From sle-updates at lists.suse.com Mon Sep 1 17:04:18 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Sep 2014 01:04:18 +0200 (CEST) Subject: SUSE-SU-2014:1077-1: moderate: Security update for libgcrypt Message-ID: <20140901230418.2D2E1320BC@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1077-1 Rating: moderate References: #892464 Cross-References: CVE-2014-5270 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This libgcrypt update fixes the following security issue: * bnc#892464: Side-channel attack on Elgamal encryption subkeys. (CVE-2014-5270) Security Issues: * CVE-2014-5270 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libgcrypt-devel-9646 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libgcrypt-devel-9646 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libgcrypt-devel-9646 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libgcrypt-devel-9646 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgcrypt-devel-1.5.0-0.17.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libgcrypt-devel-32bit-1.5.0-0.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libgcrypt11-1.5.0-0.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libgcrypt11-32bit-1.5.0-0.17.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgcrypt11-1.5.0-0.17.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libgcrypt11-32bit-1.5.0-0.17.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libgcrypt11-x86-1.5.0-0.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libgcrypt11-1.5.0-0.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libgcrypt11-32bit-1.5.0-0.17.1 References: http://support.novell.com/security/cve/CVE-2014-5270.html https://bugzilla.novell.com/892464 http://download.suse.com/patch/finder/?keywords=119a6a0acfc8bd9d2623992ba4005b5e From sle-updates at lists.suse.com Tue Sep 2 11:04:17 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Sep 2014 19:04:17 +0200 (CEST) Subject: SUSE-SU-2014:1080-1: important: Security update for apache2 Message-ID: <20140902170417.089F9321AF@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1080-1 Rating: important References: #859916 #869105 #869106 #887765 #887768 Cross-References: CVE-2013-6438 CVE-2014-0098 CVE-2014-0226 CVE-2014-0231 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This apache2 update fixes the following security and non security issues: * mod_cgid denial of service (CVE-2014-0231, bnc#887768) * mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) * mod_dav denial of service (CVE-2013-6438, bnc#869105) * log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) * Support ECDH in Apache2 (bnc#859916) Security Issues: * CVE-2014-0098 * CVE-2013-6438 * CVE-2014-0226 * CVE-2014-0231 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-apache2-9620 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): apache2-2.2.12-1.48.1 apache2-doc-2.2.12-1.48.1 apache2-example-pages-2.2.12-1.48.1 apache2-prefork-2.2.12-1.48.1 apache2-utils-2.2.12-1.48.1 apache2-worker-2.2.12-1.48.1 References: http://support.novell.com/security/cve/CVE-2013-6438.html http://support.novell.com/security/cve/CVE-2014-0098.html http://support.novell.com/security/cve/CVE-2014-0226.html http://support.novell.com/security/cve/CVE-2014-0231.html https://bugzilla.novell.com/859916 https://bugzilla.novell.com/869105 https://bugzilla.novell.com/869106 https://bugzilla.novell.com/887765 https://bugzilla.novell.com/887768 http://download.suse.com/patch/finder/?keywords=9a43c85d7b1016ad740a0769515661cb From sle-updates at lists.suse.com Tue Sep 2 12:04:20 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Sep 2014 20:04:20 +0200 (CEST) Subject: SUSE-SU-2014:1081-1: important: Security update for apache2 Message-ID: <20140902180420.5B6EC321B7@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1081-1 Rating: important References: #852401 #859916 #869105 #869106 #887765 #887768 Cross-References: CVE-2013-6438 CVE-2014-0098 CVE-2014-0226 CVE-2014-0231 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. It includes one version update. Description: This apache2 update fixes the following security and non-security issues: * mod_cgid denial of service (CVE-2014-0231, bnc#887768) * mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) * mod_dav denial of service (CVE-2013-6438, bnc#869105) * log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) * Support ECDH in Apache2 (bnc#859916) * apache fails to start with SSL on Xen kernel at boot time (bnc#852401) Security Issues: * CVE-2014-0098 * CVE-2013-6438 * CVE-2014-0226 * CVE-2014-0231 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-apache2-9619 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2.2.12]: apache2-2.2.12-1.48.1 apache2-doc-2.2.12-1.48.1 apache2-example-pages-2.2.12-1.48.1 apache2-prefork-2.2.12-1.48.1 apache2-utils-2.2.12-1.48.1 apache2-worker-2.2.12-1.48.1 References: http://support.novell.com/security/cve/CVE-2013-6438.html http://support.novell.com/security/cve/CVE-2014-0098.html http://support.novell.com/security/cve/CVE-2014-0226.html http://support.novell.com/security/cve/CVE-2014-0231.html https://bugzilla.novell.com/852401 https://bugzilla.novell.com/859916 https://bugzilla.novell.com/869105 https://bugzilla.novell.com/869106 https://bugzilla.novell.com/887765 https://bugzilla.novell.com/887768 http://download.suse.com/patch/finder/?keywords=9c5ea88101bc5060dd62e74ff4f50214 From sle-updates at lists.suse.com Tue Sep 2 13:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Sep 2014 21:04:14 +0200 (CEST) Subject: SUSE-SU-2014:1082-1: important: Security update for apache2 Message-ID: <20140902190414.676CE321C5@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1082-1 Rating: important References: #829056 #829057 #869105 #869106 #887765 #887768 Cross-References: CVE-2013-1862 CVE-2013-1896 CVE-2013-6438 CVE-2014-0098 CVE-2014-0226 CVE-2014-0231 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This apache2 update fixes the following security issues: * log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) * mod_dav denial of service (CVE-2013-6438, bnc#869105) * mod_cgid denial of service (CVE-2014-0231, bnc#887768) * mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) * mod_rewrite: escape logdata to avoid terminal escapes (CVE-2013-1862, bnc#829057) * mod_dav: segfault in merge request (CVE-2013-1896, bnc#829056) Security Issues: * CVE-2014-0098 * CVE-2013-6438 * CVE-2014-0226 * CVE-2014-0231 * CVE-2013-1862 * CVE-2013-1896 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): apache2-2.2.3-16.50.1 apache2-devel-2.2.3-16.50.1 apache2-doc-2.2.3-16.50.1 apache2-example-pages-2.2.3-16.50.1 apache2-prefork-2.2.3-16.50.1 apache2-worker-2.2.3-16.50.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): apache2-2.2.3-16.32.51.2 apache2-devel-2.2.3-16.32.51.2 apache2-doc-2.2.3-16.32.51.2 apache2-example-pages-2.2.3-16.32.51.2 apache2-prefork-2.2.3-16.32.51.2 apache2-worker-2.2.3-16.32.51.2 References: http://support.novell.com/security/cve/CVE-2013-1862.html http://support.novell.com/security/cve/CVE-2013-1896.html http://support.novell.com/security/cve/CVE-2013-6438.html http://support.novell.com/security/cve/CVE-2014-0098.html http://support.novell.com/security/cve/CVE-2014-0226.html http://support.novell.com/security/cve/CVE-2014-0231.html https://bugzilla.novell.com/829056 https://bugzilla.novell.com/829057 https://bugzilla.novell.com/869105 https://bugzilla.novell.com/869106 https://bugzilla.novell.com/887765 https://bugzilla.novell.com/887768 http://download.suse.com/patch/finder/?keywords=0593c1f59d8a810c00150b05cea3af2f http://download.suse.com/patch/finder/?keywords=0ddc907bde6fcbad1e94944d867f60dd From sle-updates at lists.suse.com Tue Sep 2 14:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Sep 2014 22:04:13 +0200 (CEST) Subject: SUSE-RU-2014:1083-1: moderate: Recommended update for apache2-mod_nss Message-ID: <20140902200413.75668321C6@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1083-1 Rating: moderate References: #863035 #863518 #878681 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update brings several improvements to apache2-mod_nss. * More TLS 1.2 ciphers have been added, including AES-GCM and Camelia ciphers. These can be selected by their tags: o rsa_aes_128_sha256 o rsa_aes_128_gcm_sha o rsa_aes_256_sha256 o rsa_camellia_128_sha o rsa_camellia_256_sha o ecdh_ecdsa_aes_128_gcm_sha o ecdhe_ecdsa_aes_128_sha256 o ecdhe_ecdsa_aes_128_gcm_sha o ecdh_rsa_aes_128_gcm_sha o ecdhe_rsa_aes_128_sha256 * The mod_nss.conf.in template was updated to include those ciphers. (bnc#863035) * VirtualHost settings in /etc/apache2/conf.d/mod_nss.conf is now externalized to /etc/apache2/vhosts.d/vhost-nss.template and not activated/read by default. (bnc#878681) * The Server Name Indication (SNI) extension was implemented. * Reading the pass phrase during start-up was improved. (bnc#863518) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_nss-9642 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_nss-9642 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_nss-1.0.8-0.4.9.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.8-0.4.9.1 References: https://bugzilla.novell.com/863035 https://bugzilla.novell.com/863518 https://bugzilla.novell.com/878681 http://download.suse.com/patch/finder/?keywords=674fcc9e1651a47cab4e3e56658e5782 From sle-updates at lists.suse.com Tue Sep 2 17:04:17 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Sep 2014 01:04:17 +0200 (CEST) Subject: SUSE-RU-2014:1084-1: important: Recommended update for suse-cloud-upgrade Message-ID: <20140902230417.4A3C1320BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-cloud-upgrade ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1084-1 Rating: important References: #891545 #892500 #892503 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for suse-cloud-upgrade provides the following fixes: * Find the neutron-server nodes before the roles are removed. (bnc#891545) * Check if nodes have updated to SUSE Cloud 4 packages. (bnc#892500) * Remove duplicated agents in neutron database before doing db migration. (bnc#892503) * Fix crash in post when /etc/crowbar/provisioner.json exists with no repo. (bnc#891545) Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-suse-cloud-upgrade-9649 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): suse-cloud-upgrade-4+git.1407997338.74f1df1-0.9.1 References: https://bugzilla.novell.com/891545 https://bugzilla.novell.com/892500 https://bugzilla.novell.com/892503 http://download.suse.com/patch/finder/?keywords=cc3006ab141896d7a0fecbcff02414f3 From sle-updates at lists.suse.com Wed Sep 3 11:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Sep 2014 19:04:13 +0200 (CEST) Subject: SUSE-RU-2014:1087-1: Recommended update for apache2-mod_jk Message-ID: <20140903170413.5EC82321CE@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_jk ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1087-1 Rating: low References: #880798 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides apache2-mod_jk 1.2.40, which brings many fixes and enhancements, such as improved IPv6 support. (FATE#317689) For a comprehensive list of changes in this version refer to http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html . Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_jk-9657 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_jk-9657 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.2.40]: apache2-mod_jk-1.2.40-0.2.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.2.40]: apache2-mod_jk-1.2.40-0.2.1 References: https://bugzilla.novell.com/880798 http://download.suse.com/patch/finder/?keywords=0984fd2bd060e9e72433c8b629929a87 From sle-updates at lists.suse.com Wed Sep 3 15:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Sep 2014 23:04:13 +0200 (CEST) Subject: SUSE-SU-2014:1088-1: moderate: Security update for ppp Message-ID: <20140903210413.A0D3A320F1@maintenance.suse.de> SUSE Security Update: Security update for ppp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1088-1 Rating: moderate References: #891489 Cross-References: CVE-2014-3158 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This ppp update fixes a potential security issue that an unprivileged attacker could access privileged options: * integer overflow in option parsing (CVE-2014-3158, bnc#891489) Security Issues: * CVE-2014-3158 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-ppp-9648 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ppp-9648 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ppp-9648 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ppp-9648 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): ppp-devel-2.4.5.git-2.29.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ppp-2.4.5.git-2.29.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ppp-2.4.5.git-2.29.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ppp-2.4.5.git-2.29.1 References: http://support.novell.com/security/cve/CVE-2014-3158.html https://bugzilla.novell.com/891489 http://download.suse.com/patch/finder/?keywords=41cfc05536de649d32c42d05143bcdca From sle-updates at lists.suse.com Wed Sep 3 17:04:17 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Sep 2014 01:04:17 +0200 (CEST) Subject: SUSE-RU-2014:1089-1: Recommended update for crowbar-barclamp-ceilometer Message-ID: <20140903230417.50F95320F1@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-ceilometer ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1089-1 Rating: low References: #882587 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Cloud3 provides the following fixes for crowbar-barclamp-ceilometer: * bnc#882587: o fallback if there are no replica set members o make sure the ceilometer attribute subtree exists Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-crowbar-barclamp-ceilometer-9455 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (noarch): crowbar-barclamp-ceilometer-1.7+git.1397725532.6562e99-0.13.2 References: https://bugzilla.novell.com/882587 http://download.suse.com/patch/finder/?keywords=0868868b38949ab178009e9da41c76d4 From sle-updates at lists.suse.com Fri Sep 5 11:04:15 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Sep 2014 19:04:15 +0200 (CEST) Subject: SUSE-RU-2014:1091-1: Recommended update for crowbar-barclamp-heat Message-ID: <20140905170415.9CD86321AF@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-heat ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1091-1 Rating: low References: #882580 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Cloud3 provides the following fixes for crowbar-barclamp-heat: * Update to version 1.7+git.1403020152.a4fe530: o Configure Heat's metadata, waitcondition and cloudwatch server o Create Keystone role for Heat Stacks o Fixed Heat default configuration (bnc#882580) o Fixed requirement of crowbar-barclamp-database Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-crowbar-barclamp-heat-9655 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (noarch): crowbar-barclamp-heat-1.7+git.1403020152.a4fe530-0.9.1 References: https://bugzilla.novell.com/882580 http://download.suse.com/patch/finder/?keywords=1a418effa3f3959d305fd6fa3d0efd63 From sle-updates at lists.suse.com Fri Sep 5 17:04:19 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Sep 2014 01:04:19 +0200 (CEST) Subject: SUSE-RU-2014:1092-1: important: Recommended update for sm-ncc-sync-data Message-ID: <20140905230419.AD42D320D9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sm-ncc-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1092-1 Rating: important References: #890660 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for sm-ncc-sync-data provides the following fixes: * Provide SLES11-SP3-SUSE-Manager-Tools channels. (bnc#890660) * Provide LTSS channel for SLMS. * Install new SLE12 GPG key and update SLE11 GPG key. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-sm-ncc-sync-data-9640 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (noarch) [New Version: 1.7.19]: sm-ncc-sync-data-1.7.19-0.5.1 References: https://bugzilla.novell.com/890660 http://download.suse.com/patch/finder/?keywords=151a9fec8a193b34c7735ca3ac7baa65 From sle-updates at lists.suse.com Fri Sep 5 19:04:17 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Sep 2014 03:04:17 +0200 (CEST) Subject: SUSE-RU-2014:1093-1: moderate: Recommended update for Samba Message-ID: <20140906010417.C9D87320F1@maintenance.suse.de> SUSE Recommended Update: Recommended update for Samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1093-1 Rating: moderate References: #882356 #883870 #886193 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for Samba provides the following fixes: * Disable TDB mmap() on s390 systems. (bso#10765, bnc#886193, bnc#882356) * Reduce printer_list.tdb lock contention during printcap update. (bso#10652, bnc#883870) * Avoid double-free in get_print_db_byname. (bso#10699) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-cifs-mount-9656 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cifs-mount-9656 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cifs-mount-9656 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cifs-mount-9656 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.54.2 libnetapi-devel-3.6.3-0.54.2 libnetapi0-3.6.3-0.54.2 libsmbclient-devel-3.6.3-0.54.2 libsmbsharemodes-devel-3.6.3-0.54.2 libsmbsharemodes0-3.6.3-0.54.2 libtalloc-devel-3.6.3-0.54.2 libtdb-devel-3.6.3-0.54.2 libtevent-devel-3.6.3-0.54.2 libwbclient-devel-3.6.3-0.54.2 samba-devel-3.6.3-0.54.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ldapsmb-1.34b-12.54.2 libldb1-3.6.3-0.54.2 libsmbclient0-3.6.3-0.54.2 libtalloc2-3.6.3-0.54.2 libtdb1-3.6.3-0.54.2 libtevent0-3.6.3-0.54.2 libwbclient0-3.6.3-0.54.2 samba-3.6.3-0.54.2 samba-client-3.6.3-0.54.2 samba-krb-printing-3.6.3-0.54.2 samba-winbind-3.6.3-0.54.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.54.2 libtalloc2-32bit-3.6.3-0.54.2 libtdb1-32bit-3.6.3-0.54.2 libtevent0-32bit-3.6.3-0.54.2 libwbclient0-32bit-3.6.3-0.54.2 samba-32bit-3.6.3-0.54.2 samba-client-32bit-3.6.3-0.54.2 samba-winbind-32bit-3.6.3-0.54.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): samba-doc-3.6.3-0.54.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.54.2 libldb1-3.6.3-0.54.2 libsmbclient0-3.6.3-0.54.2 libtalloc2-3.6.3-0.54.2 libtdb1-3.6.3-0.54.2 libtevent0-3.6.3-0.54.2 libwbclient0-3.6.3-0.54.2 samba-3.6.3-0.54.2 samba-client-3.6.3-0.54.2 samba-krb-printing-3.6.3-0.54.2 samba-winbind-3.6.3-0.54.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.54.2 libtalloc2-32bit-3.6.3-0.54.2 libtdb1-32bit-3.6.3-0.54.2 libtevent0-32bit-3.6.3-0.54.2 libwbclient0-32bit-3.6.3-0.54.2 samba-32bit-3.6.3-0.54.2 samba-client-32bit-3.6.3-0.54.2 samba-winbind-32bit-3.6.3-0.54.2 - SUSE Linux Enterprise Server 11 SP3 (noarch): samba-doc-3.6.3-0.54.2 - SUSE Linux Enterprise Server 11 SP3 (ia64): libsmbclient0-x86-3.6.3-0.54.2 libtalloc2-x86-3.6.3-0.54.2 libtdb1-x86-3.6.3-0.54.2 libwbclient0-x86-3.6.3-0.54.2 samba-client-x86-3.6.3-0.54.2 samba-winbind-x86-3.6.3-0.54.2 samba-x86-3.6.3-0.54.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libldb1-3.6.3-0.54.2 libsmbclient0-3.6.3-0.54.2 libtalloc2-3.6.3-0.54.2 libtdb1-3.6.3-0.54.2 libtevent0-3.6.3-0.54.2 libwbclient0-3.6.3-0.54.2 samba-3.6.3-0.54.2 samba-client-3.6.3-0.54.2 samba-krb-printing-3.6.3-0.54.2 samba-winbind-3.6.3-0.54.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libldb1-32bit-3.6.3-0.54.2 libsmbclient0-32bit-3.6.3-0.54.2 libtalloc2-32bit-3.6.3-0.54.2 libtdb1-32bit-3.6.3-0.54.2 libtevent0-32bit-3.6.3-0.54.2 libwbclient0-32bit-3.6.3-0.54.2 samba-32bit-3.6.3-0.54.2 samba-client-32bit-3.6.3-0.54.2 samba-winbind-32bit-3.6.3-0.54.2 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): samba-doc-3.6.3-0.54.2 References: https://bugzilla.novell.com/882356 https://bugzilla.novell.com/883870 https://bugzilla.novell.com/886193 http://download.suse.com/patch/finder/?keywords=08fdcc828a4c7c0aa37e7c35ee5b98e2 From sle-updates at lists.suse.com Tue Sep 9 11:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Sep 2014 19:04:14 +0200 (CEST) Subject: SUSE-SU-2014:0994-3: moderate: Security update for rubygem-activerecord-3_2 Message-ID: <20140909170414.28426321D8@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activerecord-3_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0994-3 Rating: moderate References: #885636 Cross-References: CVE-2014-3482 Affected Products: WebYaST 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update for rubygem-activerecord-3_2 fixes the following security issue: * The PostgreSQL adapter for Active Record in Ruby on Rails 3.x allowed remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. (CVE-2014-3482) Security Issues: * CVE-2014-3482 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - WebYaST 1.3: zypper in -t patch slewyst13-rubygem-activerecord-3_2-9530 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-activerecord-3_2-9530 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-activerecord-3_2-9530 To bring your system up-to-date, use "zypper patch". Package List: - WebYaST 1.3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.2.12]: rubygem-activerecord-3_2-3.2.12-0.11.1 - SUSE Studio Onsite 1.3 (x86_64) [New Version: 3.2.12]: rubygem-activerecord-3_2-3.2.12-0.11.1 - SUSE Lifecycle Management Server 1.3 (x86_64) [New Version: 3.2.12]: rubygem-activerecord-3_2-3.2.12-0.11.1 References: http://support.novell.com/security/cve/CVE-2014-3482.html https://bugzilla.novell.com/885636 http://download.suse.com/patch/finder/?keywords=256ebe9fc155d7b36f29288418784eff From sle-updates at lists.suse.com Tue Sep 9 16:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Sep 2014 00:04:14 +0200 (CEST) Subject: SUSE-RU-2014:1101-1: moderate: Recommended update for SLE Virtualization Tools Message-ID: <20140909220414.8B057321D8@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLE Virtualization Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1101-1 Rating: moderate References: #847641 #852404 #862605 #862608 #864351 #874300 #876604 #881573 #882092 #882598 #882661 #885052 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. It includes three new package versions. Description: This collective update provides fixes and enhancements for SLE Virtualization Tools. libvirt: * Fix race conditions in setting/getting domain state. (bnc#882598) * Add PCI multi-domain support to the qemu driver. (bnc#882661) perl-Sys-Virt: * Update to version 1.0.5, adding all new APIs and constants from libvirt 1.0.5. virt-manager: * Fix error during Appliance configuration on 2nd hard disk. (bnc#864351) * Fix error on 'Generate from host NUMA configuration'. (bnc#852404) * Fix displaying of domains for PCI devices. (bnc#876604) * Fix connection to remote Xen virtual machines using virt-manager from YaST. (bnc#874300) * Fix issue that made block device disappear after disabling cache. (bnc#847641) vm-install: * Add support for SLE 12 and RHEL 7 installations. (bnc#885052, bnc#882092, bnc#862605, bnc#862608) * Fix reporting of full system memory on KVM installations. (bnc#881573) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-virt-bundle-201407-9531 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-virt-bundle-201407-9531 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-virt-bundle-201407-9531 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5.9]: libvirt-devel-1.0.5.9-0.11.