3.0.101-0.7.19.1 kernel-xen-3.0.101-0.7.19.1 kernel-xen-base-3.0.101-0.7.19.1 kernel-xen-devel-3.0.101-0.7.19.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.7.19.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.19.1 kernel-pae-base-3.0.101-0.7.19.1 kernel-pae-devel-3.0.101-0.7.19.1 - SLE 11 SERVER Unsupported Extras (i586 s390x x86_64): kernel-default-extra-3.0.101-0.7.19.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.7.19.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.7.19.1 References: http://support.novell.com/security/cve/CVE-2013-4470.html http://support.novell.com/security/cve/CVE-2013-4579.html http://support.novell.com/security/cve/CVE-2013-6382.html http://support.novell.com/security/cve/CVE-2013-6885.html http://support.novell.com/security/cve/CVE-2013-7263.html http://support.novell.com/security/cve/CVE-2013-7264.html http://support.novell.com/security/cve/CVE-2013-7265.html http://support.novell.com/security/cve/CVE-2013-7339.html http://support.novell.com/security/cve/CVE-2014-0069.html http://support.novell.com/security/cve/CVE-2014-0101.html http://support.novell.com/security/cve/CVE-2014-0196.html http://support.novell.com/security/cve/CVE-2014-1444.html http://support.novell.com/security/cve/CVE-2014-1445.html http://support.novell.com/security/cve/CVE-2014-1446.html http://support.novell.com/security/cve/CVE-2014-1737.html http://support.novell.com/security/cve/CVE-2014-1738.html http://support.novell.com/security/cve/CVE-2014-1874.html http://support.novell.com/security/cve/CVE-2014-2039.html http://support.novell.com/security/cve/CVE-2014-2523.html http://support.novell.com/security/cve/CVE-2014-2678.html http://support.novell.com/security/cve/CVE-2014-3122.html https://bugzilla.novell.com/708296 https://bugzilla.novell.com/736697 https://bugzilla.novell.com/746500 https://bugzilla.novell.com/814788 https://bugzilla.novell.com/819351 https://bugzilla.novell.com/831029 https://bugzilla.novell.com/836347 https://bugzilla.novell.com/843185 https://bugzilla.novell.com/844513 https://bugzilla.novell.com/847672 https://bugzilla.novell.com/849364 https://bugzilla.novell.com/851426 https://bugzilla.novell.com/852488 https://bugzilla.novell.com/852553 https://bugzilla.novell.com/852967 https://bugzilla.novell.com/853455 https://bugzilla.novell.com/854025 https://bugzilla.novell.com/855347 https://bugzilla.novell.com/855885 https://bugzilla.novell.com/856083 https://bugzilla.novell.com/857499 https://bugzilla.novell.com/857643 https://bugzilla.novell.com/858280 https://bugzilla.novell.com/858534 https://bugzilla.novell.com/858604 https://bugzilla.novell.com/858869 https://bugzilla.novell.com/858870 https://bugzilla.novell.com/858872 https://bugzilla.novell.com/862429 https://bugzilla.novell.com/863300 https://bugzilla.novell.com/863335 https://bugzilla.novell.com/864025 https://bugzilla.novell.com/864833 https://bugzilla.novell.com/865307 https://bugzilla.novell.com/865310 https://bugzilla.novell.com/865330 https://bugzilla.novell.com/865342 https://bugzilla.novell.com/865783 https://bugzilla.novell.com/866102 https://bugzilla.novell.com/867953 https://bugzilla.novell.com/868528 https://bugzilla.novell.com/868653 https://bugzilla.novell.com/869033 https://bugzilla.novell.com/869563 https://bugzilla.novell.com/870801 https://bugzilla.novell.com/871325 https://bugzilla.novell.com/871561 https://bugzilla.novell.com/871861 https://bugzilla.novell.com/873061 https://bugzilla.novell.com/874108 https://bugzilla.novell.com/875690 https://bugzilla.novell.com/875798 https://bugzilla.novell.com/876102 http://download.suse.com/patch/finder/?keywords=787d82dbb16377714bc927d02557c4ee http://download.suse.com/patch/finder/?keywords=8e83fb23e69fc57ddd82e1ab0aa469b8 http://download.suse.com/patch/finder/?keywords=be4d02e114cf7bfcc6687ae18820db1d http://download.suse.com/patch/finder/?keywords=d8a4989ab7c16d4dac2badacf2d0efa8 http://download.suse.com/patch/finder/?keywords=da132fe457db88249d2db18bc5c22de5 http://download.suse.com/patch/finder/?keywords=ffc3bcce4bbb0dc6b7c0acc2c40fba06 From sle-updates at lists.suse.com Thu May 22 11:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 May 2014 19:04:13 +0200 (CEST) Subject: SUSE-RU-2014:0699-1: Recommended update for hwinfo Message-ID: <20140522170413.D21AF32098@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0699-1 Rating: low References: #813172 #867915 #870660 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This collective update for hwinfo provides fixes for the following issues: * Incorrect dbus usage that could have resulted in a segmentation fault. (bnc #870660) * Incorrect memory size reported on Xen guests. (bnc #867915) * Incomplete information about Intel 82599 network adapters. (bnc #813172) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-hwinfo-9201 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-hwinfo-9201 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-hwinfo-9201 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-hwinfo-9201 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 15.53]: hwinfo-devel-15.53-0.13.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 15.53]: hwinfo-15.53-0.13.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 15.53]: hwinfo-15.53-0.13.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 15.53]: hwinfo-15.53-0.13.1 References: https://bugzilla.novell.com/813172 https://bugzilla.novell.com/867915 https://bugzilla.novell.com/870660 http://download.suse.com/patch/finder/?keywords=b683c53ec41997a909279aaebc7491d3 From sle-updates at lists.suse.com Thu May 22 15:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 May 2014 23:04:11 +0200 (CEST) Subject: SUSE-SU-2014:0702-1: moderate: Security update for finch Message-ID: <20140522210411.8722532098@maintenance.suse.de> SUSE Security Update: Security update for finch ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0702-1 Rating: moderate References: #861019 Cross-References: CVE-2012-6152 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2013-6489 CVE-2013-6490 CVE-2014-0020 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: The pidgin Instant Messenger has been updated to fix various security issues: * CVE-2014-0020: Remotely triggerable crash in IRC argument parsing * CVE-2013-6490: Buffer overflow in SIMPLE header parsing * CVE-2013-6489: Buffer overflow in MXit emoticon parsing * CVE-2013-6487: Buffer overflow in Gadu-Gadu HTTP parsing * CVE-2013-6486: Pidgin uses clickable links to untrusted executables * CVE-2013-6485: Buffer overflow parsing chunked HTTP responses * CVE-2013-6484: Crash reading response from STUN server * CVE-2013-6483: XMPP doesn't verify 'from' on some iq replies * CVE-2013-6482: NULL pointer dereference parsing SOAP data in MSN * CVE-2013-6482: NULL pointer dereference parsing OIM data in MSN * CVE-2013-6482: NULL pointer dereference parsing headers in MSN * CVE-2013-6481: Remote crash reading Yahoo! P2P message * CVE-2013-6479: Remote crash parsing HTTP responses * CVE-2013-6478: Crash when hovering pointer over a long URL * CVE-2013-6477: Crash handling bad XMPP timestamp * CVE-2012-6152: Yahoo! remote crash from incorrect character encoding Security Issue references: * CVE-2014-0020 * CVE-2013-6490 * CVE-2013-6489 * CVE-2013-6487 * CVE-2013-6486 * CVE-2013-6485 * CVE-2013-6484 * CVE-2013-6483 * CVE-2013-6482 * CVE-2013-6481 * CVE-2013-6479 * CVE-2013-6478 * CVE-2013-6477 * CVE-2012-6152 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-finch-9213 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-finch-9213 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): finch-2.6.6-0.23.1 finch-devel-2.6.6-0.23.1 libpurple-2.6.6-0.23.1 libpurple-devel-2.6.6-0.23.1 libpurple-lang-2.6.6-0.23.1 pidgin-2.6.6-0.23.1 pidgin-devel-2.6.6-0.23.