From sle-updates at lists.suse.com Wed Jul 1 04:05:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2015 12:05:21 +0200 (CEST) Subject: SUSE-RU-2015:1163-1: moderate: Recommended update for sysconfig Message-ID: <20150701100521.2F07332088@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1163-1 Rating: moderate References: #895447 #900982 #909307 #912891 #930309 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for sysconfig provides the following fixes: - Use correct name of ntp systemd service in ntp-runtime. (bsc#930309) - Add explicit dependency on /bin/logger. - Add variables for handling of DHCPv4 user-class. (bsc#909307) - Use domain name from hostname: when there is no dns domain or search list provided (by dhcp), but a hostname as FQDN, use it's domain for /etc/resolv.conf search list. (bsc#912891) - Merge NetworkManager settings on -m. (bsc#900982) - Kill all NetworkManager child processes on migration: before we stop (the always running) NetworkManager.service, ensure to kill all (child) processes when migrating from the NETWORKMANAGER=no variable. (bsc#895447) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-290=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-290=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): sysconfig-0.83.8-7.1 sysconfig-debuginfo-0.83.8-7.1 sysconfig-debugsource-0.83.8-7.1 sysconfig-netconfig-0.83.8-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): sysconfig-0.83.8-7.1 sysconfig-debuginfo-0.83.8-7.1 sysconfig-debugsource-0.83.8-7.1 sysconfig-netconfig-0.83.8-7.1 References: https://bugzilla.suse.com/895447 https://bugzilla.suse.com/900982 https://bugzilla.suse.com/909307 https://bugzilla.suse.com/912891 https://bugzilla.suse.com/930309 From sle-updates at lists.suse.com Wed Jul 1 04:06:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2015 12:06:36 +0200 (CEST) Subject: SUSE-RU-2015:1164-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20150701100636.68F253208B@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1164-1 Rating: moderate References: #920295 #921526 #924712 #926647 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for cloud-regionsrv-client provides the following fixes: - Do not modify /etc/hosts file if a registrations exists, the registration data is consistent and the configured SMT server is reachable. (bsc#926647) - Write instance data to /var/lib into a randomly generated file name. (bsc#924712) - Add missing provides for the generic configuration. Resolves improper conflict between -plugin-gce and the generic configuration. - Implement new --force-new command line option for registration code fo on demand images. (bsc#921526) - Improve logging information on registration failure in SLES 12. (bsc#920295) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-289=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-6.3.17-15.1 cloud-regionsrv-client-generic-config-1.0.0-15.1 cloud-regionsrv-client-plugin-gce-1.0.0-15.1 References: https://bugzilla.suse.com/920295 https://bugzilla.suse.com/921526 https://bugzilla.suse.com/924712 https://bugzilla.suse.com/926647 From sle-updates at lists.suse.com Wed Jul 1 05:05:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2015 13:05:23 +0200 (CEST) Subject: SUSE-RU-2015:1165-1: Recommended update for rubygem-chef Message-ID: <20150701110523.0E3BB3208B@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1165-1 Rating: low References: #772965 #926549 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This recommended update for rubygem-chef provides the following fix: - Rewrite zypper-retry to use the ZYPP_LOCK_TIMEOUT environment variable, which was introduced to fix the original bug this wrapper worked around (see bnc#772965). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-293=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-293=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (x86_64): ruby2.1-rubygem-chef-10.32.2-5.1 rubygem-chef-10.32.2-5.1 - SUSE Enterprise Storage 1.0 (x86_64): ruby2.1-rubygem-chef-10.32.2-5.1 rubygem-chef-10.32.2-5.1 References: https://bugzilla.suse.com/772965 https://bugzilla.suse.com/926549 From sle-updates at lists.suse.com Wed Jul 1 05:06:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2015 13:06:01 +0200 (CEST) Subject: SUSE-RU-2015:1166-1: moderate: Recommended update for kdump Message-ID: <20150701110601.1AE463208B@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1166-1 Rating: moderate References: #900134 #900418 #909515 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for kdump provides the following fixes: - Set up device timeout for kdump mounts. (bsc#909515) - Make sure system root is not mounted in kdump initrd. (bsc#900134) - Add the kdump-root.sh hook to the list of installed files. (bsc#900134) - Always pass kernel version to dracut. (bsc#900418) - Avoid Xen kernels as kdump kernel. (bsc#900418) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-291=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-291=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kdump-0.8.15-14.1 kdump-debuginfo-0.8.15-14.1 kdump-debugsource-0.8.15-14.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kdump-0.8.15-14.1 kdump-debuginfo-0.8.15-14.1 kdump-debugsource-0.8.15-14.1 References: https://bugzilla.suse.com/900134 https://bugzilla.suse.com/900418 https://bugzilla.suse.com/909515 From sle-updates at lists.suse.com Wed Jul 1 05:07:14 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jul 2015 13:07:14 +0200 (CEST) Subject: SUSE-RU-2015:1167-1: Recommended update for rubygem-bunny-0_6 Message-ID: <20150701110714.433763208B@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-bunny-0_6 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1167-1 Rating: low References: #910815 #926549 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This recommended update for rubygem-bunny-0_6 provides the following fix: - Do not set frame_max to 131072 by default when this version of the code actually doesn't support this (bnc#910815). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-292=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-292=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (x86_64): ruby2.1-rubygem-bunny-0_6-0.6.0-4.1 - SUSE Enterprise Storage 1.0 (x86_64): ruby2.1-rubygem-bunny-0_6-0.6.0-4.1 References: https://bugzilla.suse.com/910815 https://bugzilla.suse.com/926549 From sle-updates at lists.suse.com Thu Jul 2 09:05:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2015 17:05:23 +0200 (CEST) Subject: SUSE-SU-2015:1173-1: important: Security update for ntp Message-ID: <20150702150523.7500C3208B@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1173-1 Rating: important References: #924202 #928321 #935409 Cross-References: CVE-2015-1799 CVE-2015-3405 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: ntp was updated to fix two security issues: * CVE-2015-1799: ntpd authentication did not protect symmetric associations against DoS attacks (bsc#924202) * CVE-2015-3405: ntp-keygen may generate non-random symmetric keys on big-endian systems (bsc#928321) Security Issues: * CVE-2015-1799 * CVE-2015-3405 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-ntp=10804 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-ntp=10804 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-ntp=10804 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ntp-4.2.4p8-1.29.36.1 ntp-doc-4.2.4p8-1.29.36.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.4p8-1.29.36.1 ntp-doc-4.2.4p8-1.29.36.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): ntp-4.2.4p8-1.29.36.1 ntp-doc-4.2.4p8-1.29.36.1 References: https://www.suse.com/security/cve/CVE-2015-1799.html https://www.suse.com/security/cve/CVE-2015-3405.html https://bugzilla.suse.com/924202 https://bugzilla.suse.com/928321 https://bugzilla.suse.com/935409 https://download.suse.com/patch/finder/?keywords=01d100dcc703803037ff705ec9182df6 From sle-updates at lists.suse.com Thu Jul 2 09:06:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2015 17:06:11 +0200 (CEST) Subject: SUSE-SU-2015:1174-1: moderate: Security update for Linux Kernel Message-ID: <20150702150611.BAA1C3208B@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1174-1 Rating: moderate References: #831029 #877456 #889221 #891212 #891641 #900881 #902286 #904242 #904883 #904901 #906027 #908706 #909309 #909312 #909477 #909684 #910517 #911326 #912202 #912741 #913080 #913598 #914726 #914742 #914818 #914987 #915045 #915200 #915577 #916521 #916848 #917093 #917120 #917648 #917684 #917830 #917839 #918333 #919007 #919018 #919357 #919463 #919589 #919682 #919808 #921769 #922583 #923344 #924142 #924271 #924333 #924340 #925012 #925370 #925443 #925567 #925729 #926016 #926240 #926439 #926767 #927190 #927257 #927262 #927338 #928122 #928130 #928142 #928333 #928970 #929145 #929148 #929283 #929525 #929647 #930145 #930171 #930226 #930284 #930401 #930669 #930786 #930788 #931014 #931015 #931850 Cross-References: CVE-2014-8086 CVE-2014-8159 CVE-2014-9419 CVE-2014-9529 CVE-2014-9683 CVE-2015-0777 CVE-2015-1421 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3339 CVE-2015-3636 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 SLE 11 SERVER Unsupported Extras ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 71 fixes is now available. It includes one version update. Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues. The following vulnerabilities have been fixed: * CVE-2015-3636: A missing sk_nulls_node_init() in ping_unhash() inside the ipv4 stack can cause crashes if a disconnect is followed by another connect() attempt. (bnc#929525) * CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bnc#928130) * CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bnc#927257) * CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. (bnc#922583) * CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bnc#926240) * CVE-2015-2150: XSA-120: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. (bnc#919463) * CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. (bnc#919018) * CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. (bnc#919007) * CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. (bnc#915577) * CVE-2015-0777: drivers/xen/usbback/usbback.c in 1 -2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bnc#917830) * CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. (bnc#918333) * CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. (bnc#912202) * CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. (bnc#911326) * CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bnc#914742) * CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. (bnc#900881) Also the following non-security bugs have been fixed: * mm: exclude reserved pages from dirtyable memory (bnc#931015, bnc#930788). * mm: fix calculation of dirtyable memory (bnc#931015, bnc#930788). * mm/page-writeback.c: fix dirty_balance_reserve subtraction from dirtyable memory (bnc#931015, bnc#930788). * mm, oom: fix and cleanup oom score calculations (bnc#930171). * mm: fix anon_vma->degree underflow in anon_vma endless growing prevention (bnc#904242). * mm, slab: lock the correct nodelist after reenabling irqs (bnc#926439). * x86: irq: Check for valid irq descriptor incheck_irq_vectors_for_cpu_disable (bnc#914726). * x86/mce: Introduce mce_gather_info() (bsc#914987). * x86/mce: Fix mce regression from recent cleanup (bsc#914987). * x86/mce: Update MCE severity condition check (bsc#914987). * x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850). * x86/reboot: Fix a warning message triggered by stop_other_cpus() (bnc#930284). * x86/apic/uv: Update the UV APIC HUB check (bsc#929145). * x86/apic/uv: Update the UV APIC driver check (bsc#929145). * x86/apic/uv: Update the APIC UV OEM check (bsc#929145). * kabi: invalidate removed sys_elem_dir::children (bnc#919589). * kabi: fix for changes in the sysfs_dirent structure (bnc#919589). * iommu/amd: Correctly encode huge pages in iommu page tables (bsc#931014). * iommu/amd: Optimize amd_iommu_iova_to_phys for new fetch_pte interface (bsc#931014). * iommu/amd: Optimize alloc_new_range for new fetch_pte interface (bsc#931014). * iommu/amd: Optimize iommu_unmap_page for new fetch_pte interface (bsc#931014). * iommu/amd: Return the pte page-size in fetch_pte (bsc#931014). * rtc: Prevent the automatic reboot after powering off the system (bnc#930145) * rtc: Restore the RTC alarm time to the configured alarm time in BIOS Setup (bnc#930145, bnc#927262). * rtc: Add more TGCS models for alarm disable quirk (bnc#927262). * kernel: Fix IA64 kernel/kthread.c build woes. Hide #include <1/hardirq.h> from kABI checker. * cpu: Correct cpu affinity for dlpar added cpus (bsc#928970). * proc: deal with deadlock in d_walk fix (bnc#929148, bnc#929283). * proc: /proc/stat: convert to single_open_size() (bnc#928122). * proc: new helper: single_open_size() (bnc#928122). * proc: speed up /proc/stat handling (bnc#928122). * sched: Fix potential near-infinite distribute_cfs_runtime() loop (bnc#930786) * tty: Correct tty buffer flush (bnc#929647). * tty: hold lock across tty buffer finding and buffer filling (bnc#929647). * fork: report pid reservation failure properly (bnc#909684). * random: Fix add_timer_randomness throttling (bsc#904883,bsc#904901,FATE#317374). * random: account for entropy loss due to overwrites (FATE#317374). * random: allow fractional bits to be tracked (FATE#317374). * random: statically compute poolbitshift, poolbytes, poolbits (FATE#317374). * crypto: Limit allocation of crypto mechanisms to dialect which requires (bnc#925729). * net: relax rcvbuf limits (bug#923344). * udp: only allow UFO for packets from SOCK_DGRAM sockets (bnc#909309). * acpi / sysfs: Treat the count field of counter_show() as unsigned (bnc#909312). * acpi / osl: speedup grace period in acpi_os_map_cleanup (bnc#877456). * btrfs: upstream fixes from 3.18 * btrfs: fix race when reusing stale extent buffers that leads to BUG_ON. * btrfs: btrfs_release_extent_buffer_page did not free pages of dummy extent (bnc#930226, bnc#916521). * btrfs: set error return value in btrfs_get_blocks_direct. * btrfs: fix off-by-one in cow_file_range_inline(). * btrfs: wake up transaction thread from SYNC_FS ioctl. * btrfs: fix wrong fsid check of scrub. * btrfs: try not to ENOSPC on log replay. * btrfs: fix build_backref_tree issue with multiple shared blocks. * btrfs: add missing end_page_writeback on submit_extent_page failure. * btrfs: fix crash of btrfs_release_extent_buffer_page. * btrfs: fix race in WAIT_SYNC ioctl. * btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup. * btrfs: cleanup orphans while looking up default subvolume (bsc#914818). * btrfs: fix lost return value due to variable shadowing. * btrfs: abort the transaction if we fail to update the free space cache inode. * btrfs: fix scheduler warning when syncing log. * btrfs: add more checks to btrfs_read_sys_array. * btrfs: cleanup, rename a few variables in btrfs_read_sys_array. * btrfs: add checks for sys_chunk_array sizes. * btrfs: more superblock checks, lower bounds on devices and sectorsize/nodesize. * btrfs: fix setup_leaf_for_split() to avoid leaf corruption. * btrfs: fix typos in btrfs_check_super_valid. * btrfs: use macro accessors in superblock validation checks. * btrfs: add more superblock checks. * btrfs: avoid premature -ENOMEM in clear_extent_bit(). * btrfs: avoid returning -ENOMEM in convert_extent_bit() too early. * btrfs: call inode_dec_link_count() on mkdir error path. * btrfs: fix fs corruption on transaction abort if device supports discard. * btrfs: make sure we wait on logged extents when fsycning two subvols. * btrfs: make xattr replace operations atomic. * xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (bnc#913080, bnc#912741). * xfs: prevent deadlock trying to cover an active log (bsc#917093). * xfs: introduce xfs_bmapi_read() (bnc#891641). * xfs: factor extent map manipulations out of xfs_bmapi (bnc#891641). * nfs: Fix a regression in nfs_file_llseek() (bnc#930401). * nfs: do not try to use lock state when we hold a delegation (bnc#831029) - add to series.conf * sunrpc: Fix the execution time statistics in the face of RPC restarts (bnc#924271). * fsnotify: Fix handling of renames in audit (bnc#915200). * configfs: fix race between dentry put and lookup (bnc#924333). * fs/pipe.c: add ->statfs callback for pipefs (bsc#916848). * fs/buffer.c: make block-size be per-page and protected by the page lock (bnc#919357). * st: fix corruption of the st_modedef structures in st_set_options() (bnc#928333). * lpfc: Fix race on command completion (bnc#906027,bnc#889221). * cifs: fix use-after-free bug in find_writable_file (bnc#909477). * sysfs: Make sysfs_rename safe with sysfs_dirents in rbtrees (bnc#919589). * sysfs: use rb-tree for inode number lookup (bnc#919589). * sysfs: use rb-tree for name lookups (bnc#919589). * dasd: Fix inability to set a DASD device offline (bnc#927338, LTC#123905). * dasd: Fix device having no paths after suspend/resume (bnc#927338, LTC#123896). * dasd: Fix unresumed device after suspend/resume (bnc#927338, LTC#123892). * dasd: Missing partition after online processing (bnc#917120, LTC#120565). * af_iucv: fix AF_IUCV sendmsg() errno (bnc#927338, LTC#123304). * s390: avoid z13 cache aliasing (bnc#925012). * s390: enable large page support with CONFIG_DEBUG_PAGEALLOC (bnc#925012). * s390: z13 base performance (bnc#925012, LTC#KRN1514). * s390/spinlock: cleanup spinlock code (bnc#925012). * s390/spinlock: optimize spinlock code sequence (bnc#925012). * s390/spinlock,rwlock: always to a load-and-test first (bnc#925012). * s390/spinlock: refactor arch_spin_lock_wait[_flags] (bnc#925012). * s390/spinlock: optimize spin_unlock code (bnc#925012). * s390/rwlock: add missing local_irq_restore calls (bnc#925012). * s390/time: use stck clock fast for do_account_vtime (bnc#925012). * s390/kernel: use stnsm 255 instead of stosm 0 (bnc#925012). * s390/mm: align 64-bit PIE binaries to 4GB (bnc#925012). * s390/mm: use pfmf instruction to initialize storage keys (bnc#925012). * s390/mm: speedup storage key initialization (bnc#925012). * s390/memory hotplug: initialize storage keys (bnc#925012). * s390/memory hotplug: use pfmf instruction to initialize storage keys (bnc#925012). * s390/facilities: cleanup PFMF and HPAGE machine facility detection (bnc#925012). * powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH (bsc#928142). * powerpc+sparc64/mm: Remove hack in mmap randomize layout (bsc#917839). * powerpc: Make chip-id information available to userspace (bsc#919682). * powerpc/mm: Fix mmap errno when MAP_FIXED is set and mapping exceeds the allowed address space (bsc#930669). * ib/ipoib: Add missing locking when CM object is deleted (bsc#924340). * ib/ipoib: Fix RCU pointer dereference of wrong object (bsc#924340). * IPoIB: Fix race in deleting ipoib_neigh entries (bsc#924340). * IPoIB: Fix ipoib_neigh hashing to use the correct daddr octets (bsc#924340). * IPoIB: Fix AB-BA deadlock when deleting neighbours (bsc#924340). * IPoIB: Fix memory leak in the neigh table deletion flow (bsc#924340). * ch: fixup