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 1.0.5.9]: libvirt-devel-32bit-1.0.5.9-0.11.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.0.5 and 1.0.5.9]: libvirt-1.0.5.9-0.11.2 libvirt-client-1.0.5.9-0.11.2 libvirt-doc-1.0.5.9-0.11.2 libvirt-lock-sanlock-1.0.5.9-0.11.2 libvirt-python-1.0.5.9-0.11.2 perl-Sys-Virt-1.0.5-0.7.2 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 1.0.5.9]: libvirt-client-32bit-1.0.5.9-0.11.2 - SUSE Linux Enterprise Server 11 SP3 (i586 s390x x86_64) [New Version: 0.6.29]: virt-manager-0.9.4-0.23.1 vm-install-0.6.29-0.7.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.6.29 and 1.0.5.9]: libvirt-1.0.5.9-0.11.2 libvirt-client-1.0.5.9-0.11.2 libvirt-doc-1.0.5.9-0.11.2 libvirt-python-1.0.5.9-0.11.2 virt-manager-0.9.4-0.23.1 vm-install-0.6.29-0.7.2 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 1.0.5.9]: libvirt-client-32bit-1.0.5.9-0.11.2 References: https://bugzilla.novell.com/847641 https://bugzilla.novell.com/852404 https://bugzilla.novell.com/862605 https://bugzilla.novell.com/862608 https://bugzilla.novell.com/864351 https://bugzilla.novell.com/874300 https://bugzilla.novell.com/876604 https://bugzilla.novell.com/881573 https://bugzilla.novell.com/882092 https://bugzilla.novell.com/882598 https://bugzilla.novell.com/882661 https://bugzilla.novell.com/885052 http://download.suse.com/patch/finder/?keywords=30a1f7108513c1e907099bff1080ebdd From sle-updates at lists.suse.com Tue Sep 9 17:04:15 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Sep 2014 01:04:15 +0200 (CEST) Subject: SUSE-RU-2014:1102-1: Recommended update for perl-Bootloader Message-ID: <20140909230415.A58F3320F1@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1102-1 Rating: low References: #817168 #821465 #873231 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update adjusts perl-Bootloader to work even if no kernel is installed; in particular: allow empty boot configuration, remember kernel options of last removed kernel, tolerate temporarily invalid boot entry on s390x. (bnc#821465) Additionally, the following minor fixes are included in this update: * Remove old and no longer needed workaround-script bootloader_fix_xen. (bnc#817168) * Fix superfluous error message. (bnc#873231) * Require coreutils during post for chmod. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-perl-Bootloader-9607 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-perl-Bootloader-9607 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-perl-Bootloader-9607 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 0.4.89.61]: perl-Bootloader-0.4.89.61-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.4.89.61]: perl-Bootloader-0.4.89.61-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.4.89.61]: perl-Bootloader-0.4.89.61-0.7.1 References: https://bugzilla.novell.com/817168 https://bugzilla.novell.com/821465 https://bugzilla.novell.com/873231 http://download.suse.com/patch/finder/?keywords=d0052a3baed1b8f6f6758f116c819f04 From sle-updates at lists.suse.com Tue Sep 9 17:05:20 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Sep 2014 01:05:20 +0200 (CEST) Subject: SUSE-SU-2014:1103-1: Security update for openstack-heat Message-ID: <20140909230520.CA01A321D8@maintenance.suse.de> SUSE Security Update: Security update for openstack-heat ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1103-1 Rating: low References: #871199 #879062 Cross-References: CVE-2014-3801 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update for openstack-heat fixes the following security issue: * When creating the stack for a template using a provider template, OpenStack Heat could allow remote authenticated users to obtain the provider template URL via the resource-type-list. (CVE-2014-3801) Additionally, the following non-security issues have been fixed: * Ensure routing key is specified in the address for a direct producer. * Fix loguserdata.py's lost header in the package. (bnc#871199) * Add check to prevent introducing regression. (bnc#871199) * Raise the default max header to accommodate large tokens. * Don't raise MySQL 2013 'Lost connection' errors. Security Issues: * CVE-2014-3801 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-openstack-heat-9566 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64) [New Version: 2013.2.4.dev3.g6f91215]: openstack-heat-2013.2.4.dev3.g6f91215-0.11.2 openstack-heat-api-2013.2.4.dev3.g6f91215-0.11.2 openstack-heat-api-cfn-2013.2.4.dev3.g6f91215-0.11.2 openstack-heat-api-cloudwatch-2013.2.4.dev3.g6f91215-0.11.2 openstack-heat-engine-2013.2.4.dev3.g6f91215-0.11.2 python-heat-2013.2.4.dev3.g6f91215-0.11.2 - SUSE Cloud 3 (noarch) [New Version: 2013.2.4.dev3.g6f91215]: openstack-heat-doc-2013.2.4.dev3.g6f91215-0.11.1 References: http://support.novell.com/security/cve/CVE-2014-3801.html https://bugzilla.novell.com/871199 https://bugzilla.novell.com/879062 http://download.suse.com/patch/finder/?keywords=bc14e31a2176fa537468974bc2a1a4ee From sle-updates at lists.suse.com Tue Sep 9 17:05:52 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Sep 2014 01:05:52 +0200 (CEST) Subject: SUSE-SU-2014:1104-1: moderate: Security update for OpenSSL Message-ID: <20140909230552.36A40321D8@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1104-1 Rating: moderate References: #890764 #890767 #890768 #890769 #890770 Cross-References: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. It includes one version update. Description: This OpenSSL update fixes the following security issues: * bnc#890764: Information leak in pretty printing functions. (CVE-2014-3508) * bnc#890767: Double Free when processing DTLS packets. (CVE-2014-3505) * bnc#890768: DTLS memory exhaustion. (CVE-2014-3506) * bnc#890769: DTLS memory leak from zero-length fragments. (CVE-2014-3507) * bnc#890770: DTLS anonymous EC(DH) denial of service. (CVE-2014-3510) Security Issues: * CVE-2014-3508 * CVE-2014-3505 * CVE-2014-3506 * CVE-2014-3507 * CVE-2014-3510 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-libopenssl-devel-9662 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libopenssl-devel-9663 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): libopenssl0_9_8-0.9.8j-0.62.3 libopenssl0_9_8-hmac-0.9.8j-0.62.3 openssl-0.9.8j-0.62.3 openssl-doc-0.9.8j-0.62.3 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.62.3 libopenssl0_9_8-hmac-32bit-0.9.8j-0.62.3 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-0.9.8j-0.62.3 libopenssl0_9_8-hmac-0.9.8j-0.62.3 openssl-0.9.8j-0.62.3 openssl-doc-0.9.8j-0.62.3 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.62.3 libopenssl0_9_8-hmac-32bit-0.9.8j-0.62.3 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.84.5 openssl-devel-0.9.8a-18.84.5 openssl-doc-0.9.8a-18.84.5 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.84.5 openssl-devel-32bit-0.9.8a-18.84.5 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.45.79.3 openssl-devel-0.9.8a-18.45.79.3 openssl-doc-0.9.8a-18.45.79.3 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.45.79.3 openssl-devel-32bit-0.9.8a-18.45.79.3 References: http://support.novell.com/security/cve/CVE-2014-3505.html http://support.novell.com/security/cve/CVE-2014-3506.html http://support.novell.com/security/cve/CVE-2014-3507.html http://support.novell.com/security/cve/CVE-2014-3508.html http://support.novell.com/security/cve/CVE-2014-3510.html https://bugzilla.novell.com/890764 https://bugzilla.novell.com/890767 https://bugzilla.novell.com/890768 https://bugzilla.novell.com/890769 https://bugzilla.novell.com/890770 http://download.suse.com/patch/finder/?keywords=99670be4c48bf7d4b638d26f459ded32 http://download.suse.com/patch/finder/?keywords=9b67b5e9df54ba01bdf516a4768dfc90 http://download.suse.com/patch/finder/?keywords=a13af464a610cda0eae18606907ad3af http://download.suse.com/patch/finder/?keywords=d131eebfce5c601b41e006539b73bcb9 From sle-updates at lists.suse.com Tue Sep 9 17:06:56 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Sep 2014 01:06:56 +0200 (CEST) Subject: SUSE-SU-2014:1105-1: moderate: Security update for the Linux Kernel Message-ID: <20140909230656.66BE2321D8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1105-1 Rating: moderate References: #846404 #864464 #866911 #870173 #870576 #871676 #871797 #871854 #872634 #873374 #876590 #877257 #877775 #878115 #878509 #879921 #880484 #881051 #882804 #883724 #883795 #885422 #885725 #886474 #889173 #889324 Cross-References: CVE-2013-4299 CVE-2014-0055 CVE-2014-0077 CVE-2014-1739 CVE-2014-2706 CVE-2014-2851 CVE-2014-3144 CVE-2014-3145 CVE-2014-3917 CVE-2014-4508 CVE-2014-4652 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4656 CVE-2014-4667 CVE-2014-4699 CVE-2014-5077 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 18 vulnerabilities and has 8 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise Server 11 SP2 LTSS received a roll up update to fix several security and non-security issues. The following security issues have been fixed: * CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (bnc#870173) * CVE-2014-0077: drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (bnc#870576) * CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. (bnc#882804) * CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) * CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (bnc#873374) * CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257) * CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257) * CVE-2014-3917: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484) * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724) * CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) * CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) * CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795) * CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795) * CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795) * CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. (bnc#885422) * CVE-2014-4699: The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725) * CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (bnc#889173) * CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. (bnc#846404) The following bugs have been fixed: * pagecachelimit: reduce lru_lock contention for heavy parallel reclaim (bnc#878509, bnc#864464). * pagecachelimit: reduce lru_lock contention for heavy parallel reclaim kabi fixup (bnc#878509, bnc#864464). * ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). * kabi: Fix breakage due to addition of user_ctl_lock (bnc#883795). * cpuset: Fix memory allocator deadlock (bnc#876590). * tcp: allow to disable cwnd moderation in TCP_CA_Loss state (bnc#879921). * tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). * vlan: more careful checksum features handling (bnc#872634). * bonding: fix vlan_features computing (bnc#872634). * NFSv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bnc#889324). * NFS: Do not lose sockets when nfsd shutdown races with connection timeout (bnc#871854). * reiserfs: call truncate_setsize under tailpack mutex (bnc#878115). * reiserfs: drop vmtruncate (bnc#878115). * megaraid_sas: mask off flags in ioctl path (bnc#886474). * block: fix race between request completion and timeout handling (bnc#881051). * drivers/rtc/interface.c: fix infinite loop in initializing the alarm (bnc#871676). * xfrm: check peer pointer for null before calling inet_putpeer() (bnc#877775). * supported.conf: Add firewire/nosy as supported. This driver is the replacement for the ieee1394/pcilynx driver, which was supported. Security Issues: * CVE-2013-4299 * CVE-2014-0055 * CVE-2014-0077 * CVE-2014-1739 * CVE-2014-2706 * CVE-2014-2851 * CVE-2014-3144 * CVE-2014-3145 * CVE-2014-3917 * CVE-2014-4508 * CVE-2014-4652 * CVE-2014-4653 * CVE-2014-4654 * CVE-2014-4655 * CVE-2014-4656 * CVE-2014-4667 * CVE-2014-4699 * CVE-2014-5077 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-kernel-9630 slessp2-kernel-9631 slessp2-kernel-9632 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.7.23.1 kernel-default-base-3.0.101-0.7.23.1 kernel-default-devel-3.0.101-0.7.23.1 kernel-source-3.0.101-0.7.23.1 kernel-syms-3.0.101-0.7.23.1 kernel-trace-3.0.101-0.7.23.1 kernel-trace-base-3.0.101-0.7.23.1 kernel-trace-devel-3.0.101-0.7.23.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.7.23.1 kernel-ec2-base-3.0.101-0.7.23.1 kernel-ec2-devel-3.0.101-0.7.23.1 kernel-xen-3.0.101-0.7.23.1 kernel-xen-base-3.0.101-0.7.23.1 kernel-xen-devel-3.0.101-0.7.23.1 xen-kmp-default-4.1.6_06_3.0.101_0.7.23-0.5.30 xen-kmp-trace-4.1.6_06_3.0.101_0.7.23-0.5.30 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.7.23.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.7.23.1 kernel-pae-base-3.0.101-0.7.23.1 kernel-pae-devel-3.0.101-0.7.23.1 xen-kmp-pae-4.1.6_06_3.0.101_0.7.23-0.5.30 - SLE 11 SERVER Unsupported Extras (i586 s390x x86_64): kernel-default-extra-3.0.101-0.7.23.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.7.23.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.7.23.1 References: http://support.novell.com/security/cve/CVE-2013-4299.html http://support.novell.com/security/cve/CVE-2014-0055.html http://support.novell.com/security/cve/CVE-2014-0077.html http://support.novell.com/security/cve/CVE-2014-1739.html http://support.novell.com/security/cve/CVE-2014-2706.html http://support.novell.com/security/cve/CVE-2014-2851.html http://support.novell.com/security/cve/CVE-2014-3144.html http://support.novell.com/security/cve/CVE-2014-3145.html http://support.novell.com/security/cve/CVE-2014-3917.html http://support.novell.com/security/cve/CVE-2014-4508.html http://support.novell.com/security/cve/CVE-2014-4652.html http://support.novell.com/security/cve/CVE-2014-4653.html http://support.novell.com/security/cve/CVE-2014-4654.html http://support.novell.com/security/cve/CVE-2014-4655.html http://support.novell.com/security/cve/CVE-2014-4656.html http://support.novell.com/security/cve/CVE-2014-4667.html http://support.novell.com/security/cve/CVE-2014-4699.html http://support.novell.com/security/cve/CVE-2014-5077.html https://bugzilla.novell.com/846404 https://bugzilla.novell.com/864464 https://bugzilla.novell.com/866911 https://bugzilla.novell.com/870173 https://bugzilla.novell.com/870576 https://bugzilla.novell.com/871676 https://bugzilla.novell.com/871797 https://bugzilla.novell.com/871854 https://bugzilla.novell.com/872634 https://bugzilla.novell.com/873374 https://bugzilla.novell.com/876590 https://bugzilla.novell.com/877257 https://bugzilla.novell.com/877775 https://bugzilla.novell.com/878115 https://bugzilla.novell.com/878509 https://bugzilla.novell.com/879921 https://bugzilla.novell.com/880484 https://bugzilla.novell.com/881051 https://bugzilla.novell.com/882804 https://bugzilla.novell.com/883724 https://bugzilla.novell.com/883795 https://bugzilla.novell.com/885422 https://bugzilla.novell.com/885725 https://bugzilla.novell.com/886474 https://bugzilla.novell.com/889173 https://bugzilla.novell.com/889324 http://download.suse.com/patch/finder/?keywords=1bdb6880fea42253a50653414920422e http://download.suse.com/patch/finder/?keywords=218ba78474014b91211cb482f9ce7a3a http://download.suse.com/patch/finder/?keywords=3fe24f0ad52cbb8be44e129fa1f0497a http://download.suse.com/patch/finder/?keywords=41c4d735ff2c6886df2aa7dfcce0107b http://download.suse.com/patch/finder/?keywords=4d4557738b3fb3592211aa4ebb60e887 http://download.suse.com/patch/finder/?keywords=4de705ad690dac2ee164aea48d16db9a From sle-updates at lists.suse.com Tue Sep 9 19:04:20 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Sep 2014 03:04:20 +0200 (CEST) Subject: SUSE-SU-2014:1106-1: moderate: Security update for net-snmp Message-ID: <20140910010420.3AC7732189@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1106-1 Rating: moderate References: #865222 #894361 Cross-References: CVE-2014-3565 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for net-snmp fixes a remote denial of service problem inside snmptrapd when it is started with the "-OQ" option. (CVE-2014-3565, bnc#894361) Additionally, a timeout issue during SNMP MIB walk on OID 1.3.6.1.2.1.4.24 when using newer (v5.5+) versions of snmpwalk has been fixed. (bnc#865222) Security Issues: * CVE-2014-3565 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libsnmp15-9679 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libsnmp15-9679 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libsnmp15-9679 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libsnmp15-9679 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): net-snmp-devel-5.4.2.1-8.12.22.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.22.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64): net-snmp-devel-32bit-5.4.2.1-8.12.22.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libsnmp15-5.4.2.1-8.12.22.1 net-snmp-5.4.2.1-8.12.22.1 perl-SNMP-5.4.2.1-8.12.22.1 snmp-mibs-5.4.2.1-8.12.22.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libsnmp15-32bit-5.4.2.1-8.12.22.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libsnmp15-5.4.2.1-8.12.22.1 net-snmp-5.4.2.1-8.12.22.1 perl-SNMP-5.4.2.1-8.12.22.1 snmp-mibs-5.4.2.1-8.12.22.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libsnmp15-32bit-5.4.2.1-8.12.22.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libsnmp15-x86-5.4.2.1-8.12.22.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libsnmp15-5.4.2.1-8.12.22.1 net-snmp-5.4.2.1-8.12.22.1 perl-SNMP-5.4.2.1-8.12.22.1 snmp-mibs-5.4.2.1-8.12.22.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.22.1 References: http://support.novell.com/security/cve/CVE-2014-3565.html https://bugzilla.novell.com/865222 https://bugzilla.novell.com/894361 http://download.suse.com/patch/finder/?keywords=a3129963b7293565b8abdd32cd25c3f4 From sle-updates at lists.suse.com Tue Sep 9 21:04:18 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Sep 2014 05:04:18 +0200 (CEST) Subject: SUSE-SU-2014:1107-1: important: Security update for MozillaFirefox Message-ID: <20140910030418.6E94A32089@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1107-1 Rating: important References: #894370 Cross-References: CVE-2014-1562 CVE-2014-1567 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes three new package versions. Description: Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream: * MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. * MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) More information is referenced on: https://www.mozilla.org/security/announce/ . Security Issues: * CVE-2014-1562 * CVE-2014-1567 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-firefox-201409-9687 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-firefox-201409-9687 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-firefox-201409-9687 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-firefox-201409-9687 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.16.4 and 4.10.7]: MozillaFirefox-devel-24.8.0esr-0.8.1 mozilla-nspr-devel-4.10.7-0.3.1 mozilla-nss-devel-3.16.4-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 24.8.0esr,3.16.4 and 4.10.7]: MozillaFirefox-24.8.0esr-0.8.1 MozillaFirefox-translations-24.8.0esr-0.8.1 libfreebl3-3.16.4-0.8.1 libsoftokn3-3.16.4-0.8.1 mozilla-nspr-4.10.7-0.3.1 mozilla-nss-3.16.4-0.8.1 mozilla-nss-tools-3.16.4-0.