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): finch-2.6.6-0.23.1 libpurple-2.6.6-0.23.1 libpurple-lang-2.6.6-0.23.1 libpurple-meanwhile-2.6.6-0.23.1 libpurple-tcl-2.6.6-0.23.1 pidgin-2.6.6-0.23.1 References: http://support.novell.com/security/cve/CVE-2012-6152.html http://support.novell.com/security/cve/CVE-2013-6477.html http://support.novell.com/security/cve/CVE-2013-6478.html http://support.novell.com/security/cve/CVE-2013-6479.html http://support.novell.com/security/cve/CVE-2013-6481.html http://support.novell.com/security/cve/CVE-2013-6482.html http://support.novell.com/security/cve/CVE-2013-6483.html http://support.novell.com/security/cve/CVE-2013-6484.html http://support.novell.com/security/cve/CVE-2013-6485.html http://support.novell.com/security/cve/CVE-2013-6486.html http://support.novell.com/security/cve/CVE-2013-6487.html http://support.novell.com/security/cve/CVE-2013-6489.html http://support.novell.com/security/cve/CVE-2013-6490.html http://support.novell.com/security/cve/CVE-2014-0020.html https://bugzilla.novell.com/861019 http://download.suse.com/patch/finder/?keywords=eceeb6030f253e0d89f34ec993eac991 From sle-updates at lists.suse.com Thu May 22 17:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 May 2014 01:04:13 +0200 (CEST) Subject: SUSE-RU-2014:0703-1: moderate: Recommended update for snapper Message-ID: <20140522230413.A0FA332085@maintenance.suse.de> SUSE Recommended Update: Recommended update for snapper ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0703-1 Rating: moderate References: #860119 #862964 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for snapper provides fixes for the following issues: * A potential segmentation fault when snapper interacts with DBus. (bnc#860119) * File mode (setuid bit) was not restored after "undochange". (bnc#862964) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libsnapper-devel-9068 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libsnapper-devel-9068 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libsnapper-devel-9068 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libsnapper-devel-9068 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libsnapper-devel-0.1.2-0.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libsnapper2-0.1.2-0.17.1 snapper-0.1.2-0.17.1 snapper-zypp-plugin-0.1.2-0.17.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libsnapper2-0.1.2-0.17.1 snapper-0.1.2-0.17.1 snapper-zypp-plugin-0.1.2-0.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libsnapper2-0.1.2-0.17.1 snapper-0.1.2-0.17.1 snapper-zypp-plugin-0.1.2-0.17.1 References: https://bugzilla.novell.com/860119 https://bugzilla.novell.com/862964 http://download.suse.com/patch/finder/?keywords=3f53738391595fc548f82ee3cb5f2d9f From sle-updates at lists.suse.com Thu May 22 17:04:41 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 May 2014 01:04:41 +0200 (CEST) Subject: SUSE-SU-2014:0704-1: moderate: Security update for libgcrypt Message-ID: <20140522230441.AE69A32098@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0704-1 Rating: moderate References: #831359 Cross-References: CVE-2013-4242 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libgcrypt has been updated to fix a cryptographic weakness. * CVE-2013-4242: libgcrypt was affected by the Yarom/Falkner flush+reload side-channel attach on RSA secret keys, that could have potentially leaked the key data to attackers on the same machine. Security Issue references: * CVE-2013-4242 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libgcrypt-9115 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): libgcrypt11-1.4.1-6.10.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): libgcrypt11-32bit-1.4.1-6.10.1 References: http://support.novell.com/security/cve/CVE-2013-4242.html https://bugzilla.novell.com/831359 http://download.suse.com/patch/finder/?keywords=827bbef3ada5dcf3b73bc75a28643fa0 From sle-updates at lists.suse.com Thu May 22 18:04:54 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 May 2014 02:04:54 +0200 (CEST) Subject: SUSE-SU-2014:0705-1: moderate: Security update for python-imaging Message-ID: <20140523000454.638FF32085@maintenance.suse.de> SUSE Security Update: Security update for python-imaging ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0705-1 Rating: moderate References: #863541 Cross-References: CVE-2014-1932 CVE-2014-1933 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This python-imaging update fixes the following two security issues: * bnc#863541: Fixed insecure temporary file creation and handling (CVE-2014-1932, CVE-2014-1933) Security Issue references: * CVE-2014-1932 * CVE-2014-1933 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-python-imaging-9153 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-python-imaging-9153 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-python-imaging-9153 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-imaging-sane-1.1.6-168.34.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): python-imaging-1.1.6-168.34.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): python-imaging-1.1.6-168.34.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): python-imaging-1.1.6-168.34.1 References: http://support.novell.com/security/cve/CVE-2014-1932.html http://support.novell.com/security/cve/CVE-2014-1933.html https://bugzilla.novell.com/863541 http://download.suse.com/patch/finder/?keywords=02e7a57daf177efab5dcb28f8765ed5a From sle-updates at lists.suse.com Mon May 26 13:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 May 2014 21:04:11 +0200 (CEST) Subject: SUSE-RU-2014:0713-1: Recommended update for smt-client Message-ID: <20140526190411.940D4320A4@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0713-1 Rating: low References: #876609 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for smt-client fixes the enforcement of http timeouts during SSL handshakes. (bnc#876609) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-smt-client-9229 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-smt-client-9229 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-smt-client-9229 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 0.3.0]: smt-client-0.3.0-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.3.0]: smt-client-0.3.0-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.3.0]: smt-client-0.3.0-0.5.1 References: https://bugzilla.novell.com/876609 http://download.suse.com/patch/finder/?keywords=a1ad7f43f74db37cc67aa6449f74247d From sle-updates at lists.suse.com Mon May 26 18:04:18 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 May 2014 02:04:18 +0200 (CEST) Subject: SUSE-RU-2014:0714-1: Recommended update for open-iscsi Message-ID: <20140527000418.EB0A13204C@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0714-1 Rating: low References: #630434 #831934 #834256 #867657 #867934 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This collective update for open-iscsi provides the following fixes: * Init script now handles LVM stacked use of partitions. (bnc#867934) * Fix init script module load logic, removing bogus "FATAL ..." message when starting service. (bnc#867657) * Removed problematic check_for_node_onboot() in mkinitrd setup script. (bnc#834256) * Update mkinitrd open-iscsi setup script to handle both root and non-root iSCSI volumes, including iBFT. (bnc#834256, bnc#630434) * Correctly regenerate initrd after update. (bnc#831934) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-open-iscsi-9129 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-open-iscsi-9129 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-open-iscsi-9129 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): open-iscsi-2.0.873-0.23.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): open-iscsi-2.0.873-0.23.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): open-iscsi-2.0.873-0.23.1 References: https://bugzilla.novell.com/630434 https://bugzilla.novell.com/831934 https://bugzilla.novell.com/834256 https://bugzilla.novell.com/867657 https://bugzilla.novell.com/867934 http://download.suse.com/patch/finder/?keywords=b78173a07ada43269178f7df34e306c7 From sle-updates at lists.suse.com Wed May 28 12:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 May 2014 20:04:11 +0200 (CEST) Subject: SUSE-SU-2014:0723-1: moderate: Security update for Samba Message-ID: <20140528180411.929C73208D@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0723-1 Rating: moderate References: #783384 #799641 #800982 #829969 #844720 #849224 #853021 #853347 Cross-References: CVE-2012-6150 CVE-2013-0213 CVE-2013-0214 CVE-2013-4124 CVE-2013-4408 CVE-2013-4496 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This is a LTSS roll-up update for the Samba Server suite fixing multiple security issues and bugs. Security issues fixed: * CVE-2013-4496: Password lockout was not enforced for SAMR password changes, leading to brute force possibility. * CVE-2013-4408: DCE-RPC fragment length field is incorrectly checked. * CVE-2013-4124: Samba was affected by a denial of service attack on authenticated or guest connections. * CVE-2013-0214: The SWAT webadministration was affected by a cross site scripting attack (XSS). * CVE-2013-0213: The SWAT webadministration could possibly be used in clickjacking attacks. Security Issue references: * CVE-2012-6150 * CVE-2013-0213 * CVE-2013-0214 * CVE-2013-4124 * CVE-2013-4408 * CVE-2013-4496 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-cifs-mount-9117 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): cifs-mount-3.4.3-1.52.3 ldapsmb-1.34b-11.28.52.3 libsmbclient0-3.4.3-1.52.3 libtalloc1-3.4.3-1.52.3 libtdb1-3.4.3-1.52.3 libwbclient0-3.4.3-1.52.3 samba-3.4.3-1.52.3 samba-client-3.4.3-1.52.3 samba-krb-printing-3.4.3-1.52.3 samba-winbind-3.4.3-1.52.3 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): libsmbclient0-32bit-3.4.3-1.52.3 libtalloc1-32bit-3.4.3-1.52.3 libtdb1-32bit-3.4.3-1.52.3 libwbclient0-32bit-3.4.3-1.52.3 samba-32bit-3.4.3-1.52.3 samba-client-32bit-3.4.3-1.52.3 samba-winbind-32bit-3.4.3-1.52.3 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch): samba-doc-3.4.3-1.52.3 References: http://support.novell.com/security/cve/CVE-2012-6150.html http://support.novell.com/security/cve/CVE-2013-0213.html http://support.novell.com/security/cve/CVE-2013-0214.html http://support.novell.com/security/cve/CVE-2013-4124.html http://support.novell.com/security/cve/CVE-2013-4408.html http://support.novell.com/security/cve/CVE-2013-4496.html https://bugzilla.novell.com/783384 https://bugzilla.novell.com/799641 https://bugzilla.novell.com/800982 https://bugzilla.novell.com/829969 https://bugzilla.novell.com/844720 https://bugzilla.novell.com/849224 https://bugzilla.novell.com/853021 https://bugzilla.novell.com/853347 http://download.suse.com/patch/finder/?keywords=20647ef4a682db1b2ce9c1aec3368f57 From sle-updates at lists.suse.com Wed May 28 13:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 May 2014 21:04:12 +0200 (CEST) Subject: SUSE-SU-2014:0665-2: important: Security update for Mozilla Firefox Message-ID: <20140528190412.86DFD3208D@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0665-2 Rating: important References: #865539 #869827 #875378 Cross-References: CVE-2014-1492 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes 5 new package versions. Description: This Mozilla Firefox update provides several security and non-security fixes. Mozilla Firefox has been updated to the 24.5.0esr version, which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to version 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. Security Issue references: * CVE-2014-1532 * CVE-2014-1531 * CVE-2014-1530 * CVE-2014-1529 * CVE-2014-1524 * CVE-2014-1523 * CVE-2014-1518 * CVE-2014-1492 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 1.9.1.19,1.9.2.28,3.16 and 4.10.4]: firefox-atk-1.28.0-0.7.3 firefox-cairo-1.8.0-0.10.2 firefox-fontconfig-2.6.0-0.7.1 firefox-freetype2-2.3.7-0.35.1 firefox-glib2-2.22.5-0.13.3 firefox-gtk2-2.18.9-0.9.2 firefox-gtk2-lang-2.18.9-0.9.2 firefox-libgcc_s1-4.7.2_20130108-0.22.1 firefox-libstdc++6-4.7.2_20130108-0.22.1 firefox-pango-1.26.2-0.9.2 firefox-pcre-7.8-0.8.1 firefox-pixman-0.16.0-0.7.1 mozilla-nspr-4.10.4-0.5.1 mozilla-nspr-devel-4.10.4-0.5.1 mozilla-nss-3.16-0.5.1 mozilla-nss-devel-3.16-0.5.1 mozilla-nss-tools-3.16-0.5.1 mozilla-xulrunner191-1.9.1.19-0.13.3 mozilla-xulrunner191-gnomevfs-1.9.1.19-0.13.3 mozilla-xulrunner191-translations-1.9.1.19-0.13.3 mozilla-xulrunner192-1.9.2.28-0.13.4 mozilla-xulrunner192-gnome-1.9.2.28-0.13.4 mozilla-xulrunner192-translations-1.9.2.28-0.13.4 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 1.9.1.19,1.9.2.28,3.16 and 4.10.4]: firefox-atk-32bit-1.28.0-0.7.3 firefox-cairo-32bit-1.8.0-0.10.2 firefox-fontconfig-32bit-2.6.0-0.7.1 firefox-freetype2-32bit-2.3.7-0.35.1 firefox-glib2-32bit-2.22.5-0.13.3 firefox-gtk2-32bit-2.18.9-0.9.2 firefox-libgcc_s1-32bit-4.7.2_20130108-0.22.1 firefox-libstdc++6-32bit-4.7.2_20130108-0.22.1 firefox-pango-32bit-1.26.2-0.9.2 firefox-pcre-32bit-7.8-0.8.1 firefox-pixman-32bit-0.16.0-0.7.1 mozilla-nspr-32bit-4.10.4-0.5.1 mozilla-nss-32bit-3.16-0.5.1 mozilla-xulrunner191-32bit-1.9.1.19-0.13.3 mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.13.3 