refcounting imbalance for SCSI devices (bsc#925443). * ch: remove ch_mutex (bnc#925443). * DLPAR memory add failed on Linux partition (bsc#927190). * Revert "pseries/iommu: Remove DDW on kexec" (bsc#926016). * Revert "powerpc/pseries/iommu: remove default window before attempting DDW manipulation" (bsc#926016). * alsa: hda_intel: apply the Seperate stream_tag for Sunrise Point (bsc#925370). * alsa: hda_intel: apply the Seperate stream_tag for Skylake (bsc#925370). * alsa: hda_controller: Separate stream_tag for input and output streams (bsc#925370). * md: do not give up looking for spares on first failure-to-add (bnc#908706). * md: fix safe_mode buglet (bnc#926767). * md: do not wait for plug_cnt to go to zero (bnc#891641). * epoll: fix use-after-free in eventpoll_release_file (epoll scaling). * eventpoll: use-after-possible-free in epoll_create1() (bug#917648). * direct-io: do not read inode->i_blkbits multiple times (bnc#919357). * scsifront: do not use bitfields for indicators modified under different locks. * msi: also reject resource with flags all clear. * pvscsi: support suspend/resume (bsc#902286). * Do not switch internal CDC device on IBM NeXtScale nx360 M5 (bnc#913598). * dm: optimize use SRCU and RCU (bnc#910517). * uvc: work on XHCI controllers without ring expansion (bnc#915045). * qla2xxx: Do not crash system for sp ref count zero (bnc#891212,bsc#917684). * megaraid_sas : Update threshold based reply post host index register (bnc#919808). * bnx2x: Fix kdump when iommu=on (bug#921769). * Provide/Obsolete all subpackages of old flavors (bnc#925567) * tgcs: Ichigan 6140-x3x Integrated touchscreen is not precised (bnc#924142). Security Issues: * CVE-2014-8086 * CVE-2014-8159 * CVE-2014-9419 * CVE-2014-9529 * CVE-2014-9683 * CVE-2015-0777 * CVE-2015-1421 * CVE-2015-2041 * CVE-2015-2042 * CVE-2015-2150 * CVE-2015-2830 * CVE-2015-2922 * CVE-2015-3331 * CVE-2015-3339 * CVE-2015-3636 Indications: Everyone using the Linux Kernel on x86_64 architecture should update. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-kernel=10717 slessp3-kernel=10740 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-kernel=10717 slessp3-kernel=10718 slessp3-kernel=10719 slessp3-kernel=10720 slessp3-kernel=10740 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-kernel=10717 slehasp3-kernel=10718 slehasp3-kernel=10719 slehasp3-kernel=10720 slehasp3-kernel=10740 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-kernel=10717 sledsp3-kernel=10740 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.55.1 kernel-default-base-3.0.101-0.47.55.1 kernel-default-devel-3.0.101-0.47.55.1 kernel-source-3.0.101-0.47.55.1 kernel-syms-3.0.101-0.47.55.1 kernel-trace-3.0.101-0.47.55.1 kernel-trace-base-3.0.101-0.47.55.1 kernel-trace-devel-3.0.101-0.47.55.1 kernel-xen-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.55.1 kernel-pae-base-3.0.101-0.47.55.1 kernel-pae-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.55.1 kernel-default-base-3.0.101-0.47.55.1 kernel-default-devel-3.0.101-0.47.55.1 kernel-source-3.0.101-0.47.55.1 kernel-syms-3.0.101-0.47.55.1 kernel-trace-3.0.101-0.47.55.1 kernel-trace-base-3.0.101-0.47.55.1 kernel-trace-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-ec2-3.0.101-0.47.55.1 kernel-ec2-base-3.0.101-0.47.55.1 kernel-ec2-devel-3.0.101-0.47.55.1 kernel-xen-3.0.101-0.47.55.1 kernel-xen-base-3.0.101-0.47.55.1 kernel-xen-devel-3.0.101-0.47.55.1 xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-3.0.101-0.47.55.1 kernel-bigsmp-base-3.0.101-0.47.55.1 kernel-bigsmp-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 (s390x) [New Version: 3.0.101]: kernel-default-man-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64) [New Version: 3.0.101]: kernel-ppc64-3.0.101-0.47.55.1 kernel-ppc64-base-3.0.101-0.47.55.1 kernel-ppc64-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Server 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.55.1 kernel-pae-base-3.0.101-0.47.55.1 kernel-pae-devel-3.0.101-0.47.55.1 xen-kmp-pae-4.2.5_08_3.0.101_0.47.55-0.7.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): cluster-network-kmp-default-1.4_3.0.101_0.47.55-2.28.1.21 cluster-network-kmp-trace-1.4_3.0.101_0.47.55-2.28.1.21 gfs2-kmp-default-2_3.0.101_0.47.55-0.17.1.21 gfs2-kmp-trace-2_3.0.101_0.47.55-0.17.1.21 ocfs2-kmp-default-1.6_3.0.101_0.47.55-0.21.1.21 ocfs2-kmp-trace-1.6_3.0.101_0.47.55-0.21.1.21 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 x86_64): cluster-network-kmp-xen-1.4_3.0.101_0.47.55-2.28.1.21 gfs2-kmp-xen-2_3.0.101_0.47.55-0.17.1.21 ocfs2-kmp-xen-1.6_3.0.101_0.47.55-0.21.1.21 - SUSE Linux Enterprise High Availability Extension 11 SP3 (x86_64): cluster-network-kmp-bigsmp-1.4_3.0.101_0.47.55-2.28.1.21 gfs2-kmp-bigsmp-2_3.0.101_0.47.55-0.17.1.21 ocfs2-kmp-bigsmp-1.6_3.0.101_0.47.55-0.21.1.21 - SUSE Linux Enterprise High Availability Extension 11 SP3 (ppc64): cluster-network-kmp-ppc64-1.4_3.0.101_0.47.55-2.28.1.21 gfs2-kmp-ppc64-2_3.0.101_0.47.55-0.17.1.21 ocfs2-kmp-ppc64-1.6_3.0.101_0.47.55-0.21.1.21 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586): cluster-network-kmp-pae-1.4_3.0.101_0.47.55-2.28.1.21 gfs2-kmp-pae-2_3.0.101_0.47.55-0.17.1.21 ocfs2-kmp-pae-1.6_3.0.101_0.47.55-0.21.1.21 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 3.0.101]: kernel-default-3.0.101-0.47.55.1 kernel-default-base-3.0.101-0.47.55.1 kernel-default-devel-3.0.101-0.47.55.1 kernel-default-extra-3.0.101-0.47.55.1 kernel-source-3.0.101-0.47.55.1 kernel-syms-3.0.101-0.47.55.1 kernel-trace-devel-3.0.101-0.47.55.1 kernel-xen-3.0.101-0.47.55.1 kernel-xen-base-3.0.101-0.47.55.1 kernel-xen-devel-3.0.101-0.47.55.1 kernel-xen-extra-3.0.101-0.47.55.1 xen-kmp-default-4.2.5_08_3.0.101_0.47.55-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 3.0.101]: kernel-bigsmp-devel-3.0.101-0.47.55.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586) [New Version: 3.0.101]: kernel-pae-3.0.101-0.47.55.1 kernel-pae-base-3.0.101-0.47.55.1 kernel-pae-devel-3.0.101-0.47.55.1 kernel-pae-extra-3.0.101-0.47.55.1 xen-kmp-pae-4.2.5_08_3.0.101_0.47.55-0.7.1 - SLE 11 SERVER Unsupported Extras (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.55.1 - SLE 11 SERVER Unsupported Extras (i586 x86_64): kernel-xen-extra-3.0.101-0.47.55.1 - SLE 11 SERVER Unsupported Extras (x86_64): kernel-bigsmp-extra-3.0.101-0.47.55.1 - SLE 11 SERVER Unsupported Extras (ppc64): kernel-ppc64-extra-3.0.101-0.47.55.1 - SLE 11 SERVER Unsupported Extras (i586): kernel-pae-extra-3.0.101-0.47.55.1 References: https://www.suse.com/security/cve/CVE-2014-8086.html https://www.suse.com/security/cve/CVE-2014-8159.html https://www.suse.com/security/cve/CVE-2014-9419.html https://www.suse.com/security/cve/CVE-2014-9529.html https://www.suse.com/security/cve/CVE-2014-9683.html https://www.suse.com/security/cve/CVE-2015-0777.html https://www.suse.com/security/cve/CVE-2015-1421.html https://www.suse.com/security/cve/CVE-2015-2041.html https://www.suse.com/security/cve/CVE-2015-2042.html https://www.suse.com/security/cve/CVE-2015-2150.html https://www.suse.com/security/cve/CVE-2015-2830.html https://www.suse.com/security/cve/CVE-2015-2922.html https://www.suse.com/security/cve/CVE-2015-3331.html https://www.suse.com/security/cve/CVE-2015-3339.html https://www.suse.com/security/cve/CVE-2015-3636.html https://bugzilla.suse.com/831029 https://bugzilla.suse.com/877456 https://bugzilla.suse.com/889221 https://bugzilla.suse.com/891212 https://bugzilla.suse.com/891641 https://bugzilla.suse.com/900881 https://bugzilla.suse.com/902286 https://bugzilla.suse.com/904242 https://bugzilla.suse.com/904883 https://bugzilla.suse.com/904901 https://bugzilla.suse.com/906027 https://bugzilla.suse.com/908706 https://bugzilla.suse.com/909309 https://bugzilla.suse.com/909312 https://bugzilla.suse.com/909477 https://bugzilla.suse.com/909684 https://bugzilla.suse.com/910517 https://bugzilla.suse.com/911326 https://bugzilla.suse.com/912202 https://bugzilla.suse.com/912741 https://bugzilla.suse.com/913080 https://bugzilla.suse.com/913598 https://bugzilla.suse.com/914726 https://bugzilla.suse.com/914742 https://bugzilla.suse.com/914818 https://bugzilla.suse.com/914987 https://bugzilla.suse.com/915045 https://bugzilla.suse.com/915200 https://bugzilla.suse.com/915577 https://bugzilla.suse.com/916521 https://bugzilla.suse.com/916848 https://bugzilla.suse.com/917093 https://bugzilla.suse.com/917120 https://bugzilla.suse.com/917648 https://bugzilla.suse.com/917684 https://bugzilla.suse.com/917830 https://bugzilla.suse.com/917839 https://bugzilla.suse.com/918333 https://bugzilla.suse.com/919007 https://bugzilla.suse.com/919018 https://bugzilla.suse.com/919357 https://bugzilla.suse.com/919463 https://bugzilla.suse.com/919589 https://bugzilla.suse.com/919682 https://bugzilla.suse.com/919808 https://bugzilla.suse.com/921769 https://bugzilla.suse.com/922583 https://bugzilla.suse.com/923344 https://bugzilla.suse.com/924142 https://bugzilla.suse.com/924271 https://bugzilla.suse.com/924333 https://bugzilla.suse.com/924340 https://bugzilla.suse.com/925012 https://bugzilla.suse.com/925370 https://bugzilla.suse.com/925443 https://bugzilla.suse.com/925567 https://bugzilla.suse.com/925729 https://bugzilla.suse.com/926016 https://bugzilla.suse.com/926240 https://bugzilla.suse.com/926439 https://bugzilla.suse.com/926767 https://bugzilla.suse.com/927190 https://bugzilla.suse.com/927257 https://bugzilla.suse.com/927262 https://bugzilla.suse.com/927338 https://bugzilla.suse.com/928122 https://bugzilla.suse.com/928130 https://bugzilla.suse.com/928142 https://bugzilla.suse.com/928333 