From sle-updates at lists.suse.com Wed Dec 2 06:11:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2015 14:11:20 +0100 (CET) Subject: SUSE-SU-2015:2166-1: important: Security update for java-1_6_0-ibm Message-ID: <20151202131120.E1F83320F0@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2166-1 Rating: important References: #955131 Cross-References: CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-2625 CVE-2015-2808 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-java-1_6_0-ibm-1538=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-java-1_6_0-ibm-1538=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-java-1_6_0-ibm-1538=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-1538=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr16.15-46.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr16.15-46.1 java-1_6_0-ibm-fonts-1.6.0_sr16.15-46.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr16.15-46.1 java-1_6_0-ibm-fonts-1.6.0_sr16.15-46.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.15-46.1 java-1_6_0-ibm-plugin-1.6.0_sr16.15-46.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.15-46.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.15-46.1 java-1_6_0-ibm-fonts-1.6.0_sr16.15-46.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.15-46.1 - SUSE Linux Enterprise Server 11-SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.15-46.1 - SUSE Linux Enterprise Server 11-SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.15-46.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.15-46.1 java-1_6_0-ibm-devel-1.6.0_sr16.15-46.1 java-1_6_0-ibm-fonts-1.6.0_sr16.15-46.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.15-46.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.15-46.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.15-46.1 References: https://www.suse.com/security/cve/CVE-2015-0204.html https://www.suse.com/security/cve/CVE-2015-0458.html https://www.suse.com/security/cve/CVE-2015-0459.html https://www.suse.com/security/cve/CVE-2015-0469.html https://www.suse.com/security/cve/CVE-2015-0477.html https://www.suse.com/security/cve/CVE-2015-0478.html https://www.suse.com/security/cve/CVE-2015-0480.html https://www.suse.com/security/cve/CVE-2015-0488.html https://www.suse.com/security/cve/CVE-2015-0491.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4734.html https://www.suse.com/security/cve/CVE-2015-4803.html https://www.suse.com/security/cve/CVE-2015-4805.html https://www.suse.com/security/cve/CVE-2015-4806.html https://www.suse.com/security/cve/CVE-2015-4810.html https://www.suse.com/security/cve/CVE-2015-4835.html https://www.suse.com/security/cve/CVE-2015-4840.html https://www.suse.com/security/cve/CVE-2015-4842.html https://www.suse.com/security/cve/CVE-2015-4843.html https://www.suse.com/security/cve/CVE-2015-4844.html https://www.suse.com/security/cve/CVE-2015-4860.html https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-4872.html https://www.suse.com/security/cve/CVE-2015-4882.html https://www.suse.com/security/cve/CVE-2015-4883.html https://www.suse.com/security/cve/CVE-2015-4893.html https://www.suse.com/security/cve/CVE-2015-4902.html https://www.suse.com/security/cve/CVE-2015-4903.html https://www.suse.com/security/cve/CVE-2015-4911.html https://www.suse.com/security/cve/CVE-2015-5006.html https://bugzilla.suse.com/955131 From sle-updates at lists.suse.com Wed Dec 2 07:10:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2015 15:10:48 +0100 (CET) Subject: SUSE-SU-2015:2167-1: moderate: Security update for kernel-source-rt Message-ID: <20151202141048.75D9B32139@maintenance.suse.de> SUSE Security Update: Security update for kernel-source-rt ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2167-1 Rating: moderate References: #777565 #867362 #873385 #883380 #884333 #886785 #891116 #894936 #915517 #917968 #920016 #920110 #920733 #923002 #923431 #924701 #925705 #925881 #925903 #927355 #929076 #929142 #929143 #930092 #930934 #931620 #932350 #933721 #935053 #935055 #935572 #935705 #935866 #935906 #936077 #936095 #936118 #936423 #936637 #936831 #936875 #936921 #936925 #937032 #937256 #937402 #937444 #937503 #937641 #937855 #938485 #939910 #939994 #940338 #940398 #940925 #940966 #942204 #942305 #942350 #942367 #942404 #942605 #942688 #942938 #943477 Cross-References: CVE-2015-1420 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5697 CVE-2015-5707 CVE-2015-6252 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 59 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to version 3.0.101.rt130-45.1 to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367). * CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov() (bsc#940338). * CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bnc#936831). * CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bnc#936831). * CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). * CVE-2015-4700: The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler (bnc#935705). * CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. (bnc#939994) The following non-security bugs were fixed: - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942404). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942404). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942404). - Btrfs: fix hang when failing to submit bio of directIO (bnc#942688). - Btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688). - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688). - DRM/I915: Add enum hpd_pin to intel_encoder (bsc#942938). - DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - DRM/i915: Get rid if the "hotplug_supported_mask" in struct drm_i915_private (bsc#942938). - DRM/i915: Remove i965_hpd_irq_setup (bsc#942938). - DRM/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - CIFS: Fix missing crypto allocation (bnc#937402). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - IB/iser: Add Discovery support (bsc#923002). - IB/iser: Move informational messages from error to info level (bsc#923002). - SCSI: Moved iscsi kabi patch to patches.kabi (bsc#923002) - SCSI: kabi: allow iscsi disocvery session support (bsc#923002). - SCSI: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - SCSI: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - SCSI: scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - SCSI: scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - NFSD: Fix nfsv4 opcode decoding error (bsc#935906). - NFSv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - New patches: patches.fixes/hrtimer-Prevent-timer-interrupt-DoS.patch - PCI: Disable Bus Master only on kexec reboot (bsc#920110). - PCI: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - PCI: Do not try to disable Bus Master on disconnected PCI devices (bsc#920110). - PCI: Lock down register access when trusted_kernel is true (bnc#884333, bsc#923431). - PCI: disable Bus Master on PCI device shutdown (bsc#920110). - Set hostbyte status in scsi_check_sense() (bsc#920733). - USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721). - USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721). - apparmor: fix file_permission if profile is updated (bsc#917968). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572). - ehci-pci: enable interrupt on BayTrail (bnc926007). - exec: kill the unnecessary mm->def_flags setting in load_elf_binary() (bnc#891116). - ext3: Fix data corruption in inodes with journalled data (bsc#936637). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hv_storvsc: use small sg_tablesize on x86 (bnc#937256). - ibmveth: Add GRO support (bsc#935055). - ibmveth: Add support for Large Receive Offload (bsc#935055). - ibmveth: Add support for TSO (bsc#935055). - ibmveth: add support for TSO6. - ibmveth: change rx buffer default allocation for CMO (bsc#935055). - igb: do not reuse pages with pfmemalloc flag fix (bnc#920016). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch (bnc#920016). - kabi: wrapper include file with __GENKSYMS__ check to avoid kabi change (bsc920110). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: do full redraw of the 3270 screen on reconnect (bnc#943477, LTC#129509). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#938485). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm, THP: do not hold mmap_sem in khugepaged when allocating THP (VM Performance). - mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620). - mm, thp: fix collapsing of hugepages on madvise (VM Functionality). - mm, thp: only collapse hugepages to nodes with affinity for zone_reclaim_mode (VM Functionality, bnc#931620). - mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bnc#931620). - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM Performance, bnc#931620). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM Performance, bnc#931620). - mm/thp: allocate transparent hugepages on local node (VM Performance, bnc#931620). - mm: make page pfmemalloc check more robust (bnc#920016). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - mm: thp: khugepaged: add policy for finding target node (VM Functionality, bnc#931620). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - net: Fix "ip rule delete table 256" (bsc#873385). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - nfsd: support disabling 64bit dir cookies (bnc#937503). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Add flag indicating device has been assigned by KVM (bnc#777565). - pci: Add flag indicating device has been assigned by KVM (bnc#777565). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - qlcnic: Fix NULL pointer dereference in qlcnic_hwmon_show_temp() (bsc#936095). - r8169: remember WOL preferences on driver load (bsc#942305). - s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595). - sg_start_req(): make sure that there's not too many elements in iovec (bsc#940338). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86-64: Do not apply destructive erratum workaround on unaffected CPUs (bsc#929076). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605). - xfs: fix problem when using md+XFS under high load (bnc#925705). - xhci: Allocate correct amount of scratchpad buffers (bnc#933721). - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721). - xhci: do not report PLC when link is in internal resume state (bnc#933721). - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721). - xhci: report U3 when link is in resume state (bnc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721). - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921, LTC#126491). - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-rt-20150914-12238=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-45.1 kernel-rt-base-3.0.101.rt130-45.1 kernel-rt-devel-3.0.101.rt130-45.1 kernel-rt_trace-3.0.101.rt130-45.1 kernel-rt_trace-base-3.0.101.rt130-45.1 kernel-rt_trace-devel-3.0.101.rt130-45.1 kernel-source-rt-3.0.101.rt130-45.1 kernel-syms-rt-3.0.101.rt130-45.1 References: https://www.suse.com/security/cve/CVE-2015-1420.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://www.suse.com/security/cve/CVE-2015-5697.html https://www.suse.com/security/cve/CVE-2015-5707.html https://www.suse.com/security/cve/CVE-2015-6252.html https://bugzilla.suse.com/777565 https://bugzilla.suse.com/867362 https://bugzilla.suse.com/873385 https://bugzilla.suse.com/883380 https://bugzilla.suse.com/884333 https://bugzilla.suse.com/886785 https://bugzilla.suse.com/891116 https://bugzilla.suse.com/894936 https://bugzilla.suse.com/915517 https://bugzilla.suse.com/917968 https://bugzilla.suse.com/920016 https://bugzilla.suse.com/920110 https://bugzilla.suse.com/920733 https://bugzilla.suse.com/923002 https://bugzilla.suse.com/923431 https://bugzilla.suse.com/924701 https://bugzilla.suse.com/925705 https://bugzilla.suse.com/925881 https://bugzilla.suse.com/925903 https://bugzilla.suse.com/927355 https://bugzilla.suse.com/929076 https://bugzilla.suse.com/929142 https://bugzilla.suse.com/929143 https://bugzilla.suse.com/930092 https://bugzilla.suse.com/930934 https://bugzilla.suse.com/931620 https://bugzilla.suse.com/932350 https://bugzilla.suse.com/933721 https://bugzilla.suse.com/935053 https://bugzilla.suse.com/935055 https://bugzilla.suse.com/935572 https://bugzilla.suse.com/935705 https://bugzilla.suse.com/935866 https://bugzilla.suse.com/935906 https://bugzilla.suse.com/936077 https://bugzilla.suse.com/936095 https://bugzilla.suse.com/936118 https://bugzilla.suse.com/936423 https://bugzilla.suse.com/936637 https://bugzilla.suse.com/936831 https://bugzilla.suse.com/936875 https://bugzilla.suse.com/936921 https://bugzilla.suse.com/936925 https://bugzilla.suse.com/937032 https://bugzilla.suse.com/937256 https://bugzilla.suse.com/937402 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/937503 https://bugzilla.suse.com/937641 https://bugzilla.suse.com/937855 https://bugzilla.suse.com/938485 https://bugzilla.suse.com/939910 https://bugzilla.suse.com/939994 https://bugzilla.suse.com/940338 https://bugzilla.suse.com/940398 https://bugzilla.suse.com/940925 https://bugzilla.suse.com/940966 https://bugzilla.suse.com/942204 https://bugzilla.suse.com/942305 https://bugzilla.suse.com/942350 https://bugzilla.suse.com/942367 https://bugzilla.suse.com/942404 https://bugzilla.suse.com/942605 https://bugzilla.suse.com/942688 https://bugzilla.suse.com/942938 https://bugzilla.suse.com/943477 From sle-updates at lists.suse.com Wed Dec 2 07:24:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2015 15:24:51 +0100 (CET) Subject: SUSE-SU-2015:2168-1: important: Security update for java-1_7_1-ibm Message-ID: <20151202142451.F34AC32139@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2168-1 Rating: important References: #941939 #955131 Cross-References: CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: The java-1_7_1-ibm package was updated to versioin 7.1-3.20 to fix several security and non security issues: - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-920=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-920=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.20-17.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.20-17.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.20-17.1 - SUSE Linux Enterprise Server 12 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.20-17.1 java-1_7_1-ibm-plugin-1.7.1_sr3.20-17.1 References: https://www.suse.com/security/cve/CVE-2015-0204.html https://www.suse.com/security/cve/CVE-2015-0458.html https://www.suse.com/security/cve/CVE-2015-0459.html https://www.suse.com/security/cve/CVE-2015-0469.html https://www.suse.com/security/cve/CVE-2015-0477.html https://www.suse.com/security/cve/CVE-2015-0478.html https://www.suse.com/security/cve/CVE-2015-0480.html https://www.suse.com/security/cve/CVE-2015-0488.html https://www.suse.com/security/cve/CVE-2015-0491.html https://www.suse.com/security/cve/CVE-2015-4734.html https://www.suse.com/security/cve/CVE-2015-4803.html https://www.suse.com/security/cve/CVE-2015-4805.html https://www.suse.com/security/cve/CVE-2015-4806.html https://www.suse.com/security/cve/CVE-2015-4810.html https://www.suse.com/security/cve/CVE-2015-4835.html https://www.suse.com/security/cve/CVE-2015-4840.html https://www.suse.com/security/cve/CVE-2015-4842.html https://www.suse.com/security/cve/CVE-2015-4843.html https://www.suse.com/security/cve/CVE-2015-4844.html https://www.suse.com/security/cve/CVE-2015-4860.html https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-4872.html https://www.suse.com/security/cve/CVE-2015-4882.html https://www.suse.com/security/cve/CVE-2015-4883.html https://www.suse.com/security/cve/CVE-2015-4893.html https://www.suse.com/security/cve/CVE-2015-4902.html https://www.suse.com/security/cve/CVE-2015-4903.html https://www.suse.com/security/cve/CVE-2015-4911.html https://www.suse.com/security/cve/CVE-2015-5006.html https://bugzilla.suse.com/941939 https://bugzilla.suse.com/955131 From sle-updates at lists.suse.com Wed Dec 2 08:11:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2015 16:11:08 +0100 (CET) Subject: SUSE-RU-2015:2169-1: Recommended update for perf Message-ID: <20151202151108.26272320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2169-1 Rating: low References: #936752 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perf provides the following fixes: - Perf probe: prefer symbol table lookup over DWARF for ppc64le. (bnc#936752) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-921=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): perf-3.12.48-34.3.4 perf-debuginfo-3.12.48-34.3.4 perf-debugsource-3.12.48-34.3.4 References: https://bugzilla.suse.com/936752 From sle-updates at lists.suse.com Wed Dec 2 09:11:05 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2015 17:11:05 +0100 (CET) Subject: SUSE-SU-2015:2170-1: moderate: Security update for gpg2 Message-ID: <20151202161105.0B3CC32139@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2170-1 Rating: moderate References: #918089 #918090 Cross-References: CVE-2015-1606 CVE-2015-1607 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gpg2 fixes the following issues: - Fix cve-2015-1606 (bsc#918089) * Invalid memory read using a garbled keyring * 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-k.patch - Fix cve-2015-1607 (bsc#918090) * Memcpy with overlapping ranges * 0001-Use-inline-functions-to-convert-buffer-data-to-scala.patch Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-gpg2-12240=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gpg2-12240=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-gpg2-12240=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-gpg2-12240=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-gpg2-12240=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gpg2-12240=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-gpg2-12240=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): gpg2-2.0.9-25.33.41.2 gpg2-lang-2.0.9-25.33.41.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gpg2-2.0.9-25.33.41.2 gpg2-lang-2.0.9-25.33.41.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): gpg2-2.0.9-25.33.41.2 gpg2-lang-2.0.9-25.33.41.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): gpg2-2.0.9-25.33.41.2 gpg2-lang-2.0.9-25.33.41.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): gpg2-2.0.9-25.33.41.2 gpg2-lang-2.0.9-25.33.41.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gpg2-debuginfo-2.0.9-25.33.41.2 gpg2-debugsource-2.0.9-25.33.41.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): gpg2-debuginfo-2.0.9-25.33.41.2 gpg2-debugsource-2.0.9-25.33.41.2 References: https://www.suse.com/security/cve/CVE-2015-1606.html https://www.suse.com/security/cve/CVE-2015-1607.html https://bugzilla.suse.com/918089 https://bugzilla.suse.com/918090 From sle-updates at lists.suse.com Wed Dec 2 09:11:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2015 17:11:42 +0100 (CET) Subject: SUSE-SU-2015:2171-1: moderate: Security update for gpg2 Message-ID: <20151202161142.48EC732139@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2171-1 Rating: moderate References: #918089 #918090 #952347 #955753 Cross-References: CVE-2015-1606 CVE-2015-1607 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: The gpg2 package was updated to fix the following security and non security issues: - CVE-2015-1606: Fixed invalid memory read using a garbled keyring (bsc#918089). - CVE-2015-1607: Fixed memcpy with overlapping ranges (bsc#918090). - bsc#955753: Fixed a regression of "gpg --recv" due to keyserver import filter (also boo#952347). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-922=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-922=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gpg2-2.0.24-3.1 gpg2-debuginfo-2.0.24-3.1 gpg2-debugsource-2.0.24-3.1 - SUSE Linux Enterprise Server 12 (noarch): gpg2-lang-2.0.24-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gpg2-2.0.24-3.1 gpg2-debuginfo-2.0.24-3.1 gpg2-debugsource-2.0.24-3.1 - SUSE Linux Enterprise Desktop 12 (noarch): gpg2-lang-2.0.24-3.1 References: https://www.suse.com/security/cve/CVE-2015-1606.html https://www.suse.com/security/cve/CVE-2015-1607.html https://bugzilla.suse.com/918089 https://bugzilla.suse.com/918090 https://bugzilla.suse.com/952347 https://bugzilla.suse.com/955753 From sle-updates at lists.suse.com Wed Dec 2 09:12:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2015 17:12:39 +0100 (CET) Subject: SUSE-SU-2015:2172-1: moderate: Security update for orca Message-ID: <20151202161239.EA95432139@maintenance.suse.de> SUSE Security Update: Security update for orca ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2172-1 Rating: moderate References: #916835 Cross-References: CVE-2013-4245 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This orca update fixes the following security issue. - Don't try to import modules from current working directory (bsc#916835, CVE-2013-4245). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-orca-12239=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-orca-12239=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-orca-12239=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-orca-12239=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-orca-12239=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): orca-2.28.3-0.5.10 orca-lang-2.28.3-0.5.10 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): orca-2.28.3-0.5.10 orca-lang-2.28.3-0.5.10 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): orca-2.28.3-0.5.10 orca-lang-2.28.3-0.5.10 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): orca-2.28.3-0.5.10 orca-lang-2.28.3-0.5.10 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): orca-2.28.3-0.5.10 orca-lang-2.28.3-0.5.10 References: https://www.suse.com/security/cve/CVE-2013-4245.html https://bugzilla.suse.com/916835 From sle-updates at lists.suse.com Wed Dec 2 09:13:29 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2015 17:13:29 +0100 (CET) Subject: SUSE-SU-2015:2174-1: important: Security update for dhcpcd Message-ID: <20151202161329.2089332139@maintenance.suse.de> SUSE Security Update: Security update for dhcpcd ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2174-1 Rating: important References: #955762 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: dhcpcd was updated to fix one security issue. This security issue was fixed: - A missing length check in decode_search could have caused DOS (bsc#955762). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-dhcpcd-12241=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-dhcpcd-12241=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-dhcpcd-12241=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-dhcpcd-12241=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-dhcpcd-12241=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-dhcpcd-12241=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dhcpcd-12241=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dhcpcd-12241=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-dhcpcd-12241=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): dhcpcd-3.2.3-44.32.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcpcd-3.2.3-44.32.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): dhcpcd-3.2.3-44.32.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): dhcpcd-3.2.3-44.32.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): dhcpcd-3.2.3-44.32.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): dhcpcd-3.2.3-44.32.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcpcd-debuginfo-3.2.3-44.32.2 dhcpcd-debugsource-3.2.3-44.32.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): dhcpcd-debuginfo-3.2.3-44.32.2 dhcpcd-debugsource-3.2.3-44.32.2 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): dhcpcd-debuginfo-3.2.3-44.32.2 dhcpcd-debugsource-3.2.3-44.32.2 References: https://bugzilla.suse.com/955762 From sle-updates at lists.suse.com Wed Dec 2 12:10:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Dec 2015 20:10:31 +0100 (CET) Subject: SUSE-RU-2015:2175-1: Recommended update for yast2-users Message-ID: <20151202191031.9BD65320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2175-1 Rating: low References: #805275 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-users fixes validation of AutoYaST profiles. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-yast2-users-12242=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-yast2-users-12242=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-yast2-users-12242=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-users-2.17.56-3.6 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): yast2-users-2.17.56-3.6 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-users-debuginfo-2.17.56-3.6 yast2-users-debugsource-2.17.56-3.6 References: https://bugzilla.suse.com/805275 From sle-updates at lists.suse.com Thu Dec 3 07:11:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 15:11:08 +0100 (CET) Subject: SUSE-RU-2015:2176-1: Recommended update for microcode_ctl Message-ID: <20151203141108.4281232139@maintenance.suse.de> SUSE Recommended Update: Recommended update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2176-1 Rating: low References: #954425 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Intel's CPU microcode version 20151106. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-microcode_ctl-12243=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-microcode_ctl-12243=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-microcode_ctl-12243=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-microcode_ctl-12243=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-microcode_ctl-12243=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): microcode_ctl-1.17-102.82.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): microcode_ctl-1.17-102.82.1 - SUSE Linux Enterprise Server 11-SP3 (i586 x86_64): microcode_ctl-1.17-102.82.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): microcode_ctl-1.17-102.82.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): microcode_ctl-1.17-102.82.1 References: https://bugzilla.suse.com/954425 From sle-updates at lists.suse.com Thu Dec 3 07:11:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 15:11:28 +0100 (CET) Subject: SUSE-OU-2015:2177-1: Recommended update for certification-sles-eal4 Message-ID: <20151203141128.5342132139@maintenance.suse.de> SUSE Optional Update: Recommended update for certification-sles-eal4 ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:2177-1 Rating: low References: #950135 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the Evaluated Configuration Guide for SUSE Linux Enterprise Server 12. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-930=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): certification-sles-eal4-12.0-0.4.1 References: https://bugzilla.suse.com/950135 From sle-updates at lists.suse.com Thu Dec 3 08:11:34 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 16:11:34 +0100 (CET) Subject: SUSE-RU-2015:2180-1: moderate: Recommended update for lvm2 Message-ID: <20151203151134.90DDC32139@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2180-1 Rating: moderate References: #938419 #942888 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lvm2 provides the following fixes: - Fix segmentation fault when extending a LV with a smaller number of stripes than originally used. (bsc#942888) - Fix vgchange to check if there are no mounted file systems preventing deactivation of the volume group. (bsc#938419) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-lvm2-12244=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-lvm2-12244=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-lvm2-12244=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-lvm2-12244=1 - SUSE Linux Enterprise High Availability Extension 11-SP3: zypper in -t patch slehasp3-lvm2-12244=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-lvm2-12244=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-lvm2-12244=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-lvm2-12244=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-lvm2-12244=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): lvm2-2.02.98-0.37.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): lvm2-2.02.98-0.37.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): lvm2-2.02.98-0.37.2 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): lvm2-clvm-2.02.98-0.37.2 - SUSE Linux Enterprise High Availability Extension 11-SP3 (i586 ia64 ppc64 s390x x86_64): lvm2-clvm-2.02.98-0.37.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): lvm2-2.02.98-0.37.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): lvm2-2.02.98-0.37.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): lvm2-clvm-debuginfo-2.02.98-0.37.2 lvm2-clvm-debugsource-2.02.98-0.37.2 lvm2-debuginfo-2.02.98-0.37.2 lvm2-debugsource-2.02.98-0.37.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): lvm2-clvm-debuginfo-2.02.98-0.37.2 lvm2-clvm-debugsource-2.02.98-0.37.2 lvm2-debuginfo-2.02.98-0.37.2 lvm2-debugsource-2.02.98-0.37.2 References: https://bugzilla.suse.com/938419 https://bugzilla.suse.com/942888 From sle-updates at lists.suse.com Thu Dec 3 10:10:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 18:10:56 +0100 (CET) Subject: SUSE-SU-2015:2182-1: important: Security update for java-1_7_1-ibm Message-ID: <20151203171056.3226432139@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2182-1 Rating: important References: #941939 #955131 Cross-References: CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: The java-1_7_1-ibm package was updated to version 7.1-3.20 to fix several security and non security issues: - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-12245=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-12245=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.20-6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.20-6.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.20-6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.20-6.1 java-1_7_1-ibm-plugin-1.7.1_sr3.20-6.1 References: https://www.suse.com/security/cve/CVE-2015-0204.html https://www.suse.com/security/cve/CVE-2015-0458.html https://www.suse.com/security/cve/CVE-2015-0459.html https://www.suse.com/security/cve/CVE-2015-0469.html https://www.suse.com/security/cve/CVE-2015-0477.html https://www.suse.com/security/cve/CVE-2015-0478.html https://www.suse.com/security/cve/CVE-2015-0480.html https://www.suse.com/security/cve/CVE-2015-0488.html https://www.suse.com/security/cve/CVE-2015-0491.html https://www.suse.com/security/cve/CVE-2015-4734.html https://www.suse.com/security/cve/CVE-2015-4803.html https://www.suse.com/security/cve/CVE-2015-4805.html https://www.suse.com/security/cve/CVE-2015-4806.html https://www.suse.com/security/cve/CVE-2015-4810.html https://www.suse.com/security/cve/CVE-2015-4835.html https://www.suse.com/security/cve/CVE-2015-4840.html https://www.suse.com/security/cve/CVE-2015-4842.html https://www.suse.com/security/cve/CVE-2015-4843.html https://www.suse.com/security/cve/CVE-2015-4844.html https://www.suse.com/security/cve/CVE-2015-4860.html https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-4872.html https://www.suse.com/security/cve/CVE-2015-4882.html https://www.suse.com/security/cve/CVE-2015-4883.html https://www.suse.com/security/cve/CVE-2015-4893.html https://www.suse.com/security/cve/CVE-2015-4902.html https://www.suse.com/security/cve/CVE-2015-4903.html https://www.suse.com/security/cve/CVE-2015-4911.html https://www.suse.com/security/cve/CVE-2015-5006.html https://bugzilla.suse.com/941939 https://bugzilla.suse.com/955131 From sle-updates at lists.suse.com Thu Dec 3 10:11:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 18:11:31 +0100 (CET) Subject: SUSE-SU-2015:2183-1: moderate: Security update for strongswan Message-ID: <20151203171131.105F632139@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2183-1 Rating: moderate References: #953817 Cross-References: CVE-2015-8023 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-934=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-934=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): strongswan-5.1.3-21.1 strongswan-debugsource-5.1.3-21.1 strongswan-hmac-5.1.3-21.1 strongswan-ipsec-5.1.3-21.1 strongswan-ipsec-debuginfo-5.1.3-21.1 strongswan-libs0-5.1.3-21.1 strongswan-libs0-debuginfo-5.1.3-21.1 - SUSE Linux Enterprise Server 12 (noarch): strongswan-doc-5.1.3-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): strongswan-5.1.3-21.1 strongswan-debugsource-5.1.3-21.1 strongswan-ipsec-5.1.3-21.1 strongswan-ipsec-debuginfo-5.1.3-21.1 strongswan-libs0-5.1.3-21.1 strongswan-libs0-debuginfo-5.1.3-21.1 - SUSE Linux Enterprise Desktop 12 (noarch): strongswan-doc-5.1.3-21.1 References: https://www.suse.com/security/cve/CVE-2015-8023.html https://bugzilla.suse.com/953817 From sle-updates at lists.suse.com Thu Dec 3 10:11:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 18:11:57 +0100 (CET) Subject: SUSE-SU-2015:2184-1: moderate: Recommended update for git Message-ID: <20151203171157.49BDE32139@maintenance.suse.de> SUSE Security Update: Recommended update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2184-1 Rating: moderate References: #948969 Affected Products: SUSE Studio Onsite 1.3 SUSE OpenStack Cloud 5 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: The git package was updated to fix the following security issue: - Fix remote code execution with recursive fetch of submodules (bsc#948969). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-git-12247=1 - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-git-12247=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-git-12247=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-git-12247=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-git-12247=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-git-12247=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): git-1.7.12.4-0.11.2 git-core-1.7.12.4-0.11.2 - SUSE OpenStack Cloud 5 (x86_64): git-core-1.7.12.4-0.11.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): git-1.7.12.4-0.11.2 git-arch-1.7.12.4-0.11.2 git-core-1.7.12.4-0.11.2 git-cvs-1.7.12.4-0.11.2 git-daemon-1.7.12.4-0.11.2 git-email-1.7.12.4-0.11.2 git-gui-1.7.12.4-0.11.2 git-svn-1.7.12.4-0.11.2 git-web-1.7.12.4-0.11.2 gitk-1.7.12.4-0.11.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): git-1.7.12.4-0.11.2 git-arch-1.7.12.4-0.11.2 git-core-1.7.12.4-0.11.2 git-cvs-1.7.12.4-0.11.2 git-daemon-1.7.12.4-0.11.2 git-email-1.7.12.4-0.11.2 git-gui-1.7.12.4-0.11.2 git-svn-1.7.12.4-0.11.2 git-web-1.7.12.4-0.11.2 gitk-1.7.12.4-0.11.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): git-debuginfo-1.7.12.4-0.11.2 git-debugsource-1.7.12.4-0.11.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): git-debuginfo-1.7.12.4-0.11.2 git-debugsource-1.7.12.4-0.11.2 References: https://bugzilla.suse.com/948969 From sle-updates at lists.suse.com Thu Dec 3 10:12:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 18:12:22 +0100 (CET) Subject: SUSE-OU-2015:2185-1: Initial release of zypper-docker Message-ID: <20151203171222.8B0BD32139@maintenance.suse.de> SUSE Optional Update: Initial release of zypper-docker ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:2185-1 Rating: low References: #954642 #957175 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: The zypper-docker command line tool provides a quick way to patch and update Docker Images based on either SUSE Linux Enterprise or openSUSE. zypper-docker mimics zypper command line syntax to ease its usage. This application relies on zypper to perform the actual operations against Docker images. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-937=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): zypper-docker-1.1.1-8.1 zypper-docker-debuginfo-1.1.1-8.1 References: https://bugzilla.suse.com/954642 https://bugzilla.suse.com/957175 From sle-updates at lists.suse.com Thu Dec 3 10:12:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 18:12:56 +0100 (CET) Subject: SUSE-SU-2015:2186-1: moderate: Security update for strongswan Message-ID: <20151203171256.0198232139@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2186-1 Rating: moderate References: #953817 Cross-References: CVE-2015-8023 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-strongswan-12246=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-strongswan-12246=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-strongswan-12246=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-strongswan-12246=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-strongswan-12246=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-strongswan-12246=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-strongswan-12246=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): strongswan-4.4.0-6.32.1 strongswan-doc-4.4.0-6.32.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.32.1 strongswan-doc-4.4.0-6.32.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.32.1 strongswan-doc-4.4.0-6.32.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): strongswan-4.4.0-6.32.1 strongswan-doc-4.4.0-6.32.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): strongswan-4.4.0-6.32.1 strongswan-doc-4.4.0-6.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-debuginfo-4.4.0-6.32.1 strongswan-debugsource-4.4.0-6.32.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): strongswan-debuginfo-4.4.0-6.32.1 strongswan-debugsource-4.4.0-6.32.1 References: https://www.suse.com/security/cve/CVE-2015-8023.html https://bugzilla.suse.com/953817 From sle-updates at lists.suse.com Thu Dec 3 11:10:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 19:10:28 +0100 (CET) Subject: SUSE-RU-2015:2187-1: Recommended update for the SLES 11 SP4 Docker image Message-ID: <20151203181028.713DC32139@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SLES 11 SP4 Docker image ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2187-1 Rating: low References: #953831 #954971 #954972 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for the SUSE Linux Enterprise Server 11 SP4 Docker image includes all updates released for the distribution and fixes the following issues: - Update zypper configuration to not install recommended packages by default. (bsc#954972) - Handle SLE-11 certificates on non-x86 architectures. (bsc#953831) - Adjust set of packages to make the image smaller. (bsc#954971) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-940=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): sles11sp4-docker-image-1.1.0-20151202174144 References: https://bugzilla.suse.com/953831 https://bugzilla.suse.com/954971 https://bugzilla.suse.com/954972 From sle-updates at lists.suse.com Thu Dec 3 11:11:04 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 19:11:04 +0100 (CET) Subject: SUSE-RU-2015:2188-1: Recommended update for the SLES 11 SP3 Docker image Message-ID: <20151203181104.DB9EE32139@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SLES 11 SP3 Docker image ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2188-1 Rating: low References: #953831 #954971 #954972 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for the SUSE Linux Enterprise Server 11 SP3 Docker image includes all updates released for the distribution and fixes the following issues: - Handle SLE-11 certificates on non-x86 architectures. (bsc#953831) - Update zypper configuration to not install recommended packages by default. (bsc#954972) - Adjusted set of packages to make the image smaller: from 221.8M to 76.39M. (bsc#954971) - Manual pages are no longer installed. - Translation files are removed from the system. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-941=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): sles11sp3-docker-image-1.1.0-20151202173935 References: https://bugzilla.suse.com/953831 https://bugzilla.suse.com/954971 https://bugzilla.suse.com/954972 From sle-updates at lists.suse.com Thu Dec 3 11:11:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 19:11:39 +0100 (CET) Subject: SUSE-RU-2015:2189-1: Recommended update for the SLES 12 Docker image Message-ID: <20151203181139.A015232139@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SLES 12 Docker image ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2189-1 Rating: low References: #954971 #954972 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for the SUSE Linux Enterprise Server 12 Docker image includes all updates released for the distribution and fixes the following issues: - Update zypper configuration to not install recommended packages by default. (bsc#954972) - Adjusted set of packages to make the image 66.6% smaller: from 257.6M to 86.86M. (bsc#954971) - Manual pages are no longer installed - Translation files are removed from the system. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-939=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): sles12-docker-image-1.1.0-20151202172207 References: https://bugzilla.suse.com/954971 https://bugzilla.suse.com/954972 From sle-updates at lists.suse.com Thu Dec 3 11:12:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 19:12:08 +0100 (CET) Subject: SUSE-SU-2015:2190-1: moderate: Security update for rubygem-rack-1_4 Message-ID: <20151203181208.6D20332139@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rack-1_4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2190-1 Rating: moderate References: #934797 Cross-References: CVE-2015-3225 Affected Products: SUSE Linux Enterprise Module for Containers 12 SUSE Enterprise Storage 2 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: rubygem-rack-1_4 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service (bsc#934797). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-938=1 - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2015-938=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-938=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): ruby2.1-rubygem-rack-1_4-1.4.5-8.10 - SUSE Enterprise Storage 2 (x86_64): ruby2.1-rubygem-rack-1_4-1.4.5-8.10 - SUSE Enterprise Storage 1.0 (x86_64): ruby2.1-rubygem-rack-1_4-1.4.5-8.10 References: https://www.suse.com/security/cve/CVE-2015-3225.html https://bugzilla.suse.com/934797 From sle-updates at lists.suse.com Thu Dec 3 12:10:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 20:10:28 +0100 (CET) Subject: SUSE-RU-2015:2191-1: Recommended update for xpp3 Message-ID: <20151203191028.2DF3E320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for xpp3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2191-1 Rating: low References: #954455 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: xpp3 has been updated to version 1.1.4c, bringing the following fixes: - Updated SAX2 driver add-on. This includes a backward incompatible change: XmlElement will no longer accept null children (null can not be passed to addChild/addElement). - Fixed NullPointerException in MXParserCachingStrings. - Calling defineEntityReplacementText now works before calling setInput. - Fixed Serializer to no longer write endTag unmatching startTag. - Fixed XmlPull SAX2 driver not sending correct qname (rawName) in startElement() callback. - Fixed DOM2XmlPullBuilder not handling default namespaces. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-942=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-942=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): xpp3-1.1.4c-24.3 - SUSE Linux Enterprise Software Development Kit 12 (noarch): xpp3-1.1.4c-24.3 References: https://bugzilla.suse.com/954455 From sle-updates at lists.suse.com Thu Dec 3 14:10:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 22:10:28 +0100 (CET) Subject: SUSE-SU-2015:2192-1: important: Security update for java-1_6_0-ibm Message-ID: <20151203211028.215B0320F0@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2192-1 Rating: important References: #941939 #955131 Cross-References: CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-2625 CVE-2015-2808 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues: - Version update to 6.0-16.15 bsc#955131: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-2808 CVE-2015-2625 CVE-2015-0491 CVE-2015-0459 CVE-2015-0469 CVE-2015-0458 CVE-2015-0480 CVE-2015-0488 CVE-2015-0478 CVE-2015-0477 CVE-2015-0204 - Add backcompat symlinks for sdkdir - Fix baselibs.conf policy symlinking - Fix bsc#941939 to provide %{name} instead of %{sdklnk} only in _jvmprivdir Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-943=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.15-27.1 java-1_6_0-ibm-fonts-1.6.0_sr16.15-27.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.15-27.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.15-27.1 References: https://www.suse.com/security/cve/CVE-2015-0204.html https://www.suse.com/security/cve/CVE-2015-0458.html https://www.suse.com/security/cve/CVE-2015-0459.html https://www.suse.com/security/cve/CVE-2015-0469.html https://www.suse.com/security/cve/CVE-2015-0477.html https://www.suse.com/security/cve/CVE-2015-0478.html https://www.suse.com/security/cve/CVE-2015-0480.html https://www.suse.com/security/cve/CVE-2015-0488.html https://www.suse.com/security/cve/CVE-2015-0491.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4734.html https://www.suse.com/security/cve/CVE-2015-4803.html https://www.suse.com/security/cve/CVE-2015-4805.html https://www.suse.com/security/cve/CVE-2015-4806.html https://www.suse.com/security/cve/CVE-2015-4810.html https://www.suse.com/security/cve/CVE-2015-4835.html https://www.suse.com/security/cve/CVE-2015-4840.html https://www.suse.com/security/cve/CVE-2015-4842.html https://www.suse.com/security/cve/CVE-2015-4843.html https://www.suse.com/security/cve/CVE-2015-4844.html https://www.suse.com/security/cve/CVE-2015-4860.html https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-4872.html https://www.suse.com/security/cve/CVE-2015-4882.html https://www.suse.com/security/cve/CVE-2015-4883.html https://www.suse.com/security/cve/CVE-2015-4893.html https://www.suse.com/security/cve/CVE-2015-4902.html https://www.suse.com/security/cve/CVE-2015-4903.html https://www.suse.com/security/cve/CVE-2015-4911.html https://www.suse.com/security/cve/CVE-2015-5006.html https://bugzilla.suse.com/941939 https://bugzilla.suse.com/955131 From sle-updates at lists.suse.com Thu Dec 3 15:10:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Dec 2015 23:10:24 +0100 (CET) Subject: SUSE-RU-2015:2193-1: Recommended update for yast2-kdump Message-ID: <20151203221024.672CE32139@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2193-1 Rating: low References: #805275 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-kdump fixes validation of AutoYaST profiles. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-yast2-kdump-12248=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-yast2-kdump-12248=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-yast2-kdump-12248=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): yast2-kdump-2.17.28-3.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-kdump-2.17.28-3.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): yast2-kdump-2.17.28-3.2 References: https://bugzilla.suse.com/805275 From sle-updates at lists.suse.com Fri Dec 4 06:10:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2015 14:10:49 +0100 (CET) Subject: SUSE-SU-2015:2194-1: important: Security update for the Linux Kernel Message-ID: <20151204131049.451C032139@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2194-1 Rating: important References: #814440 #867595 #904348 #921949 #924493 #930145 #933514 #935961 #936076 #936773 #939826 #939926 #940853 #941202 #941867 #942938 #944749 #945626 #946078 #947241 #947321 #947478 #948521 #948685 #948831 #949100 #949463 #949504 #949706 #949744 #950013 #950750 #950862 #950998 #951110 #951165 #951199 #951440 #951546 #952666 #952758 #953796 #953980 #954635 #955148 #955224 #955422 #955533 #955644 #956047 #956053 #956703 #956711 Cross-References: CVE-2015-0272 CVE-2015-2925 CVE-2015-5283 CVE-2015-5307 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 45 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers were valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the Linux kernel had an incorrect sequence of protocol-initialization steps, which allowed local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished (bnc#947155). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#926238). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296). The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236 (bsc#953796). - Btrfs: fix file corruption and data loss after cloning inline extents (bnc#956053). - Btrfs: fix truncation of compressed and inlined extents (bnc#956053). - Disable some ppc64le netfilter modules to restore the kabi (bsc#951546) - Fix regression in NFSRDMA server (bsc#951110). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - KVM: x86: call irq notifiers with directed EOI (bsc#950862). - NVMe: Add shutdown timeout as module parameter (bnc#936076). - NVMe: Mismatched host/device page size support (bsc#935961). - PCI: Drop "setting latency timer" messages (bsc#956047). - SCSI: Fix hard lockup in scsi_remove_target() (bsc#944749). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SUNRPC: Fix oops when trace sunrpc_task events in nfs client (bnc#956703). - Sync ppc64le netfilter config options with other archs (bnc#951546) - Update kabi files with sbc_parse_cdb symbol change (bsc#954635). - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949). - apparmor: temporary work around for bug while unloading policy (boo#941867). - audit: correctly record file names with different path name types (bsc#950013). - audit: create private file name copies when auditing inodes (bsc#950013). - cpu: Defer smpboot kthread unparking until CPU known to scheduler (bsc#936773). - dlm: make posix locks interruptible, (bsc#947241). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dmapi: Fix xfs dmapi to not unlock and lock XFS_ILOCK_EXCL (bsc#949744). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - fanotify: fix notification of groups with inode and mount marks (bsc#955533). - genirq: Make sure irq descriptors really exist when __irq_alloc_descs returns (bsc#945626). - hv: vss: run only on supported host versions (bnc#949504). - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of rt->dst.flags (bsc#947321). - ipv6: Consider RTF_CACHE when searching the fib6 tree (bsc#947321). - ipv6: Extend the route lookups to low priority metrics (bsc#947321). - ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321). - ipv6: Stop rt6_info from using inet_peer's metrics (bsc#947321). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ipvs: drop first packet to dead server (bsc#946078). - kABI: protect struct ahci_host_priv. - kABI: protect struct rt6_info changes from bsc#947321 changes (bsc#947321). - kabi: Hide rt6_* types from genksyms on ppc64le (bsc#951546). - kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635). - kabi: Restore kabi in struct se_cmd (bsc#954635). - kabi: Restore kabi in struct se_subsystem_api (bsc#954635). - kabi: protect skb_copy_and_csum_datagram_iovec() signature (bsc#951199). - kgr: fix migration of kthreads to the new universe. - kgr: wake up kthreads periodically. - ktime: add ktime_after and ktime_before helper (bsc#904348). - macvlan: Support bonding events (bsc#948521). - net: add length argument to skb_copy_and_csum_datagram_iovec (bsc#951199). - net: handle null iovec pointer in skb_copy_and_csum_datagram_iovec() (bsc#951199). - pci: Update VPD size with correct length (bsc#924493). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - ring-buffer: Always run per-cpu ring buffer resize with schedule_work_on() (bnc#956711). - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtc: cmos: Revert "rtc-cmos: Add an alarm disable quirk" (bsc#930145). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sunrpc/cache: make cache flushing more reliable (bsc#947478). - supported.conf: Add missing dependencies of supported modules hwmon_vid needed by nct6775 hwmon_vid needed by w83627ehf reed_solomon needed by ramoops - supported.conf: Fix dependencies on ppc64le of_mdio needed by mdio-gpio - target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666). - target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831). - target/rbd: fix PR info memory leaks (bnc#948831). - target: Send UA upon LUN RESET tmr completion (bsc#933514). - target: use "^A" when allocating UAs (bsc#933514). - usbvision fix overflow of interfaces array (bnc#950998). - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down (bsc#940853). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality, bnc#955148). - x86/mm/hotplug: Pass sync_global_pgds() a correct argument in remove_pagetable() (VM Functionality, bnc#955148). - xfs: DIO needs an ioend for writes (bsc#949744). - xfs: DIO write completion size updates race (bsc#949744). - xfs: DIO writes within EOF do not need an ioend (bsc#949744). - xfs: always drain dio before extending aio write submission (bsc#949744). - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744). - xfs: do not allocate an ioend for direct I/O completions (bsc#949744). - xfs: factor DIO write mapping from get_blocks (bsc#949744). - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744). - xfs: move DIO mapping size calculation (bsc#949744). - xfs: using generic_file_direct_write() is unnecessary (bsc#949744). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951165). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-945=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-945=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-945=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-945=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-945=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-945=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.51-52.31.1 kernel-default-debugsource-3.12.51-52.31.1 kernel-default-extra-3.12.51-52.31.1 kernel-default-extra-debuginfo-3.12.51-52.31.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.51-52.31.1 kernel-obs-build-debugsource-3.12.51-52.31.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.51-52.31.5 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.51-52.31.1 kernel-default-base-3.12.51-52.31.1 kernel-default-base-debuginfo-3.12.51-52.31.1 kernel-default-debuginfo-3.12.51-52.31.1 kernel-default-debugsource-3.12.51-52.31.1 kernel-default-devel-3.12.51-52.31.1 kernel-syms-3.12.51-52.31.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.51-52.31.1 kernel-xen-base-3.12.51-52.31.1 kernel-xen-base-debuginfo-3.12.51-52.31.1 kernel-xen-debuginfo-3.12.51-52.31.1 kernel-xen-debugsource-3.12.51-52.31.1 kernel-xen-devel-3.12.51-52.31.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.51-52.31.1 kernel-macros-3.12.51-52.31.1 kernel-source-3.12.51-52.31.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.51-52.31.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.51-52.31.1 kernel-ec2-debuginfo-3.12.51-52.31.1 kernel-ec2-debugsource-3.12.51-52.31.1 kernel-ec2-devel-3.12.51-52.31.1 kernel-ec2-extra-3.12.51-52.31.1 kernel-ec2-extra-debuginfo-3.12.51-52.31.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-52_31-default-1-2.2 kgraft-patch-3_12_51-52_31-xen-1-2.2 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.51-52.31.1 kernel-default-debuginfo-3.12.51-52.31.1 kernel-default-debugsource-3.12.51-52.31.1 kernel-default-devel-3.12.51-52.31.1 kernel-default-extra-3.12.51-52.31.1 kernel-default-extra-debuginfo-3.12.51-52.31.1 kernel-syms-3.12.51-52.31.1 kernel-xen-3.12.51-52.31.1 kernel-xen-debuginfo-3.12.51-52.31.1 kernel-xen-debugsource-3.12.51-52.31.1 kernel-xen-devel-3.12.51-52.31.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.51-52.31.1 kernel-macros-3.12.51-52.31.1 kernel-source-3.12.51-52.31.1 References: https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-5283.html https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8104.html https://bugzilla.suse.com/814440 https://bugzilla.suse.com/867595 https://bugzilla.suse.com/904348 https://bugzilla.suse.com/921949 https://bugzilla.suse.com/924493 https://bugzilla.suse.com/930145 https://bugzilla.suse.com/933514 https://bugzilla.suse.com/935961 https://bugzilla.suse.com/936076 https://bugzilla.suse.com/936773 https://bugzilla.suse.com/939826 https://bugzilla.suse.com/939926 https://bugzilla.suse.com/940853 https://bugzilla.suse.com/941202 https://bugzilla.suse.com/941867 https://bugzilla.suse.com/942938 https://bugzilla.suse.com/944749 https://bugzilla.suse.com/945626 https://bugzilla.suse.com/946078 https://bugzilla.suse.com/947241 https://bugzilla.suse.com/947321 https://bugzilla.suse.com/947478 https://bugzilla.suse.com/948521 https://bugzilla.suse.com/948685 https://bugzilla.suse.com/948831 https://bugzilla.suse.com/949100 https://bugzilla.suse.com/949463 https://bugzilla.suse.com/949504 https://bugzilla.suse.com/949706 https://bugzilla.suse.com/949744 https://bugzilla.suse.com/950013 https://bugzilla.suse.com/950750 https://bugzilla.suse.com/950862 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951110 https://bugzilla.suse.com/951165 https://bugzilla.suse.com/951199 https://bugzilla.suse.com/951440 https://bugzilla.suse.com/951546 https://bugzilla.suse.com/952666 https://bugzilla.suse.com/952758 https://bugzilla.suse.com/953796 https://bugzilla.suse.com/953980 https://bugzilla.suse.com/954635 https://bugzilla.suse.com/955148 https://bugzilla.suse.com/955224 https://bugzilla.suse.com/955422 https://bugzilla.suse.com/955533 https://bugzilla.suse.com/955644 https://bugzilla.suse.com/956047 https://bugzilla.suse.com/956053 https://bugzilla.suse.com/956703 https://bugzilla.suse.com/956711 From sle-updates at lists.suse.com Fri Dec 4 06:22:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2015 14:22:08 +0100 (CET) Subject: SUSE-SU-2015:2195-1: moderate: Security update for gdk-pixbuf Message-ID: <20151204132208.EFA3B320F0@maintenance.suse.de> SUSE Security Update: Security update for gdk-pixbuf ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2195-1 Rating: moderate References: #942801 #948790 #948791 Cross-References: CVE-2015-4491 CVE-2015-7673 CVE-2015-7674 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The gdk pixbuf library was updated to fix three security issues. These security issues were fixed: - CVE-2015-7673: Fix some more overflows scaling a gif (bsc#948791) - CVE-2015-4491: Check for overflow before allocating memory when scaling (bsc#942801) - CVE-2015-7673: Fix an overflow and DoS when scaling TGA files (bsc#948790). - CVE-2015-7674: Fix overflow when scaling GIF files(bsc#948791). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-946=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-946=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-946=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.30.6-7.1 gdk-pixbuf-devel-2.30.6-7.1 gdk-pixbuf-devel-debuginfo-2.30.6-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.30.6-7.1 gdk-pixbuf-query-loaders-2.30.6-7.1 gdk-pixbuf-query-loaders-debuginfo-2.30.6-7.1 libgdk_pixbuf-2_0-0-2.30.6-7.1 libgdk_pixbuf-2_0-0-debuginfo-2.30.6-7.1 typelib-1_0-GdkPixbuf-2_0-2.30.6-7.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): gdk-pixbuf-query-loaders-32bit-2.30.6-7.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-7.1 libgdk_pixbuf-2_0-0-32bit-2.30.6-7.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-7.1 - SUSE Linux Enterprise Server 12 (noarch): gdk-pixbuf-lang-2.30.6-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gdk-pixbuf-debugsource-2.30.6-7.1 gdk-pixbuf-query-loaders-2.30.6-7.1 gdk-pixbuf-query-loaders-32bit-2.30.6-7.1 gdk-pixbuf-query-loaders-debuginfo-2.30.6-7.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-7.1 libgdk_pixbuf-2_0-0-2.30.6-7.1 libgdk_pixbuf-2_0-0-32bit-2.30.6-7.1 libgdk_pixbuf-2_0-0-debuginfo-2.30.6-7.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-7.1 typelib-1_0-GdkPixbuf-2_0-2.30.6-7.1 - SUSE Linux Enterprise Desktop 12 (noarch): gdk-pixbuf-lang-2.30.6-7.1 References: https://www.suse.com/security/cve/CVE-2015-4491.html https://www.suse.com/security/cve/CVE-2015-7673.html https://www.suse.com/security/cve/CVE-2015-7674.html https://bugzilla.suse.com/942801 https://bugzilla.suse.com/948790 https://bugzilla.suse.com/948791 From sle-updates at lists.suse.com Fri Dec 4 13:10:29 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Dec 2015 21:10:29 +0100 (CET) Subject: SUSE-OU-2015:2212-1: Initial release of Portus Message-ID: <20151204201029.C5A3D32139@maintenance.suse.de> SUSE Optional Update: Initial release of Portus ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:2212-1 Rating: low References: #956273 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This patch adds Portus, an open source authorization service and user interface for Docker Registry. Portus adds a web interface, authorization based on users and teams and authentication to an existing Docker registry. LDAP authentication is supported out of the box. You can configure Portus by running: "portusctl setup". This tool will setup all the components required to run Portus. A list of parameters that can be used during the setup phase can be obtained by running: "portusctl help setup". More info can be found at http://port.us.org/ Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-947=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): Portus-20151120162040-2.2 Portus-debuginfo-20151120162040-2.2 Portus-debugsource-20151120162040-2.2 ruby2.1-rubygem-passenger-5.0.18-4.1 ruby2.1-rubygem-passenger-debuginfo-5.0.18-4.1 ruby2.1-rubygem-rake-10.3.2-6.1 rubygem-passenger-5.0.18-4.1 rubygem-passenger-apache2-5.0.18-4.1 rubygem-passenger-apache2-debuginfo-5.0.18-4.1 rubygem-passenger-debuginfo-5.0.18-4.1 rubygem-passenger-debugsource-5.0.18-4.1 References: https://bugzilla.suse.com/956273 From sle-updates at lists.suse.com Mon Dec 7 10:11:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2015 18:11:22 +0100 (CET) Subject: SUSE-SU-2015:2215-1: moderate: Security update for libmspack Message-ID: <20151207171122.CB6F832139@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2215-1 Rating: moderate References: #934524 #934525 #934526 #934527 #934528 #934529 Cross-References: CVE-2014-9732 CVE-2015-4467 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: libmspack was updated to fix several security vulnerabilities. - Fix null pointer dereference on a crafted CAB. (bsc#934524, CVE-2014-9732) - Fix denial of service while processing crafted CHM file. (bsc#934525, CVE-2015-4467) - Fix denial of service while processing crafted CHM file. (bsc#934529, CVE-2015-4472) - Fix pointer arithmetic overflow during CHM decompression. (bsc#934526, CVE-2015-4469) - Fix off-by-one buffer over-read in mspack/mszipd.c. (bsc#934527, CVE-2015-4470) - Fix off-by-one buffer under-read in mspack/lzxd.c. (bsc#934528, CVE-2015-4471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libmspack-12249=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-libmspack-12249=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-libmspack-12249=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libmspack-12249=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-libmspack-12249=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-libmspack-12249=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-libmspack-12249=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libmspack-12249=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libmspack-12249=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmspack-devel-0.0.20060920alpha-74.10.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libmspack-devel-0.0.20060920alpha-74.10.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libmspack0-0.0.20060920alpha-74.10.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmspack0-0.0.20060920alpha-74.10.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libmspack0-0.0.20060920alpha-74.10.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libmspack0-0.0.20060920alpha-74.10.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libmspack0-0.0.20060920alpha-74.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmspack-debuginfo-0.0.20060920alpha-74.10.1 libmspack-debugsource-0.0.20060920alpha-74.10.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): libmspack-debuginfo-0.0.20060920alpha-74.10.1 libmspack-debugsource-0.0.20060920alpha-74.10.1 References: https://www.suse.com/security/cve/CVE-2014-9732.html https://www.suse.com/security/cve/CVE-2015-4467.html https://www.suse.com/security/cve/CVE-2015-4469.html https://www.suse.com/security/cve/CVE-2015-4470.html https://www.suse.com/security/cve/CVE-2015-4471.html https://www.suse.com/security/cve/CVE-2015-4472.html https://bugzilla.suse.com/934524 https://bugzilla.suse.com/934525 https://bugzilla.suse.com/934526 https://bugzilla.suse.com/934527 https://bugzilla.suse.com/934528 https://bugzilla.suse.com/934529 From sle-updates at lists.suse.com Mon Dec 7 10:12:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2015 18:12:49 +0100 (CET) Subject: SUSE-SU-2015:2216-1: important: Security update for java-1_7_0-ibm Message-ID: <20151207171249.3A92732139@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2216-1 Rating: important References: #941939 #955131 Cross-References: CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: The java-1_7_0-ibm package was updated to version 7.0-9.20 to fix several security and non security issues: - bnc#955131: Version update to 7.0-9.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-java-1_7_0-ibm-12251=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-java-1_7_0-ibm-12251=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-java-1_7_0-ibm-12251=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_7_0-ibm-12251=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-devel-1.7.0_sr9.20-42.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): java-1_7_0-ibm-1.7.0_sr9.20-42.1 java-1_7_0-ibm-alsa-1.7.0_sr9.20-42.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.20-42.1 java-1_7_0-ibm-plugin-1.7.0_sr9.20-42.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ppc64 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.20-42.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.20-42.1 - SUSE Linux Enterprise Server 11-SP3 (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.20-42.1 java-1_7_0-ibm-plugin-1.7.0_sr9.20-42.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.20-42.1 java-1_7_0-ibm-devel-1.7.0_sr9.20-42.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.20-42.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.20-42.1 java-1_7_0-ibm-plugin-1.7.0_sr9.20-42.1 References: https://www.suse.com/security/cve/CVE-2015-0204.html https://www.suse.com/security/cve/CVE-2015-0458.html https://www.suse.com/security/cve/CVE-2015-0459.html https://www.suse.com/security/cve/CVE-2015-0469.html https://www.suse.com/security/cve/CVE-2015-0477.html https://www.suse.com/security/cve/CVE-2015-0478.html https://www.suse.com/security/cve/CVE-2015-0480.html https://www.suse.com/security/cve/CVE-2015-0488.html https://www.suse.com/security/cve/CVE-2015-0491.html https://www.suse.com/security/cve/CVE-2015-4734.html https://www.suse.com/security/cve/CVE-2015-4803.html https://www.suse.com/security/cve/CVE-2015-4805.html https://www.suse.com/security/cve/CVE-2015-4806.html https://www.suse.com/security/cve/CVE-2015-4810.html https://www.suse.com/security/cve/CVE-2015-4835.html https://www.suse.com/security/cve/CVE-2015-4840.html https://www.suse.com/security/cve/CVE-2015-4842.html https://www.suse.com/security/cve/CVE-2015-4843.html https://www.suse.com/security/cve/CVE-2015-4844.html https://www.suse.com/security/cve/CVE-2015-4860.html https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-4872.html https://www.suse.com/security/cve/CVE-2015-4882.html https://www.suse.com/security/cve/CVE-2015-4883.html https://www.suse.com/security/cve/CVE-2015-4893.html https://www.suse.com/security/cve/CVE-2015-4902.html https://www.suse.com/security/cve/CVE-2015-4903.html https://www.suse.com/security/cve/CVE-2015-4911.html https://www.suse.com/security/cve/CVE-2015-5006.html https://bugzilla.suse.com/941939 https://bugzilla.suse.com/955131 From sle-updates at lists.suse.com Mon Dec 7 10:14:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2015 18:14:01 +0100 (CET) Subject: SUSE-SU-2015:2218-1: moderate: Security update for sblim-sfcb Message-ID: <20151207171401.DC86332139@maintenance.suse.de> SUSE Security Update: Security update for sblim-sfcb ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2218-1 Rating: moderate References: #942628 Cross-References: CVE-2015-5185 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of sblim-sfcb fixes a potential NULL pointer crash in lookupProviders() (CVE-2015-5185). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-sblim-sfcb-12250=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sblim-sfcb-12250=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-sblim-sfcb-12250=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-sblim-sfcb-12250=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-sblim-sfcb-12250=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sblim-sfcb-12250=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-sblim-sfcb-12250=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): sblim-sfcb-1.3.11-0.25.4 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): sblim-sfcb-1.3.11-0.25.4 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): sblim-sfcb-1.3.11-0.25.4 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): sblim-sfcb-1.3.11-0.25.4 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): sblim-sfcb-1.3.11-0.25.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sblim-sfcb-debuginfo-1.3.11-0.25.4 sblim-sfcb-debugsource-1.3.11-0.25.4 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): sblim-sfcb-debuginfo-1.3.11-0.25.4 sblim-sfcb-debugsource-1.3.11-0.25.4 References: https://www.suse.com/security/cve/CVE-2015-5185.html https://bugzilla.suse.com/942628 From sle-updates at lists.suse.com Mon Dec 7 11:10:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2015 19:10:32 +0100 (CET) Subject: SUSE-SU-2015:2219-1: moderate: Security update for openstack-nova Message-ID: <20151207181032.059EE32139@maintenance.suse.de> SUSE Security Update: Security update for openstack-nova ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2219-1 Rating: moderate References: #927625 #935017 #942457 #944178 #945923 #949070 #949529 Cross-References: CVE-2015-3241 CVE-2015-3280 CVE-2015-7713 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for openstack-nova provides various fixes and improvements: - Fix regression where launched instances in tenants not visible for other users. (bsc#927625) - Remove error messages from multipath command output before parsing. (bsc#949529) - Fix live-migration usage of the wrong connector information. - Added requirement for memcached to python-nova. (bsc#942457) - Don't expect meta attributes in object_compat that aren't in the db obj. (bsc#949070, CVE-2015-7713) - Delete orphaned instance files from compute nodes (bsc#944178, CVE-2015-3280) - Kill rsync/scp processes before deleting instance. (bsc#935017, CVE-2015-3241) - Sync process utils from oslo for execute callbacks. (bsc#935017, CVE-2015-3241) - Fix rebuild of an instance with a volume attached. - Fixes _cleanup_rbd code to capture ImageBusy exception. - Don't try to confine a non-NUMA instance. - Include blank volumes in the block device mapping (bsc#945923) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openstack-nova-12253=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): openstack-nova-2014.2.4~a0~dev80-20.1 openstack-nova-api-2014.2.4~a0~dev80-20.1 openstack-nova-cells-2014.2.4~a0~dev80-20.1 openstack-nova-cert-2014.2.4~a0~dev80-20.1 openstack-nova-compute-2014.2.4~a0~dev80-20.1 openstack-nova-conductor-2014.2.4~a0~dev80-20.1 openstack-nova-console-2014.2.4~a0~dev80-20.1 openstack-nova-consoleauth-2014.2.4~a0~dev80-20.1 openstack-nova-novncproxy-2014.2.4~a0~dev80-20.1 openstack-nova-objectstore-2014.2.4~a0~dev80-20.1 openstack-nova-scheduler-2014.2.4~a0~dev80-20.1 openstack-nova-serialproxy-2014.2.4~a0~dev80-20.1 openstack-nova-vncproxy-2014.2.4~a0~dev80-20.1 python-nova-2014.2.4~a0~dev80-20.1 - SUSE OpenStack Cloud 5 (noarch): openstack-nova-doc-2014.2.4~a0~dev80-20.1 References: https://www.suse.com/security/cve/CVE-2015-3241.html https://www.suse.com/security/cve/CVE-2015-3280.html https://www.suse.com/security/cve/CVE-2015-7713.html https://bugzilla.suse.com/927625 https://bugzilla.suse.com/935017 https://bugzilla.suse.com/942457 https://bugzilla.suse.com/944178 https://bugzilla.suse.com/945923 https://bugzilla.suse.com/949070 https://bugzilla.suse.com/949529 From sle-updates at lists.suse.com Mon Dec 7 11:12:12 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2015 19:12:12 +0100 (CET) Subject: SUSE-SU-2015:2220-1: moderate: Security update for openstack-nova and openstack-neutron Message-ID: <20151207181212.22D1F32139@maintenance.suse.de> SUSE Security Update: Security update for openstack-nova and openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2220-1 Rating: moderate References: #927625 #935017 #935263 #939691 #942457 #943648 #944178 #945923 #948704 #949070 #949529 Cross-References: CVE-2015-3221 CVE-2015-3241 CVE-2015-3280 CVE-2015-5240 CVE-2015-7713 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. Description: This update for openstack-nova and openstack-neutron provides various fixes and improvements. openstack-nova: - Fix instance filtering. (bsc#927625) - Remove error messages from multipath command output before parsing. (bsc#949529) - Fix live-migration usage of the wrong connector information. - Added requirement for memcached to python-nova. (bsc#942457) - Don't expect meta attributes in object_compat that aren't in the db obj. (bsc#949070, CVE-2015-7713) - Kill rsync/scp processes before deleting instance. (bsc#935017, CVE-2015-3241) - Sync process utils from oslo for execute callbacks. (bsc#935017, CVE-2015-3241) - Fix rebuild of an instance with a volume attached. - Fixes _cleanup_rbd code to capture ImageBusy exception. - Don't try to confine a non-NUMA instance. - Include blank volumes in the block device mapping (bsc#945923) - Delete orphaned instance files from compute nodes (bsc#944178, CVE-2015-3280) openstack-neutron: - Fix usage_audit to work with ML2. - Fix UDP offloading issue with virtio VMs. (bsc#948704) - Fix ipset can't be destroyed when last rule is deleted. - Add ARP spoofing protection for LinuxBridge agent. - Don't use ARP responder for IPv6 addresses in ovs. - Stop device_owner from being set to 'network:*'. (bsc#943648, CVE-2015-5240) - NSX-mh: use router_distributed flag. - NSX-mh: Failover controller connections on socket failures. - NSX-mh: Prevent failures on router delete. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-953=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): openstack-neutron-2014.2.4~a0~dev103-10.3 openstack-neutron-dhcp-agent-2014.2.4~a0~dev103-10.3 openstack-neutron-ha-tool-2014.2.4~a0~dev103-10.3 openstack-neutron-l3-agent-2014.2.4~a0~dev103-10.3 openstack-neutron-lbaas-agent-2014.2.4~a0~dev103-10.3 openstack-neutron-linuxbridge-agent-2014.2.4~a0~dev103-10.3 openstack-neutron-metadata-agent-2014.2.4~a0~dev103-10.3 openstack-neutron-metering-agent-2014.2.4~a0~dev103-10.3 openstack-neutron-openvswitch-agent-2014.2.4~a0~dev103-10.3 openstack-neutron-vpn-agent-2014.2.4~a0~dev103-10.3 openstack-nova-2014.2.4~a0~dev80-14.1 openstack-nova-compute-2014.2.4~a0~dev80-14.1 python-neutron-2014.2.4~a0~dev103-10.3 python-nova-2014.2.4~a0~dev80-14.1 python-python-memcached-1.54-2.1 References: https://www.suse.com/security/cve/CVE-2015-3221.html https://www.suse.com/security/cve/CVE-2015-3241.html https://www.suse.com/security/cve/CVE-2015-3280.html https://www.suse.com/security/cve/CVE-2015-5240.html https://www.suse.com/security/cve/CVE-2015-7713.html https://bugzilla.suse.com/927625 https://bugzilla.suse.com/935017 https://bugzilla.suse.com/935263 https://bugzilla.suse.com/939691 https://bugzilla.suse.com/942457 https://bugzilla.suse.com/943648 https://bugzilla.suse.com/944178 https://bugzilla.suse.com/945923 https://bugzilla.suse.com/948704 https://bugzilla.suse.com/949070 https://bugzilla.suse.com/949529 From sle-updates at lists.suse.com Mon Dec 7 11:14:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Dec 2015 19:14:27 +0100 (CET) Subject: SUSE-SU-2015:2221-1: moderate: Security update for wpa_supplicant Message-ID: <20151207181427.D6FE732139@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2221-1 Rating: moderate References: #930077 #930078 Cross-References: CVE-2015-4141 CVE-2015-4142 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: wpa_supplicant was updated to fix two security issues. These security issues were fixed: - CVE-2015-4142: Integer underflow in the WMM Action frame parser in hostapd and wpa_supplicant, when used for AP mode MLME/SME functionality, allowed remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read (bsc#930078). - CVE-2015-4141: The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), allowed remote attackers to cause a denial of service (crash) via a negative chunk length, which triggered an out-of-bounds read or heap-based buffer overflow (bsc#930077). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-wpa_supplicant-12252=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wpa_supplicant-12252=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-wpa_supplicant-12252=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-wpa_supplicant-12252=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-wpa_supplicant-12252=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): wpa_supplicant-0.7.1-6.17.4 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wpa_supplicant-0.7.1-6.17.4 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): wpa_supplicant-0.7.1-6.17.4 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): wpa_supplicant-0.7.1-6.17.4 wpa_supplicant-gui-0.7.1-6.17.4 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): wpa_supplicant-0.7.1-6.17.4 wpa_supplicant-gui-0.7.1-6.17.4 References: https://www.suse.com/security/cve/CVE-2015-4141.html https://www.suse.com/security/cve/CVE-2015-4142.html https://bugzilla.suse.com/930077 https://bugzilla.suse.com/930078 From sle-updates at lists.suse.com Tue Dec 8 10:10:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Dec 2015 18:10:37 +0100 (CET) Subject: SUSE-SU-2015:2230-1: moderate: Security update for openssl Message-ID: <20151208171037.32D2132139@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2230-1 Rating: moderate References: #954256 #957812 #957813 #957815 Cross-References: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for openssl fixes the following issues: Security fixes: - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed: - Improve S/390 performance on IBM z196 and z13 (bsc#954256) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-954=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-954=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-954=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libopenssl-devel-1.0.1i-36.1 openssl-debuginfo-1.0.1i-36.1 openssl-debugsource-1.0.1i-36.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-36.1 libopenssl1_0_0-debuginfo-1.0.1i-36.1 libopenssl1_0_0-hmac-1.0.1i-36.1 openssl-1.0.1i-36.1 openssl-debuginfo-1.0.1i-36.1 openssl-debugsource-1.0.1i-36.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-36.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-36.1 libopenssl1_0_0-hmac-32bit-1.0.1i-36.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): openssl-doc-1.0.1i-36.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libopenssl1_0_0-1.0.1i-36.1 libopenssl1_0_0-32bit-1.0.1i-36.1 libopenssl1_0_0-debuginfo-1.0.1i-36.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-36.1 openssl-1.0.1i-36.1 openssl-debuginfo-1.0.1i-36.1 openssl-debugsource-1.0.1i-36.1 References: https://www.suse.com/security/cve/CVE-2015-3194.html https://www.suse.com/security/cve/CVE-2015-3195.html https://www.suse.com/security/cve/CVE-2015-3196.html https://bugzilla.suse.com/954256 https://bugzilla.suse.com/957812 https://bugzilla.suse.com/957813 https://bugzilla.suse.com/957815 From sle-updates at lists.suse.com Tue Dec 8 18:10:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2015 02:10:31 +0100 (CET) Subject: SUSE-RU-2015:2233-1: Recommended update for Icinga Message-ID: <20151209011031.E000B31FCC@maintenance.suse.de> SUSE Recommended Update: Recommended update for Icinga ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2233-1 Rating: low References: #949785 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Icinga 1.13.3, which fixes the following issues: - Bug #7337: Only use SCHEDULE_HOST_DOWNTIME command for Icinga 2.x. - Bug #8130: Wrong values for percent_* when using hostgroup in availability report. - Bug #9106: Icinga no longer sending acknowledgement notifications. - Bug #9240: Invalid JSON for flapping threshold configuration. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2015-956=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (ppc64le s390x x86_64): icinga-1.13.3-8.3 icinga-debuginfo-1.13.3-8.3 icinga-debugsource-1.13.3-8.3 icinga-devel-1.13.3-8.3 icinga-doc-1.13.3-8.3 icinga-idoutils-1.13.3-8.3 icinga-idoutils-mysql-1.13.3-8.3 icinga-idoutils-oracle-1.13.3-8.3 icinga-idoutils-pgsql-1.13.3-8.3 icinga-plugins-downtimes-1.13.3-8.3 icinga-plugins-eventhandlers-1.13.3-8.3 icinga-www-1.13.3-8.3 icinga-www-config-1.13.3-8.3 monitoring-tools-1.13.3-8.3 References: https://bugzilla.suse.com/949785 From sle-updates at lists.suse.com Wed Dec 9 12:10:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2015 20:10:32 +0100 (CET) Subject: SUSE-SU-2015:2236-1: important: Security update for flash-player Message-ID: <20151209191032.BE5F0320F0@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2236-1 Rating: important References: #958324 Cross-References: CVE-2015-8045 CVE-2015-8047 CVE-2015-8048 CVE-2015-8049 CVE-2015-8050 CVE-2015-8055 CVE-2015-8056 CVE-2015-8057 CVE-2015-8058 CVE-2015-8059 CVE-2015-8060 CVE-2015-8061 CVE-2015-8062 CVE-2015-8063 CVE-2015-8064 CVE-2015-8065 CVE-2015-8066 CVE-2015-8067 CVE-2015-8068 CVE-2015-8069 CVE-2015-8070 CVE-2015-8071 CVE-2015-8401 CVE-2015-8402 CVE-2015-8403 CVE-2015-8404 CVE-2015-8405 CVE-2015-8406 CVE-2015-8407 CVE-2015-8408 CVE-2015-8409 CVE-2015-8410 CVE-2015-8411 CVE-2015-8412 CVE-2015-8413 CVE-2015-8414 CVE-2015-8415 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418 CVE-2015-8419 CVE-2015-8420 CVE-2015-8421 CVE-2015-8422 CVE-2015-8423 CVE-2015-8424 CVE-2015-8425 CVE-2015-8426 CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8430 CVE-2015-8431 CVE-2015-8432 CVE-2015-8433 CVE-2015-8434 CVE-2015-8435 CVE-2015-8436 CVE-2015-8437 CVE-2015-8438 CVE-2015-8439 CVE-2015-8440 CVE-2015-8441 CVE-2015-8442 CVE-2015-8443 CVE-2015-8444 CVE-2015-8445 CVE-2015-8446 CVE-2015-8447 CVE-2015-8448 CVE-2015-8449 CVE-2015-8450 CVE-2015-8451 CVE-2015-8452 CVE-2015-8453 CVE-2015-8454 CVE-2015-8455 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes 77 vulnerabilities is now available. Description: This update for flash-player to version 11.2.202.554 fixes the following security issues in Adobe security advisory APSB15-32. * These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-8438, CVE-2015-8446). * These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8455, CVE-2015-8045, CVE-2015-8418, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408). * These updates resolve security bypass vulnerabilities (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409). * These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-8407). * These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8439). * These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8445). * These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-8415) * These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, CVE-2015-8454, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447). Please also see https://helpx.adobe.com/security/products/flash-player/apsb15-32.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12254=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-12254=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.554-0.29.1 flash-player-gnome-11.2.202.554-0.29.1 flash-player-kde4-11.2.202.554-0.29.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.554-0.29.1 flash-player-gnome-11.2.202.554-0.29.1 flash-player-kde4-11.2.202.554-0.29.1 References: https://www.suse.com/security/cve/CVE-2015-8045.html https://www.suse.com/security/cve/CVE-2015-8047.html https://www.suse.com/security/cve/CVE-2015-8048.html https://www.suse.com/security/cve/CVE-2015-8049.html https://www.suse.com/security/cve/CVE-2015-8050.html https://www.suse.com/security/cve/CVE-2015-8055.html https://www.suse.com/security/cve/CVE-2015-8056.html https://www.suse.com/security/cve/CVE-2015-8057.html https://www.suse.com/security/cve/CVE-2015-8058.html https://www.suse.com/security/cve/CVE-2015-8059.html https://www.suse.com/security/cve/CVE-2015-8060.html https://www.suse.com/security/cve/CVE-2015-8061.html https://www.suse.com/security/cve/CVE-2015-8062.html https://www.suse.com/security/cve/CVE-2015-8063.html https://www.suse.com/security/cve/CVE-2015-8064.html https://www.suse.com/security/cve/CVE-2015-8065.html https://www.suse.com/security/cve/CVE-2015-8066.html https://www.suse.com/security/cve/CVE-2015-8067.html https://www.suse.com/security/cve/CVE-2015-8068.html https://www.suse.com/security/cve/CVE-2015-8069.html https://www.suse.com/security/cve/CVE-2015-8070.html https://www.suse.com/security/cve/CVE-2015-8071.html https://www.suse.com/security/cve/CVE-2015-8401.html https://www.suse.com/security/cve/CVE-2015-8402.html https://www.suse.com/security/cve/CVE-2015-8403.html https://www.suse.com/security/cve/CVE-2015-8404.html https://www.suse.com/security/cve/CVE-2015-8405.html https://www.suse.com/security/cve/CVE-2015-8406.html https://www.suse.com/security/cve/CVE-2015-8407.html https://www.suse.com/security/cve/CVE-2015-8408.html https://www.suse.com/security/cve/CVE-2015-8409.html https://www.suse.com/security/cve/CVE-2015-8410.html https://www.suse.com/security/cve/CVE-2015-8411.html https://www.suse.com/security/cve/CVE-2015-8412.html https://www.suse.com/security/cve/CVE-2015-8413.html https://www.suse.com/security/cve/CVE-2015-8414.html https://www.suse.com/security/cve/CVE-2015-8415.html https://www.suse.com/security/cve/CVE-2015-8416.html https://www.suse.com/security/cve/CVE-2015-8417.html https://www.suse.com/security/cve/CVE-2015-8418.html https://www.suse.com/security/cve/CVE-2015-8419.html https://www.suse.com/security/cve/CVE-2015-8420.html https://www.suse.com/security/cve/CVE-2015-8421.html https://www.suse.com/security/cve/CVE-2015-8422.html https://www.suse.com/security/cve/CVE-2015-8423.html https://www.suse.com/security/cve/CVE-2015-8424.html https://www.suse.com/security/cve/CVE-2015-8425.html https://www.suse.com/security/cve/CVE-2015-8426.html https://www.suse.com/security/cve/CVE-2015-8427.html https://www.suse.com/security/cve/CVE-2015-8428.html https://www.suse.com/security/cve/CVE-2015-8429.html https://www.suse.com/security/cve/CVE-2015-8430.html https://www.suse.com/security/cve/CVE-2015-8431.html https://www.suse.com/security/cve/CVE-2015-8432.html https://www.suse.com/security/cve/CVE-2015-8433.html https://www.suse.com/security/cve/CVE-2015-8434.html https://www.suse.com/security/cve/CVE-2015-8435.html https://www.suse.com/security/cve/CVE-2015-8436.html https://www.suse.com/security/cve/CVE-2015-8437.html https://www.suse.com/security/cve/CVE-2015-8438.html https://www.suse.com/security/cve/CVE-2015-8439.html https://www.suse.com/security/cve/CVE-2015-8440.html https://www.suse.com/security/cve/CVE-2015-8441.html https://www.suse.com/security/cve/CVE-2015-8442.html https://www.suse.com/security/cve/CVE-2015-8443.html https://www.suse.com/security/cve/CVE-2015-8444.html https://www.suse.com/security/cve/CVE-2015-8445.html https://www.suse.com/security/cve/CVE-2015-8446.html https://www.suse.com/security/cve/CVE-2015-8447.html https://www.suse.com/security/cve/CVE-2015-8448.html https://www.suse.com/security/cve/CVE-2015-8449.html https://www.suse.com/security/cve/CVE-2015-8450.html https://www.suse.com/security/cve/CVE-2015-8451.html https://www.suse.com/security/cve/CVE-2015-8452.html https://www.suse.com/security/cve/CVE-2015-8453.html https://www.suse.com/security/cve/CVE-2015-8454.html https://www.suse.com/security/cve/CVE-2015-8455.html https://bugzilla.suse.com/958324 From sle-updates at lists.suse.com Wed Dec 9 12:10:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Dec 2015 20:10:52 +0100 (CET) Subject: SUSE-SU-2015:2237-1: moderate: Security update for openssl Message-ID: <20151209191052.CC27C32139@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2237-1 Rating: moderate References: #937085 #947104 #954256 #957812 #957813 #957815 Cross-References: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for openssl fixes the following issues: Security fixes: - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed: - Clear the error after setting non-fips mode (bsc#947104) - Improve S/390 performance on IBM z196 and z13 (bsc#954256) - Add support for "ciphers" providing no encryption (bsc#937085) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-958=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-958=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-958=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libopenssl-devel-1.0.1i-27.6.1 openssl-debuginfo-1.0.1i-27.6.1 openssl-debugsource-1.0.1i-27.6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-27.6.1 libopenssl1_0_0-debuginfo-1.0.1i-27.6.1 libopenssl1_0_0-hmac-1.0.1i-27.6.1 openssl-1.0.1i-27.6.1 openssl-debuginfo-1.0.1i-27.6.1 openssl-debugsource-1.0.1i-27.6.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-27.6.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.6.1 libopenssl1_0_0-hmac-32bit-1.0.1i-27.6.1 - SUSE Linux Enterprise Server 12 (noarch): openssl-doc-1.0.1i-27.6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libopenssl1_0_0-1.0.1i-27.6.1 libopenssl1_0_0-32bit-1.0.1i-27.6.1 libopenssl1_0_0-debuginfo-1.0.1i-27.6.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.6.1 openssl-1.0.1i-27.6.1 openssl-debuginfo-1.0.1i-27.6.1 openssl-debugsource-1.0.1i-27.6.1 References: https://www.suse.com/security/cve/CVE-2015-3194.html https://www.suse.com/security/cve/CVE-2015-3195.html https://www.suse.com/security/cve/CVE-2015-3196.html https://bugzilla.suse.com/937085 https://bugzilla.suse.com/947104 https://bugzilla.suse.com/954256 https://bugzilla.suse.com/957812 https://bugzilla.suse.com/957813 https://bugzilla.suse.com/957815 From sle-updates at lists.suse.com Thu Dec 10 07:10:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2015 15:10:21 +0100 (CET) Subject: SUSE-SU-2015:2247-1: important: Security update for flash-player Message-ID: <20151210141021.E8132320F0@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2247-1 Rating: important References: #958324 Cross-References: CVE-2015-8045 CVE-2015-8047 CVE-2015-8048 CVE-2015-8049 CVE-2015-8050 CVE-2015-8055 CVE-2015-8056 CVE-2015-8057 CVE-2015-8058 CVE-2015-8059 CVE-2015-8060 CVE-2015-8061 CVE-2015-8062 CVE-2015-8063 CVE-2015-8064 CVE-2015-8065 CVE-2015-8066 CVE-2015-8067 CVE-2015-8068 CVE-2015-8069 CVE-2015-8070 CVE-2015-8071 CVE-2015-8401 CVE-2015-8402 CVE-2015-8403 CVE-2015-8404 CVE-2015-8405 CVE-2015-8406 CVE-2015-8407 CVE-2015-8408 CVE-2015-8409 CVE-2015-8410 CVE-2015-8411 CVE-2015-8412 CVE-2015-8413 CVE-2015-8414 CVE-2015-8415 CVE-2015-8416 CVE-2015-8417 CVE-2015-8418 CVE-2015-8419 CVE-2015-8420 CVE-2015-8421 CVE-2015-8422 CVE-2015-8423 CVE-2015-8424 CVE-2015-8425 CVE-2015-8426 CVE-2015-8427 CVE-2015-8428 CVE-2015-8429 CVE-2015-8430 CVE-2015-8431 CVE-2015-8432 CVE-2015-8433 CVE-2015-8434 CVE-2015-8435 CVE-2015-8436 CVE-2015-8437 CVE-2015-8438 CVE-2015-8439 CVE-2015-8440 CVE-2015-8441 CVE-2015-8442 CVE-2015-8443 CVE-2015-8444 CVE-2015-8445 CVE-2015-8446 CVE-2015-8447 CVE-2015-8448 CVE-2015-8449 CVE-2015-8450 CVE-2015-8451 CVE-2015-8452 CVE-2015-8453 CVE-2015-8454 CVE-2015-8455 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 77 vulnerabilities is now available. Description: This update for flash-player to version 11.2.202.554 fixes the following security issues in Adobe security advisory APSB15-32. * These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-8438, CVE-2015-8446). * These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8455, CVE-2015-8045, CVE-2015-8418, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408). * These updates resolve security bypass vulnerabilities (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409). * These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-8407). * These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8439). * These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8445). * These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-8415) * These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, CVE-2015-8454, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447). Please also see https://helpx.adobe.com/security/products/flash-player/apsb15-32.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2015-959=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-959=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-959=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-959=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.554-114.1 flash-player-gnome-11.2.202.554-114.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.554-114.1 flash-player-gnome-11.2.202.554-114.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.554-114.1 flash-player-gnome-11.2.202.554-114.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.554-114.1 flash-player-gnome-11.2.202.554-114.1 References: https://www.suse.com/security/cve/CVE-2015-8045.html https://www.suse.com/security/cve/CVE-2015-8047.html https://www.suse.com/security/cve/CVE-2015-8048.html https://www.suse.com/security/cve/CVE-2015-8049.html https://www.suse.com/security/cve/CVE-2015-8050.html https://www.suse.com/security/cve/CVE-2015-8055.html https://www.suse.com/security/cve/CVE-2015-8056.html https://www.suse.com/security/cve/CVE-2015-8057.html https://www.suse.com/security/cve/CVE-2015-8058.html https://www.suse.com/security/cve/CVE-2015-8059.html https://www.suse.com/security/cve/CVE-2015-8060.html https://www.suse.com/security/cve/CVE-2015-8061.html https://www.suse.com/security/cve/CVE-2015-8062.html https://www.suse.com/security/cve/CVE-2015-8063.html https://www.suse.com/security/cve/CVE-2015-8064.html https://www.suse.com/security/cve/CVE-2015-8065.html https://www.suse.com/security/cve/CVE-2015-8066.html https://www.suse.com/security/cve/CVE-2015-8067.html https://www.suse.com/security/cve/CVE-2015-8068.html https://www.suse.com/security/cve/CVE-2015-8069.html https://www.suse.com/security/cve/CVE-2015-8070.html https://www.suse.com/security/cve/CVE-2015-8071.html https://www.suse.com/security/cve/CVE-2015-8401.html https://www.suse.com/security/cve/CVE-2015-8402.html https://www.suse.com/security/cve/CVE-2015-8403.html https://www.suse.com/security/cve/CVE-2015-8404.html https://www.suse.com/security/cve/CVE-2015-8405.html https://www.suse.com/security/cve/CVE-2015-8406.html https://www.suse.com/security/cve/CVE-2015-8407.html https://www.suse.com/security/cve/CVE-2015-8408.html https://www.suse.com/security/cve/CVE-2015-8409.html https://www.suse.com/security/cve/CVE-2015-8410.html https://www.suse.com/security/cve/CVE-2015-8411.html https://www.suse.com/security/cve/CVE-2015-8412.html https://www.suse.com/security/cve/CVE-2015-8413.html https://www.suse.com/security/cve/CVE-2015-8414.html https://www.suse.com/security/cve/CVE-2015-8415.html https://www.suse.com/security/cve/CVE-2015-8416.html https://www.suse.com/security/cve/CVE-2015-8417.html https://www.suse.com/security/cve/CVE-2015-8418.html https://www.suse.com/security/cve/CVE-2015-8419.html https://www.suse.com/security/cve/CVE-2015-8420.html https://www.suse.com/security/cve/CVE-2015-8421.html https://www.suse.com/security/cve/CVE-2015-8422.html https://www.suse.com/security/cve/CVE-2015-8423.html https://www.suse.com/security/cve/CVE-2015-8424.html https://www.suse.com/security/cve/CVE-2015-8425.html https://www.suse.com/security/cve/CVE-2015-8426.html https://www.suse.com/security/cve/CVE-2015-8427.html https://www.suse.com/security/cve/CVE-2015-8428.html https://www.suse.com/security/cve/CVE-2015-8429.html https://www.suse.com/security/cve/CVE-2015-8430.html https://www.suse.com/security/cve/CVE-2015-8431.html https://www.suse.com/security/cve/CVE-2015-8432.html https://www.suse.com/security/cve/CVE-2015-8433.html https://www.suse.com/security/cve/CVE-2015-8434.html https://www.suse.com/security/cve/CVE-2015-8435.html https://www.suse.com/security/cve/CVE-2015-8436.html https://www.suse.com/security/cve/CVE-2015-8437.html https://www.suse.com/security/cve/CVE-2015-8438.html https://www.suse.com/security/cve/CVE-2015-8439.html https://www.suse.com/security/cve/CVE-2015-8440.html https://www.suse.com/security/cve/CVE-2015-8441.html https://www.suse.com/security/cve/CVE-2015-8442.html https://www.suse.com/security/cve/CVE-2015-8443.html https://www.suse.com/security/cve/CVE-2015-8444.html https://www.suse.com/security/cve/CVE-2015-8445.html https://www.suse.com/security/cve/CVE-2015-8446.html https://www.suse.com/security/cve/CVE-2015-8447.html https://www.suse.com/security/cve/CVE-2015-8448.html https://www.suse.com/security/cve/CVE-2015-8449.html https://www.suse.com/security/cve/CVE-2015-8450.html https://www.suse.com/security/cve/CVE-2015-8451.html https://www.suse.com/security/cve/CVE-2015-8452.html https://www.suse.com/security/cve/CVE-2015-8453.html https://www.suse.com/security/cve/CVE-2015-8454.html https://www.suse.com/security/cve/CVE-2015-8455.html https://bugzilla.suse.com/958324 From sle-updates at lists.suse.com Thu Dec 10 10:12:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2015 18:12:38 +0100 (CET) Subject: SUSE-SU-2015:2251-1: moderate: Security update for compat-openssl097g Message-ID: <20151210171238.D151032139@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2251-1 Rating: moderate References: #952099 #957812 Cross-References: CVE-2015-3195 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 SUSE Linux Enterprise Server for SAP 11-SP3 SUSE Linux Enterprise Server for SAP 11-SP2 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for compat-openssl097g fixes the following issues: Security issue fixed: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) A non security issue fixed: - Prevent segfault in s_client with invalid options (bsc#952099) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-compat-openssl097g-12255=1 - SUSE Linux Enterprise Server for SAP 11-SP3: zypper in -t patch slesappsp3-compat-openssl097g-12255=1 - SUSE Linux Enterprise Server for SAP 11-SP2: zypper in -t patch slesapp2-compat-openssl097g-12255=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-compat-openssl097g-12255=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-compat-openssl097g-12255=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-compat-openssl097g-12255=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-compat-openssl097g-12255=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-compat-openssl097g-12255=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (ppc64 x86_64): compat-openssl097g-0.9.7g-146.22.36.1 compat-openssl097g-32bit-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Server for SAP 11-SP3 (x86_64): compat-openssl097g-0.9.7g-146.22.36.1 compat-openssl097g-32bit-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Server for SAP 11-SP2 (x86_64): compat-openssl097g-0.9.7g-146.22.36.1 compat-openssl097g-32bit-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): compat-openssl097g-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): compat-openssl097g-32bit-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): compat-openssl097g-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): compat-openssl097g-32bit-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): compat-openssl097g-debuginfo-0.9.7g-146.22.36.1 compat-openssl097g-debugsource-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): compat-openssl097g-debuginfo-32bit-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): compat-openssl097g-debuginfo-0.9.7g-146.22.36.1 compat-openssl097g-debugsource-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): compat-openssl097g-debuginfo-32bit-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): compat-openssl097g-debuginfo-0.9.7g-146.22.36.1 compat-openssl097g-debugsource-0.9.7g-146.22.36.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (x86_64): compat-openssl097g-debuginfo-32bit-0.9.7g-146.22.36.1 References: https://www.suse.com/security/cve/CVE-2015-3195.html https://bugzilla.suse.com/952099 https://bugzilla.suse.com/957812 From sle-updates at lists.suse.com Thu Dec 10 10:13:16 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Dec 2015 18:13:16 +0100 (CET) Subject: SUSE-RU-2015:2252-1: Optional update for the first kernel live patch Message-ID: <20151210171316.D2CC732139@maintenance.suse.de> SUSE Recommended Update: Optional update for the first kernel live patch ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2252-1 Rating: low References: #946997 #954955 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This is initial kGraft patch for the first SUSE Linux Enterprise 12 SP1 kernel, matching the kernel released with the GMC media. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-961=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_49-11-default-1-2.1 kgraft-patch-3_12_49-11-xen-1-2.1 References: https://bugzilla.suse.com/946997 https://bugzilla.suse.com/954955 From sle-updates at lists.suse.com Fri Dec 11 12:10:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Dec 2015 20:10:48 +0100 (CET) Subject: SUSE-SU-2015:2253-1: moderate: Security update for openssl Message-ID: <20151211191048.EC49A320F0@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2253-1 Rating: moderate References: #937085 #954256 #957812 #957813 #957815 Cross-References: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 Affected Products: SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for openssl fixes the following issues: Security fixes: - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815) - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813) Non security bugs fixed: - Improve S/390 performance on IBM z196 and z13 (bsc#954256) - Add support for "ciphers" providing no encryption (bsc#937085) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-12256=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl1-12256=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.35.1 libopenssl1_0_0-1.0.1g-0.35.1 openssl1-1.0.1g-0.35.1 openssl1-doc-1.0.1g-0.35.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.35.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): openssl1-debuginfo-1.0.1g-0.35.1 openssl1-debugsource-1.0.1g-0.35.1 References: https://www.suse.com/security/cve/CVE-2015-3194.html https://www.suse.com/security/cve/CVE-2015-3195.html https://www.suse.com/security/cve/CVE-2015-3196.html https://bugzilla.suse.com/937085 https://bugzilla.suse.com/954256 https://bugzilla.suse.com/957812 https://bugzilla.suse.com/957813 https://bugzilla.suse.com/957815 From sle-updates at lists.suse.com Mon Dec 14 06:10:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Dec 2015 14:10:45 +0100 (CET) Subject: SUSE-RU-2015:2265-1: moderate: Recommended update for SUSE Manager Server 2.1 Message-ID: <20151214131045.A6A2B320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2265-1 Rating: moderate References: #949285 #949726 Affected Products: SUSE Manager 2.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update includes the following new features: susemanager-sync-data: - Support for SLE12 SP1 product family (bsc#949726) - Add SUSE Enterprise Storage 2 (bsc#949285) susemanager: - Add SLE-12-SP1 to mgr-create-bootstrap-repo (bsc#949726) zypp-plugin-spacewalk: - Support distribution upgrade with --no-allow-vendor-change for sle12 (fate#319128) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-suse-manager-21-201510-12257=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (s390x x86_64): susemanager-2.1.22-15.1 susemanager-tools-2.1.22-15.1 zypp-plugin-spacewalk-0.9.11-15.1 - SUSE Manager 2.1 (noarch): susemanager-sync-data-2.1.10-15.1 References: https://bugzilla.suse.com/949285 https://bugzilla.suse.com/949726 From sle-updates at lists.suse.com Mon Dec 14 06:11:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Dec 2015 14:11:19 +0100 (CET) Subject: SUSE-RU-2015:2266-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20151214131119.D938132139@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2266-1 Rating: moderate References: #949726 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update includes the following new features: zypp-plugin-spacewalk: - Support distribution upgrade with --no-allow-vendor-change for sle12 (fate#319128) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2015-964=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (ppc64le s390x x86_64): zypp-plugin-spacewalk-0.9.11-17.1 References: https://bugzilla.suse.com/949726 From sle-updates at lists.suse.com Mon Dec 14 06:11:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Dec 2015 14:11:52 +0100 (CET) Subject: SUSE-RU-2015:2267-1: Recommended update for SUSE Manager Client Tools Message-ID: <20151214131152.0F02C32139@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2267-1 Rating: low References: #949726 Affected Products: SUSE Manager Proxy 2.1 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update includes the following new features: zypp-plugin-spacewalk: - Support distribution upgrade with --no-allow-vendor-change for sle12 (fate#319128) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-suse-manager-proxy-21-201510-12257=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-susemanager-sles-21-201510-12257=1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201510-12257=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-susemanager-sles-21-201510-12257=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201510-12257=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-susemanager-sles-21-201510-12257=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-susemanager-sles-21-201510-12257=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-susemanager-sles-21-201510-12257=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 2.1 (x86_64): zypp-plugin-spacewalk-0.9.11-15.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): zypp-plugin-spacewalk-0.9.11-15.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): zypp-plugin-spacewalk-0.9.11-15.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): zypp-plugin-spacewalk-0.9.11-15.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): zypp-plugin-spacewalk-0.9.11-15.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): zypp-plugin-spacewalk-0.9.11-15.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): zypp-plugin-spacewalk-0.9.11-15.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): zypp-plugin-spacewalk-0.9.11-15.1 References: https://bugzilla.suse.com/949726 From sle-updates at lists.suse.com Mon Dec 14 09:10:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Dec 2015 17:10:31 +0100 (CET) Subject: SUSE-SU-2015:2268-1: important: Security update for java-1_8_0-ibm Message-ID: <20151214161031.1318D320F0@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2268-1 Rating: important References: #941939 #955131 Cross-References: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Version update to 8.0-2.0 (bsc#955131): CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir. - Provide %{name} instead of %{sdklnk} only in _jvmprivdir. (bsc#941939) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-965=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-965=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr2.0-4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr2.0-4.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr2.0-4.1 java-1_8_0-ibm-plugin-1.8.0_sr2.0-4.1 References: https://www.suse.com/security/cve/CVE-2015-4734.html https://www.suse.com/security/cve/CVE-2015-4803.html https://www.suse.com/security/cve/CVE-2015-4805.html https://www.suse.com/security/cve/CVE-2015-4806.html https://www.suse.com/security/cve/CVE-2015-4810.html https://www.suse.com/security/cve/CVE-2015-4835.html https://www.suse.com/security/cve/CVE-2015-4840.html https://www.suse.com/security/cve/CVE-2015-4842.html https://www.suse.com/security/cve/CVE-2015-4843.html https://www.suse.com/security/cve/CVE-2015-4844.html https://www.suse.com/security/cve/CVE-2015-4860.html https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-4872.html https://www.suse.com/security/cve/CVE-2015-4882.html https://www.suse.com/security/cve/CVE-2015-4883.html https://www.suse.com/security/cve/CVE-2015-4893.html https://www.suse.com/security/cve/CVE-2015-4902.html https://www.suse.com/security/cve/CVE-2015-4903.html https://www.suse.com/security/cve/CVE-2015-4911.html https://www.suse.com/security/cve/CVE-2015-5006.html https://bugzilla.suse.com/941939 https://bugzilla.suse.com/955131 From sle-updates at lists.suse.com Mon Dec 14 09:11:04 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Dec 2015 17:11:04 +0100 (CET) Subject: SUSE-SU-2015:2168-2: important: Security update for java-1_7_1-ibm Message-ID: <20151214161104.CCA8A32139@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2168-2 Rating: important References: #941939 #955131 Cross-References: CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: The java-1_7_1-ibm package was updated to versioin 7.1-3.20 to fix several security and non security issues: - bnc#955131: Version update to 7.1-3.20: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 - Add backcompat symlinks for sdkdir - bnc#941939: Fix to provide %{name} instead of %{sdklnk} only in _jvmprivdir Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-920=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-920=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.20-18.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.20-18.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.20-18.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.20-18.1 java-1_7_1-ibm-plugin-1.7.1_sr3.20-18.1 References: https://www.suse.com/security/cve/CVE-2015-0204.html https://www.suse.com/security/cve/CVE-2015-0458.html https://www.suse.com/security/cve/CVE-2015-0459.html https://www.suse.com/security/cve/CVE-2015-0469.html https://www.suse.com/security/cve/CVE-2015-0477.html https://www.suse.com/security/cve/CVE-2015-0478.html https://www.suse.com/security/cve/CVE-2015-0480.html https://www.suse.com/security/cve/CVE-2015-0488.html https://www.suse.com/security/cve/CVE-2015-0491.html https://www.suse.com/security/cve/CVE-2015-4734.html https://www.suse.com/security/cve/CVE-2015-4803.html https://www.suse.com/security/cve/CVE-2015-4805.html https://www.suse.com/security/cve/CVE-2015-4806.html https://www.suse.com/security/cve/CVE-2015-4810.html https://www.suse.com/security/cve/CVE-2015-4835.html https://www.suse.com/security/cve/CVE-2015-4840.html https://www.suse.com/security/cve/CVE-2015-4842.html https://www.suse.com/security/cve/CVE-2015-4843.html https://www.suse.com/security/cve/CVE-2015-4844.html https://www.suse.com/security/cve/CVE-2015-4860.html https://www.suse.com/security/cve/CVE-2015-4871.html https://www.suse.com/security/cve/CVE-2015-4872.html https://www.suse.com/security/cve/CVE-2015-4882.html https://www.suse.com/security/cve/CVE-2015-4883.html https://www.suse.com/security/cve/CVE-2015-4893.html https://www.suse.com/security/cve/CVE-2015-4902.html https://www.suse.com/security/cve/CVE-2015-4903.html https://www.suse.com/security/cve/CVE-2015-4911.html https://www.suse.com/security/cve/CVE-2015-5006.html https://bugzilla.suse.com/941939 https://bugzilla.suse.com/955131 From sle-updates at lists.suse.com Mon Dec 14 15:10:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Dec 2015 23:10:25 +0100 (CET) Subject: SUSE-RU-2015:2269-1: moderate: Recommended update for yast2-registration and SUSEConnect Message-ID: <20151214221025.E7DE7320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration and SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2269-1 Rating: moderate References: #934582 #939293 #941303 #941402 #941403 #941491 #941532 #941563 #941565 #941739 #942843 #942892 #943451 #943466 #943568 #943636 #943960 #944089 #944510 #945028 #945462 #946004 #946200 #946488 #948363 #949424 #949934 #950233 #950795 #953536 #954266 #954412 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 32 recommended fixes can now be installed. Description: SUSEConnect and yast2-registration have been enhanced with a set of features to enable Service Pack migration. yast2-registration: - Added support for online migration, the registration part handles the service upgrade and migration repository management. (fate#315161) - Make sure the base product is downgraded first when doing a migration rollback. (fate#315161) - Restore the original product registration when online migration is aborted. (fate#315161) - Use "zypper dup --no-vendor-change" equivalent for online migration. (fate#319138) - Adapt module to new version of SUSEConnect. (fate#318800) - Always enable update repositories for modules during online migration. (bsc#953536) - Fix crash at the end of AutoYaST configuration's workflow. (bsc#949934) - Fix crash due to undefined method when upgrading installed addon. (bsc#950795) - AutoYaST: Take registration server from AutoYaST configuration file and set it in /etc/SUSEConnect. (bsc#943466, bsc#950233) - Restore the original $releasever value and refresh the repositories when online migration is aborted. (bsc#948363) - Do not crash when a repository cannot be accessed, ask the user to skip it or abort the online migration. (bsc#946200) - Check whether the system is registered before running online migration. (bsc#946004) - Set the selected repository states in the manual repository selection dialog before starting the full repository management module. - Specific migration repositories are not used in SLE12, use better wording. (bsc#944510) - Set $releasever URL variable to the new base product during online migration. (bsc#941563) - Display short product names instead of the internal identifiers in the migration selection dialog. (bsc#945028) - Restore (enable) the Updates repositories at the end of the migration workflow. (bsc#943960) - Fix syntax error. (bsc#944089) - Make the migration selection widget smaller to have more space for details when only a few migrations are available. (bsc#943636) - Keep the original NCCCredentials file permissions when upgrading from SLE11. (bsc#943568) - Better wording in the "install updates" popup. (bsc#942843) - Handle not available products when using SMT for running online migration. (bsc#942892) - Fix registering a product with POOL flavor. (bsc#941402) - Avoid possible ID duplicates when an add-on with multiple versions is displayed. - Improve user messages when registration does not happen during installation. (bsc#941403, bsc#941739) - Catch exceptions also when loading the available extensions. (bsc#941491) - Reload the packages after modifying the repository setup. (bsc#941532) - Fix validation of AutoYaST profiles. (bsc#954412) SUSEConnect: - Add --rollback option to SUSEConnect. (fate#319114) - Add find_products method to migration abstraction layer. (fate#319140) - Update manpages to match the latest CLI options - Silently ignore malformed lscpu lines instead of failing (bnc#954266) - zypper migration slow with lots of modules and extensions registered. (bsc#945462) - Allow registration without system uid (dmidecode fails on qemu system). (bsc#934582) - Ensure version of SUSEConnect is bumped in order to be able to distinct requests from affected YaST version in SCC API. (bsc#949424) - Fix migration failure when "zypper search" returns empty list. (bsc#943451) - Synchronization API call returns "no implicit conversion of Symbol into Integer" error. (bsc#946488) - Fix zypper migration not using --releasever. (bsc#941565) - Improve hwinfo detection on physical s390 systems. - Fix "Undefined method 'strip' for nil:NilClass" error. (bsc#939293) - Fix baseproduct mismatch in migration rollback. (bsc#941303) - Fix add_service method which also creates the credentials files - Implement new --cleanup option to remove old system credentials and all zypper services installed by SUSEConnect. - Implement new --namespace option to forward SMT staging environment to proxy registration server. - Use C locale for all the syscalls, fixing output parsing issues in some locales. - In case of wrong registration code, provide meaningful message back to the user. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-967=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-967=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): SUSEConnect-0.2.30-9.8.1 - SUSE Linux Enterprise Server 12 (noarch): yast2-registration-3.1.129.16-28.1 - SUSE Linux Enterprise Desktop 12 (x86_64): SUSEConnect-0.2.30-9.8.1 - SUSE Linux Enterprise Desktop 12 (noarch): yast2-registration-3.1.129.16-28.1 References: https://bugzilla.suse.com/934582 https://bugzilla.suse.com/939293 https://bugzilla.suse.com/941303 https://bugzilla.suse.com/941402 https://bugzilla.suse.com/941403 https://bugzilla.suse.com/941491 https://bugzilla.suse.com/941532 https://bugzilla.suse.com/941563 https://bugzilla.suse.com/941565 https://bugzilla.suse.com/941739 https://bugzilla.suse.com/942843 https://bugzilla.suse.com/942892 https://bugzilla.suse.com/943451 https://bugzilla.suse.com/943466 https://bugzilla.suse.com/943568 https://bugzilla.suse.com/943636 https://bugzilla.suse.com/943960 https://bugzilla.suse.com/944089 https://bugzilla.suse.com/944510 https://bugzilla.suse.com/945028 https://bugzilla.suse.com/945462 https://bugzilla.suse.com/946004 https://bugzilla.suse.com/946200 https://bugzilla.suse.com/946488 https://bugzilla.suse.com/948363 https://bugzilla.suse.com/949424 https://bugzilla.suse.com/949934 https://bugzilla.suse.com/950233 https://bugzilla.suse.com/950795 https://bugzilla.suse.com/953536 https://bugzilla.suse.com/954266 https://bugzilla.suse.com/954412 From sle-updates at lists.suse.com Mon Dec 14 15:16:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Dec 2015 23:16:31 +0100 (CET) Subject: SUSE-RU-2015:2270-1: SLE 12 SP migration enablement Message-ID: <20151214221631.21DFA32139@maintenance.suse.de> SUSE Recommended Update: SLE 12 SP migration enablement ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2270-1 Rating: low References: #880701 #897129 #941539 #944019 #955400 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update provides the necessary package for performing a Service Pack migration on SUSE Linux Enterprise 12. It contains the following packages and changes: yast2-migration: The initial package of yast2-migration which provides a YaST2 module for migrating to a newer Service Pack if it's available. This package is installed automatically whenever an update is performed. zypper-migration-plugin: A plugin which provides migration functionality to zypper. This package is installed automatically whenever an update is performed. yast2: - Avoid too many snapshots created during the online migration. (bsc#944019) - Fixed clipped labels in Arabic on some widgets. (bsc#880701) - AutoYaST will no longer ignore firewall settings if keep_install_network is enabled. (bsc#897129) - Add a default value for firewall setting FW_BOOT_INIT_FULL. (bsc#955400) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-966=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-966=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-966=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): yast2-devel-doc-3.1.108.11-14.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): yast2-3.1.108.11-14.3 - SUSE Linux Enterprise Server 12 (noarch): yast2-migration-3.1.0.12-3.1 zypper-migration-plugin-0.8-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): yast2-3.1.108.11-14.3 - SUSE Linux Enterprise Desktop 12 (noarch): yast2-migration-3.1.0.12-3.1 zypper-migration-plugin-0.8-7.1 References: https://bugzilla.suse.com/880701 https://bugzilla.suse.com/897129 https://bugzilla.suse.com/941539 https://bugzilla.suse.com/944019 https://bugzilla.suse.com/955400 From sle-updates at lists.suse.com Tue Dec 15 12:10:30 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Dec 2015 20:10:30 +0100 (CET) Subject: SUSE-RU-2015:2271-1: Recommended update for ethtool Message-ID: <20151215191030.B94C032139@maintenance.suse.de> SUSE Recommended Update: Recommended update for ethtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2271-1 Rating: low References: #927309 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The list of advertised speed modes recognized by Ethtool has been updated to include the following full-duplex modes: 56000baseKR4, 56000baseCR4, 56000baseSR4, 56000baseLR4 and 10000baseKX4. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ethtool-12259=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-ethtool-12259=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ethtool-12259=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ethtool-6.2.6.39-0.29.3 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): ethtool-6.2.6.39-0.29.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ethtool-debuginfo-6.2.6.39-0.29.3 ethtool-debugsource-6.2.6.39-0.29.3 References: https://bugzilla.suse.com/927309 From sle-updates at lists.suse.com Tue Dec 15 13:10:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Dec 2015 21:10:38 +0100 (CET) Subject: SUSE-RU-2015:2273-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20151215201038.5881E32139@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2273-1 Rating: moderate References: #958402 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Continue to register other products even if one fails. (bsc#958402) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-971=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-6.4.3-26.1 cloud-regionsrv-client-generic-config-1.0.0-26.1 cloud-regionsrv-client-plugin-gce-1.0.0-26.1 References: https://bugzilla.suse.com/958402 From sle-updates at lists.suse.com Tue Dec 15 17:10:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Dec 2015 01:10:41 +0100 (CET) Subject: SUSE-SU-2015:2274-1: moderate: Security update for rubygem-rack Message-ID: <20151216001041.4C5C831FCC@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rack ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2274-1 Rating: moderate References: #934797 Cross-References: CVE-2015-3225 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: rubygem-rack was updated to fix one security issue. This security issue was fixed: - CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service (bsc#934797). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-rack-12261=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-rack-1.5.2-9.6 References: https://www.suse.com/security/cve/CVE-2015-3225.html https://bugzilla.suse.com/934797 From sle-updates at lists.suse.com Tue Dec 15 17:11:12 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Dec 2015 01:11:12 +0100 (CET) Subject: SUSE-SU-2015:2275-1: moderate: Security update for openssl Message-ID: <20151216001112.C7E0F32139@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2275-1 Rating: moderate References: #952099 #957812 Cross-References: CVE-2015-3195 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openssl fixes the following issues: - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) - Prevent segfault in s_client with invalid options (bsc#952099) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-openssl-12264=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openssl-12264=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-openssl-12264=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-openssl-12264=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssl-12264=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-openssl-12264=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-openssl-12264=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-openssl-12264=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-openssl-12264=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-12264=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-12264=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-openssl-12264=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.80.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.80.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.80.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.80.1 libopenssl0_9_8-hmac-0.9.8j-0.80.1 openssl-0.9.8j-0.80.1 openssl-doc-0.9.8j-0.80.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.80.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.80.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.80.1 libopenssl0_9_8-hmac-0.9.8j-0.80.1 openssl-0.9.8j-0.80.1 openssl-doc-0.9.8j-0.80.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.80.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.80.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libopenssl0_9_8-x86-0.9.8j-0.80.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.80.1 libopenssl0_9_8-hmac-0.9.8j-0.80.1 openssl-0.9.8j-0.80.1 openssl-doc-0.9.8j-0.80.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.80.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.80.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libopenssl0_9_8-x86-0.9.8j-0.80.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.80.1 libopenssl0_9_8-0.9.8j-0.80.1 libopenssl0_9_8-hmac-0.9.8j-0.80.1 openssl-0.9.8j-0.80.1 openssl-doc-0.9.8j-0.80.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.80.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.80.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.80.1 openssl-0.9.8j-0.80.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.80.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.80.1 openssl-0.9.8j-0.80.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.80.1 openssl-debugsource-0.9.8j-0.80.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.80.1 openssl-debugsource-0.9.8j-0.80.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.80.1 openssl-debugsource-0.9.8j-0.80.1 References: https://www.suse.com/security/cve/CVE-2015-3195.html https://bugzilla.suse.com/952099 https://bugzilla.suse.com/957812 From sle-updates at lists.suse.com Wed Dec 16 06:10:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Dec 2015 14:10:50 +0100 (CET) Subject: SUSE-RU-2015:2276-1: Recommended update for yast2-ntp-client Message-ID: <20151216131050.32DAA32139@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2276-1 Rating: low References: #805275 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-ntp-client fixes validation of AutoYaST profiles. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-yast2-ntp-client-12266=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-yast2-ntp-client-12266=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-yast2-ntp-client-12266=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): yast2-ntp-client-2.17.15.1-8.3.2 - SUSE Linux Enterprise Server 11-SP3 (noarch): yast2-ntp-client-2.17.15.1-8.3.2 - SUSE Linux Enterprise Desktop 11-SP3 (noarch): yast2-ntp-client-2.17.15.1-8.3.2 References: https://bugzilla.suse.com/805275 From sle-updates at lists.suse.com Wed Dec 16 06:11:26 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Dec 2015 14:11:26 +0100 (CET) Subject: SUSE-RU-2015:2277-1: moderate: Recommended update for clamav Message-ID: <20151216131126.04E0B3213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamav ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2277-1 Rating: moderate References: #957728 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: ClamAV was updated to version 0.99, bringing the following fixes and enhancements: - Support in ClamAV logical signatures for many of the features added for YARA, such as Perl Compatible Regular Expressions, alternate strings, and YARA string attributes. See signatures.pdf for full details. - New and improved on-access scanning for Linux. See clamdoc.pdf for details on the new on-access capabilities. - A new ClamAV API callback function that is invoked when a virus is found. This is intended primarily for applications running in all-match mode. Any applications using all-match mode must use the new callback function to record and report detected viruses. - Configurable default password list to attempt zip file decryption. - TIFF file support. - A new signature target type for designating signatures to run against files with unknown file types. - Improved fidelity of the "data loss prevention" heuristic algorithm. - Support for LZMA decompression within Adobe Flash files. - Support for MSO attachments within Microsoft Office 2003 XML files. - A new sigtool option(--ascii-normalize) allowing signature authors to more easily generate normalized versions of ascii files. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-clamav-12265=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-clamav-12265=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-clamav-12265=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-clamav-12265=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-clamav-12265=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-12265=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-12265=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): clamav-0.99-0.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-0.99-0.5.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): clamav-0.99-0.5.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): clamav-0.99-0.5.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): clamav-0.99-0.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-debuginfo-0.99-0.5.1 clamav-debugsource-0.99-0.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): clamav-debuginfo-0.99-0.5.1 clamav-debugsource-0.99-0.5.1 References: https://bugzilla.suse.com/957728 From sle-updates at lists.suse.com Wed Dec 16 06:11:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Dec 2015 14:11:56 +0100 (CET) Subject: SUSE-RU-2015:2278-1: moderate: Recommended update for clamav Message-ID: <20151216131156.E3B643213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamav ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2278-1 Rating: moderate References: #957728 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: ClamAV was updated to version 0.99, bringing the following fixes and enhancements: - Support in ClamAV logical signatures for many of the features added for YARA, such as Perl Compatible Regular Expressions, alternate strings, and YARA string attributes. See signatures.pdf for full details. - New and improved on-access scanning for Linux. See clamdoc.pdf for details on the new on-access capabilities. - A new ClamAV API callback function that is invoked when a virus is found. This is intended primarily for applications running in all-match mode. Any applications using all-match mode must use the new callback function to record and report detected viruses. - Configurable default password list to attempt zip file decryption. - TIFF file support. - A new signature target type for designating signatures to run against files with unknown file types. - Improved fidelity of the "data loss prevention" heuristic algorithm. - Support for LZMA decompression within Adobe Flash files. - Support for MSO attachments within Microsoft Office 2003 XML files. - A new sigtool option(--ascii-normalize) allowing signature authors to more easily generate normalized versions of ascii files. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-977=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-977=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-977=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-977=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): clamav-0.99-16.2 clamav-debuginfo-0.99-16.2 clamav-debugsource-0.99-16.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): clamav-0.99-16.2 clamav-debuginfo-0.99-16.2 clamav-debugsource-0.99-16.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): clamav-0.99-16.2 clamav-debuginfo-0.99-16.2 clamav-debugsource-0.99-16.2 - SUSE Linux Enterprise Desktop 12 (x86_64): clamav-0.99-16.2 clamav-debuginfo-0.99-16.2 clamav-debugsource-0.99-16.2 References: https://bugzilla.suse.com/957728 From sle-updates at lists.suse.com Wed Dec 16 06:12:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Dec 2015 14:12:19 +0100 (CET) Subject: SUSE-RU-2015:2279-1: Recommended update for yast2-ntp-client Message-ID: <20151216131219.8B2DA3213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2279-1 Rating: low References: #805275 #940881 #954442 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-ntp-client provides the following fixes: - Also remove the "restrict" server option from /etc/ntp.conf when a server is removed or changed, do not leave unused values. (bsc#954442) - Always use a server from pool.ntp.org as default. (bsc#940881) - Fix validation of AutoYaST profiles. (bsc#805275) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-yast2-ntp-client-12267=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-yast2-ntp-client-12267=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): yast2-ntp-client-2.17.19-7.1 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): yast2-ntp-client-2.17.19-7.1 References: https://bugzilla.suse.com/805275 https://bugzilla.suse.com/940881 https://bugzilla.suse.com/954442 From sle-updates at lists.suse.com Wed Dec 16 06:13:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Dec 2015 14:13:07 +0100 (CET) Subject: SUSE-RU-2015:2280-1: important: Recommended update for ntp Message-ID: <20151216131307.B75173213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for ntp ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2280-1 Rating: important References: #954982 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ntp fixes synchronization of local clocks. This issue was introduced with the update to ntp 4.2.8p4 in SLE 12-SP1. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-979=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-979=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ntp-4.2.8p4-3.1 ntp-debuginfo-4.2.8p4-3.1 ntp-debugsource-4.2.8p4-3.1 ntp-doc-4.2.8p4-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ntp-4.2.8p4-3.1 ntp-debuginfo-4.2.8p4-3.1 ntp-debugsource-4.2.8p4-3.1 ntp-doc-4.2.8p4-3.1 References: https://bugzilla.suse.com/954982 From sle-updates at lists.suse.com Wed Dec 16 07:10:30 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Dec 2015 15:10:30 +0100 (CET) Subject: SUSE-RU-2015:2281-1: Recommended update for yast2-ntp-client Message-ID: <20151216141030.9785B32139@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2281-1 Rating: low References: #928987 #940881 #954412 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-ntp-client provides the following fixes: - Fix validation of AutoYaST profiles. (bsc#954412) - Always use a server from pool.ntp.org as default. (bsc#940881) - Read ntp.conf again before generating autoinst.xml file. (bsc#928987) - Add new section "restricts" to AutoYaST profiles. (bsc#928987) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-982=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-982=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-982=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (noarch): yast2-ntp-client-devel-doc-3.1.12.3-5.4 - SUSE Linux Enterprise Server 12 (noarch): yast2-ntp-client-3.1.12.3-5.4 - SUSE Linux Enterprise Desktop 12 (noarch): yast2-ntp-client-3.1.12.3-5.4 References: https://bugzilla.suse.com/928987 https://bugzilla.suse.com/940881 https://bugzilla.suse.com/954412 From sle-updates at lists.suse.com Wed Dec 16 09:10:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Dec 2015 17:10:42 +0100 (CET) Subject: SUSE-RU-2015:2284-1: moderate: Recommended update for tgt Message-ID: <20151216161042.71C663213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for tgt ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2284-1 Rating: moderate References: #922526 #954801 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tgt provides the following fixes: - Silence bogus error message when backing-store directory is not present. (bsc#954801) - Handle possible target removal while accessing it. (bsc#922526) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-983=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-983=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): tgt-1.0.44-15.4 tgt-debuginfo-1.0.44-15.4 tgt-debugsource-1.0.44-15.4 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tgt-1.0.44-15.4 tgt-debuginfo-1.0.44-15.4 tgt-debugsource-1.0.44-15.4 References: https://bugzilla.suse.com/922526 https://bugzilla.suse.com/954801 From sle-updates at lists.suse.com Wed Dec 16 13:10:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Dec 2015 21:10:25 +0100 (CET) Subject: SUSE-RU-2015:2143-2: Recommended update for ImageMagick Message-ID: <20151216201025.BF1E63213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2143-2 Rating: low References: #948017 #950872 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ImageMagick fixes usage of compression when converting image files to PDF format. This can significantly reduce the size of the PDFs generated. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2015-913=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-913=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-913=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-913=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ImageMagick-6.8.8.1-14.1 ImageMagick-debuginfo-6.8.8.1-14.1 ImageMagick-debugsource-6.8.8.1-14.1 libMagick++-6_Q16-3-6.8.8.1-14.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-14.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-14.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-14.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-14.1 ImageMagick-debuginfo-6.8.8.1-14.1 ImageMagick-debugsource-6.8.8.1-14.1 ImageMagick-devel-6.8.8.1-14.1 libMagick++-6_Q16-3-6.8.8.1-14.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-14.1 libMagick++-devel-6.8.8.1-14.1 perl-PerlMagick-6.8.8.1-14.1 perl-PerlMagick-debuginfo-6.8.8.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-14.1 ImageMagick-debugsource-6.8.8.1-14.1 libMagickCore-6_Q16-1-6.8.8.1-14.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-14.1 libMagickWand-6_Q16-1-6.8.8.1-14.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ImageMagick-6.8.8.1-14.1 ImageMagick-debuginfo-6.8.8.1-14.1 ImageMagick-debugsource-6.8.8.1-14.1 libMagick++-6_Q16-3-6.8.8.1-14.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-14.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-14.1 libMagickCore-6_Q16-1-6.8.8.1-14.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-14.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-14.1 libMagickWand-6_Q16-1-6.8.8.1-14.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-14.1 References: https://bugzilla.suse.com/948017 https://bugzilla.suse.com/950872 From sle-updates at lists.suse.com Thu Dec 17 08:11:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Dec 2015 16:11:11 +0100 (CET) Subject: SUSE-SU-2015:2292-1: important: Security update for the Linux Kernel Message-ID: <20151217151111.9CAD532139@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2292-1 Rating: important References: #758040 #814440 #904348 #921949 #924493 #926238 #933514 #936773 #939826 #939926 #940776 #941113 #941202 #943959 #944296 #947241 #947478 #949100 #949192 #949706 #949744 #949936 #950013 #950580 #950750 #950998 #951110 #951165 #951440 #951638 #951864 #952384 #952666 #953717 #953826 #953830 #953971 #953980 #954635 #954986 #955136 #955148 #955224 #955354 #955422 #955533 #955644 #956047 #956053 #956147 #956284 #956703 #956711 #956717 #956801 #956876 #957395 #957546 #958504 #958510 #958647 Cross-References: CVE-2015-0272 CVE-2015-2925 CVE-2015-5156 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8215 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 54 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.51 to receive various security and bugfixes. Following features were added: - hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784). Following security bugs were fixed: - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. (bsc#955354) - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#926238). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384). The following non-security bugs were fixed: - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#954986, LTC#131684). - alsa: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504). - alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504). - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949). - audit: correctly record file names with different path name types (bsc#950013). - audit: create private file name copies when auditing inodes (bsc#950013). - bcache: Add btree_insert_node() (bnc#951638). - bcache: Add explicit keylist arg to btree_insert() (bnc#951638). - bcache: backing device set to clean after finishing detach (bsc#951638). - bcache: backing device set to clean after finishing detach (bsc#951638). - bcache: Clean up keylist code (bnc#951638). - bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638). - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638). - bcache: Convert try_wait to wait_queue_head_t (bnc#951638). - bcache: Explicitly track btree node's parent (bnc#951638). - bcache: Fix a bug when detaching (bsc#951638). - bcache: Fix a lockdep splat in an error path (bnc#951638). - bcache: Fix a shutdown bug (bsc#951638). - bcache: Fix more early shutdown bugs (bsc#951638). - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - bcache: Insert multiple keys at a time (bnc#951638). - bcache: kill closure locking usage (bnc#951638). - bcache: Refactor journalling flow control (bnc#951638). - bcache: Refactor request_write() (bnc#951638). - bcache: Use blkdev_issue_discard() (bnc#951638). - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647). - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647). - btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647). - btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647). - btrfs: fix condition of commit transaction (bsc#958647). - btrfs: fix condition of commit transaction (bsc#958647). - btrfs: fix file corruption and data loss after cloning inline extents (bnc#956053). - btrfs: Fix out-of-space bug (bsc#958647). - btrfs: Fix out-of-space bug (bsc#958647). - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647). - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647). - btrfs: fix the number of transaction units needed to remove a block group (bsc#958647). - btrfs: fix the number of transaction units needed to remove a block group (bsc#958647). - btrfs: fix truncation of compressed and inlined extents (bnc#956053). - btrfs: Set relative data on clear btrfs_block_group_cache->pinned (bsc#958647). - btrfs: Set relative data on clear btrfs_block_group_cache->pinned (bsc#958647). - btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647). - btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647). - cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - cpu: Defer smpboot kthread unparking until CPU known to scheduler (bsc#936773). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#957395). - cxgb4i: Increased the value of MAX_IMM_TX_PKT_LEN from 128 to 256 bytes (bsc#950580). - dlm: make posix locks interruptible, (bsc#947241). - dmapi: Fix xfs dmapi to not unlock & lock XFS_ILOCK_EXCL (bsc#949744). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - drm: Allocate new master object when client becomes master (bsc#956876, bsc#956801). - drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: clean up backlight conditional build (bsc#941113). - drm/i915: debug print on backlight register (bsc#941113). - drm/i915: do full backlight setup at enable time (bsc#941113). - drm/i915: do not save/restore backlight registers in KMS (bsc#941113). - drm/i915: Eliminate lots of WARNs when there's no backlight present (bsc#941113). - drm/i915: fix gen2-gen3 backlight set (bsc#941113,bsc#953971). - drm/i915: Fix gen3 self-refresh watermarks (bsc#953830,bsc#953971). - drm/i915: Fix missing backlight update during panel disablement (bsc#941113). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - drm/i915: gather backlight information at setup (bsc#941113). - drm/i915: handle backlight through chip specific functions (bsc#941113). - drm/i915: Ignore "digital output" and "not HDMI output" bits for eDP detection (bsc#949192). - drm/i915: make asle notifications update backlight on all connectors (bsc#941113). - drm/i915: make backlight info per-connector (bsc#941113). - drm/i915: move backlight level setting in enable/disable to hooks (bsc#941113). - drm/i915: move opregion asle request handling to a work queue (bsc#953826). - drm/i915: nuke get max backlight functions (bsc#941113). - drm/i915/opregion: fix build error on CONFIG_ACPI=n (bsc#953826). - drm/i915: restore backlight precision when converting from ACPI (bsc#941113). - drm/i915/tv: add ->get_config callback (bsc#953830). - drm/i915: use backlight legacy combination mode also for i915gm/i945gm (bsc#941113). - drm/i915: use the initialized backlight max value instead of reading it (bsc#941113). - drm/i915: vlv does not have pipe field in backlight registers (bsc#941113). - fanotify: fix notification of groups with inode & mount marks (bsc#955533). - Fix remove_and_add_spares removes drive added as spare in slot_store (bsc#956717). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784). in the non-RT kernel to minimize the differences. - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ixgbe: fix broken PFC with X550 (bsc#951864). - ixgbe: use correct fcoe ddp max check (bsc#951864). - kabi: Fix spurious kabi change in mm/util.c. - kABI: protect struct ahci_host_priv. - kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635). - kabi: Restore kabi in struct se_cmd (bsc#954635). - kabi: Restore kabi in struct se_subsystem_api (bsc#954635). - ktime: add ktime_after and ktime_before helper (bsc#904348). - mm: factor commit limit calculation (VM Performance). - mm: get rid of "vmalloc_info" from /proc/meminfo (VM Performance). - mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault (Automatic NUMA Balancing (fate#315482)). - mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959). - mm: vmscan: never isolate more pages than necessary (VM Performance). - Move ktime_after patch to the networking section - nfsrdma: Fix regression in NFSRDMA server (bsc#951110). - pci: Drop "setting latency timer" messages (bsc#956047). - pci: Update VPD size with correct length (bsc#924493). - perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put() call (bsc#955136). - perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put() call (bsc#955136). - perf/x86/intel/uncore: Fix multi-segment problem of perf_event_intel_uncore (bsc#955136). - perf/x86/intel/uncore: Fix multi-segment problem of perf_event_intel_uncore (bsc#955136). - pm, hinernate: use put_page in release_swap_writer (bnc#943959). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - Re-add copy_page_vector_to_user() - ring-buffer: Always run per-cpu ring buffer resize with schedule_work_on() (bnc#956711). - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). - rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors. - rpm/kernel-binary.spec.in: Always build zImage for ARM - rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs. - rpm/kernel-binary.spec.in: Drop the %build_src_dir macro It is the parent directory of the O= directory. - rpm/kernel-binary.spec.in: really pass down %{?_smp_mflags} - rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now. - rpm/kernel-binary.spec.in: Use upstream script to support config.addon - s390/dasd: fix disconnected device with valid path mask (bnc#954986, LTC#132707). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#954986, LTC#132706). - s390/dasd: fix list_del corruption after lcu changes (bnc#954986, LTC#133077). - sched: Call select_idle_sibling() when not affine_sd (Scheduler Performance). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#957395). - sched/numa: Check all nodes when placing a pseudo-interleaved group (Automatic NUMA Balancing (fate#315482)). - sched/numa: Fix math underflow in task_tick_numa() (Automatic NUMA Balancing (fate#315482)). - sched/numa: Only consider less busy nodes as numa balancing destinations (Automatic NUMA Balancing (fate#315482)). - sched: Put expensive runtime debugging checks under a separate Kconfig entry (Scheduler performance). - scsi: hosts: update to use ida_simple for host_no (bsc#939926) - sunrpc/cache: make cache flushing more reliable (bsc#947478). - sunrpc: Fix oops when trace sunrpc_task events in nfs client (bnc#956703). - supported.conf: Support peak_pci and sja1000: These 2 CAN drivers are supported in the RT kernel for a long time so we can also support them - target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666). - target: Send UA upon LUN RESET tmr completion (bsc#933514). - target: use "se_dev_entry" when allocating UAs (bsc#933514). - Update config files. (bnc#955644) - Update kabi files with sbc_parse_cdb symbol change (bsc#954635). - usbvision fix overflow of interfaces array (bnc#950998). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - x86/efi: Fix invalid parameter error when getting hibernation key (fate#316350, bsc#956284). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86/mm: Add parenthesis for TLB tracepoint size calculation (VM Performance (Reduce IPIs during reclaim)). - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality, bnc#955148). - x86/mm/hotplug: Pass sync_global_pgds() a correct argument in remove_pagetable() (VM Functionality, bnc#955148). - x86/tsc: Let high latency PIT fail fast in quick_pit_calibrate() (bsc#953717). - xen: fix boot crash in EC2 settings (bsc#956147). - xen: refresh patches.xen/xen-x86_64-m2p-strict (bsc#956147). - xen: Update Xen patches to 3.12.50. - xfs: always drain dio before extending aio write submission (bsc#949744). - xfs: DIO needs an ioend for writes (bsc#949744). - xfs: DIO write completion size updates race (bsc#949744). - xfs: DIO writes within EOF do not need an ioend (bsc#949744). - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744). - xfs: do not allocate an ioend for direct I/O completions (bsc#949744). - xfs: factor DIO write mapping from get_blocks (bsc#949744). - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744). - xfs: move DIO mapping size calculation (bsc#949744). - xfs: using generic_file_direct_write() is unnecessary (bsc#949744). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951165). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#957546). - zfcp: fix fc_host port_type with NPIV (bnc#954986, LTC#132479). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2015-985=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-985=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-985=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-985=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-985=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-985=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.51-60.20.2 kernel-default-debugsource-3.12.51-60.20.2 kernel-default-extra-3.12.51-60.20.2 kernel-default-extra-debuginfo-3.12.51-60.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.51-60.20.1 kernel-obs-build-debugsource-3.12.51-60.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.51-60.20.2 kernel-default-base-3.12.51-60.20.2 kernel-default-base-debuginfo-3.12.51-60.20.2 kernel-default-debuginfo-3.12.51-60.20.2 kernel-default-debugsource-3.12.51-60.20.2 kernel-default-devel-3.12.51-60.20.2 kernel-syms-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.51-60.20.2 kernel-xen-base-3.12.51-60.20.2 kernel-xen-base-debuginfo-3.12.51-60.20.2 kernel-xen-debuginfo-3.12.51-60.20.2 kernel-xen-debugsource-3.12.51-60.20.2 kernel-xen-devel-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.51-60.20.2 kernel-macros-3.12.51-60.20.2 kernel-source-3.12.51-60.20.2 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.51-60.20.2 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.51-60.20.2 kernel-ec2-debuginfo-3.12.51-60.20.2 kernel-ec2-debugsource-3.12.51-60.20.2 kernel-ec2-devel-3.12.51-60.20.2 kernel-ec2-extra-3.12.51-60.20.2 kernel-ec2-extra-debuginfo-3.12.51-60.20.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_20-default-1-4.1 kgraft-patch-3_12_51-60_20-xen-1-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.51-60.20.2 kernel-default-debuginfo-3.12.51-60.20.2 kernel-default-debugsource-3.12.51-60.20.2 kernel-default-devel-3.12.51-60.20.2 kernel-default-extra-3.12.51-60.20.2 kernel-default-extra-debuginfo-3.12.51-60.20.2 kernel-syms-3.12.51-60.20.2 kernel-xen-3.12.51-60.20.2 kernel-xen-debuginfo-3.12.51-60.20.2 kernel-xen-debugsource-3.12.51-60.20.2 kernel-xen-devel-3.12.51-60.20.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.51-60.20.2 kernel-macros-3.12.51-60.20.2 kernel-source-3.12.51-60.20.2 References: https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-5156.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8215.html https://bugzilla.suse.com/758040 https://bugzilla.suse.com/814440 https://bugzilla.suse.com/904348 https://bugzilla.suse.com/921949 https://bugzilla.suse.com/924493 https://bugzilla.suse.com/926238 https://bugzilla.suse.com/933514 https://bugzilla.suse.com/936773 https://bugzilla.suse.com/939826 https://bugzilla.suse.com/939926 https://bugzilla.suse.com/940776 https://bugzilla.suse.com/941113 https://bugzilla.suse.com/941202 https://bugzilla.suse.com/943959 https://bugzilla.suse.com/944296 https://bugzilla.suse.com/947241 https://bugzilla.suse.com/947478 https://bugzilla.suse.com/949100 https://bugzilla.suse.com/949192 https://bugzilla.suse.com/949706 https://bugzilla.suse.com/949744 https://bugzilla.suse.com/949936 https://bugzilla.suse.com/950013 https://bugzilla.suse.com/950580 https://bugzilla.suse.com/950750 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951110 https://bugzilla.suse.com/951165 https://bugzilla.suse.com/951440 https://bugzilla.suse.com/951638 https://bugzilla.suse.com/951864 https://bugzilla.suse.com/952384 https://bugzilla.suse.com/952666 https://bugzilla.suse.com/953717 https://bugzilla.suse.com/953826 https://bugzilla.suse.com/953830 https://bugzilla.suse.com/953971 https://bugzilla.suse.com/953980 https://bugzilla.suse.com/954635 https://bugzilla.suse.com/954986 https://bugzilla.suse.com/955136 https://bugzilla.suse.com/955148 https://bugzilla.suse.com/955224 https://bugzilla.suse.com/955354 https://bugzilla.suse.com/955422 https://bugzilla.suse.com/955533 https://bugzilla.suse.com/955644 https://bugzilla.suse.com/956047 https://bugzilla.suse.com/956053 https://bugzilla.suse.com/956147 https://bugzilla.suse.com/956284 https://bugzilla.suse.com/956703 https://bugzilla.suse.com/956711 https://bugzilla.suse.com/956717 https://bugzilla.suse.com/956801 https://bugzilla.suse.com/956876 https://bugzilla.suse.com/957395 https://bugzilla.suse.com/957546 https://bugzilla.suse.com/958504 https://bugzilla.suse.com/958510 https://bugzilla.suse.com/958647 From sle-updates at lists.suse.com Thu Dec 17 08:25:13 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Dec 2015 16:25:13 +0100 (CET) Subject: SUSE-RU-2015:2293-1: moderate: Recommended update for wicked Message-ID: <20151217152513.1478D3213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2293-1 Rating: moderate References: #899985 #916035 #927309 #928459 #939142 #940239 #941964 #942278 #948423 #950333 #953107 #954289 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update provides Wicked 0.6.28, which brings many fixes and enhancements: - fsm: Dynamically resolve references and requirements. (bsc#954289) - nanny: Do not pull in and rearm subordinate workers. (bsc#954289) - nanny: Fix managed policy list handling. (bsc#953107) - ifup: Do not update policy when it has been created and recheck with a name filter list instead to enable separately to avoid a race condition. (bsc#953107) - nanny: Fix policy file reading and objects references. (bsc#916035) - netconfig: Do not refresh unrelated details in supplicants. - service: Fix wicked client and nanny dependencies. (bsc#950333) - service: Restart wickedd* on dbus restart. (bsc#941964) - fsm: Do not follow link-up checks on configured master devices not involved in the current ifup operation. (bsc#948423) - client: Add more comfortable "wicked test dhcp[46]" commands executing the wickedd-dhcp[46] in their --test mode. (bsc#942278) This makes nanny check and wait until the configuration for link references is applied by ifup (master device worker is available) in order to not start managing ports/slaves and fail on unresolvable requirements with "document error" first. Unavailable reference matches caused a timing race, where nanny omits to enslave ports into master (e.g. a dummy into ovsbr), but was not limited to ovs setups. - dhcp4: Fix to request offer by default in --test. (bsc#942278) - compat: Read complete sysctl file set. (bsc#928459) - wireless: Fix to parse/format hex escapes in essid. (bsc#928459) - auto4: Initial autoip and dhcp4 fallback fix. (bsc#899985) - ethtool: Update to the most recent ethtool.h, fixed advertised mode and flags. (bsc#927309) - fsm: Do not run post-up scripts when leases defer. (bsc#940239) - ifstatus: Fix error return code and quiet option. (bsc#939142) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-986=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-986=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libwicked-0-6-0.6.28-18.10.1 libwicked-0-6-debuginfo-0.6.28-18.10.1 wicked-0.6.28-18.10.1 wicked-debuginfo-0.6.28-18.10.1 wicked-debugsource-0.6.28-18.10.1 wicked-service-0.6.28-18.10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libwicked-0-6-0.6.28-18.10.1 libwicked-0-6-debuginfo-0.6.28-18.10.1 wicked-0.6.28-18.10.1 wicked-debuginfo-0.6.28-18.10.1 wicked-debugsource-0.6.28-18.10.1 wicked-service-0.6.28-18.10.1 References: https://bugzilla.suse.com/899985 https://bugzilla.suse.com/916035 https://bugzilla.suse.com/927309 https://bugzilla.suse.com/928459 https://bugzilla.suse.com/939142 https://bugzilla.suse.com/940239 https://bugzilla.suse.com/941964 https://bugzilla.suse.com/942278 https://bugzilla.suse.com/948423 https://bugzilla.suse.com/950333 https://bugzilla.suse.com/953107 https://bugzilla.suse.com/954289 From sle-updates at lists.suse.com Thu Dec 17 08:28:10 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Dec 2015 16:28:10 +0100 (CET) Subject: SUSE-SU-2015:2294-1: moderate: Security update for krb5 Message-ID: <20151217152810.BE0653213C@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2294-1 Rating: moderate References: #954270 #954470 Cross-References: CVE-2015-2695 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: The krb5 package was updated to fix the following security and non security issues: - CVE-2015-2695: Fixed missing functions that were still vulnerable (bsc#954270). - Fixed a memory leak in the handling of error messages (bsc#954470). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-krb5-12268=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-krb5-12268=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-krb5-12268=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-krb5-12268=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-krb5-12268=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-krb5-12268=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-krb5-12268=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-krb5-12268=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-krb5-12268=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.103.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.103.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): krb5-server-1.6.3-133.49.103.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.103.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.103.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): krb5-server-1.6.3-133.49.103.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): krb5-1.6.3-133.49.103.1 krb5-apps-clients-1.6.3-133.49.103.1 krb5-apps-servers-1.6.3-133.49.103.1 krb5-client-1.6.3-133.49.103.1 krb5-server-1.6.3-133.49.103.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): krb5-32bit-1.6.3-133.49.103.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.103.1 krb5-apps-clients-1.6.3-133.49.103.1 krb5-apps-servers-1.6.3-133.49.103.1 krb5-client-1.6.3-133.49.103.1 krb5-server-1.6.3-133.49.103.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.103.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): krb5-x86-1.6.3-133.49.103.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.103.1 krb5-apps-clients-1.6.3-133.49.103.1 krb5-apps-servers-1.6.3-133.49.103.1 krb5-client-1.6.3-133.49.103.1 krb5-server-1.6.3-133.49.103.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.103.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): krb5-x86-1.6.3-133.49.103.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): krb5-1.6.3-133.49.103.1 krb5-client-1.6.3-133.49.103.