From sle-updates at lists.suse.com Mon Feb 2 02:05:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Feb 2015 10:05:19 +0100 (CET) Subject: SUSE-SU-2015:0188-1: moderate: Security update for clamav Message-ID: <20150202090519.72C8D32369@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0188-1 Rating: moderate References: #903489 #903719 #904207 #906077 #906770 #908731 #914505 Cross-References: CVE-2013-6497 CVE-2014-9050 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has 5 fixes is now available. Description: Clamav was updated to version 0.98.5: * Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files. * Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. * Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs. * Resolution of many of the warning messages from ClamAV compilation. * Improved detection of malicious PE files (bnc#906770, CVE-2014-9050) * Security fix for ClamAV crash when using 'clamscan -a'. * Security fix for ClamAV crash when scanning maliciously crafted yoda's crypter files (bnc#906077, CVE-2013-6497). * ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207). * Fix server socket setup code in clamd (bnc#903489). - Change updateclamconf to prefer the state of the old config file even for commented-out options (bnc#903719) (bnc#908731). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-49 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-49 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): clamav-0.98.5-6.1 clamav-debuginfo-0.98.5-6.1 clamav-debugsource-0.98.5-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): clamav-0.98.5-6.1 clamav-debuginfo-0.98.5-6.1 clamav-debugsource-0.98.5-6.1 References: http://support.novell.com/security/cve/CVE-2013-6497.html http://support.novell.com/security/cve/CVE-2014-9050.html https://bugzilla.suse.com/show_bug.cgi?id=903489 https://bugzilla.suse.com/show_bug.cgi?id=903719 https://bugzilla.suse.com/show_bug.cgi?id=904207 https://bugzilla.suse.com/show_bug.cgi?id=906077 https://bugzilla.suse.com/show_bug.cgi?id=906770 https://bugzilla.suse.com/show_bug.cgi?id=908731 https://bugzilla.suse.com/show_bug.cgi?id=914505 From sle-updates at lists.suse.com Mon Feb 2 09:04:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Feb 2015 17:04:48 +0100 (CET) Subject: SUSE-RU-2015:0197-1: moderate: Recommended update for ca-certificates-mozilla Message-ID: <20150202160448.13D6832367@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0197-1 Rating: moderate References: #888534 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The system root SSL certificates were updated to match Mozilla NSS 2.2. Some removed/disabled 1024 bit certificates were temporarily reenabled/readded, as openssl and gnutls have a different handling of intermediates than mozilla nss and would otherwise not recognize SSL certificates from commonly used sites like Amazon. Updated to 2.2 (bnc#888534) - The following CAs were added: + COMODO_RSA_Certification_Authority codeSigning emailProtection serverAuth + GlobalSign_ECC_Root_CA_-_R4 codeSigning emailProtection serverAuth + GlobalSign_ECC_Root_CA_-_R5 codeSigning emailProtection serverAuth + USERTrust_ECC_Certification_Authority codeSigning emailProtection serverAuth + USERTrust_RSA_Certification_Authority codeSigning emailProtection serverAuth + VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal - The following CAs were changed: + Equifax_Secure_eBusiness_CA_1 remote code signing and https trust, leave email trust + Verisign_Class_3_Public_Primary_Certification_Authority_-_G2 only trust emailProtection - Updated to 2.1 (bnc#888534) - The following 1024-bit CA certificates were removed - Entrust.net Secure Server Certification Authority - ValiCert Class 1 Policy Validation Authority - ValiCert Class 2 Policy Validation Authority - ValiCert Class 3 Policy Validation Authority - TDC Internet Root CA - The following CA certificates were added: - Certification Authority of WoSign - CA ??????????????? - DigiCert Assured ID Root G2 - DigiCert Assured ID Root G3 - DigiCert Global Root G2 - DigiCert Global Root G3 - DigiCert Trusted Root G4 - QuoVadis Root CA 1 G3 - QuoVadis Root CA 2 G3 - QuoVadis Root CA 3 G3 - The Trust Bits were changed for the following CA certificates - Class 3 Public Primary Certification Authority - Class 3 Public Primary Certification Authority - Class 2 Public Primary Certification Authority - G2 - VeriSign Class 2 Public Primary Certification Authority - G3 - AC Ra??z Certic??mara S.A. - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado Temporary reenable some root ca trusts, as openssl/gnutls have trouble using intermediates as root CA. - GTE CyberTrust Global Root - Thawte Server CA - Thawte Premium Server CA - ValiCert Class 1 VA - ValiCert Class 2 VA - RSA Root Certificate 1 - Entrust.net Secure Server CA - America Online Root Certification Authority 1 - America Online Root Certification Authority 2 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-50 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-50 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): ca-certificates-mozilla-2.2-7.1 - SUSE Linux Enterprise Desktop 12 (noarch): ca-certificates-mozilla-2.2-7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=888534 From sle-updates at lists.suse.com Mon Feb 2 11:04:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Feb 2015 19:04:48 +0100 (CET) Subject: SUSE-RU-2015:0198-1: moderate: Recommended update for SAPHanaSR Message-ID: <20150202180448.5409F32367@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0198-1 Rating: moderate References: #882474 #902241 #902244 #908861 Affected Products: SLES for SAP Applications ______________________________________________________________________________ An update that has four recommended fixes can now be installed. It includes one version update. Description: This update for SAPHanaSR provides the following fixes: * SAPHana should be tolerant to an additional secondary. (bsc#908861) * Fix issue when hdbnsutil does not return correctly or does report incomplete output. (bsc#902244) * Fix cold bootstrap failure in SAPHanaSR. (bsc#902241) * SAPHanaTopology could now handle broken saphostexec. (bsc#882474) * Update Setup-Guide. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SLES for SAP Applications: zypper in -t patch slesappsp3-SAPHanaSR-10162 To bring your system up-to-date, use "zypper patch". Package List: - SLES for SAP Applications (noarch) [New Version: 0.149]: SAPHanaSR-0.149-0.8.1 SAPHanaSR-doc-0.149-0.8.1 References: https://bugzilla.suse.com/show_bug.cgi?id=882474 https://bugzilla.suse.com/show_bug.cgi?id=902241 https://bugzilla.suse.com/show_bug.cgi?id=902244 https://bugzilla.suse.com/show_bug.cgi?id=908861 http://download.suse.com/patch/finder/?keywords=d913e46bcc622249c2f0f3d5b557a869 From sle-updates at lists.suse.com Tue Feb 3 10:04:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Feb 2015 18:04:50 +0100 (CET) Subject: SUSE-RU-2015:0204-1: moderate: Recommended update for openssh Message-ID: <20150203170450.F244232367@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0204-1 Rating: moderate References: #855676 #856316 #912436 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update adjusts various parts of openssh (paramaters and available cipher lists) in regards to FIPS certification. Adjustments done: - Some Key exchange modifications were done for FIPS, removing algorithms no longer allowed in FIPS mode. - Only use Diffie Hellmann groups with 2048 bits or more in FIPS mode. - Allow "stat" call in seccomp sandbox due to reseeding changes in openssl. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-51 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-51 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openssh-6.6p1-14.1 openssh-askpass-gnome-6.6p1-14.1 openssh-askpass-gnome-debuginfo-6.6p1-14.1 openssh-debuginfo-6.6p1-14.1 openssh-debugsource-6.6p1-14.1 openssh-fips-6.6p1-14.1 openssh-helpers-6.6p1-14.1 openssh-helpers-debuginfo-6.6p1-14.1 - SUSE Linux Enterprise Desktop 12 (x86_64): openssh-6.6p1-14.1 openssh-askpass-gnome-6.6p1-14.1 openssh-askpass-gnome-debuginfo-6.6p1-14.1 openssh-debuginfo-6.6p1-14.1 openssh-debugsource-6.6p1-14.1 openssh-helpers-6.6p1-14.1 openssh-helpers-debuginfo-6.6p1-14.1 References: https://bugzilla.suse.com/show_bug.cgi?id=855676 https://bugzilla.suse.com/show_bug.cgi?id=856316 https://bugzilla.suse.com/show_bug.cgi?id=912436 From sle-updates at lists.suse.com Tue Feb 3 10:08:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Feb 2015 18:08:56 +0100 (CET) Subject: SUSE-SU-2015:0205-1: moderate: Security update for openssl Message-ID: <20150203170856.5C6B732367@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0205-1 Rating: moderate References: #855676 #895129 #901902 #906878 #908362 #908372 #912014 #912015 #912018 #912292 #912293 #912294 #912296 Cross-References: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 6 fixes is now available. Description: OpenSSL was updated to fix security issues and also provide FIPS compliance. Security issues fixed: CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. CVE-2014-3571: Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3572: No longer accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. CVE-2014-8275: Fixed various certificate fingerprint issues. CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites. CVE-2015-0205: Fix to prevent use of DH client certificates without sending certificate verify message. CVE-2015-0206: A memory leak could have occured in dtls1_buffer_record. Bugfixes: - Do not advertise curves we don't support (bsc#906878) FIPS changes: - Make RSA2 key generation FIPS 186-4 compliant (bsc#901902) - X9.31 rand method is not allowed in FIPS mode. - Do not allow dynamic ENGINEs loading in FIPS mode. - Added a locking hack which prevents hangs in FIPS mode (bsc#895129) - In non-FIPS RSA key generation, mirror the maximum and minimum limiters from FIPS rsa generation to meet Common Criteria and BSI TR requirements on minimum and maximum distances between p and q. (bsc#908362) - Do constant reseeding from /dev/urandom; for every random byte pulled, seed with one byte from /dev/urandom, also change RAND_poll to pull the full state size of the SSLEAY DRBG to fulfil Common Criteria requirements. (bsc#908372) FIPS mode can be enabled by either using the environment variable OPENSSL_FORCE_FIPS_MODE=1 or supplying the "fips=1" parameter on the kernel boot commandline. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-52 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-52 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-52 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libopenssl-devel-1.0.1i-17.1 openssl-debuginfo-1.0.1i-17.1 openssl-debugsource-1.0.1i-17.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-17.1 libopenssl1_0_0-debuginfo-1.0.1i-17.1 libopenssl1_0_0-hmac-1.0.1i-17.1 openssl-1.0.1i-17.1 openssl-debuginfo-1.0.1i-17.1 openssl-debugsource-1.0.1i-17.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-17.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-17.1 libopenssl1_0_0-hmac-32bit-1.0.1i-17.1 - SUSE Linux Enterprise Server 12 (noarch): openssl-doc-1.0.1i-17.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libopenssl1_0_0-1.0.1i-17.1 libopenssl1_0_0-32bit-1.0.1i-17.1 libopenssl1_0_0-debuginfo-1.0.1i-17.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-17.1 openssl-1.0.1i-17.1 openssl-debuginfo-1.0.1i-17.1 openssl-debugsource-1.0.1i-17.1 References: http://support.novell.com/security/cve/CVE-2014-3570.html http://support.novell.com/security/cve/CVE-2014-3571.html http://support.novell.com/security/cve/CVE-2014-3572.html http://support.novell.com/security/cve/CVE-2014-8275.html http://support.novell.com/security/cve/CVE-2015-0204.html http://support.novell.com/security/cve/CVE-2015-0205.html http://support.novell.com/security/cve/CVE-2015-0206.html https://bugzilla.suse.com/show_bug.cgi?id=855676 https://bugzilla.suse.com/show_bug.cgi?id=895129 https://bugzilla.suse.com/show_bug.cgi?id=901902 https://bugzilla.suse.com/show_bug.cgi?id=906878 https://bugzilla.suse.com/show_bug.cgi?id=908362 https://bugzilla.suse.com/show_bug.cgi?id=908372 https://bugzilla.suse.com/show_bug.cgi?id=912014 https://bugzilla.suse.com/show_bug.cgi?id=912015 https://bugzilla.suse.com/show_bug.cgi?id=912018 https://bugzilla.suse.com/show_bug.cgi?id=912292 https://bugzilla.suse.com/show_bug.cgi?id=912293 https://bugzilla.suse.com/show_bug.cgi?id=912294 https://bugzilla.suse.com/show_bug.cgi?id=912296 From sle-updates at lists.suse.com Tue Feb 3 11:04:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Feb 2015 19:04:48 +0100 (CET) Subject: SUSE-RU-2015:0206-1: Recommended update for crowbar-barclamp-crowbar, crowbar-barclamp-hyperv and crowbar-barclamp-provisioner Message-ID: <20150203180448.7756532367@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-crowbar, crowbar-barclamp-hyperv and crowbar-barclamp-provisioner ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0206-1 Rating: low References: #840056 #866797 #867087 #885223 #886238 #888497 #888516 #895824 #897815 #897996 #901314 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for crowbar-barclamp-crowbar, crowbar-barclamp-hyperv and crowbar-barclamp-provisioner provides stability fixes from the upstream OpenStack project: * crowbar-barclamp-crowbar: o Redirect to raw after raw editing (bnc#885223) o Fix crash on node view o Remove "Successfully created proposal" flash o Add support for Windows Server 2012 R2 (bnc#867087) o Change recovering and reinstall states to match the unready status o Also change reboot state to match the unready status to get the spinner o Fix crash on node view o Do not write port config for apache twice (bnc#897996) o make crowbar machines aliases also output node name o allow a node's alias to be unset * crowbar-barclamp-hyperv: o Setting Nova, Neutron and Msiscsi services to automatic (bnc#888497) o fix iscsi attach issues (bnc#901314) o Fix Python install o Update adk-tools to version master: o Filter out invalid DHCP servers when detecting crowbar admin server (bnc#866797) o Fix lookup of rabbitmq server o Use num_vlans attribute from neutron proposal instead of hard-coded 2000 o Set tenant_network_type and network_vlan_ranges in neutron conf file * crowbar-barclamp-provisioner: o Tighten check for HAE repos o handle multiple NTP servers (bnc#895824) o crowbar_join waiting for all NTP servers (bnc#895824) o Hard-code hostnames in each autoyast file o Set hostname in autoyast network config o Bugfix: hostname: Host name lookup failure (bnc#886238) o Sort the repos in the autoyast files o Add support for Windows Server 2012 R2 o Share Windows files among Windows version o Make it possible to use several versions of Windows at the same time o Fix typos in comment o Do not require patch in adk-tools and create symlinks o Create windows common directory/files before version-specific files o fix bash/zsh prompt o Fix alias being nil corner case o Integrated customizable bash prompt o crowbar_join: Disable chef reporting Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-barclamps-hyperv-provisioner-201501-10139 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-crowbar-1.8+git.1418996991.d3cb82f-0.7.2 crowbar-barclamp-hyperv-1.8+git.1418055362.de79db7-0.7.2 crowbar-barclamp-hyperv-data-1.8+git.1418055362.de79db7-0.7.2 crowbar-barclamp-provisioner-1.8+git.1415630413.6cb61b2-0.7.13 References: https://bugzilla.suse.com/show_bug.cgi?id=840056 https://bugzilla.suse.com/show_bug.cgi?id=866797 https://bugzilla.suse.com/show_bug.cgi?id=867087 https://bugzilla.suse.com/show_bug.cgi?id=885223 https://bugzilla.suse.com/show_bug.cgi?id=886238 https://bugzilla.suse.com/show_bug.cgi?id=888497 https://bugzilla.suse.com/show_bug.cgi?id=888516 https://bugzilla.suse.com/show_bug.cgi?id=895824 https://bugzilla.suse.com/show_bug.cgi?id=897815 https://bugzilla.suse.com/show_bug.cgi?id=897996 https://bugzilla.suse.com/show_bug.cgi?id=901314 http://download.suse.com/patch/finder/?keywords=10e64dea171d9ed6f5f01ee65f201462 From sle-updates at lists.suse.com Tue Feb 3 11:06:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Feb 2015 19:06:50 +0100 (CET) Subject: SUSE-SU-2015:0207-1: moderate: Security update for libjasper Message-ID: <20150203180650.3E8C532369@maintenance.suse.de> SUSE Security Update: Security update for libjasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0207-1 Rating: moderate References: #906364 Cross-References: CVE-2014-9029 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libjasper fixes multiple off-by-one errors which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow triggered by a crafted jp2 (JPEG 2000) file. (bsc#906364, CVE-2014-9029) Security Issues: * CVE-2014-9029 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libjasper-10072 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libjasper-10072 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libjasper-10072 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libjasper-1.900.1-134.13.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libjasper-32bit-1.900.1-134.13.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libjasper-1.900.1-134.13.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libjasper-32bit-1.900.1-134.13.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libjasper-x86-1.900.1-134.13.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libjasper-1.900.1-134.13.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libjasper-32bit-1.900.1-134.13.1 References: http://support.novell.com/security/cve/CVE-2014-9029.html https://bugzilla.suse.com/show_bug.cgi?id=906364 http://download.suse.com/patch/finder/?keywords=484258c98edb7e8ca52664afed121f81 From sle-updates at lists.suse.com Wed Feb 4 03:04:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Feb 2015 11:04:49 +0100 (CET) Subject: SUSE-SU-2015:0208-1: moderate: Security update for mpfr Message-ID: <20150204100449.BA46A32367@maintenance.suse.de> SUSE Security Update: Security update for mpfr ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0208-1 Rating: moderate References: #911812 Cross-References: CVE-2014-9474 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: - CVE-2014-9474: possible buffer overflow in mpfr_strtofr (bnc#911812) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-53 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-53 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-53 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): mpfr-debugsource-3.1.2-7.1 mpfr-devel-3.1.2-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libmpfr4-3.1.2-7.1 libmpfr4-debuginfo-3.1.2-7.1 mpfr-debugsource-3.1.2-7.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libmpfr4-32bit-3.1.2-7.1 libmpfr4-debuginfo-32bit-3.1.2-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libmpfr4-3.1.2-7.1 libmpfr4-debuginfo-3.1.2-7.1 mpfr-debugsource-3.1.2-7.1 References: http://support.novell.com/security/cve/CVE-2014-9474.html https://bugzilla.suse.com/show_bug.cgi?id=911812 From sle-updates at lists.suse.com Wed Feb 4 17:04:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Feb 2015 01:04:43 +0100 (CET) Subject: SUSE-SU-2015:0219-1: Security update for libmpfr Message-ID: <20150205000443.04B9032365@maintenance.suse.de> SUSE Security Update: Security update for libmpfr ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0219-1 Rating: low References: #911812 Cross-References: CVE-2014-9474 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libmpfr fixes a buffer overflow in mpfr_strtofr. (CVE-2014-9474) Security Issues: * CVE-2014-9474 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libmpfr1-10212 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libmpfr1-10212 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libmpfr1-10212 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libmpfr1-10212 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): mpfr-devel-2.3.2-3.118.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): mpfr-devel-32bit-2.3.2-3.118.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): libmpfr1-32bit-2.3.2-3.118.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libmpfr1-2.3.2-3.118.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libmpfr1-32bit-2.3.2-3.118.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libmpfr1-2.3.2-3.118.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libmpfr1-32bit-2.3.2-3.118.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libmpfr1-x86-2.3.2-3.118.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libmpfr1-2.3.2-3.118.1 References: http://support.novell.com/security/cve/CVE-2014-9474.html https://bugzilla.suse.com/show_bug.cgi?id=911812 http://download.suse.com/patch/finder/?keywords=b3636c02e7dfd8e676a5d86b23f1daff From sle-updates at lists.suse.com Wed Feb 4 17:08:05 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Feb 2015 01:08:05 +0100 (CET) Subject: SUSE-RU-2015:0220-1: Recommended update for crowbar-barclamp-cinder Message-ID: <20150205000805.0C5EA3235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-cinder ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0220-1 Rating: low References: #909490 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crowbar-barclamp-cinder provides the following stability fix from the upstream OpenStack project: * Add support for setting default_availability_zone (bnc#909490) Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-cinder-10177 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-cinder-1.8+git.1418990279.addefd9-0.7.3 References: https://bugzilla.suse.com/show_bug.cgi?id=909490 https://bugzilla.suse.com/show_bug.cgi?id=913692 http://download.suse.com/patch/finder/?keywords=981eda92265ab9df9088be8d9f408cd5 From sle-updates at lists.suse.com Wed Feb 4 17:08:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Feb 2015 01:08:31 +0100 (CET) Subject: SUSE-SU-2015:0221-1: Security update for python-keystoneclient Message-ID: <20150205000831.0B06E32365@maintenance.suse.de> SUSE Security Update: Security update for python-keystoneclient ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0221-1 Rating: low References: #897103 #913692 Cross-References: CVE-2014-7144 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python-keystoneclient provides the following security-fix: * Fix the condition expression for ssl_insecure (bnc#897103, CVE-2014-7144) Security Issues: * CVE-2014-7144 Contraindications: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-python-keystoneclient-10190 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): python-keystoneclient-0.9.0-0.11.1 python-keystoneclient-doc-0.9.0-0.11.1 References: http://support.novell.com/security/cve/CVE-2014-7144.html https://bugzilla.suse.com/show_bug.cgi?id=897103 https://bugzilla.suse.com/show_bug.cgi?id=913692 http://download.suse.com/patch/finder/?keywords=f6d7f2b6ee52b6bd7eca74287f9f0b01 From sle-updates at lists.suse.com Thu Feb 5 06:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Feb 2015 14:04:54 +0100 (CET) Subject: SUSE-RU-2015:0222-1: moderate: Recommended update for dhcp Message-ID: <20150205130454.5EB5432365@maintenance.suse.de> SUSE Recommended Update: Recommended update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0222-1 Rating: moderate References: #872609 #890731 #891655 #909189 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This collective update for dhcp provides the following fixes and enhancements: - Applied an upstream patch by Thomas Markwalder adding missed mapping of SHA TSIG algorithm names to their constants to enable hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512 authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947). - Decline IPv6 addresses on Duplicate Address Detection failure and stop client message exchanges on reached MRD rather than at some point after it. Applied Fedora patches by Jiri Popelka and added DAD reporting via exit 3 to the dhclient-script and a fix to use correct address variables in the DEPREF6 action (bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238). - Applied backport patch by William Preston avoiding to bind ddns socket in the server when ddns-update-style is none (bsc#891655). - Added missed service_add_pre macro calls for dhcrelay services. - Applied fix by Jiri Slaby to not crash in interface discovery when the interface address is NULL, which has been introduced by the infiniband support patch (bnc#909189). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015=54 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015=54 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015=54 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): dhcp-debuginfo-4.2.6-12.2 dhcp-debugsource-4.2.6-12.2 dhcp-devel-4.2.6-12.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): dhcp-4.2.6-12.2 dhcp-client-4.2.6-12.2 dhcp-client-debuginfo-4.2.6-12.2 dhcp-debuginfo-4.2.6-12.2 dhcp-debugsource-4.2.6-12.2 dhcp-relay-4.2.6-12.2 dhcp-relay-debuginfo-4.2.6-12.2 dhcp-server-4.2.6-12.2 dhcp-server-debuginfo-4.2.6-12.2 - SUSE Linux Enterprise Desktop 12 (x86_64): dhcp-4.2.6-12.2 dhcp-client-4.2.6-12.2 dhcp-client-debuginfo-4.2.6-12.2 dhcp-debuginfo-4.2.6-12.2 dhcp-debugsource-4.2.6-12.2 References: https://bugzilla.suse.com/show_bug.cgi?id=872609 https://bugzilla.suse.com/show_bug.cgi?id=890731 https://bugzilla.suse.com/show_bug.cgi?id=891655 https://bugzilla.suse.com/show_bug.cgi?id=909189 From sle-updates at lists.suse.com Thu Feb 5 11:04:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Feb 2015 19:04:44 +0100 (CET) Subject: SUSE-RU-2015:0223-1: moderate: Recommended update for lvm2 and clvm Message-ID: <20150205180444.8D6F532365@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 and clvm ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0223-1 Rating: moderate References: #830844 #835230 #872564 #884955 #892319 #901091 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This collective update for lvm2 and clvm provides the following fixes: * In setup-lvm2.sh, resolve symlinks returned by vgs -o pv_name. (bsc#884955) * Avoid temporary devices created by pvmove which could cause buffer I/O errors when accessed through blkid. (bsc#901091) * Modify lvm.conf by adding comments for cache_dir and obtain_device_list_from_udev. (bsc#830844) * Remove dependency on pgrep from lvm_wait_merge_snapshot. (bsc#835230) * Enable 'retry' deactivation also in 'cleanup' phase. (bsc#892319) * Increase clvmd thread stacksize from 128K to 192K, preventing segmentation faults in PPC64. (bsc#872564) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-lvm-clvm-201501=10154 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-lvm-clvm-201501=10154 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-lvm-clvm-201501=10154 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-lvm-clvm-201501=10154 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): lvm2-2.02.98-0.31.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): lvm2-2.02.98-0.31.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): lvm2-clvm-2.02.98-0.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): lvm2-2.02.98-0.31.1 References: https://bugzilla.suse.com/show_bug.cgi?id=830844 https://bugzilla.suse.com/show_bug.cgi?id=835230 https://bugzilla.suse.com/show_bug.cgi?id=872564 https://bugzilla.suse.com/show_bug.cgi?id=884955 https://bugzilla.suse.com/show_bug.cgi?id=892319 https://bugzilla.suse.com/show_bug.cgi?id=901091 http://download.suse.com/patch/finder/?keywords=33e224cb794f16202f79398a79a1a24b From sle-updates at lists.suse.com Thu Feb 5 13:04:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Feb 2015 21:04:44 +0100 (CET) Subject: SUSE-YU-2015:0224-1: moderate: Recommended update for libzypp and zypper Message-ID: <20150205200444.D2CEE32366@maintenance.suse.de> SUSE YOU Update: Recommended update for libzypp and zypper ______________________________________________________________________________ Announcement ID: SUSE-YU-2015:0224-1 Rating: moderate References: #892431 #901590 #904737 #906549 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has four YOU fixes can now be installed. It includes two new package versions. Description: This update for the Software Update Stack provides the following fixes and enhancements: libzypp: * Call rpm with '--noglob'. (bsc#892431) * Fix MediaCurl's URL path concatenation. (bnc#901590) zypper: * Properly reset auto-retry counter. (bsc#906549) * Improve patch description in man page. (bsc#904737) Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this SUSE YOU Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-softwaremgmt-201501=10134 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-softwaremgmt-201501=10134 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-softwaremgmt-201501=10134 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-softwaremgmt-201501=10134 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.37.10]: libzypp-devel-9.37.10-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 1.6.317 and 9.37.10]: libzypp-9.37.10-0.7.1 zypper-1.6.317-0.7.2 zypper-log-1.6.317-0.7.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 1.6.317 and 9.37.10]: libzypp-9.37.10-0.7.1 zypper-1.6.317-0.7.2 zypper-log-1.6.317-0.7.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.6.317 and 9.37.10]: libzypp-9.37.10-0.7.1 zypper-1.6.317-0.7.2 zypper-log-1.6.317-0.7.2 References: https://bugzilla.suse.com/show_bug.cgi?id=892431 https://bugzilla.suse.com/show_bug.cgi?id=901590 https://bugzilla.suse.com/show_bug.cgi?id=904737 https://bugzilla.suse.com/show_bug.cgi?id=906549 http://download.suse.com/patch/finder/?keywords=3e5a4b83472269eea4640a3ce8dbaaa9 From sle-updates at lists.suse.com Fri Feb 6 04:04:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Feb 2015 12:04:49 +0100 (CET) Subject: SUSE-RU-2015:0227-1: moderate: Recommended update for curl Message-ID: <20150206110449.8A20832366@maintenance.suse.de> SUSE Recommended Update: Recommended update for curl ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0227-1 Rating: moderate References: #913209 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: curl was updated to fix problems when operating in FIPS mode. This patch reenables following methods: - NTLM authentication (e.g. for proxies) (allowing its usage of MD4 and MD5) - HTTP Digest authentication (allowing its usage of MD5) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-55=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-55=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-55=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-9.1 curl-debugsource-7.37.0-9.1 libcurl-devel-7.37.0-9.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): curl-7.37.0-9.1 curl-debuginfo-7.37.0-9.1 curl-debugsource-7.37.0-9.1 libcurl4-7.37.0-9.1 libcurl4-debuginfo-7.37.0-9.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libcurl4-32bit-7.37.0-9.1 libcurl4-debuginfo-32bit-7.37.0-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): curl-7.37.0-9.1 curl-debuginfo-7.37.0-9.1 curl-debugsource-7.37.0-9.1 libcurl4-32bit-7.37.0-9.1 libcurl4-7.37.0-9.1 libcurl4-debuginfo-32bit-7.37.0-9.1 libcurl4-debuginfo-7.37.0-9.1 References: https://bugzilla.suse.com/show_bug.cgi?id=913209 From sle-updates at lists.suse.com Fri Feb 6 09:04:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Feb 2015 17:04:46 +0100 (CET) Subject: SUSE-OU-2015:0228-1: Optional update for python-setuptools, python3-setuptools Message-ID: <20150206160446.CFBB332366@maintenance.suse.de> SUSE Optional Update: Optional update for python-setuptools, python3-setuptools ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0228-1 Rating: low References: #913229 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: python-setuptools and python3-setuptools have been added to SUSE Linux Enterprise 12 Software Development Kit. Setuptools is a collection of enhancements to the Python distutils that allow you to more easily build and distribute Python packages, especially those that have dependencies on other packages. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-56=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-56=1 - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2015-56=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (noarch): python-setuptools-1.1.7-4.1 python3-setuptools-1.1.7-4.