https://bugzilla.suse.com/928970 https://bugzilla.suse.com/929145 https://bugzilla.suse.com/929148 https://bugzilla.suse.com/929283 https://bugzilla.suse.com/929525 https://bugzilla.suse.com/929647 https://bugzilla.suse.com/930145 https://bugzilla.suse.com/930171 https://bugzilla.suse.com/930226 https://bugzilla.suse.com/930284 https://bugzilla.suse.com/930401 https://bugzilla.suse.com/930669 https://bugzilla.suse.com/930786 https://bugzilla.suse.com/930788 https://bugzilla.suse.com/931014 https://bugzilla.suse.com/931015 https://bugzilla.suse.com/931850 https://download.suse.com/patch/finder/?keywords=03bfa6c75cb5a4cc6051fbc3690140d3 https://download.suse.com/patch/finder/?keywords=33f906d57c7adfdab2c5c7c702cdcc35 https://download.suse.com/patch/finder/?keywords=3e0de0ca574129367fbd700f1fcd6a34 https://download.suse.com/patch/finder/?keywords=613faa6f2a4360fe9998cf1191971acd https://download.suse.com/patch/finder/?keywords=75c42977aa44422b8e12040ea373b902 https://download.suse.com/patch/finder/?keywords=81a75ad520ef4ea9b9c573a7a188dc57 https://download.suse.com/patch/finder/?keywords=8c54aaa27bf9a5984cc9911a7413d962 https://download.suse.com/patch/finder/?keywords=ad2768d3cc62a7649f30b1411b1594c7 https://download.suse.com/patch/finder/?keywords=ba8477a089d848b7d15e1cde80ddf9a0 https://download.suse.com/patch/finder/?keywords=eafe120fa23e6b5da6394f829b734878 From sle-updates at lists.suse.com Thu Jul 2 10:05:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2015 18:05:24 +0200 (CEST) Subject: SUSE-RU-2015:1175-1: moderate: Recommended update for Package Management Stack Message-ID: <20150702160524.D7E0A32089@maintenance.suse.de> SUSE Recommended Update: Recommended update for Package Management Stack ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1175-1 Rating: moderate References: #725867 #820693 #828631 #832519 #848054 #892431 #893294 #896224 #897301 #899510 #899603 #899781 #899907 #901590 #901691 #903405 #903675 #904737 #906549 #908135 #908345 #908976 #909143 #909244 #909772 #911335 #911658 #914258 #914284 #915461 #915928 #916254 #919709 #921332 #922352 #923800 #925678 #925696 #927319 #929483 #929528 #929593 #929990 #931601 #932393 #933277 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has 45 fixes is now available. Description: This update provides fixes and enhancements for the Software Update Stack. gnome-packagekit: - Fix title of license agreement window. (bsc#927319) libsolv: - Rework splitprovides handling. (bnc#921332) - Add product:regflavor attribute. (bnc#896224) - Fix bug in reorder_dq_for_jobrules that could lead to crashes. (bnc#899907) - Fix bug in dislike_old_versions that could lead to a segfault. (bnc#922352) - Add manpages for the tools. libzypp: - Add configuration values for gpgcheck, repo_gpgcheck and pkg_gpgcheck to zypp.conf. (FATE#314603) - Support $releasever_major/$releasever_minor repo variables. (FATE#318354) - Support repo variable replacement in service url. - Support repo variable replacement in gpg url. - Add support for SHA224/384/512. - Don't execute scripts in /tmp or /var/tmp, as they could be mounted noexec for security reasons. (bnc#915928) - Let $ZYPP_REPO_RELEASEVER overwrite $releasever in .repo files. (bnc#911658) - Parse and offer productRegisterFlavor attribute. (bnc#896224) - Improve conflict message for locked packages. (bnc#828631) - Fix broken de-escaping in str::splitEscaped. (bnc#909772) - Filter PIDs running in a container. (bnc#909143) - Suppress informal license (no need to accept) upon update. (bnc#908976) - Adapt to gpg-2.1. (bnc#908135) - Call rpm with '--noglob'. (bnc#892431) - Fix URL path concatenation in MediaCurl. (bnc#901590) - Move doxygen html doc to libzypp-devel-doc. (bnc#901691) - Support parsing multiple baseurls from a repo file. (bnc#899510) - Suppress MediaChangeReport while testing multiple baseurls. (bnc#899510) - Fix handling local mirrorlist= files in .repo. (bnc#899510) - Prevent POODLE by talking TLS only. (bnc#903405) - Fix segmentation fault when dumping rpm header with epoch. (bnc#929483) - Handle repository aliases containing ']' correctly. (bnc#929528) - Avoid nested exception on user abort. (bnc#931601) - Fix SSL client certificate authentication via URL option ssl_clientcert/ssl_clientkey. (bnc#932393) libzypp-bindings: - Enforce Python 2.7 libzypp-bindings is not yet ready for Python 3. - Adapt to libzypp changes. zypper: - Implement and document GPG signature checking. (FATE#314603) - Enhance 'Digest verification failed' message and dialog. (FATE#315008) - Refresh plugin services on 'lr' 'ls -r' and 'ref'. (bnc#893294, FATE#318117) Repositories provided by a plugin service (SUSE Manager) must always be (auto-)refreshed to reflect server side changes immediately. - Allow repo:package to reinstall from a different repo. (bnc#725867) - Suppress MediaChangeReport while testing multiple baseurls. (bnc#899510) - A date limit must ignore newer patch candidates. (bnc#919709) - Notify about volatile changes to service repos. (bnc#916254) - Change column header from 'Login' to 'User'. (bnc#915461) - Fix wrong exit status using the --xmlout option. (bnc#914258) - Add new color/pkglistHighlightAttribute to zypper.conf. (bnc#914284) - New global option --releasever: Set the value of the $releasever variable in all .repo files. This can be used to switch to new distribution repositories when performing a distribution upgrade. (bnc#911658) - Clarify legacy warning. (bnc#911335) - Show new product:registerflavor attribute in 'zypper info'. (bnc#896224) - Enhance message text when skipping repos due to an error. (bnc#909244) - Fix additional spaces in zypper output and new colorization code. (bnc#908345) - Properly reset auto-retry counter. (bnc#906549) - Improve patch description in man page. (bnc#904737) - Warn about repositories with 'gpgcheck=0'. (bnc#848054) - Summary: quote names including spaces. (bnc#903675) - Warn if legacy CLI options are used. (bnc#899781) - Fix prompt returning undefined default value after wrong input. (bnc#925696) - Fix typo in man page. (bnc#923800) - Only use ANSI color codes on terminals. (bnc#925678) - Fix table sorting with option --sort-by-priority. (bnc#832519) - Clarify 'zypper lp --date' description. (bnc#929593) - Warn user that deleting a service repository is a volatile change. (bnc#929990) - Adapt Enterprise product detection, fixing display of package's support status. (bnc#933277) - Fix format of sizes in output. (bnc#897301) - Clarify comment in zypper.conf. (bnc#820693) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-294=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-294=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-294=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-294=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): PackageKit-debuginfo-0.8.16-11.15 PackageKit-debugsource-0.8.16-11.15 PackageKit-gstreamer-plugin-0.8.16-11.15 PackageKit-gstreamer-plugin-debuginfo-0.8.16-11.15 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): PackageKit-debuginfo-0.8.16-11.15 PackageKit-debugsource-0.8.16-11.15 PackageKit-devel-0.8.16-11.15 PackageKit-devel-debuginfo-0.8.16-11.15 libpackagekit-glib2-devel-0.8.16-11.15 libsolv-debugsource-0.6.11-8.1 libsolv-devel-0.6.11-8.1 libsolv-devel-debuginfo-0.6.11-8.1 libyui-ncurses-pkg-debugsource-2.46.1-3.4 libyui-ncurses-pkg-devel-2.46.1-3.4 libyui-qt-pkg-debugsource-2.44.7-3.2 libyui-qt-pkg-devel-2.44.7-3.2 libzypp-debuginfo-14.39.0-10.1 libzypp-debugsource-14.39.0-10.1 libzypp-devel-14.39.0-10.1 perl-solv-0.6.11-8.1 perl-solv-debuginfo-0.6.11-8.1 perl-zypp-0.6.4-5.3 typelib-1_0-PackageKitPlugin-1_0-0.8.16-11.15 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): PackageKit-0.8.16-11.15 PackageKit-backend-zypp-0.8.16-11.15 PackageKit-backend-zypp-debuginfo-0.8.16-11.15 PackageKit-debuginfo-0.8.16-11.15 PackageKit-debugsource-0.8.16-11.15 gnome-packagekit-3.10.1-8.13 gnome-packagekit-debuginfo-3.10.1-8.13 gnome-packagekit-debugsource-3.10.1-8.13 libpackagekit-glib2-16-0.8.16-11.15 libpackagekit-glib2-16-debuginfo-0.8.16-11.15 libsolv-debugsource-0.6.11-8.1 libsolv-tools-0.6.11-8.1 libsolv-tools-debuginfo-0.6.11-8.1 libyui-ncurses-pkg-debugsource-2.46.1-3.4 libyui-ncurses-pkg6-2.46.1-3.4 libyui-ncurses-pkg6-debuginfo-2.46.1-3.4 libyui-qt-pkg-debugsource-2.44.7-3.2 libyui-qt-pkg6-2.44.7-3.2 libyui-qt-pkg6-debuginfo-2.44.7-3.2 libzypp-14.39.0-10.1 libzypp-debuginfo-14.39.0-10.1 libzypp-debugsource-14.39.0-10.1 perl-solv-0.6.11-8.1 perl-solv-debuginfo-0.6.11-8.1 python-solv-0.6.11-8.1 python-solv-debuginfo-0.6.11-8.1 python-zypp-0.6.4-5.3 typelib-1_0-PackageKitGlib-1_0-0.8.16-11.15 yast2-pkg-bindings-3.1.20-3.3 yast2-pkg-bindings-debuginfo-3.1.20-3.3 yast2-pkg-bindings-debugsource-3.1.20-3.3 zypper-1.11.32-8.1 zypper-debuginfo-1.11.32-8.1 zypper-debugsource-1.11.32-8.1 - SUSE Linux Enterprise Server 12 (noarch): PackageKit-lang-0.8.16-11.15 gnome-packagekit-lang-3.10.1-8.13 zypper-log-1.11.32-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): PackageKit-0.8.16-11.15 PackageKit-backend-zypp-0.8.16-11.15 PackageKit-backend-zypp-debuginfo-0.8.16-11.15 PackageKit-debuginfo-0.8.16-11.15 PackageKit-debugsource-0.8.16-11.15 PackageKit-gstreamer-plugin-0.8.16-11.15 PackageKit-gstreamer-plugin-debuginfo-0.8.16-11.15 gnome-packagekit-3.10.1-8.13 gnome-packagekit-debuginfo-3.10.1-8.13 gnome-packagekit-debugsource-3.10.1-8.13 libpackagekit-glib2-16-0.8.16-11.15 libpackagekit-glib2-16-debuginfo-0.8.16-11.15 libsolv-debugsource-0.6.11-8.1 libsolv-tools-0.6.11-8.1 libsolv-tools-debuginfo-0.6.11-8.1 