mozilla-xulrunner191-translations-32bit-1.9.1.19-0.13.3 mozilla-xulrunner192-32bit-1.9.2.28-0.13.4 mozilla-xulrunner192-gnome-32bit-1.9.2.28-0.13.4 mozilla-xulrunner192-translations-32bit-1.9.2.28-0.13.4 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x) [New Version: 24]: MozillaFirefox-24.5.0esr-0.7.2 MozillaFirefox-branding-SLED-24-0.12.1 MozillaFirefox-translations-24.5.0esr-0.7.2 References: http://support.novell.com/security/cve/CVE-2014-1492.html http://support.novell.com/security/cve/CVE-2014-1518.html http://support.novell.com/security/cve/CVE-2014-1523.html http://support.novell.com/security/cve/CVE-2014-1524.html http://support.novell.com/security/cve/CVE-2014-1529.html http://support.novell.com/security/cve/CVE-2014-1530.html http://support.novell.com/security/cve/CVE-2014-1531.html http://support.novell.com/security/cve/CVE-2014-1532.html https://bugzilla.novell.com/865539 https://bugzilla.novell.com/869827 https://bugzilla.novell.com/875378 http://download.suse.com/patch/finder/?keywords=286e8d629532f85ab01bea1a26438953 From sle-updates at lists.suse.com Wed May 28 13:04:58 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 May 2014 21:04:58 +0200 (CEST) Subject: SUSE-SU-2014:0724-1: moderate: Security update for libpng Message-ID: <20140528190458.0CA1D32096@maintenance.suse.de> SUSE Security Update: Security update for libpng ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0724-1 Rating: moderate References: #873123 #873124 Cross-References: CVE-2013-7353 CVE-2013-7354 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This libpng update fixes the following two overflow security issues. * bnc#873123: Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() (CVE-2013-7354). * bnc#873124: Fixed integer overflow that could have lead to a heap-based buffer overflow in png_set_unknown_chunks() (CVE-2013-7353). Security Issue references: * CVE-2013-7353 * CVE-2013-7354 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libpng-devel-9170 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libpng-devel-9170 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libpng-devel-9170 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libpng-devel-9170 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpng-devel-1.2.31-5.33.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libpng-devel-32bit-1.2.31-5.33.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libpng12-0-1.2.31-5.33.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libpng12-0-32bit-1.2.31-5.33.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libpng12-0-1.2.31-5.33.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libpng12-0-32bit-1.2.31-5.33.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libpng12-0-x86-1.2.31-5.33.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libpng12-0-1.2.31-5.33.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libpng12-0-32bit-1.2.31-5.33.1 References: http://support.novell.com/security/cve/CVE-2013-7353.html http://support.novell.com/security/cve/CVE-2013-7354.html https://bugzilla.novell.com/873123 https://bugzilla.novell.com/873124 http://download.suse.com/patch/finder/?keywords=53d484c089a573ad130ef76f075ad362 From sle-updates at lists.suse.com Wed May 28 13:05:29 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 May 2014 21:05:29 +0200 (CEST) Subject: SUSE-SU-2014:0458-2: moderate: Security update for rubygem-i18 Message-ID: <20140528190529.B146932096@maintenance.suse.de> SUSE Security Update: Security update for rubygem-i18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0458-2 Rating: moderate References: #854166 #855139 #864873 Cross-References: CVE-2013-4492 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: rubygem-i18-0_6 has been updated to fix a security issue: * Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allowed remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call. Additionally, the package requires Ruby directly now, and also applies the security patch to the bundled .gem file. Security Issue reference: * CVE-2013-4492 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-rubygem-i18n-0_6-8936 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-i18n-0_6-8936 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-i18n-0_6-8936 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64): rubygem-i18n-0_6-0.6.0-0.8.1 - SUSE Studio Onsite 1.3 (x86_64): rubygem-i18n-0_6-0.6.0-0.8.1 - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-i18n-0_6-0.6.0-0.8.1 References: http://support.novell.com/security/cve/CVE-2013-4492.html https://bugzilla.novell.com/854166 https://bugzilla.novell.com/855139 https://bugzilla.novell.com/864873 http://download.suse.com/patch/finder/?keywords=3ddac1f470785a8fbeb71b67f28e96b5 From sle-updates at lists.suse.com Wed May 28 14:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 May 2014 22:04:11 +0200 (CEST) Subject: SUSE-RU-2014:0725-1: Recommended update for SMT Message-ID: <20140528200411.9E5273208D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SMT ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0725-1 Rating: low References: #846620 #852632 #872168 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update for SMT provides fixes for the following issues: * Fix mirroring for SLES10-SP3-Updates. (bnc#872168) * Fix DB schema migration: drop index only if it exists. (bnc#852632) * Create a patch id also for normal bugzilla URLs. (bnc#846620) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11 SP3: zypper in -t patch slesmtsp3-res-signingkeys-9228 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool for SUSE Linux Enterprise 11 SP3 (i586 s390x x86_64) [New Version: 1.2.5]: res-signingkeys-1.2.5-0.7.1 smt-1.2.5-0.7.1 smt-support-1.2.5-0.7.1 References: https://bugzilla.novell.com/846620 https://bugzilla.novell.com/852632 https://bugzilla.novell.com/872168 http://download.suse.com/patch/finder/?keywords=e7367497b0bead4d0c3869c825048257 From sle-updates at lists.suse.com Wed May 28 14:04:49 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 May 2014 22:04:49 +0200 (CEST) Subject: SUSE-RU-2014:0726-1: Recommended update for wget Message-ID: <20140528200449.70CF032096@maintenance.suse.de> SUSE Recommended Update: Recommended update for wget ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0726-1 Rating: low References: #870983 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wget implements checking of Subject Alternative Names in SSL x509 certificates. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-wget-9145 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-wget-9145 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-wget-9145 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): wget-1.11.4-1.17.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): wget-1.11.4-1.