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.16.4 and 4.10.7]: libfreebl3-32bit-3.16.4-0.8.1 libsoftokn3-32bit-3.16.4-0.8.1 mozilla-nspr-32bit-4.10.7-0.3.1 mozilla-nss-32bit-3.16.4-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 24.8.0esr,3.16.4 and 4.10.7]: MozillaFirefox-24.8.0esr-0.8.1 MozillaFirefox-translations-24.8.0esr-0.8.1 libfreebl3-3.16.4-0.8.1 libsoftokn3-3.16.4-0.8.1 mozilla-nspr-4.10.7-0.3.1 mozilla-nss-3.16.4-0.8.1 mozilla-nss-tools-3.16.4-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.16.4 and 4.10.7]: libfreebl3-32bit-3.16.4-0.8.1 libsoftokn3-32bit-3.16.4-0.8.1 mozilla-nspr-32bit-4.10.7-0.3.1 mozilla-nss-32bit-3.16.4-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.16.4 and 4.10.7]: libfreebl3-x86-3.16.4-0.8.1 libsoftokn3-x86-3.16.4-0.8.1 mozilla-nspr-x86-4.10.7-0.3.1 mozilla-nss-x86-3.16.4-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 24.8.0esr,3.16.4 and 4.10.7]: MozillaFirefox-24.8.0esr-0.8.1 MozillaFirefox-translations-24.8.0esr-0.8.1 libfreebl3-3.16.4-0.8.1 libsoftokn3-3.16.4-0.8.1 mozilla-nspr-4.10.7-0.3.1 mozilla-nss-3.16.4-0.8.1 mozilla-nss-tools-3.16.4-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.16.4 and 4.10.7]: libfreebl3-32bit-3.16.4-0.8.1 libsoftokn3-32bit-3.16.4-0.8.1 mozilla-nspr-32bit-4.10.7-0.3.1 mozilla-nss-32bit-3.16.4-0.8.1 References: http://support.novell.com/security/cve/CVE-2014-1562.html http://support.novell.com/security/cve/CVE-2014-1567.html https://bugzilla.novell.com/894370 http://download.suse.com/patch/finder/?keywords=873315fb280696995d2133ee7817926f From sle-updates at lists.suse.com Wed Sep 10 12:04:19 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Sep 2014 20:04:19 +0200 (CEST) Subject: SUSE-SU-2014:1111-1: moderate: Security update for openstack-dashboard Message-ID: <20140910180419.BE63F321DA@maintenance.suse.de> SUSE Security Update: Security update for openstack-dashboard ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1111-1 Rating: moderate References: #891815 Cross-References: CVE-2014-3475 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update for openstack-dashboard fixes a cross-site scripting issue on the unordered_list filter. (bnc#891815, CVE-2014-3594) Security Issues: * CVE-2014-3475 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-dashboard-9670 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.3.dev4.ge53cc81]: openstack-dashboard-2014.1.3.dev4.ge53cc81-0.7.1 python-horizon-2014.1.3.dev4.ge53cc81-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-3475.html https://bugzilla.novell.com/891815 http://download.suse.com/patch/finder/?keywords=a466b12b7e2a4016ab19580255d5a796 From sle-updates at lists.suse.com Wed Sep 10 16:04:15 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Sep 2014 00:04:15 +0200 (CEST) Subject: SUSE-SU-2014:1112-1: important: Security update for MozillaFirefox Message-ID: <20140910220415.1423A321DA@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1112-1 Rating: important References: #894370 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes three new package versions. Description: Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream: * MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. * MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) More information is referenced on: https://www.mozilla.org/security/announce/ . Security Issues: * CVE-2014-1562 * CVE-2014-1567 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-firefox-201409-9682 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 24.8.0esr,3.16.4 and 4.10.7]: MozillaFirefox-24.8.0esr-0.3.1 MozillaFirefox-translations-24.8.0esr-0.3.1 libfreebl3-3.16.4-0.3.1 mozilla-nspr-4.10.7-0.3.1 mozilla-nspr-devel-4.10.7-0.3.1 mozilla-nss-3.16.4-0.3.1 mozilla-nss-devel-3.16.4-0.3.1 mozilla-nss-tools-3.16.4-0.3.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 3.16.4 and 4.10.7]: libfreebl3-32bit-3.16.4-0.3.1 mozilla-nspr-32bit-4.10.7-0.3.1 mozilla-nss-32bit-3.16.4-0.3.1 References: https://bugzilla.novell.com/894370 http://download.suse.com/patch/finder/?keywords=e1c935e0f16e49f1e16fa6831a476bb8 From sle-updates at lists.suse.com Wed Sep 10 17:04:15 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Sep 2014 01:04:15 +0200 (CEST) Subject: SUSE-RU-2014:1113-1: Recommended update for microcode_ctl Message-ID: <20140910230415.3756F32189@maintenance.suse.de> SUSE Recommended Update: Recommended update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1113-1 Rating: low References: #885215 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Intel's CPU microcode version 20140624. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-microcode_ctl-9524 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-microcode_ctl-9524 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-microcode_ctl-9524 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): microcode_ctl-1.17-102.74.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): microcode_ctl-1.17-102.74.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): microcode_ctl-1.17-102.74.1 References: https://bugzilla.novell.com/885215 http://download.suse.com/patch/finder/?keywords=c2c1676dcecadccc59e3ed499e8e85aa From sle-updates at lists.suse.com Thu Sep 11 07:04:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Sep 2014 15:04:11 +0200 (CEST) Subject: SUSE-SU-2014:1116-1: important: Security update for LibreOffice Message-ID: <20140911130411.83564321DA@maintenance.suse.de> SUSE Security Update: Security update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1116-1 Rating: important References: #382137 #593612 #654230 #753460 #757432 #779620 #779642 #780044 #783433 #802888 #816593 #817956 #819614 #819822 #819865 #820077 #820273 #820503 #820504 #820509 #820788 #820800 #820819 #820836 #821567 #821795 #822908 #823626 #823651 #823655 #823675 #823935 #825305 #825891 #825976 #828390 #828598 #829017 #830205 #831457 #831578 #834035 #834705 #834720 #834722 #835985 #837302 #839727 #862510 #863021 #864396 #870234 #878854 #893141 Cross-References: CVE-2013-4156 CVE-2014-3575 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has 52 fixes is now available. It includes one version update. Description: LibreOffice was updated to version 4.0.3.3.26. (SUSE 4.0-patch26, tag suse-4.0-26, based on upstream 4.0.3.3). Two security issues have been fixed: * DOCM memory corruption vulnerability. (CVE-2013-4156, bnc#831578) * Data exposure using crafted OLE objects. (CVE-2014-3575, bnc#893141) The following non-security issues have been fixed: * chart shown flipped (bnc#834722) * chart missing dataset (bnc#839727) * import new line in text (bnc#828390) * lines running off screens (bnc#819614) * add set-all language menu (bnc#863021) * text rotation (bnc#783433, bnc#862510) * page border shadow testcase (bnc#817956) * one more clickable field fix (bnc#802888) * multilevel labels are rotated (bnc#820273) * incorrect nested table margins (bnc#816593) * use BitmapURL only if its valid (bnc#821567) * import gradfill for text colors (bnc#870234) * fix undo of paragraph attributes (bnc#828598) * stop-gap solution to avoid crash (bnc#830205) * import images with duotone filter (bnc#820077) * missing drop downs for autofilter (bnc#834705) * typos in first page style creation (bnc#820836) * labels wrongly interpreted as dates (bnc#834720) * RTF import of fFilled shape property (bnc#825305) * placeholders text size is not correct (bnc#831457) * cells value formatted with wrong output (bnc#821795) * RTF import of freeform shape coordinates (bnc#823655) * styles (rename &) copy to different decks (bnc#757432) * XLSX Chart import with internal data table (bnc#819822) * handle M.d.yyyy date format in DOCX import (bnc#820509) * paragraph style in empty first page header (bnc#823651) * copying slides having same master page name (bnc#753460) * printing handouts using the default, 'Order' (bnc#835985) * wrap polygon was based on dest size of picture (bnc#820800) * added common flags support for SEQ field import (bnc#825976) * hyperlinks of illustration index in DOCX export (bnc#834035) * allow insertion of redlines with an empty author (bnc#837302) * handle drawinglayer rectangle inset in VML import (bnc#779642) * don't apply complex font size to non-complex font (bnc#820819) * issue with negative seeks in win32 shell extension (bnc#829017) * slide appears quite garbled when imported from PPTX (bnc#593612) * initial MCE support in writerfilter ooxml tokenizer (bnc#820503) * MSWord uses \xb for linebreaks in DB fields, take 2 (bnc#878854) * try harder to convert floating tables to text frames (bnc#779620) * itemstate in parent style incorrectly reported as set (bnc#819865) * default color hidden by Default style in writerfilter (bnc#820504) * DOCX document crashes when using internal OOXML filter (bnc#382137) * ugly workaround for external leading with symbol fonts (bnc#823626) * followup fix for exported xlsx causes errors for mso2007 (bnc#823935) * we only support simple labels in the InternalDataProvider (bnc#864396) * RTF import: fix import of numbering bullet associated font (bnc#823675) * page specific footer extended to every pages in DOCX export (bnc#654230) * v:textbox mso-fit-shape-to-text style property in VML import (bnc#820788) * w:spacing in a paragraph should also apply to as-char objects (bnc#780044) * compatibility setting for MS Word wrapping text in less space (bnc#822908) * fix SwWrtShell::SelAll() to work with empty table at doc start (bnc#825891) Security Issues: * CVE-2014-3575 * CVE-2013-4156 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libreoffice-201409-9677 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libreoffice-201409-9677 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]: libreoffice-4.0.3.3.26-0.6.2 libreoffice-base-4.0.3.3.26-0.6.2 libreoffice-base-drivers-postgresql-4.0.3.3.26-0.6.2 libreoffice-base-extensions-4.0.3.3.26-0.6.2 libreoffice-calc-4.0.3.3.26-0.6.2 libreoffice-calc-extensions-4.0.3.3.26-0.6.2 libreoffice-draw-4.0.3.3.26-0.6.2 libreoffice-draw-extensions-4.0.3.3.26-0.6.2 libreoffice-filters-optional-4.0.3.3.26-0.6.2 libreoffice-gnome-4.0.3.3.26-0.6.2 libreoffice-impress-4.0.3.3.26-0.6.2 libreoffice-impress-extensions-4.0.3.3.26-0.6.2 libreoffice-kde-4.0.3.3.26-0.6.2 libreoffice-kde4-4.0.3.3.26-0.6.2 libreoffice-l10n-prebuilt-4.0.3.3.26-0.6.2 libreoffice-mailmerge-4.0.3.3.26-0.6.2 libreoffice-math-4.0.3.3.26-0.6.2 libreoffice-mono-4.0.3.3.26-0.6.2 libreoffice-officebean-4.0.3.3.26-0.6.2 libreoffice-pyuno-4.0.3.3.26-0.6.2 libreoffice-sdk-4.0.3.3.26-0.6.2 libreoffice-writer-4.0.3.3.26-0.6.2 libreoffice-writer-extensions-4.0.3.3.26-0.6.2 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 4.0.3.3.26]: libreoffice-branding-upstream-4.0.3.3.26-0.6.1 libreoffice-help-cs-4.0.3.3.26-0.6.1 libreoffice-help-da-4.0.3.3.26-0.6.1 libreoffice-help-de-4.0.3.3.26-0.6.1 libreoffice-help-en-GB-4.0.3.3.26-0.6.1 libreoffice-help-en-US-4.0.3.3.26-0.6.1 libreoffice-help-es-4.0.3.3.26-0.6.1 libreoffice-help-fr-4.0.3.3.26-0.6.1 libreoffice-help-gu-IN-4.0.3.3.26-0.6.1 libreoffice-help-hi-IN-4.0.3.3.26-0.6.1 libreoffice-help-hu-4.0.3.3.26-0.6.1 libreoffice-help-it-4.0.3.3.26-0.6.1 libreoffice-help-ja-4.0.3.3.26-0.6.1 libreoffice-help-ko-4.0.3.3.26-0.6.1 libreoffice-help-nl-4.0.3.3.26-0.6.1 libreoffice-help-pl-4.0.3.3.26-0.6.1 libreoffice-help-pt-4.0.3.3.26-0.6.1 libreoffice-help-pt-BR-4.0.3.3.26-0.6.1 libreoffice-help-ru-4.0.3.3.26-0.6.1 libreoffice-help-sv-4.0.3.3.26-0.6.1 libreoffice-help-zh-CN-4.0.3.3.26-0.6.1 libreoffice-help-zh-TW-4.0.3.3.26-0.6.1 libreoffice-icon-themes-4.0.3.3.26-0.6.2 libreoffice-l10n-af-4.0.3.3.26-0.6.2 libreoffice-l10n-ar-4.0.3.3.26-0.6.2 libreoffice-l10n-ca-4.0.3.3.26-0.6.2 libreoffice-l10n-cs-4.0.3.3.26-0.6.2 libreoffice-l10n-da-4.0.3.3.26-0.6.2 libreoffice-l10n-de-4.0.3.3.26-0.6.2 libreoffice-l10n-el-4.0.3.3.26-0.6.2 libreoffice-l10n-en-GB-4.0.3.3.26-0.6.2 libreoffice-l10n-es-4.0.3.3.26-0.6.2 libreoffice-l10n-fi-4.0.3.3.26-0.6.2 libreoffice-l10n-fr-4.0.3.3.26-0.6.2 libreoffice-l10n-gu-IN-4.0.3.3.26-0.6.2 libreoffice-l10n-hi-IN-4.0.3.3.26-0.6.2 libreoffice-l10n-hu-4.0.3.3.26-0.6.2 libreoffice-l10n-it-4.0.3.3.26-0.6.2 libreoffice-l10n-ja-4.0.3.3.26-0.6.2 libreoffice-l10n-ko-4.0.3.3.26-0.6.2 libreoffice-l10n-nb-4.0.3.3.26-0.6.2 libreoffice-l10n-nl-4.0.3.3.26-0.6.2 libreoffice-l10n-nn-4.0.3.3.26-0.6.2 libreoffice-l10n-pl-4.0.3.3.26-0.6.2 libreoffice-l10n-pt-4.0.3.3.26-0.6.2 libreoffice-l10n-pt-BR-4.0.3.3.26-0.6.2 libreoffice-l10n-ru-4.0.3.3.26-0.6.2 libreoffice-l10n-sk-4.0.3.3.26-0.6.2 libreoffice-l10n-sv-4.0.3.3.26-0.6.2 libreoffice-l10n-xh-4.0.3.3.26-0.6.2 libreoffice-l10n-zh-CN-4.0.3.3.26-0.6.2 libreoffice-l10n-zh-TW-4.0.3.3.26-0.6.2 libreoffice-l10n-zu-4.0.3.3.26-0.6.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 4.0.3.3.26]: libreoffice-4.0.3.3.26-0.6.2 libreoffice-base-4.0.3.3.26-0.6.2 libreoffice-base-drivers-postgresql-4.0.3.3.26-0.6.2 libreoffice-base-extensions-4.0.3.3.26-0.6.2 libreoffice-calc-4.0.3.3.26-0.6.2 libreoffice-calc-extensions-4.0.3.3.26-0.6.2 libreoffice-draw-4.0.3.3.26-0.6.2 libreoffice-draw-extensions-4.0.3.3.26-0.6.2 libreoffice-filters-optional-4.0.3.3.26-0.6.2 libreoffice-gnome-4.0.3.3.26-0.6.2 libreoffice-impress-4.0.3.3.26-0.6.2 libreoffice-impress-extensions-4.0.3.3.26-0.6.2 libreoffice-kde-4.0.3.3.26-0.6.2 libreoffice-kde4-4.0.3.3.26-0.6.2 libreoffice-mailmerge-4.0.3.3.26-0.6.2 libreoffice-math-4.0.3.3.26-0.6.2 libreoffice-mono-4.0.3.3.26-0.6.2 libreoffice-officebean-4.0.3.3.26-0.6.2 libreoffice-pyuno-4.0.3.3.26-0.6.2 libreoffice-writer-4.0.3.3.26-0.6.2 libreoffice-writer-extensions-4.0.3.3.26-0.6.2 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 4.0.3.3.26]: libreoffice-help-cs-4.0.3.3.26-0.6.1 libreoffice-help-da-4.0.3.3.26-0.6.1 libreoffice-help-de-4.0.3.3.26-0.6.1 libreoffice-help-en-GB-4.0.3.3.26-0.6.1 libreoffice-help-en-US-4.0.3.3.26-0.6.1 libreoffice-help-es-4.0.3.3.26-0.6.1 libreoffice-help-fr-4.0.3.3.26-0.6.1 libreoffice-help-gu-IN-4.0.3.3.26-0.6.1 libreoffice-help-hi-IN-4.0.3.3.26-0.6.1 libreoffice-help-hu-4.0.3.3.26-0.6.1 libreoffice-help-it-4.0.3.3.26-0.6.1 libreoffice-help-ja-4.0.3.3.26-0.6.1 libreoffice-help-ko-4.0.3.3.26-0.6.1 libreoffice-help-nl-4.0.3.3.26-0.6.1 libreoffice-help-pl-4.0.3.3.26-0.6.1 libreoffice-help-pt-4.0.3.3.26-0.6.1 libreoffice-help-pt-BR-4.0.3.3.26-0.6.1 libreoffice-help-ru-4.0.3.3.26-0.6.1 libreoffice-help-sv-4.0.3.3.26-0.6.1 libreoffice-help-zh-CN-4.0.3.3.26-0.6.1 libreoffice-help-zh-TW-4.0.3.3.26-0.6.1 libreoffice-icon-themes-4.0.3.3.26-0.6.2 libreoffice-l10n-af-4.0.3.3.26-0.6.2 libreoffice-l10n-ar-4.0.3.3.26-0.6.2 libreoffice-l10n-ca-4.0.3.3.26-0.6.2 libreoffice-l10n-cs-4.0.3.3.26-0.6.2 libreoffice-l10n-da-4.0.3.3.26-0.6.2 libreoffice-l10n-de-4.0.3.3.26-0.6.2 libreoffice-l10n-en-GB-4.0.3.3.26-0.6.2 libreoffice-l10n-es-4.0.3.3.26-0.6.2 libreoffice-l10n-fi-4.0.3.3.26-0.6.2 libreoffice-l10n-fr-4.0.3.3.26-0.6.2 libreoffice-l10n-gu-IN-4.0.3.3.26-0.6.2 libreoffice-l10n-hi-IN-4.0.3.3.26-0.6.2 libreoffice-l10n-hu-4.0.3.3.26-0.6.2 libreoffice-l10n-it-4.0.3.3.26-0.6.2 libreoffice-l10n-ja-4.0.3.3.26-0.6.2 libreoffice-l10n-ko-4.0.3.3.26-0.6.2 libreoffice-l10n-nb-4.0.3.3.26-0.6.2 libreoffice-l10n-nl-4.0.3.3.26-0.6.2 libreoffice-l10n-nn-4.0.3.3.26-0.6.2 libreoffice-l10n-pl-4.0.3.3.26-0.6.2 libreoffice-l10n-pt-4.0.3.3.26-0.6.2 libreoffice-l10n-pt-BR-4.0.3.3.26-0.6.2 libreoffice-l10n-ru-4.0.3.3.26-0.6.2 libreoffice-l10n-sk-4.0.3.3.26-0.6.2 libreoffice-l10n-sv-4.0.3.3.26-0.6.2 libreoffice-l10n-xh-4.0.3.3.26-0.6.2 libreoffice-l10n-zh-CN-4.0.3.3.26-0.6.2 libreoffice-l10n-zh-TW-4.0.3.3.26-0.6.2 libreoffice-l10n-zu-4.0.3.3.26-0.6.2 References: http://support.novell.com/security/cve/CVE-2013-4156.html http://support.novell.com/security/cve/CVE-2014-3575.html https://bugzilla.novell.com/382137 https://bugzilla.novell.com/593612 https://bugzilla.novell.com/654230 https://bugzilla.novell.com/753460 https://bugzilla.novell.com/757432 https://bugzilla.novell.com/779620 https://bugzilla.novell.com/779642 https://bugzilla.novell.com/780044 https://bugzilla.novell.com/783433 https://bugzilla.novell.com/802888 https://bugzilla.novell.com/816593 https://bugzilla.novell.com/817956 https://bugzilla.novell.com/819614 https://bugzilla.novell.com/819822 https://bugzilla.novell.com/819865 https://bugzilla.novell.com/820077 https://bugzilla.novell.com/820273 https://bugzilla.novell.com/820503 https://bugzilla.novell.com/820504 https://bugzilla.novell.com/820509 https://bugzilla.novell.com/820788 https://bugzilla.novell.com/820800 https://bugzilla.novell.com/820819 https://bugzilla.novell.com/820836 https://bugzilla.novell.com/821567 https://bugzilla.novell.com/821795 https://bugzilla.novell.com/822908 https://bugzilla.novell.com/823626 https://bugzilla.novell.com/823651 https://bugzilla.novell.com/823655 https://bugzilla.novell.com/823675 https://bugzilla.novell.com/823935 https://bugzilla.novell.com/825305 https://bugzilla.novell.com/825891 https://bugzilla.novell.com/825976 https://bugzilla.novell.com/828390 https://bugzilla.novell.com/828598 https://bugzilla.novell.com/829017 https://bugzilla.novell.com/830205 https://bugzilla.novell.com/831457 https://bugzilla.novell.com/831578 https://bugzilla.novell.com/834035 https://bugzilla.novell.com/834705 https://bugzilla.novell.com/834720 https://bugzilla.novell.com/834722 https://bugzilla.novell.com/835985 https://bugzilla.novell.com/837302 https://bugzilla.novell.com/839727 https://bugzilla.novell.com/862510 https://bugzilla.novell.com/863021 https://bugzilla.novell.com/864396 https://bugzilla.novell.com/870234 https://bugzilla.novell.com/878854 https://bugzilla.novell.com/893141 http://download.suse.com/patch/finder/?keywords=d2e2531d51923f3c40bbd114b7e6c32e From sle-updates at lists.suse.com Thu Sep 11 17:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Sep 2014 01:04:13 +0200 (CEST) Subject: SUSE-RU-2014:1118-1: moderate: Recommended update for mongodb Message-ID: <20140911230413.DA77E32189@maintenance.suse.de> SUSE Recommended Update: Recommended update for mongodb ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1118-1 Rating: moderate References: #876326 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mongodb raises the virtual memory resource limits in order to prevent memory allocation failures on the Ceilometer barclamp. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-mongodb-9659 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): mongodb-2.4.3-0.15.1 References: https://bugzilla.novell.com/876326 http://download.suse.com/patch/finder/?keywords=21864cbfbca69467322dc68c24651999 From sle-updates at lists.suse.com Thu Sep 11 18:04:20 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Sep 2014 02:04:20 +0200 (CEST) Subject: SUSE-SU-2014:1119-1: important: Security update for glibc Message-ID: <20140912000420.1ECC2321CE@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1119-1 Rating: important References: #772242 #779320 #818630 #828235 #828637 #834594 #892073 Cross-References: CVE-2012-4412 CVE-2013-4237 CVE-2014-5119 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This glibc update fixes a critical privilege escalation problem and the following security and non security issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) * bnc#772242: Replace scope handing with master state * bnc#779320: Fix buffer overflow in strcoll (CVE-2012-4412) * bnc#818630: Fall back to localhost if no nameserver defined * bnc#828235: Fix missing character in IBM-943 charset * bnc#828637: Fix use of alloca in gaih_inet * bnc#834594: Fix readdir_r with long file names (CVE-2013-4237) Security Issues: * CVE-2014-5119 * CVE-2013-4237 * CVE-2012-4412 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 i686 s390x x86_64): glibc-2.4-31.111.1 glibc-devel-2.4-31.111.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): glibc-html-2.4-31.111.1 glibc-i18ndata-2.4-31.111.1 glibc-info-2.4-31.111.1 glibc-locale-2.4-31.111.1 glibc-profile-2.4-31.111.1 nscd-2.4-31.111.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): glibc-32bit-2.4-31.111.1 glibc-devel-32bit-2.4-31.111.1 glibc-locale-32bit-2.4-31.111.1 glibc-profile-32bit-2.4-31.111.1 References: http://support.novell.com/security/cve/CVE-2012-4412.html http://support.novell.com/security/cve/CVE-2013-4237.html http://support.novell.com/security/cve/CVE-2014-5119.html https://bugzilla.novell.com/772242 https://bugzilla.novell.com/779320 https://bugzilla.novell.com/818630 https://bugzilla.novell.com/828235 https://bugzilla.novell.com/828637 https://bugzilla.novell.com/834594 https://bugzilla.novell.com/892073 http://download.suse.com/patch/finder/?keywords=767429925ce018c15cbe14c33d6a0f11 From sle-updates at lists.suse.com Thu Sep 11 18:06:21 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Sep 2014 02:06:21 +0200 (CEST) Subject: SUSE-SU-2014:1120-1: important: Security update for MozillaFirefox Message-ID: <20140912000621.703FA321CE@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1120-1 Rating: important References: #882881 #894370 Cross-References: CVE-2014-1562 CVE-2014-1567 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes two new package versions. Description: Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream: * MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. * MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) More information is referenced on: https://www.mozilla.org/security/announce/ . Security Issues: * CVE-2014-1567 * CVE-2014-1562 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 3.16.4 and 4.10.7]: firefox-gtk2-2.18.9-0.11.1 firefox-gtk2-lang-2.18.9-0.11.1 mozilla-nspr-4.10.7-0.5.1 mozilla-nspr-devel-4.10.7-0.5.1 mozilla-nss-3.16.4-0.5.2 mozilla-nss-devel-3.16.4-0.5.2 mozilla-nss-tools-3.16.4-0.5.2 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 3.16.4 and 4.10.7]: firefox-gtk2-32bit-2.18.9-0.11.1 mozilla-nspr-32bit-4.10.7-0.5.1 mozilla-nss-32bit-3.16.4-0.5.2 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x): MozillaFirefox-24.8.0esr-0.5.1 MozillaFirefox-translations-24.8.0esr-0.5.1 References: http://support.novell.com/security/cve/CVE-2014-1562.html http://support.novell.com/security/cve/CVE-2014-1567.html https://bugzilla.novell.com/882881 https://bugzilla.novell.com/894370 http://download.suse.com/patch/finder/?keywords=401ac4583a90138bdc8c41d347a7be85 From sle-updates at lists.suse.com Thu Sep 11 21:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Sep 2014 05:04:13 +0200 (CEST) Subject: SUSE-SU-2014:1121-1: Security update for libqt4 Message-ID: <20140912030413.E91F3321DA@maintenance.suse.de> SUSE Security Update: Security update for libqt4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1121-1 Rating: low References: #865241 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of the QT4 QSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libqt4-20140902-9683 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libqt4-20140902-9683 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libqt4-20140902-9683 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libqt4-20140902-9683 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libQtWebKit-devel-4.6.3-5.32.1 libqt4-devel-4.6.3-5.32.1 libqt4-devel-doc-4.6.3-5.32.1 libqt4-sql-postgresql-4.6.3-5.32.1 libqt4-sql-unixODBC-4.6.3-5.32.