libyui-ncurses-pkg-debugsource-2.46.1-3.4 libyui-ncurses-pkg6-2.46.1-3.4 libyui-ncurses-pkg6-debuginfo-2.46.1-3.4 libyui-qt-pkg-debugsource-2.44.7-3.2 libyui-qt-pkg6-2.44.7-3.2 libyui-qt-pkg6-debuginfo-2.44.7-3.2 libzypp-14.39.0-10.1 libzypp-debuginfo-14.39.0-10.1 libzypp-debugsource-14.39.0-10.1 python-solv-0.6.11-8.1 python-solv-debuginfo-0.6.11-8.1 python-zypp-0.6.4-5.3 typelib-1_0-PackageKitGlib-1_0-0.8.16-11.15 yast2-pkg-bindings-3.1.20-3.3 yast2-pkg-bindings-debuginfo-3.1.20-3.3 yast2-pkg-bindings-debugsource-3.1.20-3.3 zypper-1.11.32-8.1 zypper-debuginfo-1.11.32-8.1 zypper-debugsource-1.11.32-8.1 - SUSE Linux Enterprise Desktop 12 (noarch): PackageKit-lang-0.8.16-11.15 gnome-packagekit-lang-3.10.1-8.13 zypper-log-1.11.32-8.1 References: https://www.suse.com/security/cve/CVE-2014-3566.html https://bugzilla.suse.com/725867 https://bugzilla.suse.com/820693 https://bugzilla.suse.com/828631 https://bugzilla.suse.com/832519 https://bugzilla.suse.com/848054 https://bugzilla.suse.com/892431 https://bugzilla.suse.com/893294 https://bugzilla.suse.com/896224 https://bugzilla.suse.com/897301 https://bugzilla.suse.com/899510 https://bugzilla.suse.com/899603 https://bugzilla.suse.com/899781 https://bugzilla.suse.com/899907 https://bugzilla.suse.com/901590 https://bugzilla.suse.com/901691 https://bugzilla.suse.com/903405 https://bugzilla.suse.com/903675 https://bugzilla.suse.com/904737 https://bugzilla.suse.com/906549 https://bugzilla.suse.com/908135 https://bugzilla.suse.com/908345 https://bugzilla.suse.com/908976 https://bugzilla.suse.com/909143 https://bugzilla.suse.com/909244 https://bugzilla.suse.com/909772 https://bugzilla.suse.com/911335 https://bugzilla.suse.com/911658 https://bugzilla.suse.com/914258 https://bugzilla.suse.com/914284 https://bugzilla.suse.com/915461 https://bugzilla.suse.com/915928 https://bugzilla.suse.com/916254 https://bugzilla.suse.com/919709 https://bugzilla.suse.com/921332 https://bugzilla.suse.com/922352 https://bugzilla.suse.com/923800 https://bugzilla.suse.com/925678 https://bugzilla.suse.com/925696 https://bugzilla.suse.com/927319 https://bugzilla.suse.com/929483 https://bugzilla.suse.com/929528 https://bugzilla.suse.com/929593 https://bugzilla.suse.com/929990 https://bugzilla.suse.com/931601 https://bugzilla.suse.com/932393 https://bugzilla.suse.com/933277 From sle-updates at lists.suse.com Thu Jul 2 10:14:17 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2015 18:14:17 +0200 (CEST) Subject: SUSE-RU-2015:1176-1: moderate: Recommended update for libcgroup Message-ID: <20150702161417.4286C32089@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcgroup ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1176-1 Rating: moderate References: #912487 #912531 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libcgroup provides the following fixes: - Do not overwrite defaultcgroup configuration. (bsc#912487) - Add missing dependencies for post install scripts. (bsc#912531) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-295=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-295=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-295=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libcgroup-debugsource-0.41.rc1-4.1 libcgroup-devel-0.41.rc1-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libcgroup-debugsource-0.41.rc1-4.1 libcgroup-tools-0.41.rc1-4.1 libcgroup-tools-debuginfo-0.41.rc1-4.1 libcgroup1-0.41.rc1-4.1 libcgroup1-debuginfo-0.41.rc1-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libcgroup-debugsource-0.41.rc1-4.1 libcgroup1-0.41.rc1-4.1 libcgroup1-debuginfo-0.41.rc1-4.1 References: https://bugzilla.suse.com/912487 https://bugzilla.suse.com/912531 From sle-updates at lists.suse.com Thu Jul 2 13:05:18 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jul 2015 21:05:18 +0200 (CEST) Subject: SUSE-SU-2015:1177-1: important: Security update for MySQL Message-ID: <20150702190518.52EDF320A5@maintenance.suse.de> SUSE Security Update: Security update for MySQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1177-1 Rating: important References: #934789 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This update fixes the following security issue: * Logjam Attack: MySQL uses 512 bit dh groups in SSL (bnc#934789) Security Issues: * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libmysql55client18=10826 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libmysql55client18=10826 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libmysql55client18=10826 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libmysql55client18=10826 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.43-0.9.1 libmysqlclient_r15-32bit-5.0.96-0.8.8.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ia64): libmysql55client_r18-x86-5.5.43-0.9.1 libmysqlclient_r15-x86-5.0.96-0.8.8.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 5.5.43]: libmysql55client18-5.5.43-0.9.1 libmysql55client_r18-5.5.43-0.9.1 libmysqlclient15-5.0.96-0.8.8.1 libmysqlclient_r15-5.0.96-0.8.8.1 mysql-5.5.43-0.9.1 mysql-client-5.5.43-0.9.1 mysql-tools-5.5.43-0.9.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 5.5.43]: libmysql55client18-32bit-5.5.43-0.9.1 libmysqlclient15-32bit-5.0.96-0.8.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 5.5.43]: libmysql55client18-5.5.43-0.9.1 libmysql55client_r18-5.5.43-0.9.1 libmysqlclient15-5.0.96-0.8.8.1 libmysqlclient_r15-5.0.96-0.8.8.1 mysql-5.5.43-0.9.1 mysql-client-5.5.43-0.9.1 mysql-tools-5.5.43-0.9.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 5.5.43]: libmysql55client18-32bit-5.5.43-0.9.1 libmysqlclient15-32bit-5.0.96-0.8.8.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 5.5.43]: libmysql55client18-x86-5.5.43-0.9.1 libmysqlclient15-x86-5.0.96-0.8.8.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 5.5.43]: libmysql55client18-5.5.43-0.9.1 libmysql55client_r18-5.5.43-0.9.1 libmysqlclient15-5.0.96-0.8.8.1 libmysqlclient_r15-5.0.96-0.8.8.1 mysql-5.5.43-0.9.1 mysql-client-5.5.43-0.9.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 5.5.43]: libmysql55client18-32bit-5.5.43-0.9.1 libmysql55client_r18-32bit-5.5.43-0.9.1 libmysqlclient15-32bit-5.0.96-0.8.8.1 libmysqlclient_r15-32bit-5.0.96-0.8.8.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/934789 https://download.suse.com/patch/finder/?keywords=753e69cc9c9eccad4cba2c1ef6809885 From sle-updates at lists.suse.com Fri Jul 3 00:05:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 08:05:19 +0200 (CEST) Subject: SUSE-RU-2015:1178-1: Recommended update for crowbar-barclamp-network Message-ID: <20150703060519.5F6CD32076@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1178-1 Rating: low References: #922931 #926605 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crowbar-barclamp-network raises the minimal local_port_range to 27018. (bnc#922931) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-network=10608 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-network-1.8+git.1427186945.7cd8b67-0.7.1 References: https://bugzilla.suse.com/922931 https://bugzilla.suse.com/926605 https://download.suse.com/patch/finder/?keywords=bab4014cf054b29b6ea1e4403b658faf From sle-updates at lists.suse.com Fri Jul 3 02:05:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 10:05:28 +0200 (CEST) Subject: SUSE-SU-2015:1179-1: moderate: Security update for libgcrypt Message-ID: <20150703080528.C386332076@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1179-1 Rating: moderate References: #896202 #896435 #898003 #899524 #900275 #900276 #905483 #920057 #928740 #929919 Cross-References: CVE-2014-3591 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements. libgcrypt now uses ciphertext blinding for Elgamal decryption (CVE-2014-3591) FIPS 140-2 related changes: * The library performs its self-tests when the module is complete (the -hmac file is also installed). * Added a NIST 800-90a compliant DRBG. * Change DSA key generation to be FIPS 186-4 compliant. * Change RSA key generation to be FIPS 186-4 compliant. * Enable HW support in fips mode (bnc#896435) * Make DSA selftest use 2048 bit keys (bnc#898003) * Added ECDSA selftests and add support for it to the CAVS testing framework (bnc#896202) * Various CAVS testing improvements. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-296=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-296=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-296=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-13.1 libgcrypt-devel-1.6.1-13.1 libgcrypt-devel-debuginfo-1.6.1-13.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-13.1 libgcrypt20-1.6.1-13.1 libgcrypt20-debuginfo-1.6.1-13.1 libgcrypt20-hmac-1.6.1-13.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgcrypt20-32bit-1.6.1-13.1 libgcrypt20-debuginfo-32bit-1.6.1-13.1 libgcrypt20-hmac-32bit-1.6.1-13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libgcrypt-debugsource-1.6.1-13.1 libgcrypt20-1.6.1-13.1 libgcrypt20-32bit-1.6.1-13.1 libgcrypt20-debuginfo-1.6.1-13.1 libgcrypt20-debuginfo-32bit-1.6.1-13.1 References: https://www.suse.com/security/cve/CVE-2014-3591.html https://bugzilla.suse.com/896202 https://bugzilla.suse.com/896435 https://bugzilla.suse.com/898003 https://bugzilla.suse.com/899524 https://bugzilla.suse.com/900275 https://bugzilla.suse.com/900276 https://bugzilla.suse.com/905483 https://bugzilla.suse.com/920057 https://bugzilla.suse.com/928740 https://bugzilla.suse.com/929919 From sle-updates at lists.suse.com Fri Jul 3 06:05:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 14:05:20 +0200 (CEST) Subject: SUSE-SU-2015:1181-1: important: Security update for OpenSSL Message-ID: <20150703120520.B90FF31FCA@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1181-1 Rating: important References: #929678 #931698 #934487 #934489 #934491 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-4000 Affected Products: SLE CLIENT TOOLS 10 for x86_64 SLE CLIENT TOOLS 10 for s390x SLE CLIENT TOOLS 10 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: OpenSSL was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-4000 Package List: - SLE CLIENT TOOLS 10 for x86_64 (x86_64): openssl-0.9.8a-18.92.1 openssl-32bit-0.9.8a-18.92.1 - SLE CLIENT TOOLS 10 for s390x (s390x): openssl-0.9.8a-18.92.1 openssl-32bit-0.9.8a-18.92.1 - SLE CLIENT TOOLS 10 (i586): openssl-0.9.8a-18.92.