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): krb5-32bit-1.6.3-133.49.103.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): krb5-1.6.3-133.49.103.1 krb5-client-1.6.3-133.49.103.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): krb5-32bit-1.6.3-133.49.103.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-debuginfo-1.6.3-133.49.103.1 krb5-debugsource-1.6.3-133.49.103.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): krb5-debuginfo-32bit-1.6.3-133.49.103.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): krb5-debuginfo-x86-1.6.3-133.49.103.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): krb5-debuginfo-1.6.3-133.49.103.1 krb5-debugsource-1.6.3-133.49.103.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x x86_64): krb5-debuginfo-32bit-1.6.3-133.49.103.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): krb5-debuginfo-x86-1.6.3-133.49.103.1 References: https://www.suse.com/security/cve/CVE-2015-2695.html https://bugzilla.suse.com/954270 https://bugzilla.suse.com/954470 From sle-updates at lists.suse.com Thu Dec 17 11:10:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Dec 2015 19:10:36 +0100 (CET) Subject: SUSE-RU-2015:2047-2: moderate: Recommended update for tar Message-ID: <20151217181036.E5A1032139@maintenance.suse.de> SUSE Recommended Update: Recommended update for tar ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2047-2 Rating: moderate References: #950785 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The tar(1) archiving utility has been updated to fix one issue: When the --acls option is used, explicitly set or delete default ACLs for extracted directories. Prior to this update, arbitrary default ACLs based on standard file permissions were being created. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-863=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-863=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): tar-1.27.1-8.1 tar-debuginfo-1.27.1-8.1 tar-debugsource-1.27.1-8.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): tar-lang-1.27.1-8.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): tar-1.27.1-8.1 tar-debuginfo-1.27.1-8.1 tar-debugsource-1.27.1-8.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): tar-lang-1.27.1-8.1 References: https://bugzilla.suse.com/950785 From sle-updates at lists.suse.com Fri Dec 18 06:10:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Dec 2015 14:10:46 +0100 (CET) Subject: SUSE-RU-2015:2295-1: important: Recommended update for crowbar-barclamp-neutron Message-ID: <20151218131046.790A43213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2295-1 Rating: important References: #954735 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-barclamp-neutron fixes issues related to migration of the neutron-l3 role to neutron-network in clustered environments. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-neutron-12269=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-neutron-1.9+git.1447930959.92eb3ff-15.1 References: https://bugzilla.suse.com/954735 From sle-updates at lists.suse.com Fri Dec 18 07:10:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Dec 2015 15:10:43 +0100 (CET) Subject: SUSE-RU-2015:2296-1: important: Recommended update for zypper-migration-plugin Message-ID: <20151218141043.0DF603213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper-migration-plugin ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2296-1 Rating: important References: #959134 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes zypper's behavior when performing service pack migration to respect the settings that control installation of recommended packages. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-988=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-988=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): zypper-migration-plugin-0.8-10.1 - SUSE Linux Enterprise Desktop 12 (noarch): zypper-migration-plugin-0.8-10.1 References: https://bugzilla.suse.com/959134 From sle-updates at lists.suse.com Fri Dec 18 08:10:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Dec 2015 16:10:49 +0100 (CET) Subject: SUSE-RU-2015:2297-1: moderate: Recommended update for libselinux Message-ID: <20151218151049.0488932139@maintenance.suse.de> SUSE Recommended Update: Recommended update for libselinux ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2297-1 Rating: moderate References: #940006 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The selinux-ready helper in libselinux was updated to detect new style Linux initial ramdisks generated by dracut. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-991=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-991=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-991=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-991=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-991=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-991=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libselinux-debugsource-2.3-4.6 libselinux-devel-2.3-4.6 libselinux-devel-static-2.3-4.6 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libselinux-debugsource-2.3-4.6 libselinux-devel-2.3-4.6 libselinux-devel-static-2.3-4.6 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libselinux-bindings-debugsource-2.3-4.3 libselinux-debugsource-2.3-4.6 libselinux1-2.3-4.6 libselinux1-debuginfo-2.3-4.6 python-selinux-2.3-4.3 python-selinux-debuginfo-2.3-4.3 ruby-selinux-2.3-4.3 ruby-selinux-debuginfo-2.3-4.3 selinux-tools-2.3-4.6 selinux-tools-debuginfo-2.3-4.6 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libselinux1-32bit-2.3-4.6 libselinux1-debuginfo-32bit-2.3-4.6 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libselinux-bindings-debugsource-2.3-4.3 libselinux-debugsource-2.3-4.6 libselinux1-2.3-4.6 libselinux1-debuginfo-2.3-4.6 python-selinux-2.3-4.3 python-selinux-debuginfo-2.3-4.3 ruby-selinux-2.3-4.3 ruby-selinux-debuginfo-2.3-4.3 selinux-tools-2.3-4.6 selinux-tools-debuginfo-2.3-4.6 - SUSE Linux Enterprise Server 12 (s390x x86_64): libselinux1-32bit-2.3-4.6 libselinux1-debuginfo-32bit-2.3-4.6 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libselinux-bindings-debugsource-2.3-4.3 libselinux-debugsource-2.3-4.6 libselinux1-2.3-4.6 libselinux1-32bit-2.3-4.6 libselinux1-debuginfo-2.3-4.6 libselinux1-debuginfo-32bit-2.3-4.6 python-selinux-2.3-4.3 python-selinux-debuginfo-2.3-4.3 - SUSE Linux Enterprise Desktop 12 (x86_64): libselinux-bindings-debugsource-2.3-4.3 libselinux-debugsource-2.3-4.6 libselinux1-2.3-4.6 libselinux1-32bit-2.3-4.6 libselinux1-debuginfo-2.3-4.6 libselinux1-debuginfo-32bit-2.3-4.6 python-selinux-2.3-4.3 python-selinux-debuginfo-2.3-4.3 References: https://bugzilla.suse.com/940006 From sle-updates at lists.suse.com Fri Dec 18 08:11:14 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Dec 2015 16:11:14 +0100 (CET) Subject: SUSE-RU-2015:2298-1: Recommended update for yast2-network Message-ID: <20151218151114.D092F32139@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2298-1 Rating: low References: #805275 #951330 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-network provides the following fixes: - Drop entry from /etc/hosts when deleting NIC configuration. (bsc#951330) - Fix validation of AutoYaST profiles. (bsc#805275) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-yast2-network-12270=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-yast2-network-12270=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-yast2-network-12270=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-yast2-network-12270=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): yast2-network-devel-doc-2.17.199.5-11.3 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): yast2-network-2.17.199.5-11.3 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): yast2-network-2.17.199.5-11.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): yast2-network-2.17.199.5-11.3 References: https://bugzilla.suse.com/805275 https://bugzilla.suse.com/951330 From sle-updates at lists.suse.com Fri Dec 18 08:11:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Dec 2015 16:11:53 +0100 (CET) Subject: SUSE-RU-2015:2299-1: Recommended update for yast2-network Message-ID: <20151218151153.B047032139@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2299-1 Rating: low References: #805275 #951330 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-network provides the following fixes: - Fix validation of AutoYaST profiles. (bsc#805275) - Drop entry from /etc/hosts when deleting NIC configuration. (bsc#951330) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-yast2-network-12271=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-yast2-network-12271=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-yast2-network-12271=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-network-devel-doc-2.17.210-3.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-network-2.17.210-3.3 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): yast2-network-2.17.210-3.3 References: https://bugzilla.suse.com/805275 https://bugzilla.suse.com/951330 From sle-updates at lists.suse.com Fri Dec 18 12:11:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Dec 2015 20:11:00 +0100 (CET) Subject: SUSE-SU-2015:2302-1: moderate: Security update for krb5 Message-ID: <20151218191100.976DF32139@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2302-1 Rating: moderate References: #954204 Cross-References: CVE-2015-2698 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The krb5 package was updated to fix the following security issue: - CVE-2015-2698: Fixed a memory corruption regression introduced by resolving of CVE-2015-2698 (bsc#954204). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-992=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-992=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-992=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-992=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-992=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-992=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): krb5-debuginfo-1.12.1-22.5 krb5-debugsource-1.12.1-22.5 krb5-devel-1.12.1-22.5 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): krb5-debuginfo-1.12.1-22.5 krb5-debugsource-1.12.1-22.5 krb5-devel-1.12.1-22.5 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): krb5-1.12.1-22.5 krb5-client-1.12.1-22.5 krb5-client-debuginfo-1.12.1-22.5 krb5-debuginfo-1.12.1-22.5 krb5-debugsource-1.12.1-22.5 krb5-doc-1.12.1-22.5 krb5-plugin-kdb-ldap-1.12.1-22.5 krb5-plugin-kdb-ldap-debuginfo-1.12.1-22.5 krb5-plugin-preauth-otp-1.12.1-22.5 krb5-plugin-preauth-otp-debuginfo-1.12.1-22.5 krb5-plugin-preauth-pkinit-1.12.1-22.5 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-22.5 krb5-server-1.12.1-22.5 krb5-server-debuginfo-1.12.1-22.5 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): krb5-32bit-1.12.1-22.5 krb5-debuginfo-32bit-1.12.1-22.5 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): krb5-1.12.1-22.5 krb5-client-1.12.1-22.5 krb5-client-debuginfo-1.12.1-22.5 krb5-debuginfo-1.12.1-22.5 krb5-debugsource-1.12.1-22.5 krb5-doc-1.12.1-22.5 krb5-plugin-kdb-ldap-1.12.1-22.5 krb5-plugin-kdb-ldap-debuginfo-1.12.1-22.5 krb5-plugin-preauth-otp-1.12.1-22.5 krb5-plugin-preauth-otp-debuginfo-1.12.1-22.5 krb5-plugin-preauth-pkinit-1.12.1-22.5 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-22.5 krb5-server-1.12.1-22.5 krb5-server-debuginfo-1.12.1-22.5 - SUSE Linux Enterprise Server 12 (s390x x86_64): krb5-32bit-1.12.1-22.5 krb5-debuginfo-32bit-1.12.1-22.5 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): krb5-1.12.1-22.5 krb5-32bit-1.12.1-22.5 krb5-client-1.12.1-22.5 krb5-client-debuginfo-1.12.1-22.5 krb5-debuginfo-1.12.1-22.5 krb5-debuginfo-32bit-1.12.1-22.5 krb5-debugsource-1.12.1-22.5 - SUSE Linux Enterprise Desktop 12 (x86_64): krb5-1.12.1-22.5 krb5-32bit-1.12.1-22.5 krb5-client-1.12.1-22.5 krb5-client-debuginfo-1.12.1-22.5 krb5-debuginfo-1.12.1-22.5 krb5-debuginfo-32bit-1.12.1-22.5 krb5-debugsource-1.12.1-22.5 References: https://www.suse.com/security/cve/CVE-2015-2698.html https://bugzilla.suse.com/954204 From sle-updates at lists.suse.com Fri Dec 18 12:11:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Dec 2015 20:11:35 +0100 (CET) Subject: SUSE-SU-2015:2303-1: moderate: Security update for mysql Message-ID: <20151218191135.9604D3213C@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2303-1 Rating: moderate References: #951391 #952196 Cross-References: CVE-2015-0286 CVE-2015-0288 CVE-2015-1789 CVE-2015-1793 CVE-2015-4730 CVE-2015-4766 CVE-2015-4792 CVE-2015-4800 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4833 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4862 CVE-2015-4864 CVE-2015-4866 CVE-2015-4870 CVE-2015-4879 CVE-2015-4890 CVE-2015-4895 CVE-2015-4904 CVE-2015-4905 CVE-2015-4910 CVE-2015-4913 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: The mysql package was updated to version 5.5.46 to fixs several security and non security issues. - bnc#951391: update to version 5.5.46 * changes: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html * fixed CVEs: CVE-2015-1793, CVE-2015-0286, CVE-2015-0288, CVE-2015-1789, CVE-2015-4730, CVE-2015-4766, CVE-2015-4792, CVE-2015-4800, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4833, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4862, CVE-2015-4864, CVE-2015-4866, CVE-2015-4870, CVE-2015-4879, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, CVE-2015-4910, CVE-2015-4913 - bnc#952196: Fixed a build error for ppc*, s390* and ia64 architectures. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-12272=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-mysql-12272=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-mysql-12272=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-12272=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-mysql-12272=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-mysql-12272=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-mysql-12272=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-12272=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mysql-12272=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.46-0.14.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.46-0.14.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.46-0.14.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ia64): libmysql55client_r18-x86-5.5.46-0.14.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libmysql55client18-5.5.46-0.14.1 libmysql55client_r18-5.5.46-0.14.1 mysql-5.5.46-0.14.1 mysql-client-5.5.46-0.14.1 mysql-tools-5.5.46-0.14.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libmysql55client18-32bit-5.5.46-0.14.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.46-0.14.1 libmysql55client_r18-5.5.46-0.14.1 mysql-5.5.46-0.14.1 mysql-client-5.5.46-0.14.1 mysql-tools-5.5.46-0.14.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.46-0.14.1 libmysql55client_r18-32bit-5.5.46-0.14.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.46-0.14.1 libmysql55client_r18-x86-5.5.46-0.14.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.46-0.14.1 libmysql55client_r18-5.5.46-0.14.1 mysql-5.5.46-0.14.1 mysql-client-5.5.46-0.14.1 mysql-tools-5.5.46-0.14.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.46-0.14.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libmysql55client18-x86-5.5.46-0.14.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libmysql55client18-5.5.46-0.14.1 libmysql55client_r18-5.5.46-0.14.1 mysql-5.5.46-0.14.1 mysql-client-5.5.46-0.14.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libmysql55client18-32bit-5.5.46-0.14.1 libmysql55client_r18-32bit-5.5.46-0.14.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libmysql55client18-5.5.46-0.14.1 libmysql55client_r18-5.5.46-0.14.1 mysql-5.5.46-0.14.1 mysql-client-5.5.46-0.14.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libmysql55client18-32bit-5.5.46-0.14.1 libmysql55client_r18-32bit-5.5.46-0.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.46-0.14.1 mysql-debugsource-5.5.46-0.14.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.46-0.14.1 mysql-debugsource-5.5.46-0.14.1 References: https://www.suse.com/security/cve/CVE-2015-0286.html https://www.suse.com/security/cve/CVE-2015-0288.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1793.html https://www.suse.com/security/cve/CVE-2015-4730.html https://www.suse.com/security/cve/CVE-2015-4766.html https://www.suse.com/security/cve/CVE-2015-4792.html https://www.suse.com/security/cve/CVE-2015-4800.html https://www.suse.com/security/cve/CVE-2015-4802.html https://www.suse.com/security/cve/CVE-2015-4815.html https://www.suse.com/security/cve/CVE-2015-4816.html https://www.suse.com/security/cve/CVE-2015-4819.html https://www.suse.com/security/cve/CVE-2015-4826.html https://www.suse.com/security/cve/CVE-2015-4830.html https://www.suse.com/security/cve/CVE-2015-4833.html https://www.suse.com/security/cve/CVE-2015-4836.html https://www.suse.com/security/cve/CVE-2015-4858.html https://www.suse.com/security/cve/CVE-2015-4861.html https://www.suse.com/security/cve/CVE-2015-4862.html https://www.suse.com/security/cve/CVE-2015-4864.html https://www.suse.com/security/cve/CVE-2015-4866.html https://www.suse.com/security/cve/CVE-2015-4870.html https://www.suse.com/security/cve/CVE-2015-4879.html https://www.suse.com/security/cve/CVE-2015-4890.html https://www.suse.com/security/cve/CVE-2015-4895.html https://www.suse.com/security/cve/CVE-2015-4904.html https://www.suse.com/security/cve/CVE-2015-4905.html https://www.suse.com/security/cve/CVE-2015-4910.html https://www.suse.com/security/cve/CVE-2015-4913.html https://bugzilla.suse.com/951391 https://bugzilla.suse.com/952196 From sle-updates at lists.suse.com Fri Dec 18 13:10:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Dec 2015 21:10:44 +0100 (CET) Subject: SUSE-SU-2015:2304-1: important: Security update for ldb, samba, talloc, tdb, tevent Message-ID: <20151218201044.996B43213B@maintenance.suse.de> SUSE Security Update: Security update for ldb, samba, talloc, tdb, tevent ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2304-1 Rating: important References: #295284 #773464 #872912 #901813 #902421 #910378 #912457 #913304 #923374 #931854 #936909 #939051 #947552 #949022 #951660 #953382 #954658 #958581 #958582 #958583 #958584 #958585 #958586 Cross-References: CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-8467 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 17 fixes is now available. Description: This update for ldb, samba, talloc, tdb, tevent fixes the following security issues: - ldb was updated to version 1.1.24. + Fix ldap \00 search expression attack dos; CVE-2015-3223; (bso#11325) + Fix remote read memory exploit in ldb; CVE-2015-5330; (bso#11599) + Move ldb_(un)pack_data into ldb_module.h for testing + Fix installation of _ldb_text.py + Fix propagation of ldb errors through tdb + Fix bug triggered by having an empty message in database during search - Move the ldb-cmdline library to the ldb-tools package as the packaged binaries depend on it. - Update the samba library distribution key file 'ldb.keyring'; (bso#945116). Samba was updated to fix these issues: - Malicious request can cause samba ldap server to hang, spinning using cpu; CVE-2015-3223; (bso#11325); (bsc#958581). - Remote read memory exploit in ldb; cve-2015-5330; (bso#11599); (bsc#958586). - Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bsc#958582). - No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bsc#958584). - Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bsc#958583). - Fix microsoft ms15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bsc#958585). - Changing log level of two entries to from 1 to 3; (bso#9912). - Vfs_gpfs: re-enable share modes; (bso#11243). - Wafsamba: also build libraries with relro protection; (bso#11346). - Ctdb: strip trailing spaces from nodes file; (bso#11365). - S3-smbd: fix old dos client doing wildcard delete - gives a attribute type of zero; (bso#11452). - Nss_wins: do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563). - Async_req: fix non-blocking connect(); (bso#11564). - Auth: gensec: fix a memory leak; (bso#11565). - Lib: util: make non-critical message a warning; (bso#11566). - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bsc#949022). - Smbd: send smb2 oplock breaks unencrypted; (bso#11570). - Ctdb: open the ro tracking db with perms 0600 instead of 0000; (bso#11577). - Manpage: correct small typo error; (bso#11584). - S3: smbd: if ea's are turned off on a share don't allow an smb2 create containing them; (bso#11589). - Backport some valgrind fixes from upstream master; (bso#11597). - S3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). - Docs: fix some typos in the idmap config section of man 5 smb.conf; (bso#11619). - Cleanup and enhance the pidl sub package. - S3: smbd: fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). - Smbd: fix file name buflen and padding in notify repsonse; (bso#10634). - Kerberos: make sure we only use prompter type when available; (bso#11038). - S3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). - Dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327). - Fix a deadlock in tdb; (bso#11381). - S3: smbd: fix mkdir race condition; (bso#11486). - Pam_winbind: fix a segfault if initialization fails; (bso#11502). - S3: dfs: fix a crash when the dfs targets are disabled; (bso#11509). - S3: smbd: fix opening/creating :stream files on the root share directory; (bso#11522). - Net: fix a crash with 'net ads keytab create'; (bso#11528). - S3: smbd: fix a crash in unix_convert() and a null pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). - Vfs_fruit: return value of ad_pack in vfs_fruit.c; (bso#11543). - Vfs_commit: set the fd on open before calling smb_vfs_fstat; (bso#11547). - Fix bug in smbstatus where the lease info is not printed; (bso#11549). - S3:smbstatus: add stream name to share_entry_forall(); (bso#11550). - Prevent null pointer access in samlogon fallback when security credentials are null; (bsc#949022). - Fix 100% cpu in winbindd when logging in with "user must change password on next logon"; (bso#11038). talloc was updated to version 2.1.5; (bsc#954658) (bsc#951660). + Test that talloc magic differs between processes. + Increment minor version due to added talloc_test_get_magic. + Provide tests access to talloc_magic. + Test magic protection measures. tdb was updated to version 1.3.8; (bsc#954658). + First fix deadlock in the interaction between fcntl and mutex locking; (bso#11381) + Improved python3 bindings + Fix runtime detection for robust mutexes in the standalone build; (bso#11326). + Possible fix for the build with robust mutexes on solaris 11; (bso#11319). + Abi change: tdb_chainlock_read_nonblock() has been added, a nonblock variant of tdb_chainlock_read() + Do not build test binaries if it's not a standalone build + Fix cid 1034842 resource leak + Fix cid 1034841 resource leak + Don't let tdb_wrap_open() segfault with name==null + Toos: allow transactions with tdb_mutex_locking + Test: add tdb1-run-mutex-transaction1 test + Allow transactions on on tdb's with tdb_mutex_locking + Test: tdb_clear_if_first | tdb_mutex_locking, o_rdonly is a valid combination + Allow tdb_open_ex() with o_rdonly of tdb_feature_flag_mutex tdbs. + Fix a comment + Fix tdb_runtime_check_for_robust_mutexes() + Improve wording in a comment + Tdb.h needs bool type; obsoletes include_stdbool_bso10625.patch + Tdb_wrap: make mutexes easier to use + Tdb_wrap: only pull in samba-debug + Tdb_wrap: standalone compile without includes.h + Tdb_wrap: tdb_wrap.h doesn't need struct loadparm_context - Update to version 1.3.1. + Tools: fix a compiler warning + Defragment the freelist in tdb_allocate_from_freelist() + Add "freelist_size" sub-command to tdbtool + Use tdb_freelist_merge_adjacent in tdb_freelist_size() + Add tdb_freelist_merge_adjacent() + Add utility function check_merge_ptr_with_left_record() + Simplify tdb_free() using check_merge_with_left_record() + Add utility function check_merge_with_left_record() + Improve comments for tdb_free(). + Factor merge_with_left_record() out of tdb_free() + Fix debug message in tdb_free() + Reduce indentation in tdb_free() for merging left + Increase readability of read_record_on_left() + Factor read_record_on_left() out of tdb_free() + Build: improve detection of srcdir. tevent was updated to 0.9.26; (bsc#954658). + New tevent_thread_proxy api + Minor build fixes + Fix compile error in solaris ports backend. + Fix access after free in tevent_common_check_signal(); (bso#11308). + Improve pytevent bindings. + Testsuite fixes. + Improve the documentation of the tevent_add_fd() assumtions. it must be talloc_free'ed before closing the fd! (bso##11141); (bso#11316). + Ignore unexpected signal events in the same way the epoll backend does. + Update the tevent_data.dox tutrial stuff to fix some errors, including white space problems. + Use tevent_req_simple_recv_unix in a few places. + Remove unused exit_code in tevent_select.c + Remove unused exit_code in tevent_poll.c + Build: improve detection of srcdir + Lib: tevent: make tevent_sig_increment atomic. + Update flags in tevent pkgconfig file Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-994=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-994=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-994=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ldb-debugsource-1.1.24-4.3.1 libdcerpc-atsvc-devel-4.1.12-18.3.1 libdcerpc-atsvc0-4.1.12-18.3.1 libdcerpc-atsvc0-debuginfo-4.1.12-18.3.1 libdcerpc-devel-4.1.12-18.3.1 libdcerpc-samr-devel-4.1.12-18.3.1 libdcerpc-samr0-4.1.12-18.3.1 libdcerpc-samr0-debuginfo-4.1.12-18.3.1 libgensec-devel-4.1.12-18.3.1 libldb-devel-1.1.24-4.3.1 libndr-devel-4.1.12-18.3.1 libndr-krb5pac-devel-4.1.12-18.3.1 libndr-nbt-devel-4.1.12-18.3.1 libndr-standard-devel-4.1.12-18.3.1 libnetapi-devel-4.1.12-18.3.1 libpdb-devel-4.1.12-18.3.1 libregistry-devel-4.1.12-18.3.1 libsamba-credentials-devel-4.1.12-18.3.1 libsamba-hostconfig-devel-4.1.12-18.3.1 libsamba-policy-devel-4.1.12-18.3.1 libsamba-policy0-4.1.12-18.3.1 libsamba-policy0-debuginfo-4.1.12-18.3.1 libsamba-util-devel-4.1.12-18.3.1 libsamdb-devel-4.1.12-18.3.1 libsmbclient-devel-4.1.12-18.3.1 libsmbclient-raw-devel-4.1.12-18.3.1 libsmbconf-devel-4.1.12-18.3.1 libsmbldap-devel-4.1.12-18.3.1 libsmbsharemodes-devel-4.1.12-18.3.1 libsmbsharemodes0-4.1.12-18.3.1 libsmbsharemodes0-debuginfo-4.1.12-18.3.1 libtalloc-devel-2.1.5-3.4.1 libtdb-devel-1.3.8-2.3.1 libtevent-devel-0.9.26-3.3.1 libtevent-util-devel-4.1.12-18.3.1 libwbclient-devel-4.1.12-18.3.1 pyldb-1.1.24-4.3.1 pyldb-debuginfo-1.1.24-4.3.1 pyldb-devel-1.1.24-4.3.1 pytalloc-devel-2.1.5-3.4.1 samba-core-devel-4.1.12-18.3.1 samba-debuginfo-4.1.12-18.3.1 samba-debugsource-4.1.12-18.3.1 samba-test-devel-4.1.12-18.3.1 talloc-debugsource-2.1.5-3.4.1 tdb-debugsource-1.3.8-2.3.1 tevent-debugsource-0.9.26-3.3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ldb-debugsource-1.1.24-4.3.1 libdcerpc-binding0-4.1.12-18.3.1 libdcerpc-binding0-debuginfo-4.1.12-18.3.1 libdcerpc0-4.1.12-18.3.1 libdcerpc0-debuginfo-4.1.12-18.3.1 libgensec0-4.1.12-18.3.1 libgensec0-debuginfo-4.1.12-18.3.1 libldb1-1.1.24-4.3.1 libldb1-debuginfo-1.1.24-4.3.1 libndr-krb5pac0-4.1.12-18.3.1 libndr-krb5pac0-debuginfo-4.1.12-18.3.1 libndr-nbt0-4.1.12-18.3.1 libndr-nbt0-debuginfo-4.1.12-18.3.1 libndr-standard0-4.1.12-18.3.1 libndr-standard0-debuginfo-4.1.12-18.3.1 libndr0-4.1.12-18.3.1 libndr0-debuginfo-4.1.12-18.3.1 libnetapi0-4.1.12-18.3.1 libnetapi0-debuginfo-4.1.12-18.3.1 libpdb0-4.1.12-18.3.1 libpdb0-debuginfo-4.1.12-18.3.1 libregistry0-4.1.12-18.3.1 libregistry0-debuginfo-4.1.12-18.3.1 libsamba-credentials0-4.1.12-18.3.1 libsamba-credentials0-debuginfo-4.1.12-18.3.1 libsamba-hostconfig0-4.1.12-18.3.1 libsamba-hostconfig0-debuginfo-4.1.12-18.3.1 libsamba-util0-4.1.12-18.3.1 libsamba-util0-debuginfo-4.1.12-18.3.1 libsamdb0-4.1.12-18.3.1 libsamdb0-debuginfo-4.1.12-18.3.1 libsmbclient-raw0-4.1.12-18.3.1 libsmbclient-raw0-debuginfo-4.1.12-18.3.1 libsmbclient0-4.1.12-18.3.1 libsmbclient0-debuginfo-4.1.12-18.3.1 libsmbconf0-4.1.12-18.3.1 libsmbconf0-debuginfo-4.1.12-18.3.1 libsmbldap0-4.1.12-18.3.1 libsmbldap0-debuginfo-4.1.12-18.3.1 libtalloc2-2.1.5-3.4.1 libtalloc2-debuginfo-2.1.5-3.4.1 libtdb1-1.3.8-2.3.1 libtdb1-debuginfo-1.3.8-2.3.1 libtevent-util0-4.1.12-18.3.1 libtevent-util0-debuginfo-4.1.12-18.3.1 libtevent0-0.9.26-3.3.1 libtevent0-debuginfo-0.9.26-3.3.1 libwbclient0-4.1.12-18.3.1 libwbclient0-debuginfo-4.1.12-18.3.1 pytalloc-2.1.5-3.4.1 pytalloc-debuginfo-2.1.5-3.4.1 samba-4.1.12-18.3.1 samba-client-4.1.12-18.3.1 samba-client-debuginfo-4.1.12-18.3.1 samba-debuginfo-4.1.12-18.3.1 samba-debugsource-4.1.12-18.3.1 samba-libs-4.1.12-18.3.1 samba-libs-debuginfo-4.1.12-18.3.1 samba-winbind-4.1.12-18.3.1 samba-winbind-debuginfo-4.1.12-18.3.1 talloc-debugsource-2.1.5-3.4.1 tdb-debugsource-1.3.8-2.3.1 tdb-tools-1.3.8-2.3.1 tdb-tools-debuginfo-1.3.8-2.3.1 tevent-debugsource-0.9.26-3.3.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libdcerpc-binding0-32bit-4.1.12-18.3.1 libdcerpc-binding0-debuginfo-32bit-4.1.12-18.3.1 libdcerpc0-32bit-4.1.12-18.3.1 libdcerpc0-debuginfo-32bit-4.1.12-18.3.1 libgensec0-32bit-4.1.12-18.3.1 libgensec0-debuginfo-32bit-4.1.12-18.3.1 libldb1-32bit-1.1.24-4.3.1 libldb1-debuginfo-32bit-1.1.24-4.3.1 libndr-krb5pac0-32bit-4.1.12-18.3.1 libndr-krb5pac0-debuginfo-32bit-4.1.12-18.3.1 libndr-nbt0-32bit-4.1.12-18.3.1 libndr-nbt0-debuginfo-32bit-4.1.12-18.3.1 libndr-standard0-32bit-4.1.12-18.3.1 libndr-standard0-debuginfo-32bit-4.1.12-18.3.1 libndr0-32bit-4.1.12-18.3.1 libndr0-debuginfo-32bit-4.1.12-18.3.1 libnetapi0-32bit-4.1.12-18.3.1 libnetapi0-debuginfo-32bit-4.1.12-18.3.1 libpdb0-32bit-4.1.12-18.3.1 libpdb0-debuginfo-32bit-4.1.12-18.3.1 libsamba-credentials0-32bit-4.1.12-18.3.1 libsamba-credentials0-debuginfo-32bit-4.1.12-18.3.1 libsamba-hostconfig0-32bit-4.1.12-18.3.1 libsamba-hostconfig0-debuginfo-32bit-4.1.12-18.3.1 libsamba-util0-32bit-4.1.12-18.3.1 libsamba-util0-debuginfo-32bit-4.1.12-18.3.1 libsamdb0-32bit-4.1.12-18.3.1 libsamdb0-debuginfo-32bit-4.1.12-18.3.1 libsmbclient-raw0-32bit-4.1.12-18.3.1 libsmbclient-raw0-debuginfo-32bit-4.1.12-18.3.1 libsmbclient0-32bit-4.1.12-18.3.1 libsmbclient0-debuginfo-32bit-4.1.12-18.3.1 libsmbconf0-32bit-4.1.12-18.3.1 libsmbconf0-debuginfo-32bit-4.1.12-18.3.1 libsmbldap0-32bit-4.1.12-18.3.1 libsmbldap0-debuginfo-32bit-4.1.12-18.3.1 libtalloc2-32bit-2.1.5-3.4.1 libtalloc2-debuginfo-32bit-2.1.5-3.4.1 libtdb1-32bit-1.3.8-2.3.1 libtdb1-debuginfo-32bit-1.3.8-2.3.1 libtevent-util0-32bit-4.1.12-18.3.1 libtevent-util0-debuginfo-32bit-4.1.12-18.3.1 libtevent0-32bit-0.9.26-3.3.1 libtevent0-debuginfo-32bit-0.9.26-3.3.1 libwbclient0-32bit-4.1.12-18.3.1 libwbclient0-debuginfo-32bit-4.1.12-18.3.1 pytalloc-32bit-2.1.5-3.4.1 pytalloc-debuginfo-32bit-2.1.5-3.4.1 samba-32bit-4.1.12-18.3.1 samba-client-32bit-4.1.12-18.3.1 samba-client-debuginfo-32bit-4.1.12-18.3.1 samba-debuginfo-32bit-4.1.12-18.3.1 samba-libs-32bit-4.1.12-18.3.1 samba-libs-debuginfo-32bit-4.1.12-18.3.1 samba-winbind-32bit-4.1.12-18.3.1 samba-winbind-debuginfo-32bit-4.1.12-18.3.1 - SUSE Linux Enterprise Server 12 (noarch): samba-doc-4.1.12-18.3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ldb-debugsource-1.1.24-4.3.1 libdcerpc-binding0-32bit-4.1.12-18.3.1 libdcerpc-binding0-4.1.12-18.3.1 libdcerpc-binding0-debuginfo-32bit-4.1.12-18.3.1 libdcerpc-binding0-debuginfo-4.1.12-18.3.1 libdcerpc0-32bit-4.1.12-18.3.1 libdcerpc0-4.1.12-18.3.1 libdcerpc0-debuginfo-32bit-4.1.12-18.3.1 libdcerpc0-debuginfo-4.1.12-18.3.1 libgensec0-32bit-4.1.12-18.3.1 libgensec0-4.1.12-18.3.1 libgensec0-debuginfo-32bit-4.1.12-18.3.1 libgensec0-debuginfo-4.1.12-18.3.1 libldb1-1.1.24-4.3.1 libldb1-32bit-1.1.24-4.3.1 libldb1-debuginfo-1.1.24-4.3.1 libldb1-debuginfo-32bit-1.1.24-4.3.1 libndr-krb5pac0-32bit-4.1.12-18.3.1 libndr-krb5pac0-4.1.12-18.3.1 libndr-krb5pac0-debuginfo-32bit-4.1.12-18.3.1 libndr-krb5pac0-debuginfo-4.1.12-18.3.1 libndr-nbt0-32bit-4.1.12-18.3.1 libndr-nbt0-4.1.12-18.3.1 libndr-nbt0-debuginfo-32bit-4.1.12-18.3.1 libndr-nbt0-debuginfo-4.1.12-18.3.1 libndr-standard0-32bit-4.1.12-18.3.1 libndr-standard0-4.1.12-18.3.1 libndr-standard0-debuginfo-32bit-4.1.12-18.3.1 libndr-standard0-debuginfo-4.1.12-18.3.1 libndr0-32bit-4.1.12-18.3.1 libndr0-4.1.12-18.3.1 libndr0-debuginfo-32bit-4.1.12-18.3.1 libndr0-debuginfo-4.1.12-18.3.1 libnetapi0-32bit-4.1.12-18.3.1 libnetapi0-4.1.12-18.3.1 libnetapi0-debuginfo-32bit-4.1.12-18.3.1 libnetapi0-debuginfo-4.1.12-18.3.1 libpdb0-32bit-4.1.12-18.3.1 libpdb0-4.1.12-18.3.1 libpdb0-debuginfo-32bit-4.1.12-18.3.1 libpdb0-debuginfo-4.1.12-18.3.1 libregistry0-4.1.12-18.3.1 libregistry0-debuginfo-4.1.12-18.3.1 libsamba-credentials0-32bit-4.1.12-18.3.1 libsamba-credentials0-4.1.12-18.3.1 libsamba-credentials0-debuginfo-32bit-4.1.12-18.3.1 libsamba-credentials0-debuginfo-4.1.12-18.3.1 libsamba-hostconfig0-32bit-4.1.12-18.3.1 libsamba-hostconfig0-4.1.12-18.3.1 libsamba-hostconfig0-debuginfo-32bit-4.1.12-18.3.1 libsamba-hostconfig0-debuginfo-4.1.12-18.3.1 libsamba-util0-32bit-4.1.12-18.3.1 libsamba-util0-4.1.12-18.3.1 libsamba-util0-debuginfo-32bit-4.1.12-18.3.1 libsamba-util0-debuginfo-4.1.12-18.3.1 libsamdb0-32bit-4.1.12-18.3.1 libsamdb0-4.1.12-18.3.1 libsamdb0-debuginfo-32bit-4.1.12-18.3.1 libsamdb0-debuginfo-4.1.12-18.3.1 libsmbclient-raw0-32bit-4.1.12-18.3.1 libsmbclient-raw0-4.1.12-18.3.1 libsmbclient-raw0-debuginfo-32bit-4.1.12-18.3.1 libsmbclient-raw0-debuginfo-4.1.12-18.3.1 libsmbclient0-32bit-4.1.12-18.3.1 libsmbclient0-4.1.12-18.3.1 libsmbclient0-debuginfo-32bit-4.1.12-18.3.1 libsmbclient0-debuginfo-4.1.12-18.3.1 libsmbconf0-32bit-4.1.12-18.3.1 libsmbconf0-4.1.12-18.3.1 libsmbconf0-debuginfo-32bit-4.1.12-18.3.1 libsmbconf0-debuginfo-4.1.12-18.3.1 libsmbldap0-32bit-4.1.12-18.3.1 libsmbldap0-4.1.12-18.3.1 libsmbldap0-debuginfo-32bit-4.1.12-18.3.1 libsmbldap0-debuginfo-4.1.12-18.3.1 libtalloc2-2.1.5-3.4.1 libtalloc2-32bit-2.1.5-3.4.1 libtalloc2-debuginfo-2.1.5-3.4.1 libtalloc2-debuginfo-32bit-2.1.5-3.4.1 libtdb1-1.3.8-2.3.1 libtdb1-32bit-1.3.8-2.3.1 libtdb1-debuginfo-1.3.8-2.3.1 libtdb1-debuginfo-32bit-1.3.8-2.3.1 libtevent-util0-32bit-4.1.12-18.3.1 libtevent-util0-4.1.12-18.3.1 libtevent-util0-debuginfo-32bit-4.1.12-18.3.1 libtevent-util0-debuginfo-4.1.12-18.3.1 libtevent0-0.9.26-3.3.1 libtevent0-32bit-0.9.26-3.3.1 libtevent0-debuginfo-0.9.26-3.3.1 libtevent0-debuginfo-32bit-0.9.26-3.3.1 libwbclient0-32bit-4.1.12-18.3.1 libwbclient0-4.1.12-18.3.1 libwbclient0-debuginfo-32bit-4.1.12-18.3.1 libwbclient0-debuginfo-4.1.12-18.3.1 pytalloc-2.1.5-3.4.1 pytalloc-32bit-2.1.5-3.4.1 pytalloc-debuginfo-2.1.5-3.4.1 pytalloc-debuginfo-32bit-2.1.5-3.4.1 samba-32bit-4.1.12-18.3.1 samba-4.1.12-18.3.1 samba-client-32bit-4.1.12-18.3.1 samba-client-4.1.12-18.3.1 samba-client-debuginfo-32bit-4.1.12-18.3.1 samba-client-debuginfo-4.1.12-18.3.1 samba-debuginfo-32bit-4.1.12-18.3.1 samba-debuginfo-4.1.12-18.3.1 samba-debugsource-4.1.12-18.3.1 samba-libs-32bit-4.1.12-18.3.1 samba-libs-4.1.12-18.3.1 samba-libs-debuginfo-32bit-4.1.12-18.3.1 samba-libs-debuginfo-4.1.12-18.3.1 samba-winbind-32bit-4.1.12-18.3.1 samba-winbind-4.1.12-18.3.1 samba-winbind-debuginfo-32bit-4.1.12-18.3.1 samba-winbind-debuginfo-4.1.12-18.3.1 talloc-debugsource-2.1.5-3.4.1 tdb-debugsource-1.3.8-2.3.1 tevent-debugsource-0.9.26-3.3.1 - SUSE Linux Enterprise Desktop 12 (noarch): samba-doc-4.1.12-18.3.1 References: https://www.suse.com/security/cve/CVE-2015-3223.html https://www.suse.com/security/cve/CVE-2015-5252.html https://www.suse.com/security/cve/CVE-2015-5296.html https://www.suse.com/security/cve/CVE-2015-5299.html https://www.suse.com/security/cve/CVE-2015-5330.html https://www.suse.com/security/cve/CVE-2015-8467.html https://bugzilla.suse.com/295284 https://bugzilla.suse.com/773464 https://bugzilla.suse.com/872912 https://bugzilla.suse.com/901813 https://bugzilla.suse.com/902421 https://bugzilla.suse.com/910378 https://bugzilla.suse.com/912457 https://bugzilla.suse.com/913304 https://bugzilla.suse.com/923374 https://bugzilla.suse.com/931854 https://bugzilla.suse.com/936909 https://bugzilla.suse.com/939051 https://bugzilla.suse.com/947552 https://bugzilla.suse.com/949022 https://bugzilla.suse.com/951660 https://bugzilla.suse.com/953382 https://bugzilla.suse.com/954658 https://bugzilla.suse.com/958581 https://bugzilla.suse.com/958582 https://bugzilla.suse.com/958583 https://bugzilla.suse.com/958584 https://bugzilla.suse.com/958585 https://bugzilla.suse.com/958586 From sle-updates at lists.suse.com Fri Dec 18 14:10:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Dec 2015 22:10:56 +0100 (CET) Subject: SUSE-SU-2015:2305-1: important: Security update for ldb, samba, talloc, tdb, tevent Message-ID: <20151218211056.D985132139@maintenance.suse.de> SUSE Security Update: Security update for ldb, samba, talloc, tdb, tevent ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2305-1 Rating: important References: #949022 #951660 #954658 #958581 #958582 #958583 #958584 #958585 #958586 Cross-References: CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-8467 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for ldb, samba, talloc, tdb, tevent fixes the following security issues and bugs: The Samba LDB was updated to version 1.1.24: - Fix ldap \00 search expression attack dos; CVE-2015-3223; (bso#11325) - Fix remote read memory exploit in ldb; CVE-2015-5330; (bso#11599) - Move ldb_(un)pack_data into ldb_module.h for testing - Fix installation of _ldb_text.py - Fix propagation of ldb errors through tdb - Fix bug triggered by having an empty message in database during search Samba was updated to fix these issues: - Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). - Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). - Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). - No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). - Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). - Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585). - Changing log level of two entries to from 1 to 3; (bso#9912). - vfs_gpfs: Re-enable share modes; (bso#11243). - wafsamba: Also build libraries with RELRO protection; (bso#11346). - ctdb: Strip trailing spaces from nodes file; (bso#11365). - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452). - nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563). - async_req: Fix non-blocking connect(); (bso#11564). - auth: gensec: Fix a memory leak; (bso#11565). - lib: util: Make non-critical message a warning; (bso#11566). - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). - ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). - manpage: Correct small typo error; (bso#11584). - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589). - Backport some valgrind fixes from upstream master; (bso#11597). - s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). - docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619). - Cleanup and enhance the pidl sub package. - s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). - smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). - kerberos: Make sure we only use prompter type when available; (bso#11038). - s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket; (bso#11316). - dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327). - Fix a deadlock in tdb; (bso#11381). - s3: smbd: Fix mkdir race condition; (bso#11486). - pam_winbind: Fix a segfault if initialization fails; (bso#11502). - s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). - s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). - net: Fix a crash with 'net ads keytab create'; (bso#11528). - s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). - vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). - vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). - Fix bug in smbstatus where the lease info is not printed; (bso#11549). - s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). - Prevent null pointer access in samlogon fallback when security credentials are null; (bnc#949022). - Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038). talloc was updated to version 2.1.5; (bsc#954658) (bsc#951660). - Test that talloc magic differs between processes. - Increment minor version due to added talloc_test_get_magic. - Provide tests access to talloc_magic. - Test magic protection measures. tdb was updated to version 1.3.8; (bsc#954658). - Improved python3 bindings tevent was updated to 0.9.26; (bsc#954658). - New tevent_thread_proxy api - Minor build fixes Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-996=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-996=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-996=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ldb-debugsource-1.1.24-4.1 libdcerpc-atsvc-devel-4.2.4-6.1 libdcerpc-atsvc0-4.2.4-6.1 libdcerpc-atsvc0-debuginfo-4.2.4-6.1 libdcerpc-devel-4.2.4-6.1 libdcerpc-samr-devel-4.2.4-6.1 libdcerpc-samr0-4.2.4-6.1 libdcerpc-samr0-debuginfo-4.2.4-6.1 libgensec-devel-4.2.4-6.1 libldb-devel-1.1.24-4.1 libndr-devel-4.2.4-6.1 libndr-krb5pac-devel-4.2.4-6.1 libndr-nbt-devel-4.2.4-6.1 libndr-standard-devel-4.2.4-6.1 libnetapi-devel-4.2.4-6.1 libregistry-devel-4.2.4-6.1 libsamba-credentials-devel-4.2.4-6.1 libsamba-hostconfig-devel-4.2.4-6.1 libsamba-passdb-devel-4.2.4-6.1 libsamba-policy-devel-4.2.4-6.1 libsamba-policy0-4.2.4-6.1 libsamba-policy0-debuginfo-4.2.4-6.1 libsamba-util-devel-4.2.4-6.1 libsamdb-devel-4.2.4-6.1 libsmbclient-devel-4.2.4-6.1 libsmbclient-raw-devel-4.2.4-6.1 libsmbconf-devel-4.2.4-6.1 libsmbldap-devel-4.2.4-6.1 libtalloc-devel-2.1.5-4.1 libtdb-devel-1.3.8-4.1 libtevent-devel-0.9.26-4.1 libtevent-util-devel-4.2.4-6.1 libwbclient-devel-4.2.4-6.1 pyldb-1.1.24-4.1 pyldb-debuginfo-1.1.24-4.1 pyldb-devel-1.1.24-4.1 pytalloc-devel-2.1.5-4.1 samba-core-devel-4.2.4-6.1 samba-debuginfo-4.2.4-6.1 samba-debugsource-4.2.4-6.1 samba-test-devel-4.2.4-6.1 talloc-debugsource-2.1.5-4.1 tdb-debugsource-1.3.8-4.1 tevent-debugsource-0.9.26-4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ldb-debugsource-1.1.24-4.1 libdcerpc-binding0-4.2.4-6.1 libdcerpc-binding0-debuginfo-4.2.4-6.1 libdcerpc0-4.2.4-6.1 libdcerpc0-debuginfo-4.2.4-6.1 libgensec0-4.2.4-6.1 libgensec0-debuginfo-4.2.4-6.1 libldb1-1.1.24-4.1 libldb1-debuginfo-1.1.24-4.1 libndr-krb5pac0-4.2.4-6.1 libndr-krb5pac0-debuginfo-4.2.4-6.1 libndr-nbt0-4.2.4-6.1 libndr-nbt0-debuginfo-4.2.4-6.1 libndr-standard0-4.2.4-6.1 libndr-standard0-debuginfo-4.2.4-6.1 libndr0-4.2.4-6.1 libndr0-debuginfo-4.2.4-6.1 libnetapi0-4.2.4-6.1 libnetapi0-debuginfo-4.2.4-6.1 libregistry0-4.2.4-6.1 libregistry0-debuginfo-4.2.4-6.1 libsamba-credentials0-4.2.4-6.1 libsamba-credentials0-debuginfo-4.2.4-6.1 libsamba-hostconfig0-4.2.4-6.1 libsamba-hostconfig0-debuginfo-4.2.4-6.1 libsamba-passdb0-4.2.4-6.1 libsamba-passdb0-debuginfo-4.2.4-6.1 libsamba-util0-4.2.4-6.1 libsamba-util0-debuginfo-4.2.4-6.1 libsamdb0-4.2.4-6.1 libsamdb0-debuginfo-4.2.4-6.1 libsmbclient-raw0-4.2.4-6.1 libsmbclient-raw0-debuginfo-4.2.4-6.1 libsmbclient0-4.2.4-6.1 libsmbclient0-debuginfo-4.2.4-6.1 libsmbconf0-4.2.4-6.1 libsmbconf0-debuginfo-4.2.4-6.1 libsmbldap0-4.2.4-6.1 libsmbldap0-debuginfo-4.2.4-6.1 libtalloc2-2.1.5-4.1 libtalloc2-debuginfo-2.1.5-4.1 libtdb1-1.3.8-4.1 libtdb1-debuginfo-1.3.8-4.1 libtevent-util0-4.2.4-6.1 libtevent-util0-debuginfo-4.2.4-6.1 libtevent0-0.9.26-4.1 libtevent0-debuginfo-0.9.26-4.1 libwbclient0-4.2.4-6.1 libwbclient0-debuginfo-4.2.4-6.1 pytalloc-2.1.5-4.1 pytalloc-debuginfo-2.1.5-4.1 samba-4.2.4-6.1 samba-client-4.2.4-6.1 samba-client-debuginfo-4.2.4-6.1 samba-debuginfo-4.2.4-6.1 samba-debugsource-4.2.4-6.1 samba-libs-4.2.4-6.1 samba-libs-debuginfo-4.2.4-6.1 samba-winbind-4.2.4-6.1 samba-winbind-debuginfo-4.2.4-6.1 talloc-debugsource-2.1.5-4.1 tdb-debugsource-1.3.8-4.1 tdb-tools-1.3.8-4.1 tdb-tools-debuginfo-1.3.8-4.1 tevent-debugsource-0.9.26-4.