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): wget-1.11.4-1.17.1 References: https://bugzilla.novell.com/870983 http://download.suse.com/patch/finder/?keywords=c40878aca154ec90d800d7d8ea570a88 From sle-updates at lists.suse.com Wed May 28 14:05:05 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 May 2014 22:05:05 +0200 (CEST) Subject: SUSE-SU-2014:0727-1: important: Security update for Mozilla Firefox Message-ID: <20140528200505.E193B32096@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0727-1 Rating: important References: #869827 Cross-References: CVE-2014-1492 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. It includes 5 new package versions. Description: This Mozilla Firefox update provides several security and non-security fixes. MozillaFirefox has been updated to 24.5.0esr, which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. Security Issue references: * CVE-2014-1532 * CVE-2014-1531 * CVE-2014-1530 * CVE-2014-1529 * CVE-2014-1524 * CVE-2014-1523 * CVE-2014-1518 * CVE-2014-1492 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 1.9.1.19,1.9.2.28,3.16 and 4.10.4]: firefox-atk-1.28.0-0.7.3 firefox-cairo-1.8.0-0.10.2 firefox-fontconfig-2.6.0-0.7.1 firefox-freetype2-2.3.7-0.35.1 firefox-glib2-2.22.5-0.13.3 firefox-gtk2-2.18.9-0.9.2 firefox-gtk2-lang-2.18.9-0.9.2 firefox-libgcc_s1-4.7.2_20130108-0.22.1 firefox-libstdc++6-4.7.2_20130108-0.22.1 firefox-pango-1.26.2-0.9.2 firefox-pcre-7.8-0.8.1 firefox-pixman-0.16.0-0.7.1 mozilla-nspr-4.10.4-0.5.1 mozilla-nspr-devel-4.10.4-0.5.1 mozilla-nss-3.16-0.5.1 mozilla-nss-devel-3.16-0.5.1 mozilla-nss-tools-3.16-0.5.1 mozilla-xulrunner191-1.9.1.19-0.13.3 mozilla-xulrunner191-gnomevfs-1.9.1.19-0.13.3 mozilla-xulrunner191-translations-1.9.1.19-0.13.3 mozilla-xulrunner192-1.9.2.28-0.13.4 mozilla-xulrunner192-gnome-1.9.2.28-0.13.4 mozilla-xulrunner192-translations-1.9.2.28-0.13.4 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 1.9.1.19,1.9.2.28,3.16 and 4.10.4]: firefox-atk-32bit-1.28.0-0.7.3 firefox-cairo-32bit-1.8.0-0.10.2 firefox-fontconfig-32bit-2.6.0-0.7.1 firefox-freetype2-32bit-2.3.7-0.35.1 firefox-glib2-32bit-2.22.5-0.13.3 firefox-gtk2-32bit-2.18.9-0.9.2 firefox-libgcc_s1-32bit-4.7.2_20130108-0.22.1 firefox-libstdc++6-32bit-4.7.2_20130108-0.22.1 firefox-pango-32bit-1.26.2-0.9.2 firefox-pcre-32bit-7.8-0.8.1 firefox-pixman-32bit-0.16.0-0.7.1 mozilla-nspr-32bit-4.10.4-0.5.1 mozilla-nss-32bit-3.16-0.5.1 mozilla-xulrunner191-32bit-1.9.1.19-0.13.3 mozilla-xulrunner191-gnomevfs-32bit-1.9.1.19-0.13.3 mozilla-xulrunner191-translations-32bit-1.9.1.19-0.13.3 mozilla-xulrunner192-32bit-1.9.2.28-0.13.4 mozilla-xulrunner192-gnome-32bit-1.9.2.28-0.13.4 mozilla-xulrunner192-translations-32bit-1.9.2.28-0.13.4 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x) [New Version: 24]: MozillaFirefox-24.5.0esr-0.7.2 MozillaFirefox-branding-SLED-24-0.12.1 MozillaFirefox-translations-24.5.0esr-0.7.2 References: http://support.novell.com/security/cve/CVE-2014-1492.html http://support.novell.com/security/cve/CVE-2014-1518.html http://support.novell.com/security/cve/CVE-2014-1523.html http://support.novell.com/security/cve/CVE-2014-1524.html http://support.novell.com/security/cve/CVE-2014-1529.html http://support.novell.com/security/cve/CVE-2014-1530.html http://support.novell.com/security/cve/CVE-2014-1531.html http://support.novell.com/security/cve/CVE-2014-1532.html https://bugzilla.novell.com/869827 http://download.suse.com/patch/finder/?keywords=6deb2806a7e4f6bdaa0908761932d7dd From sle-updates at lists.suse.com Wed May 28 17:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 May 2014 01:04:14 +0200 (CEST) Subject: SUSE-SU-2014:0728-1: important: Security update for IBM Java 6 Message-ID: <20140528230414.DD4C032052@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0728-1 Rating: important References: #877430 Cross-References: CVE-2013-6629 CVE-2013-6954 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0878 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes 26 vulnerabilities is now available. Description: Java has been updated to version 6 SR16 to fix several security issues and various other bugs. More information can be found at http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issues: * CVE-2013-6629 * CVE-2013-6954 * CVE-2014-0429 * CVE-2014-0446 * CVE-2014-0449 * CVE-2014-0451 * CVE-2014-0452 * CVE-2014-0457 * CVE-2014-0458 * CVE-2014-0459 * CVE-2014-0460 * CVE-2014-0461 * CVE-2014-1876 * CVE-2014-2398 * CVE-2014-2401 * CVE-2014-2409 * CVE-2014-2412 * CVE-2014-2414 * CVE-2014-2420 * CVE-2014-2421 * CVE-2014-2423 * CVE-2014-2427 * CVE-2014-2428 * CVE-2014-0428 * CVE-2014-0453 * CVE-2014-0878 * CVE-2013-6954 * CVE-2014-0429 * CVE-2014-0446 * CVE-2014-0449 * CVE-2014-0451 * CVE-2014-0452 * CVE-2014-0457 * CVE-2014-0458 * CVE-2014-0459 * CVE-2014-0460 * CVE-2014-0461 * CVE-2014-1876 * CVE-2014-2398 * CVE-2014-2401 * CVE-2014-2409 * CVE-2014-2412 * CVE-2014-2414 * CVE-2014-2420 * CVE-2014-2421 * CVE-2014-2423 * CVE-2014-2427 * CVE-2014-2428 * CVE-2014-0428 * CVE-2014-0453 * CVE-2014-0878 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-java-1_6_0-ibm-9258 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): java-1_6_0-ibm-1.6.0_sr16.0-0.3.1 java-1_6_0-ibm-devel-1.6.0_sr16.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr16.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.0-0.3.1 java-1_6_0-ibm-plugin-1.6.0_sr16.0-0.3.1 References: http://support.novell.com/security/cve/CVE-2013-6629.html http://support.novell.com/security/cve/CVE-2013-6954.html http://support.novell.com/security/cve/CVE-2014-0428.html http://support.novell.com/security/cve/CVE-2014-0429.html http://support.novell.com/security/cve/CVE-2014-0446.html http://support.novell.com/security/cve/CVE-2014-0449.html http://support.novell.com/security/cve/CVE-2014-0451.html http://support.novell.com/security/cve/CVE-2014-0452.html http://support.novell.com/security/cve/CVE-2014-0453.html http://support.novell.com/security/cve/CVE-2014-0457.html http://support.novell.com/security/cve/CVE-2014-0458.html http://support.novell.com/security/cve/CVE-2014-0459.html http://support.novell.com/security/cve/CVE-2014-0460.html http://support.novell.com/security/cve/CVE-2014-0461.html http://support.novell.com/security/cve/CVE-2014-0878.html http://support.novell.com/security/cve/CVE-2014-1876.html http://support.novell.com/security/cve/CVE-2014-2398.html http://support.novell.com/security/cve/CVE-2014-2401.html http://support.novell.com/security/cve/CVE-2014-2409.html http://support.novell.com/security/cve/CVE-2014-2412.html http://support.novell.com/security/cve/CVE-2014-2414.html http://support.novell.com/security/cve/CVE-2014-2420.html http://support.novell.com/security/cve/CVE-2014-2421.html http://support.novell.com/security/cve/CVE-2014-2423.html http://support.novell.com/security/cve/CVE-2014-2427.html http://support.novell.com/security/cve/CVE-2014-2428.html https://bugzilla.novell.com/877430 http://download.suse.com/patch/finder/?keywords=2078c426a75755f7ebf4f9052a93f0aa From sle-updates at lists.suse.com Wed May 28 17:04:32 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 May 2014 01:04:32 +0200 (CEST) Subject: SUSE-RU-2014:0729-1: Recommended update for SUSE Linux Enterprise