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libQtWebKit4-32bit-4.6.3-5.32.1 libqt4-sql-mysql-32bit-4.6.3-5.32.1 libqt4-sql-postgresql-32bit-4.6.3-5.32.1 libqt4-sql-sqlite-32bit-4.6.3-5.32.1 libqt4-sql-unixODBC-32bit-4.6.3-5.32.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch): libqt4-devel-doc-data-4.6.3-5.32.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libQtWebKit4-x86-4.6.3-5.32.1 libqt4-sql-mysql-x86-4.6.3-5.32.1 libqt4-sql-postgresql-x86-4.6.3-5.32.1 libqt4-sql-sqlite-x86-4.6.3-5.32.1 libqt4-sql-unixODBC-x86-4.6.3-5.32.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libQtWebKit4-4.6.3-5.32.1 libqt4-4.6.3-5.32.1 libqt4-qt3support-4.6.3-5.32.1 libqt4-sql-4.6.3-5.32.1 libqt4-sql-mysql-4.6.3-5.32.1 libqt4-sql-sqlite-4.6.3-5.32.1 libqt4-x11-4.6.3-5.32.1 qt4-x11-tools-4.6.3-5.32.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libQtWebKit4-32bit-4.6.3-5.32.1 libqt4-32bit-4.6.3-5.32.1 libqt4-qt3support-32bit-4.6.3-5.32.1 libqt4-sql-32bit-4.6.3-5.32.1 libqt4-x11-32bit-4.6.3-5.32.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libQtWebKit4-4.6.3-5.32.1 libqt4-4.6.3-5.32.1 libqt4-qt3support-4.6.3-5.32.1 libqt4-sql-4.6.3-5.32.1 libqt4-sql-mysql-4.6.3-5.32.1 libqt4-sql-sqlite-4.6.3-5.32.1 libqt4-x11-4.6.3-5.32.1 qt4-x11-tools-4.6.3-5.32.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libQtWebKit4-32bit-4.6.3-5.32.1 libqt4-32bit-4.6.3-5.32.1 libqt4-qt3support-32bit-4.6.3-5.32.1 libqt4-sql-32bit-4.6.3-5.32.1 libqt4-x11-32bit-4.6.3-5.32.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libQtWebKit4-x86-4.6.3-5.32.1 libqt4-qt3support-x86-4.6.3-5.32.1 libqt4-sql-x86-4.6.3-5.32.1 libqt4-x11-x86-4.6.3-5.32.1 libqt4-x86-4.6.3-5.32.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libQtWebKit4-4.6.3-5.32.1 libqt4-4.6.3-5.32.1 libqt4-qt3support-4.6.3-5.32.1 libqt4-sql-4.6.3-5.32.1 libqt4-sql-mysql-4.6.3-5.32.1 libqt4-sql-postgresql-4.6.3-5.32.1 libqt4-sql-sqlite-4.6.3-5.32.1 libqt4-sql-unixODBC-4.6.3-5.32.1 libqt4-x11-4.6.3-5.32.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libQtWebKit4-32bit-4.6.3-5.32.1 libqt4-32bit-4.6.3-5.32.1 libqt4-qt3support-32bit-4.6.3-5.32.1 libqt4-sql-32bit-4.6.3-5.32.1 libqt4-sql-mysql-32bit-4.6.3-5.32.1 libqt4-sql-postgresql-32bit-4.6.3-5.32.1 libqt4-sql-sqlite-32bit-4.6.3-5.32.1 libqt4-sql-unixODBC-32bit-4.6.3-5.32.1 libqt4-x11-32bit-4.6.3-5.32.1 References: https://bugzilla.novell.com/865241 http://download.suse.com/patch/finder/?keywords=5693b41f94ae5236c03286138fcee56a From sle-updates at lists.suse.com Thu Sep 11 22:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Sep 2014 06:04:13 +0200 (CEST) Subject: SUSE-SU-2014:1122-1: important: Security update for glibc Message-ID: <20140912040413.29303321DA@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1122-1 Rating: important References: #750741 #779320 #801246 #830268 #834594 #836746 #839870 #843735 #864081 #882600 #883022 #886416 #892073 Cross-References: CVE-2012-4412 CVE-2013-0242 CVE-2013-4237 CVE-2013-4332 CVE-2013-4788 CVE-2014-4043 CVE-2014-5119 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 6 fixes is now available. Description: This glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) * bnc#886416: Avoid redundant shift character in iconv output at block boundary. * bnc#883022: Initialize errcode in sysdeps/unix/opendir.c. * bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) * bnc#864081: Take lock in pthread_cond_wait cleanup handler only when needed. * bnc#843735: Don't crash on unresolved weak symbol reference. * bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) * bnc#836746: Avoid race between {,__de}allocate_stack and __reclaim_stacks during fork. * bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) * bnc#830268: Initialize pointer guard also in static executables. (CVE-2013-4788) * bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) * bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) * bnc#750741: Use absolute timeout in x86 pthread_cond_timedwait. Security Issues: * CVE-2014-5119 * CVE-2014-4043 * CVE-2012-4412 * CVE-2013-0242 * CVE-2013-4788 * CVE-2013-4237 * CVE-2013-4332 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-glibc-9664 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 i686 s390x x86_64): glibc-2.11.1-0.58.1 glibc-devel-2.11.1-0.58.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): glibc-html-2.11.1-0.58.1 glibc-i18ndata-2.11.1-0.58.1 glibc-info-2.11.1-0.58.1 glibc-locale-2.11.1-0.58.1 glibc-profile-2.11.1-0.58.1 nscd-2.11.1-0.58.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): glibc-32bit-2.11.1-0.58.1 glibc-devel-32bit-2.11.1-0.58.1 glibc-locale-32bit-2.11.1-0.58.1 glibc-profile-32bit-2.11.1-0.58.1 References: http://support.novell.com/security/cve/CVE-2012-4412.html http://support.novell.com/security/cve/CVE-2013-0242.html http://support.novell.com/security/cve/CVE-2013-4237.html http://support.novell.com/security/cve/CVE-2013-4332.html http://support.novell.com/security/cve/CVE-2013-4788.html http://support.novell.com/security/cve/CVE-2014-4043.html http://support.novell.com/security/cve/CVE-2014-5119.html https://bugzilla.novell.com/750741 https://bugzilla.novell.com/779320 https://bugzilla.novell.com/801246 https://bugzilla.novell.com/830268 https://bugzilla.novell.com/834594 https://bugzilla.novell.com/836746 https://bugzilla.novell.com/839870 https://bugzilla.novell.com/843735 https://bugzilla.novell.com/864081 https://bugzilla.novell.com/882600 https://bugzilla.novell.com/883022 https://bugzilla.novell.com/886416 https://bugzilla.novell.com/892073 http://download.suse.com/patch/finder/?keywords=8ba147c0ad19c1883fe7425b33e0ea15 From sle-updates at lists.suse.com Thu Sep 11 22:07:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Sep 2014 06:07:12 +0200 (CEST) Subject: SUSE-SU-2014:1120-2: important: Security update for MozillaFirefox Message-ID: <20140912040712.A749B321DA@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1120-2 Rating: important References: #882881 #894370 Cross-References: CVE-2014-1562 CVE-2014-1567 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes two new package versions. Description: Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream: * MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. * MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) More information is referenced on: https://www.mozilla.org/security/announce/ . Security Issues: * CVE-2014-1567 * CVE-2014-1562 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 3.16.4 and 4.10.7]: firefox-gtk2-2.18.9-0.11.1 firefox-gtk2-lang-2.18.9-0.11.1 mozilla-nspr-4.10.7-0.5.1 mozilla-nspr-devel-4.10.7-0.5.1 mozilla-nss-3.16.4-0.5.2 mozilla-nss-devel-3.16.4-0.5.2 mozilla-nss-tools-3.16.4-0.5.2 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 3.16.4 and 4.10.7]: firefox-gtk2-32bit-2.18.9-0.11.1 mozilla-nspr-32bit-4.10.7-0.5.1 mozilla-nss-32bit-3.16.4-0.5.2 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x): MozillaFirefox-24.8.0esr-0.5.1 MozillaFirefox-translations-24.8.0esr-0.5.1 References: http://support.novell.com/security/cve/CVE-2014-1562.html http://support.novell.com/security/cve/CVE-2014-1567.html https://bugzilla.novell.com/882881 https://bugzilla.novell.com/894370 http://download.suse.com/patch/finder/?keywords=24d0f20857a99b68fbd08945af76c27a From sle-updates at lists.suse.com Fri Sep 12 11:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Sep 2014 19:04:12 +0200 (CEST) Subject: SUSE-SU-2014:1112-2: important: Security update for MozillaFirefox Message-ID: <20140912170412.98B12321DE@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1112-2 Rating: important References: #894370 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes three new package versions. Description: Mozilla Firefox was updated to the 24.8.0ESR release, fixing security issues and bugs. Only some of the published security advisories affect the Mozilla Firefox 24ESR codestream: * MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. * MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. * Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) More information is referenced on: https://www.mozilla.org/security/announce/ . Security Issues: * CVE-2014-1562 * CVE-2014-1567 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-firefox-201409-9681 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 24.8.0esr,3.16.4 and 4.10.7]: MozillaFirefox-24.8.0esr-0.3.1 MozillaFirefox-translations-24.8.0esr-0.3.1 libfreebl3-3.16.4-0.3.1 mozilla-nspr-4.10.7-0.3.1 mozilla-nss-3.16.4-0.3.1 mozilla-nss-tools-3.16.4-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.16.4 and 4.10.7]: libfreebl3-32bit-3.16.4-0.3.1 mozilla-nspr-32bit-4.10.7-0.3.1 mozilla-nss-32bit-3.16.4-0.3.1 References: https://bugzilla.novell.com/894370 http://download.suse.com/patch/finder/?keywords=163464dc8eaa4994ed25dd8ac41a3b4e From sle-updates at lists.suse.com Fri Sep 12 15:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Sep 2014 23:04:12 +0200 (CEST) Subject: SUSE-SU-2014:1121-2: Security update for kdelibs4 Message-ID: <20140912210412.B56A0321DE@maintenance.suse.de> SUSE Security Update: Security update for kdelibs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1121-2 Rating: low References: #865241 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of the kdelibs4 KSSL interface makes it select a set of default ciphers that is recommended for current usage. This update is needed for Konqueror to restrict its cipher set when using https. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-kdelibs4-9676 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kdelibs4-9676 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kdelibs4-9676 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kdelibs4-9676 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): kdelibs4-doc-4.3.5-0.14.1 libkde4-devel-4.3.5-0.14.1 libkdecore4-devel-4.3.5-0.14.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): libkde4-32bit-4.3.5-0.14.1 libkdecore4-32bit-4.3.5-0.14.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): kdelibs4-4.3.5-0.14.1 kdelibs4-core-4.3.5-0.14.1 kdelibs4-doc-4.3.5-0.14.1 libkde4-4.3.5-0.14.1 libkdecore4-4.3.5-0.14.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libkde4-32bit-4.3.5-0.14.1 libkdecore4-32bit-4.3.5-0.14.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): kdelibs4-4.3.5-0.14.1 kdelibs4-core-4.3.5-0.14.1 kdelibs4-doc-4.3.5-0.14.1 libkde4-4.3.5-0.14.1 libkdecore4-4.3.5-0.14.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libkde4-32bit-4.3.5-0.14.1 libkdecore4-32bit-4.3.5-0.14.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libkde4-x86-4.3.5-0.14.1 libkdecore4-x86-4.3.5-0.14.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): kdelibs4-4.3.5-0.14.1 kdelibs4-core-4.3.5-0.14.1 libkde4-4.3.5-0.14.1 libkdecore4-4.3.5-0.14.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libkde4-32bit-4.3.5-0.14.1 libkdecore4-32bit-4.3.5-0.14.1 References: https://bugzilla.novell.com/865241 http://download.suse.com/patch/finder/?keywords=4f8706278a1e76233f67163bb601296d From sle-updates at lists.suse.com Fri Sep 12 17:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Sep 2014 01:04:14 +0200 (CEST) Subject: SUSE-SU-2014:1124-1: important: Security update for flash-player Message-ID: <20140912230414.C9DFF321CE@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1124-1 Rating: important References: #895856 Cross-References: CVE-2014-0547 CVE-2014-0548 CVE-2014-0549 CVE-2014-0550 CVE-2014-0551 CVE-2014-0552 CVE-2014-0553 CVE-2014-0554 CVE-2014-0555 CVE-2014-0556 CVE-2014-0557 CVE-2014-0559 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. It includes one version update. Description: Adobe Flash Player has been updated to 11.2.202.406 which fixes various security issues. These updates: * resolve a memory leakage vulnerability that could have been used to bypass memory address randomization (CVE-2014-0557). * resolve a security bypass vulnerability (CVE-2014-0554). * resolve a use-after-free vulnerability that could have lead to code execution (CVE-2014-0553). * resolve memory corruption vulnerabilities that could have lead to code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555). * resolve a vulnerability that could have been used to bypass the same origin policy (CVE-2014-0548). * resolve a heap buffer overflow vulnerability that could have lead to code execution (CVE-2014-0556, CVE-2014-0559). More information can be found on http://helpx.adobe.com/security/products/flash-player/apsb14-21.html Security Issues: * CVE-2014-0547 * CVE-2014-0548 * CVE-2014-0549 * CVE-2014-0550 * CVE-2014-0551 * CVE-2014-0552 * CVE-2014-0553 * CVE-2014-0554 * CVE-2014-0555 * CVE-2014-0556 * CVE-2014-0557 * CVE-2014-0559 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player-9704 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.406]: flash-player-11.2.202.406-0.3.1 flash-player-gnome-11.2.202.406-0.3.1 flash-player-kde4-11.2.202.406-0.3.1 References: http://support.novell.com/security/cve/CVE-2014-0547.html http://support.novell.com/security/cve/CVE-2014-0548.html http://support.novell.com/security/cve/CVE-2014-0549.html http://support.novell.com/security/cve/CVE-2014-0550.html http://support.novell.com/security/cve/CVE-2014-0551.html http://support.novell.com/security/cve/CVE-2014-0552.html http://support.novell.com/security/cve/CVE-2014-0553.html http://support.novell.com/security/cve/CVE-2014-0554.html http://support.novell.com/security/cve/CVE-2014-0555.html http://support.novell.com/security/cve/CVE-2014-0556.html http://support.novell.com/security/cve/CVE-2014-0557.html http://support.novell.com/security/cve/CVE-2014-0559.html https://bugzilla.novell.com/895856 http://download.suse.com/patch/finder/?keywords=3bb66ba5895adc6dc1e2753dafc4a3e3 From sle-updates at lists.suse.com Fri Sep 12 19:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Sep 2014 03:04:13 +0200 (CEST) Subject: SUSE-SU-2014:1125-1: important: Security update for glibc Message-ID: <20140913010413.2B4CE321E6@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1125-1 Rating: important References: #888347 #892065 #892073 Cross-References: CVE-2014-5119 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This glibc update fixes a critical privilege escalation problem and two non-security issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) * bnc#892065: setenv-alloca.patch: Avoid unbound alloca in setenv. * bnc#888347: printf-multibyte-format.patch: Don't parse %s format argument as multi-byte string. Security Issues: * CVE-2014-5119 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-glibc-9669 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-glibc-9669 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-glibc-9669 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-glibc-9669 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): glibc-html-2.11.3-17.72.14 glibc-info-2.11.3-17.72.14 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): glibc-2.11.3-17.72.14 glibc-devel-2.11.3-17.72.14 glibc-html-2.11.3-17.72.14 glibc-i18ndata-2.11.3-17.72.14 glibc-info-2.11.3-17.72.14 glibc-locale-2.11.3-17.72.14 glibc-profile-2.11.3-17.72.14 nscd-2.11.3-17.72.14 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): glibc-32bit-2.11.3-17.72.14 glibc-devel-32bit-2.11.3-17.72.14 glibc-locale-32bit-2.11.3-17.72.14 glibc-profile-32bit-2.11.3-17.72.14 - SUSE Linux Enterprise Server 11 SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.72.14 glibc-devel-2.11.3-17.72.14 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.72.14 glibc-i18ndata-2.11.3-17.72.14 glibc-info-2.11.3-17.72.14 glibc-locale-2.11.3-17.72.14 glibc-profile-2.11.3-17.72.14 nscd-2.11.3-17.72.14 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.72.14 glibc-devel-32bit-2.11.3-17.72.14 glibc-locale-32bit-2.11.3-17.72.14 glibc-profile-32bit-2.11.3-17.72.14 - SUSE Linux Enterprise Server 11 SP3 (ia64): glibc-locale-x86-2.11.3-17.72.14 glibc-profile-x86-2.11.3-17.72.14 glibc-x86-2.11.3-17.72.14 - SUSE Linux Enterprise Desktop 11 SP3 (i586 i686 x86_64): glibc-2.11.3-17.72.14 glibc-devel-2.11.3-17.72.14 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): glibc-i18ndata-2.11.3-17.72.14 glibc-locale-2.11.3-17.72.14 nscd-2.11.3-17.72.14 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): glibc-32bit-2.11.3-17.72.14 glibc-devel-32bit-2.11.3-17.72.14 glibc-locale-32bit-2.11.3-17.72.14 References: http://support.novell.com/security/cve/CVE-2014-5119.html https://bugzilla.novell.com/888347 https://bugzilla.novell.com/892065 https://bugzilla.novell.com/892073 http://download.suse.com/patch/finder/?keywords=b84219db4b55e263e5f4c158906891f0 From sle-updates at lists.suse.com Mon Sep 15 11:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Sep 2014 19:04:14 +0200 (CEST) Subject: SUSE-SU-2014:1128-1: important: Security update for glibc Message-ID: <20140915170414.BBA72321DE@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1128-1 Rating: important References: #779320 #801246 #824639 #834594 #839870 #842291 #860501 #882600 #892073 #894553 #894556 Cross-References: CVE-2012-4412 CVE-2013-0242 CVE-2013-4237 CVE-2013-4332 CVE-2014-4043 CVE-2014-5119 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 5 fixes is now available. Description: This glibc update fixes a critical privilege escalation problem and the following security and non-security issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) * bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) * bnc#860501: Use O_LARGEFILE for utmp file. * bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff. * bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) * bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) * bnc#824639: Drop lock before calling malloc_printerr. * bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) * bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) * bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134) Security Issues: * CVE-2014-5119 * CVE-2014-4043 * CVE-2013-4332 * CVE-2013-4237 * CVE-2013-0242 * CVE-2012-4412 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 i686 s390x x86_64): glibc-2.4-31.77.112.1 glibc-devel-2.4-31.77.112.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): glibc-html-2.4-31.77.112.1 glibc-i18ndata-2.4-31.77.112.1 glibc-info-2.4-31.77.112.1 glibc-locale-2.4-31.77.112.1 glibc-profile-2.4-31.77.112.1 nscd-2.4-31.77.112.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): glibc-32bit-2.4-31.77.112.1 glibc-devel-32bit-2.4-31.77.112.1 glibc-locale-32bit-2.4-31.77.112.1 glibc-profile-32bit-2.4-31.77.112.1 References: http://support.novell.com/security/cve/CVE-2012-4412.html http://support.novell.com/security/cve/CVE-2013-0242.html http://support.novell.com/security/cve/CVE-2013-4237.html http://support.novell.com/security/cve/CVE-2013-4332.html http://support.novell.com/security/cve/CVE-2014-4043.html http://support.novell.com/security/cve/CVE-2014-5119.html https://bugzilla.novell.com/779320 https://bugzilla.novell.com/801246 https://bugzilla.novell.com/824639 https://bugzilla.novell.com/834594 https://bugzilla.novell.com/839870 https://bugzilla.novell.com/842291 https://bugzilla.novell.com/860501 https://bugzilla.novell.com/882600 https://bugzilla.novell.com/892073 https://bugzilla.novell.com/894553 https://bugzilla.novell.com/894556 http://download.suse.com/patch/finder/?keywords=190862be14e3ed91b361e0b0a66e292a From sle-updates at lists.suse.com Mon Sep 15 11:06:37 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Sep 2014 19:06:37 +0200 (CEST) Subject: SUSE-SU-2014:1129-1: important: Security update for glibc Message-ID: <20140915170637.CEBF2321DE@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1129-1 Rating: important References: #836746 #844309 #892073 #894553 #894556 Cross-References: CVE-2012-6656 CVE-2013-4357 CVE-2014-5119 CVE-2014-6040 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This glibc update fixes a critical privilege escalation problem and two additional issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) * bnc#836746: Avoid race between {, __de}allocate_stack and __reclaim_stacks during fork. * bnc#844309: Fixed various overflows, reading large /etc/hosts or long names. (CVE-2013-4357) * bnc#894553, bnc#894556: Fixed various crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656) Security Issues: * CVE-2012-6656 * CVE-2013-4357 * CVE-2014-5119 * CVE-2014-6040 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-glibc-9721 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.45.53.1 glibc-devel-2.11.3-17.45.53.