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-setuptools-1.1.7-4.1 - SUSE Linux Enterprise Build System Kit 12 (noarch): python3-setuptools-1.1.7-4.1 References: https://bugzilla.suse.com/show_bug.cgi?id=913229 From sle-updates at lists.suse.com Fri Feb 6 10:05:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Feb 2015 18:05:28 +0100 (CET) Subject: SUSE-SU-2015:0232-1: moderate: Security update for powerpc-utils Message-ID: <20150206170528.A0A4532369@maintenance.suse.de> SUSE Security Update: Security update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0232-1 Rating: moderate References: #883174 #901216 Cross-References: CVE-2014-4040 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: powerpc-utils was updated to fix one security issue. This security issue was fixed: - May expose passwords from fstab or yaboot.con (CVE-2014-4040). This additional fix was included: - LPAR crashes when drmgr attempts to offline last remaining cpu core (bnc#901216) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-57=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le): powerpc-utils-1.2.22-7.1 powerpc-utils-debuginfo-1.2.22-7.1 powerpc-utils-debugsource-1.2.22-7.1 References: http://support.novell.com/security/cve/CVE-2014-4040.html https://bugzilla.suse.com/show_bug.cgi?id=883174 https://bugzilla.suse.com/show_bug.cgi?id=901216 From sle-updates at lists.suse.com Fri Feb 6 17:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Feb 2015 01:04:54 +0100 (CET) Subject: SUSE-RU-2015:0234-1: Recommended update for spacecmd Message-ID: <20150207000454.265773235D@maintenance.suse.de> SUSE Recommended Update: Recommended update for spacecmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0234-1 Rating: low References: #908849 #914897 Affected Products: SUSE Manager Server ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for spacecmd includes the following fixes: * Fix configchannel export: do not create 'contents' key for directories. (bsc#908849) * Added feature to get installed packageversion of a system or systems managed by ssm to spacecmd. * Fix patch summary printing. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-spacecmd=10252 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (x86_64) [New Version: 2.1.25.7]: spacecmd-2.1.25.7-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=908849 https://bugzilla.suse.com/show_bug.cgi?id=914897 http://download.suse.com/patch/finder/?keywords=efc3224d3e17a1d562d1f94fb744d591 From sle-updates at lists.suse.com Fri Feb 6 17:05:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Feb 2015 01:05:21 +0100 (CET) Subject: SUSE-OU-2015:0235-1: Optional update for spacecmd Message-ID: <20150207000521.D56F63235D@maintenance.suse.de> SUSE Optional Update: Optional update for spacecmd ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0235-1 Rating: low References: #908849 #914897 Affected Products: SUSE Manager Proxy SUSE Manager Client Tools for SLE 11 SP3 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: This update provides spacecmd, a command-line interface to Spacewalk and Satellite servers. This release also includes the following fixes: * Fix configchannel export: do not create 'contents' key for directories. (bsc#908849) * Added feature to get installed packageversion of a system or systems managed by ssm to spacecmd. * Fix patch summary printing. Indications: Any user can install this package. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy: zypper in -t patch slemap21-spacecmd=10251 - SUSE Manager Client Tools for SLE 11 SP3: zypper in -t patch slesctsp3-spacecmd=10250 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy (x86_64): spacecmd-2.1.25.7-0.7.1 - SUSE Manager Client Tools for SLE 11 SP3 (i586 ia64 ppc64 s390x x86_64): spacecmd-2.1.25.7-0.7.1 References: https://bugzilla.suse.com/show_bug.cgi?id=908849 https://bugzilla.suse.com/show_bug.cgi?id=914897 http://download.suse.com/patch/finder/?keywords=a82bb58cd0d525ccad6ca7e33a412dbe http://download.suse.com/patch/finder/?keywords=e44fc9b9c214fab392e9d0fdafeb6422 From sle-updates at lists.suse.com Sat Feb 7 02:04:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Feb 2015 10:04:44 +0100 (CET) Subject: SUSE-SU-2015:0236-1: critical: Security update for flash-player Message-ID: <20150207090444.55CBB32366@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0236-1 Rating: critical References: #915918 Cross-References: CVE-2015-0313 CVE-2015-0314 CVE-2015-0315 CVE-2015-0316 CVE-2015-0317 CVE-2015-0318 CVE-2015-0319 CVE-2015-0320 CVE-2015-0321 CVE-2015-0322 CVE-2015-0323 CVE-2015-0324 CVE-2015-0325 CVE-2015-0326 CVE-2015-0327 CVE-2015-0328 CVE-2015-0329 CVE-2015-0330 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: flash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed: - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317, CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - Null pointer dereference issues (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-58=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-58=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.442-67.1 flash-player-gnome-11.2.202.442-67.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.442-67.1 flash-player-gnome-11.2.202.442-67.1 References: http://support.novell.com/security/cve/CVE-2015-0313.html http://support.novell.com/security/cve/CVE-2015-0314.html http://support.novell.com/security/cve/CVE-2015-0315.html http://support.novell.com/security/cve/CVE-2015-0316.html http://support.novell.com/security/cve/CVE-2015-0317.html http://support.novell.com/security/cve/CVE-2015-0318.html http://support.novell.com/security/cve/CVE-2015-0319.html http://support.novell.com/security/cve/CVE-2015-0320.html http://support.novell.com/security/cve/CVE-2015-0321.html http://support.novell.com/security/cve/CVE-2015-0322.html http://support.novell.com/security/cve/CVE-2015-0323.html http://support.novell.com/security/cve/CVE-2015-0324.html http://support.novell.com/security/cve/CVE-2015-0325.html http://support.novell.com/security/cve/CVE-2015-0326.html http://support.novell.com/security/cve/CVE-2015-0327.html http://support.novell.com/security/cve/CVE-2015-0328.html http://support.novell.com/security/cve/CVE-2015-0329.html http://support.novell.com/security/cve/CVE-2015-0330.html https://bugzilla.suse.com/show_bug.cgi?id=915918 From sle-updates at lists.suse.com Sat Feb 7 11:04:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Feb 2015 19:04:44 +0100 (CET) Subject: SUSE-SU-2015:0239-1: critical: Security update for flash-player, flash-player-gnome, flash-player-kde4 Message-ID: <20150207180444.9FDD232366@maintenance.suse.de> SUSE Security Update: Security update for flash-player, flash-player-gnome, flash-player-kde4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0239-1 Rating: critical References: #915918 Cross-References: CVE-2015-0313 CVE-2015-0314 CVE-2015-0315 CVE-2015-0316 CVE-2015-0317 CVE-2015-0318 CVE-2015-0319 CVE-2015-0320 CVE-2015-0321 CVE-2015-0322 CVE-2015-0323 CVE-2015-0324 CVE-2015-0325 CVE-2015-0326 CVE-2015-0327 CVE-2015-0328 CVE-2015-0329 CVE-2015-0330 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. It includes one version update. Description: flash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed: - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317, CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - Null pointer dereference issues (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html Security Issues: * CVE-2015-0313 * CVE-2015-0314 * CVE-2015-0315 * CVE-2015-0316 * CVE-2015-0317 * CVE-2015-0318 * CVE-2015-0319 * CVE-2015-0320 * CVE-2015-0321 * CVE-2015-0322 * CVE-2015-0323 * CVE-2015-0324 * CVE-2015-0325 * CVE-2015-0326 * CVE-2015-0327 * CVE-2015-0328 * CVE-2015-0329 * CVE-2015-0330 Contraindications: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-flash-player=10287 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 11.2.202.442]: flash-player-11.2.202.442-0.3.1 flash-player-gnome-11.2.202.442-0.3.1 flash-player-kde4-11.2.202.442-0.3.1 References: http://support.novell.com/security/cve/CVE-2015-0313.html http://support.novell.com/security/cve/CVE-2015-0314.html http://support.novell.com/security/cve/CVE-2015-0315.html http://support.novell.com/security/cve/CVE-2015-0316.html http://support.novell.com/security/cve/CVE-2015-0317.html http://support.novell.com/security/cve/CVE-2015-0318.html http://support.novell.com/security/cve/CVE-2015-0319.html http://support.novell.com/security/cve/CVE-2015-0320.html http://support.novell.com/security/cve/CVE-2015-0321.html http://support.novell.com/security/cve/CVE-2015-0322.html http://support.novell.com/security/cve/CVE-2015-0323.html http://support.novell.com/security/cve/CVE-2015-0324.html http://support.novell.com/security/cve/CVE-2015-0325.html http://support.novell.com/security/cve/CVE-2015-0326.html http://support.novell.com/security/cve/CVE-2015-0327.html http://support.novell.com/security/cve/CVE-2015-0328.html http://support.novell.com/security/cve/CVE-2015-0329.html http://support.novell.com/security/cve/CVE-2015-0330.html https://bugzilla.suse.com/show_bug.cgi?id=915918 http://download.suse.com/patch/finder/?keywords=7fb4ff1fae894ac722cc8e70ad37954c From sle-updates at lists.suse.com Mon Feb 9 08:05:06 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Feb 2015 16:05:06 +0100 (CET) Subject: SUSE-SU-2015:0241-1: moderate: Security update for libvirt Message-ID: <20150209150506.CC19932366@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0241-1 Rating: moderate References: #891936 #899334 #899484 #900587 #902976 #903756 #904176 #904426 #904432 #909828 #910862 #911737 Cross-References: CVE-2014-3657 CVE-2014-7823 CVE-2014-8136 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has 9 fixes is now available. Description: libvirt was updated to fix security issues and bugs. These security issues were fixed: - Fixed denial of service flaw in libvirt's virConnectListAllDomains() function (CVE-2014-3657). - Information leak with flag VIR_DOMAIN_XML_MIGRATABLE (CVE-2014-7823). - local denial of service in qemu driver (CVE-2014-8136) These non-security issues were fixed: - Get /proc/sys/net/ipv[46] read-write for wicked to work in containers (bsc#904432). - libxl: Several migration improvements (bsc#903756). - libxl: allow libxl to find pygrub binary (bdo#770485). - Fix Qemu AppArmor abstraction (bsc#904426). - AppArmor confined kvm domains couldn't find the apparmor profile template (bnc#902976). - Backport commit c110cdb2 to fix non-raw storage format error (bnc#900587). - qemu: use systemd's TerminateMachine to kill all processes (bsc#899334). - Transformed Errors into warnings in detect_scsi_host_caps. - Fix a missing cleanup for lxc containers. - Adding network configuration to containers. bsc#904432 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-59=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-59=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-59=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-59=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libvirt-client-32bit-1.2.5-21.1 libvirt-client-debuginfo-32bit-1.2.5-21.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libvirt-debugsource-1.2.5-21.1 libvirt-devel-1.2.5-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libvirt-1.2.5-21.1 libvirt-client-1.2.5-21.1 libvirt-client-debuginfo-1.2.5-21.1 libvirt-daemon-1.2.5-21.1 libvirt-daemon-config-network-1.2.5-21.1 libvirt-daemon-config-nwfilter-1.2.5-21.1 libvirt-daemon-debuginfo-1.2.5-21.1 libvirt-daemon-driver-interface-1.2.5-21.1 libvirt-daemon-driver-interface-debuginfo-1.2.5-21.1 libvirt-daemon-driver-lxc-1.2.5-21.1 libvirt-daemon-driver-lxc-debuginfo-1.2.5-21.1 libvirt-daemon-driver-network-1.2.5-21.1 libvirt-daemon-driver-network-debuginfo-1.2.5-21.1 libvirt-daemon-driver-nodedev-1.2.5-21.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.5-21.1 libvirt-daemon-driver-nwfilter-1.2.5-21.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-21.1 libvirt-daemon-driver-qemu-1.2.5-21.1 libvirt-daemon-driver-qemu-debuginfo-1.2.5-21.1 libvirt-daemon-driver-secret-1.2.5-21.1 libvirt-daemon-driver-secret-debuginfo-1.2.5-21.1 libvirt-daemon-driver-storage-1.2.5-21.1 libvirt-daemon-driver-storage-debuginfo-1.2.5-21.1 libvirt-daemon-lxc-1.2.5-21.1 libvirt-daemon-qemu-1.2.5-21.1 libvirt-debugsource-1.2.5-21.1 libvirt-doc-1.2.5-21.1 libvirt-lock-sanlock-1.2.5-21.1 libvirt-lock-sanlock-debuginfo-1.2.5-21.1 - SUSE Linux Enterprise Server 12 (x86_64): libvirt-daemon-driver-libxl-1.2.5-21.1 libvirt-daemon-driver-libxl-debuginfo-1.2.5-21.1 libvirt-daemon-xen-1.2.5-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libvirt-1.2.5-21.1 libvirt-client-1.2.5-21.1 libvirt-client-32bit-1.2.5-21.1 libvirt-client-debuginfo-1.2.5-21.1 libvirt-client-debuginfo-32bit-1.2.5-21.1 libvirt-daemon-1.2.5-21.1 libvirt-daemon-config-network-1.2.5-21.1 libvirt-daemon-config-nwfilter-1.2.5-21.1 libvirt-daemon-debuginfo-1.2.5-21.1 libvirt-daemon-driver-interface-1.2.5-21.1 libvirt-daemon-driver-interface-debuginfo-1.2.5-21.1 libvirt-daemon-driver-libxl-1.2.5-21.1 libvirt-daemon-driver-libxl-debuginfo-1.2.5-21.1 libvirt-daemon-driver-lxc-1.2.5-21.1 libvirt-daemon-driver-lxc-debuginfo-1.2.5-21.1 libvirt-daemon-driver-network-1.2.5-21.1 libvirt-daemon-driver-network-debuginfo-1.2.5-21.1 libvirt-daemon-driver-nodedev-1.2.5-21.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.5-21.1 libvirt-daemon-driver-nwfilter-1.2.5-21.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-21.1 libvirt-daemon-driver-qemu-1.2.5-21.1 libvirt-daemon-driver-qemu-debuginfo-1.2.5-21.1 libvirt-daemon-driver-secret-1.2.5-21.1 libvirt-daemon-driver-secret-debuginfo-1.2.5-21.1 libvirt-daemon-driver-storage-1.2.5-21.1 libvirt-daemon-driver-storage-debuginfo-1.2.5-21.1 libvirt-daemon-lxc-1.2.5-21.1 libvirt-daemon-qemu-1.2.5-21.1 libvirt-daemon-xen-1.2.5-21.1 libvirt-debugsource-1.2.5-21.1 libvirt-doc-1.2.5-21.1 References: http://support.novell.com/security/cve/CVE-2014-3657.html http://support.novell.com/security/cve/CVE-2014-7823.html http://support.novell.com/security/cve/CVE-2014-8136.html https://bugzilla.suse.com/show_bug.cgi?id=891936 https://bugzilla.suse.com/show_bug.cgi?id=899334 https://bugzilla.suse.com/show_bug.cgi?id=899484 https://bugzilla.suse.com/show_bug.cgi?id=900587 https://bugzilla.suse.com/show_bug.cgi?id=902976 https://bugzilla.suse.com/show_bug.cgi?id=903756 https://bugzilla.suse.com/show_bug.cgi?id=904176 https://bugzilla.suse.com/show_bug.cgi?id=904426 https://bugzilla.suse.com/show_bug.cgi?id=904432 https://bugzilla.suse.com/show_bug.cgi?id=909828 https://bugzilla.suse.com/show_bug.cgi?id=910862 https://bugzilla.suse.com/show_bug.cgi?id=911737 From sle-updates at lists.suse.com Mon Feb 9 09:04:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Feb 2015 17:04:49 +0100 (CET) Subject: SUSE-OU-2015:0242-1: Optional update for spacecmd Message-ID: <20150209160449.C00A632366@maintenance.suse.de> SUSE Optional Update: Optional update for spacecmd ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0242-1 Rating: low References: #914897 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides spacecmd, a command-line interface to Spacewalk and Satellite servers, for SUSE Manager clients. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2015-60=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (noarch): spacecmd-2.1.25.7-2.1 References: https://bugzilla.suse.com/show_bug.cgi?id=914897 From sle-updates at lists.suse.com Mon Feb 9 10:05:06 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Feb 2015 18:05:06 +0100 (CET) Subject: SUSE-RU-2015:0244-1: moderate: Recommended update for postfix Message-ID: <20150209170506.5615D32366@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0244-1 Rating: moderate References: #729154 #908003 #910265 #911806 #914086 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for Postfix provides fixes for the following issues: - Wrong access rights on /usr/sbin/postdrop causes permission denied when trying to send mails as non-root user. (bsc#908003) - Wrong permissions for some postfix components. (bsc#729154) - config.postfix does not set up correct saslauthd socket directory for chroot. (bsc#911806) - config.postfix does not upgrade the chroot. (bsc#910265) - Fix syntax error in config.postfix. (bsc#914086) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-63=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-63=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le): postfix-debuginfo-2.11.0-8.1 postfix-debugsource-2.11.0-8.1 postfix-devel-2.11.0-8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x): postfix-2.11.0-8.1 postfix-debuginfo-2.11.0-8.1 postfix-debugsource-2.11.0-8.1 postfix-mysql-2.11.0-8.1 postfix-mysql-debuginfo-2.11.0-8.1 - SUSE Linux Enterprise Server 12 (noarch): postfix-doc-2.11.0-8.1 References: https://bugzilla.suse.com/show_bug.cgi?id=729154 https://bugzilla.suse.com/show_bug.cgi?id=908003 https://bugzilla.suse.com/show_bug.cgi?id=910265 https://bugzilla.suse.com/show_bug.cgi?id=911806 https://bugzilla.suse.com/show_bug.cgi?id=914086 From sle-updates at lists.suse.com Mon Feb 9 11:04:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Feb 2015 19:04:52 +0100 (CET) Subject: SUSE-RU-2015:0244-2: moderate: Recommended update for postfix Message-ID: <20150209180452.9418C32366@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0244-2 Rating: moderate References: #729154 #908003 #910265 #911806 #914086 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for Postfix provides fixes for the following issues: - Wrong access rights on /usr/sbin/postdrop causes permission denied when trying to send mails as non-root user. (bsc#908003) - Wrong permissions for some postfix components. (bsc#729154) - config.postfix does not set up correct saslauthd socket directory for chroot. (bsc#911806) - config.postfix does not upgrade the chroot. (bsc#910265) - Fix syntax error in config.postfix. (bsc#914086) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-63=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-63=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-63=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): postfix-debuginfo-2.11.0-8.1 postfix-debugsource-2.11.0-8.1 postfix-devel-2.11.0-8.1 - SUSE Linux Enterprise Server 12 (x86_64): postfix-2.11.0-8.1 postfix-debuginfo-2.11.0-8.1 postfix-debugsource-2.11.0-8.1 postfix-mysql-2.11.0-8.1 postfix-mysql-debuginfo-2.11.0-8.1 - SUSE Linux Enterprise Server 12 (noarch): postfix-doc-2.11.0-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): postfix-2.11.0-8.1 postfix-debuginfo-2.11.0-8.1 postfix-debugsource-2.11.0-8.1 References: https://bugzilla.suse.com/show_bug.cgi?id=729154 https://bugzilla.suse.com/show_bug.cgi?id=908003 https://bugzilla.suse.com/show_bug.cgi?id=910265 https://bugzilla.suse.com/show_bug.cgi?id=911806 https://bugzilla.suse.com/show_bug.cgi?id=914086 From sle-updates at lists.suse.com Mon Feb 9 11:05:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Feb 2015 19:05:54 +0100 (CET) Subject: SUSE-RU-2015:0246-1: important: Recommended update for the kGraft Manual Message-ID: <20150209180554.A290F32369@maintenance.suse.de> SUSE Recommended Update: Recommended update for the kGraft Manual ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0246-1 Rating: important References: #915189 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest revision of the kGraft Manual. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-62=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (noarch): kgraft-manual_en-12-8.2 sles-kgraft_en-pdf-12-8.2 References: https://bugzilla.suse.com/show_bug.cgi?id=915189 From sle-updates at lists.suse.com Tue Feb 10 09:05:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Feb 2015 17:05:01 +0100 (CET) Subject: SUSE-RU-2015:0251-1: moderate: Recommended update for e2fsprogs Message-ID: <20150210160501.A33213236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0251-1 Rating: moderate References: #912229 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for e2fsprogs fixes a "use after free" issue in fsck(8). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-64=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-64=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-64=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): e2fsprogs-debuginfo-1.42.11-4.1 e2fsprogs-debugsource-1.42.11-4.1 e2fsprogs-devel-1.42.11-4.1 libcom_err-devel-1.42.11-4.1 libext2fs-devel-1.42.11-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): e2fsprogs-1.42.11-4.1 e2fsprogs-debuginfo-1.42.11-4.1 e2fsprogs-debugsource-1.42.11-4.1 libcom_err2-1.42.11-4.1 libcom_err2-debuginfo-1.42.11-4.1 libext2fs2-1.42.11-4.1 libext2fs2-debuginfo-1.42.11-4.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): e2fsprogs-debuginfo-32bit-1.42.11-4.1 libcom_err2-32bit-1.42.11-4.1 libcom_err2-debuginfo-32bit-1.42.11-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): e2fsprogs-1.42.11-4.1 e2fsprogs-debuginfo-1.42.11-4.1 e2fsprogs-debuginfo-32bit-1.42.11-4.1 e2fsprogs-debugsource-1.42.11-4.1 libcom_err2-1.42.11-4.1 libcom_err2-32bit-1.42.11-4.1 libcom_err2-debuginfo-1.42.11-4.1 libcom_err2-debuginfo-32bit-1.42.11-4.1 libext2fs2-1.42.11-4.1 libext2fs2-debuginfo-1.42.11-4.1 References: https://bugzilla.suse.com/show_bug.cgi?id=912229 From sle-updates at lists.suse.com Tue Feb 10 17:04:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Feb 2015 01:04:47 +0100 (CET) Subject: SUSE-SU-2015:0253-1: moderate: Security update for glibc Message-ID: <20150211000447.C17E332361@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0253-1 Rating: moderate References: #864081 #891843 #894553 #894556 #903288 #909053 Cross-References: CVE-2012-6656 CVE-2014-6040 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: glibc has been updated to fix security issues and bugs: * Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bsc#894553, bsc#894556, GLIBC BZ #17325, GLIBC BZ #14134) * Avoid infinite loop in nss_dns getnetbyname. (CVE-2014-9402) * Don't touch user-controlled stdio locks in forked child. (bsc#864081, GLIBC BZ #12847) * Unlock mutex before going back to waiting for PI mutexes. (bsc#891843, GLIBC BZ #14417) * Implement x86 cpuid handling of leaf4 for cache information. (bsc#903288, GLIBC BZ #12587) * Fix infinite loop in check_pf. (bsc#909053, GLIBC BZ #12926) Security Issues: * CVE-2014-6040 * CVE-2012-6656 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-glibc=10259 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-glibc=10259 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-glibc=10259 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-glibc=10259 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): glibc-html-2.11.3-17.80.3 glibc-info-2.11.3-17.80.3 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): glibc-2.11.3-17.80.3 glibc-devel-2.11.3-17.80.3 glibc-html-2.11.3-17.80.3 glibc-i18ndata-2.11.3-17.80.3 glibc-info-2.11.3-17.80.3 glibc-locale-2.11.3-17.80.3 glibc-profile-2.11.3-17.80.3 nscd-2.11.3-17.80.3 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): glibc-32bit-2.11.3-17.80.3 glibc-devel-32bit-2.11.3-17.80.3 glibc-locale-32bit-2.11.3-17.80.3 glibc-profile-32bit-2.11.3-17.80.3 - SUSE Linux Enterprise Server 11 SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.80.3 glibc-devel-2.11.3-17.80.3 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.80.3 glibc-i18ndata-2.11.3-17.80.3 glibc-info-2.11.3-17.80.3 glibc-locale-2.11.3-17.80.3 glibc-profile-2.11.3-17.80.3 nscd-2.11.3-17.80.3 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.80.3 glibc-devel-32bit-2.11.3-17.80.3 glibc-locale-32bit-2.11.3-17.80.3 glibc-profile-32bit-2.11.3-17.80.3 - SUSE Linux Enterprise Server 11 SP3 (ia64): glibc-locale-x86-2.11.3-17.80.3 glibc-profile-x86-2.11.3-17.80.3 glibc-x86-2.11.3-17.80.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 i686 x86_64): glibc-2.11.3-17.80.3 glibc-devel-2.11.3-17.80.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): glibc-i18ndata-2.11.3-17.80.3 glibc-locale-2.11.3-17.80.3 nscd-2.11.3-17.80.3 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): glibc-32bit-2.11.3-17.80.3 glibc-devel-32bit-2.11.3-17.80.3 glibc-locale-32bit-2.11.3-17.80.3 References: http://support.novell.com/security/cve/CVE-2012-6656.html http://support.novell.com/security/cve/CVE-2014-6040.html https://bugzilla.suse.com/show_bug.cgi?id=864081 https://bugzilla.suse.com/show_bug.cgi?id=891843 https://bugzilla.suse.com/show_bug.cgi?id=894553 https://bugzilla.suse.com/show_bug.cgi?id=894556 https://bugzilla.suse.com/show_bug.cgi?id=903288 https://bugzilla.suse.com/show_bug.cgi?id=909053 http://download.suse.com/patch/finder/?keywords=76bf279b2ba02c13a549f81e2b2d2df4 From sle-updates at lists.suse.com Wed Feb 11 03:04:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Feb 2015 11:04:48 +0100 (CET) Subject: SUSE-RU-2015:0254-1: moderate: Initial live patch for kernel 3.12.36-38 Message-ID: <20150211100448.48EA432369@maintenance.suse.de> SUSE Recommended Update: Initial live patch for kernel 3.12.36-38 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0254-1 Rating: moderate References: #904970 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This live patch contains only the initial modification of uname syscall and no bug fixes yet. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-66=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_36-38-default-1-2.4 kgraft-patch-3_12_36-38-xen-1-2.4 References: https://bugzilla.suse.com/show_bug.cgi?id=904970 From sle-updates at lists.suse.com Wed Feb 11 10:05:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Feb 2015 18:05:19 +0100 (CET) Subject: SUSE-SU-2015:0257-1: important: Security update for krb5 Message-ID: <20150211170520.00CBF3236B@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0257-1 Rating: important References: #872912 #906557 #912002 Cross-References: CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: krb5 has been updated to fix four security issues: * CVE-2014-5352: gss_process_context_token() incorrectly frees context (bsc#912002) * CVE-2014-9421: kadmind doubly frees partial deserialization results (bsc#912002) * CVE-2014-9422: kadmind incorrectly validates server principal name (bsc#912002) * CVE-2014-9423: libgssrpc server applications leak uninitialized bytes (bsc#912002) Additionally, these non-security issues have been fixed: * Winbind process hangs indefinitely without DC. (bsc#872912) * Hanging winbind processes. (bsc#906557) Security Issues: * CVE-2014-5352 * CVE-2014-9421 * CVE-2014-9422 * CVE-2014-9423 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-krb5-20150206=10282 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-krb5-20150206=10282 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-krb5-20150206=10282 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-krb5-20150206=10282 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.66.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.66.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): krb5-server-1.6.3-133.49.66.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): krb5-1.6.3-133.49.66.1 krb5-apps-clients-1.6.3-133.49.66.1 krb5-apps-servers-1.6.3-133.49.66.1 krb5-client-1.6.3-133.49.66.1 krb5-plugin-kdb-ldap-1.6.3-133.49.66.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1 krb5-server-1.6.3-133.49.66.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): krb5-32bit-1.6.3-133.49.66.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): krb5-doc-1.6.3-133.49.66.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.66.1 krb5-apps-clients-1.6.3-133.49.66.1 krb5-apps-servers-1.6.3-133.49.66.1 krb5-client-1.6.3-133.49.66.1 krb5-plugin-kdb-ldap-1.6.3-133.49.66.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1 krb5-server-1.6.3-133.49.66.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.66.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): krb5-doc-1.6.3-133.49.66.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): krb5-x86-1.6.3-133.49.66.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): krb5-1.6.3-133.49.66.1 krb5-client-1.6.3-133.49.66.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): krb5-32bit-1.6.3-133.49.66.1 References: http://support.novell.com/security/cve/CVE-2014-5352.html http://support.novell.com/security/cve/CVE-2014-9421.html http://support.novell.com/security/cve/CVE-2014-9422.html http://support.novell.com/security/cve/CVE-2014-9423.html https://bugzilla.suse.com/show_bug.cgi?id=872912 https://bugzilla.suse.com/show_bug.cgi?id=906557 https://bugzilla.suse.com/show_bug.cgi?id=912002 http://download.suse.com/patch/finder/?keywords=127e426050f20989c3c73bc3d3cfcd23 From sle-updates at lists.suse.com Wed Feb 11 17:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Feb 2015 01:04:53 +0100 (CET) Subject: SUSE-SU-2015:0258-1: moderate: Security update for jasper Message-ID: <20150212000453.E5CA532361@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0258-1 Rating: moderate References: #909474 #909475 #911837 Cross-References: CVE-2014-8137 CVE-2014-8138 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for jasper fixes the following security issues: * CVE-2014-8137: Double free in jas_iccattrval_destroy(). Double call to free() allowed attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (bsc#909474) * CVE-2014-8138: Heap overflow in jas_decode(). This could be used to do an arbitrary write and could result in arbitrary code execution. (bsc#909475) * CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot(). Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. (bsc#911837) * CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c. Could allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. (bsc#911837) Security Issues: * CVE-2014-8138 * CVE-2014-8137 * CVE-2014-8157 * CVE-2014-8158 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-jasper=10261 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-jasper=10261 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-jasper=10261 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-jasper=10261 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libjasper-devel-1.900.1-134.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libjasper-1.900.1-134.17.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libjasper-32bit-1.900.1-134.17.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libjasper-1.900.1-134.17.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libjasper-32bit-1.900.1-134.17.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libjasper-x86-1.900.1-134.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libjasper-1.900.1-134.17.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libjasper-32bit-1.900.1-134.17.1 References: http://support.novell.com/security/cve/CVE-2014-8137.html http://support.novell.com/security/cve/CVE-2014-8138.html https://bugzilla.suse.com/show_bug.cgi?id=909474 https://bugzilla.suse.com/show_bug.cgi?id=909475 https://bugzilla.suse.com/show_bug.cgi?id=911837 http://download.suse.com/patch/finder/?keywords=46bec989fa67ded3cad77ce44cf0ee0d From sle-updates at lists.suse.com Wed Feb 11 19:06:04 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Feb 2015 03:06:04 +0100 (CET) Subject: SUSE-SU-2015:0259-1: important: Security update for ntp Message-ID: <20150212020604.12FF132361@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0259-1 Rating: important References: #910764 #911792 Cross-References: CVE-2014-9293 CVE-2014-9294 CVE-2014-9297 CVE-2014-9298 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: ntp has been updated to fix four security issues: * CVE-2014-9294: ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9293: The config_auth function, when an auth key is not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9298: ::1 can be spoofed on some operating systems, so ACLs based on IPv6 ::1 addresses could be bypassed. (bsc#910764) * CVE-2014-9297: vallen is not validated in several places in ntp_crypto.c, leading to potential information leak. (bsc#910764) Security Issues: * CVE-2014-9294 * CVE-2014-9293 * CVE-2014-9298 * CVE-2014-9297 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ntp=10293 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ntp=10293 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ntp=10293 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ntp-4.2.4p8-1.29.32.1 ntp-doc-4.2.4p8-1.29.32.