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://download.suse.com/patch/finder/?keywords=4a7ecd7eeea5e8090f179934ad1b1b02 From sle-updates at lists.suse.com Fri Jul 3 06:06:17 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 14:06:17 +0200 (CEST) Subject: SUSE-SU-2015:1182-1: important: Security update for OpenSSL Message-ID: <20150703120617.39AA5320A5@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1182-1 Rating: important References: #879179 #929678 #931698 #933898 #933911 #934487 #934489 #934491 #934493 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-4000 Affected Products: SUSE Studio Onsite 1.3 SUSE Manager 1.7 for SLE 11 SP2 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has two fixes is now available. Description: OpenSSL 0.9.8k was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) * Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-1791 * CVE-2015-1792 * CVE-2015-3216 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-libopenssl-devel=10780 - SUSE Manager 1.7 for SLE 11 SP2: zypper in -t patch sleman17sp2-libopenssl-devel=10780 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.72.1 - SUSE Manager 1.7 for SLE 11 SP2 (x86_64): libopenssl0_9_8-0.9.8j-0.72.1 libopenssl0_9_8-32bit-0.9.8j-0.72.1 libopenssl0_9_8-hmac-0.9.8j-0.72.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 openssl-doc-0.9.8j-0.72.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-3216.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/879179 https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/933898 https://bugzilla.suse.com/933911 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://download.suse.com/patch/finder/?keywords=5f8d475ae46705d05176f539f9c56674 From sle-updates at lists.suse.com Fri Jul 3 07:05:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 15:05:21 +0200 (CEST) Subject: SUSE-SU-2015:1183-1: important: Security update for OpenSSL Message-ID: <20150703130521.20A2531FCA@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1183-1 Rating: important References: #929678 #931698 #934489 #934491 Cross-References: CVE-2015-1789 CVE-2015-1790 CVE-2015-4000 Affected Products: SUSE Linux Enterprise for SAP Applications 11 SP2 SUSE Linux Enterprise for SAP Applications 11 SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: OpenSSL was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Security Issues: * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise for SAP Applications 11 SP2: zypper in -t patch slesapp2-compat-openssl097g=10802 - SUSE Linux Enterprise for SAP Applications 11 SP1: zypper in -t patch slesapp1-compat-openssl097g=10793 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise for SAP Applications 11 SP2 (x86_64): compat-openssl097g-0.9.7g-146.22.31.1 compat-openssl097g-32bit-0.9.7g-146.22.31.1 - SUSE Linux Enterprise for SAP Applications 11 SP1 (x86_64): compat-openssl097g-0.9.7g-146.22.31.1 compat-openssl097g-32bit-0.9.7g-146.22.31.1 References: https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://download.suse.com/patch/finder/?keywords=988a9debe1ac4ac25cd6b815d5382398 https://download.suse.com/patch/finder/?keywords=b18733973cc66be5941bc1514b5749d4 From sle-updates at lists.suse.com Fri Jul 3 08:05:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 16:05:23 +0200 (CEST) Subject: SUSE-SU-2015:1184-1: important: Security update for OpenSSL Message-ID: <20150703140523.0D2D931FCA@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1184-1 Rating: important References: #929678 #931698 #933911 #934487 #934489 #934491 #934493 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. It includes one version update. Description: OpenSSL 0.9.8j was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) * Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-1791 * CVE-2015-1792 * CVE-2015-3216 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libopenssl-devel=10794 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 0.9.8j]: libopenssl-devel-0.9.8j-0.72.1 libopenssl0_9_8-0.9.8j-0.72.1 libopenssl0_9_8-hmac-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 openssl-doc-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 0.9.8j]: libopenssl0_9_8-32bit-0.9.8j-0.72.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-3216.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/933911 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://download.suse.com/patch/finder/?keywords=ab1c52f77471cf8a61e7eae79f57f9bf From sle-updates at lists.suse.com Fri Jul 3 08:06:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 16:06:37 +0200 (CEST) Subject: SUSE-SU-2015:1185-1: important: Security update for OpenSSL Message-ID: <20150703140637.4AFD6320A5@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1185-1 Rating: important References: #929678 #931698 #933911 #934487 #934489 #934491 #934493 #934494 Cross-References: CVE-2014-8176 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Security Module 11 SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: OpenSSL 1.0.1 was updated to fix several security issues: * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2014-8176: Fixed an invalid free in DTLS. * Fixed a timing side channel in RSA decryption. (bsc#929678) Security Issues: * CVE-2014-8176 * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-1791 * CVE-2015-1792 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Security Module 11 SP3: zypper in -t patch secsp3-libopenssl1-devel=10778 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.30.1 libopenssl1_0_0-1.0.1g-0.30.1 openssl1-1.0.1g-0.30.1 openssl1-doc-1.0.1g-0.30.1 - SUSE Linux Enterprise Security Module 11 SP3 (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.30.1 - SUSE Linux Enterprise Security Module 11 SP3 (ia64): libopenssl1_0_0-x86-1.0.1g-0.30.1 References: https://www.suse.com/security/cve/CVE-2014-8176.html https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/933911 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://bugzilla.suse.com/934494 https://download.suse.com/patch/finder/?keywords=5afbe87912753d6ca074e9e870b2093c From sle-updates at lists.suse.com Fri Jul 3 12:05:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 20:05:19 +0200 (CEST) Subject: SUSE-SU-2015:1184-2: important: Security update for OpenSSL Message-ID: <20150703180519.5254232087@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1184-2 Rating: important References: #929678 #931698 #933911 #934487 #934489 #934491 #934493 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: OpenSSL 0.9.8j was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) * Added the ECC ciphersuites to the DEFAULT cipher class (bnc#879179) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-1791 * CVE-2015-1792 * CVE-2015-3216 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-libopenssl-devel=10795 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.72.1 libopenssl0_9_8-0.9.8j-0.72.1 libopenssl0_9_8-hmac-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 openssl-doc-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.72.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-3216.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/933911 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://download.suse.com/patch/finder/?keywords=75ca56dc2ed43571b870081da3f3b615 From sle-updates at lists.suse.com Fri Jul 3 12:06:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 20:06:27 +0200 (CEST) Subject: SUSE-SU-2015:1181-2: important: Security update for OpenSSL Message-ID: <20150703180627.D521C320A5@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1181-2 Rating: important References: #929678 #931698 #934487 #934489 #934491 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: OpenSSL was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-4000 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.92.1 openssl-devel-0.9.8a-18.92.1 openssl-doc-0.9.8a-18.92.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.92.1 openssl-devel-32bit-0.9.8a-18.92.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://download.suse.com/patch/finder/?keywords=9f7ad0f893ed0c841ceae726daca55cd From sle-updates at lists.suse.com Fri Jul 3 12:07:29 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 20:07:29 +0200 (CEST) Subject: SUSE-SU-2015:1182-2: important: Security update for OpenSSL Message-ID: <20150703180729.C2650320A5@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1182-2 Rating: important References: #879179 #929678 #931698 #933898 #933911 #934487 #934489 #934491 #934493 Cross-References: CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has two fixes is now available. Description: OpenSSL 0.9.8k was updated to fix several security issues: * CVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. 