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-6.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-6.1 libdcerpc0-32bit-4.2.4-6.1 libdcerpc0-debuginfo-32bit-4.2.4-6.1 libgensec0-32bit-4.2.4-6.1 libgensec0-debuginfo-32bit-4.2.4-6.1 libldb1-32bit-1.1.24-4.1 libldb1-debuginfo-32bit-1.1.24-4.1 libndr-krb5pac0-32bit-4.2.4-6.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-6.1 libndr-nbt0-32bit-4.2.4-6.1 libndr-nbt0-debuginfo-32bit-4.2.4-6.1 libndr-standard0-32bit-4.2.4-6.1 libndr-standard0-debuginfo-32bit-4.2.4-6.1 libndr0-32bit-4.2.4-6.1 libndr0-debuginfo-32bit-4.2.4-6.1 libnetapi0-32bit-4.2.4-6.1 libnetapi0-debuginfo-32bit-4.2.4-6.1 libsamba-credentials0-32bit-4.2.4-6.1 libsamba-credentials0-debuginfo-32bit-4.2.4-6.1 libsamba-hostconfig0-32bit-4.2.4-6.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-6.1 libsamba-passdb0-32bit-4.2.4-6.1 libsamba-passdb0-debuginfo-32bit-4.2.4-6.1 libsamba-util0-32bit-4.2.4-6.1 libsamba-util0-debuginfo-32bit-4.2.4-6.1 libsamdb0-32bit-4.2.4-6.1 libsamdb0-debuginfo-32bit-4.2.4-6.1 libsmbclient-raw0-32bit-4.2.4-6.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-6.1 libsmbclient0-32bit-4.2.4-6.1 libsmbclient0-debuginfo-32bit-4.2.4-6.1 libsmbconf0-32bit-4.2.4-6.1 libsmbconf0-debuginfo-32bit-4.2.4-6.1 libsmbldap0-32bit-4.2.4-6.1 libsmbldap0-debuginfo-32bit-4.2.4-6.1 libtalloc2-32bit-2.1.5-4.1 libtalloc2-debuginfo-32bit-2.1.5-4.1 libtdb1-32bit-1.3.8-4.1 libtdb1-debuginfo-32bit-1.3.8-4.1 libtevent-util0-32bit-4.2.4-6.1 libtevent-util0-debuginfo-32bit-4.2.4-6.1 libtevent0-32bit-0.9.26-4.1 libtevent0-debuginfo-32bit-0.9.26-4.1 libwbclient0-32bit-4.2.4-6.1 libwbclient0-debuginfo-32bit-4.2.4-6.1 pytalloc-32bit-2.1.5-4.1 pytalloc-debuginfo-32bit-2.1.5-4.1 samba-32bit-4.2.4-6.1 samba-client-32bit-4.2.4-6.1 samba-client-debuginfo-32bit-4.2.4-6.1 samba-debuginfo-32bit-4.2.4-6.1 samba-libs-32bit-4.2.4-6.1 samba-libs-debuginfo-32bit-4.2.4-6.1 samba-winbind-32bit-4.2.4-6.1 samba-winbind-debuginfo-32bit-4.2.4-6.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): samba-doc-4.2.4-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ldb-debugsource-1.1.24-4.1 libdcerpc-binding0-32bit-4.2.4-6.1 libdcerpc-binding0-4.2.4-6.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-6.1 libdcerpc-binding0-debuginfo-4.2.4-6.1 libdcerpc0-32bit-4.2.4-6.1 libdcerpc0-4.2.4-6.1 libdcerpc0-debuginfo-32bit-4.2.4-6.1 libdcerpc0-debuginfo-4.2.4-6.1 libgensec0-32bit-4.2.4-6.1 libgensec0-4.2.4-6.1 libgensec0-debuginfo-32bit-4.2.4-6.1 libgensec0-debuginfo-4.2.4-6.1 libldb1-1.1.24-4.1 libldb1-32bit-1.1.24-4.1 libldb1-debuginfo-1.1.24-4.1 libldb1-debuginfo-32bit-1.1.24-4.1 libndr-krb5pac0-32bit-4.2.4-6.1 libndr-krb5pac0-4.2.4-6.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-6.1 libndr-krb5pac0-debuginfo-4.2.4-6.1 libndr-nbt0-32bit-4.2.4-6.1 libndr-nbt0-4.2.4-6.1 libndr-nbt0-debuginfo-32bit-4.2.4-6.1 libndr-nbt0-debuginfo-4.2.4-6.1 libndr-standard0-32bit-4.2.4-6.1 libndr-standard0-4.2.4-6.1 libndr-standard0-debuginfo-32bit-4.2.4-6.1 libndr-standard0-debuginfo-4.2.4-6.1 libndr0-32bit-4.2.4-6.1 libndr0-4.2.4-6.1 libndr0-debuginfo-32bit-4.2.4-6.1 libndr0-debuginfo-4.2.4-6.1 libnetapi0-32bit-4.2.4-6.1 libnetapi0-4.2.4-6.1 libnetapi0-debuginfo-32bit-4.2.4-6.1 libnetapi0-debuginfo-4.2.4-6.1 libregistry0-4.2.4-6.1 libregistry0-debuginfo-4.2.4-6.1 libsamba-credentials0-32bit-4.2.4-6.1 libsamba-credentials0-4.2.4-6.1 libsamba-credentials0-debuginfo-32bit-4.2.4-6.1 libsamba-credentials0-debuginfo-4.2.4-6.1 libsamba-hostconfig0-32bit-4.2.4-6.1 libsamba-hostconfig0-4.2.4-6.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-6.1 libsamba-hostconfig0-debuginfo-4.2.4-6.1 libsamba-passdb0-32bit-4.2.4-6.1 libsamba-passdb0-4.2.4-6.1 libsamba-passdb0-debuginfo-32bit-4.2.4-6.1 libsamba-passdb0-debuginfo-4.2.4-6.1 libsamba-util0-32bit-4.2.4-6.1 libsamba-util0-4.2.4-6.1 libsamba-util0-debuginfo-32bit-4.2.4-6.1 libsamba-util0-debuginfo-4.2.4-6.1 libsamdb0-32bit-4.2.4-6.1 libsamdb0-4.2.4-6.1 libsamdb0-debuginfo-32bit-4.2.4-6.1 libsamdb0-debuginfo-4.2.4-6.1 libsmbclient-raw0-32bit-4.2.4-6.1 libsmbclient-raw0-4.2.4-6.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-6.1 libsmbclient-raw0-debuginfo-4.2.4-6.1 libsmbclient0-32bit-4.2.4-6.1 libsmbclient0-4.2.4-6.1 libsmbclient0-debuginfo-32bit-4.2.4-6.1 libsmbclient0-debuginfo-4.2.4-6.1 libsmbconf0-32bit-4.2.4-6.1 libsmbconf0-4.2.4-6.1 libsmbconf0-debuginfo-32bit-4.2.4-6.1 libsmbconf0-debuginfo-4.2.4-6.1 libsmbldap0-32bit-4.2.4-6.1 libsmbldap0-4.2.4-6.1 libsmbldap0-debuginfo-32bit-4.2.4-6.1 libsmbldap0-debuginfo-4.2.4-6.1 libtalloc2-2.1.5-4.1 libtalloc2-32bit-2.1.5-4.1 libtalloc2-debuginfo-2.1.5-4.1 libtalloc2-debuginfo-32bit-2.1.5-4.1 libtdb1-1.3.8-4.1 libtdb1-32bit-1.3.8-4.1 libtdb1-debuginfo-1.3.8-4.1 libtdb1-debuginfo-32bit-1.3.8-4.1 libtevent-util0-32bit-4.2.4-6.1 libtevent-util0-4.2.4-6.1 libtevent-util0-debuginfo-32bit-4.2.4-6.1 libtevent-util0-debuginfo-4.2.4-6.1 libtevent0-0.9.26-4.1 libtevent0-32bit-0.9.26-4.1 libtevent0-debuginfo-0.9.26-4.1 libtevent0-debuginfo-32bit-0.9.26-4.1 libwbclient0-32bit-4.2.4-6.1 libwbclient0-4.2.4-6.1 libwbclient0-debuginfo-32bit-4.2.4-6.1 libwbclient0-debuginfo-4.2.4-6.1 pytalloc-2.1.5-4.1 pytalloc-32bit-2.1.5-4.1 pytalloc-debuginfo-2.1.5-4.1 pytalloc-debuginfo-32bit-2.1.5-4.1 samba-32bit-4.2.4-6.1 samba-4.2.4-6.1 samba-client-32bit-4.2.4-6.1 samba-client-4.2.4-6.1 samba-client-debuginfo-32bit-4.2.4-6.1 samba-client-debuginfo-4.2.4-6.1 samba-debuginfo-32bit-4.2.4-6.1 samba-debuginfo-4.2.4-6.1 samba-debugsource-4.2.4-6.1 samba-libs-32bit-4.2.4-6.1 samba-libs-4.2.4-6.1 samba-libs-debuginfo-32bit-4.2.4-6.1 samba-libs-debuginfo-4.2.4-6.1 samba-winbind-32bit-4.2.4-6.1 samba-winbind-4.2.4-6.1 samba-winbind-debuginfo-32bit-4.2.4-6.1 samba-winbind-debuginfo-4.2.4-6.1 talloc-debugsource-2.1.5-4.1 tdb-debugsource-1.3.8-4.1 tevent-debugsource-0.9.26-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): samba-doc-4.2.4-6.1 References: https://www.suse.com/security/cve/CVE-2015-3223.html https://www.suse.com/security/cve/CVE-2015-5252.html https://www.suse.com/security/cve/CVE-2015-5296.html https://www.suse.com/security/cve/CVE-2015-5299.html https://www.suse.com/security/cve/CVE-2015-5330.html https://www.suse.com/security/cve/CVE-2015-8467.html https://bugzilla.suse.com/949022 https://bugzilla.suse.com/951660 https://bugzilla.suse.com/954658 https://bugzilla.suse.com/958581 https://bugzilla.suse.com/958582 https://bugzilla.suse.com/958583 https://bugzilla.suse.com/958584 https://bugzilla.suse.com/958585 https://bugzilla.suse.com/958586 From sle-updates at lists.suse.com Fri Dec 18 14:12:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Dec 2015 22:12:56 +0100 (CET) Subject: SUSE-SU-2015:2306-1: moderate: Security update for xen Message-ID: <20151218211256.346E43213D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2306-1 Rating: moderate References: #950703 #950704 #950705 #950706 #951845 #953527 #954405 #956408 #956411 #956832 Cross-References: CVE-2015-5307 CVE-2015-7504 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8345 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update fixes the following security issues: - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) xsa159.patch - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#953527 - CVE-2015-5307: kernel: kvm/xen: x86: avoid guest->host DOS by intercepting #AC (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-xen-20151201-12273=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-xen-20151201-12273=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): xen-devel-4.1.6_08-23.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.37-23.1 xen-kmp-trace-4.1.6_08_3.0.101_0.7.37-23.1 xen-libs-4.1.6_08-23.1 xen-tools-domU-4.1.6_08-23.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (x86_64): xen-4.1.6_08-23.1 xen-doc-html-4.1.6_08-23.1 xen-doc-pdf-4.1.6_08-23.1 xen-libs-32bit-4.1.6_08-23.1 xen-tools-4.1.6_08-23.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): xen-kmp-pae-4.1.6_08_3.0.101_0.7.37-23.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): xen-debuginfo-4.1.6_08-23.1 xen-debugsource-4.1.6_08-23.1 References: https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-7504.html https://www.suse.com/security/cve/CVE-2015-7969.html https://www.suse.com/security/cve/CVE-2015-7970.html https://www.suse.com/security/cve/CVE-2015-7971.html https://www.suse.com/security/cve/CVE-2015-7972.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8339.html https://www.suse.com/security/cve/CVE-2015-8340.html https://www.suse.com/security/cve/CVE-2015-8345.html https://bugzilla.suse.com/950703 https://bugzilla.suse.com/950704 https://bugzilla.suse.com/950705 https://bugzilla.suse.com/950706 https://bugzilla.suse.com/951845 https://bugzilla.suse.com/953527 https://bugzilla.suse.com/954405 https://bugzilla.suse.com/956408 https://bugzilla.suse.com/956411 https://bugzilla.suse.com/956832 From sle-updates at lists.suse.com Sat Dec 19 08:10:34 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Dec 2015 16:10:34 +0100 (CET) Subject: SUSE-SU-2015:2324-1: moderate: Security update for xen Message-ID: <20151219151034.EDC6D3213C@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2324-1 Rating: moderate References: #947165 #954018 #954405 #956408 #956409 #956411 #956592 #956832 Cross-References: CVE-2015-3259 CVE-2015-4106 CVE-2015-5154 CVE-2015-5239 CVE-2015-5307 CVE-2015-6815 CVE-2015-7311 CVE-2015-7504 CVE-2015-7835 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update fixes the following security issues: - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - Revert x86/IO-APIC: don't create pIRQ mapping from masked RTE until kernel maintenance release goes out. - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-999=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-999=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-999=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): xen-debugsource-4.5.2_02-4.1 xen-devel-4.5.2_02-4.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): xen-4.5.2_02-4.1 xen-debugsource-4.5.2_02-4.1 xen-doc-html-4.5.2_02-4.1 xen-kmp-default-4.5.2_02_k3.12.49_11-4.1 xen-kmp-default-debuginfo-4.5.2_02_k3.12.49_11-4.1 xen-libs-32bit-4.5.2_02-4.1 xen-libs-4.5.2_02-4.1 xen-libs-debuginfo-32bit-4.5.2_02-4.1 xen-libs-debuginfo-4.5.2_02-4.1 xen-tools-4.5.2_02-4.1 xen-tools-debuginfo-4.5.2_02-4.1 xen-tools-domU-4.5.2_02-4.1 xen-tools-domU-debuginfo-4.5.2_02-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xen-4.5.2_02-4.1 xen-debugsource-4.5.2_02-4.1 xen-kmp-default-4.5.2_02_k3.12.49_11-4.1 xen-kmp-default-debuginfo-4.5.2_02_k3.12.49_11-4.1 xen-libs-32bit-4.5.2_02-4.1 xen-libs-4.5.2_02-4.1 xen-libs-debuginfo-32bit-4.5.2_02-4.1 xen-libs-debuginfo-4.5.2_02-4.1 References: https://www.suse.com/security/cve/CVE-2015-3259.html https://www.suse.com/security/cve/CVE-2015-4106.html https://www.suse.com/security/cve/CVE-2015-5154.html https://www.suse.com/security/cve/CVE-2015-5239.html https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-6815.html https://www.suse.com/security/cve/CVE-2015-7311.html https://www.suse.com/security/cve/CVE-2015-7504.html https://www.suse.com/security/cve/CVE-2015-7835.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8339.html https://www.suse.com/security/cve/CVE-2015-8340.html https://www.suse.com/security/cve/CVE-2015-8341.html https://www.suse.com/security/cve/CVE-2015-8345.html https://bugzilla.suse.com/947165 https://bugzilla.suse.com/954018 https://bugzilla.suse.com/954405 https://bugzilla.suse.com/956408 https://bugzilla.suse.com/956409 https://bugzilla.suse.com/956411 https://bugzilla.suse.com/956592 https://bugzilla.suse.com/956832 From sle-updates at lists.suse.com Sat Dec 19 08:12:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Dec 2015 16:12:40 +0100 (CET) Subject: SUSE-SU-2015:2325-1: moderate: Recommended update for git Message-ID: <20151219151240.ADF8D32139@maintenance.suse.de> SUSE Security Update: Recommended update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2325-1 Rating: moderate References: #948969 Cross-References: CVE-2015-7545 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The git package was updated to fix the following security issue: - CVE-2015-7545: Fix remote code execution with recursive fetch of submodules (bsc#948969). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-857=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-857=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): git-1.8.5.6-15.1 git-arch-1.8.5.6-15.1 git-core-1.8.5.6-15.1 git-core-debuginfo-1.8.5.6-15.1 git-cvs-1.8.5.6-15.1 git-daemon-1.8.5.6-15.1 git-daemon-debuginfo-1.8.5.6-15.1 git-debugsource-1.8.5.6-15.1 git-email-1.8.5.6-15.1 git-gui-1.8.5.6-15.1 git-svn-1.8.5.6-15.1 git-svn-debuginfo-1.8.5.6-15.1 git-web-1.8.5.6-15.1 gitk-1.8.5.6-15.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): git-core-1.8.5.6-15.1 git-core-debuginfo-1.8.5.6-15.1 git-debugsource-1.8.5.6-15.1 References: https://www.suse.com/security/cve/CVE-2015-7545.html https://bugzilla.suse.com/948969 From sle-updates at lists.suse.com Sat Dec 19 08:13:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Dec 2015 16:13:08 +0100 (CET) Subject: SUSE-SU-2015:2326-1: moderate: Security update for xen Message-ID: <20151219151308.081383213C@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2326-1 Rating: moderate References: #947165 #950703 #950704 #950705 #950706 #951845 #954018 #954405 #956408 #956409 #956411 #956592 #956832 Cross-References: CVE-2015-5307 CVE-2015-7311 CVE-2015-7504 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has one errata is now available. Description: This update fixes the following security issues: - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-xen-20151203-12274=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-xen-20151203-12274=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-xen-20151203-12274=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-20151203-12274=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): xen-devel-4.2.5_18-21.1 - SUSE Linux Enterprise Server 11-SP3 (i586 x86_64): xen-kmp-default-4.2.5_18_3.0.101_0.47.71-21.1 xen-libs-4.2.5_18-21.1 xen-tools-domU-4.2.5_18-21.1 - SUSE Linux Enterprise Server 11-SP3 (x86_64): xen-4.2.5_18-21.1 xen-doc-html-4.2.5_18-21.1 xen-doc-pdf-4.2.5_18-21.1 xen-libs-32bit-4.2.5_18-21.1 xen-tools-4.2.5_18-21.1 - SUSE Linux Enterprise Server 11-SP3 (i586): xen-kmp-pae-4.2.5_18_3.0.101_0.47.71-21.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): xen-kmp-default-4.2.5_18_3.0.101_0.47.71-21.1 xen-libs-4.2.5_18-21.1 xen-tools-domU-4.2.5_18-21.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): xen-4.2.5_18-21.1 xen-doc-html-4.2.5_18-21.1 xen-doc-pdf-4.2.5_18-21.1 xen-libs-32bit-4.2.5_18-21.1 xen-tools-4.2.5_18-21.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586): xen-kmp-pae-4.2.5_18_3.0.101_0.47.71-21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_18-21.1 xen-debugsource-4.2.5_18-21.1 References: https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-7311.html https://www.suse.com/security/cve/CVE-2015-7504.html https://www.suse.com/security/cve/CVE-2015-7969.html https://www.suse.com/security/cve/CVE-2015-7970.html https://www.suse.com/security/cve/CVE-2015-7971.html https://www.suse.com/security/cve/CVE-2015-7972.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8339.html https://www.suse.com/security/cve/CVE-2015-8340.html https://www.suse.com/security/cve/CVE-2015-8341.html https://www.suse.com/security/cve/CVE-2015-8345.html https://bugzilla.suse.com/947165 https://bugzilla.suse.com/950703 https://bugzilla.suse.com/950704 https://bugzilla.suse.com/950705 https://bugzilla.suse.com/950706 https://bugzilla.suse.com/951845 https://bugzilla.suse.com/954018 https://bugzilla.suse.com/954405 https://bugzilla.suse.com/956408 https://bugzilla.suse.com/956409 https://bugzilla.suse.com/956411 https://bugzilla.suse.com/956592 https://bugzilla.suse.com/956832 From sle-updates at lists.suse.com Sat Dec 19 08:15:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Dec 2015 16:15:53 +0100 (CET) Subject: SUSE-SU-2015:2327-1: moderate: Security update for python-Django Message-ID: <20151219151553.D4A743213D@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2327-1 Rating: moderate References: #955412 Cross-References: CVE-2015-8213 Affected Products: SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: - Add 0004-1.6.x-fixed-a-settings-leak-possibility-in-the-date-.patch to prevent settings leak in date template filter (bsc#955412, CVE-2015-8213) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-998=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 1.0 (noarch): python-Django-1.6.11-11.1 References: https://www.suse.com/security/cve/CVE-2015-8213.html https://bugzilla.suse.com/955412 From sle-updates at lists.suse.com Sat Dec 19 08:16:17 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 19 Dec 2015 16:16:17 +0100 (CET) Subject: SUSE-SU-2015:2328-1: moderate: Security update for xen Message-ID: <20151219151617.BB8243213B@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2328-1 Rating: moderate References: #947165 #950703 #950704 #950705 #950706 #951845 #954018 #954405 #956408 #956409 #956411 #956592 #956832 Cross-References: CVE-2015-5307 CVE-2015-7311 CVE-2015-7504 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update fixes the following security issues: - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) CVE-2015-5307-xsa156.patch - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) xsa153-libxl.patch xend-xsa153.patch - Drop 5604f239-x86-PV-properly-populate-descriptor-tables.patch - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-1000=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-1000=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1000=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): xen-debugsource-4.4.3_06-22.15.1 xen-devel-4.4.3_06-22.15.1 - SUSE Linux Enterprise Server 12 (x86_64): xen-4.4.3_06-22.15.1 xen-debugsource-4.4.3_06-22.15.1 xen-doc-html-4.4.3_06-22.15.1 xen-kmp-default-4.4.3_06_k3.12.48_52.27-22.15.1 xen-kmp-default-debuginfo-4.4.3_06_k3.12.48_52.27-22.15.1 xen-libs-32bit-4.4.3_06-22.15.1 xen-libs-4.4.3_06-22.15.1 xen-libs-debuginfo-32bit-4.4.3_06-22.15.1 xen-libs-debuginfo-4.4.3_06-22.15.1 xen-tools-4.4.3_06-22.15.1 xen-tools-debuginfo-4.4.3_06-22.15.1 xen-tools-domU-4.4.3_06-22.15.1 xen-tools-domU-debuginfo-4.4.3_06-22.15.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xen-4.4.3_06-22.15.1 xen-debugsource-4.4.3_06-22.15.1 xen-kmp-default-4.4.3_06_k3.12.48_52.27-22.15.1 xen-kmp-default-debuginfo-4.4.3_06_k3.12.48_52.27-22.15.1 xen-libs-32bit-4.4.3_06-22.15.1 xen-libs-4.4.3_06-22.15.1 xen-libs-debuginfo-32bit-4.4.3_06-22.15.1 xen-libs-debuginfo-4.4.3_06-22.15.1 References: https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-7311.html https://www.suse.com/security/cve/CVE-2015-7504.html https://www.suse.com/security/cve/CVE-2015-7835.html https://www.suse.com/security/cve/CVE-2015-7969.html https://www.suse.com/security/cve/CVE-2015-7970.html https://www.suse.com/security/cve/CVE-2015-7971.html https://www.suse.com/security/cve/CVE-2015-7972.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8339.html https://www.suse.com/security/cve/CVE-2015-8340.html https://www.suse.com/security/cve/CVE-2015-8341.html https://www.suse.com/security/cve/CVE-2015-8345.html https://bugzilla.suse.com/947165 https://bugzilla.suse.com/950703 https://bugzilla.suse.com/950704 https://bugzilla.suse.com/950705 https://bugzilla.suse.com/950706 https://bugzilla.suse.com/951845 https://bugzilla.suse.com/954018 https://bugzilla.suse.com/954405 https://bugzilla.suse.com/956408 https://bugzilla.suse.com/956409 https://bugzilla.suse.com/956411 https://bugzilla.suse.com/956592 https://bugzilla.suse.com/956832 From sle-updates at lists.suse.com Mon Dec 21 13:10:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Dec 2015 21:10:51 +0100 (CET) Subject: SUSE-SU-2015:2334-1: important: Security update for MozillaFirefox Message-ID: <20151221201051.6DFF5320AA@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2334-1 Rating: important References: #959277 Cross-References: CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: MozillaFirefox was updated to version 38.5.0 esr to fix the following issues: Following security issues were fixed: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12276=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-MozillaFirefox-12276=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-MozillaFirefox-12276=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12276=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-MozillaFirefox-12276=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-MozillaFirefox-12276=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-MozillaFirefox-12276=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12276=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-12276=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.5.0esr-28.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.5.0esr-28.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): MozillaFirefox-38.5.0esr-28.2 MozillaFirefox-translations-38.5.0esr-28.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.5.0esr-28.2 MozillaFirefox-translations-38.5.0esr-28.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.5.0esr-28.2 MozillaFirefox-translations-38.5.0esr-28.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-38.5.0esr-28.2 MozillaFirefox-translations-38.5.0esr-28.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): MozillaFirefox-38.5.0esr-28.2 MozillaFirefox-translations-38.5.0esr-28.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.5.0esr-28.2 MozillaFirefox-debugsource-38.5.0esr-28.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.5.0esr-28.2 MozillaFirefox-debugsource-38.5.0esr-28.2 References: https://www.suse.com/security/cve/CVE-2015-7201.html https://www.suse.com/security/cve/CVE-2015-7202.html https://www.suse.com/security/cve/CVE-2015-7205.html https://www.suse.com/security/cve/CVE-2015-7210.html https://www.suse.com/security/cve/CVE-2015-7212.html https://www.suse.com/security/cve/CVE-2015-7213.html https://www.suse.com/security/cve/CVE-2015-7214.html https://www.suse.com/security/cve/CVE-2015-7222.html https://bugzilla.suse.com/959277 From sle-updates at lists.suse.com Mon Dec 21 13:11:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Dec 2015 21:11:22 +0100 (CET) Subject: SUSE-SU-2015:2335-1: important: Security update for MozillaFirefox Message-ID: <20151221201122.93CB33213C@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2335-1 Rating: important References: #959277 Cross-References: CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: MozillaFirefox was updated to version 38.5.0 ESR to fix the following issues: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 A use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 An integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 A underflow found through code inspection * MFSA 2015-146/CVE-2015-7213 A integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-1001=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-1001=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-1001=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-1001=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1001=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1001=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-devel-38.5.0esr-54.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-devel-38.5.0esr-54.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-38.5.0esr-54.1 MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-translations-38.5.0esr-54.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-38.5.0esr-54.1 MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-translations-38.5.0esr-54.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-38.5.0esr-54.1 MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-translations-38.5.0esr-54.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-38.5.0esr-54.1 MozillaFirefox-debuginfo-38.5.0esr-54.1 MozillaFirefox-debugsource-38.5.0esr-54.1 MozillaFirefox-translations-38.5.0esr-54.1 References: https://www.suse.com/security/cve/CVE-2015-7201.html https://www.suse.com/security/cve/CVE-2015-7202.html https://www.suse.com/security/cve/CVE-2015-7205.html https://www.suse.com/security/cve/CVE-2015-7210.html https://www.suse.com/security/cve/CVE-2015-7212.html https://www.suse.com/security/cve/CVE-2015-7213.html https://www.suse.com/security/cve/CVE-2015-7214.html https://www.suse.com/security/cve/CVE-2015-7222.html https://bugzilla.suse.com/959277 From sle-updates at lists.suse.com Mon Dec 21 13:11:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Dec 2015 21:11:46 +0100 (CET) Subject: SUSE-SU-2015:2336-1: important: Security update for MozillaFirefox Message-ID: <20151221201146.3A2803213C@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2336-1 Rating: important References: #959277 Cross-References: CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: MozillaFirefox was updated to version 38.5.0 ESR. It fixes the following security issues: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5) * MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures * MFSA 2015-145/CVE-2015-7205 Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-MozillaFirefox-12275=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-MozillaFirefox-12275=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-38.5.0esr-28.2 MozillaFirefox-translations-38.5.0esr-28.2 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-38.5.0esr-28.2 MozillaFirefox-debugsource-38.5.0esr-28.2 References: https://www.suse.com/security/cve/CVE-2015-7201.html https://www.suse.com/security/cve/CVE-2015-7202.html https://www.suse.com/security/cve/CVE-2015-7205.html https://www.suse.com/security/cve/CVE-2015-7210.html https://www.suse.com/security/cve/CVE-2015-7212.html https://www.suse.com/security/cve/CVE-2015-7213.html https://www.suse.com/security/cve/CVE-2015-7214.html https://www.suse.com/security/cve/CVE-2015-7222.html https://bugzilla.suse.com/959277 From sle-updates at lists.suse.com Mon Dec 21 15:10:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Dec 2015 23:10:28 +0100 (CET) Subject: SUSE-SU-2015:2337-1: important: Security update for rubygem-passenger Message-ID: <20151221221028.3EC8D3213C@maintenance.suse.de> SUSE Security Update: Security update for rubygem-passenger ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2337-1 Rating: important References: #956281 Cross-References: CVE-2015-7519 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-passenger fixes the following issues: - CVE-2015-7519: rubygem-passenger was not filtering the environment like apache is doing, allowing injection of environment variables (bsc#956281) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-1005=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): ruby2.1-rubygem-passenger-5.0.18-6.1 ruby2.1-rubygem-passenger-debuginfo-5.0.18-6.1 rubygem-passenger-5.0.18-6.1 rubygem-passenger-apache2-5.0.18-6.1 rubygem-passenger-apache2-debuginfo-5.0.18-6.1 rubygem-passenger-debuginfo-5.0.18-6.1 rubygem-passenger-debugsource-5.0.18-6.1 References: https://www.suse.com/security/cve/CVE-2015-7519.html https://bugzilla.suse.com/956281 From sle-updates at lists.suse.com Mon Dec 21 15:10:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Dec 2015 23:10:52 +0100 (CET) Subject: SUSE-SU-2015:2183-2: important: Security update for strongswan Message-ID: <20151221221052.0BAB13213C@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2183-2 Rating: important References: #953817 Cross-References: CVE-2015-8023 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-934=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-934=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): strongswan-5.1.3-22.1 strongswan-debugsource-5.1.3-22.1 strongswan-hmac-5.1.3-22.1 strongswan-ipsec-5.1.3-22.1 strongswan-ipsec-debuginfo-5.1.3-22.1 strongswan-libs0-5.1.3-22.1 strongswan-libs0-debuginfo-5.1.3-22.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): strongswan-doc-5.1.3-22.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): strongswan-5.1.3-22.1 strongswan-debugsource-5.1.3-22.1 strongswan-ipsec-5.1.3-22.1 strongswan-ipsec-debuginfo-5.1.3-22.1 strongswan-libs0-5.1.3-22.1 strongswan-libs0-debuginfo-5.1.3-22.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): strongswan-doc-5.1.3-22.1 References: https://www.suse.com/security/cve/CVE-2015-8023.html https://bugzilla.suse.com/953817 From sle-updates at lists.suse.com Tue Dec 22 04:10:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Dec 2015 12:10:36 +0100 (CET) Subject: SUSE-SU-2015:2171-2: moderate: Security update for gpg2 Message-ID: <20151222111036.7AFA0320DF@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2171-2 Rating: moderate References: #918089 #918090 #952347 #955753 Cross-References: CVE-2015-1606 CVE-2015-1607 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: The gpg2 package was updated to fix the following security and non security issues: - CVE-2015-1606: Fixed invalid memory read using a garbled keyring (bsc#918089). - CVE-2015-1607: Fixed memcpy with overlapping ranges (bsc#918090). - bsc#955753: Fixed a regression of "gpg --recv" due to keyserver import filter (also boo#952347). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-922=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-922=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gpg2-2.0.24-3.2 gpg2-debuginfo-2.0.24-3.2 gpg2-debugsource-2.0.24-3.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): gpg2-lang-2.0.24-3.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gpg2-2.0.24-3.2 gpg2-debuginfo-2.0.24-3.2 gpg2-debugsource-2.0.24-3.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gpg2-lang-2.0.24-3.2 References: https://www.suse.com/security/cve/CVE-2015-1606.html https://www.suse.com/security/cve/CVE-2015-1607.html https://bugzilla.suse.com/918089 https://bugzilla.suse.com/918090 https://bugzilla.suse.com/952347 https://bugzilla.suse.com/955753 From sle-updates at lists.suse.com Tue Dec 22 05:11:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Dec 2015 13:11:28 +0100 (CET) Subject: SUSE-SU-2015:2338-1: moderate: Security update for xen Message-ID: <20151222121128.2889B3213C@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2338-1 Rating: moderate References: #947165 #950703 #950704 #950705 #950706 #951845 #954018 #954405 #955399 #956408 #956409 #956411 #956592 #956832 Cross-References: CVE-2015-5307 CVE-2015-7311 CVE-2015-7504 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has one errata is now available. Description: This update fixes the following security issues: - bsc#955399 - Fix xm migrate --log_progress. Due to logic error progress was not logged when requested. - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#955399 - Fix xm migrate --live. The options were not passed due to a merge error. As a result the migration was not live, instead the suspended guest was migrated. - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - Drop 5604f239-x86-PV-properly-populate-descriptor-tables.patch - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-20151203-12277=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-20151203-12277=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-xen-20151203-12277=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-20151203-12277=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.3_06-29.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.3_06_3.0.101_65-29.1 xen-libs-4.4.3_06-29.1 xen-tools-domU-4.4.3_06-29.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.3_06-29.1 xen-doc-html-4.4.3_06-29.1 xen-libs-32bit-4.4.3_06-29.1 xen-tools-4.4.3_06-29.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): xen-kmp-default-4.4.3_06_3.0.101_65-29.1 xen-libs-4.4.3_06-29.1 xen-tools-domU-4.4.3_06-29.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): xen-4.4.3_06-29.1 xen-doc-html-4.4.3_06-29.1 xen-libs-32bit-4.4.3_06-29.1 xen-tools-4.4.3_06-29.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586): xen-kmp-pae-4.4.3_06_3.0.101_65-29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.3_06-29.1 xen-debugsource-4.4.3_06-29.1 References: https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-7311.html https://www.suse.com/security/cve/CVE-2015-7504.html https://www.suse.com/security/cve/CVE-2015-7835.html https://www.suse.com/security/cve/CVE-2015-7969.html https://www.suse.com/security/cve/CVE-2015-7970.html https://www.suse.com/security/cve/CVE-2015-7971.html https://www.suse.com/security/cve/CVE-2015-7972.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8339.html https://www.suse.com/security/cve/CVE-2015-8340.html https://www.suse.com/security/cve/CVE-2015-8341.html https://www.suse.com/security/cve/CVE-2015-8345.html https://bugzilla.suse.com/947165 https://bugzilla.suse.com/950703 https://bugzilla.suse.com/950704 https://bugzilla.suse.com/950705 https://bugzilla.suse.com/950706 https://bugzilla.suse.com/951845 https://bugzilla.suse.com/954018 https://bugzilla.suse.com/954405 https://bugzilla.suse.com/955399 https://bugzilla.suse.com/956408 https://bugzilla.suse.com/956409 https://bugzilla.suse.com/956411 https://bugzilla.suse.com/956592 https://bugzilla.suse.com/956832 From sle-updates at lists.suse.com Tue Dec 22 08:10:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Dec 2015 16:10:59 +0100 (CET) Subject: SUSE-SU-2015:2339-1: important: Security update for the Linux Kernel Message-ID: <20151222151059.AD8A73213D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2339-1 Rating: important References: #814440 #879378 #879381 #900610 #904348 #904965 #921081 #926774 #930145 #930770 #930788 #930835 #932805 #935123 #935757 #937256 #937444 #938706 #939826 #939926 #939955 #940017 #940913 #940946 #941202 #942938 #943786 #944296 #944677 #944831 #944837 #944989 #944993 #945691 #945825 #945827 #946078 #946214 #946309 #947957 #948330 #948347 #948521 #949100 #949298 #949502 #949706 #949744 #949936 #949981 #950298 #950750 #950998 #951440 #952084 #952384 #952579 #952976 #953527 #953799 #953980 #954404 #954628 #954950 #954984 #955673 #956709 Cross-References: CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6937 CVE-2015-7509 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 57 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav lead to a system crash (bsc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bnc#938706). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). The following non-security bugs were fixed: - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - Driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - Drivers: hv: do not do hypercalls when hypercall_page is NULL. - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h. - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h. - Drivers: hv: vmbus: Get rid of some unused definitions. - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state. - Drivers: hv: vmbus: add special crash handler (bnc#930770). - Drivers: hv: vmbus: add special kexec handler. - Drivers: hv: vmbus: kill tasklets on module unload. - Drivers: hv: vmbus: prefer "^A" notification chain to 'panic'. - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from hv_synic_cleanup(). - Drivers: hv: vmbus: unregister panic notifier on module unload. - IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - NFSv4: Fix two infinite loops in the mount code (bsc#954628). - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786). - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786). - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084). - PCI: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084). - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084). - PCI: delay configuration of SRIOV capability (bnc#952084). - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SUNRPC refactor rpcauth_checkverf error returns (bsc#955673). - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#946214). - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cachefiles: Avoid deadlocks with fs freezing (bsc#935123). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - fix lpfc_send_rscn_event allocation size claims bnc#935757 - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123). - fs: Fix deadlocks between sync and fs freezing (bsc#935123). - hugetlb: simplify migrate_huge_page() (bnc#947957). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957,). - ipr: Fix incorrect trace indexing (bsc#940913). - ipr: Fix invalid array indexing for HRRQ (bsc#940913). - ipv6: fix tunnel error handling (bsc#952579). - ipvs: Fix reuse connection if real server is dead (bnc#945827). - ipvs: drop first packet to dead server (bsc#946078). - kernel: correct uc_sigmask of the compat signal frame (bnc#946214). - kernel: fix incorrect use of DIAG44 in continue_trylock_relax() (bnc#946214). - kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - lib/string.c: introduce memchr_inv() (bnc#930788). - lpfc: Fix cq_id masking problem (bsc#944677). - macvlan: Support bonding events bsc#948521 - memory-failure: do code refactor of soft_offline_page() (bnc#947957). - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957). - memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957). - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298). - mm: fix GFP_THISNODE callers and clarify (bsc#954950). - mm: remove GFP_THISNODE (bsc#954950). - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS). - net/core: Add VF link state control policy (bsc#950298). - netfilter: xt_recent: fix namespace destroy path (bsc#879378). - panic/x86: Allow cpus to save registers even if they (bnc#940946). - panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - qla2xxx: Remove unavailable firmware files (bsc#921081). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down (bsc#930835). - quota: Fix deadlock with suspend and quotas (bsc#935123). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtnetlink: Fix VF IFLA policy (bsc#950298). - rtnetlink: fix VF info size (bsc#950298). - s390/dasd: fix disconnected device with valid path mask (bnc#946214). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214). - s390/dasd: fix list_del corruption after lcu changes (bnc#954984). - s390/pci: handle events for unused functions (bnc#946214). - s390/pci: improve handling of hotplug event 0x301 (bnc#946214). - s390/pci: improve state check when processing hotplug events (bnc#946214). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sg: fix read() error reporting (bsc#926774). - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989). - usbback: correct copy length for partial transfers (bsc#941202). - usbvision fix overflow of interfaces array (bnc#950998). - veth: extend device features (bsc#879381). - vfs: Provide function to get superblock and wait for it to thaw (bsc#935123). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: fix ethtool ring buffer size setting (bsc#950750). - writeback: Skip writeback for frozen filesystem (bsc#935123). - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (bnc#937256). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788). - xfs: add background scanning to clear eofblocks inodes (bnc#930788). - xfs: add inode id filtering to eofblocks scan (bnc#930788). - xfs: add minimum file size filtering to eofblocks scan (bnc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788). - xfs: create helper to check whether to free eofblocks on inode (bnc#930788). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788). - xfs: support a tag-based inode_ag_iterator (bnc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981). - xhci: Calculate old endpoints correctly on device reset (bnc#944831). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837). - xhci: silence TD warning (bnc#939955). - xhci: use uninterruptible sleep for waiting for internal operations (bnc#939955). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-source-12278=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-source-12278=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-12278=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-kernel-source-12278=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-12278=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-68.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-68.1 kernel-default-base-3.0.101-68.1 kernel-default-devel-3.0.101-68.1 kernel-source-3.0.101-68.1 kernel-syms-3.0.101-68.1 kernel-trace-3.0.101-68.1 kernel-trace-base-3.0.101-68.1 kernel-trace-devel-3.0.101-68.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-68.1 kernel-ec2-base-3.0.101-68.1 kernel-ec2-devel-3.0.101-68.1 kernel-xen-3.0.101-68.1 kernel-xen-base-3.0.101-68.1 kernel-xen-devel-3.0.101-68.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-68.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-ppc64-3.0.101-68.1 kernel-ppc64-base-3.0.101-68.1 kernel-ppc64-devel-3.0.101-68.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-68.1 kernel-pae-base-3.0.101-68.1 kernel-pae-devel-3.0.101-68.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-68.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-68.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-68.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-68.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-68.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): kernel-default-3.0.101-68.1 kernel-default-base-3.0.101-68.1 kernel-default-devel-3.0.101-68.1 kernel-default-extra-3.0.101-68.1 kernel-source-3.0.101-68.1 kernel-syms-3.0.101-68.1 kernel-trace-devel-3.0.101-68.1 kernel-xen-3.0.101-68.1 kernel-xen-base-3.0.101-68.1 kernel-xen-devel-3.0.101-68.1 kernel-xen-extra-3.0.101-68.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586): kernel-pae-3.0.101-68.1 kernel-pae-base-3.0.101-68.1 kernel-pae-devel-3.0.101-68.1 kernel-pae-extra-3.0.101-68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-68.1 kernel-default-debugsource-3.0.101-68.1 kernel-trace-debuginfo-3.0.101-68.1 kernel-trace-debugsource-3.0.101-68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-68.1 kernel-trace-devel-debuginfo-3.0.101-68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-68.1 kernel-ec2-debugsource-3.0.101-68.1 kernel-xen-debuginfo-3.0.101-68.1 kernel-xen-debugsource-3.0.101-68.1 kernel-xen-devel-debuginfo-3.0.101-68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-ppc64-debuginfo-3.0.101-68.1 kernel-ppc64-debugsource-3.0.101-68.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-68.1 kernel-pae-debugsource-3.0.101-68.1 kernel-pae-devel-debuginfo-3.0.101-68.1 References: https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-5157.html https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7509.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8215.html https://bugzilla.suse.com/814440 https://bugzilla.suse.com/879378 https://bugzilla.suse.com/879381 https://bugzilla.suse.com/900610 https://bugzilla.suse.com/904348 https://bugzilla.suse.com/904965 https://bugzilla.suse.com/921081 https://bugzilla.suse.com/926774 https://bugzilla.suse.com/930145 https://bugzilla.suse.com/930770 https://bugzilla.suse.com/930788 https://bugzilla.suse.com/930835 https://bugzilla.suse.com/932805 https://bugzilla.suse.com/935123 https://bugzilla.suse.com/935757 https://bugzilla.suse.com/937256 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/938706 https://bugzilla.suse.com/939826 https://bugzilla.suse.com/939926 https://bugzilla.suse.com/939955 https://bugzilla.suse.com/940017 https://bugzilla.suse.com/940913 https://bugzilla.suse.com/940946 https://bugzilla.suse.com/941202 https://bugzilla.suse.com/942938 https://bugzilla.suse.com/943786 https://bugzilla.suse.com/944296 https://bugzilla.suse.com/944677 https://bugzilla.suse.com/944831 https://bugzilla.suse.com/944837 https://bugzilla.suse.com/944989 https://bugzilla.suse.com/944993 https://bugzilla.suse.com/945691 https://bugzilla.suse.com/945825 https://bugzilla.suse.com/945827 https://bugzilla.suse.com/946078 https://bugzilla.suse.com/946214 https://bugzilla.suse.com/946309 https://bugzilla.suse.com/947957 https://bugzilla.suse.com/948330 https://bugzilla.suse.com/948347 https://bugzilla.suse.com/948521 https://bugzilla.suse.com/949100 https://bugzilla.suse.com/949298 https://bugzilla.suse.com/949502 https://bugzilla.suse.com/949706 https://bugzilla.suse.com/949744 https://bugzilla.suse.com/949936 https://bugzilla.suse.com/949981 https://bugzilla.suse.com/950298 https://bugzilla.suse.com/950750 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951440 https://bugzilla.suse.com/952084 https://bugzilla.suse.com/952384 https://bugzilla.suse.com/952579 https://bugzilla.suse.com/952976 https://bugzilla.suse.com/953527 https://bugzilla.suse.com/953799 https://bugzilla.suse.com/953980 https://bugzilla.suse.com/954404 https://bugzilla.suse.com/954628 https://bugzilla.suse.com/954950 https://bugzilla.suse.com/954984 https://bugzilla.suse.com/955673 https://bugzilla.suse.com/956709 From sle-updates at lists.suse.com Tue Dec 22 08:28:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Dec 2015 16:28:07 +0100 (CET) Subject: SUSE-SU-2015:2340-1: important: Security update for bind Message-ID: <20151222152807.804F13213C@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2340-1 Rating: important References: #923281 #958861 Cross-References: CVE-2015-8000 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). It also fixes a bug: - Fix a regression in caching entries with a TTL of 0 (bsc#923281). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-12280=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-bind-12280=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-bind-12280=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-12280=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-bind-12280=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-bind-12280=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-bind-12280=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-bind-12280=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-12280=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-12280=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-bind-12280=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64): bind-devel-32bit-9.9.6P1-0.19.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): bind-9.9.6P1-0.19.1 bind-chrootenv-9.9.6P1-0.19.1 bind-doc-9.9.6P1-0.19.1 bind-libs-9.9.6P1-0.19.1 bind-utils-9.9.6P1-0.19.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): bind-libs-32bit-9.9.6P1-0.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.19.1 bind-chrootenv-9.9.6P1-0.19.1 bind-doc-9.9.6P1-0.19.1 bind-libs-9.9.6P1-0.19.1 bind-utils-9.9.6P1-0.19.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.19.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.19.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.19.1 bind-chrootenv-9.9.6P1-0.19.1 bind-doc-9.9.6P1-0.19.1 bind-libs-9.9.6P1-0.19.1 bind-utils-9.9.6P1-0.19.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.19.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): bind-libs-x86-9.9.6P1-0.19.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.19.1 bind-chrootenv-9.9.6P1-0.19.1 bind-devel-9.9.6P1-0.19.1 bind-doc-9.9.6P1-0.19.1 bind-libs-9.9.6P1-0.19.1 bind-utils-9.9.6P1-0.19.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.19.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): bind-libs-9.9.6P1-0.19.1 bind-utils-9.9.6P1-0.19.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): bind-libs-32bit-9.9.6P1-0.19.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): bind-libs-9.9.6P1-0.19.1 bind-utils-9.9.6P1-0.19.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): bind-libs-32bit-9.9.6P1-0.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.19.1 bind-debugsource-9.9.6P1-0.19.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.19.1 bind-debugsource-9.9.6P1-0.19.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.19.1 bind-debugsource-9.9.6P1-0.19.1 References: https://www.suse.com/security/cve/CVE-2015-8000.html https://bugzilla.suse.com/923281 https://bugzilla.suse.com/958861 From sle-updates at lists.suse.com Tue Dec 22 08:29:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Dec 2015 16:29:00 +0100 (CET) Subject: SUSE-SU-2015:2341-1: important: Security update for bind Message-ID: <20151222152900.3792A3213C@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2341-1 Rating: important References: #958861 Cross-References: CVE-2015-8000 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-1009=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-1009=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1009=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bind-debuginfo-9.9.6P1-28.6.1 bind-debugsource-9.9.6P1-28.6.1 bind-devel-9.9.6P1-28.6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bind-9.9.6P1-28.6.1 bind-chrootenv-9.9.6P1-28.6.1 bind-debuginfo-9.9.6P1-28.6.1 bind-debugsource-9.9.6P1-28.6.1 bind-libs-9.9.6P1-28.6.1 bind-libs-debuginfo-9.9.6P1-28.6.1 bind-utils-9.9.6P1-28.6.1 bind-utils-debuginfo-9.9.6P1-28.6.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): bind-libs-32bit-9.9.6P1-28.6.1 bind-libs-debuginfo-32bit-9.9.6P1-28.6.1 - SUSE Linux Enterprise Server 12 (noarch): bind-doc-9.9.6P1-28.6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bind-debuginfo-9.9.6P1-28.6.1 bind-debugsource-9.9.6P1-28.6.1 bind-libs-32bit-9.9.6P1-28.6.1 bind-libs-9.9.6P1-28.6.1 bind-libs-debuginfo-32bit-9.9.6P1-28.6.1 bind-libs-debuginfo-9.9.6P1-28.6.1 bind-utils-9.9.6P1-28.6.1 bind-utils-debuginfo-9.9.6P1-28.6.1 References: https://www.suse.com/security/cve/CVE-2015-8000.html https://bugzilla.suse.com/958861 From sle-updates at lists.suse.com Tue Dec 22 11:10:33 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Dec 2015 19:10:33 +0100 (CET) Subject: SUSE-SU-2015:2342-1: moderate: Security update for compat-openssl098 Message-ID: <20151222181033.960C03213C@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2342-1 Rating: moderate References: #952099 #957812 Cross-References: CVE-2015-3195 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for compat-openssl098 fixes the following issues: Security issue fixed:; - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. (bsc#957812) Non security issue fixed: - Prevent segfault in s_client with invalid options (bsc#952099) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-1011=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1011=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1011=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-87.1 libopenssl0_9_8-0.9.8j-87.1 libopenssl0_9_8-32bit-0.9.8j-87.1 libopenssl0_9_8-debuginfo-0.9.8j-87.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-87.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): compat-openssl098-debugsource-0.9.8j-87.1 libopenssl0_9_8-0.9.8j-87.1 libopenssl0_9_8-32bit-0.9.8j-87.1 libopenssl0_9_8-debuginfo-0.9.8j-87.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-87.1 - SUSE Linux Enterprise Desktop 12 (x86_64): compat-openssl098-debugsource-0.9.8j-87.1 libopenssl0_9_8-0.9.8j-87.1 libopenssl0_9_8-32bit-0.9.8j-87.1 libopenssl0_9_8-debuginfo-0.9.8j-87.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-87.1 References: https://www.suse.com/security/cve/CVE-2015-3195.html https://bugzilla.suse.com/952099 https://bugzilla.suse.com/957812 From sle-updates at lists.suse.com Tue Dec 22 13:10:34 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Dec 2015 21:10:34 +0100 (CET) Subject: SUSE-RU-2015:2344-1: moderate: Recommended update for tgt Message-ID: <20151222201034.B297F320DF@maintenance.suse.de> SUSE Recommended Update: Recommended update for tgt ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2344-1 Rating: moderate References: #922526 #952652 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tgt provides the following fixes: - Removed documentation about "--version" from tgtadm.8 man page, since there is no such option. (bsc#952652) - Handle possible target removal while accessing it. (bsc#922526) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-tgt-12281=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tgt-12281=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-tgt-12281=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tgt-12281=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): tgt-0.9.10-0.22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): tgt-0.9.10-0.22.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): tgt-0.9.10-0.22.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tgt-debuginfo-0.9.10-0.22.1 tgt-debugsource-0.9.10-0.22.1 References: https://bugzilla.suse.com/922526 https://bugzilla.suse.com/952652 From sle-updates at lists.suse.com Wed Dec 23 05:10:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Dec 2015 13:10:41 +0100 (CET) Subject: SUSE-SU-2015:2056-2: moderate: Recommended update for libksba Message-ID: <20151223121041.0DF7C320DF@maintenance.suse.de> SUSE Security Update: Recommended update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2056-2 Rating: moderate References: #926826 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: The libksba package was updated to fix the following security issues: - Fixed an integer overflow, an out of bounds read and a stack overflow issues (bsc#926826). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-869=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-869=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-869=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-18.1 libksba-devel-1.3.0-18.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-18.1 libksba8-1.3.0-18.1 libksba8-debuginfo-1.3.0-18.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libksba-debugsource-1.3.0-18.1 libksba8-1.3.0-18.1 libksba8-debuginfo-1.3.0-18.1 References: https://bugzilla.suse.com/926826 From sle-updates at lists.suse.com Wed Dec 23 10:10:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Dec 2015 18:10:36 +0100 (CET) Subject: SUSE-SU-2015:2350-1: important: Security update for the Linux Kernel Message-ID: <20151223171036.9573A320DF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2350-1 Rating: important References: #814440 #879378 #879381 #900610 #904348 #904965 #921081 #926709 #926774 #930145 #930770 #930788 #930835 #932805 #935053 #935123 #935757 #937256 #937444 #937969 #937970 #938706 #939207 #939826 #939926 #939955 #940017 #940913 #940946 #941202 #942938 #943786 #944677 #944831 #944837 #944989 #944993 #945691 #945825 #945827 #946078 #946214 #946309 #947957 #948330 #948347 #948521 #949100 #949298 #949502 #949706 #949744 #949936 #949981 #950298 #950750 #950998 #951440 #952084 #952384 #952579 #952976 #953527 #953799 #953980 #954404 #954628 #954950 #954984 #955354 #955673 #956709 Cross-References: CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6937 CVE-2015-7509 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7509: Mounting a prepared ext2 filesystem as ext4 could lead to a local denial of service (crash) (bsc#956709). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bnc#937969 937970 938706 939207). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. (bnc#955354). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). The following non-security bugs were fixed: - af_xhci: avoid path quiesce of severed path in shutdown() (bnc#946214, LTC#131684). - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799). - alsa: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cachefiles: Avoid deadlocks with fs freezing (bsc#935123). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - drivers: hv: do not do hypercalls when hypercall_page is NULL. - drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h. - drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h. - drivers: hv: vmbus: add special crash handler (bnc#930770). - drivers: hv: vmbus: add special kexec handler. - drivers: hv: vmbus: Get rid of some unused definitions. - drivers: hv: vmbus: Implement the protocol for tearing down vmbus state. - drivers: hv: vmbus: kill tasklets on module unload. - drivers: hv: vmbus: prefer "die" notification chain to 'panic'. - drivers: hv: vmbus: remove hv_synic_free_cpu() call from hv_synic_cleanup(). - drivers: hv: vmbus: unregister panic notifier on module unload. - driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - fix lpfc_send_rscn_event allocation size claims bnc#935757 - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123). - fs: Fix deadlocks between sync and fs freezing (bsc#935123). - hugetlb: simplify migrate_huge_page() (bnc#947957, VM Functionality). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957, VM Functionality). - IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - Import SP4-RT GA kabi files - ipr: Fix incorrect trace indexing (bsc#940913). - ipr: Fix invalid array indexing for HRRQ (bsc#940913). - ipv6: fix tunnel error handling (bsc#952579). - ipvs: drop first packet to dead server (bsc#946078). - ipvs: Fix reuse connection if real server is dead (bnc#945827). - kernel: correct uc_sigmask of the compat signal frame (bnc#946214, LTC#130124). - kernel: fix incorrect use of DIAG44 in continue_trylock_relax() (bnc#946214, LTC#132100). - kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444). - keys: Fix race between key destruction and finding a keyring by name (bsc#951440). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - lib/string.c: introduce memchr_inv() (bnc#930788). - lpfc: Fix cq_id masking problem (bsc#944677). - macvlan: Support bonding events bsc#948521 - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - memory-failure: do code refactor of soft_offline_page() (bnc#947957, VM Functionality). - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957, VM Functionality). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957, VM Functionality). - memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957, VM Functionality). - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298). - mm: fix GFP_THISNODE callers and clarify (bsc#954950, VM Functionality). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957, VM Functionality). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957, VM Functionality). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957, VM Functionality). - mm: remove GFP_THISNODE (bsc#954950, VM Functionality). - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS (fate#304949)). - Modified -rt patches: 343 of 434, noise elided. - net/core: Add VF link state control policy (bsc#950298). - netfilter: xt_recent: fix namespace destroy path (bsc#879378). - NFSv4: Fix two infinite loops in the mount code (bsc#954628). - panic/x86: Allow cpus to save registers even if they (bnc#940946). - panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - pci: Add dev_flags bit to access VPD through function 0 (bnc#943786). - pci: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786). - pci: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084). - pci: delay configuration of SRIOV capability (bnc#952084). - pci: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084). - pci: set pci sriov page size before reading SRIOV BAR (bnc#952084). - pci: Update NumVFs register when disabling SR-IOV (bnc#952084). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - qla2xxx: Remove unavailable firmware files (bsc#921081). - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down (bsc#930835). - quota: Fix deadlock with suspend and quotas (bsc#935123). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - Refresh patches.xen/1282-usbback-limit-copying.patch (bsc#941202). - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - rtnetlink: Fix VF IFLA policy (bsc#950298). - rtnetlink: fix VF info size (bsc#950298). - s390/dasd: fix disconnected device with valid path mask (bnc#946214, LTC#132707). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214, LTC#132706). - s390/dasd: fix list_del corruption after lcu changes (bnc#954984, LTC#133077). - s390/pci: handle events for unused functions (bnc#946214, LTC#130628). - s390/pci: improve handling of hotplug event 0x301 (bnc#946214, LTC#130628). - s390/pci: improve state check when processing hotplug events (bnc#946214, LTC#130628). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - scsi: hosts: update to use ida_simple for host_no (bsc#939926) - sg: fix read() error reporting (bsc#926774). - sunrpc: refactor rpcauth_checkverf error returns (bsc#955673). - Update patches.fixes/fanotify-fix-deadlock-during-thread-exit.patch (bsc#935053, bsc#926709). Add bug reference. - usbback: correct copy length for partial transfers (bsc#941202). - usbvision fix overflow of interfaces array (bnc#950998). - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989). - veth: extend device features (bsc#879381). - vfs: Provide function to get superblock and wait for it to thaw (bsc#935123). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: fix ethtool ring buffer size setting (bsc#950750). - writeback: Skip writeback for frozen filesystem (bsc#935123). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (fate#317533, bnc#937256). - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE (fate#317533, bnc#937256). - xfs: add background scanning to clear eofblocks inodes (bnc#930788). - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788). - xfs: add inode id filtering to eofblocks scan (bnc#930788). - xfs: add minimum file size filtering to eofblocks scan (bnc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788). - xfs: create helper to check whether to free eofblocks on inode (bnc#930788). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788). - xfs: support a tag-based inode_ag_iterator (bnc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981). - xhci: Calculate old endpoints correctly on device reset (bnc#944831). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691). - xhci: silence TD warning (bnc#939955). - xhci: use uninterruptible sleep for waiting for internal operations (bnc#939955). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-rt-20151204-12284=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-rt-20151204-12284=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-48.1 kernel-rt-base-3.0.101.rt130-48.1 kernel-rt-devel-3.0.101.rt130-48.1 kernel-rt_trace-3.0.101.rt130-48.1 kernel-rt_trace-base-3.0.101.rt130-48.1 kernel-rt_trace-devel-3.0.101.rt130-48.1 kernel-source-rt-3.0.101.rt130-48.1 kernel-syms-rt-3.0.101.rt130-48.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-48.1 kernel-rt-debugsource-3.0.101.rt130-48.1 kernel-rt_debug-debuginfo-3.0.101.rt130-48.1 kernel-rt_debug-debugsource-3.0.101.rt130-48.1 kernel-rt_trace-debuginfo-3.0.101.rt130-48.1 kernel-rt_trace-debugsource-3.0.101.rt130-48.1 References: https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-5157.html https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7509.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8215.html https://bugzilla.suse.com/814440 https://bugzilla.suse.com/879378 https://bugzilla.suse.com/879381 https://bugzilla.suse.com/900610 https://bugzilla.suse.com/904348 https://bugzilla.suse.com/904965 https://bugzilla.suse.com/921081 https://bugzilla.suse.com/926709 https://bugzilla.suse.com/926774 https://bugzilla.suse.com/930145 https://bugzilla.suse.com/930770 https://bugzilla.suse.com/930788 https://bugzilla.suse.com/930835 https://bugzilla.suse.com/932805 https://bugzilla.suse.com/935053 https://bugzilla.suse.com/935123 https://bugzilla.suse.com/935757 https://bugzilla.suse.com/937256 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/937969 https://bugzilla.suse.com/937970 https://bugzilla.suse.com/938706 https://bugzilla.suse.com/939207 https://bugzilla.suse.com/939826 https://bugzilla.suse.com/939926 https://bugzilla.suse.com/939955 https://bugzilla.suse.com/940017 https://bugzilla.suse.com/940913 https://bugzilla.suse.com/940946 https://bugzilla.suse.com/941202 https://bugzilla.suse.com/942938 https://bugzilla.suse.com/943786 https://bugzilla.suse.com/944677 https://bugzilla.suse.com/944831 https://bugzilla.suse.com/944837 https://bugzilla.suse.com/944989 https://bugzilla.suse.com/944993 https://bugzilla.suse.com/945691 https://bugzilla.suse.com/945825 https://bugzilla.suse.com/945827 https://bugzilla.suse.com/946078 https://bugzilla.suse.com/946214 https://bugzilla.suse.com/946309 https://bugzilla.suse.com/947957 https://bugzilla.suse.com/948330 https://bugzilla.suse.com/948347 https://bugzilla.suse.com/948521 https://bugzilla.suse.com/949100 https://bugzilla.suse.com/949298 https://bugzilla.suse.com/949502 https://bugzilla.suse.com/949706 https://bugzilla.suse.com/949744 https://bugzilla.suse.com/949936 https://bugzilla.suse.com/949981 https://bugzilla.suse.com/950298 https://bugzilla.suse.com/950750 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951440 https://bugzilla.suse.com/952084 https://bugzilla.suse.com/952384 https://bugzilla.suse.com/952579 https://bugzilla.suse.com/952976 https://bugzilla.suse.com/953527 https://bugzilla.suse.com/953799 https://bugzilla.suse.com/953980 https://bugzilla.suse.com/954404 https://bugzilla.suse.com/954628 https://bugzilla.suse.com/954950 https://bugzilla.suse.com/954984 https://bugzilla.suse.com/955354 https://bugzilla.suse.com/955673 https://bugzilla.suse.com/956709 From sle-updates at lists.suse.com Wed Dec 23 10:29:14 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Dec 2015 18:29:14 +0100 (CET) Subject: SUSE-RU-2015:2351-1: Recommended update for parted Message-ID: <20151223172914.EAF1F3213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for parted ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2351-1 Rating: low References: #932116 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update improves handling of busy extended partitions in libparted. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-parted-12283=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-parted-12283=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-parted-12283=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-parted-12283=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): parted-devel-2.3-10.48.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): parted-2.3-10.48.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): parted-32bit-2.3-10.48.3 - SUSE Linux Enterprise Server 11-SP4 (ia64): parted-x86-2.3-10.48.3 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): parted-2.3-10.48.3 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): parted-32bit-2.3-10.48.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): parted-debuginfo-2.3-10.48.3 parted-debugsource-2.3-10.48.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): parted-debuginfo-32bit-2.3-10.48.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): parted-debuginfo-x86-2.3-10.48.3 References: https://bugzilla.suse.com/932116 From sle-updates at lists.suse.com Wed Dec 23 10:29:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Dec 2015 18:29:46 +0100 (CET) Subject: SUSE-SU-2015:2195-2: moderate: Security update for gdk-pixbuf Message-ID: <20151223172946.C3366320DF@maintenance.suse.de> SUSE Security Update: Security update for gdk-pixbuf ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2195-2 Rating: moderate References: #942801 #948790 #948791 Cross-References: CVE-2015-4491 CVE-2015-7673 CVE-2015-7674 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The gdk pixbuf library was updated to fix three security issues. These security issues were fixed: - CVE-2015-7673: Fix some more overflows scaling a gif (bsc#948791) - CVE-2015-4491: Check for overflow before allocating memory when scaling (bsc#942801) - CVE-2015-7673: Fix an overflow and DoS when scaling TGA files (bsc#948790). - CVE-2015-7674: Fix overflow when scaling GIF files(bsc#948791). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-946=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-946=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-946=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.30.6-7.2 gdk-pixbuf-devel-2.30.6-7.2 gdk-pixbuf-devel-debuginfo-2.30.6-7.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.30.6-7.2 gdk-pixbuf-query-loaders-2.30.6-7.2 gdk-pixbuf-query-loaders-debuginfo-2.30.6-7.2 libgdk_pixbuf-2_0-0-2.30.6-7.2 libgdk_pixbuf-2_0-0-debuginfo-2.30.6-7.2 typelib-1_0-GdkPixbuf-2_0-2.30.6-7.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gdk-pixbuf-query-loaders-32bit-2.30.6-7.2 gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-7.2 libgdk_pixbuf-2_0-0-32bit-2.30.6-7.2 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-7.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): gdk-pixbuf-lang-2.30.6-7.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gdk-pixbuf-debugsource-2.30.6-7.2 gdk-pixbuf-query-loaders-2.30.6-7.2 gdk-pixbuf-query-loaders-32bit-2.30.6-7.2 gdk-pixbuf-query-loaders-debuginfo-2.30.6-7.2 gdk-pixbuf-query-loaders-debuginfo-32bit-2.30.6-7.2 libgdk_pixbuf-2_0-0-2.30.6-7.2 libgdk_pixbuf-2_0-0-32bit-2.30.6-7.2 libgdk_pixbuf-2_0-0-debuginfo-2.30.6-7.2 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.30.6-7.2 typelib-1_0-GdkPixbuf-2_0-2.30.6-7.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gdk-pixbuf-lang-2.30.6-7.2 References: https://www.suse.com/security/cve/CVE-2015-4491.html https://www.suse.com/security/cve/CVE-2015-7673.html https://www.suse.com/security/cve/CVE-2015-7674.html https://bugzilla.suse.com/942801 https://bugzilla.suse.com/948790 https://bugzilla.suse.com/948791 From sle-updates at lists.suse.com Wed Dec 23 10:30:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Dec 2015 18:30:44 +0100 (CET) Subject: SUSE-RU-2015:2352-1: Recommended update for parted Message-ID: <20151223173044.8DE333213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for parted ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2352-1 Rating: low References: #932116 #933125 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for parted provides the following fixes: - Improve handling of busy extended partitions in libparted. (bsc#932116) - Partitions on MDRAID have the form of 'mdXpY'. (bsc#933125) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-parted-12282=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-parted-12282=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-parted-12282=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-parted-12282=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-parted-12282=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): parted-devel-2.3-10.42.3 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): parted-2.3-10.42.3 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): parted-32bit-2.3-10.42.3 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): parted-2.3-10.42.3 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): parted-32bit-2.3-10.42.3 - SUSE Linux Enterprise Server 11-SP3 (ia64): parted-x86-2.3-10.42.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): parted-2.3-10.42.3 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): parted-32bit-2.3-10.42.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): parted-debuginfo-2.3-10.42.3 parted-debugsource-2.3-10.42.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x): parted-debuginfo-32bit-2.3-10.42.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): parted-debuginfo-x86-2.3-10.42.3 References: https://bugzilla.suse.com/932116 https://bugzilla.suse.com/933125 From sle-updates at lists.suse.com Wed Dec 23 13:10:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Dec 2015 21:10:28 +0100 (CET) Subject: SUSE-RU-2015:2048-2: moderate: Recommended update for acl Message-ID: <20151223201028.B1C503213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for acl ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2048-2 Rating: moderate References: #945899 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for acl provides the following fixes: - Fix segmentation fault of getfacl -e on overly long group name. - Make sure that acl_from_text() always sets errno when it fails. - Fix memory and resource leaks in getfacl. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-862=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-862=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-862=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): acl-debuginfo-2.2.52-6.1 acl-debugsource-2.2.52-6.1 libacl-devel-2.2.52-6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): acl-2.2.52-6.1 acl-debuginfo-2.2.52-6.1 acl-debugsource-2.2.52-6.1 libacl1-2.2.52-6.1 libacl1-debuginfo-2.2.52-6.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libacl1-32bit-2.2.52-6.1 libacl1-debuginfo-32bit-2.2.52-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): acl-2.2.52-6.1 acl-debuginfo-2.2.52-6.1 acl-debugsource-2.2.52-6.1 libacl1-2.2.52-6.1 libacl1-32bit-2.2.52-6.1 libacl1-debuginfo-2.2.52-6.1 libacl1-debuginfo-32bit-2.2.52-6.1 References: https://bugzilla.suse.com/945899 From sle-updates at lists.suse.com Thu Dec 24 19:10:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Dec 2015 03:10:39 +0100 (CET) Subject: SUSE-SU-2015:2359-1: important: Security update for bind Message-ID: <20151225021039.0599A320DF@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2359-1 Rating: important References: #958861 Cross-References: CVE-2015-8000 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following security issue: - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses (bsc#958861). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-1016=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-1016=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1016=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): bind-debuginfo-9.9.6P1-32.1 bind-debugsource-9.9.6P1-32.1 bind-devel-9.9.6P1-32.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): bind-9.9.6P1-32.1 bind-chrootenv-9.9.6P1-32.1 bind-debuginfo-9.9.6P1-32.1 bind-debugsource-9.9.6P1-32.1 bind-libs-9.9.6P1-32.1 bind-libs-debuginfo-9.9.6P1-32.1 bind-utils-9.9.6P1-32.1 bind-utils-debuginfo-9.9.6P1-32.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): bind-libs-32bit-9.9.6P1-32.1 bind-libs-debuginfo-32bit-9.9.6P1-32.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): bind-doc-9.9.6P1-32.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): bind-debuginfo-9.9.6P1-32.1 bind-debugsource-9.9.6P1-32.1 bind-libs-32bit-9.9.6P1-32.1 bind-libs-9.9.6P1-32.1 bind-libs-debuginfo-32bit-9.9.6P1-32.1 bind-libs-debuginfo-9.9.6P1-32.1 bind-utils-9.9.6P1-32.1 bind-utils-debuginfo-9.9.6P1-32.1 References: https://www.suse.com/security/cve/CVE-2015-8000.html https://bugzilla.suse.com/958861 From sle-updates at lists.suse.com Fri Dec 25 07:10:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Dec 2015 15:10:42 +0100 (CET) Subject: SUSE-RU-2015:2360-1: moderate: Recommended update for ksh Message-ID: <20151225141042.D7B833213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for ksh ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2360-1 Rating: moderate References: #887320 #924043 #924318 #926172 #931908 #933328 #934437 #939252 #951430 #953533 #954856 #955221 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: The Korn Shell (ksh) was downgraded from 93v to 93u, as version 93v is not as stable as version 93u. This is inline with the purpose of the Legacy Module, which is to provide a compatibility layer for customers who need more time to migrate from SUSE Linux Enterprise 11 to 12. The updated package has its version set to 93vu to ensure the software update stack (RPM, zypper) will see it as a regular update. Users who want to stay with version 93v can prevent the update with 'zypper addlock ksh'. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-1018=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-1018=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-1018=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ksh-debuginfo-93vu-12.1 ksh-debugsource-93vu-12.1 ksh-devel-93vu-12.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ksh-debuginfo-93vu-12.1 ksh-debugsource-93vu-12.1 ksh-devel-93vu-12.1 - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le s390x x86_64): ksh-93vu-12.1 ksh-debuginfo-93vu-12.1 ksh-debugsource-93vu-12.1 References: https://bugzilla.suse.com/887320 https://bugzilla.suse.com/924043 https://bugzilla.suse.com/924318 https://bugzilla.suse.com/926172 https://bugzilla.suse.com/931908 https://bugzilla.suse.com/933328 https://bugzilla.suse.com/934437 https://bugzilla.suse.com/939252 https://bugzilla.suse.com/951430 https://bugzilla.suse.com/953533 https://bugzilla.suse.com/954856 https://bugzilla.suse.com/955221 From sle-updates at lists.suse.com Fri Dec 25 07:14:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Dec 2015 15:14:27 +0100 (CET) Subject: SUSE-SU-2015:2000-2: moderate: Security update for libsndfile Message-ID: <20151225141427.A6A513213C@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2000-2 Rating: moderate References: #953516 #953519 #953521 Cross-References: CVE-2014-9756 CVE-2015-7805 CVE-2015-8075 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The libsndfile package was updated to fix the following security issue: - CVE-2014-9756: Fixed a divide by zero problem that can lead to a Denial of Service (DoS) (bsc#953521). - CVE-2015-7805: Fixed heap overflow issue (bsc#953516). - CVE-2015-8075: Fixed heap overflow issue (bsc#953519). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-846=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-846=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-846=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-25.1 libsndfile-devel-1.0.25-25.