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.4p8-1.29.32.1 ntp-doc-4.2.4p8-1.29.32.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ntp-4.2.4p8-1.29.32.1 ntp-doc-4.2.4p8-1.29.32.1 References: http://support.novell.com/security/cve/CVE-2014-9293.html http://support.novell.com/security/cve/CVE-2014-9294.html http://support.novell.com/security/cve/CVE-2014-9297.html http://support.novell.com/security/cve/CVE-2014-9298.html https://bugzilla.suse.com/show_bug.cgi?id=910764 https://bugzilla.suse.com/show_bug.cgi?id=911792 http://download.suse.com/patch/finder/?keywords=3ac2fa202f513bac69fa58d8eb795c47 From sle-updates at lists.suse.com Thu Feb 12 07:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Feb 2015 15:04:53 +0100 (CET) Subject: SUSE-SU-2015:0270-1: moderate: Security update for util-linux Message-ID: <20150212140453.E8DB63236A@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0270-1 Rating: moderate References: #907434 #908742 Cross-References: CVE-2014-9114 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: util-linux was updated to fix one security issue. This security issue was fixed: - CVE-2014-9114: Using crafted block devices (e.g. USB sticks) it was possibly to inject code via libblkid. libblkid was fixed to care about unsafe chars and possible buffer overflow in cache (bnc#907434) This non-security issue was fixed: - libblkid: Reset errno in blkid_probe_get_buffer() to prevent failing probes (e. g. for exFAT) (bnc#908742). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-67=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-67=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-67=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-67=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libuuid-devel-2.25-10.1 util-linux-debuginfo-2.25-10.1 util-linux-debugsource-2.25-10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libblkid-devel-2.25-10.1 libmount-devel-2.25-10.1 libsmartcols-devel-2.25-10.1 libuuid-devel-2.25-10.1 util-linux-debuginfo-2.25-10.1 util-linux-debugsource-2.25-10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libblkid1-2.25-10.1 libblkid1-debuginfo-2.25-10.1 libmount1-2.25-10.1 libmount1-debuginfo-2.25-10.1 libsmartcols1-2.25-10.1 libsmartcols1-debuginfo-2.25-10.1 libuuid1-2.25-10.1 libuuid1-debuginfo-2.25-10.1 python-libmount-2.25-10.3 python-libmount-debuginfo-2.25-10.3 python-libmount-debugsource-2.25-10.3 util-linux-2.25-10.1 util-linux-debuginfo-2.25-10.1 util-linux-debugsource-2.25-10.1 util-linux-systemd-2.25-10.1 util-linux-systemd-debuginfo-2.25-10.1 util-linux-systemd-debugsource-2.25-10.1 uuidd-2.25-10.1 uuidd-debuginfo-2.25-10.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libblkid1-32bit-2.25-10.1 libblkid1-debuginfo-32bit-2.25-10.1 libmount1-32bit-2.25-10.1 libmount1-debuginfo-32bit-2.25-10.1 libuuid1-32bit-2.25-10.1 libuuid1-debuginfo-32bit-2.25-10.1 - SUSE Linux Enterprise Server 12 (noarch): util-linux-lang-2.25-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libblkid1-2.25-10.1 libblkid1-32bit-2.25-10.1 libblkid1-debuginfo-2.25-10.1 libblkid1-debuginfo-32bit-2.25-10.1 libmount1-2.25-10.1 libmount1-32bit-2.25-10.1 libmount1-debuginfo-2.25-10.1 libmount1-debuginfo-32bit-2.25-10.1 libsmartcols1-2.25-10.1 libsmartcols1-debuginfo-2.25-10.1 libuuid-devel-2.25-10.1 libuuid1-2.25-10.1 libuuid1-32bit-2.25-10.1 libuuid1-debuginfo-2.25-10.1 libuuid1-debuginfo-32bit-2.25-10.1 python-libmount-2.25-10.3 python-libmount-debuginfo-2.25-10.3 python-libmount-debugsource-2.25-10.3 util-linux-2.25-10.1 util-linux-debuginfo-2.25-10.1 util-linux-debugsource-2.25-10.1 util-linux-systemd-2.25-10.1 util-linux-systemd-debuginfo-2.25-10.1 util-linux-systemd-debugsource-2.25-10.1 uuidd-2.25-10.1 uuidd-debuginfo-2.25-10.1 - SUSE Linux Enterprise Desktop 12 (noarch): util-linux-lang-2.25-10.1 References: http://support.novell.com/security/cve/CVE-2014-9114.html https://bugzilla.suse.com/show_bug.cgi?id=907434 https://bugzilla.suse.com/show_bug.cgi?id=908742 From sle-updates at lists.suse.com Thu Feb 12 07:05:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Feb 2015 15:05:23 +0100 (CET) Subject: SUSE-SU-2015:0271-1: moderate: Security update for xdg-utils Message-ID: <20150212140523.475363236E@maintenance.suse.de> SUSE Security Update: Security update for xdg-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0271-1 Rating: moderate References: #906625 #913676 Cross-References: CVE-2014-9622 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update of xdg-utils fixes a command injection security problem (CVE-2014-9622, bsc#913676) and a bug when opening files where multiple mime handlers existed (bsc#906625). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-68=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-68=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): xdg-utils-20140630-5.1 - SUSE Linux Enterprise Desktop 12 (noarch): xdg-utils-20140630-5.1 References: http://support.novell.com/security/cve/CVE-2014-9622.html https://bugzilla.suse.com/show_bug.cgi?id=906625 https://bugzilla.suse.com/show_bug.cgi?id=913676 From sle-updates at lists.suse.com Thu Feb 12 10:04:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Feb 2015 18:04:49 +0100 (CET) Subject: SUSE-RU-2015:0272-1: important: Recommended update for timezone Message-ID: <20150212170449.B7EF83236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0272-1 Rating: important References: #912415 #915422 #915693 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides the latest timezone information (2015a) for your system, including the following changes: - Add positive leap second on 2015-06-30 23:59:60 UTC, as per IERS Bulletin C 49. (bsc#912415) - Mexico state Quintana Roo (America/Cancun) shifts from Central Time with DST to Eastern Time without DST on 2015-02-01 02:00. (bsc#915422) - Chile (America/Santiago) will retain old DST as standard time from April, also Pacific/Easter, and Antarctica/Palmer. This release also includes changes affecting past time stamps, documentation and some minor bug fixes. For a comprehensive list, refer to the release announcement from ICANN: - [http://mm.icann.org/pipermail/tz-announce/2015-January/000028.html](http:/ /mm.icann.org/pipermail/tz-announce/2015-January/000028.html) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-69=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-69=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): timezone-2015a-0.4.1 timezone-debuginfo-2015a-0.4.1 timezone-debugsource-2015a-0.4.1 - SUSE Linux Enterprise Server 12 (noarch): timezone-java-2015a-0.4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): timezone-2015a-0.4.1 timezone-debuginfo-2015a-0.4.1 timezone-debugsource-2015a-0.4.1 - SUSE Linux Enterprise Desktop 12 (noarch): timezone-java-2015a-0.4.1 References: https://bugzilla.suse.com/912415 https://bugzilla.suse.com/915422 https://bugzilla.suse.com/915693 From sle-updates at lists.suse.com Thu Feb 12 13:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Feb 2015 21:04:53 +0100 (CET) Subject: SUSE-SU-2015:0274-1: important: Security update for ntp Message-ID: <20150212200453.6FC5D3236A@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0274-1 Rating: important References: #910764 #911792 Cross-References: CVE-2014-9293 CVE-2014-9294 CVE-2014-9297 CVE-2014-9298 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: ntp was updated to fix four security issues. These security issues were fixed: - CVE-2014-9294: util/ntp-keygen.c in ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (bnc#910764 911792). - CVE-2014-9293: The config_auth function in ntpd, when an auth key was not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (bnc#910764 911792). - CVE-2014-9298: ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses could be bypassed (bnc#911792). - CVE-2014-9297: Information leak by not properly checking a length in several places in ntp_crypto.c (bnc#911792). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-70=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-70=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ntp-4.2.6p5-37.2 ntp-debuginfo-4.2.6p5-37.2 ntp-debugsource-4.2.6p5-37.2 ntp-doc-4.2.6p5-37.2 - SUSE Linux Enterprise Desktop 12 (x86_64): ntp-4.2.6p5-37.2 ntp-debuginfo-4.2.6p5-37.2 ntp-debugsource-4.2.6p5-37.2 ntp-doc-4.2.6p5-37.2 References: http://support.novell.com/security/cve/CVE-2014-9293.html http://support.novell.com/security/cve/CVE-2014-9294.html http://support.novell.com/security/cve/CVE-2014-9297.html http://support.novell.com/security/cve/CVE-2014-9298.html https://bugzilla.suse.com/910764 https://bugzilla.suse.com/911792 From sle-updates at lists.suse.com Thu Feb 12 17:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Feb 2015 01:04:57 +0100 (CET) Subject: SUSE-RU-2015:0275-1: Recommended update for gcc-shlib-transition Message-ID: <20150213000457.B04B932361@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc-shlib-transition ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0275-1 Rating: low References: #878067 #907296 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: When updating to a GCC runtime that does not provide the legacy libgcc1, dependency issues arise. This patch makes sure libgcc1 is provided by the original SLE 11 GCC runtime provider, libgcc43. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-gcc-shlib-transition=10235 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-gcc-shlib-transition=10235 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-gcc-shlib-transition=10235 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-gcc-shlib-transition=10235 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgfortran43-4.6.9-0.13.22 libgfortran46-4.6.9-0.13.22 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libgfortran43-32bit-4.6.9-0.13.22 libgfortran46-32bit-4.6.9-0.13.22 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 x86_64): libquadmath46-4.6.9-0.13.22 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): libquadmath46-32bit-4.6.9-0.13.22 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libgcc43-4.6.9-0.13.22 libgcc46-4.6.9-0.13.22 libgomp43-4.6.9-0.13.22 libgomp46-4.6.9-0.13.22 libstdc++43-4.6.9-0.13.22 libstdc++46-4.6.9-0.13.22 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libgcc43-32bit-4.6.9-0.13.22 libgcc46-32bit-4.6.9-0.13.22 libgomp43-32bit-4.6.9-0.13.22 libgomp46-32bit-4.6.9-0.13.22 libstdc++43-32bit-4.6.9-0.13.22 libstdc++46-32bit-4.6.9-0.13.22 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgcc43-4.6.9-0.13.22 libgcc46-4.6.9-0.13.22 libgomp43-4.6.9-0.13.22 libgomp46-4.6.9-0.13.22 libstdc++43-4.6.9-0.13.22 libstdc++46-4.6.9-0.13.22 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libgcc43-32bit-4.6.9-0.13.22 libgcc46-32bit-4.6.9-0.13.22 libgomp43-32bit-4.6.9-0.13.22 libgomp46-32bit-4.6.9-0.13.22 libstdc++43-32bit-4.6.9-0.13.22 libstdc++46-32bit-4.6.9-0.13.22 - SUSE Linux Enterprise Server 11 SP3 (ia64): libgcc43-x86-4.6.9-0.13.22 libgcc46-x86-4.6.9-0.13.22 libstdc++43-x86-4.6.9-0.13.22 libstdc++46-x86-4.6.9-0.13.22 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libgcc43-4.6.9-0.13.22 libgomp43-4.6.9-0.13.22 libstdc++43-4.6.9-0.13.22 libstdc++46-4.6.9-0.13.22 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libgcc43-32bit-4.6.9-0.13.22 libgomp43-32bit-4.6.9-0.13.22 libstdc++43-32bit-4.6.9-0.13.22 libstdc++46-32bit-4.6.9-0.13.22 References: https://bugzilla.suse.com/878067 https://bugzilla.suse.com/907296 http://download.suse.com/patch/finder/?keywords=4c3fa4cf282ece7b9f558629f0603bab From sle-updates at lists.suse.com Thu Feb 12 19:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Feb 2015 03:04:55 +0100 (CET) Subject: SUSE-RU-2015:0276-1: Recommended update for gcc47 Message-ID: <20150213020455.F2C1132361@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc47 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0276-1 Rating: low References: #907296 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gcc47 removes libgcc1 provides and conflicts to allow the transition to gcc48 runtime packages in future Service Packs. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-cpp47=10236 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cpp47=10236 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cpp47=10236 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cpp47=10236 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): cpp47-4.7.2_20130108-0.19.3 gcc47-4.7.2_20130108-0.19.3 gcc47-c++-4.7.2_20130108-0.19.3 gcc47-fortran-4.7.2_20130108-0.19.3 gcc47-info-4.7.2_20130108-0.19.3 gcc47-locale-4.7.2_20130108-0.19.3 libgfortran3-4.7.2_20130108-0.19.3 libstdc++47-devel-4.7.2_20130108-0.19.3 libstdc++47-doc-4.7.2_20130108-0.19.3 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): gcc47-32bit-4.7.2_20130108-0.19.3 gcc47-fortran-32bit-4.7.2_20130108-0.19.3 libgfortran3-32bit-4.7.2_20130108-0.19.3 libstdc++47-devel-32bit-4.7.2_20130108-0.19.3 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 x86_64): libquadmath0-4.7.2_20130108-0.19.3 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64): libquadmath0-32bit-4.7.2_20130108-0.19.3 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libgcc_s1-4.7.2_20130108-0.19.3 libgomp1-4.7.2_20130108-0.19.3 libstdc++6-4.7.2_20130108-0.19.3 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libgcc_s1-32bit-4.7.2_20130108-0.19.3 libgomp1-32bit-4.7.2_20130108-0.19.3 libstdc++6-32bit-4.7.2_20130108-0.19.3 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgcc_s1-4.7.2_20130108-0.19.3 libgomp1-4.7.2_20130108-0.19.3 libstdc++6-4.7.2_20130108-0.19.3 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libgcc_s1-32bit-4.7.2_20130108-0.19.3 libgomp1-32bit-4.7.2_20130108-0.19.3 libstdc++6-32bit-4.7.2_20130108-0.19.3 - SUSE Linux Enterprise Server 11 SP3 (ia64): libgcc_s1-x86-4.7.2_20130108-0.19.3 libstdc++6-x86-4.7.2_20130108-0.19.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libgcc_s1-4.7.2_20130108-0.19.3 libgomp1-4.7.2_20130108-0.19.3 libstdc++6-4.7.2_20130108-0.19.3 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libgcc_s1-32bit-4.7.2_20130108-0.19.3 libgomp1-32bit-4.7.2_20130108-0.19.3 libstdc++6-32bit-4.7.2_20130108-0.19.3 References: https://bugzilla.suse.com/907296 http://download.suse.com/patch/finder/?keywords=6610012a897741fa6b1612dfd2a96c61 From sle-updates at lists.suse.com Fri Feb 13 05:06:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Feb 2015 13:06:25 +0100 (CET) Subject: SUSE-SU-2015:0281-1: moderate: Security update for strongswan Message-ID: <20150213120625.C4F863236E@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0281-1 Rating: moderate References: #856322 #897048 #897512 #910491 Cross-References: CVE-2014-9221 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This strongswan update fixes the following security and non security issues. - Disallow brainpool elliptic curve groups in fips mode (bnc#856322). - Applied an upstream fix for a denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221). - Adjusted whilelist of approved algorithms in fips mode (bsc#856322). - Updated strongswan-hmac package description (bsc#856322). - Disabled explicit gpg validation; osc source_validator does it. - Guarded fipscheck and hmac package in the spec file for >13.1. - Added generation of fips hmac hash files using fipshmac utility and a _fipscheck script to verify binaries/libraries/plugings shipped in the strongswan-hmac package. With enabled fips in the kernel, the ipsec script will call it before any action or in a enforced/manual "ipsec _fipscheck" call. Added config file to load openssl and kernel af-alg plugins, but not all the other modules which provide further/alternative algs. Applied a filter disallowing non-approved algorithms in fips mode. (fate#316931,bnc#856322). - Fixed file list in the optional (disabled) strongswan-test package. - Fixed build of the strongswan built-in integrity checksum library and enabled building it only on architectures tested to work. - Fix to use bug number 897048 instead 856322 in last changes entry. - Applied an upstream patch reverting to store algorithms in the registration order again as ordering them by identifier caused weaker algorithms to be proposed first by default (bsc#897512). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-71=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-71=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): strongswan-5.1.3-9.2 strongswan-debugsource-5.1.3-9.2 strongswan-hmac-5.1.3-9.2 strongswan-ipsec-5.1.3-9.2 strongswan-ipsec-debuginfo-5.1.3-9.2 strongswan-libs0-5.1.3-9.2 strongswan-libs0-debuginfo-5.1.3-9.2 - SUSE Linux Enterprise Server 12 (noarch): strongswan-doc-5.1.3-9.2 - SUSE Linux Enterprise Desktop 12 (x86_64): strongswan-5.1.3-9.1 strongswan-debugsource-5.1.3-9.1 strongswan-ipsec-5.1.3-9.1 strongswan-ipsec-debuginfo-5.1.3-9.1 strongswan-libs0-5.1.3-9.1 strongswan-libs0-debuginfo-5.1.3-9.1 - SUSE Linux Enterprise Desktop 12 (noarch): strongswan-doc-5.1.3-9.1 References: http://support.novell.com/security/cve/CVE-2014-9221.html https://bugzilla.suse.com/856322 https://bugzilla.suse.com/897048 https://bugzilla.suse.com/897512 https://bugzilla.suse.com/910491 From sle-updates at lists.suse.com Fri Feb 13 11:04:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Feb 2015 19:04:49 +0100 (CET) Subject: SUSE-SU-2015:0259-2: important: Security update for ntp Message-ID: <20150213180449.823E53236A@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0259-2 Rating: important References: #910764 #911792 Cross-References: CVE-2014-9293 CVE-2014-9294 CVE-2014-9297 CVE-2014-9298 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: ntp has been updated to fix four security issues: * CVE-2014-9294: ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9293: The config_auth function, when an auth key is not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9298: ::1 can be spoofed on some operating systems, so ACLs based on IPv6 ::1 addresses could be bypassed. (bsc#910764) * CVE-2014-9297: vallen is not validated in several places in ntp_crypto.c, leading to potential information leak. (bsc#910764) Security Issues: * CVE-2014-9294 * CVE-2014-9293 * CVE-2014-9298 * CVE-2014-9297 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-ntp=10308 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): ntp-4.2.4p8-1.29.32.1 ntp-doc-4.2.4p8-1.29.32.1 References: http://support.novell.com/security/cve/CVE-2014-9293.html http://support.novell.com/security/cve/CVE-2014-9294.html http://support.novell.com/security/cve/CVE-2014-9297.html http://support.novell.com/security/cve/CVE-2014-9298.html https://bugzilla.suse.com/910764 https://bugzilla.suse.com/911792 http://download.suse.com/patch/finder/?keywords=e5a9d59f9998dd1feedb5ea5b22cbae3 From sle-updates at lists.suse.com Mon Feb 16 06:05:05 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 14:05:05 +0100 (CET) Subject: SUSE-SU-2015:0288-1: moderate: Security update for jasper Message-ID: <20150216130505.BE8813236A@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0288-1 Rating: moderate References: #911837 Cross-References: CVE-2014-8157 CVE-2014-8158 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: jasper was updated to fix two security issues. These security issues were fixed: - CVE-2014-8157: Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow (bnc#911837). CVE-2014-8158: Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image (bnc#911837). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-73=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-73=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-73=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): jasper-debuginfo-1.900.1-170.1 jasper-debugsource-1.900.1-170.1 libjasper-devel-1.900.1-170.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): jasper-debuginfo-1.900.1-170.1 jasper-debugsource-1.900.1-170.1 libjasper1-1.900.1-170.1 libjasper1-debuginfo-1.900.1-170.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libjasper1-32bit-1.900.1-170.1 libjasper1-debuginfo-32bit-1.900.1-170.1 - SUSE Linux Enterprise Desktop 12 (x86_64): jasper-debuginfo-1.900.1-170.1 jasper-debugsource-1.900.1-170.1 libjasper1-1.900.1-170.1 libjasper1-32bit-1.900.1-170.1 libjasper1-debuginfo-1.900.1-170.1 libjasper1-debuginfo-32bit-1.900.1-170.1 References: http://support.novell.com/security/cve/CVE-2014-8157.html http://support.novell.com/security/cve/CVE-2014-8158.html https://bugzilla.suse.com/911837 From sle-updates at lists.suse.com Mon Feb 16 06:05:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 14:05:47 +0100 (CET) Subject: SUSE-SU-2015:0290-1: important: Security update for krb5 Message-ID: <20150216130547.0E3B03236E@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0290-1 Rating: important References: #897874 #898439 #912002 Cross-References: CVE-2014-5351 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: MIT kerberos krb5 was updated to fix several security issues and bugs. Security issues fixed: CVE-2014-5351: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) sent old keys in a response to a -randkey -keepold request, which allowed remote authenticated users to forge tickets by leveraging administrative access. CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after gss_process_context_token() is used to process a valid context deletion token, the caller was left with a security context handle containing a dangling pointer. Further uses of this handle would have resulted in use-after-free and double-free memory access violations. libgssrpc server applications such as kadmind were vulnerable as they can be instructed to call gss_process_context_token(). CVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR data from an authenticated user, it may have performed use-after-free and double-free memory access violations while cleaning up the partial deserialization results. Other libgssrpc server applications might also been vulnerable if they contain insufficiently defensive XDR functions. CVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepted authentications to two-component server principals whose first component is a left substring of "kadmin" or whose realm is a left prefix of the default realm. CVE-2014-9423: libgssrpc applications including kadmind output four or eight bytes of uninitialized memory to the network as part of an unused "handle" field in replies to clients. Bugs fixed: - Work around replay cache creation race; (bnc#898439). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-74=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-74=1 - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2015-74=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x): krb5-debuginfo-1.12.1-9.1 krb5-debugsource-1.12.1-9.1 krb5-devel-1.12.1-9.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x): krb5-1.12.1-9.1 krb5-client-1.12.1-9.1 krb5-client-debuginfo-1.12.1-9.1 krb5-debuginfo-1.12.1-9.1 krb5-debugsource-1.12.1-9.1 krb5-doc-1.12.1-9.1 krb5-plugin-kdb-ldap-1.12.1-9.1 krb5-plugin-kdb-ldap-debuginfo-1.12.1-9.1 krb5-plugin-preauth-otp-1.12.1-9.1 krb5-plugin-preauth-otp-debuginfo-1.12.1-9.1 krb5-plugin-preauth-pkinit-1.12.1-9.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-9.1 krb5-server-1.12.1-9.1 krb5-server-debuginfo-1.12.1-9.1 - SUSE Linux Enterprise Server 12 (s390x): krb5-32bit-1.12.1-9.1 krb5-debuginfo-32bit-1.12.1-9.1 - SUSE Linux Enterprise Build System Kit 12 (ppc64le s390x): krb5-mini-1.12.1-9.1 krb5-mini-debuginfo-1.12.1-9.1 krb5-mini-debugsource-1.12.1-9.1 krb5-mini-devel-1.12.1-9.1 References: http://support.novell.com/security/cve/CVE-2014-5351.html http://support.novell.com/security/cve/CVE-2014-5352.html http://support.novell.com/security/cve/CVE-2014-9421.html http://support.novell.com/security/cve/CVE-2014-9422.html http://support.novell.com/security/cve/CVE-2014-9423.html https://bugzilla.suse.com/897874 https://bugzilla.suse.com/898439 https://bugzilla.suse.com/912002 From sle-updates at lists.suse.com Mon Feb 16 07:04:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 15:04:56 +0100 (CET) Subject: SUSE-SU-2015:0290-2: important: Security update for krb5 Message-ID: <20150216140456.A9CCF32369@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0290-2 Rating: important References: #897874 #898439 #912002 Cross-References: CVE-2014-5351 CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: MIT kerberos krb5 was updated to fix several security issues and bugs. Security issues fixed: CVE-2014-5351: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) sent old keys in a response to a -randkey -keepold request, which allowed remote authenticated users to forge tickets by leveraging administrative access. CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after gss_process_context_token() is used to process a valid context deletion token, the caller was left with a security context handle containing a dangling pointer. Further uses of this handle would have resulted in use-after-free and double-free memory access violations. libgssrpc server applications such as kadmind were vulnerable as they can be instructed to call gss_process_context_token(). CVE-2014-9421: If the MIT krb5 kadmind daemon receives invalid XDR data from an authenticated user, it may have performed use-after-free and double-free memory access violations while cleaning up the partial deserialization results. Other libgssrpc server applications might also been vulnerable if they contain insufficiently defensive XDR functions. CVE-2014-9422: The MIT krb5 kadmind daemon incorrectly accepted authentications to two-component server principals whose first component is a left substring of "kadmin" or whose realm is a left prefix of the default realm. CVE-2014-9423: libgssrpc applications including kadmind output four or eight bytes of uninitialized memory to the network as part of an unused "handle" field in replies to clients. Bugs fixed: - Work around replay cache creation race; (bnc#898439). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-74=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-74=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-74=1 - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2015-74=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): krb5-debuginfo-1.12.1-9.1 krb5-debugsource-1.12.1-9.1 krb5-devel-1.12.1-9.1 - SUSE Linux Enterprise Server 12 (x86_64): krb5-1.12.1-9.1 krb5-32bit-1.12.1-9.1 krb5-client-1.12.1-9.1 krb5-client-debuginfo-1.12.1-9.1 krb5-debuginfo-1.12.1-9.1 krb5-debuginfo-32bit-1.12.1-9.1 krb5-debugsource-1.12.1-9.1 krb5-doc-1.12.1-9.1 krb5-plugin-kdb-ldap-1.12.1-9.1 krb5-plugin-kdb-ldap-debuginfo-1.12.1-9.1 krb5-plugin-preauth-otp-1.12.1-9.1 krb5-plugin-preauth-otp-debuginfo-1.12.1-9.1 krb5-plugin-preauth-pkinit-1.12.1-9.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-9.1 krb5-server-1.12.1-9.1 krb5-server-debuginfo-1.12.1-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): krb5-1.12.1-9.1 krb5-32bit-1.12.1-9.1 krb5-client-1.12.1-9.1 krb5-client-debuginfo-1.12.1-9.1 krb5-debuginfo-1.12.1-9.1 krb5-debuginfo-32bit-1.12.1-9.1 krb5-debugsource-1.12.1-9.1 - SUSE Linux Enterprise Build System Kit 12 (x86_64): krb5-mini-1.12.1-9.1 krb5-mini-debuginfo-1.12.1-9.1 krb5-mini-debugsource-1.12.1-9.1 krb5-mini-devel-1.12.1-9.1 References: http://support.novell.com/security/cve/CVE-2014-5351.html http://support.novell.com/security/cve/CVE-2014-5352.html http://support.novell.com/security/cve/CVE-2014-9421.html http://support.novell.com/security/cve/CVE-2014-9422.html http://support.novell.com/security/cve/CVE-2014-9423.html https://bugzilla.suse.com/897874 https://bugzilla.suse.com/898439 https://bugzilla.suse.com/912002 From sle-updates at lists.suse.com Mon Feb 16 09:04:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 17:04:59 +0100 (CET) Subject: SUSE-SU-2015:0291-1: moderate: Security update for clamav Message-ID: <20150216160459.7CC9532369@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0291-1 Rating: moderate References: #915512 #916214 #916215 #916217 Cross-References: CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: clamav was updated to version 0.98.6 to fix four security issues. These security issues were fixed: - CVE-2015-1462: ClamAV allowed remote attackers to have unspecified impact via a crafted upx packer file, related to a heap out of bounds condition (bnc#916214). - CVE-2015-1463: ClamAV allowed remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an incorrect compiler optimization (bnc#916215). - CVE-2014-9328: ClamAV allowed remote attackers to have unspecified impact via a crafted upack packer file, related to a heap out of bounds condition (bnc#915512). - CVE-2015-1461: ClamAV allowed remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a heap out of bounds condition (bnc#916217). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-75=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-75=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): clamav-0.98.6-10.1 clamav-debuginfo-0.98.6-10.1 clamav-debugsource-0.98.6-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): clamav-0.98.6-10.1 clamav-debuginfo-0.98.6-10.1 clamav-debugsource-0.98.6-10.1 References: http://support.novell.com/security/cve/CVE-2014-9328.html http://support.novell.com/security/cve/CVE-2015-1461.html http://support.novell.com/security/cve/CVE-2015-1462.html http://support.novell.com/security/cve/CVE-2015-1463.html https://bugzilla.suse.com/915512 https://bugzilla.suse.com/916214 https://bugzilla.suse.com/916215 https://bugzilla.suse.com/916217 From sle-updates at lists.suse.com Mon Feb 16 10:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 18:04:57 +0100 (CET) Subject: SUSE-SU-2015:0292-1: moderate: Security update for elfutils Message-ID: <20150216170457.454253236A@maintenance.suse.de> SUSE Security Update: Security update for elfutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0292-1 Rating: moderate References: #911662 Cross-References: CVE-2014-9447 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: elfutils was updated to fix one security issue. This security issue was fixed: - Directory traversal vulnerability in the read_long_names function (CVE-2014-9447). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-76=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-76=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-76=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): elfutils-debuginfo-0.158-6.1 elfutils-debugsource-0.158-6.1 libasm-devel-0.158-6.1 libdw-devel-0.158-6.1 libebl-devel-0.158-6.1 libelf-devel-0.158-6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): elfutils-0.158-6.1 elfutils-debuginfo-0.158-6.1 elfutils-debugsource-0.158-6.1 libasm1-0.158-6.1 libasm1-debuginfo-0.158-6.1 libdw1-0.158-6.1 libdw1-debuginfo-0.158-6.1 libebl1-0.158-6.1 libebl1-debuginfo-0.158-6.1 libelf1-0.158-6.1 libelf1-debuginfo-0.158-6.