Desktop 11 SP3 manuals Message-ID: <20140528230432.0DA993208D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Linux Enterprise Desktop 11 SP3 manuals ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0729-1 Rating: low References: #839890 #856477 #858877 #864606 #865362 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update provides the latest version of the SUSE Linux Enterprise Desktop 11 SP3 manuals, which brings fixes and enhancements in the following areas: * Supported Upgrade Paths to SLES 11-SP3. (bnc#839890) * Btrfs compression function under development. (bnc#864606) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-sled-admin_en-pdf-9199 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (noarch): sled-admin_en-pdf-11.3-0.27.2 sled-apps_en-pdf-11.3-0.27.2 sled-deployment_en-pdf-11.3-0.27.2 sled-gnomequick_en-pdf-11.3-0.27.2 sled-gnomeuser_en-pdf-11.3-0.27.2 sled-installquick_en-pdf-11.3-0.27.2 sled-kdequick_en-pdf-11.3-0.27.2 sled-kdeuser_en-pdf-11.3-0.27.2 sled-libreofficequick_en-pdf-11.3-0.27.2 sled-manuals_en-11.3-0.27.2 sled-security_en-pdf-11.3-0.27.2 sled-tuning_en-pdf-11.3-0.27.2 sled-xen_en-pdf-11.3-0.27.2 References: https://bugzilla.novell.com/839890 https://bugzilla.novell.com/856477 https://bugzilla.novell.com/858877 https://bugzilla.novell.com/864606 https://bugzilla.novell.com/865362 http://download.suse.com/patch/finder/?keywords=1de3fad39cb49e4f281a2c1585d9501a From sle-updates at lists.suse.com Wed May 28 19:04:48 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 May 2014 03:04:48 +0200 (CEST) Subject: SUSE-SU-2014:0430-5: Security update for rubygem-actionmailer Message-ID: <20140529010448.4A0ED3208D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionmailer ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0430-5 Rating: low References: #864873 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: Various ruby gems were released where the unpacked tree was patched for the current security issues, but the included gem file (gem archive) was not adjusted. This update rolls the current updates to also contain the fixes in the .gem files (bnc#864873). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-rails-fixgem-201402d-8928 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rails-fixgem-201402d-8928 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rails-fixgem-201402d-8928 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.2.12]: rubygem-actionmailer-3_2-3.2.12-0.9.1 rubygem-activerecord-3_2-3.2.12-0.9.1 rubygem-activesupport-3_2-3.2.12-0.9.1 - SUSE Studio Onsite 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionmailer-3_2-3.2.12-0.9.1 rubygem-activerecord-3_2-3.2.12-0.9.1 rubygem-activesupport-3_2-3.2.12-0.9.1 - SUSE Lifecycle Management Server 1.3 (x86_64) [New Version: 3.2.12]: rubygem-actionmailer-3_2-3.2.12-0.9.1 rubygem-activerecord-3_2-3.2.12-0.9.1 rubygem-activesupport-3_2-3.2.12-0.9.1 References: https://bugzilla.novell.com/864873 http://download.suse.com/patch/finder/?keywords=ea06361420abeac88467afdb5910065f From sle-updates at lists.suse.com Wed May 28 19:05:09 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 May 2014 03:05:09 +0200 (CEST) Subject: SUSE-SU-2014:0730-1: moderate: Security update for rubygem-rack-ssl Message-ID: <20140529010509.8C6DD3208D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rack-ssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0730-1 Rating: moderate References: #869162 Cross-References: CVE-2014-2538 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This rubygem-rack-ssl update fixes one security issue: * bnc#869162: Fixed XSS in error page (CVE-2014-2538) Security Issue reference: * CVE-2014-2538 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-rubygem-rack-ssl-9097 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-rack-ssl-9097 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-rack-ssl-9097 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64): rubygem-rack-ssl-1.3.2-0.12.5.1 - SUSE Studio Onsite 1.3 (x86_64): rubygem-rack-ssl-1.3.2-0.12.5.1 - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-rack-ssl-1.3.2-0.12.5.1 References: http://support.novell.com/security/cve/CVE-2014-2538.html https://bugzilla.novell.com/869162 http://download.suse.com/patch/finder/?keywords=98bf6340c24dfde0e4abf37aec66b155 From sle-updates at lists.suse.com Thu May 29 16:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 May 2014 00:04:13 +0200 (CEST) Subject: SUSE-RU-2014:0731-1: important: Recommended update for timezone Message-ID: <20140529220413.9D4D9320B5@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:0731-1 Rating: important References: #879073 #879512 #879680 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: The latest update to timezone 2014c introduced changes in the binary format of timezone files generated by zic(1) to improve handling of low-valued timestamps. This change caused problems for some applications that rely on the stability of the binary format, so this update reverts it. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-timezone-2014c-2-9297 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-timezone-2014c-2-9297 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-timezone-2014c-2-9297 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-timezone-2014c-2-9296 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-timezone-2014c-2-9294 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-timezone-2014c-2-9297 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 2014c]: timezone-java-2014c-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2014c]: timezone-2014c-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2014c]: timezone-java-2014c-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2014c]: timezone-2014c-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2014c]: timezone-java-2014c-0.5.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 2014c]: timezone-2014c-0.5.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (noarch) [New Version: 2014c]: timezone-java-2014c-0.5.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2014c]: timezone-2014c-0.5.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch) [New Version: 2014c]: timezone-java-2014c-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 2014c]: timezone-2014c-0.7.