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-25.1 libsndfile1-1.0.25-25.1 libsndfile1-debuginfo-1.0.25-25.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libsndfile1-32bit-1.0.25-25.1 libsndfile1-debuginfo-32bit-1.0.25-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libsndfile-debugsource-1.0.25-25.1 libsndfile1-1.0.25-25.1 libsndfile1-32bit-1.0.25-25.1 libsndfile1-debuginfo-1.0.25-25.1 libsndfile1-debuginfo-32bit-1.0.25-25.1 References: https://www.suse.com/security/cve/CVE-2014-9756.html https://www.suse.com/security/cve/CVE-2015-7805.html https://www.suse.com/security/cve/CVE-2015-8075.html https://bugzilla.suse.com/953516 https://bugzilla.suse.com/953519 https://bugzilla.suse.com/953521 From sle-updates at lists.suse.com Fri Dec 25 07:15:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Dec 2015 15:15:24 +0100 (CET) Subject: SUSE-RU-2015:2361-1: moderate: Recommended update for ksh Message-ID: <20151225141524.C26363213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for ksh ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2361-1 Rating: moderate References: #951430 #953533 #954856 #955221 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for ksh fixes the following issues: - File descriptor leak when doing redirects in a subshell. (bsc#954856) - Hangs when processing commands in backticks that output too much data. (bsc#953533, bsc#955221, bsc#951430) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ksh-12285=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-ksh-12285=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-ksh-12285=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ksh-12285=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-ksh-12285=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ksh-12285=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-ksh-12285=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-ksh-12285=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ksh-12285=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ksh-12285=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-ksh-12285=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ksh-devel-93u-0.34.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): ksh-devel-93u-0.34.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): ksh-93u-0.34.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ksh-93u-0.34.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): ksh-93u-0.34.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): ksh-93u-0.34.1 ksh-devel-93u-0.34.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): ksh-93u-0.34.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): ksh-93u-0.34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ksh-debuginfo-93u-0.34.1 ksh-debugsource-93u-0.34.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): ksh-debuginfo-93u-0.34.1 ksh-debugsource-93u-0.34.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): ksh-debuginfo-93u-0.34.1 ksh-debugsource-93u-0.34.1 References: https://bugzilla.suse.com/951430 https://bugzilla.suse.com/953533 https://bugzilla.suse.com/954856 https://bugzilla.suse.com/955221 From sle-updates at lists.suse.com Mon Dec 28 10:10:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Dec 2015 18:10:47 +0100 (CET) Subject: SUSE-RU-2015:2381-1: Recommended update for certification-sles-eal4 Message-ID: <20151228171047.BCF4D320DF@maintenance.suse.de> SUSE Recommended Update: Recommended update for certification-sles-eal4 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2381-1 Rating: low References: #959525 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The EAL4 Configuration Guide has been updated to version 1.1, which adds more information about cryptographic key handling. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-1020=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): certification-sles-eal4-12.0-0.7.1 References: https://bugzilla.suse.com/959525 From sle-updates at lists.suse.com Mon Dec 28 12:10:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Dec 2015 20:10:35 +0100 (CET) Subject: SUSE-RU-2015:2382-1: important: Recommended update for regionServiceClientConfigGCE Message-ID: <20151228191035.BF768320DF@maintenance.suse.de> SUSE Recommended Update: Recommended update for regionServiceClientConfigGCE ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2382-1 Rating: important References: #959244 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for regionServiceClientConfigGCE fixes the following issues: - Point to the proper region servers. - Enable use of plugin to send region hints to region server. - New certificate for new region servers. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-1021=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): regionServiceClientConfigGCE-2.1.1-4.1 References: https://bugzilla.suse.com/959244 From sle-updates at lists.suse.com Mon Dec 28 13:10:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Dec 2015 21:10:42 +0100 (CET) Subject: SUSE-SU-2015:2383-1: moderate: Security update for xfsprogs Message-ID: <20151228201042.A1174320DF@maintenance.suse.de> SUSE Security Update: Security update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2383-1 Rating: moderate References: #911866 #939367 Cross-References: CVE-2012-2150 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: xfsprogs was updated to fix one security vulnerability and several bugs. - Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150) - Fix segfault during xfs_repair run (bsc#911866) - Fix definition of leaf attribute block to avoid gcc optimization xfsprogs-fix-leaf-block-definition Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xfsprogs-12286=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-xfsprogs-12286=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-xfsprogs-12286=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xfsprogs-12286=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-xfsprogs-12286=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-xfsprogs-12286=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-xfsprogs-12286=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xfsprogs-12286=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xfsprogs-devel-3.1.8-0.7.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): xfsprogs-devel-3.1.8-0.7.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): xfsprogs-3.1.8-0.7.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xfsprogs-3.1.8-0.7.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): xfsprogs-3.1.8-0.7.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): xfsprogs-3.1.8-0.7.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): xfsprogs-3.1.8-0.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xfsprogs-debuginfo-3.1.8-0.7.1 xfsprogs-debugsource-3.1.8-0.7.1 References: https://www.suse.com/security/cve/CVE-2012-2150.html https://bugzilla.suse.com/911866 https://bugzilla.suse.com/939367 From sle-updates at lists.suse.com Mon Dec 28 13:11:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Dec 2015 21:11:24 +0100 (CET) Subject: SUSE-SU-2015:2384-1: moderate: Security update for xfsprogs Message-ID: <20151228201124.400A43213C@maintenance.suse.de> SUSE Security Update: Security update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2384-1 Rating: moderate References: #939367 Cross-References: CVE-2012-2150 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: xfsprogs was updated to fix one security vulnerability and several bugs. - Handle unwanted data disclosure in xfs_metadump (bsc#939367, CVE-2012-2150) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-1022=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-1022=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-1022=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-1022=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1022=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1022=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): xfsprogs-debuginfo-3.2.1-3.5 xfsprogs-debugsource-3.2.1-3.5 xfsprogs-devel-3.2.1-3.5 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): xfsprogs-debuginfo-3.2.1-3.5 xfsprogs-debugsource-3.2.1-3.5 xfsprogs-devel-3.2.1-3.5 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): xfsprogs-3.2.1-3.5 xfsprogs-debuginfo-3.2.1-3.5 xfsprogs-debugsource-3.2.1-3.5 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xfsprogs-3.2.1-3.5 xfsprogs-debuginfo-3.2.1-3.5 xfsprogs-debugsource-3.2.1-3.5 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xfsprogs-3.2.1-3.5 xfsprogs-debuginfo-3.2.1-3.5 xfsprogs-debugsource-3.2.1-3.5 - SUSE Linux Enterprise Desktop 12 (x86_64): xfsprogs-3.2.1-3.5 xfsprogs-debuginfo-3.2.1-3.5 xfsprogs-debugsource-3.2.1-3.5 References: https://www.suse.com/security/cve/CVE-2012-2150.html https://bugzilla.suse.com/939367 From sle-updates at lists.suse.com Tue Dec 29 04:10:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Dec 2015 12:10:32 +0100 (CET) Subject: SUSE-SU-2015:2385-1: important: Security update for grub2 Message-ID: <20151229111033.04F423213D@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2385-1 Rating: important References: #884828 #884830 #946148 #952539 #954592 #956631 Cross-References: CVE-2015-8370 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for grub2 provides the following fixes: A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370) Also following bugs were fixed: - Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370) - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) - Add grub.xen config searching path on boot partition. (bsc#884828) - Add linux16 and initrd16 to grub.xen. (bsc#884830) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-grub2-12288=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-grub2-12288=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-grub2-12288=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (x86_64): grub2-x86_64-efi-2.00-0.54.2 grub2-x86_64-xen-2.00-0.54.2 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): grub2-x86_64-efi-2.00-0.54.2 grub2-x86_64-xen-2.00-0.54.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): grub2-debuginfo-2.00-0.54.2 grub2-debugsource-2.00-0.54.2 References: https://www.suse.com/security/cve/CVE-2015-8370.html https://bugzilla.suse.com/884828 https://bugzilla.suse.com/884830 https://bugzilla.suse.com/946148 https://bugzilla.suse.com/952539 https://bugzilla.suse.com/954592 https://bugzilla.suse.com/956631 From sle-updates at lists.suse.com Tue Dec 29 04:11:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Dec 2015 12:11:57 +0100 (CET) Subject: SUSE-SU-2015:2386-1: important: Security update for grub2 Message-ID: <20151229111157.6D3973213C@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2386-1 Rating: important References: #884828 #884830 #946148 #952539 #954592 #956631 Cross-References: CVE-2015-8370 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for grub2 provides the following fixes: A security issues with a bufferoverflow when reading username and password was fixed (bsc#956631, CVE-2015-8370) Bugs fixed: - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) - Add grub.xen config searching path on boot partition. (bsc#884828) - Add linux16 and initrd16 to grub.xen. (bsc#884830) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-grub2-12287=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-grub2-12287=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-grub2-12287=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-grub2-12287=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): grub2-x86_64-efi-2.00-0.49.2 grub2-x86_64-xen-2.00-0.49.2 - SUSE Linux Enterprise Server 11-SP3 (x86_64): grub2-x86_64-efi-2.00-0.49.2 grub2-x86_64-xen-2.00-0.49.2 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): grub2-x86_64-efi-2.00-0.49.2 grub2-x86_64-xen-2.00-0.49.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): grub2-debuginfo-2.00-0.49.2 grub2-debugsource-2.00-0.49.2 References: https://www.suse.com/security/cve/CVE-2015-8370.html https://bugzilla.suse.com/884828 https://bugzilla.suse.com/884830 https://bugzilla.suse.com/946148 https://bugzilla.suse.com/952539 https://bugzilla.suse.com/954592 https://bugzilla.suse.com/956631 From sle-updates at lists.suse.com Tue Dec 29 04:13:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Dec 2015 12:13:09 +0100 (CET) Subject: SUSE-SU-2015:2387-1: important: Security update for grub2 Message-ID: <20151229111309.D83383213C@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2387-1 Rating: important References: #774666 #917427 #946148 #952539 #954126 #954519 #955493 #955609 #956631 Cross-References: CVE-2015-8370 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: - Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370) - Check MS-DOS header to find PE file header. (bsc#954126) - Use dirname for copying Xen kernel and initrd to esp. (bsc#955493) - Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty. (bsc#954519) - Add luks, gcry_rijndael and gcry_sha1 to signed EFI image to support LUKS partition in default setup. (bsc#917427, bsc#955609) - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-1027=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1027=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): grub2-2.02~beta2-73.3 grub2-debuginfo-2.02~beta2-73.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-73.3 - SUSE Linux Enterprise Server 12-SP1 (x86_64): grub2-i386-pc-2.02~beta2-73.3 grub2-x86_64-efi-2.02~beta2-73.3 grub2-x86_64-xen-2.02~beta2-73.3 - SUSE Linux Enterprise Server 12-SP1 (noarch): grub2-snapper-plugin-2.02~beta2-73.3 - SUSE Linux Enterprise Server 12-SP1 (s390x): grub2-debugsource-2.02~beta2-73.3 grub2-s390x-emu-2.02~beta2-73.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): grub2-2.02~beta2-73.3 grub2-debuginfo-2.02~beta2-73.3 grub2-i386-pc-2.02~beta2-73.3 grub2-x86_64-efi-2.02~beta2-73.3 grub2-x86_64-xen-2.02~beta2-73.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): grub2-snapper-plugin-2.02~beta2-73.3 References: https://www.suse.com/security/cve/CVE-2015-8370.html https://bugzilla.suse.com/774666 https://bugzilla.suse.com/917427 https://bugzilla.suse.com/946148 https://bugzilla.suse.com/952539 https://bugzilla.suse.com/954126 https://bugzilla.suse.com/954519 https://bugzilla.suse.com/955493 https://bugzilla.suse.com/955609 https://bugzilla.suse.com/956631 From sle-updates at lists.suse.com Tue Dec 29 07:10:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Dec 2015 15:10:48 +0100 (CET) Subject: SUSE-RU-2015:1974-2: Recommended update for avahi Message-ID: <20151229141048.7E3B23213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1974-2 Rating: low References: #947140 #948277 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Avahi provides the following fixes: - Do not log errors for every invalid packet received. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2015-828=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-828=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-828=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-828=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): avahi-glib2-debugsource-0.6.31-23.1 libavahi-gobject0-0.6.31-23.1 libavahi-gobject0-debuginfo-0.6.31-23.1 libavahi-ui-gtk3-0-0.6.31-23.1 libavahi-ui-gtk3-0-debuginfo-0.6.31-23.1 libavahi-ui0-0.6.31-23.1 libavahi-ui0-debuginfo-0.6.31-23.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): avahi-compat-howl-devel-0.6.31-23.1 avahi-compat-mDNSResponder-devel-0.6.31-23.1 avahi-debuginfo-0.6.31-23.1 avahi-debugsource-0.6.31-23.1 avahi-glib2-debugsource-0.6.31-23.1 libavahi-devel-0.6.31-23.1 libavahi-glib-devel-0.6.31-23.1 libavahi-gobject-devel-0.6.31-23.1 libavahi-gobject0-0.6.31-23.1 libavahi-gobject0-debuginfo-0.6.31-23.1 libavahi-ui-gtk3-0-0.6.31-23.1 libavahi-ui-gtk3-0-debuginfo-0.6.31-23.1 libavahi-ui0-0.6.31-23.1 libavahi-ui0-debuginfo-0.6.31-23.1 libhowl0-0.6.31-23.1 libhowl0-debuginfo-0.6.31-23.1 typelib-1_0-Avahi-0_6-0.6.31-23.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): avahi-0.6.31-23.1 avahi-debuginfo-0.6.31-23.1 avahi-debugsource-0.6.31-23.1 avahi-glib2-debugsource-0.6.31-23.1 avahi-utils-0.6.31-23.1 avahi-utils-debuginfo-0.6.31-23.1 libavahi-client3-0.6.31-23.1 libavahi-client3-debuginfo-0.6.31-23.1 libavahi-common3-0.6.31-23.1 libavahi-common3-debuginfo-0.6.31-23.1 libavahi-core7-0.6.31-23.1 libavahi-core7-debuginfo-0.6.31-23.1 libavahi-glib1-0.6.31-23.1 libavahi-glib1-debuginfo-0.6.31-23.1 libdns_sd-0.6.31-23.1 libdns_sd-debuginfo-0.6.31-23.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): avahi-debuginfo-32bit-0.6.31-23.1 libavahi-client3-32bit-0.6.31-23.1 libavahi-client3-debuginfo-32bit-0.6.31-23.1 libavahi-common3-32bit-0.6.31-23.1 libavahi-common3-debuginfo-32bit-0.6.31-23.1 libavahi-glib1-32bit-0.6.31-23.1 libavahi-glib1-debuginfo-32bit-0.6.31-23.1 libdns_sd-32bit-0.6.31-23.1 libdns_sd-debuginfo-32bit-0.6.31-23.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): avahi-lang-0.6.31-23.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): avahi-0.6.31-23.1 avahi-debuginfo-0.6.31-23.1 avahi-debuginfo-32bit-0.6.31-23.1 avahi-debugsource-0.6.31-23.1 avahi-glib2-debugsource-0.6.31-23.1 libavahi-client3-0.6.31-23.1 libavahi-client3-32bit-0.6.31-23.1 libavahi-client3-debuginfo-0.6.31-23.1 libavahi-client3-debuginfo-32bit-0.6.31-23.1 libavahi-common3-0.6.31-23.1 libavahi-common3-32bit-0.6.31-23.1 libavahi-common3-debuginfo-0.6.31-23.1 libavahi-common3-debuginfo-32bit-0.6.31-23.1 libavahi-core7-0.6.31-23.1 libavahi-core7-debuginfo-0.6.31-23.1 libavahi-glib1-0.6.31-23.1 libavahi-glib1-32bit-0.6.31-23.1 libavahi-glib1-debuginfo-0.6.31-23.1 libavahi-glib1-debuginfo-32bit-0.6.31-23.1 libavahi-gobject0-0.6.31-23.1 libavahi-gobject0-debuginfo-0.6.31-23.1 libavahi-ui-gtk3-0-0.6.31-23.1 libavahi-ui-gtk3-0-debuginfo-0.6.31-23.1 libavahi-ui0-0.6.31-23.1 libavahi-ui0-debuginfo-0.6.31-23.1 libdns_sd-0.6.31-23.1 libdns_sd-32bit-0.6.31-23.1 libdns_sd-debuginfo-0.6.31-23.1 libdns_sd-debuginfo-32bit-0.6.31-23.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): avahi-lang-0.6.31-23.1 References: https://bugzilla.suse.com/947140 https://bugzilla.suse.com/948277 From sle-updates at lists.suse.com Tue Dec 29 07:11:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Dec 2015 15:11:23 +0100 (CET) Subject: SUSE-RU-2015:2390-1: moderate: Recommended update for numactl Message-ID: <20151229141123.82A1F3213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for numactl ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2390-1 Rating: moderate References: #955334 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for numactl provides fixes for the following issues: - When numa_node_to_cpu() was called on machines with non-contiguous nodes, it returned the first node which wasn't present. Now the return code is checked and non-existing nodes are skipped until the right one is found. (bsc#955334) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-1028=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-1028=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-1028=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-1028=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1028=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1028=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le x86_64): libnuma-devel-2.0.9-6.1 numactl-debuginfo-2.0.9-6.1 numactl-debugsource-2.0.9-6.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le x86_64): libnuma-devel-2.0.9-6.1 numactl-debuginfo-2.0.9-6.1 numactl-debugsource-2.0.9-6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64): libnuma1-2.0.9-6.1 libnuma1-debuginfo-2.0.9-6.1 numactl-2.0.9-6.1 numactl-debuginfo-2.0.9-6.1 numactl-debugsource-2.0.9-6.1 - SUSE Linux Enterprise Server 12 (ppc64le x86_64): libnuma1-2.0.9-6.1 libnuma1-debuginfo-2.0.9-6.1 numactl-2.0.9-6.1 numactl-debuginfo-2.0.9-6.1 numactl-debugsource-2.0.9-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libnuma1-2.0.9-6.1 libnuma1-debuginfo-2.0.9-6.1 numactl-debuginfo-2.0.9-6.1 numactl-debugsource-2.0.9-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libnuma1-2.0.9-6.1 libnuma1-debuginfo-2.0.9-6.1 numactl-debuginfo-2.0.9-6.1 numactl-debugsource-2.0.9-6.1 References: https://bugzilla.suse.com/955334 From sle-updates at lists.suse.com Tue Dec 29 09:11:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Dec 2015 17:11:48 +0100 (CET) Subject: SUSE-RU-2015:2393-1: moderate: Recommended update for xorg-x11-libs Message-ID: <20151229161148.C69BB3213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-libs ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2393-1 Rating: moderate References: #958383 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-libs fixes the following issues: - The original fix for CVE-2015-1804 prevented DWIDTH to be negative. However, the spec states that "DWIDTH [...] is a vector indicating the position of the next glyph's origin relative to the origin of this glyph". Consequently, negative DWIDTH values should be allowed. (bsc#958383) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-libs-12290=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-xorg-x11-libs-12290=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-xorg-x11-libs-12290=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-libs-12290=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-xorg-x11-libs-12290=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-xorg-x11-libs-12290=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-xorg-x11-libs-12290=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-libs-12290=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-libs-12290=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-devel-7.4-8.26.46.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): xorg-x11-devel-32bit-7.4-8.26.46.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-devel-7.4-8.26.46.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): xorg-x11-devel-32bit-7.4-8.26.46.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): xorg-x11-libs-7.4-8.26.46.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): xorg-x11-libs-32bit-7.4-8.26.46.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-7.4-8.26.46.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): xorg-x11-libs-32bit-7.4-8.26.46.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): xorg-x11-libs-x86-7.4-8.26.46.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-7.4-8.26.46.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): xorg-x11-libs-32bit-7.4-8.26.46.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): xorg-x11-libs-x86-7.4-8.26.46.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): xorg-x11-libs-7.4-8.26.46.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): xorg-x11-libs-32bit-7.4-8.26.46.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): xorg-x11-libs-7.4-8.26.46.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): xorg-x11-libs-32bit-7.4-8.26.46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-debuginfo-7.4-8.26.46.1 xorg-x11-libs-debugsource-7.4-8.26.46.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-libs-debuginfo-7.4-8.26.46.1 xorg-x11-libs-debugsource-7.4-8.26.46.1 References: https://bugzilla.suse.com/958383 From sle-updates at lists.suse.com Tue Dec 29 09:12:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Dec 2015 17:12:19 +0100 (CET) Subject: SUSE-RU-2015:2394-1: moderate: Recommended update for gcimagebundle, google-daemon, google-startup-scripts Message-ID: <20151229161219.161233213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcimagebundle, google-daemon, google-startup-scripts ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2394-1 Rating: moderate References: #921732 #939272 #940190 #956339 #956340 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This collective update for Google's Computing Environment tools provides fixes and enhancements: google-startup-scripts (update to 1.2.10): - Fix for metadata scripts at a redirected URL. - Removed rsyslogd configuration that sends kernel and other messages to console. (bsc#939272) - Check for a connection to the metadata server before startup script retrieval. - Block startup scripts until a connection to the metadata server exists. - Added logging for network connectivity issues. - Added retry logic in startup scripts for metadata requests. - Improved performance on local SSD. - Fix a bug which could cause instances to take 2 minutes to shut down. - Miscellaneous documentation and diagnostic updates. - Ensured that shutdown script feature will run before docker and kubelet. google-daemon (update to 1.2.10): - Improved documentation. - Refactored and improved script that runs on boot. - Preventing the accounts manager from starting if GCUA is installed. - Remove temporary files when move operation fails. - Documentation should point to gcloud compute instead of the deprecated gcutil. - Use /bin/ip instead of /sbin/ip. - Use Google clock sync manager to sync the system clock when a migration occurs. - Reduced SSH key-related console spam. gcimagebundle (update to 1.2.10): - Fixed a bug for storing an image to a Google Storage bucket. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-google-tools-12289=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): gcimagebundle-1.2.10-9.1 - SUSE Linux Enterprise Server 11-PUBCLOUD (noarch): google-daemon-1.2.10-9.1 google-startup-scripts-1.2.10-9.1 References: https://bugzilla.suse.com/921732 https://bugzilla.suse.com/939272 https://bugzilla.suse.com/940190 https://bugzilla.suse.com/956339 https://bugzilla.suse.com/956340 From sle-updates at lists.suse.com Tue Dec 29 12:10:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Dec 2015 20:10:37 +0100 (CET) Subject: SUSE-SU-2015:2053-2: moderate: Security update for xscreensaver Message-ID: <20151229191037.9828A3213E@maintenance.suse.de> SUSE Security Update: Security update for xscreensaver ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2053-2 Rating: moderate References: #952062 Cross-References: CVE-2015-8025 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The xscreensaver package was updated to fix the following security issue: - CVE-2015-8025: Fixed a crash when hot-swapping monitors while locked (bsc#952062). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-870=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-870=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): xscreensaver-5.22-7.1 xscreensaver-data-5.22-7.1 xscreensaver-data-debuginfo-5.22-7.1 xscreensaver-debuginfo-5.22-7.1 xscreensaver-debugsource-5.22-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xscreensaver-5.22-7.1 xscreensaver-data-5.22-7.1 xscreensaver-data-debuginfo-5.22-7.1 xscreensaver-debuginfo-5.22-7.1 xscreensaver-debugsource-5.22-7.1 References: https://www.suse.com/security/cve/CVE-2015-8025.html https://bugzilla.suse.com/952062 From sle-updates at lists.suse.com Tue Dec 29 12:11:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Dec 2015 20:11:54 +0100 (CET) Subject: SUSE-RU-2015:1975-2: Recommended update for cmake Message-ID: <20151229191154.CBBB13213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for cmake ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1975-2 Rating: low References: #953842 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cmake adds python-base as a dependency. cmake.prov is written in Python and even if RPM's AutoReqProv added a requirement for /usr/bin/python, it is not enough in some circumstances. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-830=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-830=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cmake-2.8.12.1-13.1 cmake-debuginfo-2.8.12.1-13.1 cmake-debugsource-2.8.12.1-13.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): cmake-2.8.12.1-13.1 cmake-debuginfo-2.8.12.1-13.1 cmake-debugsource-2.8.12.1-13.1 References: https://bugzilla.suse.com/953842 From sle-updates at lists.suse.com Wed Dec 30 04:10:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Dec 2015 12:10:44 +0100 (CET) Subject: SUSE-SU-2015:2399-1: important: Security update for grub2 Message-ID: <20151230111044.58CBD320DF@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2399-1 Rating: important References: #928131 #943380 #946148 #952539 #956631 Cross-References: CVE-2015-8370 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for grub2 provides the following fixes and enhancements: Security issue fixed: - Fix buffer overflows when reading username and password. (bsc#956631, CVE-2015-8370) Non security issues fixed: - Expand list of grub.cfg search path in PV Xen guests for systems installed on btrfs snapshots. (bsc#946148, bsc#952539) - Add --image switch to force zipl update to specific kernel. (bsc#928131) - Do not use shim lock protocol for reading PE header as it won't be available when secure boot is disabled. (bsc#943380) - Make firmware flaw condition be more precisely detected and add debug message for the case. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-1032=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1032=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): grub2-2.02~beta2-56.9.4 grub2-debuginfo-2.02~beta2-56.9.4 - SUSE Linux Enterprise Server 12 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-56.9.4 - SUSE Linux Enterprise Server 12 (x86_64): grub2-i386-pc-2.02~beta2-56.9.4 grub2-x86_64-efi-2.02~beta2-56.9.4 grub2-x86_64-xen-2.02~beta2-56.9.4 - SUSE Linux Enterprise Server 12 (noarch): grub2-snapper-plugin-2.02~beta2-56.9.4 - SUSE Linux Enterprise Server 12 (s390x): grub2-debugsource-2.02~beta2-56.9.4 grub2-s390x-emu-2.02~beta2-56.9.4 - SUSE Linux Enterprise Desktop 12 (x86_64): grub2-2.02~beta2-56.9.4 grub2-debuginfo-2.02~beta2-56.9.4 grub2-i386-pc-2.02~beta2-56.9.4 grub2-x86_64-efi-2.02~beta2-56.9.4 grub2-x86_64-xen-2.02~beta2-56.9.4 - SUSE Linux Enterprise Desktop 12 (noarch): grub2-snapper-plugin-2.02~beta2-56.9.4 References: https://www.suse.com/security/cve/CVE-2015-8370.html https://bugzilla.suse.com/928131 https://bugzilla.suse.com/943380 https://bugzilla.suse.com/946148 https://bugzilla.suse.com/952539 https://bugzilla.suse.com/956631 From sle-updates at lists.suse.com Wed Dec 30 06:11:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Dec 2015 14:11:07 +0100 (CET) Subject: SUSE-RU-2015:2052-2: Recommended update for libseccomp Message-ID: <20151230131107.1B165320DF@maintenance.suse.de> SUSE Recommended Update: Recommended update for libseccomp ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2052-2 Rating: low References: #932372 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libseccomp adjusts the pkgconfig reported version from 2.1.0 to the correct 2.1.1. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-867=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-867=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-867=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libseccomp-debugsource-2.1.1-5.1 libseccomp-devel-2.1.1-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libseccomp-debugsource-2.1.1-5.1 libseccomp2-2.1.1-5.1 libseccomp2-debuginfo-2.1.1-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libseccomp-debugsource-2.1.1-5.1 libseccomp2-2.1.1-5.1 libseccomp2-debuginfo-2.1.1-5.1 References: https://bugzilla.suse.com/932372 From sle-updates at lists.suse.com Wed Dec 30 09:12:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Dec 2015 17:12:31 +0100 (CET) Subject: SUSE-SU-2015:2088-2: moderate: Security update for LibVNCServer Message-ID: <20151230161231.86FE8320DF@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2088-2 Rating: moderate References: #854151 #897031 Cross-References: CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: The LibVNCServer package was updated to fix the following security issues: - bsc#897031: fix several security issues: * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side. * CVE-2014-6052: Lack of malloc() return value checking on client side. * CVE-2014-6053: Server crash on a very large ClientCutText message. * CVE-2014-6054: Server crash when scaling factor is set to zero. * CVE-2014-6055: Multiple stack overflows in File Transfer feature. - bsc#854151: Restrict the SSL cipher suite. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-890=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-890=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-16.1 LibVNCServer-devel-0.9.9-16.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-16.1 libvncclient0-0.9.9-16.1 libvncclient0-debuginfo-0.9.9-16.1 libvncserver0-0.9.9-16.1 libvncserver0-debuginfo-0.9.9-16.1 References: https://www.suse.com/security/cve/CVE-2014-6051.html https://www.suse.com/security/cve/CVE-2014-6052.html https://www.suse.com/security/cve/CVE-2014-6053.html https://www.suse.com/security/cve/CVE-2014-6054.html https://www.suse.com/security/cve/CVE-2014-6055.html https://bugzilla.suse.com/854151 https://bugzilla.suse.com/897031 From sle-updates at lists.suse.com Wed Dec 30 09:13:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Dec 2015 17:13:08 +0100 (CET) Subject: SUSE-SU-2015:2401-1: important: Security update for flash-player Message-ID: <20151230161308.47EB93213C@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2401-1 Rating: important References: #960317 Cross-References: CVE-2015-8459 CVE-2015-8460 CVE-2015-8634 CVE-2015-8635 CVE-2015-8636 CVE-2015-8638 CVE-2015-8639 CVE-2015-8640 CVE-2015-8641 CVE-2015-8642 CVE-2015-8643 CVE-2015-8644 CVE-2015-8645 CVE-2015-8646 CVE-2015-8647 CVE-2015-8648 CVE-2015-8649 CVE-2015-8650 CVE-2015-8651 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - CVE-2015-8644: Type confusion vulnerability that could lead to code execution . - CVE-2015-8651: Integer overflow vulnerability that could lead to code execution. - CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650: Use-after-free vulnerabilities that could lead to code execution. - CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory corruption vulnerabilities that could lead to code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2015-1033=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-1033=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1033=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-1033=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.559-117.1 flash-player-gnome-11.2.202.559-117.1 References: https://www.suse.com/security/cve/CVE-2015-8459.html https://www.suse.com/security/cve/CVE-2015-8460.html https://www.suse.com/security/cve/CVE-2015-8634.html https://www.suse.com/security/cve/CVE-2015-8635.html https://www.suse.com/security/cve/CVE-2015-8636.html https://www.suse.com/security/cve/CVE-2015-8638.html https://www.suse.com/security/cve/CVE-2015-8639.html https://www.suse.com/security/cve/CVE-2015-8640.html https://www.suse.com/security/cve/CVE-2015-8641.html https://www.suse.com/security/cve/CVE-2015-8642.html https://www.suse.com/security/cve/CVE-2015-8643.html https://www.suse.com/security/cve/CVE-2015-8644.html https://www.suse.com/security/cve/CVE-2015-8645.html https://www.suse.com/security/cve/CVE-2015-8646.html https://www.suse.com/security/cve/CVE-2015-8647.html https://www.suse.com/security/cve/CVE-2015-8648.html https://www.suse.com/security/cve/CVE-2015-8649.html https://www.suse.com/security/cve/CVE-2015-8650.html https://www.suse.com/security/cve/CVE-2015-8651.html https://bugzilla.suse.com/960317 From sle-updates at lists.suse.com Wed Dec 30 09:13:26 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Dec 2015 17:13:26 +0100 (CET) Subject: SUSE-SU-2015:2402-1: important: Security update for flash-player Message-ID: <20151230161326.9D0BD3213C@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:2402-1 Rating: important References: #960317 Cross-References: CVE-2015-8459 CVE-2015-8460 CVE-2015-8634 CVE-2015-8635 CVE-2015-8636 CVE-2015-8638 CVE-2015-8639 CVE-2015-8640 CVE-2015-8641 CVE-2015-8642 CVE-2015-8643 CVE-2015-8644 CVE-2015-8645 CVE-2015-8646 CVE-2015-8647 CVE-2015-8648 CVE-2015-8649 CVE-2015-8650 CVE-2015-8651 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - CVE-2015-8644: Type confusion vulnerability that could lead to code execution. - CVE-2015-8651: Integer overflow vulnerability that could lead to code execution. - CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650: Use-after-free vulnerabilities that could lead to code execution. - CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645: Memory corruption vulnerabilities that could lead to code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12291=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-12291=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.559-0.32.1 flash-player-gnome-11.2.202.559-0.32.1 flash-player-kde4-11.2.202.559-0.32.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.559-0.32.1 flash-player-gnome-11.2.202.559-0.32.1 flash-player-kde4-11.2.202.559-0.32.1 References: https://www.suse.com/security/cve/CVE-2015-8459.html https://www.suse.com/security/cve/CVE-2015-8460.html https://www.suse.com/security/cve/CVE-2015-8634.html https://www.suse.com/security/cve/CVE-2015-8635.html https://www.suse.com/security/cve/CVE-2015-8636.html https://www.suse.com/security/cve/CVE-2015-8638.html https://www.suse.com/security/cve/CVE-2015-8639.html https://www.suse.com/security/cve/CVE-2015-8640.html https://www.suse.com/security/cve/CVE-2015-8641.html https://www.suse.com/security/cve/CVE-2015-8642.html https://www.suse.com/security/cve/CVE-2015-8643.html https://www.suse.com/security/cve/CVE-2015-8644.html https://www.suse.com/security/cve/CVE-2015-8645.html https://www.suse.com/security/cve/CVE-2015-8646.html https://www.suse.com/security/cve/CVE-2015-8647.html https://www.suse.com/security/cve/CVE-2015-8648.html https://www.suse.com/security/cve/CVE-2015-8649.html https://www.suse.com/security/cve/CVE-2015-8650.html https://www.suse.com/security/cve/CVE-2015-8651.html https://bugzilla.suse.com/960317 From sle-updates at lists.suse.com Wed Dec 30 13:10:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Dec 2015 21:10:22 +0100 (CET) Subject: SUSE-RU-2015:2404-1: moderate: Recommended update for aws-cli, python-botocore Message-ID: <20151230201022.B77DF3213C@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-cli, python-botocore ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:2404-1 Rating: moderate References: #958686 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This latest release of the aws-cli - version 1.9.12 - includes several new features, enhancements and bug fixes. - aws config and ec2: Added support for EC2 dedicated hosts. - aws autoscaling: Added support for protecting instances from scale-in events. - aws rds: Added support for Aurora encryption at rest. - aws rds: Added support for specifying port number. - aws ds: Added support for Microsoft ActiveDirctory. - aws route53 Added support for TrafficFlow, a new management and modeling layer for Route53. - aws s3: Added support for custom metadata in cp, mv, and sync. - aws s3api: Added support for the aws-exec-read canned ACL on objects. - aws ecs: Added support for task stopped reasons and task start and stop times. - timeouts: Added additional options for configuring socket timeouts. - timeouts: Added --cli-read-timeout to specify the number of seconds until a read times out. - aws s3: Added support for Server-Side Encryption with KMS and Server-Side Encryption with Customer-Provided Keys. - devicefarm: Add commands for updating and deleting projects, device pools, uploads, and runs. - aws iam: Add support for resource-level policy simulation. - aws ssm: Add support for Amazon EC2 Run Command. - aws apigateway: Add support for Amazon API Gateway. - aws iam: Add policy simulator support. - aws autoscaling: Add support for launch configurations that include encrypted Amazon Elastic Block Store (EBS) volumes. - configure: Add support for ca_bundle configuration variable. - aws deploy: Compress zip files when using aws deploy push. - aws s3/s3api: Add support for changing the bucket addressing style. - aws kms: Add ability to delete customer master keys (CMKs). For a comprehensive list of bugs fixed by this update, please refer to the package's change log. As part of this update, the Python module "botocore", a dependency of aws-cli, has been updated to version 1.3.12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-1035=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): aws-cli-1.9.12-13.1 python-botocore-1.3.12-13.1 References: https://bugzilla.suse.com/958686