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libasm1-32bit-0.158-6.1 libasm1-debuginfo-32bit-0.158-6.1 libdw1-32bit-0.158-6.1 libdw1-debuginfo-32bit-0.158-6.1 libebl1-32bit-0.158-6.1 libebl1-debuginfo-32bit-0.158-6.1 libelf1-32bit-0.158-6.1 libelf1-debuginfo-32bit-0.158-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): elfutils-0.158-6.1 elfutils-debuginfo-0.158-6.1 elfutils-debugsource-0.158-6.1 libasm1-0.158-6.1 libasm1-debuginfo-0.158-6.1 libdw1-0.158-6.1 libdw1-32bit-0.158-6.1 libdw1-debuginfo-0.158-6.1 libdw1-debuginfo-32bit-0.158-6.1 libebl1-0.158-6.1 libebl1-32bit-0.158-6.1 libebl1-debuginfo-0.158-6.1 libebl1-debuginfo-32bit-0.158-6.1 libelf1-0.158-6.1 libelf1-32bit-0.158-6.1 libelf1-debuginfo-0.158-6.1 libelf1-debuginfo-32bit-0.158-6.1 References: http://support.novell.com/security/cve/CVE-2014-9447.html https://bugzilla.suse.com/911662 From sle-updates at lists.suse.com Mon Feb 16 11:04:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 19:04:58 +0100 (CET) Subject: SUSE-SU-2015:0011-2: important: Security update for bind Message-ID: <20150216180458.19F773236A@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0011-2 Rating: important References: #743758 #882511 #908994 Cross-References: CVE-2014-8500 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. It includes one version update. Description: This update provides bind 9.9.6P1, which fixes a defect in delegation handling that could be exploited to crash named. (CVE-2014-8500, bsc#908994) Additionally, two non-security issues have been fixed: * Fix handling of TXT records in ldapdump. (bsc#743758) * Fix a multithread issue with IXFR. (bsc#882511) Security Issues: * CVE-2014-8500 Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-bind=10203 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 9.9.6P1]: bind-9.9.6P1-0.5.5 bind-chrootenv-9.9.6P1-0.5.5 bind-devel-9.9.6P1-0.5.5 bind-doc-9.9.6P1-0.5.5 bind-libs-9.9.6P1-0.5.5 bind-utils-9.9.6P1-0.5.5 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 9.9.6P1]: bind-libs-32bit-9.9.6P1-0.5.5 References: http://support.novell.com/security/cve/CVE-2014-8500.html https://bugzilla.suse.com/743758 https://bugzilla.suse.com/882511 https://bugzilla.suse.com/908994 http://download.suse.com/patch/finder/?keywords=93a0d67b3fb1cddabb9d852b78c4e9a4 From sle-updates at lists.suse.com Mon Feb 16 11:05:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 19:05:40 +0100 (CET) Subject: SUSE-SU-2015:0259-3: important: Security update for ntp Message-ID: <20150216180540.202283236E@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0259-3 Rating: important References: #910764 #911792 Cross-References: CVE-2014-9293 CVE-2014-9294 CVE-2014-9297 CVE-2014-9298 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: ntp has been updated to fix four security issues: * CVE-2014-9294: ntp-keygen used a weak RNG seed, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9293: The config_auth function, when an auth key is not configured, improperly generated a key, which made it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (bsc#910764) * CVE-2014-9298: ::1 can be spoofed on some operating systems, so ACLs based on IPv6 ::1 addresses could be bypassed. (bsc#910764) * CVE-2014-9297: vallen is not validated in several places in ntp_crypto.c, leading to potential information leak. (bsc#910764) Security Issues: * CVE-2014-9294 * CVE-2014-9293 * CVE-2014-9298 * CVE-2014-9297 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-ntp=10307 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): ntp-4.2.4p8-1.29.32.1 ntp-doc-4.2.4p8-1.29.32.1 References: http://support.novell.com/security/cve/CVE-2014-9293.html http://support.novell.com/security/cve/CVE-2014-9294.html http://support.novell.com/security/cve/CVE-2014-9297.html http://support.novell.com/security/cve/CVE-2014-9298.html https://bugzilla.suse.com/910764 https://bugzilla.suse.com/911792 http://download.suse.com/patch/finder/?keywords=900e7482290b4309d9dd461085b05471 From sle-updates at lists.suse.com Mon Feb 16 11:06:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 19:06:09 +0100 (CET) Subject: SUSE-RU-2015:0293-1: Recommended update for xorg-x11-server-rdp Message-ID: <20150216180609.B527E3236E@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server-rdp ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0293-1 Rating: low References: #845791 #896931 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This collective update for xrdp and xorg-x11-server-rdp provides fixes for misbehavior with forwarding of certain keys with Japanese and German keyboard layouts (bnc#896931, bnc#845791). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-xrdp-201412=10131 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-xrdp-201412=10131 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-xrdp-201412=10131 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): xorg-x11-server-rdp-7.3.99-3.22.1 xrdp-0.4.1-28.26.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): xorg-x11-server-rdp-7.3.99-3.22.1 xrdp-0.4.1-28.26.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): xorg-x11-server-rdp-7.3.99-3.22.1 xrdp-0.4.1-28.26.1 References: https://bugzilla.suse.com/845791 https://bugzilla.suse.com/896931 http://download.suse.com/patch/finder/?keywords=3bcffe3cfcdb0601db4081eb56280b77 From sle-updates at lists.suse.com Mon Feb 16 13:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 21:04:55 +0100 (CET) Subject: SUSE-RU-2015:0294-1: Recommended update for studio-help Message-ID: <20150216200455.5B0AC3236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for studio-help ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0294-1 Rating: low References: #904636 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest version of SUSE Studio documentation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-studio-help=10055 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (noarch) [New Version: 1.3.17]: studio-help-1.3.17-0.5.1 References: https://bugzilla.suse.com/904636 http://download.suse.com/patch/finder/?keywords=c43c61483f8100cd7de7df18ec46c0a4 From sle-updates at lists.suse.com Mon Feb 16 13:05:10 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 21:05:10 +0100 (CET) Subject: SUSE-RU-2015:0295-1: important: Recommended update for timezone Message-ID: <20150216200510.8AE4B3236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0295-1 Rating: important References: #912415 #915422 #915693 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update provides the latest timezone information (2015a) for your system, including the following changes: * Add positive leap second on 2015-06-30 23:59:60 UTC, as per IERS Bulletin C 49. (bsc#912415) * Mexico state Quintana Roo (America/Cancun) shifts from Central Time with DST to Eastern Time without DST on 2015-02-01 02:00. (bsc#915422) * Chile (America/Santiago) will retain old DST as standard time from April, also Pacific/Easter, and Antarctica/Palmer. This release also includes changes affecting past time stamps, documentation and some minor bug fixes. For a comprehensive list, refer to the release announcement from ICANN: * http://mm.icann.org/pipermail/tz-announce/2015-January/000028.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-timezone-2015a=10310 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-timezone-2015a=10310 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-timezone-2015a=10310 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-timezone-2015a=10257 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-timezone-2015a=10310 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (noarch) [New Version: 2015a]: timezone-java-2015a-0.4.4 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2015a]: timezone-2015a-0.4.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2015a]: timezone-java-2015a-0.4.4 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2015a]: timezone-2015a-0.4.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2015a]: timezone-java-2015a-0.4.4 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 2015a]: timezone-2015a-0.4.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (noarch) [New Version: 2015a]: timezone-java-2015a-0.4.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2015a]: timezone-2015a-0.4.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2015a]: timezone-java-2015a-0.4.4 References: https://bugzilla.suse.com/912415 https://bugzilla.suse.com/915422 https://bugzilla.suse.com/915693 http://download.suse.com/patch/finder/?keywords=a2b7f6d8e33652ddf01f8277d7f2f2a5 http://download.suse.com/patch/finder/?keywords=f4246e8a28faf00016d3d32eb178529d From sle-updates at lists.suse.com Mon Feb 16 13:05:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 21:05:46 +0100 (CET) Subject: SUSE-RU-2015:0296-1: Recommended update for SUSE Studio Message-ID: <20150216200546.27C223236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Studio ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0296-1 Rating: low References: #879176 #885036 #891073 #892326 #893841 #895968 #898973 #900634 #902500 #903683 #914099 #914102 #914105 #914109 #914111 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has 15 recommended fixes can now be installed. It includes one version update. Description: This update provides SUSE Studio 1.3.9, including templates for SUSE Studio based on SUSE Linux Enterprise 12. Additionally, the update includes fixes for the following issues: * #903683: Support building SLE 12 images on Studio Onsite. * #898973: Regression building SLES 11-SP1 and 11-SP2 appliances. * #891073: Connecting Studio to EC2 via proxy does not work. * #879176: Intermittent corruption of compressed download packages. * #892326: Unable to register appliance after renaming it. * #900634: Build of appliance fails at slms.ssl_certificate. * #885036: Kiwi export from 1.2 does not import correctly on 1.3. * #893841: Remove SLE-for-VMware from Studio's setup templates list. * #902500: slms.prod file generated with and of deleted appliance. * #914105: SLE 12 EULA and systemd services overlap. * #914109: SLES 12 Server OVF Image has no network on initial boot. * #914111: SLED 12 images don't have functional network. * #914099: SLE12 xen images fail to testdrive. * #914102: SLES 12 images fail to give login shell after reboot. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-139-201502=10301 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64) [New Version: 1.3.9]: Containment-Studio-SLE12-5.06.165-20141128133842 susestudio-1.3.9-0.17.2 susestudio-bundled-packages-1.3.9-0.17.2 susestudio-common-1.3.9-0.17.2 susestudio-runner-1.3.9-0.17.2 susestudio-sid-1.3.9-0.17.2 susestudio-ui-server-1.3.9-0.17.2 References: https://bugzilla.suse.com/879176 https://bugzilla.suse.com/885036 https://bugzilla.suse.com/891073 https://bugzilla.suse.com/892326 https://bugzilla.suse.com/893841 https://bugzilla.suse.com/895968 https://bugzilla.suse.com/898973 https://bugzilla.suse.com/900634 https://bugzilla.suse.com/902500 https://bugzilla.suse.com/903683 https://bugzilla.suse.com/914099 https://bugzilla.suse.com/914102 https://bugzilla.suse.com/914105 https://bugzilla.suse.com/914109 https://bugzilla.suse.com/914111 http://download.suse.com/patch/finder/?keywords=1036ffd285e284f87eeeb59eb9253ce1 From sle-updates at lists.suse.com Mon Feb 16 13:08:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Feb 2015 21:08:27 +0100 (CET) Subject: SUSE-RU-2015:0297-1: Recommended update for susestudio-admin_en Message-ID: <20150216200827.0B2B53236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for susestudio-admin_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0297-1 Rating: low References: #904635 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest version of the SUSE Studio Administration Guide. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-admin_en=10127 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (noarch): susestudio-admin_en-11.3-0.17.2 susestudio-admin_en-pdf-11.3-0.17.2 References: https://bugzilla.suse.com/904635 http://download.suse.com/patch/finder/?keywords=837a64ddf8b22c19848f730959154b3f From sle-updates at lists.suse.com Mon Feb 16 19:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Feb 2015 03:04:55 +0100 (CET) Subject: SUSE-SU-2015:0298-1: important: Security update for clamav Message-ID: <20150217020455.B5B763236B@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0298-1 Rating: important References: #915512 #916214 #916215 #916217 Cross-References: CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. It includes one version update. Description: clamav was updated to version 0.98.6 to fix four security issues. These security issues have been fixed: * CVE-2015-1462: ClamAV allowed remote attackers to have unspecified impact via a crafted upx packer file, related to a heap out of bounds condition (bnc#916214). * CVE-2015-1463: ClamAV allowed remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an incorrect compiler optimization (bnc#916215). * CVE-2014-9328: ClamAV allowed remote attackers to have unspecified impact via a crafted upack packer file, related to a heap out of bounds condition (bnc#915512). * CVE-2015-1461: ClamAV allowed remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a heap out of bounds condition (bnc#916217). Security Issues: * CVE-2015-1462 * CVE-2014-9328 * CVE-2015-1463 * CVE-2015-1461 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-clamav=10283 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-clamav=10283 - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-clamav=10285 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-clamav=10284 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-clamav=10283 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 0.98.6]: clamav-0.98.6-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.98.6]: clamav-0.98.6-0.6.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 0.98.6]: clamav-0.98.6-0.6.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 0.98.6]: clamav-0.98.6-0.6.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 0.98.6]: clamav-0.98.6-0.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.98.6]: clamav-0.98.6-0.6.1 References: http://support.novell.com/security/cve/CVE-2014-9328.html http://support.novell.com/security/cve/CVE-2015-1461.html http://support.novell.com/security/cve/CVE-2015-1462.html http://support.novell.com/security/cve/CVE-2015-1463.html https://bugzilla.suse.com/915512 https://bugzilla.suse.com/916214 https://bugzilla.suse.com/916215 https://bugzilla.suse.com/916217 http://download.suse.com/patch/finder/?keywords=2f44be276ad7a4e53a81812520e256c5 http://download.suse.com/patch/finder/?keywords=b856018fc4dcd95c039167b1ea1c6e5d http://download.suse.com/patch/finder/?keywords=b857e6f07106efda6eeb4c842640e58f http://download.suse.com/patch/finder/?keywords=cabd1033f09ef394f7aad5c3fbd890a1 From sle-updates at lists.suse.com Tue Feb 17 01:05:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Feb 2015 09:05:43 +0100 (CET) Subject: SUSE-RU-2015:0299-1: Recommended update for colord Message-ID: <20150217080543.E76E13236E@maintenance.suse.de> SUSE Recommended Update: Recommended update for colord ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0299-1 Rating: low References: #901148 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for colord fixes its Apparmor profile to allow the use of USB calibration devices. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-77=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-77=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-77=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-77=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): colord-1.1.7-5.3 colord-debuginfo-1.1.7-5.3 colord-debugsource-1.1.7-5.3 - SUSE Linux Enterprise Workstation Extension 12 (noarch): colord-lang-1.1.7-5.3 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): colord-debuginfo-1.1.7-5.3 colord-debugsource-1.1.7-5.3 libcolord-devel-1.1.7-5.3 typelib-1_0-ColorHug-1_0-1.1.7-5.3 typelib-1_0-Colord-1_0-1.1.7-5.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): colord-debuginfo-1.1.7-5.3 colord-debugsource-1.1.7-5.3 libcolord2-1.1.7-5.3 libcolord2-debuginfo-1.1.7-5.3 libcolorhug2-1.1.7-5.3 libcolorhug2-debuginfo-1.1.7-5.3 - SUSE Linux Enterprise Server 12 (s390x x86_64): libcolord2-32bit-1.1.7-5.3 libcolord2-debuginfo-32bit-1.1.7-5.3 - SUSE Linux Enterprise Desktop 12 (x86_64): colord-1.1.7-5.3 colord-debuginfo-1.1.7-5.3 colord-debugsource-1.1.7-5.3 libcolord2-1.1.7-5.3 libcolord2-32bit-1.1.7-5.3 libcolord2-debuginfo-1.1.7-5.3 libcolord2-debuginfo-32bit-1.1.7-5.3 libcolorhug2-1.1.7-5.3 libcolorhug2-debuginfo-1.1.7-5.3 - SUSE Linux Enterprise Desktop 12 (noarch): colord-lang-1.1.7-5.3 References: https://bugzilla.suse.com/901148 From sle-updates at lists.suse.com Tue Feb 17 08:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Feb 2015 16:04:57 +0100 (CET) Subject: SUSE-SU-2015:0304-1: important: Security update for java-1_7_1-ibm Message-ID: <20150217150457.0EBE23236A@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0304-1 Rating: important References: #916265 #916266 Cross-References: CVE-2014-8891 CVE-2014-8892 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: java-1_7_1-ibm was updated to fix two security issues. These security issues were fixed: - CVE-2014-8892: Unspecified vulnerability (bnc#916265). - CVE-2014-8891: Unspecified vulnerability (bnc#916266). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-80=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-80=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr2.10-8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr2.10-8.1 java-1_7_1-ibm-jdbc-1.7.1_sr2.10-8.1 - SUSE Linux Enterprise Server 12 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr2.10-8.1 java-1_7_1-ibm-plugin-1.7.1_sr2.10-8.1 References: http://support.novell.com/security/cve/CVE-2014-8891.html http://support.novell.com/security/cve/CVE-2014-8892.html https://bugzilla.suse.com/916265 https://bugzilla.suse.com/916266 From sle-updates at lists.suse.com Tue Feb 17 08:05:26 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Feb 2015 16:05:26 +0100 (CET) Subject: SUSE-SU-2015:0305-1: moderate: Security update for compat-openssl098 Message-ID: <20150217150526.17E8C3236E@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0305-1 Rating: moderate References: #892403 #912014 #912015 #912018 #912293 #912294 #912296 Cross-References: CVE-2014-0224 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: The openssl 0.9.8j compatibility package was updated to fix several security vulnerabilities: CVE-2014-3570: Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. CVE-2014-3571: Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3572: Do not accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. CVE-2014-8275: Fixed various certificate fingerprint issues CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites CVE-2015-0205: OpenSSL 0.9.8j is NOT vulnerable to CVE-2015-0205 as it doesn't support DH certificates and this typo prohibits skipping of certificate verify message for sign only certificates anyway. (This patch only fixes the wrong condition) This update also fixes regression caused by CVE-2014-0224.patch (bnc#892403) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-78=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-78=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-70.2 libopenssl0_9_8-0.9.8j-70.2 libopenssl0_9_8-32bit-0.9.8j-70.2 libopenssl0_9_8-debuginfo-0.9.8j-70.2 libopenssl0_9_8-debuginfo-32bit-0.9.8j-70.2 - SUSE Linux Enterprise Desktop 12 (x86_64): compat-openssl098-debugsource-0.9.8j-70.2 libopenssl0_9_8-0.9.8j-70.2 libopenssl0_9_8-32bit-0.9.8j-70.2 libopenssl0_9_8-debuginfo-0.9.8j-70.2 libopenssl0_9_8-debuginfo-32bit-0.9.8j-70.2 References: http://support.novell.com/security/cve/CVE-2014-0224.html http://support.novell.com/security/cve/CVE-2014-3570.html http://support.novell.com/security/cve/CVE-2014-3571.html http://support.novell.com/security/cve/CVE-2014-3572.html http://support.novell.com/security/cve/CVE-2014-8275.html http://support.novell.com/security/cve/CVE-2015-0204.html http://support.novell.com/security/cve/CVE-2015-0205.html https://bugzilla.suse.com/892403 https://bugzilla.suse.com/912014 https://bugzilla.suse.com/912015 https://bugzilla.suse.com/912018 https://bugzilla.suse.com/912293 https://bugzilla.suse.com/912294 https://bugzilla.suse.com/912296 From sle-updates at lists.suse.com Tue Feb 17 08:06:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Feb 2015 16:06:51 +0100 (CET) Subject: SUSE-SU-2015:0306-1: important: Security update for java-1_6_0-ibm Message-ID: <20150217150651.E9A2C3236E@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0306-1 Rating: important References: #916265 #916266 Cross-References: CVE-2014-8891 CVE-2014-8892 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: java-1_6_0-ibm was updated to fix two security issues. These security issues were fixed: - CVE-2014-8892: Unspecified vulnerability (bnc#916265). - CVE-2014-8891: Unspecified vulnerability (bnc#916266). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-79=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.3-12.1 java-1_6_0-ibm-fonts-1.6.0_sr16.3-12.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.3-12.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.3-12.1 References: http://support.novell.com/security/cve/CVE-2014-8891.html http://support.novell.com/security/cve/CVE-2014-8892.html https://bugzilla.suse.com/916265 https://bugzilla.suse.com/916266 From sle-updates at lists.suse.com Tue Feb 17 11:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Feb 2015 19:04:53 +0100 (CET) Subject: SUSE-RU-2015:0295-2: important: Recommended update for timezone Message-ID: <20150217180453.3D2D93235C@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0295-2 Rating: important References: #912415 #915422 #915693 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update provides the latest timezone information (2015a) for your system, including the following changes: * Add positive leap second on 2015-06-30 23:59:60 UTC, as per IERS Bulletin C 49. (bsc#912415) * Mexico state Quintana Roo (America/Cancun) shifts from Central Time with DST to Eastern Time without DST on 2015-02-01 02:00. (bsc#915422) * Chile (America/Santiago) will retain old DST as standard time from April, also Pacific/Easter, and Antarctica/Palmer. This release also includes changes affecting past time stamps, documentation and some minor bug fixes. For a comprehensive list, refer to the release announcement from ICANN: * http://mm.icann.org/pipermail/tz-announce/2015-January/000028.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-timezone-2015a=10258 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 2015a]: timezone-2015a-0.4.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch) [New Version: 2015a]: timezone-java-2015a-0.4.1 References: https://bugzilla.suse.com/912415 https://bugzilla.suse.com/915422 https://bugzilla.suse.com/915693 http://download.suse.com/patch/finder/?keywords=898b1046b8fd320e717dcf4d9d381f91 From sle-updates at lists.suse.com Wed Feb 18 02:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Feb 2015 10:04:57 +0100 (CET) Subject: SUSE-SU-2015:0307-1: moderate: Security update for wireshark Message-ID: <20150218090457.24AB832365@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0307-1 Rating: moderate References: #912365 #912368 #912369 #912370 #912372 Cross-References: CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update fixes the following security issues: - The following vulnerabilities allowed Wireshark to be crashed by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. + The WCCP dissector could crash wnpa-sec-2015-01 CVE-2015-0559 CVE-2015-0560 [boo#912365] + The LPP dissector could crash. wnpa-sec-2015-02 CVE-2015-0561 [boo#912368] + The DEC DNA Routing Protocol dissector could crash. wnpa-sec-2015-03 CVE-2015-0562 [boo#912369] + The SMTP dissector could crash. wnpa-sec-2015-04 CVE-2015-0563 [boo#912370] + Wireshark could crash while decypting TLS/SSL sessions. wnpa-sec-2015-05 CVE-2015-0564 [boo#912372] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-81=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-81=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-81=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): wireshark-debuginfo-1.10.12-4.1 wireshark-debugsource-1.10.12-4.1 wireshark-devel-1.10.12-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): wireshark-1.10.12-4.1 wireshark-debuginfo-1.10.12-4.1 wireshark-debugsource-1.10.12-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): wireshark-1.10.12-4.1 wireshark-debuginfo-1.10.12-4.1 wireshark-debugsource-1.10.12-4.1 References: http://support.novell.com/security/cve/CVE-2015-0559.html http://support.novell.com/security/cve/CVE-2015-0560.html http://support.novell.com/security/cve/CVE-2015-0561.html http://support.novell.com/security/cve/CVE-2015-0562.html http://support.novell.com/security/cve/CVE-2015-0563.html http://support.novell.com/security/cve/CVE-2015-0564.html https://bugzilla.suse.com/912365 https://bugzilla.suse.com/912368 https://bugzilla.suse.com/912369 https://bugzilla.suse.com/912370 https://bugzilla.suse.com/912372 From sle-updates at lists.suse.com Wed Feb 18 04:07:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Feb 2015 12:07:37 +0100 (CET) Subject: SUSE-SU-2015:0316-1: moderate: Security update for perl-Capture-Tiny Message-ID: <20150218110737.85C2F3236E@maintenance.suse.de> SUSE Security Update: Security update for perl-Capture-Tiny ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0316-1 Rating: moderate References: #862743 Cross-References: CVE-2014-1875 Affected Products: SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: perl-Capture-Tiny was updated to fix one security issue. This security issue was fixed: - CVE-2014-1875: The Capture::Tiny module before 0.24 for Perl allowed local users to write to arbitrary files via a symlink attack on a temporary file (bnc#862743). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2015-82=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Build System Kit 12 (noarch): perl-Capture-Tiny-0.23-4.1 References: http://support.novell.com/security/cve/CVE-2014-1875.html https://bugzilla.suse.com/862743 From sle-updates at lists.suse.com Wed Feb 18 09:05:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Feb 2015 17:05:56 +0100 (CET) Subject: SUSE-SU-2015:0320-1: moderate: Security update for hivex Message-ID: <20150218160556.371703236E@maintenance.suse.de> SUSE Security Update: Security update for hivex ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0320-1 Rating: moderate References: #908614 Cross-References: CVE-2014-9273 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: - CVE-2014-9273: Possible DOS because of missing size checks (bnc#908614) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-83=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-83=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): hivex-debuginfo-1.3.10-4.1 hivex-debugsource-1.3.10-4.1 hivex-devel-1.3.10-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): hivex-debuginfo-1.3.10-4.1 hivex-debugsource-1.3.10-4.1 libhivex0-1.3.10-4.1 libhivex0-debuginfo-1.3.10-4.1 perl-Win-Hivex-1.3.10-4.1 perl-Win-Hivex-debuginfo-1.3.10-4.1 References: http://support.novell.com/security/cve/CVE-2014-9273.html https://bugzilla.suse.com/908614 From sle-updates at lists.suse.com Wed Feb 18 10:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Feb 2015 18:04:57 +0100 (CET) Subject: SUSE-OU-2015:0321-1: Optional update for libGLU1-32bit Message-ID: <20150218170457.7FFCB32365@maintenance.suse.de> SUSE Optional Update: Optional update for libGLU1-32bit ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0321-1 Rating: low References: #904890 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update delivers a 32bit version of libGLU1. This library is required by some 3rd-party applications. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-84=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-84=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (s390x x86_64): libGLU1-32bit-9.0.0-12.1 libGLU1-debuginfo-32bit-9.0.0-12.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libGLU1-32bit-9.0.0-12.1 libGLU1-debuginfo-32bit-9.0.0-12.1 References: https://bugzilla.suse.com/904890 From sle-updates at lists.suse.com Wed Feb 18 17:05:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Feb 2015 01:05:01 +0100 (CET) Subject: SUSE-SU-2015:0322-1: important: Security update for xntp Message-ID: <20150219000501.8A83A32361@maintenance.suse.de> SUSE Security Update: Security update for xntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0322-1 Rating: important References: #911792 Cross-References: CVE-2014-9293 CVE-2014-9294 CVE-2014-9297 CVE-2014-9298 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: xntp has been updated to fix two security issues: * CVE-2014-9298: ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses can be bypassed (bnc#911792). * CVE-2014-9297: vallen is not validated in several places in ntp_crypto.c, leading to potential info leak (bnc#911792). Security Issues: * CVE-2014-9294 * CVE-2014-9293 * CVE-2014-9298 * CVE-2014-9297 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): xntp-4.2.4p3-48.27.1 xntp-doc-4.2.4p3-48.27.1 References: http://support.novell.com/security/cve/CVE-2014-9293.html http://support.novell.com/security/cve/CVE-2014-9294.html http://support.novell.com/security/cve/CVE-2014-9297.html http://support.novell.com/security/cve/CVE-2014-9298.html https://bugzilla.suse.com/911792 http://download.suse.com/patch/finder/?keywords=8c2302f77b01413a386c6a33bf81dd42 From sle-updates at lists.suse.com Wed Feb 18 17:05:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Feb 2015 01:05:21 +0100 (CET) Subject: SUSE-RU-2015:0295-3: important: Recommended update for timezone Message-ID: <20150219000521.2FF7D3236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0295-3 Rating: important References: #912415 #915422 #915693 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update provides the latest timezone information (2015a) for your system, including the following changes: * Add positive leap second on 2015-06-30 23:59:60 UTC, as per IERS Bulletin C 49. (bsc#912415) * Mexico state Quintana Roo (America/Cancun) shifts from Central Time with DST to Eastern Time without DST on 2015-02-01 02:00. (bsc#915422) * Chile (America/Santiago) will retain old DST as standard time from April, also Pacific/Easter, and Antarctica/Palmer. This release also includes changes affecting past time stamps, documentation and some minor bug fixes. For a comprehensive list, refer to the release announcement from ICANN: * http://mm.icann.org/pipermail/tz-announce/2015-January/000028.html Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 2015a]: timezone-2015a-0.5.1 References: https://bugzilla.suse.com/912415 https://bugzilla.suse.com/915422 https://bugzilla.suse.com/915693 http://download.suse.com/patch/finder/?keywords=3984b26a9715dd557ceb8221f822b2fc From sle-updates at lists.suse.com Wed Feb 18 20:06:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Feb 2015 04:06:52 +0100 (CET) Subject: SUSE-RU-2015:0323-1: Recommended update for crowbar-barclamp-ceph Message-ID: <20150219030652.C78A73236B@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0323-1 Rating: low References: #885439 #891559 #893827 #896481 #897815 #899909 #907103 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for crowbar-barclamp-ceph provides stability fixes from the upstream OpenStack project: * Avoid selecting controller nodes for storage * Use region from keystone settings (bnc#896481) * Fix ceph deployment after upgrade from Cloud 3 (bnc#899909) * Drop bootstrap-osd-secret attribute (bnc#893827) * find correct keystone-server (also in the HA case, when only the founder has [:pki][:content] values) (bnc#891559) * the search above might return empty list * token_format must be PKI, that is another result of the search above * Only fetch keystone settings if we are a radosgw node * Fix crash when there's no keystone instance defined * More fixes for check of keystone instance being defined * Move radosgw ssl attributes under radosgw attribute * Fix radosgw apache configuration file to check for SSL/NOSSL defines * Rename variable for clarification * Fix crash on nova-compute-kvm nodes when they don't also host ceph (bnc#885439) * Adding SSL support for RadosGW * Fix crash when saving proposal with no radosgw element * Fix keystone admin url (bnc#907103) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-ceph=10144 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-ceph-1.8+git.1418723089.e5c993a-0.7.1 References: https://bugzilla.suse.com/885439 https://bugzilla.suse.com/891559 https://bugzilla.suse.com/893827 https://bugzilla.suse.com/896481 https://bugzilla.suse.com/897815 https://bugzilla.suse.com/899909 https://bugzilla.suse.com/907103 http://download.suse.com/patch/finder/?keywords=ababd91092dc43f43767d0a741562956 From sle-updates at lists.suse.com Wed Feb 18 20:08:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Feb 2015 04:08:24 +0100 (CET) Subject: SUSE-SU-2015:0324-1: Security update for openstack-nova Message-ID: <20150219030824.899063236A@maintenance.suse.de> SUSE Security Update: Security update for openstack-nova ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0324-1 Rating: low References: #867922 #897815 #898371 #899190 #899199 #901087 #903013 Cross-References: CVE-2014-3608 CVE-2014-3708 CVE-2014-7230 CVE-2014-7231 CVE-2014-8750 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. It includes one version update. Description: This update for openstack-nova provides stability fixes from the upstream OpenStack project: * Add @retry_on_deadlock to _instance_update() * Fix nova-compute start issue after evacuate * Fix nova evacuate issues for RBD * Add _wrap_db_error() support to SessionTransaction.commit() * Fixes DoS issue in instance list ip filter (bnc#903013, CVE-2014-3708) * Make the block device mapping retries configurable * Retry on closing of luks encrypted volume in case device is busy * Nova api service doesn't handle SIGHUP properly * Fix XML UnicodeEncode serialization error * share neutron admin auth tokens * Fix CellStateManagerFile init to failure * postgresql: use postgres db instead of template1 * Fix instance cross AZ check when attaching volumes * Fixes missing ec2 api address disassociate error on failure * Ignore errors when deleting non-existing vifs * VMware: validate that VM exists on backend prior to deletion * VMWare: Fix VM leak when deletion of VM during resizing * Sync process utils from oslo * VMware: prevent race condition with VNC port allocation (bnc#901087, CVE-2014-8750) * Fixes Hyper-V volume mapping issue on reboot * Raise descriptive error for over volume quota * libvirt: Handle unsupported host capabilities * libvirt: Make fakelibvirt.libvirtError match * Adds tests for Hyper-V VM Utils * Removes unnecessary instructions in test_hypervapi * Fixes a Hyper-V list_instances localization issue * Adds list_instance_uuids to the Hyper-V driver * Add _wrap_db_error() support to Session.commit() * Sync process and str utils from oslo (bnc#899190 CVE-2014-7230 CVE-2014-7231) * Fixes Hyper-V agent force_hyperv_utils_v1 flag issue * Fix live-migration failure in FC multipath case * libvirt: Save device_path in connection_info when booting from volume * Fixes Hyper-V boot from volume root device issue * Catch missing Glance image attrs with None * Adds get_instance_disk_info to compute drivers * Include next link when default limit is reached * VM in rescue state must have a restricted set of actions to avoid leaking rescued images (bnc#899199, CVE-2014-3608) * libvirt: return the correct instance path while cleanup_resize * Fix nova image-show with queued image * _translate_from_glance() can cause an unnecessary HTTP request * Neutron: Atomic update of instance info cache * Ensure info cache updates don't overwhelm cells * remove test_multiprocess_api * Fixes Hyper-V resize down exception * libvirt: Use VIR_DOMAIN_AFFECT_LIVE for paused instances * Fix _parse_datetime in simple tenant usage extension * Avoid traceback logs from simple tenant usage extension * Made unassigned networks visible in flat networking * VMware: validate that VM exists on backend prior to deletion (bnc#898371) * Fix attaching config drive issue on Hyper-V when migrate instances * Do not fail cell's instance deletion, if it's missing info_cache * Fixes Hyper-V vm state issue * Update block_device_info to contain swap and ephemeral disks * Loosen import_exceptions to cover all of gettextutils * Fix instance boot when Ceph is used for ephemeral storage * VMware: do not cache image when root_gb is 0 * Delete image when backup operation failed on snapshot step * db: Add @_retry_on_deadlock to service_update() * Fix rootwrap for non openstack.org iqn's * Add Hyper-V driver in the "compute_driver" option description * Block sqlalchemy migrate 0.9.2 as it breaks all of nova * Move the error check for "brctl addif" * Add a retry_on_deadlock to reservations_expire * Add expire reservations in backport position * Make floatingip-ip-delete atomic with neutron * add repr for event objects * make lifecycle event logs more clear * Fix race condition with vif plugging in finish migrate * Delay STOPPED lifecycle event for Xen domains (bnc#867922) * Fix FloatingIP.save() passing FixedIP object to sqlalchemy * fix filelist * use %_rundir if available, otherwise /var/run * Fix expected error details from jsonschema * replace NovaException with VirtualInterfaceCreate when neutron fails * Fixes Hyper-V SCSI slot selection * libvirt: convert cpu features attribute from list to a set * Read deleted instances during lifecycle events * shelve doesn't work on nova-cells environment * Mask block_device_info auth_password in virt driver debug logs * only emit deprecation warnings once Security Issues: * CVE-2014-3708 * CVE-2014-3608 * CVE-2014-7230 * CVE-2014-7231 * CVE-2014-8750 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-nova-0115=10199 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev49]: openstack-nova-2014.1.4.dev49-0.7.1 openstack-nova-api-2014.1.4.dev49-0.7.1 openstack-nova-cells-2014.1.4.dev49-0.7.1 openstack-nova-cert-2014.1.4.dev49-0.7.1 openstack-nova-compute-2014.1.4.dev49-0.7.1 openstack-nova-conductor-2014.1.4.dev49-0.7.1 openstack-nova-console-2014.1.4.dev49-0.7.1 openstack-nova-consoleauth-2014.1.4.dev49-0.7.1 openstack-nova-novncproxy-2014.1.4.dev49-0.7.1 openstack-nova-objectstore-2014.1.4.dev49-0.7.1 openstack-nova-scheduler-2014.1.4.dev49-0.7.1 openstack-nova-vncproxy-2014.1.4.dev49-0.7.1 python-nova-2014.1.4.dev49-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev49]: openstack-nova-doc-2014.1.4.dev49-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-3608.html http://support.novell.com/security/cve/CVE-2014-3708.html http://support.novell.com/security/cve/CVE-2014-7230.html http://support.novell.com/security/cve/CVE-2014-7231.html http://support.novell.com/security/cve/CVE-2014-8750.html https://bugzilla.suse.com/867922 https://bugzilla.suse.com/897815 https://bugzilla.suse.com/898371 https://bugzilla.suse.com/899190 https://bugzilla.suse.com/899199 https://bugzilla.suse.com/901087 https://bugzilla.suse.com/903013 http://download.suse.com/patch/finder/?keywords=d140dcf28b797b3045a71f4e6cd6e0fc From sle-updates at lists.suse.com Thu Feb 19 06:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Feb 2015 14:04:57 +0100 (CET) Subject: SUSE-RU-2015:0326-1: moderate: Recommended update for wicked Message-ID: <20150219130457.B333C3236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0326-1 Rating: moderate References: #895600 #900951 #901337 #901402 #901517 #904061 #904380 #904432 #904776 #904903 #905421 #905750 #906217 #907683 #908554 #910323 #911315 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Build System Kit 12 ______________________________________________________________________________ An update that has 17 recommended fixes can now be installed. Description: This update for Wicked provides the following fixes: - nanny: Use ifindex to reference workers in managed devices and hold worker references when starting fsm (bsc#904061) - nanny: Always reference mdev's worker by ifindex (bsc#904061) - nanny: Register discovered devices only when ready (bsc#904061) - events: Query and update device name on events (bsc#904061) - udev: Verify netdev index and update name at start, disable ready handling if udev is not used, e.g. in LXC (bsc#904061) - xml: Don't require parent's control node in config (bsc#901517) - wireless: Use string dict entry for WIRELESS_AP/bssid (bsc#911315) - extensions: Fixed false errors from hostname update (bsc#910323) - client: Fixed segfault in status (bsc#908554) - bonding: Add new/missed bonding options (bsc#905750) - systemd: Service ordering dependencies (bsc#895600, bsc#901337) - sysctl: Do not fail on read-only proc e.g. in LXC (bsc#904432) - netlink: Recover from netlink event socket errors and allow to configure the event socket buffer sizes (bsc#905421) - bonding: Add encap2+3 and 3+4 xmit-hash-policies (bsc#905750) - client: Apply suse ifcfg alias label (bsc#907683) - netlink: Retry on DUMP_INTR and AGAIN (bsc#904776) - gcrypt: Do not fail when wicked has been build using a newer but compatible library than the currently used (bsc#906217) - compat: Use info level on unspecified ip (bsc#904903) - compat: Fix tap group node generation (bsc#904380) - sit,ipip,gre: Generate tunnel config on change (bsc#901402) - fsm: Always refresh worker on device-ready event and match only ready devices against config workers (bsc#904061) - fsm: Perform tentative check on all started interfaces with nanny (bsc#900951) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-85=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-85=1 - SUSE Linux Enterprise Build System Kit 12: zypper in -t patch SUSE-SLE-BSK-12-2015-85=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libwicked-0-6-0.6.15-8.1 libwicked-0-6-debuginfo-0.6.15-8.1 wicked-0.6.15-8.1 wicked-debuginfo-0.6.15-8.1 wicked-debugsource-0.6.15-8.1 wicked-service-0.6.15-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libwicked-0-6-0.6.15-8.1 libwicked-0-6-debuginfo-0.6.15-8.1 wicked-0.6.15-8.1 wicked-debuginfo-0.6.15-8.1 wicked-debugsource-0.6.15-8.1 wicked-service-0.6.15-8.1 - SUSE Linux Enterprise Build System Kit 12 (ppc64le s390x x86_64): libwicked-0-6-0.6.15-8.1 libwicked-0-6-debuginfo-0.6.15-8.1 wicked-debuginfo-0.6.15-8.1 wicked-debugsource-0.6.15-8.1 References: https://bugzilla.suse.com/895600 https://bugzilla.suse.com/900951 https://bugzilla.suse.com/901337 https://bugzilla.suse.com/901402 https://bugzilla.suse.com/901517 https://bugzilla.suse.com/904061 https://bugzilla.suse.com/904380 https://bugzilla.suse.com/904432 https://bugzilla.suse.com/904776 https://bugzilla.suse.com/904903 https://bugzilla.suse.com/905421 https://bugzilla.suse.com/905750 https://bugzilla.suse.com/906217 https://bugzilla.suse.com/907683 https://bugzilla.suse.com/908554 https://bugzilla.suse.com/910323 https://bugzilla.suse.com/911315 From sle-updates at lists.suse.com Thu Feb 19 07:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Feb 2015 15:04:57 +0100 (CET) Subject: SUSE-OU-2015:0327-1: Optional update for compat-libldap-2_3 Message-ID: <20150219140457.B1A133236A@maintenance.suse.de> SUSE Optional Update: Optional update for compat-libldap-2_3 ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:0327-1 Rating: low References: #913681 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides compat-libldap-2_3, a compatibility library required by some 3rd-party applications. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-86=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le s390x x86_64): compat-libldap-2_3-0-2.3.37-13.1 compat-libldap-2_3-0-debuginfo-2.3.37-13.1 References: https://bugzilla.suse.com/913681 From sle-updates at lists.suse.com Thu Feb 19 13:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Feb 2015 21:04:51 +0100 (CET) Subject: SUSE-RU-2015:0334-1: moderate: Recommended update for python-amqp Message-ID: <20150219200451.2CC7C3236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-amqp ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0334-1 Rating: moderate References: #902207 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: python-amqp's handling of socket timeouts has been improved: if a connection is idle for more than 60 seconds, start sending a probe every 10 seconds. This prevents premature termination of instance snapshotting in SUSE Cloud 4. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-python-amqp=10241 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64): python-amqp-1.2.0-0.11.1 References: https://bugzilla.suse.com/902207 http://download.suse.com/patch/finder/?keywords=21dab9453eb2a656e2c959721e8d65d3 From sle-updates at lists.suse.com Thu Feb 19 13:05:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Feb 2015 21:05:07 +0100 (CET) Subject: SUSE-RU-2015:0335-1: Recommended update for tcpdump Message-ID: <20150219200507.8AAC53236E@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0335-1 Rating: low References: #912943 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tcpdump adds support for the IEEE Link Discovery Protocol as per 802.1ab (LLDP). Indications: Any user can install this update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-tcpdump=10277 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-tcpdump=10277 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-tcpdump=10277 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): tcpdump-3.9.8-1.25.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): tcpdump-3.9.8-1.25.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): tcpdump-3.9.8-1.25.1 References: https://bugzilla.suse.com/912943 http://download.suse.com/patch/finder/?keywords=a20b3709ff367b1322f13726761f914e From sle-updates at lists.suse.com Thu Feb 19 16:04:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Feb 2015 00:04:56 +0100 (CET) Subject: SUSE-SU-2015:0336-1: important: Security update for java-1_7_0-openjdk Message-ID: <20150219230456.4A7DB3236A@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0336-1 Rating: important References: #914041 Cross-References: CVE-2014-3566 CVE-2014-6549 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0413 CVE-2015-0421 CVE-2015-0437 Affected Products: SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. It includes one version update. Description: java-1_7_0-openjdk was updated to fix 19 security issues. Details are available at http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#A ppendixJAVA Security Issues: * CVE-2014-6601 * CVE-2015-0412 * CVE-2014-6549 * CVE-2015-0408 * CVE-2015-0395 * CVE-2015-0437 * CVE-2015-0403 * CVE-2015-0421 * CVE-2015-0406 * CVE-2015-0383 * CVE-2015-0400 * CVE-2015-0407 * CVE-2015-0410 * CVE-2014-6587 * CVE-2014-3566 * CVE-2014-6593 * CVE-2014-6585 * CVE-2014-6591 * CVE-2015-0413 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-java-1_7_0-openjdk=10286 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.7.0.75]: java-1_7_0-openjdk-1.7.0.75-0.7.1 java-1_7_0-openjdk-demo-1.7.0.75-0.7.1 java-1_7_0-openjdk-devel-1.7.0.75-0.7.1 References: http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-6549.html http://support.novell.com/security/cve/CVE-2014-6585.html http://support.novell.com/security/cve/CVE-2014-6587.html http://support.novell.com/security/cve/CVE-2014-6591.html http://support.novell.com/security/cve/CVE-2014-6593.html http://support.novell.com/security/cve/CVE-2014-6601.html http://support.novell.com/security/cve/CVE-2015-0383.html http://support.novell.com/security/cve/CVE-2015-0395.html http://support.novell.com/security/cve/CVE-2015-0400.html http://support.novell.com/security/cve/CVE-2015-0403.html http://support.novell.com/security/cve/CVE-2015-0406.html http://support.novell.com/security/cve/CVE-2015-0407.html http://support.novell.com/security/cve/CVE-2015-0408.html http://support.novell.com/security/cve/CVE-2015-0410.html http://support.novell.com/security/cve/CVE-2015-0412.html http://support.novell.com/security/cve/CVE-2015-0413.html http://support.novell.com/security/cve/CVE-2015-0421.html http://support.novell.com/security/cve/CVE-2015-0437.html https://bugzilla.suse.com/914041 http://download.suse.com/patch/finder/?keywords=8d9a18b0ce3289f724b64f4b4dccc67e From sle-updates at lists.suse.com Fri Feb 20 08:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Feb 2015 16:04:53 +0100 (CET) Subject: SUSE-RU-2015:0339-1: moderate: Recommended update for osc and build Message-ID: <20150220150453.74BDD3236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for osc and build ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0339-1 Rating: moderate References: #880212 Affected Products: SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: osc and build were updated to fix various interaction issues with current openBuild Service versions. Changes done: - add recommend to perl(Net::SSL) (bnc#880212) - add support for debian debootstrap build engine - Update arch config - Add support for conflicts, addselfprovides, weakdeps to query functions - installed package handling works also for arch and debian now - large code cleanup - bugfixes and documentation updates - Add releasesuffix hack for new PTF handling - support parallel build jobs for debs - Fix repocfg usage in the "exact match" case - Improve exclarch handling for deb builds - rewritten workaround for broken chroot tool - add support for new chroot tool * fixes Ubuntu 14.10 builds - man pages for unrpm and vc - support local builds using builenv (for same build environment as a former build) - add "osc api --edit" option to be able to edit some meta files directly - follow the request order of the api (sorting according to priorization) - add mr --release-project option for kgraft updates - add support for makeoriginolder in request - fix bash completion (complete is not propagated into subshells, but PROFILEREAD is, so the setup script is never executed) - removed "--diff" option from the "createrequest" command - introduced new "vc-cmd" config option, which is used to specify the path to the vc script - various bugfixes - support multiple parallel maintenance projects => fixing submit request call Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-87=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (noarch): build-20150115-5.1 build-initvm-s390-20150115-5.1 build-initvm-x86_64-20150115-5.1 build-mkbaselibs-20150115-5.1 osc-0.150.1-4.1 References: https://bugzilla.suse.com/880212 From sle-updates at lists.suse.com Fri Feb 20 14:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Feb 2015 22:04:51 +0100 (CET) Subject: SUSE-RU-2015:0341-1: Recommended update for kdebase4 Message-ID: <20150220210451.445CF3236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdebase4 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0341-1 Rating: low References: #879084 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kdebase4 adds a new configuration option to control whether new Konsole sessions will be started as new processes. Users interested on this feature should add the following lines to the konsolerc configuration file: [ProcessInfo] ForceNewProcess=true Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-dolphin=10244 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-dolphin=10244 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-dolphin=10244 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-dolphin=10244 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libkonq-devel-4.3.5-0.16.3 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): dolphin-4.3.5-0.16.3 kdebase4-4.3.5-0.16.3 kdebase4-libkonq-4.3.5-0.16.3 kdepasswd-4.3.5-0.16.3 kdialog-4.3.5-0.16.3 keditbookmarks-4.3.5-0.16.3 kfind-4.3.5-0.16.3 kinfocenter-4.3.5-0.16.3 konqueror-4.3.5-0.16.3 konsole-4.3.5-0.16.3 kwrite-4.3.5-0.16.3 libkonq5-4.3.5-0.16.3 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): dolphin-4.3.5-0.16.3 kdebase4-4.3.5-0.16.3 kdebase4-libkonq-4.3.5-0.16.3 kdepasswd-4.3.5-0.16.3 kdialog-4.3.5-0.16.3 keditbookmarks-4.3.5-0.16.3 kfind-4.3.5-0.16.3 kinfocenter-4.3.5-0.16.3 konqueror-4.3.5-0.16.3 konsole-4.3.5-0.16.3 kwrite-4.3.5-0.16.3 libkonq5-4.3.5-0.16.3 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): dolphin-4.3.5-0.16.3 kdebase4-4.3.5-0.16.3 kdebase4-libkonq-4.3.5-0.16.3 kdebase4-nsplugin-4.3.5-0.16.3 kdepasswd-4.3.5-0.16.3 kdialog-4.3.5-0.16.3 keditbookmarks-4.3.5-0.16.3 kfind-4.3.5-0.16.3 kinfocenter-4.3.5-0.16.3 konqueror-4.3.5-0.16.3 konsole-4.3.5-0.16.3 kwrite-4.3.5-0.16.3 libkonq5-4.3.5-0.16.3 References: https://bugzilla.suse.com/879084 http://download.suse.com/patch/finder/?keywords=ef64b724abc183949f7a9c364dfd1c7c From sle-updates at lists.suse.com Fri Feb 20 17:05:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Feb 2015 01:05:00 +0100 (CET) Subject: SUSE-RU-2015:0342-1: Recommended update for gnome-packagekit Message-ID: <20150221000500.A3CBC32361@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-packagekit ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0342-1 Rating: low References: #805243 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-packagekit fixes an issue that prevented installation of packages when using a VNC session. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-gnome-packagekit=10209 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-gnome-packagekit=10209 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-gnome-packagekit=10209 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): gnome-packagekit-0.3.14-2.88.2 gnome-packagekit-lang-0.3.14-2.88.2 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): gnome-packagekit-0.3.14-2.88.2 gnome-packagekit-lang-0.3.14-2.88.2 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): gnome-packagekit-0.3.14-2.88.2 gnome-packagekit-lang-0.3.14-2.88.2 References: https://bugzilla.suse.com/805243 http://download.suse.com/patch/finder/?keywords=ec0fe32b5278a62b17335460ea1781b4 From sle-updates at lists.suse.com Fri Feb 20 17:05:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Feb 2015 01:05:20 +0100 (CET) Subject: SUSE-SU-2015:0343-1: important: Security update for java-1_7_0-ibm Message-ID: <20150221000520.174183236A@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0343-1 Rating: important References: #916265 #916266 Cross-References: CVE-2014-8891 CVE-2014-8892 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: java-1_7_0-ibm was updated to fix two security issues: * CVE-2014-8891: Unspecified vulnerability * CVE-2014-8892: Unspecified vulnerability Security Issues: * CVE-2014-8892 * CVE-2014-8891 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-java-1_6_0-ibm=10299 sdksp3-java-1_7_0-ibm=10300 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-java-1_6_0-ibm=10299 slessp3-java-1_7_0-ibm=10300 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-java-1_6_0-ibm=10299 slessp3-java-1_7_0-ibm=10300 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr16.3-0.4.1 java-1_7_0-ibm-devel-1.7.0_sr8.10-0.6.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr16.3-0.4.1 java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): java-1_6_0-ibm-1.6.0_sr16.3-0.4.1 java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.1 java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.1 java-1_7_0-ibm-1.7.0_sr8.10-0.6.1 java-1_7_0-ibm-alsa-1.7.0_sr8.10-0.6.1 java-1_7_0-ibm-jdbc-1.7.0_sr8.10-0.6.1 java-1_7_0-ibm-plugin-1.7.0_sr8.10-0.6.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.3-0.4.1 java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.1 java-1_7_0-ibm-1.7.0_sr8.10-0.6.1 java-1_7_0-ibm-jdbc-1.7.0_sr8.10-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.1 java-1_7_0-ibm-alsa-1.7.0_sr8.10-0.6.1 java-1_7_0-ibm-plugin-1.7.0_sr8.10-0.6.1 - SUSE Linux Enterprise Server 11 SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.1 References: http://support.novell.com/security/cve/CVE-2014-8891.html http://support.novell.com/security/cve/CVE-2014-8892.html https://bugzilla.suse.com/916265 https://bugzilla.suse.com/916266 http://download.suse.com/patch/finder/?keywords=d0fabcb64d4c31a5f5c8a2085498a9f2 http://download.suse.com/patch/finder/?keywords=dd24d5afde779e1651d8cfeb6cdfc2bc From sle-updates at lists.suse.com Fri Feb 20 17:05:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Feb 2015 01:05:45 +0100 (CET) Subject: SUSE-SU-2015:0344-1: important: Security update for java-1_7_0-ibm Message-ID: <20150221000545.063433236A@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0344-1 Rating: important References: #891701 #901223 #901239 #904889 #916265 #916266 Cross-References: CVE-2014-8891 CVE-2014-8892 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: java-1_7_0-ibm was updated to version 1.7.0_sr7.3 to fix 37 security issues: * CVE-2014-8891: Unspecified vulnerability (bnc#916266) * CVE-2014-8892: Unspecified vulnerability (bnc#916265) * CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache (bnc#904889). * CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (bnc#901223). * CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (bnc#901239). * CVE-2014-6456: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (bnc#901239). * CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (bnc#901239). * CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (bnc#901239). * CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (bnc#901239). * CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (bnc#901239). * CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#901239). * CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#901239). * CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#901239). * CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6476: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527 (bnc#901239). * CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (bnc#901239). * CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (bnc#901239). * CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (bnc#901239). * CVE-2014-6527: Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476 (bnc#901239). * CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (bnc#901239). * CVE-2014-4227: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#891701). * CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#891701). * CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot (bnc#891701). * CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX (bnc#891701). * CVE-2014-4220: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208 (bnc#891701). * CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing (bnc#891701). * CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries (bnc#891701). * CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security (bnc#891701). * CVE-2014-4266: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability (bnc#891701). * CVE-2014-4265: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment (bnc#891701). * CVE-2014-4221: Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries (bnc#891701). * CVE-2014-4263: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement (bnc#891701). * CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security (bnc#891701). * CVE-2014-4208: Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220 (bnc#891701). Security Issues: * CVE-2014-8892 * CVE-2014-8891 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-java-1_7_0-ibm=10324 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64): java-1_7_0-ibm-1.7.0_sr8.10-0.6.4 java-1_7_0-ibm-alsa-1.7.0_sr8.10-0.6.4 java-1_7_0-ibm-devel-1.7.0_sr8.10-0.6.4 java-1_7_0-ibm-jdbc-1.7.0_sr8.10-0.6.4 java-1_7_0-ibm-plugin-1.7.0_sr8.10-0.6.4 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x): java-1_7_0-ibm-1.7.0_sr8.10-0.6.5 java-1_7_0-ibm-devel-1.7.0_sr8.10-0.6.5 java-1_7_0-ibm-jdbc-1.7.0_sr8.10-0.6.5 References: http://support.novell.com/security/cve/CVE-2014-8891.html http://support.novell.com/security/cve/CVE-2014-8892.html https://bugzilla.suse.com/891701 https://bugzilla.suse.com/901223 https://bugzilla.suse.com/901239 https://bugzilla.suse.com/904889 https://bugzilla.suse.com/916265 https://bugzilla.suse.com/916266 http://download.suse.com/patch/finder/?keywords=89dfde7681a3e8ac7832df50d44019ed From sle-updates at lists.suse.com Fri Feb 20 17:06:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Feb 2015 01:06:52 +0100 (CET) Subject: SUSE-RU-2015:0165-2: Recommended update for openstack-cinder and openstack-heat Message-ID: <20150221000652.136CF32361@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-cinder and openstack-heat ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0165-2 Rating: low References: #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes two new package versions. Description: This update provides stability fixes from the upstream OpenStack project: openstack-cinder: * Catch ImageNotFound exception when deleting rbd volume * NetApp E-series: Do not log passwords in requests * Fix NetApp AutoSupport Shortcomings * NetApp 7mode NFS driver doesn't honor netapp_vfiler option * Raise exception if invalid IP is specified * Eventlet green threads not released back to pool * Ensure rbd connect exception is properly caught * Remove check_uptodate.sh check from tox.ini. openstack-heat: * Call server volume detach only once * Use environment file in template-validate. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-0115=10198 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev11 and 2014.1.4.dev38]: openstack-cinder-2014.1.4.dev38-0.7.1 openstack-cinder-api-2014.1.4.dev38-0.7.1 openstack-cinder-backup-2014.1.4.dev38-0.7.1 openstack-cinder-scheduler-2014.1.4.dev38-0.7.1 openstack-cinder-volume-2014.1.4.dev38-0.7.1 openstack-heat-2014.1.4.dev11-0.7.1 openstack-heat-api-2014.1.4.dev11-0.7.1 openstack-heat-api-cfn-2014.1.4.dev11-0.7.1 openstack-heat-api-cloudwatch-2014.1.4.dev11-0.7.1 openstack-heat-engine-2014.1.4.dev11-0.7.1 python-cinder-2014.1.4.dev38-0.7.1 python-heat-2014.1.4.dev11-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev11 and 2014.1.4.dev38]: openstack-cinder-doc-2014.1.4.dev38-0.7.1 openstack-heat-doc-2014.1.4.dev11-0.7.1 References: https://bugzilla.suse.com/913692 http://download.suse.com/patch/finder/?keywords=91d5d2924e893f4b6d7935ce498bed0d From sle-updates at lists.suse.com Fri Feb 20 17:07:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Feb 2015 01:07:09 +0100 (CET) Subject: SUSE-SU-2015:0345-1: important: Security update for java-1_6_0-ibm Message-ID: <20150221000709.60E3C3236A@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0345-1 Rating: important References: #901223 #901239 #904889 #916265 #916266 Cross-References: CVE-2014-8891 CVE-2014-8892 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: java-1_6_0-ibm was updated to version 1.6.0_sr16.3 to fix 20 security issues: * CVE-2014-8891: Unspecified vulnerability (bnc#916266) * CVE-2014-8892: Unspecified vulnerability (bnc#916265) * CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache (bnc#904889). * CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (bnc#901223). * CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (bnc#901239). * CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (bnc#901239). * CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (bnc#901239). * CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (bnc#901239). * CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (bnc#901239). * CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#901239). * CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#901239). * CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#901239). * CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment (bnc#901239). * CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (bnc#901239). * CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (bnc#901239). * CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (bnc#901239). Security Issues: * CVE-2014-8892 * CVE-2014-8891 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.3-0.9.1 java-1_6_0-ibm-devel-1.6.0_sr16.3-0.9.1 java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.9.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.9.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr16.3-0.9.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr16.3-0.9.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.9.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr16.3-0.9.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr16.3-0.9.