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 2014c]: timezone-2014c-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2014c]: timezone-2014c-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2014c]: timezone-java-2014c-0.5.1 References: https://bugzilla.novell.com/879073 https://bugzilla.novell.com/879512 https://bugzilla.novell.com/879680 http://download.suse.com/patch/finder/?keywords=3e426d9cc0ec1473c84a94cbc3e6ccbb http://download.suse.com/patch/finder/?keywords=5a67445e4d8be996cb3bb2e7a3c6bf61 http://download.suse.com/patch/finder/?keywords=5e69b3a572183d557d2f92f263d7780f http://download.suse.com/patch/finder/?keywords=e92709ca57a1c3227b8d433271be888d http://download.suse.com/patch/finder/?keywords=ef7caf62d19cedad404844c7a6252182 From sle-updates at lists.suse.com Thu May 29 17:04:16 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 May 2014 01:04:16 +0200 (CEST) Subject: SUSE-SU-2014:0732-1: moderate: Security update for IBM Java 5 Message-ID: <20140529230416.EFEA732065@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0732-1 Rating: moderate References: #878654 Cross-References: CVE-2013-6629 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0453 CVE-2014-0457 CVE-2014-0460 CVE-2014-0878 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2412 CVE-2014-2421 CVE-2014-2427 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: IBM Java 5 was updated to SR 16 FP 6 to fix several bugs and security issues. Further information is available at: https://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP6 Security Issues references: * CVE-2013-6629 * CVE-2014-0429 * CVE-2014-0446 * CVE-2014-0451 * CVE-2014-0457 * CVE-2014-0460 * CVE-2014-1876 * CVE-2014-2398 * CVE-2014-2401 * CVE-2014-2412 * CVE-2014-2421 * CVE-2014-2427 * CVE-2014-0453 * CVE-2014-0878 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.6-0.5.1 java-1_5_0-ibm-devel-1.5.0_sr16.6-0.5.1 java-1_5_0-ibm-fonts-1.5.0_sr16.6-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.6-0.5.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.6-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.6-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.6-0.5.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.6-0.5.1 java-1_5_0-ibm-plugin-1.5.0_sr16.6-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-6629.html http://support.novell.com/security/cve/CVE-2014-0429.html http://support.novell.com/security/cve/CVE-2014-0446.html http://support.novell.com/security/cve/CVE-2014-0451.html http://support.novell.com/security/cve/CVE-2014-0453.html http://support.novell.com/security/cve/CVE-2014-0457.html http://support.novell.com/security/cve/CVE-2014-0460.html http://support.novell.com/security/cve/CVE-2014-0878.html http://support.novell.com/security/cve/CVE-2014-1876.html http://support.novell.com/security/cve/CVE-2014-2398.html http://support.novell.com/security/cve/CVE-2014-2401.html http://support.novell.com/security/cve/CVE-2014-2412.html http://support.novell.com/security/cve/CVE-2014-2421.html http://support.novell.com/security/cve/CVE-2014-2427.html https://bugzilla.novell.com/878654 http://download.suse.com/patch/finder/?keywords=29c5cf97cb2a3ebfac90cfacae2c711e From sle-updates at lists.suse.com Thu May 29 18:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 May 2014 02:04:13 +0200 (CEST) Subject: SUSE-SU-2014:0733-1: important: Security update for IBM Java 7 Message-ID: <20140530000413.AB0E832085@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0733-1 Rating: important References: #877429 Cross-References: CVE-2013-6629 CVE-2013-6954 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0878 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that fixes 30 vulnerabilities is now available. Description: IBM Java 7 was updated to version SR7, which received security and bug fixes. More information is available at: http://www.ibm.com/developerworks/java/jdk/aix/j764/Java7_64.fixes.html#SR7 Security Issues references: * CVE-2013-6629 * CVE-2013-6954 * CVE-2014-0429 * CVE-2014-0446 * CVE-2014-0448 * CVE-2014-0449 * CVE-2014-0451 * CVE-2014-0452 * CVE-2014-0457 * CVE-2014-0458 * CVE-2014-0459 * CVE-2014-0460 * CVE-2014-0461 * CVE-2014-1876 * CVE-2014-2398 * CVE-2014-2401 * CVE-2014-2402 * CVE-2014-2409 * CVE-2014-2412 * CVE-2014-2414 * CVE-2014-2420 * CVE-2014-2421 * CVE-2014-2423 * CVE-2014-2427 * CVE-2014-2428 * CVE-2014-0455 * CVE-2014-0428 * CVE-2014-0453 * CVE-2014-0454 * CVE-2014-0878 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-java-1_7_0-ibm-9275 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr7.0-0.5.1 java-1_7_0-ibm-devel-1.7.0_sr7.0-0.5.1 java-1_7_0-ibm-jdbc-1.7.0_sr7.0-0.5.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr7.0-0.5.1 java-1_7_0-ibm-plugin-1.7.0_sr7.0-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-6629.html http://support.novell.com/security/cve/CVE-2013-6954.html http://support.novell.com/security/cve/CVE-2014-0428.html http://support.novell.com/security/cve/CVE-2014-0429.html http://support.novell.com/security/cve/CVE-2014-0446.html http://support.novell.com/security/cve/CVE-2014-0448.html http://support.novell.com/security/cve/CVE-2014-0449.html http://support.novell.com/security/cve/CVE-2014-0451.html http://support.novell.com/security/cve/CVE-2014-0452.html http://support.novell.com/security/cve/CVE-2014-0453.html http://support.novell.com/security/cve/CVE-2014-0454.html http://support.novell.com/security/cve/CVE-2014-0455.html http://support.novell.com/security/cve/CVE-2014-0457.html http://support.novell.com/security/cve/CVE-2014-0458.html http://support.novell.com/security/cve/CVE-2014-0459.html http://support.novell.com/security/cve/CVE-2014-0460.html http://support.novell.com/security/cve/CVE-2014-0461.html http://support.novell.com/security/cve/CVE-2014-0878.html http://support.novell.com/security/cve/CVE-2014-1876.html http://support.novell.com/security/cve/CVE-2014-2398.html http://support.novell.com/security/cve/CVE-2014-2401.html http://support.novell.com/security/cve/CVE-2014-2402.html http://support.novell.com/security/cve/CVE-2014-2409.html http://support.novell.com/security/cve/CVE-2014-2412.html http://support.novell.com/security/cve/CVE-2014-2414.html http://support.novell.com/security/cve/CVE-2014-2420.html http://support.novell.com/security/cve/CVE-2014-2421.html http://support.novell.com/security/cve/CVE-2014-2423.html http://support.novell.com/security/cve/CVE-2014-2427.html http://support.novell.com/security/cve/CVE-2014-2428.html https://bugzilla.novell.com/877429 http://download.suse.com/patch/finder/?keywords=b4c561518a2b8e396c17cfe8ee6dd5bf From sle-updates at lists.suse.com Thu May 29 18:04:30 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 May 2014 02:04:30 +0200 (CEST) Subject: SUSE-SU-2014:0728-2: important: Security update for IBM Java 6 Message-ID: <20140530000430.3A3EE320B5@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0728-2 Rating: important References: #877430 Cross-References: CVE-2013-6629 CVE-2013-6954 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0878 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 26 vulnerabilities is now available. Description: IBM Java 6 was updated to version 6 SR16 to fix several security issues and various other bugs. More information can be found at: http://www.ibm.com/developerworks/java/jdk/alerts/ Security Issues references: * CVE-2013-6629 * CVE-2013-6954 * CVE-2014-0429 * CVE-2014-0446 * CVE-2014-0449 * CVE-2014-0451 * CVE-2014-0452 * CVE-2014-0457 * CVE-2014-0458 * CVE-2014-0459 * CVE-2014-0460 * CVE-2014-0461 * CVE-2014-1876 * CVE-2014-2398 * CVE-2014-2401 * CVE-2014-2409 * CVE-2014-2412 * CVE-2014-2414 * CVE-2014-2420 * CVE-2014-2421 * CVE-2014-2423 * CVE-2014-2427 * CVE-2014-2428 * CVE-2014-0428 * CVE-2014-0453 * CVE-2014-0878 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-9274 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.0-0.3.1 java-1_6_0-ibm-devel-1.6.0_sr16.0-0.3.1 java-1_6_0-ibm-fonts-1.6.0_sr16.0-0.3.