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.45.53.1 glibc-i18ndata-2.11.3-17.45.53.1 glibc-info-2.11.3-17.45.53.1 glibc-locale-2.11.3-17.45.53.1 glibc-profile-2.11.3-17.45.53.1 nscd-2.11.3-17.45.53.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): glibc-32bit-2.11.3-17.45.53.1 glibc-devel-32bit-2.11.3-17.45.53.1 glibc-locale-32bit-2.11.3-17.45.53.1 glibc-profile-32bit-2.11.3-17.45.53.1 References: http://support.novell.com/security/cve/CVE-2012-6656.html http://support.novell.com/security/cve/CVE-2013-4357.html http://support.novell.com/security/cve/CVE-2014-5119.html http://support.novell.com/security/cve/CVE-2014-6040.html https://bugzilla.novell.com/836746 https://bugzilla.novell.com/844309 https://bugzilla.novell.com/892073 https://bugzilla.novell.com/894553 https://bugzilla.novell.com/894556 http://download.suse.com/patch/finder/?keywords=cd8403453563e9d5a949d2219d62a993 From sle-updates at lists.suse.com Mon Sep 15 17:04:33 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Sep 2014 01:04:33 +0200 (CEST) Subject: SUSE-RU-2014:1131-1: Recommended update for SUSE Studio Message-ID: <20140915230433.4A94E321DE@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Studio ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1131-1 Rating: low References: #821211 #846792 #869709 #870539 #875682 #877692 #878851 #882186 #883479 #887489 #889372 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. It includes one version update. Description: This update provides SUSE Studio 1.3.8, including many enhancements and bug fixes. The following issues have been fixed by this update: * bnc#887489 - Can't copy image tree to disk: "rsync: set_acl: sys_acl_set_file Operation not supported". * bnc#869709 - Unable to create appliance imported from 1.2 server. * bnc#846792 - SLE license is not shown when SUSE Cloud support is enabled. * bnc#875682 - Unable to re-enable disabled repositories. * bnc#821211 - POST of overlay file behaves differently in 1.3 than it does in 1.2. * bnc#882186 - Update Syntax library and fix copyright header. * bnc#877692 - Switching repos not recorded in changelog. * bnc#870539 - pgsql dump not recorded in changelog. * bnc#883479 - Graphics fail in testdrive with UEFI enabled appliance. * bnc#878851 - Directory traversal issue in rubygem-actionpack. (CVE-2014-0130) * bnc#889372 - Error SID failed service ping. Cache is not available for this repository. Security Issues: * CVE-2014-0130 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-138-201408-9638 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.8]: susestudio-1.3.8-0.15.2 susestudio-bundled-packages-1.3.8-0.15.2 susestudio-common-1.3.8-0.15.2 susestudio-runner-1.3.8-0.15.2 susestudio-sid-1.3.8-0.15.2 susestudio-ui-server-1.3.8-0.15.2 References: http://support.novell.com/security/cve/CVE-2014-0130.html https://bugzilla.novell.com/821211 https://bugzilla.novell.com/846792 https://bugzilla.novell.com/869709 https://bugzilla.novell.com/870539 https://bugzilla.novell.com/875682 https://bugzilla.novell.com/877692 https://bugzilla.novell.com/878851 https://bugzilla.novell.com/882186 https://bugzilla.novell.com/883479 https://bugzilla.novell.com/887489 https://bugzilla.novell.com/889372 http://download.suse.com/patch/finder/?keywords=41de1f34dbe9da845bd7348fd35ef0f9 From sle-updates at lists.suse.com Tue Sep 16 10:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Sep 2014 18:04:14 +0200 (CEST) Subject: SUSE-SU-2014:1137-1: important: Security update for procmail Message-ID: <20140916160414.1EDB4321DE@maintenance.suse.de> SUSE Security Update: Security update for procmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1137-1 Rating: important References: #894999 Cross-References: CVE-2014-3618 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: procmail was updated to fix a security issue in its formail helper. * When formail processed specially crafted e-mail headers a heap corruption could be triggered, which would lead to a crash of formail. (CVE-2014-3618) Security Issues: * CVE-2014-3618 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-procmail-9689 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-procmail-9689 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-procmail-9689 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): procmail-3.22-240.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): procmail-3.22-240.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): procmail-3.22-240.8.1 References: http://support.novell.com/security/cve/CVE-2014-3618.html https://bugzilla.novell.com/894999 http://download.suse.com/patch/finder/?keywords=04c0ff20564be8dcec09a614771f2731 From sle-updates at lists.suse.com Tue Sep 16 11:04:17 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Sep 2014 19:04:17 +0200 (CEST) Subject: SUSE-SU-2014:1138-1: important: Security update for the Linux Kernel Message-ID: <20140916170417.95003321E7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1138-1 Rating: important References: #794824 #806431 #831058 #854722 #856756 #871797 #877257 #879921 #880484 #881051 #882809 #883526 #883724 #883795 #884530 #885422 #885725 #887082 #889173 #892490 Cross-References: CVE-2013-1860 CVE-2013-4162 CVE-2013-7266 CVE-2013-7267 CVE-2013-7268 CVE-2013-7269 CVE-2013-7270 CVE-2013-7271 CVE-2014-0203 CVE-2014-3144 CVE-2014-3145 CVE-2014-3917 CVE-2014-4508 CVE-2014-4652 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4656 CVE-2014-4667 CVE-2014-4699 CVE-2014-4943 CVE-2014-5077 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. It includes one version update. Description: The SUSE Linux Enterprise Server 11 SP1 LTSS received a roll up update to fix several security and non-security issues. The following security issues have been fixed: * CVE-2013-1860: Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. (bnc#806431) * CVE-2013-4162: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (bnc#831058) * CVE-2014-0203: The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call. (bnc#883526) * CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257) * CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257) * CVE-2014-3917: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484) * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724) * CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) * CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) * CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795) * CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795) * CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795) * CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. (bnc#885422) * CVE-2014-4699: The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725) * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. (bnc#887082) * CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (bnc#889173) * CVE-2013-7266: The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) * CVE-2013-7267: The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) * CVE-2013-7268: The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) * CVE-2013-7269: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) * CVE-2013-7270: The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) * CVE-2013-7271: The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (bnc#854722) The following bugs have been fixed: * mac80211: Fix AP powersave TX vs. wakeup race (bnc#871797). * tcp: Allow to disable cwnd moderation in TCP_CA_Loss state (bnc#879921). * tcp: Adapt selected parts of RFC 5682 and PRR logic (bnc#879921). * flock: Fix allocation and BKL (bnc#882809). * sunrpc: Close a rare race in xs_tcp_setup_socket (bnc#794824, bnc#884530). * isofs: Fix unbounded recursion when processing relocated directories (bnc#892490). * bonding: Fix a race condition on cleanup in bond_send_unsolicited_na() (bnc#856756). * block: Fix race between request completion and timeout handling (bnc#881051). * Fix kABI breakage due to addition of user_ctl_lock (bnc#883795). Security Issues: * CVE-2013-1860 * CVE-2013-4162 * CVE-2013-7266 * CVE-2013-7267 * CVE-2013-7268 * CVE-2013-7269 * CVE-2013-7270 * CVE-2013-7271 * CVE-2014-0203 * CVE-2014-3144 * CVE-2014-3145 * CVE-2014-3917 * CVE-2014-4508 * CVE-2014-4652 * CVE-2014-4653 * CVE-2014-4654 * CVE-2014-4655 * CVE-2014-4656 * CVE-2014-4667 * CVE-2014-4699 * CVE-2014-4943 * CVE-2014-5077 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-kernel-9658 slessp1-kernel-9660 slessp1-kernel-9667 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2.6.32.59]: kernel-default-2.6.32.59-0.15.2 kernel-default-base-2.6.32.59-0.15.2 kernel-default-devel-2.6.32.59-0.15.2 kernel-source-2.6.32.59-0.15.2 kernel-syms-2.6.32.59-0.15.2 kernel-trace-2.6.32.59-0.15.2 kernel-trace-base-2.6.32.59-0.15.2 kernel-trace-devel-2.6.32.59-0.15.2 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64) [New Version: 2.6.32.59]: kernel-ec2-2.6.32.59-0.15.2 kernel-ec2-base-2.6.32.59-0.15.2 kernel-ec2-devel-2.6.32.59-0.15.2 kernel-xen-2.6.32.59-0.15.2 kernel-xen-base-2.6.32.59-0.15.2 kernel-xen-devel-2.6.32.59-0.15.2 xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.15-0.5.26 xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.15-0.5.26 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x) [New Version: 2.6.32.59]: kernel-default-man-2.6.32.59-0.15.2 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586) [New Version: 2.6.32.59]: kernel-pae-2.6.32.59-0.15.2 kernel-pae-base-2.6.32.59-0.15.2 kernel-pae-devel-2.6.32.59-0.15.2 xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.15-0.5.26 - SLE 11 SERVER Unsupported Extras (i586 s390x x86_64): kernel-default-extra-2.6.32.59-0.15.2 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-2.6.32.59-0.15.2 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-2.6.32.59-0.15.2 References: http://support.novell.com/security/cve/CVE-2013-1860.html http://support.novell.com/security/cve/CVE-2013-4162.html http://support.novell.com/security/cve/CVE-2013-7266.html http://support.novell.com/security/cve/CVE-2013-7267.html http://support.novell.com/security/cve/CVE-2013-7268.html http://support.novell.com/security/cve/CVE-2013-7269.html http://support.novell.com/security/cve/CVE-2013-7270.html http://support.novell.com/security/cve/CVE-2013-7271.html http://support.novell.com/security/cve/CVE-2014-0203.html http://support.novell.com/security/cve/CVE-2014-3144.html http://support.novell.com/security/cve/CVE-2014-3145.html http://support.novell.com/security/cve/CVE-2014-3917.html http://support.novell.com/security/cve/CVE-2014-4508.html http://support.novell.com/security/cve/CVE-2014-4652.html http://support.novell.com/security/cve/CVE-2014-4653.html http://support.novell.com/security/cve/CVE-2014-4654.html http://support.novell.com/security/cve/CVE-2014-4655.html http://support.novell.com/security/cve/CVE-2014-4656.html http://support.novell.com/security/cve/CVE-2014-4667.html http://support.novell.com/security/cve/CVE-2014-4699.html http://support.novell.com/security/cve/CVE-2014-4943.html http://support.novell.com/security/cve/CVE-2014-5077.html https://bugzilla.novell.com/794824 https://bugzilla.novell.com/806431 https://bugzilla.novell.com/831058 https://bugzilla.novell.com/854722 https://bugzilla.novell.com/856756 https://bugzilla.novell.com/871797 https://bugzilla.novell.com/877257 https://bugzilla.novell.com/879921 https://bugzilla.novell.com/880484 https://bugzilla.novell.com/881051 https://bugzilla.novell.com/882809 https://bugzilla.novell.com/883526 https://bugzilla.novell.com/883724 https://bugzilla.novell.com/883795 https://bugzilla.novell.com/884530 https://bugzilla.novell.com/885422 https://bugzilla.novell.com/885725 https://bugzilla.novell.com/887082 https://bugzilla.novell.com/889173 https://bugzilla.novell.com/892490 http://download.suse.com/patch/finder/?keywords=33223d7de0d6fcaf9f12c0175a720ae1 http://download.suse.com/patch/finder/?keywords=753dcd87154cfcee28dc062d0421697d http://download.suse.com/patch/finder/?keywords=ad20790f90bee656575f760123b63fe2 http://download.suse.com/patch/finder/?keywords=bb89429b2b6bbf8e51a9b446b5a9f825 http://download.suse.com/patch/finder/?keywords=cc2185e1b7bb5f72a49d967c7dcf07ee http://download.suse.com/patch/finder/?keywords=f3d32743e8c31acee5f4fb836923cc28 From sle-updates at lists.suse.com Wed Sep 17 16:05:22 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Sep 2014 00:05:22 +0200 (CEST) Subject: SUSE-SU-2014:1140-1: important: Security update for squid3 Message-ID: <20140917220522.C3AF2321F0@maintenance.suse.de> SUSE Security Update: Security update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1140-1 Rating: important References: #893649 Cross-References: CVE-2014-3609 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Squid3 was updated to fix a denial of service in Range Header processing, which would have allowed proxy users to crash the squid proxy process. (CVE-2014-3609) Security Issues: * CVE-2014-3609 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-squid3-9729 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-squid3-9729 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): squid3-3.1.12-8.16.20.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): squid3-3.1.12-8.16.20.1 References: http://support.novell.com/security/cve/CVE-2014-3609.html https://bugzilla.novell.com/893649 http://download.suse.com/patch/finder/?keywords=3bbd1bc6081bef0e6021f21703b952ea From sle-updates at lists.suse.com Wed Sep 17 17:04:18 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Sep 2014 01:04:18 +0200 (CEST) Subject: SUSE-SU-2014:1141-1: moderate: Security update for php53 Message-ID: <20140917230418.E01DF321D8@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1141-1 Rating: moderate References: #893849 #893853 Cross-References: CVE-2014-4049 CVE-2014-5459 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This php53 update fixes the following security issues: * Insecure temporary file used for cache data was fixed by switching to a different root only directory /var/cache/php-pear. (CVE-2014-5459) * An incomplete fix for CVE-2014-4049. (CVE-2014-3597) Security Issues: * CVE-2014-5459 * CVE-2014-4049 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_php53-9718 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_php53-9718 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_php53-9718 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-0.29.1 php53-imap-5.3.17-0.29.1 php53-posix-5.3.17-0.29.1 php53-readline-5.3.17-0.29.1 php53-sockets-5.3.17-0.29.1 php53-sqlite-5.3.17-0.29.1 php53-tidy-5.3.17-0.29.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_php53-5.3.17-0.29.1 php53-5.3.17-0.29.1 php53-bcmath-5.3.17-0.29.1 php53-bz2-5.3.17-0.29.1 php53-calendar-5.3.17-0.29.1 php53-ctype-5.3.17-0.29.1 php53-curl-5.3.17-0.29.1 php53-dba-5.3.17-0.29.1 php53-dom-5.3.17-0.29.1 php53-exif-5.3.17-0.29.1 php53-fastcgi-5.3.17-0.29.1 php53-fileinfo-5.3.17-0.29.1 php53-ftp-5.3.17-0.29.1 php53-gd-5.3.17-0.29.1 php53-gettext-5.3.17-0.29.1 php53-gmp-5.3.17-0.29.1 php53-iconv-5.3.17-0.29.1 php53-intl-5.3.17-0.29.1 php53-json-5.3.17-0.29.1 php53-ldap-5.3.17-0.29.1 php53-mbstring-5.3.17-0.29.1 php53-mcrypt-5.3.17-0.29.1 php53-mysql-5.3.17-0.29.1 php53-odbc-5.3.17-0.29.1 php53-openssl-5.3.17-0.29.1 php53-pcntl-5.3.17-0.29.1 php53-pdo-5.3.17-0.29.1 php53-pear-5.3.17-0.29.1 php53-pgsql-5.3.17-0.29.1 php53-pspell-5.3.17-0.29.1 php53-shmop-5.3.17-0.29.1 php53-snmp-5.3.17-0.29.1 php53-soap-5.3.17-0.29.1 php53-suhosin-5.3.17-0.29.1 php53-sysvmsg-5.3.17-0.29.1 php53-sysvsem-5.3.17-0.29.1 php53-sysvshm-5.3.17-0.29.1 php53-tokenizer-5.3.17-0.29.1 php53-wddx-5.3.17-0.29.1 php53-xmlreader-5.3.17-0.29.1 php53-xmlrpc-5.3.17-0.29.1 php53-xmlwriter-5.3.17-0.29.1 php53-xsl-5.3.17-0.29.1 php53-zip-5.3.17-0.29.1 php53-zlib-5.3.17-0.29.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-0.29.1 php53-5.3.17-0.29.1 php53-bcmath-5.3.17-0.29.1 php53-bz2-5.3.17-0.29.1 php53-calendar-5.3.17-0.29.1 php53-ctype-5.3.17-0.29.1 php53-curl-5.3.17-0.29.1 php53-dba-5.3.17-0.29.1 php53-dom-5.3.17-0.29.1 php53-exif-5.3.17-0.29.1 php53-fastcgi-5.3.17-0.29.1 php53-fileinfo-5.3.17-0.29.1 php53-ftp-5.3.17-0.29.1 php53-gd-5.3.17-0.29.1 php53-gettext-5.3.17-0.29.1 php53-gmp-5.3.17-0.29.1 php53-iconv-5.3.17-0.29.1 php53-intl-5.3.17-0.29.1 php53-json-5.3.17-0.29.1 php53-ldap-5.3.17-0.29.1 php53-mbstring-5.3.17-0.29.1 php53-mcrypt-5.3.17-0.29.1 php53-mysql-5.3.17-0.29.1 php53-odbc-5.3.17-0.29.1 php53-openssl-5.3.17-0.29.1 php53-pcntl-5.3.17-0.29.1 php53-pdo-5.3.17-0.29.1 php53-pear-5.3.17-0.29.1 php53-pgsql-5.3.17-0.29.1 php53-pspell-5.3.17-0.29.1 php53-shmop-5.3.17-0.29.1 php53-snmp-5.3.17-0.29.1 php53-soap-5.3.17-0.29.1 php53-suhosin-5.3.17-0.29.1 php53-sysvmsg-5.3.17-0.29.1 php53-sysvsem-5.3.17-0.29.1 php53-sysvshm-5.3.17-0.29.1 php53-tokenizer-5.3.17-0.29.1 php53-wddx-5.3.17-0.29.1 php53-xmlreader-5.3.17-0.29.1 php53-xmlrpc-5.3.17-0.29.1 php53-xmlwriter-5.3.17-0.29.1 php53-xsl-5.3.17-0.29.1 php53-zip-5.3.17-0.29.1 php53-zlib-5.3.17-0.29.1 References: http://support.novell.com/security/cve/CVE-2014-4049.html http://support.novell.com/security/cve/CVE-2014-5459.html https://bugzilla.novell.com/893849 https://bugzilla.novell.com/893853 http://download.suse.com/patch/finder/?keywords=621d50e26255ed12216a26f9f0d6e45c From sle-updates at lists.suse.com Thu Sep 18 13:04:48 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Sep 2014 21:04:48 +0200 (CEST) Subject: SUSE-RU-2014:1142-1: Recommended update for yast2-core Message-ID: <20140918190448.0F215321EE@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1142-1 Rating: low References: #854809 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update for yast2-core enables line buffering for parsing agent output. This fixes a case where certain configuration files (e.g. /etc/sudoers) could take over 10 minutes to parse if they contained single strings sized 100KB. (bnc#854809) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-yast2-core-9703 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-yast2-core-9703 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-yast2-core-9703 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-yast2-core-9703 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.46]: yast2-core-devel-2.17.46-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.17.46]: yast2-core-2.17.46-0.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.17.46]: yast2-core-2.17.46-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.17.46]: yast2-core-2.17.46-0.5.1 References: https://bugzilla.novell.com/854809 http://download.suse.com/patch/finder/?keywords=f93b910ea248f41aa04fb69c0412d034 From sle-updates at lists.suse.com Thu Sep 18 19:04:40 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Sep 2014 03:04:40 +0200 (CEST) Subject: SUSE-RU-2014:1143-1: Recommended update for puppet, facter Message-ID: <20140919010440.28810321D8@maintenance.suse.de> SUSE Recommended Update: Recommended update for puppet, facter ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1143-1 Rating: low References: #843161 #885269 #889585 #895587 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. It includes two new package versions. Description: This update provides Puppet 2.7.26 and Facter 1.6.18, which bring many fixes and enhancements. Although the most common use cases have been tested with the new version, customers using modules provided by other vendors are advised to apply this update on non-production systems first and verify that there are no incompatibilities. For a comprehensive list of changes in this new version, please refer to the release notes: https://docs.puppetlabs.com/puppet/2.7/reference/release_notes.html and https://docs.puppetlabs.com/facter/1.6/release_notes.html . Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-puppet27-201409-9725 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-puppet27-201409-9725 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-puppet27-201409-9725 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.6.18 and 2.7.26]: facter-1.6.18-0.3.1 puppet-2.7.26-0.3.7 puppet-server-2.7.26-0.3.7 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.6.18 and 2.7.26]: facter-1.6.18-0.3.1 puppet-2.7.26-0.3.7 puppet-server-2.7.26-0.3.7 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.6.18 and 2.7.26]: facter-1.6.18-0.3.1 puppet-2.7.26-0.3.7 References: https://bugzilla.novell.com/843161 https://bugzilla.novell.com/885269 https://bugzilla.novell.com/889585 https://bugzilla.novell.com/895587 http://download.suse.com/patch/finder/?keywords=79bb3e523294bc79057536bdc082b973 From sle-updates at lists.suse.com Fri Sep 19 15:04:45 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Sep 2014 23:04:45 +0200 (CEST) Subject: SUSE-SU-2014:1146-1: important: Security update for dbus-1 Message-ID: <20140919210445.E695D321F6@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1146-1 Rating: important References: #896453 Cross-References: CVE-2014-3638 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Various denial of service issues were fixed in the DBUS service. * CVE-2014-3638: dbus-daemon tracks whether method call messages expect a reply, so that unsolicited replies can be dropped. As currently implemented, if there are n parallel method calls in progress, each method reply takes O(n) CPU time. A malicious user could exploit this by opening the maximum allowed number of parallel connections and sending the maximum number of parallel method calls on each one, causing subsequent method calls to be unreasonably slow, a denial of service. * CVE-2014-3639: dbus-daemon allows a small number of "incomplete" connections (64 by default) whose identity has not yet been confirmed. When this limit has been reached, subsequent connections are dropped. Alban's testing indicates that one malicious process that makes repeated connection attempts, but never completes the authentication handshake and instead waits for dbus-daemon to time out and disconnect it, can cause the majority of legitimate connection attempts to fail. Security Issues: * CVE-2014-3638 * CVE-2014-3638 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-dbus-1-9733 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-dbus-1-9733 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-dbus-1-9733 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-dbus-1-9733 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): dbus-1-devel-1.2.10-3.31.1 dbus-1-devel-doc-1.2.10-3.