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.9.1 References: http://support.novell.com/security/cve/CVE-2014-8891.html http://support.novell.com/security/cve/CVE-2014-8892.html https://bugzilla.suse.com/901223 https://bugzilla.suse.com/901239 https://bugzilla.suse.com/904889 https://bugzilla.suse.com/916265 https://bugzilla.suse.com/916266 http://download.suse.com/patch/finder/?keywords=a992e300008dd2cf884e0b1fa9206267 From sle-updates at lists.suse.com Mon Feb 23 02:04:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Feb 2015 10:04:56 +0100 (CET) Subject: SUSE-SU-2015:0349-1: moderate: Security update for qemu Message-ID: <20150223090456.8899D3236A@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0349-1 Rating: moderate References: #905097 #907805 #908380 Cross-References: CVE-2014-7840 CVE-2014-8106 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: QEMU was updated to fix various bugs and security issues. Following security issues were fixed: CVE-2014-8106: Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU allowed local guest users to execute arbitrary code via vectors related to blit regions. CVE-2014-7840: The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allowed remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. Also a bug was fixed where qemu-img convert could occasionaly corrupt images. (bsc#908380) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-88=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-88=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): qemu-2.0.2-42.1 qemu-block-curl-2.0.2-42.1 qemu-block-curl-debuginfo-2.0.2-42.1 qemu-debugsource-2.0.2-42.1 qemu-guest-agent-2.0.2-42.1 qemu-guest-agent-debuginfo-2.0.2-42.1 qemu-lang-2.0.2-42.1 qemu-tools-2.0.2-42.1 qemu-tools-debuginfo-2.0.2-42.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): qemu-kvm-2.0.2-42.1 - SUSE Linux Enterprise Server 12 (ppc64le): qemu-ppc-2.0.2-42.1 qemu-ppc-debuginfo-2.0.2-42.1 - SUSE Linux Enterprise Server 12 (noarch): qemu-ipxe-1.0.0-42.1 qemu-seabios-1.7.4-42.1 qemu-sgabios-8-42.1 qemu-vgabios-1.7.4-42.1 - SUSE Linux Enterprise Server 12 (x86_64): qemu-x86-2.0.2-42.1 qemu-x86-debuginfo-2.0.2-42.1 - SUSE Linux Enterprise Server 12 (s390x): qemu-s390-2.0.2-42.1 qemu-s390-debuginfo-2.0.2-42.1 - SUSE Linux Enterprise Desktop 12 (x86_64): qemu-2.0.2-42.1 qemu-block-curl-2.0.2-42.1 qemu-block-curl-debuginfo-2.0.2-42.1 qemu-debugsource-2.0.2-42.1 qemu-kvm-2.0.2-42.1 qemu-tools-2.0.2-42.1 qemu-tools-debuginfo-2.0.2-42.1 qemu-x86-2.0.2-42.1 qemu-x86-debuginfo-2.0.2-42.1 - SUSE Linux Enterprise Desktop 12 (noarch): qemu-ipxe-1.0.0-42.1 qemu-seabios-1.7.4-42.1 qemu-sgabios-8-42.1 qemu-vgabios-1.7.4-42.1 References: http://support.novell.com/security/cve/CVE-2014-7840.html http://support.novell.com/security/cve/CVE-2014-8106.html https://bugzilla.suse.com/905097 https://bugzilla.suse.com/907805 https://bugzilla.suse.com/908380 From sle-updates at lists.suse.com Mon Feb 23 05:04:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Feb 2015 13:04:59 +0100 (CET) Subject: SUSE-RU-2015:0350-1: Recommended update for gnome-documents Message-ID: <20150223120459.DB83B3236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-documents ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0350-1 Rating: low References: #902922 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: When converting documents to PDF format, gnome-documents will now use LibreOffice instead of unoconv. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-89=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-89=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): gnome-documents-3.10.2-4.2 gnome-documents-debuginfo-3.10.2-4.2 gnome-documents-debugsource-3.10.2-4.2 gnome-shell-search-provider-documents-3.10.2-4.2 - SUSE Linux Enterprise Workstation Extension 12 (noarch): gnome-documents-lang-3.10.2-4.2 - SUSE Linux Enterprise Desktop 12 (x86_64): gnome-documents-3.10.2-4.2 gnome-documents-debuginfo-3.10.2-4.2 gnome-documents-debugsource-3.10.2-4.2 gnome-shell-search-provider-documents-3.10.2-4.2 - SUSE Linux Enterprise Desktop 12 (noarch): gnome-documents-lang-3.10.2-4.2 References: https://bugzilla.suse.com/902922 From sle-updates at lists.suse.com Mon Feb 23 07:05:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Feb 2015 15:05:50 +0100 (CET) Subject: SUSE-RU-2015:0352-1: Recommended update for patterns-sles Message-ID: <20150223140550.08DC63236E@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0352-1 Rating: low References: #913216 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds Perl to the "LAMP" pattern. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-90=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): patterns-sles-lamp_server-12-61.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): patterns-sles-lamp_server-32bit-12-61.1 References: https://bugzilla.suse.com/913216 From sle-updates at lists.suse.com Mon Feb 23 08:05:04 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Feb 2015 16:05:04 +0100 (CET) Subject: SUSE-SU-2015:0353-1: important: Security update for samba Message-ID: <20150223150504.A26D13236A@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0353-1 Rating: important References: #872912 #873922 #876312 #889175 #898031 #908627 #913238 #917376 Cross-References: CVE-2015-0240 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: samba was updated to fix one security issue. This security issue was fixed: - CVE-2015-0240: Don't call talloc_free on an uninitialized pointer (bnc#917376). These non-security issues were fixed: - Fix vfs_snapper DBus string handling (bso#11055, bnc#913238). - Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals (bso#10123). + Set domain/workgroup based on authentication callback value (bso#11059). - pam_winbind: Fix warn_pwd_expire implementation (bso#9056). - nsswitch: Fix soname of linux nss_*.so.2 modules (bso#9299). - Fix profiles tool (bso#9629). - s3-lib: Do not require a password with --use-ccache (bso#10279). - s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control (bso#10949). - s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses (bso#10952). - s3:smb2_server: Allow reauthentication without signing (bso#10958). - s3-smbclient: Return success if we listed the shares (bso#10960). - s3-smbstatus: Fix exit code of profile output (bso#10961). - libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does (bso#10966). - s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention (bso#10982). - Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions' (bso#11006). - idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo (bso#11006). - winbind: Retry LogonControl RPC in ping-dc after session expiration (bso#11034). - yast2-samba-client should be able to specify osName and osVer on AD domain join (bnc#873922). - Lookup FSRVP share snums at runtime rather than storing them persistently (bnc#908627). - Specify soft dependency for network-online.target in Winbind systemd service file (bnc#889175). - Fix spoolss error response marshalling; (bso#10984). - pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state (bso#10472). - s4-dns: Add support for BIND 9.10 (bso#10620). - nmbd fails to accept "--piddir" option; (bso#10711). - S3: source3/smbd/process.c::srv_send_smb() returns true on the error path (bso#10880). - vfs_glusterfs: Remove "integer fd" code and store the glfs pointers (bso#10889). - s3-nmbd: Fix netbios name truncation (bso#10896). - spoolss: Fix handling of bad EnumJobs levels (bso#10898). - spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). - s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). - s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). - pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). - s3-keytab: Fix keytab array NULL termination; (bso#10933). - Cleanup add_string_to_array and usage; (bso#10942). - Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312). - Use the upstream tar ball, as signature verification is now able to handle compressed archives. - Fix leak when closing file descriptor returned from dirfd; (bso#10918). - Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898). - Remove dependency on gpg-offline as signature checking is implemented in the source validator. - s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). - s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). - s3-libads: Add all machine account principals to the keytab; (bso#9985). - s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). - Fix unstrcpy; (bso#10735). - pthreadpool: Slightly serialize jobs; (bso#10779). - s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). - s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). - vfs_media_harmony: Fix a crash bug; (bso#10813). - docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). - nmbd: Send waiting status to systemd; (bso#10816). - libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). - nsswitch: Skip groups we were not able to map; (bso#10824). - s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). - s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). - s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). - idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). - s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). - s3: smb2cli: Query info return length check was reversed; (bso#10848). - registry: Don't leave dangling transactions; (bso#10860). - Prune idle or hung connections older than "winbind request timeout"; (bso#3204); (bnc#872912). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-91=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-91=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-91=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libdcerpc-atsvc-devel-4.1.12-16.1 libdcerpc-atsvc0-4.1.12-16.1 libdcerpc-atsvc0-debuginfo-4.1.12-16.1 libdcerpc-devel-4.1.12-16.1 libdcerpc-samr-devel-4.1.12-16.1 libdcerpc-samr0-4.1.12-16.1 libdcerpc-samr0-debuginfo-4.1.12-16.1 libgensec-devel-4.1.12-16.1 libndr-devel-4.1.12-16.1 libndr-krb5pac-devel-4.1.12-16.1 libndr-nbt-devel-4.1.12-16.1 libndr-standard-devel-4.1.12-16.1 libnetapi-devel-4.1.12-16.1 libpdb-devel-4.1.12-16.1 libregistry-devel-4.1.12-16.1 libsamba-credentials-devel-4.1.12-16.1 libsamba-hostconfig-devel-4.1.12-16.1 libsamba-policy-devel-4.1.12-16.1 libsamba-policy0-4.1.12-16.1 libsamba-policy0-debuginfo-4.1.12-16.1 libsamba-util-devel-4.1.12-16.1 libsamdb-devel-4.1.12-16.1 libsmbclient-devel-4.1.12-16.1 libsmbclient-raw-devel-4.1.12-16.1 libsmbconf-devel-4.1.12-16.1 libsmbldap-devel-4.1.12-16.1 libsmbsharemodes-devel-4.1.12-16.1 libsmbsharemodes0-4.1.12-16.1 libsmbsharemodes0-debuginfo-4.1.12-16.1 libtevent-util-devel-4.1.12-16.1 libwbclient-devel-4.1.12-16.1 samba-core-devel-4.1.12-16.1 samba-debuginfo-4.1.12-16.1 samba-debugsource-4.1.12-16.1 samba-test-devel-4.1.12-16.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libdcerpc-binding0-4.1.12-16.1 libdcerpc-binding0-debuginfo-4.1.12-16.1 libdcerpc0-4.1.12-16.1 libdcerpc0-debuginfo-4.1.12-16.1 libgensec0-4.1.12-16.1 libgensec0-debuginfo-4.1.12-16.1 libndr-krb5pac0-4.1.12-16.1 libndr-krb5pac0-debuginfo-4.1.12-16.1 libndr-nbt0-4.1.12-16.1 libndr-nbt0-debuginfo-4.1.12-16.1 libndr-standard0-4.1.12-16.1 libndr-standard0-debuginfo-4.1.12-16.1 libndr0-4.1.12-16.1 libndr0-debuginfo-4.1.12-16.1 libnetapi0-4.1.12-16.1 libnetapi0-debuginfo-4.1.12-16.1 libpdb0-4.1.12-16.1 libpdb0-debuginfo-4.1.12-16.1 libregistry0-4.1.12-16.1 libregistry0-debuginfo-4.1.12-16.1 libsamba-credentials0-4.1.12-16.1 libsamba-credentials0-debuginfo-4.1.12-16.1 libsamba-hostconfig0-4.1.12-16.1 libsamba-hostconfig0-debuginfo-4.1.12-16.1 libsamba-util0-4.1.12-16.1 libsamba-util0-debuginfo-4.1.12-16.1 libsamdb0-4.1.12-16.1 libsamdb0-debuginfo-4.1.12-16.1 libsmbclient-raw0-4.1.12-16.1 libsmbclient-raw0-debuginfo-4.1.12-16.1 libsmbclient0-4.1.12-16.1 libsmbclient0-debuginfo-4.1.12-16.1 libsmbconf0-4.1.12-16.1 libsmbconf0-debuginfo-4.1.12-16.1 libsmbldap0-4.1.12-16.1 libsmbldap0-debuginfo-4.1.12-16.1 libtevent-util0-4.1.12-16.1 libtevent-util0-debuginfo-4.1.12-16.1 libwbclient0-4.1.12-16.1 libwbclient0-debuginfo-4.1.12-16.1 samba-4.1.12-16.1 samba-client-4.1.12-16.1 samba-client-debuginfo-4.1.12-16.1 samba-debuginfo-4.1.12-16.1 samba-debugsource-4.1.12-16.1 samba-libs-4.1.12-16.1 samba-libs-debuginfo-4.1.12-16.1 samba-winbind-4.1.12-16.1 samba-winbind-debuginfo-4.1.12-16.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libdcerpc-binding0-32bit-4.1.12-16.1 libdcerpc-binding0-debuginfo-32bit-4.1.12-16.1 libdcerpc0-32bit-4.1.12-16.1 libdcerpc0-debuginfo-32bit-4.1.12-16.1 libgensec0-32bit-4.1.12-16.1 libgensec0-debuginfo-32bit-4.1.12-16.1 libndr-krb5pac0-32bit-4.1.12-16.1 libndr-krb5pac0-debuginfo-32bit-4.1.12-16.1 libndr-nbt0-32bit-4.1.12-16.1 libndr-nbt0-debuginfo-32bit-4.1.12-16.1 libndr-standard0-32bit-4.1.12-16.1 libndr-standard0-debuginfo-32bit-4.1.12-16.1 libndr0-32bit-4.1.12-16.1 libndr0-debuginfo-32bit-4.1.12-16.1 libnetapi0-32bit-4.1.12-16.1 libnetapi0-debuginfo-32bit-4.1.12-16.1 libpdb0-32bit-4.1.12-16.1 libpdb0-debuginfo-32bit-4.1.12-16.1 libsamba-credentials0-32bit-4.1.12-16.1 libsamba-credentials0-debuginfo-32bit-4.1.12-16.1 libsamba-hostconfig0-32bit-4.1.12-16.1 libsamba-hostconfig0-debuginfo-32bit-4.1.12-16.1 libsamba-util0-32bit-4.1.12-16.1 libsamba-util0-debuginfo-32bit-4.1.12-16.1 libsamdb0-32bit-4.1.12-16.1 libsamdb0-debuginfo-32bit-4.1.12-16.1 libsmbclient-raw0-32bit-4.1.12-16.1 libsmbclient-raw0-debuginfo-32bit-4.1.12-16.1 libsmbclient0-32bit-4.1.12-16.1 libsmbclient0-debuginfo-32bit-4.1.12-16.1 libsmbconf0-32bit-4.1.12-16.1 libsmbconf0-debuginfo-32bit-4.1.12-16.1 libsmbldap0-32bit-4.1.12-16.1 libsmbldap0-debuginfo-32bit-4.1.12-16.1 libtevent-util0-32bit-4.1.12-16.1 libtevent-util0-debuginfo-32bit-4.1.12-16.1 libwbclient0-32bit-4.1.12-16.1 libwbclient0-debuginfo-32bit-4.1.12-16.1 samba-32bit-4.1.12-16.1 samba-client-32bit-4.1.12-16.1 samba-client-debuginfo-32bit-4.1.12-16.1 samba-debuginfo-32bit-4.1.12-16.1 samba-libs-32bit-4.1.12-16.1 samba-libs-debuginfo-32bit-4.1.12-16.1 samba-winbind-32bit-4.1.12-16.1 samba-winbind-debuginfo-32bit-4.1.12-16.1 - SUSE Linux Enterprise Server 12 (noarch): samba-doc-4.1.12-16.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libdcerpc-binding0-32bit-4.1.12-16.1 libdcerpc-binding0-4.1.12-16.1 libdcerpc-binding0-debuginfo-32bit-4.1.12-16.1 libdcerpc-binding0-debuginfo-4.1.12-16.1 libdcerpc0-32bit-4.1.12-16.1 libdcerpc0-4.1.12-16.1 libdcerpc0-debuginfo-32bit-4.1.12-16.1 libdcerpc0-debuginfo-4.1.12-16.1 libgensec0-32bit-4.1.12-16.1 libgensec0-4.1.12-16.1 libgensec0-debuginfo-32bit-4.1.12-16.1 libgensec0-debuginfo-4.1.12-16.1 libndr-krb5pac0-32bit-4.1.12-16.1 libndr-krb5pac0-4.1.12-16.1 libndr-krb5pac0-debuginfo-32bit-4.1.12-16.1 libndr-krb5pac0-debuginfo-4.1.12-16.1 libndr-nbt0-32bit-4.1.12-16.1 libndr-nbt0-4.1.12-16.1 libndr-nbt0-debuginfo-32bit-4.1.12-16.1 libndr-nbt0-debuginfo-4.1.12-16.1 libndr-standard0-32bit-4.1.12-16.1 libndr-standard0-4.1.12-16.1 libndr-standard0-debuginfo-32bit-4.1.12-16.1 libndr-standard0-debuginfo-4.1.12-16.1 libndr0-32bit-4.1.12-16.1 libndr0-4.1.12-16.1 libndr0-debuginfo-32bit-4.1.12-16.1 libndr0-debuginfo-4.1.12-16.1 libnetapi0-32bit-4.1.12-16.1 libnetapi0-4.1.12-16.1 libnetapi0-debuginfo-32bit-4.1.12-16.1 libnetapi0-debuginfo-4.1.12-16.1 libpdb0-32bit-4.1.12-16.1 libpdb0-4.1.12-16.1 libpdb0-debuginfo-32bit-4.1.12-16.1 libpdb0-debuginfo-4.1.12-16.1 libregistry0-4.1.12-16.1 libregistry0-debuginfo-4.1.12-16.1 libsamba-credentials0-32bit-4.1.12-16.1 libsamba-credentials0-4.1.12-16.1 libsamba-credentials0-debuginfo-32bit-4.1.12-16.1 libsamba-credentials0-debuginfo-4.1.12-16.1 libsamba-hostconfig0-32bit-4.1.12-16.1 libsamba-hostconfig0-4.1.12-16.1 libsamba-hostconfig0-debuginfo-32bit-4.1.12-16.1 libsamba-hostconfig0-debuginfo-4.1.12-16.1 libsamba-util0-32bit-4.1.12-16.1 libsamba-util0-4.1.12-16.1 libsamba-util0-debuginfo-32bit-4.1.12-16.1 libsamba-util0-debuginfo-4.1.12-16.1 libsamdb0-32bit-4.1.12-16.1 libsamdb0-4.1.12-16.1 libsamdb0-debuginfo-32bit-4.1.12-16.1 libsamdb0-debuginfo-4.1.12-16.1 libsmbclient-raw0-32bit-4.1.12-16.1 libsmbclient-raw0-4.1.12-16.1 libsmbclient-raw0-debuginfo-32bit-4.1.12-16.1 libsmbclient-raw0-debuginfo-4.1.12-16.1 libsmbclient0-32bit-4.1.12-16.1 libsmbclient0-4.1.12-16.1 libsmbclient0-debuginfo-32bit-4.1.12-16.1 libsmbclient0-debuginfo-4.1.12-16.1 libsmbconf0-32bit-4.1.12-16.1 libsmbconf0-4.1.12-16.1 libsmbconf0-debuginfo-32bit-4.1.12-16.1 libsmbconf0-debuginfo-4.1.12-16.1 libsmbldap0-32bit-4.1.12-16.1 libsmbldap0-4.1.12-16.1 libsmbldap0-debuginfo-32bit-4.1.12-16.1 libsmbldap0-debuginfo-4.1.12-16.1 libtevent-util0-32bit-4.1.12-16.1 libtevent-util0-4.1.12-16.1 libtevent-util0-debuginfo-32bit-4.1.12-16.1 libtevent-util0-debuginfo-4.1.12-16.1 libwbclient0-32bit-4.1.12-16.1 libwbclient0-4.1.12-16.1 libwbclient0-debuginfo-32bit-4.1.12-16.1 libwbclient0-debuginfo-4.1.12-16.1 samba-32bit-4.1.12-16.1 samba-4.1.12-16.1 samba-client-32bit-4.1.12-16.1 samba-client-4.1.12-16.1 samba-client-debuginfo-32bit-4.1.12-16.1 samba-client-debuginfo-4.1.12-16.1 samba-debuginfo-32bit-4.1.12-16.1 samba-debuginfo-4.1.12-16.1 samba-debugsource-4.1.12-16.1 samba-libs-32bit-4.1.12-16.1 samba-libs-4.1.12-16.1 samba-libs-debuginfo-32bit-4.1.12-16.1 samba-libs-debuginfo-4.1.12-16.1 samba-winbind-32bit-4.1.12-16.1 samba-winbind-4.1.12-16.1 samba-winbind-debuginfo-32bit-4.1.12-16.1 samba-winbind-debuginfo-4.1.12-16.1 - SUSE Linux Enterprise Desktop 12 (noarch): samba-doc-4.1.12-16.1 References: http://support.novell.com/security/cve/CVE-2015-0240.html https://bugzilla.suse.com/872912 https://bugzilla.suse.com/873922 https://bugzilla.suse.com/876312 https://bugzilla.suse.com/889175 https://bugzilla.suse.com/898031 https://bugzilla.suse.com/908627 https://bugzilla.suse.com/913238 https://bugzilla.suse.com/917376 From sle-updates at lists.suse.com Mon Feb 23 10:04:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Feb 2015 18:04:59 +0100 (CET) Subject: SUSE-SU-2015:0355-1: moderate: Security update for unzip Message-ID: <20150223170459.28D5C3236A@maintenance.suse.de> SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0355-1 Rating: moderate References: #914442 Cross-References: CVE-2014-9636 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: unzip was updated to fix one security issue. This security issue was fixed: - Out-of-bounds read/write in test_compr_eb() in extract.c (CVE-2014-9636). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-92=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-92=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): unzip-6.00-32.1 unzip-debuginfo-6.00-32.1 unzip-debugsource-6.00-32.1 - SUSE Linux Enterprise Desktop 12 (x86_64): unzip-6.00-32.1 unzip-debuginfo-6.00-32.1 unzip-debugsource-6.00-32.1 References: http://support.novell.com/security/cve/CVE-2014-9636.html https://bugzilla.suse.com/914442 From sle-updates at lists.suse.com Mon Feb 23 11:04:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Feb 2015 19:04:57 +0100 (CET) Subject: SUSE-RU-2015:0356-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20150223180457.2C1BE3236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0356-1 Rating: moderate References: #909114 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client provides the following changes: - Update to version 6.3.5, which fixes several issues with the SMT certificate. Most of them were needed to work properly with SUSEConnect for SLE 11 and 12 registration. (bnc#909114) - re-licensed to LGPL-3.0 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-93=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-6.3.5-7.1 cloud-regionsrv-client-generic-config-1.0.0-7.1 cloud-regionsrv-client-plugin-gce-1.0.0-7.1 References: https://bugzilla.suse.com/909114 From sle-updates at lists.suse.com Mon Feb 23 11:05:15 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Feb 2015 19:05:15 +0100 (CET) Subject: SUSE-SU-2015:0182-2: moderate: Security update for compat-openssl097g Message-ID: <20150223180515.90BDB3236E@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0182-2 Rating: moderate References: #912014 #912015 #912018 #912293 #912296 Cross-References: CVE-2014-3570 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: OpenSSL (compat-openssl097g) has been updated to fix various security issues. More information can be found in the OpenSSL advisory: http://openssl.org/news/secadv_20150108.txt . The following issues have been fixed: * CVE-2014-3570: Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64. (bsc#912296) * CVE-2014-3572: Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015) * CVE-2014-8275: Fixed various certificate fingerprint issues. (bsc#912018) * CVE-2015-0204: Only allow ephemeral RSA keys in export ciphersuites. (bsc#912014) * CVE-2015-0205: A fix was added to prevent use of DH client certificates without sending certificate verify message. Note that compat-openssl097g is not affected by this problem, a fix was however applied to the sources. (bsc#912293) Security Issues: * CVE-2014-3570 * CVE-2014-3572 * CVE-2014-8275 * CVE-2015-0204 * CVE-2015-0205 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP1: zypper in -t patch slesapp1-compat-openssl097g=10207 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP1 (x86_64): compat-openssl097g-0.9.7g-146.22.27.1 compat-openssl097g-32bit-0.9.7g-146.22.27.1 References: http://support.novell.com/security/cve/CVE-2014-3570.html http://support.novell.com/security/cve/CVE-2014-3572.html http://support.novell.com/security/cve/CVE-2014-8275.html http://support.novell.com/security/cve/CVE-2015-0204.html http://support.novell.com/security/cve/CVE-2015-0205.html https://bugzilla.suse.com/912014 https://bugzilla.suse.com/912015 https://bugzilla.suse.com/912018 https://bugzilla.suse.com/912293 https://bugzilla.suse.com/912296 http://download.suse.com/patch/finder/?keywords=09b85b8db8361973359d106ace9fe4b9 From sle-updates at lists.suse.com Mon Feb 23 16:06:14 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Feb 2015 00:06:14 +0100 (CET) Subject: SUSE-SU-2015:0357-1: moderate: Security update for kvm and libvirt Message-ID: <20150223230614.E012A3236A@maintenance.suse.de> SUSE Security Update: Security update for kvm and libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0357-1 Rating: moderate References: #843074 #852397 #878350 #879665 #897654 #897783 #899144 #899484 #900084 #904176 #905097 #907805 #908381 #910145 #911742 Cross-References: CVE-2014-3633 CVE-2014-3640 CVE-2014-3657 CVE-2014-7823 CVE-2014-7840 CVE-2014-8106 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 9 fixes is now available. It includes two new package versions. Description: This collective update for KVM and libvirt provides fixes for security and non-security issues. kvm: * Fix NULL pointer dereference because of uninitialized UDP socket. (bsc#897654, CVE-2014-3640) * Fix performance degradation after migration. (bsc#878350) * Fix potential image corruption due to missing FIEMAP_FLAG_SYNC flag in FS_IOC_FIEMAP ioctl. (bsc#908381) * Add validate hex properties for qdev. (bsc#852397) * Add boot option to do strict boot (bsc#900084) * Add query-command-line-options QMP command. (bsc#899144) * Fix incorrect return value of migrate_cancel. (bsc#843074) * Fix insufficient parameter validation during ram load. (bsc#905097, CVE-2014-7840) * Fix insufficient blit region checks in qemu/cirrus. (bsc#907805, CVE-2014-8106) libvirt: * Fix security hole with migratable flag in dumpxml. (bsc#904176, CVE-2014-7823) * Fix domain deadlock. (bsc#899484, CVE-2014-3657) * Use correct definition when looking up disk in qemu blkiotune. (bsc#897783, CVE-2014-3633) * Fix undefined symbol when starting virtlockd. (bsc#910145) * Add "-boot strict" to qemu's commandline whenever possible. (bsc#900084) * Add support for "reboot-timeout" in qemu. (bsc#899144) * Increase QEMU's monitor timeout to 30sec. (bsc#911742) * Allow setting QEMU's migration max downtime any time. (bsc#879665) Security Issues: * CVE-2014-7823 * CVE-2014-3657 * CVE-2014-3633 * CVE-2014-3640 * CVE-2014-7840 * CVE-2014-8106 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-kvm-libvirt-201412=10222 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kvm-libvirt-201412=10222 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kvm-libvirt-201412=10222 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ppc64 s390x x86_64) [New Version: 1.0.5.9]: libvirt-devel-1.0.5.9-0.19.3 - SUSE Linux Enterprise Software Development Kit 11 SP3 (x86_64) [New Version: 1.0.5.9]: libvirt-devel-32bit-1.0.5.9-0.19.3 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64) [New Version: 1.0.5.9]: libvirt-devel-1.0.5.9-0.19.6 - SUSE Linux Enterprise Server 11 SP3 (i586 ppc64 s390x x86_64) [New Version: 1.0.5.9]: libvirt-1.0.5.9-0.19.3 libvirt-client-1.0.5.9-0.19.3 libvirt-doc-1.0.5.9-0.19.3 libvirt-lock-sanlock-1.0.5.9-0.19.3 libvirt-python-1.0.5.9-0.19.3 - SUSE Linux Enterprise Server 11 SP3 (ppc64 x86_64) [New Version: 1.0.5.9]: libvirt-client-32bit-1.0.5.9-0.19.3 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 1.4.2]: kvm-1.4.2-0.21.4 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 1.0.5.9 and 1.4.2]: kvm-1.4.2-0.21.5 libvirt-client-32bit-1.0.5.9-0.19.5 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 1.0.5.9]: libvirt-1.0.5.9-0.19.6 libvirt-client-1.0.5.9-0.19.6 libvirt-doc-1.0.5.9-0.19.6 libvirt-lock-sanlock-1.0.5.9-0.19.6 libvirt-python-1.0.5.9-0.19.6 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.0.5.9 and 1.4.2]: kvm-1.4.2-0.21.4 libvirt-1.0.5.9-0.19.3 libvirt-client-1.0.5.9-0.19.3 libvirt-doc-1.0.5.9-0.19.3 libvirt-python-1.0.5.9-0.19.3 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 1.0.5.9]: libvirt-client-32bit-1.0.5.9-0.19.3 References: http://support.novell.com/security/cve/CVE-2014-3633.html http://support.novell.com/security/cve/CVE-2014-3640.html http://support.novell.com/security/cve/CVE-2014-3657.html http://support.novell.com/security/cve/CVE-2014-7823.html http://support.novell.com/security/cve/CVE-2014-7840.html http://support.novell.com/security/cve/CVE-2014-8106.html https://bugzilla.suse.com/843074 https://bugzilla.suse.com/852397 https://bugzilla.suse.com/878350 https://bugzilla.suse.com/879665 https://bugzilla.suse.com/897654 https://bugzilla.suse.com/897783 https://bugzilla.suse.com/899144 https://bugzilla.suse.com/899484 https://bugzilla.suse.com/900084 https://bugzilla.suse.com/904176 https://bugzilla.suse.com/905097 https://bugzilla.suse.com/907805 https://bugzilla.suse.com/908381 https://bugzilla.suse.com/910145 https://bugzilla.suse.com/911742 http://download.suse.com/patch/finder/?keywords=d3b9c3ae67669c31312322f9448e4225 From sle-updates at lists.suse.com Mon Feb 23 17:04:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Feb 2015 01:04:53 +0100 (CET) Subject: SUSE-RU-2015:0358-1: Recommended update for openstack-ceilometer Message-ID: <20150224000453.52D9832361@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-ceilometer ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0358-1 Rating: low References: #908536 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for openstack-ceilometer provides the following stability fixes from the upstream OpenStack project: * Updated from global requirements * Fix pid handling in init scripts (bnc#908536) * Iterates swift response earlier to get the correct status * Move oslo.vmware higher in requirements.txt * Ensure dispatcher service is configured before rpc Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-ceilometer-0115=10184 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev10]: openstack-ceilometer-2014.1.4.dev10-0.7.1 openstack-ceilometer-agent-central-2014.1.4.dev10-0.7.1 openstack-ceilometer-agent-compute-2014.1.4.dev10-0.7.1 openstack-ceilometer-agent-notification-2014.1.4.dev10-0.7.1 openstack-ceilometer-alarm-evaluator-2014.1.4.dev10-0.7.1 openstack-ceilometer-alarm-notifier-2014.1.4.dev10-0.7.1 openstack-ceilometer-api-2014.1.4.dev10-0.7.1 openstack-ceilometer-collector-2014.1.4.dev10-0.7.1 python-ceilometer-2014.1.4.dev10-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev10]: openstack-ceilometer-doc-2014.1.4.dev10-0.7.2 References: https://bugzilla.suse.com/908536 https://bugzilla.suse.com/913692 http://download.suse.com/patch/finder/?keywords=d00deb824da49a000e019b2192426569 From sle-updates at lists.suse.com Mon Feb 23 23:06:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Feb 2015 07:06:07 +0100 (CET) Subject: SUSE-RU-2015:0359-1: moderate: Recommended update for apache2-mod_perl Message-ID: <20150224060607.EBA0B3236A@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_perl ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0359-1 Rating: moderate References: #901858 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2-mod_perl fixes a potential segmentation fault in Perl_gv_efullname4(). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_perl=10234 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_perl=10234 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_perl=10234 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_perl-devel-2.0.4-40.24.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): apache2-mod_perl-2.0.4-40.24.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_perl-2.0.4-40.24.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_perl-2.0.4-40.24.1 References: https://bugzilla.suse.com/901858 http://download.suse.com/patch/finder/?keywords=146236647b4436384844beb723f5a68b From sle-updates at lists.suse.com Tue Feb 24 03:05:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Feb 2015 11:05:35 +0100 (CET) Subject: SUSE-SU-2015:0365-1: important: Security update for php5 Message-ID: <20150224100535.404533236A@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0365-1 Rating: important References: #907519 #910659 #911664 #914690 Cross-References: CVE-2014-8142 CVE-2014-9427 CVE-2015-0231 CVE-2015-0232 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: php5 was updated to fix four security issues. These security issues were fixed: - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bnc#910659). - CVE-2014-9427: sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, did not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which caused an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (bnc#911664). - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bnc#914690). - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bnc#910659). Additionally a fix was included that protects against a possible NULL pointer use (bnc#910659). This non-security issue was fixed: - php53 ignored default_socket_timeout on outgoing SSL connection (bnc#907519). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-94=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-94=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-11.3 php5-debugsource-5.5.14-11.3 php5-devel-5.5.14-11.3 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-11.3 apache2-mod_php5-debuginfo-5.5.14-11.3 php5-5.5.14-11.3 php5-bcmath-5.5.14-11.3 php5-bcmath-debuginfo-5.5.14-11.3 php5-bz2-5.5.14-11.3 php5-bz2-debuginfo-5.5.14-11.3 php5-calendar-5.5.14-11.3 php5-calendar-debuginfo-5.5.14-11.3 php5-ctype-5.5.14-11.3 php5-ctype-debuginfo-5.5.14-11.3 php5-curl-5.5.14-11.3 php5-curl-debuginfo-5.5.14-11.3 php5-dba-5.5.14-11.3 php5-dba-debuginfo-5.5.14-11.3 php5-debuginfo-5.5.14-11.3 php5-debugsource-5.5.14-11.3 php5-dom-5.5.14-11.3 php5-dom-debuginfo-5.5.14-11.3 php5-enchant-5.5.14-11.3 php5-enchant-debuginfo-5.5.14-11.3 php5-exif-5.5.14-11.3 php5-exif-debuginfo-5.5.14-11.3 php5-fastcgi-5.5.14-11.3 php5-fastcgi-debuginfo-5.5.14-11.3 php5-fileinfo-5.5.14-11.3 php5-fileinfo-debuginfo-5.5.14-11.3 php5-fpm-5.5.14-11.3 php5-fpm-debuginfo-5.5.14-11.3 php5-ftp-5.5.14-11.3 php5-ftp-debuginfo-5.5.14-11.3 php5-gd-5.5.14-11.3 php5-gd-debuginfo-5.5.14-11.3 php5-gettext-5.5.14-11.3 php5-gettext-debuginfo-5.5.14-11.3 php5-gmp-5.5.14-11.3 php5-gmp-debuginfo-5.5.14-11.3 php5-iconv-5.5.14-11.3 php5-iconv-debuginfo-5.5.14-11.3 php5-intl-5.5.14-11.3 php5-intl-debuginfo-5.5.14-11.3 php5-json-5.5.14-11.3 php5-json-debuginfo-5.5.14-11.3 php5-ldap-5.5.14-11.3 php5-ldap-debuginfo-5.5.14-11.3 php5-mbstring-5.5.14-11.3 php5-mbstring-debuginfo-5.5.14-11.3 php5-mcrypt-5.5.14-11.3 php5-mcrypt-debuginfo-5.5.14-11.3 php5-mysql-5.5.14-11.3 php5-mysql-debuginfo-5.5.14-11.3 php5-odbc-5.5.14-11.3 php5-odbc-debuginfo-5.5.14-11.3 php5-openssl-5.5.14-11.3 php5-openssl-debuginfo-5.5.14-11.3 php5-pcntl-5.5.14-11.3 php5-pcntl-debuginfo-5.5.14-11.3 php5-pdo-5.5.14-11.3 php5-pdo-debuginfo-5.5.14-11.3 php5-pgsql-5.5.14-11.3 php5-pgsql-debuginfo-5.5.14-11.3 php5-pspell-5.5.14-11.3 php5-pspell-debuginfo-5.5.14-11.3 php5-shmop-5.5.14-11.3 php5-shmop-debuginfo-5.5.14-11.3 php5-snmp-5.5.14-11.3 php5-snmp-debuginfo-5.5.14-11.3 php5-soap-5.5.14-11.3 php5-soap-debuginfo-5.5.14-11.3 php5-sockets-5.5.14-11.3 php5-sockets-debuginfo-5.5.14-11.3 php5-sqlite-5.5.14-11.3 php5-sqlite-debuginfo-5.5.14-11.3 php5-suhosin-5.5.14-11.3 php5-suhosin-debuginfo-5.5.14-11.3 php5-sysvmsg-5.5.14-11.3 php5-sysvmsg-debuginfo-5.5.14-11.3 php5-sysvsem-5.5.14-11.3 php5-sysvsem-debuginfo-5.5.14-11.3 php5-sysvshm-5.5.14-11.3 php5-sysvshm-debuginfo-5.5.14-11.3 php5-tokenizer-5.5.14-11.3 php5-tokenizer-debuginfo-5.5.14-11.3 php5-wddx-5.5.14-11.3 php5-wddx-debuginfo-5.5.14-11.3 php5-xmlreader-5.5.14-11.3 php5-xmlreader-debuginfo-5.5.14-11.3 php5-xmlrpc-5.5.14-11.3 php5-xmlrpc-debuginfo-5.5.14-11.3 php5-xmlwriter-5.5.14-11.3 php5-xmlwriter-debuginfo-5.5.14-11.3 php5-xsl-5.5.14-11.3 php5-xsl-debuginfo-5.5.14-11.3 php5-zip-5.5.14-11.3 php5-zip-debuginfo-5.5.14-11.3 php5-zlib-5.5.14-11.3 php5-zlib-debuginfo-5.5.14-11.3 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-11.3 References: http://support.novell.com/security/cve/CVE-2014-8142.html http://support.novell.com/security/cve/CVE-2014-9427.html http://support.novell.com/security/cve/CVE-2015-0231.html http://support.novell.com/security/cve/CVE-2015-0232.html https://bugzilla.suse.com/907519 https://bugzilla.suse.com/910659 https://bugzilla.suse.com/911664 https://bugzilla.suse.com/914690 From sle-updates at lists.suse.com Tue Feb 24 05:05:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Feb 2015 13:05:40 +0100 (CET) Subject: SUSE-SU-2015:0366-1: moderate: Security update for libmspack Message-ID: <20150224120540.27B733236A@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0366-1 Rating: moderate References: #912214 Cross-References: CVE-2014-9556 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libmspack was updated to fix one security issue. This security issue was fixed: - Possible DoS by infinite loop (bnc#912214, CVE-2014-9556) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-95=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-95=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-95=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libmspack-debugsource-0.4-6.1 libmspack-devel-0.4-6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libmspack-debugsource-0.4-6.1 libmspack0-0.4-6.1 libmspack0-debuginfo-0.4-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libmspack-debugsource-0.4-6.1 libmspack0-0.4-6.1 libmspack0-debuginfo-0.4-6.1 References: http://support.novell.com/security/cve/CVE-2014-9556.html https://bugzilla.suse.com/912214 From sle-updates at lists.suse.com Tue Feb 24 10:05:04 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Feb 2015 18:05:04 +0100 (CET) Subject: SUSE-SU-2015:0367-1: moderate: Security update for vorbis-tools Message-ID: <20150224170504.8122132371@maintenance.suse.de> SUSE Security Update: Security update for vorbis-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0367-1 Rating: moderate References: #914938 Cross-References: CVE-2014-9640 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: - A crafted raw file used as input could cause a segmentation fault (CVE-2014-9640, bsc#914938) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-96=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-96=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): vorbis-tools-1.4.0-19.1 vorbis-tools-debuginfo-1.4.0-19.1 vorbis-tools-debugsource-1.4.0-19.1 - SUSE Linux Enterprise Server 12 (noarch): vorbis-tools-lang-1.4.0-19.1 - SUSE Linux Enterprise Desktop 12 (x86_64): vorbis-tools-1.4.0-19.1 vorbis-tools-debuginfo-1.4.0-19.1 vorbis-tools-debugsource-1.4.0-19.1 - SUSE Linux Enterprise Desktop 12 (noarch): vorbis-tools-lang-1.4.0-19.1 References: http://support.novell.com/security/cve/CVE-2014-9640.html https://bugzilla.suse.com/914938 From sle-updates at lists.suse.com Tue Feb 24 11:05:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Feb 2015 19:05:35 +0100 (CET) Subject: SUSE-RU-2015:0368-1: Recommended update for WALinuxAgent Message-ID: <20150224180535.3942F32371@maintenance.suse.de> SUSE Recommended Update: Recommended update for WALinuxAgent ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0368-1 Rating: low References: #909701 Affected Products: SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: WALinuxAgent has been updated to version 2.0.11, bringing many fixes and enhancements: * Support new G-Series instances in Azure Cloud. (bsc#909701) * Add fix for extension timeout handling. * Add warning for resource disk data loss. * Add fixes for provisioning and extension handler. * Add fixes for extension handler in status report and heartbeat. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-WALinuxAgent=10243 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 (noarch): WALinuxAgent-2.0.11-1.1 References: https://bugzilla.suse.com/909701 http://download.suse.com/patch/finder/?keywords=9439d5a70df547230eadd83c822314a0 From sle-updates at lists.suse.com Wed Feb 25 00:07:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Feb 2015 08:07:42 +0100 (CET) Subject: SUSE-RU-2015:0369-1: Recommended update for openstack-glance Message-ID: <20150225070743.0703932373@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-glance ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0369-1 Rating: low References: #906551 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update for openstack-glance provides the following fixes: * Prevent file, swift+config and filesystem schemes * Prevent client use v2 patch api to handle file and swift location * Can not delete images if db deadlock occurs * Move oslo.vmware higher in requirements.txt * Remove unused stores (bnc#906551) * Make rbd store's pool handling more universal. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-glance-0115=10187 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev10]: openstack-glance-2014.1.4.dev10-0.7.1 python-glance-2014.1.4.dev10-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev10]: openstack-glance-doc-2014.1.4.dev10-0.7.1 References: https://bugzilla.suse.com/906551 https://bugzilla.suse.com/913692 http://download.suse.com/patch/finder/?keywords=da75f337636538b98cd5431dffe3e114 From sle-updates at lists.suse.com Wed Feb 25 00:08:12 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Feb 2015 08:08:12 +0100 (CET) Subject: SUSE-SU-2015:0370-1: moderate: Security update for php53 Message-ID: <20150225070812.7FE5532373@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0370-1 Rating: moderate References: #907519 #910659 #914690 Cross-References: CVE-2014-8142 CVE-2015-0231 CVE-2015-0232 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: PHP 5.3 was updated to fix three security issues: * CVE-2014-8142: Use-after-free vulnerability allowed remote attackers to execute arbitrary code via a crafted unserialize call that leveraged improper handling of duplicate keys within the serialized properties of an object (bnc#910659). * CVE-2015-0231: Use-after-free vulnerability allowed remote attackers to execute arbitrary code via a crafted unserialize call that leveraged improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bnc#910659). * CVE-2015-0232: The exif_process_unicode function allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bnc#914690). Additionally a fix was included that protects against a possible NULL pointer use (bnc#910659). This non-security issue has been fixed: * Don't ignore default_socket_timeout on outgoing SSL connection (bnc#907519) Security Issues: * CVE-2015-0232 * CVE-2015-0231 * CVE-2014-8142 Contraindications: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_php53=10313 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_php53=10313 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_php53=10313 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-0.33.1 php53-imap-5.3.17-0.33.1 php53-posix-5.3.17-0.33.1 php53-readline-5.3.17-0.33.1 php53-sockets-5.3.17-0.33.1 php53-sqlite-5.3.17-0.33.1 php53-tidy-5.3.17-0.33.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_php53-5.3.17-0.33.1 php53-5.3.17-0.33.1 php53-bcmath-5.3.17-0.33.1 php53-bz2-5.3.17-0.33.1 php53-calendar-5.3.17-0.33.1 php53-ctype-5.3.17-0.33.1 php53-curl-5.3.17-0.33.1 php53-dba-5.3.17-0.33.1 php53-dom-5.3.17-0.33.1 php53-exif-5.3.17-0.33.1 php53-fastcgi-5.3.17-0.33.1 php53-fileinfo-5.3.17-0.33.1 php53-ftp-5.3.17-0.33.1 php53-gd-5.3.17-0.33.1 php53-gettext-5.3.17-0.33.1 php53-gmp-5.3.17-0.33.1 php53-iconv-5.3.17-0.33.1 php53-intl-5.3.17-0.33.1 php53-json-5.3.17-0.33.1 php53-ldap-5.3.17-0.33.1 php53-mbstring-5.3.17-0.33.1 php53-mcrypt-5.3.17-0.33.1 php53-mysql-5.3.17-0.33.1 php53-odbc-5.3.17-0.33.1 php53-openssl-5.3.17-0.33.1 php53-pcntl-5.3.17-0.33.1 php53-pdo-5.3.17-0.33.1 php53-pear-5.3.17-0.33.1 php53-pgsql-5.3.17-0.33.1 php53-pspell-5.3.17-0.33.1 php53-shmop-5.3.17-0.33.1 php53-snmp-5.3.17-0.33.1 php53-soap-5.3.17-0.33.1 php53-suhosin-5.3.17-0.33.1 php53-sysvmsg-5.3.17-0.33.1 php53-sysvsem-5.3.17-0.33.1 php53-sysvshm-5.3.17-0.33.1 php53-tokenizer-5.3.17-0.33.1 php53-wddx-5.3.17-0.33.1 php53-xmlreader-5.3.17-0.33.1 php53-xmlrpc-5.3.17-0.33.1 php53-xmlwriter-5.3.17-0.33.1 php53-xsl-5.3.17-0.33.1 php53-zip-5.3.17-0.33.1 php53-zlib-5.3.17-0.33.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-0.33.1 php53-5.3.17-0.33.1 php53-bcmath-5.3.17-0.33.1 php53-bz2-5.3.17-0.33.1 php53-calendar-5.3.17-0.33.1 php53-ctype-5.3.17-0.33.1 php53-curl-5.3.17-0.33.1 php53-dba-5.3.17-0.33.1 php53-dom-5.3.17-0.33.1 php53-exif-5.3.17-0.33.1 php53-fastcgi-5.3.17-0.33.1 php53-fileinfo-5.3.17-0.33.1 php53-ftp-5.3.17-0.33.1 php53-gd-5.3.17-0.33.1 php53-gettext-5.3.17-0.33.1 php53-gmp-5.3.17-0.33.1 php53-iconv-5.3.17-0.33.1 php53-intl-5.3.17-0.33.1 php53-json-5.3.17-0.33.1 php53-ldap-5.3.17-0.33.1 php53-mbstring-5.3.17-0.33.1 php53-mcrypt-5.3.17-0.33.1 php53-mysql-5.3.17-0.33.1 php53-odbc-5.3.17-0.33.1 php53-openssl-5.3.17-0.33.1 php53-pcntl-5.3.17-0.33.1 php53-pdo-5.3.17-0.33.1 php53-pear-5.3.17-0.33.1 php53-pgsql-5.3.17-0.33.1 php53-pspell-5.3.17-0.33.1 php53-shmop-5.3.17-0.33.1 php53-snmp-5.3.17-0.33.1 php53-soap-5.3.17-0.33.1 php53-suhosin-5.3.17-0.33.1 php53-sysvmsg-5.3.17-0.33.1 php53-sysvsem-5.3.17-0.33.1 php53-sysvshm-5.3.17-0.33.1 php53-tokenizer-5.3.17-0.33.1 php53-wddx-5.3.17-0.33.1 php53-xmlreader-5.3.17-0.33.1 php53-xmlrpc-5.3.17-0.33.1 php53-xmlwriter-5.3.17-0.33.1 php53-xsl-5.3.17-0.33.1 php53-zip-5.3.17-0.33.1 php53-zlib-5.3.17-0.33.1 References: http://support.novell.com/security/cve/CVE-2014-8142.html http://support.novell.com/security/cve/CVE-2015-0231.html http://support.novell.com/security/cve/CVE-2015-0232.html https://bugzilla.suse.com/907519 https://bugzilla.suse.com/910659 https://bugzilla.suse.com/914690 http://download.suse.com/patch/finder/?keywords=d995557afd07f1b2263c5f7bf3e0ca0b From sle-updates at lists.suse.com Wed Feb 25 00:08:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Feb 2015 08:08:58 +0100 (CET) Subject: SUSE-SU-2015:0371-1: important: Security update for Samba Message-ID: <20150225070858.771A432373@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0371-1 Rating: important References: #872912 #898031 #899558 #913001 #917376 Cross-References: CVE-2015-0240 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: Samba has been updated to fix one security issue: * CVE-2015-0240: Don't call talloc_free on an uninitialized pointer (bnc#917376). Additionally, these non-security issues have been fixed: * Realign the winbind request structure following require_membership_of field expansion (bnc#913001). * Reuse connections derived from DFS referrals (bso#10123, fate#316512). * Set domain/workgroup based on authentication callback value (bso#11059). * Fix spoolss error response marshalling (bso#10984). * Fix spoolss EnumJobs and GetJob responses (bso#10905, bnc#898031). * Fix handling of bad EnumJobs levels (bso#10898). * Fix small memory-leak in the background print process; (bnc#899558). * Prune idle or hung connections older than "winbind request timeout" (bso#3204, bnc#872912). Security Issues: * CVE-2015-0240 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-samba-20150217=10321 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-samba-20150217=10321 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-samba-20150217=10321 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-samba-20150217=10321 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.56.1 libnetapi-devel-3.6.3-0.56.1 libnetapi0-3.6.3-0.56.1 libsmbclient-devel-3.6.3-0.56.1 libsmbsharemodes-devel-3.6.3-0.56.1 libsmbsharemodes0-3.6.3-0.56.1 libtalloc-devel-3.6.3-0.56.1 libtdb-devel-3.6.3-0.56.1 libtevent-devel-3.6.3-0.56.1 libwbclient-devel-3.6.3-0.56.1 samba-devel-3.6.3-0.56.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ldapsmb-1.34b-12.56.1 libldb1-3.6.3-0.56.1 libsmbclient0-3.6.3-0.56.1 libtalloc2-3.6.3-0.56.1 libtdb1-3.6.3-0.56.1 libtevent0-3.6.3-0.56.1 libwbclient0-3.6.3-0.56.1 samba-3.6.3-0.56.1 samba-client-3.6.3-0.56.1 samba-krb-printing-3.6.3-0.56.1 samba-winbind-3.6.3-0.56.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.56.1 libtalloc2-32bit-3.6.3-0.56.1 libtdb1-32bit-3.6.3-0.56.1 libtevent0-32bit-3.6.3-0.56.1 libwbclient0-32bit-3.6.3-0.56.1 samba-32bit-3.6.3-0.56.1 samba-client-32bit-3.6.3-0.56.1 samba-winbind-32bit-3.6.3-0.56.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): samba-doc-3.6.3-0.56.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.56.1 libldb1-3.6.3-0.56.1 libsmbclient0-3.6.3-0.56.1 libtalloc2-3.6.3-0.56.1 libtdb1-3.6.3-0.56.1 libtevent0-3.6.3-0.56.1 libwbclient0-3.6.3-0.56.1 samba-3.6.3-0.56.1 samba-client-3.6.3-0.56.1 samba-krb-printing-3.6.3-0.56.1 samba-winbind-3.6.3-0.56.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.56.1 libtalloc2-32bit-3.6.3-0.56.1 libtdb1-32bit-3.6.3-0.56.1 libtevent0-32bit-3.6.3-0.56.1 libwbclient0-32bit-3.6.3-0.56.1 samba-32bit-3.6.3-0.56.1 samba-client-32bit-3.6.3-0.56.1 samba-winbind-32bit-3.6.3-0.56.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): samba-doc-3.6.3-0.56.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libsmbclient0-x86-3.6.3-0.56.1 libtalloc2-x86-3.6.3-0.56.1 libtdb1-x86-3.6.3-0.56.1 libwbclient0-x86-3.6.3-0.56.1 samba-client-x86-3.6.3-0.56.1 samba-winbind-x86-3.6.3-0.56.1 samba-x86-3.6.3-0.56.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libldb1-3.6.3-0.56.1 libsmbclient0-3.6.3-0.56.1 libtalloc2-3.6.3-0.56.1 libtdb1-3.6.3-0.56.1 libtevent0-3.6.3-0.56.1 libwbclient0-3.6.3-0.56.1 samba-3.6.3-0.56.1 samba-client-3.6.3-0.56.1 samba-krb-printing-3.6.3-0.56.1 samba-winbind-3.6.3-0.56.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libldb1-32bit-3.6.3-0.56.1 libsmbclient0-32bit-3.6.3-0.56.1 libtalloc2-32bit-3.6.3-0.56.1 libtdb1-32bit-3.6.3-0.56.1 libtevent0-32bit-3.6.3-0.56.1 libwbclient0-32bit-3.6.3-0.56.1 samba-32bit-3.6.3-0.56.1 samba-client-32bit-3.6.3-0.56.1 samba-winbind-32bit-3.6.3-0.56.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): samba-doc-3.6.3-0.56.1 References: http://support.novell.com/security/cve/CVE-2015-0240.html https://bugzilla.suse.com/872912 https://bugzilla.suse.com/898031 https://bugzilla.suse.com/899558 https://bugzilla.suse.com/913001 https://bugzilla.suse.com/917376 http://download.suse.com/patch/finder/?keywords=ef17b59d6389957b18b3a77d2e9be3bc From sle-updates at lists.suse.com Wed Feb 25 07:05:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Feb 2015 15:05:53 +0100 (CET) Subject: SUSE-RU-2015:0373-1: moderate: Recommended update for libtirpc Message-ID: <20150225140553.D4FFC32373@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0373-1 Rating: moderate References: #882973 #899576 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libtirpc fixes race conditions in getnetconfig(). These races could cause segmentation faults in programs linked against libtirpc, such as AutoFS. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-98=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-98=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-98=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libtirpc-debugsource-0.2.3-8.1 libtirpc-devel-0.2.3-8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libtirpc-debugsource-0.2.3-8.1 libtirpc1-0.2.3-8.1 libtirpc1-debuginfo-0.2.3-8.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libtirpc1-32bit-0.2.3-8.1 libtirpc1-debuginfo-32bit-0.2.3-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libtirpc-debugsource-0.2.3-8.1 libtirpc1-0.2.3-8.1 libtirpc1-32bit-0.2.3-8.1 libtirpc1-debuginfo-0.2.3-8.1 libtirpc1-debuginfo-32bit-0.2.3-8.1 References: https://bugzilla.suse.com/882973 https://bugzilla.suse.com/899576 From sle-updates at lists.suse.com Wed Feb 25 07:06:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Feb 2015 15:06:27 +0100 (CET) Subject: SUSE-RU-2015:0374-1: moderate: Recommended update for btrfsprogs Message-ID: <20150225140627.D2A3A32373@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0374-1 Rating: moderate References: #914955 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides btrfsprogs 3.16.2, which brings fixes and enhancements: - Add options to control the output units to "usage" and "df" subcommands. - Handle bad extent mapping in fsck. - Fix "btrfs-image" on balanced file systems. - Make btrfs-show-super print flags in human readable way. - Add option -R to "subvol list" to print received UUID. - Fix detection of multiple mounts on the same directory. - Documentation updates. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-97=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-97=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-97=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): btrfsprogs-debuginfo-3.16.2-7.1 btrfsprogs-debugsource-3.16.2-7.1 libbtrfs-devel-3.16.2-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): btrfsprogs-3.16.2-7.1 btrfsprogs-debuginfo-3.16.2-7.1 btrfsprogs-debugsource-3.16.2-7.1 libbtrfs0-3.16.2-7.1 libbtrfs0-debuginfo-3.16.2-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): btrfsprogs-3.16.2-7.1 btrfsprogs-debuginfo-3.16.2-7.1 btrfsprogs-debugsource-3.16.2-7.1 libbtrfs0-3.16.2-7.1 libbtrfs0-debuginfo-3.16.2-7.1 References: https://bugzilla.suse.com/914955 From sle-updates at lists.suse.com Wed Feb 25 11:05:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Feb 2015 19:05:02 +0100 (CET) Subject: SUSE-SU-2015:0343-2: important: Security update for java-1_6_0-ibm Message-ID: <20150225180502.367EF32373@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0343-2 Rating: important References: #916265 #916266 Cross-References: CVE-2014-8891 CVE-2014-8892 Affected Products: SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: java-1_6_0-ibm has been updated to fix two security issues: * CVE-2014-8891: Unspecified vulnerability * CVE-2014-8892: Unspecified vulnerability Security Issues: * CVE-2014-8892 * CVE-2014-8891 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-java-1_6_0-ibm=10303 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): java-1_6_0-ibm-1.6.0_sr16.3-0.4.1 java-1_6_0-ibm-devel-1.6.0_sr16.3-0.4.1 java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.1 java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.1 References: http://support.novell.com/security/cve/CVE-2014-8891.html http://support.novell.com/security/cve/CVE-2014-8892.html https://bugzilla.suse.com/916265 https://bugzilla.suse.com/916266 http://download.suse.com/patch/finder/?keywords=0b2166799c8f437f2e8b9f49922145fc From sle-updates at lists.suse.com Wed Feb 25 11:05:30 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Feb 2015 19:05:30 +0100 (CET) Subject: SUSE-SU-2015:0376-1: important: Security update for java-1_5_0-ibm Message-ID: <20150225180530.A487632373@maintenance.suse.de> SUSE Security Update: Security update for java-1_5_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0376-1 Rating: important References: #891699 #901223 #901239 #904889 #916265 #916266 Cross-References: CVE-2014-8891 CVE-2014-8892 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: java-1_5_0-ibm has been updated to fix 19 security issues: * CVE-2014-8891: Unspecified vulnerability (bnc#916266). * CVE-2014-8892: Unspecified vulnerability (bnc#916265). * CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache (bnc#904889). * CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (bnc#901223). * CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D (bnc#901239). * CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE (bnc#901239). * CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries (bnc#901239). * CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security (bnc#901239). * CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#891699). * CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot (bnc#891699). * CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX (bnc#891699). * CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing (bnc#891699). * CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries (bnc#891699). * CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security (bnc#891699). * CVE-2014-4263: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement (bnc#891699). * CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security (bnc#891699). Security Issues: * CVE-2014-8892 * CVE-2014-8891 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): java-1_5_0-ibm-1.5.0_sr16.9-0.6.1 java-1_5_0-ibm-devel-1.5.0_sr16.9-0.6.1 java-1_5_0-ibm-fonts-1.5.0_sr16.9-0.6.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): java-1_5_0-ibm-32bit-1.5.0_sr16.9-0.6.1 java-1_5_0-ibm-devel-32bit-1.5.0_sr16.9-0.6.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.9-0.6.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): java-1_5_0-ibm-alsa-1.5.0_sr16.9-0.6.1 java-1_5_0-ibm-jdbc-1.5.0_sr16.9-0.6.1 java-1_5_0-ibm-plugin-1.5.0_sr16.9-0.6.1 References: http://support.novell.com/security/cve/CVE-2014-8891.html http://support.novell.com/security/cve/CVE-2014-8892.html https://bugzilla.suse.com/891699 https://bugzilla.suse.com/901223 https://bugzilla.suse.com/901239 https://bugzilla.suse.com/904889 https://bugzilla.suse.com/916265 https://bugzilla.suse.com/916266 http://download.suse.com/patch/finder/?keywords=2c3b79e944e87fd633df27d6879fd0ea From sle-updates at lists.suse.com Wed Feb 25 15:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Feb 2015 23:04:54 +0100 (CET) Subject: SUSE-SU-2015:0377-1: moderate: Security update for unzip Message-ID: <20150225220454.ECF7C32373@maintenance.suse.de> SUSE Security Update: Security update for unzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0377-1 Rating: moderate References: #909214 #914442 Cross-References: CVE-2014-8139 CVE-2014-9636 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following security issues: * CVE-2014-8139: input sanitization errors (bnc#909214) * CVE-2014-9636: out-of-bounds read/write in test_compr_eb() (bnc#914442) Security Issues: * CVE-2014-9636 * CVE-2014-8139 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-unzip=10344 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-unzip=10344 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-unzip=10344 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): unzip-6.00-11.13.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): unzip-6.00-11.13.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): unzip-6.00-11.13.1 References: http://support.novell.com/security/cve/CVE-2014-8139.html http://support.novell.com/security/cve/CVE-2014-9636.html https://bugzilla.suse.com/909214 https://bugzilla.suse.com/914442 http://download.suse.com/patch/finder/?keywords=3091ac8b6f0e6e6309d36acc106755ec From sle-updates at lists.suse.com Wed Feb 25 17:04:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Feb 2015 01:04:59 +0100 (CET) Subject: SUSE-RU-2015:0380-1: Recommended update for crowbar-barclamp-nova Message-ID: <20150226000459.EC6A032351@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-nova ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0380-1 Rating: low References: #900036 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: crowbar-barclamp-nova has been updated to skip nodes which don't have cpu information. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-nova=10178 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-nova-1.8+git.1417698163.0fded6f-0.7.2 References: https://bugzilla.suse.com/900036 https://bugzilla.suse.com/913692 http://download.suse.com/patch/finder/?keywords=2afdacc2d1a58db0b4e555b81a194d54 From sle-updates at lists.suse.com Thu Feb 26 06:04:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Feb 2015 14:04:55 +0100 (CET) Subject: SUSE-RU-2015:0383-1: Recommended update for supportutils Message-ID: <20150226130455.2F9F63215D@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0383-1 Rating: low References: #900366 #904481 #904729 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for supportutils provides the following fixes and enhancements: - Fixed NTP service in ntp.txt. (bnc#904729) - Create a new lxc.txt file to include information about virtual containers using lxc and/or libvirt-lxc. (bnc#904481) - Include /var/log/libvirt/libxl logs in xen.txt. (bnc#900366) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-99=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-99=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): supportutils-3.0-53.1 - SUSE Linux Enterprise Desktop 12 (noarch): supportutils-3.0-53.1 References: https://bugzilla.suse.com/900366 https://bugzilla.suse.com/904481 https://bugzilla.suse.com/904729 From sle-updates at lists.suse.com Thu Feb 26 14:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Feb 2015 22:04:54 +0100 (CET) Subject: SUSE-RU-2015:0385-1: moderate: Recommended update for sssd Message-ID: <20150226210454.DE8743200C@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0385-1 Rating: moderate References: #890242 #902731 #903830 #918677 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for sssd provides the following fixes: * Prevent segmentation fault when the hostid backend is not configured. (bsc#902731) * Fix inconsistent group membership results with Active Directory. (bsc#903830) * Add dependency on python-sssd-config to sssd-tools, needed by sss_obfuscate(8). (bsc#890242) * Fix libsss_idmap-devel dependency on libsss_idmap0. (bsc#918677) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libsss_idmap-devel=10341 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libsss_idmap-devel=10341 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libsss_idmap-devel=10341 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libsss_idmap-devel=10341 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libsss_idmap-devel-1.9.4-0.16.1 libsss_sudo-devel-1.9.4-0.16.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libsss_idmap0-1.9.4-0.16.1 python-sssd-config-1.9.4-0.16.1 sssd-1.9.4-0.16.1 sssd-tools-1.9.4-0.16.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): sssd-32bit-1.9.4-0.16.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libsss_idmap0-1.9.4-0.16.1 python-sssd-config-1.9.4-0.16.1 sssd-1.9.4-0.16.1 sssd-tools-1.9.4-0.16.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): sssd-32bit-1.9.4-0.16.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libsss_idmap0-1.9.4-0.16.1 python-sssd-config-1.9.4-0.16.1 sssd-1.9.4-0.16.1 sssd-tools-1.9.4-0.16.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): sssd-32bit-1.9.4-0.16.1 References: https://bugzilla.suse.com/890242 https://bugzilla.suse.com/902731 https://bugzilla.suse.com/903830 https://bugzilla.suse.com/918677 http://download.suse.com/patch/finder/?keywords=0075de444a8a846e6baddeb93ade9289 From sle-updates at lists.suse.com Fri Feb 27 03:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Feb 2015 11:04:54 +0100 (CET) Subject: SUSE-SU-2015:0386-1: important: Security update for Samba Message-ID: <20150227100454.688763238F@maintenance.suse.de> SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0386-1 Rating: important References: #872912 #882356 #883870 #886193 #898031 #899558 #913001 #917376 Cross-References: CVE-2015-0240 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: Samba has been updated to fix one security issue: * CVE-2015-0240: Don't call talloc_free on an uninitialized pointer (bnc#917376). Additionally, these non-security issues have been fixed: * Realign the winbind request structure following require_membership_of field expansion (bnc#913001). * Reuse connections derived from DFS referrals (bso#10123, fate#316512). * Set domain/workgroup based on authentication callback value (bso#11059). * Fix spoolss error response marshalling (bso#10984). * Fix spoolss EnumJobs and GetJob responses (bso#10905, bnc#898031). * Fix handling of bad EnumJobs levels (bso#10898). * Fix small memory-leak in the background print process (bnc#899558). * Prune idle or hung connections older than "winbind request timeout" (bso#3204, bnc#872912). * Build: disable mmap on s390 systems (bnc#886193, bnc#882356). * Only update the printer share inventory when needed (bnc#883870). * Avoid double-free in get_print_db_byname (bso#10699). Security Issues: * CVE-2015-0240 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-cifs-mount=10346 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): ldapsmb-1.34b-12.33.43.1 libldb1-3.6.3-0.33.43.1 libsmbclient0-3.6.3-0.33.43.1 libtalloc1-3.4.3-1.54.39 libtalloc2-3.6.3-0.33.43.1 libtdb1-3.6.3-0.33.43.1 libtevent0-3.6.3-0.33.43.1 libwbclient0-3.6.3-0.33.43.1 samba-3.6.3-0.33.43.1 samba-client-3.6.3-0.33.43.1 samba-krb-printing-3.6.3-0.33.43.1 samba-winbind-3.6.3-0.33.43.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): libsmbclient0-32bit-3.6.3-0.33.43.1 libtalloc1-32bit-3.4.3-1.54.39 libtalloc2-32bit-3.6.3-0.33.43.1 libtdb1-32bit-3.6.3-0.33.43.1 libtevent0-32bit-3.6.3-0.33.43.1 libwbclient0-32bit-3.6.3-0.33.43.1 samba-32bit-3.6.3-0.33.43.1 samba-client-32bit-3.6.3-0.33.43.1 samba-winbind-32bit-3.6.3-0.33.43.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (noarch): samba-doc-3.6.3-0.33.43.1 References: http://support.novell.com/security/cve/CVE-2015-0240.html https://bugzilla.suse.com/872912 https://bugzilla.suse.com/882356 https://bugzilla.suse.com/883870 https://bugzilla.suse.com/886193 https://bugzilla.suse.com/898031 https://bugzilla.suse.com/899558 https://bugzilla.suse.com/913001 https://bugzilla.suse.com/917376 http://download.suse.com/patch/finder/?keywords=d8d66713b0b31cf585ddfd4a751c7eec From sle-updates at lists.suse.com Fri Feb 27 03:07:10 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Feb 2015 11:07:10 +0100 (CET) Subject: SUSE-RU-2015:0388-1: important: Recommended update for libnuma Message-ID: <20150227100710.9D5403238E@maintenance.suse.de> SUSE Recommended Update: Recommended update for libnuma ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0388-1 Rating: important References: #826249 #915763 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libnuma fixes a potential memory corruption issue. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libnuma-devel=10289 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (x86_64): libnuma1-2.0.3-0.7.1 numactl-2.0.3-0.7.1 References: https://bugzilla.suse.com/826249 https://bugzilla.suse.com/915763 http://download.suse.com/patch/finder/?keywords=f169eaac93ebc13372572ebd7a418b17 From sle-updates at lists.suse.com Fri Feb 27 05:04:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Feb 2015 13:04:52 +0100 (CET) Subject: SUSE-RU-2015:0389-1: Recommended update for AppArmor Message-ID: <20150227120452.DE38D32196@maintenance.suse.de> SUSE Recommended Update: Recommended update for AppArmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0389-1 Rating: low References: #856065 #868026 #882100 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: AppArmor's post installation scripts depend on insserv(8), but this requirement was not defined in the package's spec file. This update adds the missing dependency. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_apparmor=10133 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_apparmor=10133 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_apparmor=10133 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-apache2-mod_apparmor=10133 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libapparmor-devel-2.5.1.r1445-55.66.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): apache2-mod_apparmor-2.5.1.r1445-55.66.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_apparmor-2.5.1.r1445-55.66.1 apparmor-docs-2.5.1.r1445-55.66.1 apparmor-parser-2.5.1.r1445-55.66.1 apparmor-utils-2.5.1.r1445-55.66.1 libapparmor1-2.5.1.r1445-55.66.1 pam_apparmor-2.5.1.r1445-55.66.1 perl-apparmor-2.5.1.r1445-55.66.1 tomcat_apparmor-2.5.1.r1445-55.66.