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.0-0.3.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.0-0.3.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.0-0.8.1 java-1_6_0-ibm-devel-1.6.0_sr16.0-0.8.1 java-1_6_0-ibm-fonts-1.6.0_sr16.0-0.8.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.0-0.8.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr16.0-0.8.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr16.0-0.8.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.0-0.8.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr16.0-0.8.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr16.0-0.8.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.0-0.8.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.0-0.5.1 java-1_6_0-ibm-devel-1.6.0_sr16.0-0.5.1 java-1_6_0-ibm-fonts-1.6.0_sr16.0-0.5.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.0-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr16.0-0.5.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr16.0-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.0-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr16.0-0.5.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr16.0-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.0-0.5.1 References: http://support.novell.com/security/cve/CVE-2013-6629.html http://support.novell.com/security/cve/CVE-2013-6954.html http://support.novell.com/security/cve/CVE-2014-0428.html http://support.novell.com/security/cve/CVE-2014-0429.html http://support.novell.com/security/cve/CVE-2014-0446.html http://support.novell.com/security/cve/CVE-2014-0449.html http://support.novell.com/security/cve/CVE-2014-0451.html http://support.novell.com/security/cve/CVE-2014-0452.html http://support.novell.com/security/cve/CVE-2014-0453.html http://support.novell.com/security/cve/CVE-2014-0457.html http://support.novell.com/security/cve/CVE-2014-0458.html http://support.novell.com/security/cve/CVE-2014-0459.html http://support.novell.com/security/cve/CVE-2014-0460.html http://support.novell.com/security/cve/CVE-2014-0461.html http://support.novell.com/security/cve/CVE-2014-0878.html http://support.novell.com/security/cve/CVE-2014-1876.html http://support.novell.com/security/cve/CVE-2014-2398.html http://support.novell.com/security/cve/CVE-2014-2401.html http://support.novell.com/security/cve/CVE-2014-2409.html http://support.novell.com/security/cve/CVE-2014-2412.html http://support.novell.com/security/cve/CVE-2014-2414.html http://support.novell.com/security/cve/CVE-2014-2420.html http://support.novell.com/security/cve/CVE-2014-2421.html http://support.novell.com/security/cve/CVE-2014-2423.html http://support.novell.com/security/cve/CVE-2014-2427.html http://support.novell.com/security/cve/CVE-2014-2428.html https://bugzilla.novell.com/877430 http://download.suse.com/patch/finder/?keywords=8737d63fc5fbcb05aaf87bdb3c7840f5 http://download.suse.com/patch/finder/?keywords=ae92cd41800301a5a62df344f420d99d http://download.suse.com/patch/finder/?keywords=e24327af0d6908f1ed88c62bf8453013 From sle-updates at lists.suse.com Thu May 29 18:04:45 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 May 2014 02:04:45 +0200 (CEST) Subject: SUSE-SU-2014:0734-1: Security update for SUSE Studio Message-ID: <20140530000445.8DB4032085@maintenance.suse.de> SUSE Security Update: Security update for SUSE Studio ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0734-1 Rating: low References: #808381 #824309 #825713 #826880 #851903 #852166 #854786 #857887 #858218 #864803 #866543 #867136 #867745 #870697 #880078 Cross-References: CVE-2013-3712 CVE-2013-4389 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6416 CVE-2013-6459 CVE-2014-0081 CVE-2014-0082 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 6 fixes is now available. It includes one version update. Description: This SUSE Studio update fixes the following security and non-security issues: * bnc#851903 - Fixed 1.3 stuck on "Importing repositories and templates" after restoring 1.2 backup * bnc#808381 - Outdated image types list in API documentation * bnc#826880 - Misleading error message when adding repo that is already there * bnc#825713 - susestudio-bundled-packages is not required by studio packages * bnc#870697 - Limit memory used for builds * bnc#867136 - After sync now appliance build still uses older package version * bnc#867745 - If no dhcp, permissions and ssl are not configured * bnc#824309 - When removing or reinstalling AddOn, sudoers file gets messy * bnc#854786 - Security issues in rails (CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6416, CVE-2013-4389) * bnc#857887 - Session secret in options.yml instead of options-local.yml * bnc#858218 - XSS vulnerabilities in will_paginate (CVE-2013-6459) * bnc#864803 - Rails security issues (CVE-2014-0081 and CVE-2014-0082) * bnc#852166 - Secret tokens are static as shipped (CVE-2013-3712) * bnc#866543 - Documentation for updating frozen repositories after 1.2-to-1.3 migration * bnc#880078 - Fix schema.rb file for ui-server Security Issues references: * CVE-2013-4491 * CVE-2013-6414 * CVE-2013-6415 * CVE-2013-6416 * CVE-2013-4389 * CVE-2014-0081 * CVE-2014-0082 * CVE-2013-3712 * CVE-2013-6459 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-137-201404-9308 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.7]: susestudio-1.3.7-0.17.1 susestudio-bundled-packages-1.3.7-0.17.1 susestudio-common-1.3.7-0.17.1 susestudio-runner-1.3.7-0.17.1 susestudio-sid-1.3.7-0.17.1 susestudio-ui-server-1.3.7-0.17.1 - SUSE Studio Onsite 1.3 (noarch): susestudio-admin_en-11.3-0.15.1 susestudio-admin_en-pdf-11.3-0.15.1 References: http://support.novell.com/security/cve/CVE-2013-3712.html http://support.novell.com/security/cve/CVE-2013-4389.html http://support.novell.com/security/cve/CVE-2013-4491.html http://support.novell.com/security/cve/CVE-2013-6414.html http://support.novell.com/security/cve/CVE-2013-6415.html http://support.novell.com/security/cve/CVE-2013-6416.html http://support.novell.com/security/cve/CVE-2013-6459.html http://support.novell.com/security/cve/CVE-2014-0081.html http://support.novell.com/security/cve/CVE-2014-0082.html https://bugzilla.novell.com/808381 https://bugzilla.novell.com/824309 https://bugzilla.novell.com/825713 https://bugzilla.novell.com/826880 https://bugzilla.novell.com/851903 https://bugzilla.novell.com/852166 https://bugzilla.novell.com/854786 https://bugzilla.novell.com/857887 https://bugzilla.novell.com/858218 https://bugzilla.novell.com/864803 https://bugzilla.novell.com/866543 https://bugzilla.novell.com/867136 https://bugzilla.novell.com/867745 https://bugzilla.novell.com/870697 https://bugzilla.novell.com/880078 http://download.suse.com/patch/finder/?keywords=b9000898eb3e19edea1d5eabcff8831a