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): dbus-1-1.2.10-3.31.1 dbus-1-x11-1.2.10-3.31.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): dbus-1-32bit-1.2.10-3.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): dbus-1-1.2.10-3.31.1 dbus-1-x11-1.2.10-3.31.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): dbus-1-32bit-1.2.10-3.31.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): dbus-1-x86-1.2.10-3.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): dbus-1-1.2.10-3.31.1 dbus-1-x11-1.2.10-3.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): dbus-1-32bit-1.2.10-3.31.1 References: http://support.novell.com/security/cve/CVE-2014-3638.html https://bugzilla.novell.com/896453 http://download.suse.com/patch/finder/?keywords=d849773a0381e2782725dff671102c86 From sle-updates at lists.suse.com Fri Sep 19 16:05:18 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Sep 2014 00:05:18 +0200 (CEST) Subject: SUSE-RU-2014:1147-1: Recommended update for supportutils Message-ID: <20140919220518.2F276321F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1147-1 Rating: low References: #889946 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils provides the following fixes: * Fixed /sys/class/drm hang issue in supportconfig. (bnc#889946) * Collect information about Novell DSfW. * Fixed NSS errors when Manage_NSS is missing. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-supportutils-9724 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-supportutils-9724 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-supportutils-9724 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): supportutils-1.20-0.111.2 - SUSE Linux Enterprise Server 11 SP3 (noarch): supportutils-1.20-0.111.2 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): supportutils-1.20-0.111.2 References: https://bugzilla.novell.com/889946 http://download.suse.com/patch/finder/?keywords=b9c1e182d234e1308944f4d61dbe7617 From sle-updates at lists.suse.com Fri Sep 19 17:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Sep 2014 01:04:13 +0200 (CEST) Subject: SUSE-RU-2014:1148-1: Recommended update for rng-tools Message-ID: <20140919230413.22874321D8@maintenance.suse.de> SUSE Recommended Update: Recommended update for rng-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1148-1 Rating: low References: #849202 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes usage of RDRAND support from recent CPUs in rng-tools initialization script. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-rng-tools-9723 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-rng-tools-9723 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-rng-tools-9723 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): rng-tools-4-0.11.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 x86_64): rng-tools-4-0.11.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): rng-tools-4-0.11.1 References: https://bugzilla.novell.com/849202 http://download.suse.com/patch/finder/?keywords=69f3c923449d37bcd58ca3a65b493b67 From sle-updates at lists.suse.com Mon Sep 22 11:04:17 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Sep 2014 19:04:17 +0200 (CEST) Subject: SUSE-RU-2014:1152-1: Recommended update for timezone Message-ID: <20140922170417.B80F432234@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1152-1 Rating: low References: #890921 #892843 #894862 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update provides the latest timezone information (2014g) for your system, including the following changes: * Russia will subtract an hour from most of its time zones on 2014-10-26 at 02:00 local time. * Turks & Caicos are switching from US eastern time to UTC-4 year-round, modeled as a switch from EST/EDT to AST on 2014-11-02 at 02:00. * Many past time stamps were updated for correctness. * Many time zone abbreviations were adjusted or fixed. * Many performance enhancements and fixes in the time zone manipulation utilities. * A new file 'zone1970.tab' was added. The new file's extended format allows multiple country codes per zone. New applications should use the new file. * Some code fixes in 'localtime', 'zic', 'mktime' and 'yearistype'. For a comprehensive list of changes, refer to the release announces from ICANN: * http://mm.icann.org/pipermail/tz-announce/2014-August/000023.html * http://mm.icann.org/pipermail/tz-announce/2014-August/000024.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-timezone-2014g-9695 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 2014g]: timezone-2014g-0.3.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (noarch) [New Version: 2014g]: timezone-java-2014g-0.3.1 References: https://bugzilla.suse.com/890921 https://bugzilla.suse.com/892843 https://bugzilla.suse.com/894862 http://download.suse.com/patch/finder/?keywords=aba0d267a681c3825fc479e8a2c8f8d5 From sle-updates at lists.suse.com Mon Sep 22 12:04:24 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Sep 2014 20:04:24 +0200 (CEST) Subject: SUSE-SU-2014:1153-1: moderate: Security update for python-django Message-ID: <20140922180424.0E69C32234@maintenance.suse.de> SUSE Security Update: Security update for python-django ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1153-1 Rating: moderate References: #893087 #893088 #893089 #893090 Cross-References: CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 Affected Products: SUSE Cloud 4 SUSE Cloud 3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: python-django was updated to 1.5.10 fixing bugs and security issues: * Prevented reverse() from generating URLs pointing to other hosts to prevent phishing attacks. (bnc#893087, CVE-2014-0480) * Removed O(n) algorithm when uploading duplicate file names to fix file upload denial of service. (bnc#893088, CVE-2014-0481) * Modified RemoteUserMiddleware to logout on REMOTE_USE change to prevent session hijacking. (bnc#893089, CVE-2014-0482) * Prevented data leakage in contrib.admin via query string manipulation. (bnc#893090, CVE-2014-0483) Security Issues: * CVE-2014-0480 * CVE-2014-0481 * CVE-2014-0482 * CVE-2014-0483 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-python-django-9684 - SUSE Cloud 3: zypper in -t patch sleclo30sp3-python-django-9685 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 1.5.10]: python-django-1.5.10-0.11.1 - SUSE Cloud 3 (x86_64) [New Version: 1.5.10]: python-django-1.5.10-0.8.1 References: http://support.novell.com/security/cve/CVE-2014-0480.html http://support.novell.com/security/cve/CVE-2014-0481.html http://support.novell.com/security/cve/CVE-2014-0482.html http://support.novell.com/security/cve/CVE-2014-0483.html https://bugzilla.suse.com/893087 https://bugzilla.suse.com/893088 https://bugzilla.suse.com/893089 https://bugzilla.suse.com/893090 http://download.suse.com/patch/finder/?keywords=24f89316c81f05accc59e0c3f834c0da http://download.suse.com/patch/finder/?keywords=d3ce4da1a86bd6fc9912ef1d22bc8d07 From sle-updates at lists.suse.com Mon Sep 22 16:04:14 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Sep 2014 00:04:14 +0200 (CEST) Subject: SUSE-RU-2014:1152-2: Recommended update for timezone Message-ID: <20140922220414.06D4332234@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1152-2 Rating: low References: #890921 #892843 #894862 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update provides the latest timezone information (2014g) for your system, including the following changes: * Russia will subtract an hour from most of its time zones on 2014-10-26 at 02:00 local time. * Turks & Caicos are switching from US eastern time to UTC-4 year-round, modeled as a switch from EST/EDT to AST on 2014-11-02 at 02:00. * Many past time stamps were updated for correctness. * Many time zone abbreviations were adjusted or fixed. * Many performance enhancements and fixes in the time zone manipulation utilities. * A new file 'zone1970.tab' was added. The new file's extended format allows multiple country codes per zone. New applications should use the new file. * Some code fixes in 'localtime', 'zic', 'mktime' and 'yearistype'. For a comprehensive list of changes, refer to the release announces from ICANN: * http://mm.icann.org/pipermail/tz-announce/2014-August/000023.html * http://mm.icann.org/pipermail/tz-announce/2014-August/000024.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-timezone-2014g-9693 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-timezone-2014g-9693 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-timezone-2014g-9693 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-timezone-2014g-9694 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-timezone-2014g-9693 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 2014g]: timezone-java-2014g-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2014g]: timezone-2014g-0.3.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2014g]: timezone-java-2014g-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2014g]: timezone-2014g-0.3.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2014g]: timezone-java-2014g-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2014g]: timezone-2014g-0.3.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch) [New Version: 2014g]: timezone-java-2014g-0.3.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 2014g]: timezone-2014g-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 2014g]: timezone-2014g-0.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2014g]: timezone-2014g-0.3.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2014g]: timezone-java-2014g-0.3.1 References: https://bugzilla.suse.com/890921 https://bugzilla.suse.com/892843 https://bugzilla.suse.com/894862 http://download.suse.com/patch/finder/?keywords=1bac29d0fe2c046e1b9c5749ca771ea3 http://download.suse.com/patch/finder/?keywords=22bb5e3b85067bd15225024498e4c57c http://download.suse.com/patch/finder/?keywords=53bb91de157388b6dbfe355f60118061 http://download.suse.com/patch/finder/?keywords=92c809ee7a5d84406ec5cf97b6407fe8 From sle-updates at lists.suse.com Tue Sep 23 08:52:18 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Sep 2014 16:52:18 +0200 (CEST) Subject: SUSE-RU-2014:1177-1: moderate: Update for update-test-affects-package-manager Message-ID: <20140923145218.4F335320F0@maintenance.suse.de> SUSE Recommended Update: Update for update-test-affects-package-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1177-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This recommended update should be installed first and trigger a restart of the software update stack. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-57 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-57 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): update-test-affects-package-manager-0-23.1 - SUSE Linux Enterprise Desktop 12 (noarch): update-test-affects-package-manager-0-23.1 References: From sle-updates at lists.suse.com Tue Sep 23 08:52:25 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Sep 2014 16:52:25 +0200 (CEST) Subject: SUSE-SU-2014:1178-1: moderate: Update for update-test-security Message-ID: <20140923145225.373B93223E@maintenance.suse.de> SUSE Security Update: Update for update-test-security ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1178-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This is a security update to test the software update stack. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-53 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-53 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): update-test-security-0-11.2 - SUSE Linux Enterprise Desktop 12 (noarch): update-test-security-0-11.2 References: From sle-updates at lists.suse.com Tue Sep 23 17:04:17 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Sep 2014 01:04:17 +0200 (CEST) Subject: SUSE-SU-2014:1208-1: moderate: Security update for OpenSSL Message-ID: <20140923230417.8BFCA321D9@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1208-1 Rating: moderate References: #859228 #859924 #860332 #862181 #870192 #890764 #890767 #890768 #890769 #890770 Cross-References: CVE-2014-0076 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510 Affected Products: SUSE Studio Onsite 1.3 SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has one errata is now available. Description: This OpenSSL update fixes the following security issues: * SSL/TLS man-in-the-middle vulnerability. (CVE-2014-0224) * DTLS recursion flaw. (CVE-2014-0221) * Anonymous ECDH denial of service. (CVE-2014-3470) * Using the FLUSH+RELOAD Cache Side-channel Attack the nonces could have been recovered. (CVE-2014-0076) * Information leak in pretty printing functions. (CVE-2014-3508) * Double Free when processing DTLS packets. (CVE-2014-3505) * DTLS memory exhaustion. (CVE-2014-3506) * DTLS memory leak from zero-length fragments. (CVE-2014-3507) * DTLS anonymous EC(DH) denial of service. (CVE-2014-3510) Further information about these vulnerabilities can be found at http://www.openssl.org/news/secadv_20140605.txt and http://www.openssl.org/news/secadv_20140806.txt . Additionally, the following non-security fixes and enhancements have been included in this release: * Ensure that the stack is marked non-executable on x86 32bit. On other processor platforms it was already marked as non-executable before. (bnc#870192) * IPv6 support was added to the openssl s_client and s_server command line tool. (bnc#859228) * The openssl command line tool now checks certificates by default against /etc/ssl/certs (this can be changed via the -CApath option). (bnc#860332) * The Elliptic Curve Diffie-Hellman key exchange selector was enabled and can be selected by kECDHE, kECDH, ECDH tags in the SSL cipher string. (bnc#859924) * If an optional openssl1 command line tool is installed in parallel, c_rehash uses it to generate certificate hashes in both OpenSSL 0 and OpenSSL 1 style. This allows parallel usage of OpenSSL 0.9.8j and OpenSSL 1.x client libraries with a shared certificate store. (bnc#862181) Security Issues: * CVE-2014-3508 * CVE-2014-3505 * CVE-2014-3506 * CVE-2014-3507 * CVE-2014-3510 * CVE-2014-0224 * CVE-2014-0221 * CVE-2014-3470 * CVE-2014-0076 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-libopenssl-devel-9690 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-libopenssl-devel-9690 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.62.3 - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): libopenssl0_9_8-0.9.8j-0.62.3 libopenssl0_9_8-32bit-0.9.8j-0.62.3 libopenssl0_9_8-hmac-0.9.8j-0.62.3 libopenssl0_9_8-hmac-32bit-0.9.8j-0.62.3 openssl-0.9.8j-0.62.3 openssl-doc-0.9.8j-0.62.3 References: http://support.novell.com/security/cve/CVE-2014-0076.html http://support.novell.com/security/cve/CVE-2014-0221.html http://support.novell.com/security/cve/CVE-2014-0224.html http://support.novell.com/security/cve/CVE-2014-3470.html http://support.novell.com/security/cve/CVE-2014-3505.html http://support.novell.com/security/cve/CVE-2014-3506.html http://support.novell.com/security/cve/CVE-2014-3507.html http://support.novell.com/security/cve/CVE-2014-3508.html http://support.novell.com/security/cve/CVE-2014-3510.html https://bugzilla.suse.com/859228 https://bugzilla.suse.com/859924 https://bugzilla.suse.com/860332 https://bugzilla.suse.com/862181 https://bugzilla.suse.com/870192 https://bugzilla.suse.com/890764 https://bugzilla.suse.com/890767 https://bugzilla.suse.com/890768 https://bugzilla.suse.com/890769 https://bugzilla.suse.com/890770 http://download.suse.com/patch/finder/?keywords=527469b04d2464c79388bf3792428d91 From sle-updates at lists.suse.com Wed Sep 24 11:04:09 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Sep 2014 19:04:09 +0200 (CEST) Subject: SUSE-RU-2014:1209-1: Recommended update for udev Message-ID: <20140924170409.CABAE32243@maintenance.suse.de> SUSE Recommended Update: Recommended update for udev ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1209-1 Rating: low References: #880066 #881358 #884441 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for udev provides the following fixes: * ata_id: Skip ATA commands if we find an optical drive. (bnc#880066) * ata_id: Support SG_IO version 4 interface. (bnc#880066) * path_id: Add delay when CCW attributes are not available. (bnc#881358) * udevd: Improve error reporting when worker exits. (bnc#884441) * boot.udev_retry: Fix script to trigger failed events. (bnc#884441) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libgudev-1_0-0-9627 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libgudev-1_0-0-9627 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libgudev-1_0-0-9627 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libgudev-1_0-0-9627 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgudev-1_0-devel-147-0.94.1 libudev-devel-147-0.94.1 libudev0-147-0.94.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libgudev-1_0-0-147-0.94.1 libudev0-147-0.94.1 udev-147-0.94.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libgudev-1_0-0-32bit-147-0.94.1 libudev0-32bit-147-0.94.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgudev-1_0-0-147-0.94.1 libudev0-147-0.94.1 udev-147-0.94.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libgudev-1_0-0-32bit-147-0.94.1 libudev0-32bit-147-0.94.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libgudev-1_0-0-x86-147-0.94.1 libudev0-x86-147-0.94.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libgudev-1_0-0-147-0.94.1 libudev0-147-0.94.1 udev-147-0.94.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libgudev-1_0-0-32bit-147-0.94.1 libudev0-32bit-147-0.94.1 References: https://bugzilla.suse.com/880066 https://bugzilla.suse.com/881358 https://bugzilla.suse.com/884441 http://download.suse.com/patch/finder/?keywords=7b6d5f928c1d36817103a2681346c191 From sle-updates at lists.suse.com Wed Sep 24 11:04:44 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Sep 2014 19:04:44 +0200 (CEST) Subject: SUSE-RU-2014:1210-1: Recommended update for crowbar-barclamp-network Message-ID: <20140924170444.B4F1832247@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1210-1 Rating: low References: #882577 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-barclamp-network fixes bonding mode setting. (bnc#882577) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-crowbar-barclamp-network-9459 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (noarch): crowbar-barclamp-network-1.7+git.1400665081.272ea7b-0.7.2 References: https://bugzilla.suse.com/882577 http://download.suse.com/patch/finder/?keywords=6810753b2adc6384f359f6bec36e641e From sle-updates at lists.suse.com Wed Sep 24 15:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Sep 2014 23:04:13 +0200 (CEST) Subject: SUSE-SU-2014:1211-1: moderate: Security update for powerpc-utils Message-ID: <20140924210413.793D432243@maintenance.suse.de> SUSE Security Update: Security update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1211-1 Rating: moderate References: #883174 Cross-References: CVE-2014-4040 Affected Products: SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The "snap" system information collection tool of the PowerPC Utils package collected fstab and yaboot.conf files which might contain passwords. (CVE-2014-4040) As these files are of interest, we now print a warning that the user of the "snap" tool should check if private passwords are in those files. Security Issues: * CVE-2014-4040 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-powerpc-utils-9727 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (ppc64): powerpc-utils-1.2.16-0.13.1 References: http://support.novell.com/security/cve/CVE-2014-4040.html https://bugzilla.suse.com/883174 http://download.suse.com/patch/finder/?keywords=7454d90304ec215b2ef4a7c0690dc9ed From sle-updates at lists.suse.com Wed Sep 24 17:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Sep 2014 01:04:13 +0200 (CEST) Subject: SUSE-SU-2014:1212-1: critical: Security update for bash Message-ID: <20140924230413.C27EB321DA@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1212-1 Rating: critical References: #776694 #819783 #820149 #844550 #896776 Cross-References: CVE-2014-0475 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: bash has been updated to fix a critical security issue. In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271) Additionally, the following bugs have been fixed: * Fix crash when expanding '$[' without matching ']'. (bnc#844550) * Do not restart the signal handler after a trap is reset. (bnc#820149) * Work around a crash in libreadline. (bnc#819783) * Make skeleton files configurations files. (bnc#776694) Security Issues: * CVE-2014-6271 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-bash-9738 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): bash-3.2-147.14.20.1 bash-doc-3.2-147.14.20.1 libreadline5-5.2-147.14.20.1 readline-doc-5.2-147.14.20.