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libapparmor1-32bit-2.5.1.r1445-55.66.1 pam_apparmor-32bit-2.5.1.r1445-55.66.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_apparmor-2.5.1.r1445-55.66.1 apparmor-docs-2.5.1.r1445-55.66.1 apparmor-parser-2.5.1.r1445-55.66.1 apparmor-utils-2.5.1.r1445-55.66.1 libapparmor1-2.5.1.r1445-55.66.1 pam_apparmor-2.5.1.r1445-55.66.1 perl-apparmor-2.5.1.r1445-55.66.1 tomcat_apparmor-2.5.1.r1445-55.66.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libapparmor1-32bit-2.5.1.r1445-55.66.1 pam_apparmor-32bit-2.5.1.r1445-55.66.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libapparmor1-x86-2.5.1.r1445-55.66.1 pam_apparmor-x86-2.5.1.r1445-55.66.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): apparmor-docs-2.5.1.r1445-55.66.1 apparmor-parser-2.5.1.r1445-55.66.1 apparmor-utils-2.5.1.r1445-55.66.1 libapparmor1-2.5.1.r1445-55.66.1 pam_apparmor-2.5.1.r1445-55.66.1 perl-apparmor-2.5.1.r1445-55.66.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libapparmor1-32bit-2.5.1.r1445-55.66.1 pam_apparmor-32bit-2.5.1.r1445-55.66.1 References: https://bugzilla.suse.com/856065 https://bugzilla.suse.com/868026 https://bugzilla.suse.com/882100 http://download.suse.com/patch/finder/?keywords=49bf8620fbc897d2b2f8a8ca71e31837 From sle-updates at lists.suse.com Fri Feb 27 06:04:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Feb 2015 14:04:54 +0100 (CET) Subject: SUSE-RU-2015:0390-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20150227130454.390B43200C@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0390-1 Rating: moderate References: #883487 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSE Manager Client Tools provides the following fixes and enhancements: koan: - Fix runtime dependency: ensure the yaml module is available. - Fix for re-installation of machines on SLE with static network configuration. (bsc#883487) rhncfg: - Normalize path sooner. - Fix directory creation. spacewalk-koan: - Fix netmask calculation on SUSE systems. (bsc#883487) spacewalk-remote-utils: - Fix documentation of sw-create-channel option "--name" in the man page. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2015-101=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (ppc64le s390x x86_64): spacewalksd-5.0.14.6-5.1 spacewalksd-debuginfo-5.0.14.6-5.1 spacewalksd-debugsource-5.0.14.6-5.1 suseRegisterInfo-2.1.9-9.1 - SUSE Manager Tools 12 (noarch): koan-2.6.6-13.1 osad-5.11.33.7-11.1 python-hwdata-2.1.0.5-5.1 rhn-custom-info-5.4.22.6-5.2 rhn-virtualization-common-5.4.50.5-5.1 rhn-virtualization-host-5.4.50.5-5.1 rhncfg-5.10.65.10-11.1 rhncfg-actions-5.10.65.10-11.1 rhncfg-client-5.10.65.10-11.1 rhncfg-management-5.10.65.10-11.1 rhnlib-2.5.69.6-5.1 rhnmd-5.3.18.4-5.1 rhnpush-5.5.71.7-5.1 spacewalk-backend-libs-2.1.55.15-11.1 spacewalk-check-2.1.16.6-9.1 spacewalk-client-setup-2.1.16.6-9.1 spacewalk-client-tools-2.1.16.6-9.1 spacewalk-koan-2.1.4.11-8.1 spacewalk-oscap-0.0.23.4-9.1 spacewalk-remote-utils-2.1.3.9-11.1 References: https://bugzilla.suse.com/883487 From sle-updates at lists.suse.com Fri Feb 27 11:04:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Feb 2015 19:04:52 +0100 (CET) Subject: SUSE-RU-2015:0391-1: Recommended update for openstack-keystone Message-ID: <20150227180452.ED40E3215D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-keystone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0391-1 Rating: low References: #900963 #906544 #913692 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update for openstack-keystone provides the following fixes: * Robust detection for PostgreSQL connection errors (bnc#900963) * Add backend_hybrid.conf needed by the hybrid backend's tests (bnc#906544) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-keystone-0115=10188 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev7]: openstack-keystone-2014.1.4.dev7-0.7.1 python-keystone-2014.1.4.dev7-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev7]: openstack-keystone-doc-2014.1.4.dev7-0.7.1 References: https://bugzilla.suse.com/900963 https://bugzilla.suse.com/906544 https://bugzilla.suse.com/913692 http://download.suse.com/patch/finder/?keywords=becac7952f53671b2cefb32a879dbd32 From sle-updates at lists.suse.com Fri Feb 27 11:05:33 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Feb 2015 19:05:33 +0100 (CET) Subject: SUSE-SU-2015:0392-1: important: Security update for java-1_6_0-ibm Message-ID: <20150227180533.8EE1F3238E@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0392-1 Rating: important References: #592934 #891700 #901223 #904889 #916265 #916266 Cross-References: CVE-2014-8891 CVE-2014-8892 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: java-1_6_0-ibm has been updated to version 1.6.0_sr16.3 to fix 30 security issues: * CVE-2014-8891: Unspecified vulnerability (bnc#916266) * CVE-2014-8892: Unspecified vulnerability (bnc#916265) * CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allowed local users to execute arbitrary code via vectors related to the shared classes cache (bnc#904889). * CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, used nondeterministic CBC padding, which made it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue (bnc#901223). * CVE-2014-6513: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT (bnc#904889). * CVE-2014-6503: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532 (bnc#904889). * CVE-2014-6532: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503 (bnc#904889). * CVE-2014-4288: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532 (bnc#904889). * CVE-2014-6493: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532 (bnc#904889). * CVE-2014-6492: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#904889). * CVE-2014-6458: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#904889). * CVE-2014-6466: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#904889). * CVE-2014-6506: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#904889). * CVE-2014-6515: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allowed remote attackers to affect integrity via unknown vectors related to Deployment (bnc#904889). * CVE-2014-6511: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allowed remote attackers to affect confidentiality via unknown vectors related to 2D (bnc#904889). * CVE-2014-6531: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote attackers to affect confidentiality via unknown vectors related to Libraries (bnc#904889). * CVE-2014-6512: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allowed remote attackers to affect integrity via unknown vectors related to Libraries (bnc#904889). * CVE-2014-6457: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allowed remote attackers to affect confidentiality and integrity via vectors related to JSSE (bnc#904889). * CVE-2014-6502: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allowed remote attackers to affect integrity via unknown vectors related to Libraries (bnc#904889). * CVE-2014-6558: Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allowed remote attackers to affect integrity via unknown vectors related to Security (bnc#904889). * CVE-2014-4227: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment (bnc#891700). * CVE-2014-4262: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries (bnc#891700). * CVE-2014-4219: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot (bnc#891700). * CVE-2014-4209: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality and integrity via vectors related to JMX (bnc#891700). * CVE-2014-4268: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality via unknown vectors related to Swing (bnc#891700). * CVE-2014-4218: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allowed remote attackers to affect integrity via unknown vectors related to Libraries (bnc#891700). * CVE-2014-4252: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allowed remote attackers to affect confidentiality via unknown vectors related to Security (bnc#891700). * CVE-2014-4265: Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allowed remote attackers to affect integrity via unknown vectors related to Deployment (bnc#891700). * CVE-2014-4263: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allowed remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement (bnc#891700). * CVE-2014-4244: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allowed remote attackers to affect confidentiality and integrity via unknown vectors related to Security (bnc#891700). This non-security bug has also been fixed: * Fix update-alternatives list (bnc#592934) Security Issues: * CVE-2014-8892 * CVE-2014-8891 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-java-1_6_0-ibm=10353 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-java-1_6_0-ibm=10354 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.3-0.4.5 java-1_6_0-ibm-devel-1.6.0_sr16.3-0.4.5 java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.5 java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.5 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.5 - SUSE Linux Enterprise Server 11 SP2 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.5 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.3-0.4.5 java-1_6_0-ibm-fonts-1.6.0_sr16.3-0.4.5 java-1_6_0-ibm-jdbc-1.6.0_sr16.3-0.4.5 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.3-0.4.5 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.3-0.4.5 References: http://support.novell.com/security/cve/CVE-2014-8891.html http://support.novell.com/security/cve/CVE-2014-8892.html https://bugzilla.suse.com/592934 https://bugzilla.suse.com/891700 https://bugzilla.suse.com/901223 https://bugzilla.suse.com/904889 https://bugzilla.suse.com/916265 https://bugzilla.suse.com/916266 http://download.suse.com/patch/finder/?keywords=96da2c614827c23087d5b86b253f5d98 http://download.suse.com/patch/finder/?keywords=cfef74a50dd3fd4a378c3d05db361851 From sle-updates at lists.suse.com Fri Feb 27 11:06:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Feb 2015 19:06:55 +0100 (CET) Subject: SUSE-RU-2015:0393-1: moderate: Recommended update for SUSE Manager Server 2.1 Message-ID: <20150227180655.115E83238E@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0393-1 Rating: moderate References: #841731 #858971 #880022 #883487 #884350 #886421 #893608 #896029 #897723 #902915 #903064 #904703 #906851 #908317 #909724 #910243 #910482 #910494 #911166 #911180 #911272 #911808 #912035 #912057 #912886 #913215 #913221 #913939 #914260 #914437 #914900 #915140 Affected Products: SUSE Manager Server ______________________________________________________________________________ An update that solves two vulnerabilities and has 30 fixes is now available. It includes 30 new package versions. Description: This collective update for SUSE Manager Server 2.1 provides the following new features: * ISS: export/import information about cloned channels to support Service Pack migration on ISS slaves. (FATE#317789) * New API calls: system.scheduleSPMigration(), system.scheduleDistUpgrade(). (FATE#314785, FATE#314340) Additionally, several issues have been fixed: cobbler: * Fix re-installation on SLE with static network configuration. (bsc#883487) * Add RHEL 7 as a valid operating system version. smdba: * Archival of PosgreSQL transaction log does not recover in case of no space left on device. (bsc#915140) sm-ncc-sync-data: * Add support for RES7 in SUSE Manager. (bsc#897723, bsc#893608) spacewalk-backend: * Convert mtime to localtime to prevent invalid times because of DST. (bsc#914437) * Do not exit with error if a vendor channel has no URL associated. (bsc#914260) * Copy all SUSE Manager logfiles into spacewalk-debug. * Exclude old backup-logs from spacewalk-debug to reduce size. * Fix ISS export with unset patch severity. * Convert empty string to null for DMI values. (bsc#911272) * Fixed double-counting of systems subscribed to more than one channel. spacewalk-certs-tools: * Do not allow registering a SUSE Manager server against itself. (bsc#841731) spacewalk-java: * Fix auditlog config yaml syntax. (bsc#913221) * Show Proxy tab if system is a proxy even when assigned to cloned channels. (bsc#913939) * Fixed uncaught error which prevent correct error handling. (bsc#858971) * Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035) * Fix more cross-site-scripting (XSS) issues. (CVE-2014-7811, bsc#902915) * Fix basic authentication for HTTP proxies. (bsc#912057) * Accept repos with same SCC ID and different URLs. (bsc#911808) * Avoid mgr-sync-refresh failure because clear_log_id was not called. (bsc#911166) * Fix cross-site-scripting (XSS) issue in system-group (CVE-2014-7812, bsc#912886) * Fix "Select All" buttons display on rhn:list and make it consistent with new rl:list. (bsc#909724) * Fix List tag missing submit parameter for "Select All" and others. (bnc#909724) * Sort filelist in configfile.compare event history alphabetically. (bsc#910243) * Allow parenthesis in system group description. (bsc#903064) * Provide new API documentation in PDF format. (bsc#896029) * Update the example scripts section. (bsc#896029) * Fixed wording issues on package lock page. (bsc#880022) * Make text more clear for package profile sync. (bsc#884350) spacewalk-web: * Show Proxy tab if system is a proxy even when assigned to cloned channels. (bsc#913939) supportutils-plugin-susemanager: * Write current service and repository configuration into supportconfig. susemanager-jsp_en, susemanager-manuals_en: * Update text and image files (bsc#910494). * Firewall rules are incomplete - ssh-push and ssh-push-tunnel settings missing. (bsc#904703). * Document SP migration and ISS. (bsc#913215, partially). * Fix "beta packages" mentioned in documentation. (bsc#886421). * User guide: Snapshots: clarify snaphot usage. (bsc#906851). * Document maximal supported configuration file limit. (bsc#910482). susemanager-schema: * Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035) * Fix old migration for future reference. (bsc#911180) * Avoid NPE when migrating to SCC on Oracle migrated from 1.7. (bsc#911180) * Fixed double-counting systems subscribed to more than one channel. susemanager: * Ask for the authentication beforehand. (bsc#908317) * Bring back the ability to save credentials to the configuration file. * Bring back token verification availability. * Never ask for user credentials when scheduling a refresh. susemanager-sync-data: * Added support for RES7 in SUSE Manager. (bsc#897723, bsc#893608) tanukiwrapper: * Allow more than 4G as -Xmx option. (bsc#914900) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema with spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Security Issues: * CVE-2014-7811 * CVE-2014-7812 Indications: Everybody should update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-suse-manager-21-201502=10309 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (x86_64) [New Version: 1.10.2.2,1.5.1,2.1.17,2.1.33.10,2.1.55.15,2.5.69.6 and 5.0.14.6]: cobbler-2.2.2-0.54.2 python-gzipstream-1.10.2.2-0.7.1 rhnlib-2.5.69.6-0.7.1 smdba-1.5.1-0.7.1 spacewalk-backend-2.1.55.15-0.7.3 spacewalk-backend-app-2.1.55.15-0.7.3 spacewalk-backend-applet-2.1.55.15-0.7.3 spacewalk-backend-config-files-2.1.55.15-0.7.3 spacewalk-backend-config-files-common-2.1.55.15-0.7.3 spacewalk-backend-config-files-tool-2.1.55.15-0.7.3 spacewalk-backend-iss-2.1.55.15-0.7.3 spacewalk-backend-iss-export-2.1.55.15-0.7.3 spacewalk-backend-libs-2.1.55.15-0.7.3 spacewalk-backend-package-push-server-2.1.55.15-0.7.3 spacewalk-backend-server-2.1.55.15-0.7.3 spacewalk-backend-sql-2.1.55.15-0.7.3 spacewalk-backend-sql-oracle-2.1.55.15-0.7.3 spacewalk-backend-sql-postgresql-2.1.55.15-0.7.3 spacewalk-backend-tools-2.1.55.15-0.7.3 spacewalk-backend-xml-export-libs-2.1.55.15-0.7.3 spacewalk-backend-xmlrpc-2.1.55.15-0.7.3 spacewalk-branding-2.1.33.10-0.7.4 spacewalksd-5.0.14.6-0.7.3 susemanager-2.1.17-0.7.1 susemanager-tools-2.1.17-0.7.1 tanukiwrapper-3.2.3-0.10.3 - SUSE Manager Server (noarch) [New Version: 1.0.3,1.0.4,1.20.2,1.26.13.2,2.1.0.2,2.1.14.6,2.1.14.8,2.1.14.9,2.1.16.6,2.1.165.14,2.1.2.3,2.1.2.4,2.1.27.12,2.1.5,2.1.5.4,2.1.50.11,2.1.6.5,2.1.60.12,2.1.9,5.11.33.7,5.3.18.4,5.4.22.6 and 5.5.71.7]: osa-dispatcher-5.11.33.7-0.7.3 perl-NOCpulse-Object-1.26.13.2-0.7.4 perl-Satcon-1.20.2-0.7.1 rhn-custom-info-5.4.22.6-0.7.4 rhnmd-5.3.18.4-0.7.3 rhnpush-5.5.71.7-0.7.5 sm-ncc-sync-data-2.1.9-0.7.1 spacewalk-admin-2.1.2.4-0.7.1 spacewalk-base-2.1.60.12-0.7.3 spacewalk-base-minimal-2.1.60.12-0.7.3 spacewalk-base-minimal-config-2.1.60.12-0.7.3 spacewalk-certs-tools-2.1.6.5-0.7.2 spacewalk-check-2.1.16.6-0.7.1 spacewalk-client-setup-2.1.16.6-0.7.1 spacewalk-client-tools-2.1.16.6-0.7.1 spacewalk-config-2.1.5.4-0.7.5 spacewalk-doc-indexes-2.1.2.3-0.7.5 spacewalk-grail-2.1.60.12-0.7.3 spacewalk-html-2.1.60.12-0.7.3 spacewalk-java-2.1.165.14-0.7.4 spacewalk-java-config-2.1.165.14-0.7.4 spacewalk-java-lib-2.1.165.14-0.7.4 spacewalk-java-oracle-2.1.165.14-0.7.4 spacewalk-java-postgresql-2.1.165.14-0.7.4 spacewalk-pxt-2.1.60.12-0.7.3 spacewalk-reports-2.1.14.8-0.7.2 spacewalk-search-2.1.14.6-0.7.4 spacewalk-setup-2.1.14.9-0.7.1 spacewalk-setup-jabberd-2.1.0.2-0.7.1 spacewalk-sniglets-2.1.60.12-0.7.3 spacewalk-taskomatic-2.1.165.14-0.7.4 spacewalk-utils-2.1.27.12-0.7.9 supportutils-plugin-susemanager-1.0.3-0.5.1 supportutils-plugin-susemanager-client-1.0.4-0.5.1 susemanager-client-config_en-pdf-2.1-0.15.6 susemanager-install_en-pdf-2.1-0.15.6 susemanager-jsp_en-2.1-0.15.5 susemanager-manuals_en-2.1-0.15.6 susemanager-proxy-quick_en-pdf-2.1-0.15.6 susemanager-reference_en-pdf-2.1-0.15.6 susemanager-schema-2.1.50.11-0.7.1 susemanager-sync-data-2.1.5-0.7.1 susemanager-user_en-pdf-2.1-0.15.6 References: http://support.novell.com/security/cve/CVE-2014-7811.html http://support.novell.com/security/cve/CVE-2014-7812.html https://bugzilla.suse.com/841731 https://bugzilla.suse.com/858971 https://bugzilla.suse.com/880022 https://bugzilla.suse.com/883487 https://bugzilla.suse.com/884350 https://bugzilla.suse.com/886421 https://bugzilla.suse.com/893608 https://bugzilla.suse.com/896029 https://bugzilla.suse.com/897723 https://bugzilla.suse.com/902915 https://bugzilla.suse.com/903064 https://bugzilla.suse.com/904703 https://bugzilla.suse.com/906851 https://bugzilla.suse.com/908317 https://bugzilla.suse.com/909724 https://bugzilla.suse.com/910243 https://bugzilla.suse.com/910482 https://bugzilla.suse.com/910494 https://bugzilla.suse.com/911166 https://bugzilla.suse.com/911180 https://bugzilla.suse.com/911272 https://bugzilla.suse.com/911808 https://bugzilla.suse.com/912035 https://bugzilla.suse.com/912057 https://bugzilla.suse.com/912886 https://bugzilla.suse.com/913215 https://bugzilla.suse.com/913221 https://bugzilla.suse.com/913939 https://bugzilla.suse.com/914260 https://bugzilla.suse.com/914437 https://bugzilla.suse.com/914900 https://bugzilla.suse.com/915140 http://download.suse.com/patch/finder/?keywords=633798fcf3e7e5578376389d347f6221 From sle-updates at lists.suse.com Fri Feb 27 11:12:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Feb 2015 19:12:58 +0100 (CET) Subject: SUSE-RU-2015:0394-1: moderate: Recommended update for SUSE Manager Proxy 2.1 Message-ID: <20150227181258.643543215D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0394-1 Rating: moderate References: #841731 #911272 #913941 Affected Products: SUSE Manager Proxy ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes 18 new package versions. Description: This collective update for SUSE Manager Proxy 2.1 provides the following fixes and enhancements: rhncfg: * Normalize path sooner. * Fix directory creation. spacewalk-backend: * Convert empty string to null for DMI values. (bsc#911272) spacewalk-certs-tools: * Do not allow registering a SUSE Manager server against itself. (bsc#841731) spacewalk-proxy-installer: * Add missing cli arguments. (bsc#913941) spacewalk-remote-utils: * Fix documentation of sw-create-channel option "--name" in the man page. supportutils-plugin-susemanager: * Write current service and repository configuration into supportconfig. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Indications: Everybody should update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy: zypper in -t patch slemap21-suse-manager-proxy-21-201502=10276 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy (x86_64) [New Version: 2.1.55.15,2.5.69.6 and 5.0.14.6]: rhnlib-2.5.69.6-0.7.1 spacewalk-backend-2.1.55.15-0.7.2 spacewalk-backend-libs-2.1.55.15-0.7.2 spacewalksd-5.0.14.6-0.7.1 - SUSE Manager Proxy (noarch) [New Version: 1.0.3,1.0.4,1.26.13.2,2.1.0.2,2.1.16.6,2.1.3.9,2.1.6.5,2.1.6.8,2.1.60.12,2.3.2,5.10.65.10,5.11.33.7,5.3.18.4,5.4.22.6 and 5.5.71.7]: osad-5.11.33.7-0.7.1 perl-NOCpulse-Object-1.26.13.2-0.7.1 rhn-custom-info-5.4.22.6-0.7.2 rhncfg-5.10.65.10-0.7.1 rhncfg-actions-5.10.65.10-0.7.1 rhncfg-client-5.10.65.10-0.7.1 rhncfg-management-5.10.65.10-0.7.1 rhnmd-5.3.18.4-0.7.1 rhnpush-5.5.71.7-0.7.2 spacewalk-base-minimal-2.1.60.12-0.7.1 spacewalk-base-minimal-config-2.1.60.12-0.7.1 spacewalk-certs-tools-2.1.6.5-0.7.1 spacewalk-check-2.1.16.6-0.7.1 spacewalk-client-setup-2.1.16.6-0.7.1 spacewalk-client-tools-2.1.16.6-0.7.1 spacewalk-proxy-docs-2.1.0.4-0.7.1 spacewalk-proxy-html-2.1.0.2-0.7.1 spacewalk-proxy-installer-2.1.6.8-0.7.1 spacewalk-remote-utils-2.1.3.9-0.7.1 spacewalk-setup-jabberd-2.1.0.2-0.7.1 spacewalk-ssl-cert-check-2.3.2-0.7.1 supportutils-plugin-susemanager-client-1.0.4-0.5.1 supportutils-plugin-susemanager-proxy-1.0.3-0.5.1 References: https://bugzilla.suse.com/841731 https://bugzilla.suse.com/911272 https://bugzilla.suse.com/913941 http://download.suse.com/patch/finder/?keywords=bfe151d4c937a5fb7ddcdfa09cc85c27 From sle-updates at lists.suse.com Fri Feb 27 16:04:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Feb 2015 00:04:51 +0100 (CET) Subject: SUSE-RU-2015:0396-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20150227230451.B620432196@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0396-1 Rating: moderate References: #883487 Affected Products: SUSE Manager Client Tools for SLE 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes three new package versions. Description: This update for SUSE Manager Client Tools provides the following fixes and enhancements: koan: * Support RHEL 7 as a valid operating system version. * Fix re-installation on SLE with static network configuration. (bsc#883487) rhncfg: * Normalize path sooner. * Fix directory creation. spacewalk-koan: * Fix netmask calculation on SUSE systems. (bsc#883487) spacewalk-remote-utils: * Fix documentation of sw-create-channel option "--name" in the man page. supportutils-plugin-susemanager: * Write current service and repository configuration into supportconfig. Indications: Everybody should update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP3: zypper in -t patch slesctsp3-client-tools-21-201502=10290 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-client-tools-21-201502=10290 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-client-tools-21-201502=10290 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-client-tools-21-201502=10290 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP3 (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.54.2 rhnlib-2.5.69.6-0.7.1 spacewalk-backend-libs-2.1.55.15-0.7.3 spacewalksd-5.0.14.6-0.7.2 - SUSE Manager Client Tools for SLE 11 SP3 (noarch): osad-5.11.33.7-0.7.2 rhn-custom-info-5.4.22.6-0.7.3 rhn-virtualization-common-5.4.50.5-0.7.2 rhn-virtualization-host-5.4.50.5-0.7.2 rhncfg-5.10.65.10-0.7.2 rhncfg-actions-5.10.65.10-0.7.2 rhncfg-client-5.10.65.10-0.7.2 rhncfg-management-5.10.65.10-0.7.2 rhnmd-5.3.18.4-0.7.2 rhnpush-5.5.71.7-0.7.3 spacewalk-check-2.1.16.6-0.7.1 spacewalk-client-setup-2.1.16.6-0.7.1 spacewalk-client-tools-2.1.16.6-0.7.1 spacewalk-koan-2.1.4.11-0.7.2 spacewalk-remote-utils-2.1.3.9-0.7.2 supportutils-plugin-susemanager-client-1.0.4-0.5.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 2.5.69.6 and 5.0.14.6]: rhnlib-2.5.69.6-0.7.1 spacewalksd-5.0.14.6-0.7.2 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2.1.16.6]: spacewalk-check-2.1.16.6-0.7.1 spacewalk-client-setup-2.1.16.6-0.7.1 spacewalk-client-tools-2.1.16.6-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 2.5.69.6 and 5.0.14.6]: rhnlib-2.5.69.6-0.7.1 spacewalksd-5.0.14.6-0.7.2 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2.1.16.6]: spacewalk-check-2.1.16.6-0.7.1 spacewalk-client-setup-2.1.16.6-0.7.1 spacewalk-client-tools-2.1.16.6-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 2.5.69.6 and 5.0.14.6]: rhnlib-2.5.69.6-0.7.1 spacewalksd-5.0.14.6-0.7.2 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2.1.16.6]: spacewalk-check-2.1.16.6-0.7.1 spacewalk-client-setup-2.1.16.6-0.7.1 spacewalk-client-tools-2.1.16.6-0.7.1 References: https://bugzilla.suse.com/883487 http://download.suse.com/patch/finder/?keywords=1598fdbf9ba5969dd742691a96b4d11d From sle-updates at lists.suse.com Fri Feb 27 17:05:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Feb 2015 01:05:02 +0100 (CET) Subject: SUSE-RU-2015:0397-1: moderate: Recommended update for apache2-mod_python Message-ID: <20150228000502.605D032351@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_python ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:0397-1 Rating: moderate References: #882482 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: apache2-mod_python has been rebuilt against the latest Python release. Indications: Everybody should update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_python=10272 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_python=10272 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_python=10272 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 x86_64): apache2-mod_python-3.3.1-147.24.104 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_python-3.3.1-147.24.104 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_python-3.3.1-147.24.104 References: https://bugzilla.suse.com/882482 http://download.suse.com/patch/finder/?keywords=290b019a5ad5a53d1a6b03dc5daf9637 From sle-updates at lists.suse.com Sat Feb 28 04:46:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Feb 2015 12:46:52 +0100 (CET) Subject: SUSE-SU-2015:0398-1: moderate: Security update for xorg-x11-server Message-ID: <20150228114652.541473238F@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0398-1 Rating: moderate References: #915810 Cross-References: CVE-2015-0255 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: xorg-x11-server was updated to fix one security issue. This security issue was fixed: - CVE-2015-0255: Check string lenghts in XkbSetGeometry request (bnc#915810) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-102=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-102=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-102=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-sdk-7.6_1.15.2-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 References: http://support.novell.com/security/cve/CVE-2015-0255.html https://bugzilla.suse.com/915810 From sle-updates at lists.suse.com Sat Feb 28 04:46:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Feb 2015 12:46:52 +0100 (CET) Subject: SUSE-SU-2015:0401-1: moderate: Security update for xorg-x11-server Message-ID: <20150228114652.574343239D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0401-1 Rating: moderate References: #915810 Cross-References: CVE-2015-0255 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: xorg-x11-server was updated to fix one security issue. This security issue was fixed: - CVE-2015-0255: Check string lenghts in XkbSetGeometry request (bnc#915810) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-102=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-102=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-102=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-sdk-7.6_1.15.2-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 References: http://support.novell.com/security/cve/CVE-2015-0255.html https://bugzilla.suse.com/915810 From sle-updates at lists.suse.com Sat Feb 28 04:46:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Feb 2015 12:46:52 +0100 (CET) Subject: SUSE-SU-2015:0403-1: moderate: Security update for xorg-x11-server Message-ID: <20150228114652.4CB01320B7@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0403-1 Rating: moderate References: #915810 Cross-References: CVE-2015-0255 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: xorg-x11-server was updated to fix one security issue. This security issue was fixed: - CVE-2015-0255: Check string lenghts in XkbSetGeometry request (bnc#915810) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-102=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-102=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-102=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-sdk-7.6_1.15.2-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 References: http://support.novell.com/security/cve/CVE-2015-0255.html https://bugzilla.suse.com/915810 From sle-updates at lists.suse.com Sat Feb 28 04:46:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Feb 2015 12:46:52 +0100 (CET) Subject: SUSE-SU-2015:0400-1: moderate: Security update for xorg-x11-server Message-ID: <20150228114652.5B8573239A@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0400-1 Rating: moderate References: #915810 Cross-References: CVE-2015-0255 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: xorg-x11-server was updated to fix one security issue. This security issue was fixed: - CVE-2015-0255: Check string lenghts in XkbSetGeometry request (bnc#915810) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-102=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-102=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-102=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-sdk-7.6_1.15.2-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 References: http://support.novell.com/security/cve/CVE-2015-0255.html https://bugzilla.suse.com/915810 From sle-updates at lists.suse.com Sat Feb 28 04:46:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Feb 2015 12:46:52 +0100 (CET) Subject: SUSE-SU-2015:0402-1: moderate: Security update for xorg-x11-server Message-ID: <20150228114652.500793239C@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0402-1 Rating: moderate References: #915810 Cross-References: CVE-2015-0255 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: xorg-x11-server was updated to fix one security issue. This security issue was fixed: - CVE-2015-0255: Check string lenghts in XkbSetGeometry request (bnc#915810) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-102=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-102=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-102=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-sdk-7.6_1.15.2-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 References: http://support.novell.com/security/cve/CVE-2015-0255.html https://bugzilla.suse.com/915810 From sle-updates at lists.suse.com Sat Feb 28 04:46:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Feb 2015 12:46:52 +0100 (CET) Subject: SUSE-SU-2015:0399-1: moderate: Security update for xorg-x11-server Message-ID: <20150228114652.5DE723239E@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0399-1 Rating: moderate References: #915810 Cross-References: CVE-2015-0255 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: xorg-x11-server was updated to fix one security issue. This security issue was fixed: - CVE-2015-0255: Check string lenghts in XkbSetGeometry request (bnc#915810) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-102=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-102=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-102=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-sdk-7.6_1.15.2-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xorg-x11-server-7.6_1.15.2-21.1 xorg-x11-server-debuginfo-7.6_1.15.2-21.1 xorg-x11-server-debugsource-7.6_1.15.2-21.1 xorg-x11-server-extra-7.6_1.15.2-21.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-21.1 References: http://support.novell.com/security/cve/CVE-2015-0255.html https://bugzilla.suse.com/915810