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): libreadline5-32bit-5.2-147.14.20.1 References: http://support.novell.com/security/cve/CVE-2014-0475.html https://bugzilla.suse.com/776694 https://bugzilla.suse.com/819783 https://bugzilla.suse.com/820149 https://bugzilla.suse.com/844550 https://bugzilla.suse.com/896776 http://download.suse.com/patch/finder/?keywords=55e9078b7e861e70ae3998e079b22c52 From sle-updates at lists.suse.com Wed Sep 24 17:05:25 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Sep 2014 01:05:25 +0200 (CEST) Subject: SUSE-SU-2014:1213-1: critical: Security update for bash Message-ID: <20140924230525.1A7F632243@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1213-1 Rating: critical References: #896776 Cross-References: CVE-2014-0475 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: bash has been updated to fix a critical security issue. In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271) Security Issues: * CVE-2014-6271 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-bash-9740 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-bash-9740 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-bash-9740 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-bash-9736 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-bash-9740 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): readline-devel-5.2-147.20.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): readline-devel-32bit-5.2-147.20.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): libreadline5-5.2-147.20.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): bash-3.2-147.20.1 bash-doc-3.2-147.20.1 libreadline5-5.2-147.20.1 readline-doc-5.2-147.20.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libreadline5-32bit-5.2-147.20.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): bash-3.2-147.20.1 bash-doc-3.2-147.20.1 libreadline5-5.2-147.20.1 readline-doc-5.2-147.20.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libreadline5-32bit-5.2-147.20.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): bash-x86-3.2-147.20.1 libreadline5-x86-5.2-147.20.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): bash-3.2-147.14.20.1 bash-doc-3.2-147.14.20.1 libreadline5-5.2-147.14.20.1 readline-doc-5.2-147.14.20.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): libreadline5-32bit-5.2-147.14.20.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): bash-3.1-24.32.1 readline-5.1-24.32.1 readline-devel-5.1-24.32.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): readline-32bit-5.1-24.32.1 readline-devel-32bit-5.1-24.32.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): bash-3.2-147.20.1 bash-doc-3.2-147.20.1 libreadline5-5.2-147.20.1 readline-doc-5.2-147.20.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libreadline5-32bit-5.2-147.20.1 References: http://support.novell.com/security/cve/CVE-2014-0475.html https://bugzilla.suse.com/896776 http://download.suse.com/patch/finder/?keywords=083b250348bb7e8f6f3e4afc8a22fb86 http://download.suse.com/patch/finder/?keywords=5aa8890d421145a022bf2205e01b3c68 http://download.suse.com/patch/finder/?keywords=c0975ef449afcaa55a27dfd2df712a09 From sle-updates at lists.suse.com Wed Sep 24 17:05:37 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Sep 2014 01:05:37 +0200 (CEST) Subject: SUSE-SU-2014:1214-1: critical: Security update for bash Message-ID: <20140924230537.25E6332243@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1214-1 Rating: critical References: #688469 #770795 #896776 Cross-References: CVE-2012-3410 CVE-2014-0475 Affected Products: SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: bash has been updated to fix a critical security issue. In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271) Additionally, the following bugs have been fixed: * Avoid possible buffer overflow when expanding the /dev/fd prefix with e.g. the test built-in. (CVE-2012-3410) * Enable workaround for changed behavior of sshd. (bnc#688469) Security Issues: * CVE-2014-6271 * CVE-2012-3410 Package List: - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): bash-3.1-24.32.1 readline-5.1-24.32.1 readline-devel-5.1-24.32.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): readline-32bit-5.1-24.32.1 readline-devel-32bit-5.1-24.32.1 References: http://support.novell.com/security/cve/CVE-2012-3410.html http://support.novell.com/security/cve/CVE-2014-0475.html https://bugzilla.suse.com/688469 https://bugzilla.suse.com/770795 https://bugzilla.suse.com/896776 http://download.suse.com/patch/finder/?keywords=fd9fa24daf4d325c609035f0c778a723 From sle-updates at lists.suse.com Wed Sep 24 18:07:11 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Sep 2014 02:07:11 +0200 (CEST) Subject: SUSE-RU-2014:1215-1: Recommended update for Cloud 3 Message-ID: <20140925000711.05CD132243@maintenance.suse.de> SUSE Recommended Update: Recommended update for Cloud 3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1215-1 Rating: low References: #855331 #855333 #882866 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes 6 new package versions. Description: This collective update for Cloud 3 provides the following fixes: openstack-ceilometer: * Fix testing gate due to new keystoneclient release * Allow alarm threshold value set to 0. openstack-cinder: * Bump stable/havana next version to 2013.2.4 * Remove amqplib dependency * Update ensure()/reconnect() to catch MessagingError * User a more accurate max_delay for reconnects * VMware: Fixed upload-to-image for available volume * Update quota-set throw 500 error * GlusterFS: Fix deadlock in volume clone * GlusterFS: Synchronize additional operations * Fix volume transfer href issue * NetApp fix for vsadmin role failure for ssc * Add valid check and unit tests on quota class * Raise max header size to accommodate large tokens * Delete volume transfer in volume_destroy function * Cast the quota set values to integer before checking their validity * Hiding postgresql password in connection string * Don't raise MySQL 2013 'Lost connection' errors * Support volume_readonly_update using XML format * Catch ImageBusy exception when deleting rbd volume * Ensures NetApp iSCSI driver correctly compares int values for size * Add db2 communication error code when check the db connection * delete.start/delete.end notification for hostless * Move driver initialization check into the method. openstack-glance: * Bump stable/havana next version to 2013.2.4 * Provide explicit image create value for test_image_paginate case. openstack-heat-cfntools: * Add res_last_path to store last metadata of a resource * Add support for package install via zypper * Manually sync requirements * Switch over to mox3 * Remove tox locale overrides * Support building wheels (PEP-427) * Support of ignoreErrors for commands * cfn-signal provides a unique default id * Log stdout and stderr on non-zero exit status * Log curl stderr on non-zero exit status * Remove d2to1 dependency. openstack-nova: * Remove explicit dependency on amqplib * VMware: ensure rescue instance is deleted when instance is deleted * VMWare: add power off vm before detach disk during unrescue * Fix: Unshelving an instance uses original image * Fix KeyError if neutron security group is not TCP/UDP/ICMP and no ports. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-openstack-0714-9565 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64) [New Version: 1.2.7.5.g9bd9604,2013.2.4.dev18.g0bf0bb4,2013.2.4.dev2.g81259f3,2013.2.4.dev3.g396ca82,2013.2.4.dev3.g6f91215 and 2013.2.4.dev5.ga2c909c]: openstack-ceilometer-2013.2.4.dev5.ga2c909c-0.9.2 openstack-ceilometer-agent-central-2013.2.4.dev5.ga2c909c-0.9.2 openstack-ceilometer-agent-compute-2013.2.4.dev5.ga2c909c-0.9.2 openstack-ceilometer-alarm-evaluator-2013.2.4.dev5.ga2c909c-0.9.2 openstack-ceilometer-alarm-notifier-2013.2.4.dev5.ga2c909c-0.9.2 openstack-ceilometer-api-2013.2.4.dev5.ga2c909c-0.9.2 openstack-ceilometer-collector-2013.2.4.dev5.ga2c909c-0.9.2 openstack-cinder-2013.2.4.dev2.g81259f3-0.9.2 openstack-cinder-api-2013.2.4.dev2.g81259f3-0.9.2 openstack-cinder-backup-2013.2.4.dev2.g81259f3-0.9.2 openstack-cinder-scheduler-2013.2.4.dev2.g81259f3-0.9.2 openstack-cinder-volume-2013.2.4.dev2.g81259f3-0.9.2 openstack-glance-2013.2.4.dev3.g396ca82-0.9.2 openstack-heat-cfntools-1.2.7.5.g9bd9604-0.9.2 openstack-nova-2013.2.4.dev18.g0bf0bb4-0.9.2 openstack-nova-api-2013.2.4.dev18.g0bf0bb4-0.9.2 openstack-nova-cells-2013.2.4.dev18.g0bf0bb4-0.9.2 openstack-nova-cert-2013.2.4.dev18.g0bf0bb4-0.9.2 openstack-nova-compute-2013.2.4.dev18.g0bf0bb4-0.9.2 openstack-nova-conductor-2013.2.4.dev18.g0bf0bb4-0.9.2 openstack-nova-console-2013.2.4.dev18.g0bf0bb4-0.9.2 openstack-nova-consoleauth-2013.2.4.dev18.g0bf0bb4-0.9.2 openstack-nova-novncproxy-2013.2.4.dev18.g0bf0bb4-0.9.2 openstack-nova-objectstore-2013.2.4.dev18.g0bf0bb4-0.9.2 openstack-nova-scheduler-2013.2.4.dev18.g0bf0bb4-0.9.2 openstack-nova-vncproxy-2013.2.4.dev18.g0bf0bb4-0.9.2 python-ceilometer-2013.2.4.dev5.ga2c909c-0.9.2 python-cinder-2013.2.4.dev2.g81259f3-0.9.2 python-glance-2013.2.4.dev3.g396ca82-0.9.2 python-heat-2013.2.4.dev3.g6f91215-0.11.1 python-heat_cfntools-1.2.7.5.g9bd9604-0.9.2 python-nova-2013.2.4.dev18.g0bf0bb4-0.9.2 - SUSE Cloud 3 (noarch) [New Version: 2013.2.4.dev18.g0bf0bb4,2013.2.4.dev2.g81259f3,2013.2.4.dev3.g396ca82 and 2013.2.4.dev5.ga2c909c]: openstack-ceilometer-doc-2013.2.4.dev5.ga2c909c-0.9.2 openstack-cinder-doc-2013.2.4.dev2.g81259f3-0.9.7 openstack-glance-doc-2013.2.4.dev3.g396ca82-0.9.7 openstack-nova-doc-2013.2.4.dev18.g0bf0bb4-0.9.7 References: https://bugzilla.suse.com/855331 https://bugzilla.suse.com/855333 https://bugzilla.suse.com/882866 http://download.suse.com/patch/finder/?keywords=89bb87ce7563cf03b3fcc0fd0abe44ce From sle-updates at lists.suse.com Wed Sep 24 19:05:54 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Sep 2014 03:05:54 +0200 (CEST) Subject: SUSE-RU-2014:1216-1: moderate: Recommended update for mkinitrd Message-ID: <20140925010554.5648B32238@maintenance.suse.de> SUSE Recommended Update: Recommended update for mkinitrd ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1216-1 Rating: moderate References: #830968 #858023 #858663 #872435 #879502 #887683 #891573 #892507 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This collective update for mkinitrd provides the following fixes and enhancements: * Fix matching of device numbers in /proc/partitions in setup-storage. (bnc#887683) * Complete support of 2nd ibft iscsi interface. (bnc#830968) * Include USB HID support whenever the kernel supports it. (bnc#879502) * Respect the sixth field (fs_passno) in /etc/fstab for the root device entry. (bnc#858023) * Fix network setup with mkinitrd -f ifup. (bnc#872435) * Include ifup dependencies even if ifup is not used. (bnc#891573) * Retry nfs mount if network is not yet up. (bnc#891573) * Add cciss compat rules to mkinitrd. (bnc#858663) * Cleanup /lib/mkinitrd/{boot,setup} upon package removal. (bnc#892507) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-mkinitrd-9734 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-mkinitrd-9734 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-mkinitrd-9734 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): mkinitrd-2.4.2-0.92.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): mkinitrd-2.4.2-0.92.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): mkinitrd-2.4.2-0.92.2 References: https://bugzilla.suse.com/830968 https://bugzilla.suse.com/858023 https://bugzilla.suse.com/858663 https://bugzilla.suse.com/872435 https://bugzilla.suse.com/879502 https://bugzilla.suse.com/887683 https://bugzilla.suse.com/891573 https://bugzilla.suse.com/892507 http://download.suse.com/patch/finder/?keywords=1b74658d3474ee5ea8bb0a41e40f538f From sle-updates at lists.suse.com Wed Sep 24 19:08:33 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Sep 2014 03:08:33 +0200 (CEST) Subject: SUSE-RU-2014:1217-1: moderate: Recommended update for avahi Message-ID: <20140925010833.B7D9B32238@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1217-1 Rating: moderate References: #725386 #825463 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Avahi provides the following fixes: * Document service instance name length limit in avahi.service(5). (bnc#825463) * Fix setting of thread_running flag in event loop. (bnc#725386) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-avahi-201409-9735 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-avahi-201409-9735 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-avahi-201409-9735 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-avahi-201409-9735 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): avahi-compat-howl-devel-0.6.23-11.32.1 avahi-compat-mDNSResponder-devel-0.6.23-11.32.1 libavahi-devel-0.6.23-11.32.1 libavahi-glib-devel-0.6.23-13.32.1 libavahi-gobject-devel-0.6.23-13.32.1 libavahi-gobject0-0.6.23-13.32.1 libavahi-ui0-0.6.23-13.32.1 libhowl0-0.6.23-11.32.1 python-avahi-0.6.23-11.32.1 python-avahi-gtk-0.6.23-13.32.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 s390x x86_64): avahi-mono-0.6.23-11.32.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): avahi-0.6.23-11.32.1 avahi-lang-0.6.23-11.32.1 avahi-utils-0.6.23-11.32.1 libavahi-client3-0.6.23-11.32.1 libavahi-common3-0.6.23-11.32.1 libavahi-core5-0.6.23-11.32.1 libavahi-glib1-0.6.23-13.32.1 libdns_sd-0.6.23-11.32.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libavahi-client3-32bit-0.6.23-11.32.1 libavahi-common3-32bit-0.6.23-11.32.1 libavahi-glib1-32bit-0.6.23-13.32.1 libdns_sd-32bit-0.6.23-11.32.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): avahi-0.6.23-11.32.1 avahi-lang-0.6.23-11.32.1 avahi-utils-0.6.23-11.32.1 libavahi-client3-0.6.23-11.32.1 libavahi-common3-0.6.23-11.32.1 libavahi-core5-0.6.23-11.32.1 libavahi-glib1-0.6.23-13.32.1 libdns_sd-0.6.23-11.32.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libavahi-client3-32bit-0.6.23-11.32.1 libavahi-common3-32bit-0.6.23-11.32.1 libavahi-glib1-32bit-0.6.23-13.32.1 libdns_sd-32bit-0.6.23-11.32.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libavahi-client3-x86-0.6.23-11.32.1 libavahi-common3-x86-0.6.23-11.32.1 libavahi-glib1-x86-0.6.23-13.32.1 libdns_sd-x86-0.6.23-11.32.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): avahi-0.6.23-11.32.1 avahi-lang-0.6.23-11.32.1 avahi-mono-0.6.23-11.32.1 libavahi-client3-0.6.23-11.32.1 libavahi-common3-0.6.23-11.32.1 libavahi-core5-0.6.23-11.32.1 libavahi-glib1-0.6.23-13.32.1 libavahi-gobject0-0.6.23-13.32.1 libavahi-ui0-0.6.23-13.32.1 libdns_sd-0.6.23-11.32.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libavahi-client3-32bit-0.6.23-11.32.1 libavahi-common3-32bit-0.6.23-11.32.1 libavahi-glib1-32bit-0.6.23-13.32.1 libdns_sd-32bit-0.6.23-11.32.1 References: https://bugzilla.suse.com/725386 https://bugzilla.suse.com/825463 http://download.suse.com/patch/finder/?keywords=61bf5209611f241f5b7e782b2d29e991 From sle-updates at lists.suse.com Thu Sep 25 11:04:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Sep 2014 19:04:12 +0200 (CEST) Subject: SUSE-SU-2014:1218-1: important: Security update for spacewalk-java Message-ID: <20140925170412.3F93732247@maintenance.suse.de> SUSE Security Update: Security update for spacewalk-java ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1218-1 Rating: important References: #889721 #896012 Cross-References: CVE-2014-3595 Affected Products: SUSE Manager Server ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The Spacewalk frontend displayed a logfile without escaping content, allowing remote attackers to inject cross site scripting (XSS) into the admin's session. (CVE-2014-3595) Additionally, the following bug was fixed: * Fixed package upgrade via SSM when using the Oracle DB as backend. (bnc#889721) Security Issues: * CVE-2014-3595 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-spacewalk-java-9719 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (noarch): spacewalk-java-2.1.165.6-0.11.1 spacewalk-java-config-2.1.165.6-0.11.1 spacewalk-java-lib-2.1.165.6-0.11.1 spacewalk-java-oracle-2.1.165.6-0.11.1 spacewalk-java-postgresql-2.1.165.6-0.11.1 spacewalk-taskomatic-2.1.165.6-0.11.1 References: http://support.novell.com/security/cve/CVE-2014-3595.html https://bugzilla.suse.com/889721 https://bugzilla.suse.com/896012 http://download.suse.com/patch/finder/?keywords=a50d8ce1310e48a468cc85ce6ed47e24 From sle-updates at lists.suse.com Fri Sep 26 13:04:10 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Sep 2014 21:04:10 +0200 (CEST) Subject: SUSE-SU-2014:1219-1: moderate: Security update for openstack-keystone Message-ID: <20140926190410.5DE3D32247@maintenance.suse.de> SUSE Security Update: Security update for openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1219-1 Rating: moderate References: #892095 #892097 #892099 Cross-References: CVE-2014-5251 CVE-2014-5252 CVE-2014-5253 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: This openstack-keystone update fixes the following security issues: * bnc#892095: Token expiration date stored incorrectly. (CVE-2014-5252) * bnc#892097: Revocation events are broken with MySQL. (CVE-2014-5251) * bnc#892099: Domain-scoped tokens don't get revoked. (CVE-2014-5253) Security Issues: * CVE-2014-5251 * CVE-2014-5252 * CVE-2014-5253 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-keystone-9636 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.3.dev3.gb812131]: openstack-keystone-2014.1.3.dev3.gb812131-0.7.1 python-keystone-2014.1.3.dev3.gb812131-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.3.dev3.gb812131]: openstack-keystone-doc-2014.1.3.dev3.gb812131-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-5251.html http://support.novell.com/security/cve/CVE-2014-5252.html http://support.novell.com/security/cve/CVE-2014-5253.html https://bugzilla.suse.com/892095 https://bugzilla.suse.com/892097 https://bugzilla.suse.com/892099 http://download.suse.com/patch/finder/?keywords=0e8fec5bb9d4da67df0f3484184b5fe3 From sle-updates at lists.suse.com Fri Sep 26 16:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Sep 2014 00:04:13 +0200 (CEST) Subject: SUSE-SU-2014:1220-1: important: Security update for mozilla-nss Message-ID: <20140926220413.4DD0032247@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1220-1 Rating: important References: #897890 Cross-References: CVE-2014-1568 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libfreebl3-9777 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libfreebl3-9777 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libfreebl3-9777 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libfreebl3-9777 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.16.5]: mozilla-nss-devel-3.16.5-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.16.5]: libfreebl3-3.16.5-0.7.1 libsoftokn3-3.16.5-0.7.1 mozilla-nss-3.16.5-0.7.1 mozilla-nss-tools-3.16.5-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.16.5]: libfreebl3-32bit-3.16.5-0.7.1 libsoftokn3-32bit-3.16.5-0.7.1 mozilla-nss-32bit-3.16.5-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.16.5]: libfreebl3-3.16.5-0.7.1 libsoftokn3-3.16.5-0.7.1 mozilla-nss-3.16.5-0.7.1 mozilla-nss-tools-3.16.5-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 3.16.5]: libfreebl3-32bit-3.16.5-0.7.1 libsoftokn3-32bit-3.16.5-0.7.1 mozilla-nss-32bit-3.16.5-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 3.16.5]: libfreebl3-x86-3.16.5-0.7.1 libsoftokn3-x86-3.16.5-0.7.1 mozilla-nss-x86-3.16.5-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.16.5]: libfreebl3-3.16.5-0.7.1 libsoftokn3-3.16.5-0.7.1 mozilla-nss-3.16.5-0.7.1 mozilla-nss-tools-3.16.5-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.16.5]: libfreebl3-32bit-3.16.5-0.7.1 libsoftokn3-32bit-3.16.5-0.7.1 mozilla-nss-32bit-3.16.5-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-1568.html https://bugzilla.suse.com/897890 http://download.suse.com/patch/finder/?keywords=9099e9b629979a0004c403f74aace0f2 From sle-updates at lists.suse.com Fri Sep 26 16:04:30 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Sep 2014 00:04:30 +0200 (CEST) Subject: SUSE-SU-2014:1221-1: important: Security update for wireshark Message-ID: <20140926220430.7899532247@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1221-1 Rating: important References: #889854 #889899 #889900 #889901 #889906 #897055 Cross-References: CVE-2014-6421 CVE-2014-6422 CVE-2014-6423 CVE-2014-6424 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. It includes one version update. Description: The wireshark package was upgraded to 1.10.10 from 1.8.x as 1.8 was discontinued. This update fixes vulnerabilities that could allow an attacker to crash Wireshark or make it become unresponsive by sending specific packets onto the network or have them loaded via a capture file while the dissectors are running. It also contains a number of other bug fixes. * RTP dissector crash. (wnpa-sec-2014-12 CVE-2014-6421 CVE-2014-6422) * MEGACO dissector infinite loop. (wnpa-sec-2014-13 CVE-2014-6423) * Netflow dissector crash. (wnpa-sec-2014-14 CVE-2014-6424) * RTSP dissector crash. (wnpa-sec-2014-17 CVE-2014-6427) * SES dissector crash. (wnpa-sec-2014-18 CVE-2014-6428) * Sniffer file parser crash. (wnpa-sec-2014-19 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432) * The Catapult DCT2000 and IrDA dissectors could underrun a buffer. (wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162, bnc#889901) * The GSM Management dissector could crash. (wnpa-sec-2014-09 CVE-2014-5163, bnc#889906) * The RLC dissector could crash. (wnpa-sec-2014-10 CVE-2014-5164, bnc#889900) * The ASN.1 BER dissector could crash. (wnpa-sec-2014-11 CVE-2014-5165, bnc#889899) Further bug fixes as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html and https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html . Security Issues: * CVE-2014-5161 * CVE-2014-5162 * CVE-2014-5163 * CVE-2014-5164 * CVE-2014-5165 * CVE-2014-6421 * CVE-2014-6422 * CVE-2014-6423 * CVE-2014-6424 * CVE-2014-6427 * CVE-2014-6428 * CVE-2014-6429 * CVE-2014-6430 * CVE-2014-6431 * CVE-2014-6432 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-wireshark-9745 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-wireshark-9745 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-wireshark-9745 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-wireshark-9745 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.10.10]: wireshark-devel-1.10.10-0.2.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64) [New Version: 1.10.10]: wireshark-1.10.10-0.2.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.10.10]: wireshark-1.10.10-0.2.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.10.10]: wireshark-1.10.10-0.2.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.10.10]: wireshark-1.10.10-0.2.1 References: http://support.novell.com/security/cve/CVE-2014-6421.html http://support.novell.com/security/cve/CVE-2014-6422.html http://support.novell.com/security/cve/CVE-2014-6423.html http://support.novell.com/security/cve/CVE-2014-6424.html http://support.novell.com/security/cve/CVE-2014-6427.html http://support.novell.com/security/cve/CVE-2014-6428.html http://support.novell.com/security/cve/CVE-2014-6429.html http://support.novell.com/security/cve/CVE-2014-6430.html http://support.novell.com/security/cve/CVE-2014-6431.html http://support.novell.com/security/cve/CVE-2014-6432.html https://bugzilla.suse.com/889854 https://bugzilla.suse.com/889899 https://bugzilla.suse.com/889900 https://bugzilla.suse.com/889901 https://bugzilla.suse.com/889906 https://bugzilla.suse.com/897055 http://download.suse.com/patch/finder/?keywords=25a84c702b8b4fdaea63a171632f5a93 From sle-updates at lists.suse.com Fri Sep 26 16:05:36 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Sep 2014 00:05:36 +0200 (CEST) Subject: SUSE-RU-2014:1222-1: Recommended update for xorg-x11-driver-input Message-ID: <20140926220537.01E1732247@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-driver-input ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1222-1 Rating: low References: #793727 #869084 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xorg-x11-driver-input improves handling of devices which send both absolute and relative coordinates in the evdev driver. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xorg-x11-driver-input-9503 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xorg-x11-driver-input-9503 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xorg-x11-driver-input-9503 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-driver-input-7.4-13.52.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 x86_64): xorg-x11-driver-input-7.4-13.52.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-driver-input-7.4-13.52.1 References: https://bugzilla.suse.com/793727 https://bugzilla.suse.com/869084 http://download.suse.com/patch/finder/?keywords=cc04e3d1008e466b8a51e278ec9abe2d From sle-updates at lists.suse.com Fri Sep 26 17:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Sep 2014 01:04:13 +0200 (CEST) Subject: SUSE-SU-2014:1223-1: critical: Security update for bash Message-ID: <20140926230413.0CAB632238@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1223-1 Rating: critical References: #896776 Cross-References: CVE-2014-6271 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: bash has been updated to fix a critical security issue. In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271) Security Issues: * CVE-2014-6271 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-bash-9764 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): bash-3.2-147.14.20.1 bash-doc-3.2-147.14.20.1 libreadline5-32bit-5.2-147.14.20.1 libreadline5-5.2-147.14.20.1 readline-doc-5.2-147.14.20.1 References: http://support.novell.com/security/cve/CVE-2014-6271.html https://bugzilla.suse.com/896776 http://download.suse.com/patch/finder/?keywords=634668818756ed213c0d0c593816875e From sle-updates at lists.suse.com Sun Sep 28 11:05:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 28 Sep 2014 19:05:13 +0200 (CEST) Subject: SUSE-SU-2014:1247-1: important: Security update for bash Message-ID: <20140928170513.3DB1632248@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1247-1 Rating: important References: #898346 #898603 #898604 Cross-References: CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169). Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and is less serious due to the special, non-default system configuration that is needed to create an exploitable situation. To remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_. This hardening feature is work in progress and might be improved in later updates. Additionally, two other security issues have been fixed: * CVE-2014-7186: Nested HERE documents could lead to a crash of bash. * CVE-2014-7187: Nesting of for loops could lead to a crash of bash. Security Issues: * CVE-2014-7169 * CVE-2014-7186 * CVE-2014-7187 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-bash-9780 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-bash-9780 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-bash-9780 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-bash-9781 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-bash-9782 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-bash-9780 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): readline-devel-5.2-147.22.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): readline-devel-32bit-5.2-147.22.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): libreadline5-5.2-147.22.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): bash-3.2-147.22.1 bash-doc-3.2-147.22.1 libreadline5-5.2-147.22.1 readline-doc-5.2-147.22.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libreadline5-32bit-5.2-147.22.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): bash-3.2-147.22.1 bash-doc-3.2-147.22.1 libreadline5-5.2-147.22.1 readline-doc-5.2-147.22.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libreadline5-32bit-5.2-147.22.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): bash-x86-3.2-147.22.1 libreadline5-x86-5.2-147.22.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): bash-3.2-147.14.22.1 bash-doc-3.2-147.14.22.1 libreadline5-5.2-147.14.22.1 readline-doc-5.2-147.14.22.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): libreadline5-32bit-5.2-147.14.22.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): bash-3.2-147.14.22.1 bash-doc-3.2-147.14.22.1 libreadline5-5.2-147.14.22.1 readline-doc-5.2-147.14.22.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64): libreadline5-32bit-5.2-147.14.22.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): bash-3.1-24.34.1 readline-5.1-24.34.1 readline-devel-5.1-24.34.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): readline-32bit-5.1-24.34.1 readline-devel-32bit-5.1-24.34.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64): bash-3.1-24.34.1 readline-5.1-24.34.1 readline-devel-5.1-24.34.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64): readline-32bit-5.1-24.34.1 readline-devel-32bit-5.1-24.34.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): bash-3.2-147.22.1 bash-doc-3.2-147.22.1 libreadline5-5.2-147.22.1 readline-doc-5.2-147.22.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libreadline5-32bit-5.2-147.22.1 References: http://support.novell.com/security/cve/CVE-2014-7169.html http://support.novell.com/security/cve/CVE-2014-7186.html http://support.novell.com/security/cve/CVE-2014-7187.html https://bugzilla.suse.com/show_bug.cgi?id=898346 https://bugzilla.suse.com/show_bug.cgi?id=898603 https://bugzilla.suse.com/show_bug.cgi?id=898604 http://download.suse.com/patch/finder/?keywords=01d7685e480d31be1641e84591918b9e http://download.suse.com/patch/finder/?keywords=1143502d673561f6e5895393ba93df6f http://download.suse.com/patch/finder/?keywords=7c3a2e9a2aa61a2702de17e1ed7a7f43 http://download.suse.com/patch/finder/?keywords=b6868a6fc575e34338a7d5fd7491f09f http://download.suse.com/patch/finder/?keywords=d6f3fbe6b7cd7f9bd580be31dd2ada90 From sle-updates at lists.suse.com Mon Sep 29 10:04:34 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Sep 2014 18:04:34 +0200 (CEST) Subject: SUSE-SU-2014:1220-2: important: Security update for mozilla-nss Message-ID: <20140929160434.1F2B03224A@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1220-2 Rating: important References: #897890 Cross-References: CVE-2014-1568 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Mozilla NSS was updated to 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-libfreebl3-9774 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 3.16.5]: libfreebl3-3.16.5-0.4.2.1 mozilla-nss-3.16.5-0.4.2.1 mozilla-nss-devel-3.16.5-0.4.2.1 mozilla-nss-tools-3.16.5-0.4.2.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 3.16.5]: libfreebl3-32bit-3.16.5-0.4.2.1 mozilla-nss-32bit-3.16.5-0.4.2.1 References: http://support.novell.com/security/cve/CVE-2014-1568.html https://bugzilla.suse.com/show_bug.cgi?id=897890 http://download.suse.com/patch/finder/?keywords=d63b0bfb5e439b036b903e3aa94555ff From sle-updates at lists.suse.com Mon Sep 29 13:04:13 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Sep 2014 21:04:13 +0200 (CEST) Subject: SUSE-SU-2014:1247-2: important: Security update for bash Message-ID: <20140929190413.0B5F03224B@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1247-2 Rating: important References: #898346 #898603 #898604 Cross-References: CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169). Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and is less serious due to the special, non-default system configuration that is needed to create an exploitable situation. To remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_. This hardening feature is work in progress and might be improved in later updates. Additionally, two other security issues have been fixed: * CVE-2014-7186: Nested HERE documents could lead to a crash of bash. * CVE-2014-7187: Nesting of for loops could lead to a crash of bash. Security Issues: * CVE-2014-7169 * CVE-2014-7186 * CVE-2014-7187 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-bash-9779 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): bash-3.2-147.14.22.1 bash-doc-3.2-147.14.22.1 libreadline5-32bit-5.2-147.14.22.1 libreadline5-5.2-147.14.22.1 readline-doc-5.2-147.14.22.1 References: http://support.novell.com/security/cve/CVE-2014-7169.html http://support.novell.com/security/cve/CVE-2014-7186.html http://support.novell.com/security/cve/CVE-2014-7187.html https://bugzilla.suse.com/show_bug.cgi?id=898346 https://bugzilla.suse.com/show_bug.cgi?id=898603 https://bugzilla.suse.com/show_bug.cgi?id=898604 http://download.suse.com/patch/finder/?keywords=991d0956c7a6a53ad424c0964c1cbb84 From sle-updates at lists.suse.com Mon Sep 29 17:04:16 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Sep 2014 01:04:16 +0200 (CEST) Subject: SUSE-SU-2014:1220-3: important: Security update for mozilla-nss Message-ID: <20140929230416.5CBA7320F3@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1220-3 Rating: important References: #897890 Cross-References: CVE-2014-1568 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP3 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. Security Issues: * CVE-2014-1568 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libfreebl3-9775 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 3.16.5]: libfreebl3-3.16.5-0.4.2.1 mozilla-nss-3.16.5-0.4.2.1 mozilla-nss-tools-3.16.5-0.4.2.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 3.16.5]: libfreebl3-32bit-3.16.5-0.4.2.1 mozilla-nss-32bit-3.16.5-0.4.2.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64) [New Version: 3.16.5]: mozilla-nss-3.16.5-0.5.1 mozilla-nss-devel-3.16.5-0.5.1 mozilla-nss-tools-3.16.5-0.5.1 - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64) [New Version: 3.16.5]: mozilla-nss-32bit-3.16.5-0.5.1 References: http://support.novell.com/security/cve/CVE-2014-1568.html https://bugzilla.suse.com/show_bug.cgi?id=897890 http://download.suse.com/patch/finder/?keywords=2ee24d8f2ff89770e348b8257c89f70f http://download.suse.com/patch/finder/?keywords=c6f6720a0652853ecb54d85b96a518b7 From sle-updates at lists.suse.com Mon Sep 29 17:04:23 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Sep 2014 01:04:23 +0200 (CEST) Subject: SUSE-SU-2014:1255-1: moderate: Security update for openstack-ceilometer Message-ID: <20140929230423.6F1E732249@maintenance.suse.de> SUSE Security Update: Security update for openstack-ceilometer ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1255-1 Rating: moderate References: #884535 #893770 Cross-References: CVE-2014-4615 Affected Products: SUSE Cloud 3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. It includes one version update. Description: This update for openstack-ceilometer fixes the following security issue: * CVE-2014-4615: An attacker with read access to the message queue may obtain authentication tokens used in REST requests (X_AUTH_TOKEN) that goes through the notifier middleware. Additionally, the following non-security issues have been fixed: * Set Python hash seed to 0 in tox.ini. * Update ensure()/reconnect() to catch MessagingError. * Fixes Hyper-V metrics units. * Disable specifying alarm itself in combination rule. * Fixes Hyper-V Inspector network metrics values. * Sync RPC module from Oslo. * Ensure routing key is specified in the address for a direct producer. * Remove token from notifier middleware. Security Issues: * CVE-2014-4615 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 3: zypper in -t patch sleclo30sp3-openstack-ceilometer-9672 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 3 (x86_64) [New Version: 2013.2.4.dev21.g27a67f4]: openstack-ceilometer-2013.2.4.dev21.g27a67f4-0.7.1 openstack-ceilometer-agent-central-2013.2.4.dev21.g27a67f4-0.7.1 openstack-ceilometer-agent-compute-2013.2.4.dev21.g27a67f4-0.7.1 openstack-ceilometer-alarm-evaluator-2013.2.4.dev21.g27a67f4-0.7.1 openstack-ceilometer-alarm-notifier-2013.2.4.dev21.g27a67f4-0.7.1 openstack-ceilometer-api-2013.2.4.dev21.g27a67f4-0.7.1 openstack-ceilometer-collector-2013.2.4.dev21.g27a67f4-0.7.1 python-ceilometer-2013.2.4.dev21.g27a67f4-0.7.1 - SUSE Cloud 3 (noarch) [New Version: 2013.2.4.dev21.g27a67f4]: openstack-ceilometer-doc-2013.2.4.dev21.g27a67f4-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-4615.html https://bugzilla.suse.com/show_bug.cgi?id=884535 https://bugzilla.suse.com/show_bug.cgi?id=893770 http://download.suse.com/patch/finder/?keywords=80f3590b1a52df5fd7d61e9860e6abff From sle-updates at lists.suse.com Tue Sep 30 09:05:00 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Sep 2014 17:05:00 +0200 (CEST) Subject: SUSE-RU-2014:1256-1: Update for release-notes-sled Message-ID: <20140930150500.55A433224B@maintenance.suse.de> SUSE Recommended Update: Update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1256-1 Rating: low References: Affected Products: SUSE Linux Enterprise Desktop 12 12 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Desktop 12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-62 - 12: zypper in -t patch SUSE-SLE-WE-12-2014-62 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 12 (noarch): release-notes-sled-12.0.20140918-4.3 - 12 (noarch): release-notes-sled-12.0.20140918-4.3 References: From sle-updates at lists.suse.com Tue Sep 30 09:05:06 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Sep 2014 17:05:06 +0200 (CEST) Subject: SUSE-RU-2014:1257-1: update for release-notes-sles Message-ID: <20140930150506.1E9193224E@maintenance.suse.de> SUSE Recommended Update: update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1257-1 Rating: low References: Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-61 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): release-notes-sles-12.0.20140918-4.3 References: From sle-updates at lists.suse.com Tue Sep 30 09:05:12 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Sep 2014 17:05:12 +0200 (CEST) Subject: SUSE-RU-2014:1258-1: Update for release-notes-sdk Message-ID: <20140930150512.5A0373224E@maintenance.suse.de> SUSE Recommended Update: Update for release-notes-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2014:1258-1 Rating: low References: Affected Products: SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Software Development Kit 12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-60 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (noarch): release-notes-sdk-12.0.20140918-4.3 References: From sle-updates at lists.suse.com Tue Sep 30 09:05:19 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Sep 2014 17:05:19 +0200 (CEST) Subject: SUSE-SU-2014:1259-1: important: bash Message-ID: <20140930150519.86CE93224E@maintenance.suse.de> SUSE Security Update: bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1259-1 Rating: important References: #898346 #898603 #898604 Cross-References: CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169). Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and it is less serious due to the special, non-default system configuration that is needed to create an exploitable situation. To remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_ . This hardening feature is work in progress and might be improved in later updates. Additionaly two more security issues were fixed in bash: CVE-2014-7186: Nested HERE documents could lead to a crash of bash. CVE-2014-7187: Nesting of for loops could lead to a crash of bash. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-63 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-63 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-63 - 12: zypper in -t patch SUSE-SLE-WE-12-2014-63 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bash-debuginfo-4.2-81.1 bash-debugsource-4.2-81.1 bash-devel-4.2-81.1 readline-devel-6.2-81.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bash-4.2-81.1 bash-debuginfo-4.2-81.1 bash-debugsource-4.2-81.1 libreadline6-6.2-81.1 libreadline6-debuginfo-6.2-81.1 - SUSE Linux Enterprise Server 12 (noarch): bash-doc-4.2-81.1 readline-doc-6.2-81.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bash-4.2-81.1 bash-debuginfo-4.2-81.1 bash-debugsource-4.2-81.1 libreadline6-6.2-81.1 libreadline6-debuginfo-6.2-81.1 - SUSE Linux Enterprise Desktop 12 (noarch): bash-doc-4.2-81.1 bash-lang-4.2-81.1 readline-doc-6.2-81.1 - 12 (noarch): bash-lang-4.2-81.1 References: http://support.novell.com/security/cve/CVE-2014-7169.html http://support.novell.com/security/cve/CVE-2014-7186.html http://support.novell.com/security/cve/CVE-2014-7187.html https://bugzilla.suse.com/show_bug.cgi?id=898346 https://bugzilla.suse.com/show_bug.cgi?id=898603 https://bugzilla.suse.com/show_bug.cgi?id=898604 From sle-updates at lists.suse.com Tue Sep 30 09:06:23 2014 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Sep 2014 17:06:23 +0200 (CEST) Subject: SUSE-SU-2014:1260-1: critical: bash Message-ID: <20140930150623.E2D1D3224B@maintenance.suse.de> SUSE Security Update: bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1260-1 Rating: critical References: #896776 Cross-References: CVE-2014-6271 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: bash was updated to fix unexpected code execution with environment variables (CVE-2014-6271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2014-59 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2014-59 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2014-59 - 12: zypper in -t patch SUSE-SLE-WE-12-2014-59 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bash-debuginfo-4.2-77.1 bash-debugsource-4.2-77.1 bash-devel-4.2-77.1 readline-devel-6.2-77.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bash-4.2-77.1 bash-debuginfo-4.2-77.1 bash-debugsource-4.2-77.1 libreadline6-6.2-77.1 libreadline6-debuginfo-6.2-77.1 - SUSE Linux Enterprise Server 12 (noarch): bash-doc-4.2-77.1 readline-doc-6.2-77.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bash-4.2-77.1 bash-debuginfo-4.2-77.1 bash-debugsource-4.2-77.1 libreadline6-6.2-77.1 libreadline6-debuginfo-6.2-77.1 - SUSE Linux Enterprise Desktop 12 (noarch): bash-doc-4.2-77.1 bash-lang-4.2-77.1 readline-doc-6.2-77.1 - 12 (noarch): bash-lang-4.2-77.1 References: http://support.novell.com/security/cve/CVE-2014-6271.html https://bugzilla.suse.com/show_bug.cgi?id=896776