2048-bit DH parameters are now generated by default. * CVE-2015-1788: Malformed ECParameters could cause an infinite loop. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * CVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed. * CVE-2015-1791: Fixed a race condition in NewSessionTicket creation. * CVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression. * Fixed a timing side channel in RSA decryption. (bsc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bsc#931698) * Added the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179) Security Issues: * CVE-2015-1788 * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-1791 * CVE-2015-1792 * CVE-2015-3216 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libopenssl-devel=10781 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libopenssl-devel=10781 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libopenssl-devel=10781 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libopenssl-devel=10781 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libopenssl0_9_8-0.9.8j-0.72.1 libopenssl0_9_8-hmac-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 openssl-doc-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.72.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.72.1 libopenssl0_9_8-hmac-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 openssl-doc-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.72.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libopenssl0_9_8-x86-0.9.8j-0.72.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.72.1 openssl-0.9.8j-0.72.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.72.1 References: https://www.suse.com/security/cve/CVE-2015-1788.html https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-1791.html https://www.suse.com/security/cve/CVE-2015-1792.html https://www.suse.com/security/cve/CVE-2015-3216.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/879179 https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/933898 https://bugzilla.suse.com/933911 https://bugzilla.suse.com/934487 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://bugzilla.suse.com/934493 https://download.suse.com/patch/finder/?keywords=fcf228a4143edf49a5ca32558bfe9721 From sle-updates at lists.suse.com Fri Jul 3 12:08:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 20:08:42 +0200 (CEST) Subject: SUSE-SU-2015:1183-2: important: Security update for OpenSSL Message-ID: <20150703180842.B75ED320A5@maintenance.suse.de> SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1183-2 Rating: important References: #929678 #931698 #934489 #934491 Cross-References: CVE-2015-1789 CVE-2015-1790 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS SUSE Linux Enterprise Desktop 11 SP3 SLES for SAP Applications ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: OpenSSL was updated to fix several security issues. * CVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default. * CVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed. * CVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed. * fixed a timing side channel in RSA decryption (bnc#929678) Additional changes: * In the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698) Security Issues: * CVE-2015-1789 * CVE-2015-1790 * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-compat-openssl097g=10790 - SLES for SAP Applications: zypper in -t patch slesappsp3-compat-openssl097g=10790 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): compat-openssl097g-0.9.7g-13.31.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): compat-openssl097g-32bit-0.9.7g-13.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): compat-openssl097g-0.9.7g-146.22.31.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): compat-openssl097g-32bit-0.9.7g-146.22.31.1 - SLES for SAP Applications (x86_64): compat-openssl097g-0.9.7g-146.22.31.1 compat-openssl097g-32bit-0.9.7g-146.22.31.1 References: https://www.suse.com/security/cve/CVE-2015-1789.html https://www.suse.com/security/cve/CVE-2015-1790.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/929678 https://bugzilla.suse.com/931698 https://bugzilla.suse.com/934489 https://bugzilla.suse.com/934491 https://download.suse.com/patch/finder/?keywords=31613a0a584dc47c4e6779e1a0a09b87 https://download.suse.com/patch/finder/?keywords=9cebc5e391114f90b2cb9133b6763127 From sle-updates at lists.suse.com Fri Jul 3 12:09:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 20:09:32 +0200 (CEST) Subject: SUSE-RU-2015:1186-1: Recommended update for rubygem-chef Message-ID: <20150703180932.210A4320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1186-1 Rating: low References: #772965 #926549 Affected Products: SUSE Cloud 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-chef rewrites zypper-retry to use the ZYPP_LOCK_TIMEOUT environment variable, which was introduced to fix the original bug this wrapper worked around. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 5: zypper in -t patch sleclo50sp3-ruby2.1-rubygem-chef=10601 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 5 (x86_64): ruby2.1-rubygem-chef-10.32.2-0.17.1 rubygem-chef-10.32.2-0.17.1 References: https://bugzilla.suse.com/772965 https://bugzilla.suse.com/926549 https://download.suse.com/patch/finder/?keywords=3bc392cd45960f6c5289edbfe42bd777 From sle-updates at lists.suse.com Fri Jul 3 15:05:15 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 23:05:15 +0200 (CEST) Subject: SUSE-RU-2015:1187-1: Recommended update for openstack-neutron Message-ID: <20150703210515.B401E32087@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1187-1 Rating: low References: #915245 #915247 #926605 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. It includes one version update. Description: This update for openstack-neutron provides the following fixes: * Eventlet green threads not released back to pool. * Pass '--dhcp-authoritative' option to dnsmasq. * Fix Metering doesn't respect the l3 agent binding. * Allow images with existing routes in the network 169.254.0.0/16 to access metadata server. (bsc#915245) * Fix a race condition adding a security group rule. * Reset policies after RESOURCE_ATTRIBUTE_MAP is populated. * Recognize tap devices in the ml2+Xen+linuxbride case. (bsc#915247) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-openstack-neutron=10612 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.5.dev1]: openstack-neutron-2014.1.5.dev1-0.7.1 openstack-neutron-dhcp-agent-2014.1.5.dev1-0.7.1 openstack-neutron-ha-tool-2014.1.5.dev1-0.7.1 openstack-neutron-l3-agent-2014.1.5.dev1-0.7.1 openstack-neutron-lbaas-agent-2014.1.5.dev1-0.7.1 openstack-neutron-linuxbridge-agent-2014.1.5.dev1-0.7.1 openstack-neutron-metadata-agent-2014.1.5.dev1-0.7.1 openstack-neutron-metering-agent-2014.1.5.dev1-0.7.1 openstack-neutron-mlnx-agent-2014.1.5.dev1-0.7.1 openstack-neutron-nec-agent-2014.1.5.dev1-0.7.1 openstack-neutron-openvswitch-agent-2014.1.5.dev1-0.7.1 openstack-neutron-plugin-cisco-2014.1.5.dev1-0.7.1 openstack-neutron-ryu-agent-2014.1.5.dev1-0.7.1 openstack-neutron-server-2014.1.5.dev1-0.7.1 openstack-neutron-vpn-agent-2014.1.5.dev1-0.7.1 python-neutron-2014.1.5.dev1-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.5.dev1]: openstack-neutron-doc-2014.1.5.dev1-0.7.1 References: https://bugzilla.suse.com/915245 https://bugzilla.suse.com/915247 https://bugzilla.suse.com/926605 https://download.suse.com/patch/finder/?keywords=d45f3e17d50b950791ceac8525fb49a3 From sle-updates at lists.suse.com Fri Jul 3 15:05:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jul 2015 23:05:55 +0200 (CEST) Subject: SUSE-RU-2015:1188-1: Recommended update for rubygem-merb-core, rubygem-ohai-6 Message-ID: <20150703210555.7529C320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-merb-core, rubygem-ohai-6 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1188-1 Rating: low References: #769880 #861306 #926549 Affected Products: SUSE Cloud 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rubygem-merb-core and rubygem-ohai-6 provides the following issues: rubygem-merb-core: * Adjust umask to prevent creation of world-readable logs and pid-files with merb-core by chef-server. rubygem-ohay-6: * Configure solr to use a Java call that does not create world-readable but unneeded directories. (bsc#861306) * Set dmi[:system][:product_name] to Unknown if not detected. (bsc#769880) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 5: zypper in -t patch sleclo50sp3-rubygem-merb-core-ohai-0415=10602 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 5 (x86_64): ruby2.1-rubygem-merb-core-1.1.3-0.16.1 ruby2.1-rubygem-ohai-6-6.22.0-0.13.1 References: https://bugzilla.suse.com/769880 https://bugzilla.suse.com/861306 https://bugzilla.suse.com/926549 https://download.suse.com/patch/finder/?keywords=82a56c945e8a41c83fe14c623722579e From sle-updates at lists.suse.com Mon Jul 6 02:05:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2015 10:05:22 +0200 (CEST) Subject: SUSE-SU-2015:1196-1: moderate: Security update for strongswan Message-ID: <20150706080522.8B732320A2@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1196-1 Rating: moderate References: #933591 Cross-References: CVE-2015-4171 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Strongswan was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-4171: Rogue servers were able to authenticate themselves with certificate issued by any CA the client trusts, to gain user credentials from a client in certain IKEv2 setups (bsc#933591) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-297=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-297=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): strongswan-5.1.3-18.1 strongswan-debugsource-5.1.3-18.1 strongswan-hmac-5.1.3-18.1 strongswan-ipsec-5.1.3-18.1 strongswan-ipsec-debuginfo-5.1.3-18.1 strongswan-libs0-5.1.3-18.1 strongswan-libs0-debuginfo-5.1.3-18.1 - SUSE Linux Enterprise Server 12 (noarch): strongswan-doc-5.1.3-18.1 - SUSE Linux Enterprise Desktop 12 (x86_64): strongswan-5.1.3-18.1 strongswan-debugsource-5.1.3-18.1 strongswan-ipsec-5.1.3-18.1 strongswan-ipsec-debuginfo-5.1.3-18.1 strongswan-libs0-5.1.3-18.1 strongswan-libs0-debuginfo-5.1.3-18.1 - SUSE Linux Enterprise Desktop 12 (noarch): strongswan-doc-5.1.3-18.1 References: https://www.suse.com/security/cve/CVE-2015-4171.html https://bugzilla.suse.com/933591 From sle-updates at lists.suse.com Mon Jul 6 09:05:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2015 17:05:32 +0200 (CEST) Subject: SUSE-RU-2015:1198-1: Recommended update for gnome-tweak-tool Message-ID: <20150706150532.B644827FF2@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-tweak-tool ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1198-1 Rating: low References: #898328 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-tweak-tool provides the following fixes: - Remove the lid actions from GUI. They are now handled by systemd. (bsc#898328) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-298=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): gnome-tweak-tool-3.10.1-5.18 gnome-tweak-tool-lang-3.10.1-5.18 References: https://bugzilla.suse.com/898328 From sle-updates at lists.suse.com Mon Jul 6 10:05:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jul 2015 18:05:23 +0200 (CEST) Subject: SUSE-RU-2015:1198-2: Recommended update for gnome-tweak-tool Message-ID: <20150706160523.9435B31FCB@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-tweak-tool ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1198-2 Rating: low References: #898328 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-tweak-tool provides the following fixes: - Remove the lid actions from GUI. They are now handled by systemd. (bsc#898328) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-298=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-298=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): gnome-tweak-tool-3.10.1-5.18 gnome-tweak-tool-lang-3.10.1-5.18 - SUSE Linux Enterprise Desktop 12 (noarch): gnome-tweak-tool-3.10.1-5.18 gnome-tweak-tool-lang-3.10.1-5.18 References: https://bugzilla.suse.com/898328 From sle-updates at lists.suse.com Mon Jul 6 17:05:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2015 01:05:31 +0200 (CEST) Subject: SUSE-RU-2015:1199-1: moderate: Recommended update for kgraft Message-ID: <20150706230531.D47CC3206F@maintenance.suse.de> SUSE Recommended Update: Recommended update for kgraft ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1199-1 Rating: moderate References: #912900 #916191 #931843 #932505 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for kgraft fixes a few issues in the kgr.sh script: - Fix process migration race in kgr poke. (bsc#932505) - Introduce blocking_threads command. (bsc#931843) - Write out help when no command is provided. (bnc#916191) - Deal with exiting processes. (bsc#912900) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-299=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (ppc64le s390x x86_64): kgraft-1.0-10.1 References: https://bugzilla.suse.com/912900 https://bugzilla.suse.com/916191 https://bugzilla.suse.com/931843 https://bugzilla.suse.com/932505 From sle-updates at lists.suse.com Tue Jul 7 12:05:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jul 2015 20:05:32 +0200 (CEST) Subject: SUSE-RU-2015:1201-1: Recommended update for WALinuxAgent Message-ID: <20150707180532.E11B0320A2@maintenance.suse.de> SUSE Recommended Update: Recommended update for WALinuxAgent ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1201-1 Rating: low References: #933695 #933761 #933774 #936908 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update provides WALinuxAgent version 2.0.14, which brings the following fixes and enhancements: - Fix RDMA configuration. - Fix page blob uploading for Python 2.6. - Fix http request error handling. - Handle http 410 returned by host. - Add support for http proxy. - Add support to execute CustomData after provisioning. - Add a udev rule for product-uuid to be world readable. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-301=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): WALinuxAgent-2.0.14-14.1 References: https://bugzilla.suse.com/933695 https://bugzilla.suse.com/933761 https://bugzilla.suse.com/933774 https://bugzilla.suse.com/936908 From sle-updates at lists.suse.com Tue Jul 7 19:05:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2015 03:05:31 +0200 (CEST) Subject: SUSE-RU-2015:1202-1: Recommended update for cloud-init Message-ID: <20150708010531.AD65B3206F@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1202-1 Rating: low References: #918952 #919305 #920190 Affected Products: SUSE Linux Enterprise Public Cloud Module 11 SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides cloud-init version 0.7.6, which brings several fixes and enhancements: * Properly write the routes file for static networks. (bsc#920190) * Properly handle persistent network device names for OpenNebula. (nsc#918952) * Properly set up network mode in interface configuration file. (bsc#919305) * Enable vendordata on CloudSigma datasource. * Do not write comments in /etc/timezone. * Fix rendering resolv.conf if no 'options' are provided. * In resizefs check first that device is writable. For a comprehensive list of fixes, please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Public Cloud Module 11 SP3: zypper in -t patch pubclsp3-cloud-init=10824 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Public Cloud Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): cloud-init-0.7.6-0.7.1 References: https://bugzilla.suse.com/918952 https://bugzilla.suse.com/919305 https://bugzilla.suse.com/920190 https://download.suse.com/patch/finder/?keywords=2f0ac8d227d01f6328f10f69914152d1 From sle-updates at lists.suse.com Wed Jul 8 05:24:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2015 13:24:47 +0200 (CEST) Subject: SUSE-RU-2015:1203-1: moderate: Recommended update for libcpuset Message-ID: <20150708112447.C670C32074@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcpuset ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1203-1 Rating: moderate References: #916803 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes an issue that made cpuset_latestcpu() return error always. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-302=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-302=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libcpuset-debugsource-1.0-33.1 libcpuset-devel-1.0-33.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libcpuset-debugsource-1.0-33.1 libcpuset1-1.0-33.1 libcpuset1-debuginfo-1.0-33.1 References: https://bugzilla.suse.com/916803 From sle-updates at lists.suse.com Wed Jul 8 07:08:17 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2015 15:08:17 +0200 (CEST) Subject: SUSE-SU-2015:1204-1: moderate: Security update for bind Message-ID: <20150708130818.0574D320A4@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1204-1 Rating: moderate References: #918330 #936476 Cross-References: CVE-2015-1349 CVE-2015-4620 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: bind was updated to fix two security issues. These security issues were fixed: - CVE-2015-1349: Named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allowed remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use (bsc#918330). - CVE-2015-4620: Fixed resolver crash when validating (bsc#936476). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-300=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-300=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-300=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bind-debuginfo-9.9.6P1-18.1 bind-debugsource-9.9.6P1-18.1 bind-devel-9.9.6P1-18.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bind-9.9.6P1-18.1 bind-chrootenv-9.9.6P1-18.1 bind-debuginfo-9.9.6P1-18.1 bind-debugsource-9.9.6P1-18.1 bind-libs-9.9.6P1-18.1 bind-libs-debuginfo-9.9.6P1-18.1 bind-utils-9.9.6P1-18.1 bind-utils-debuginfo-9.9.6P1-18.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): bind-libs-32bit-9.9.6P1-18.1 bind-libs-debuginfo-32bit-9.9.6P1-18.1 - SUSE Linux Enterprise Server 12 (noarch): bind-doc-9.9.6P1-18.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bind-debuginfo-9.9.6P1-18.1 bind-debugsource-9.9.6P1-18.1 bind-libs-32bit-9.9.6P1-18.1 bind-libs-9.9.6P1-18.1 bind-libs-debuginfo-32bit-9.9.6P1-18.1 bind-libs-debuginfo-9.9.6P1-18.1 bind-utils-9.9.6P1-18.1 bind-utils-debuginfo-9.9.6P1-18.1 References: https://www.suse.com/security/cve/CVE-2015-1349.html https://www.suse.com/security/cve/CVE-2015-4620.html https://bugzilla.suse.com/918330 https://bugzilla.suse.com/936476 From sle-updates at lists.suse.com Wed Jul 8 08:08:17 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2015 16:08:17 +0200 (CEST) Subject: SUSE-SU-2015:1205-1: important: Security update for bind Message-ID: <20150708140817.5150C32076@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1205-1 Rating: important References: #918330 #936476 Cross-References: CVE-2015-1349 CVE-2015-4620 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. It includes one version update. Description: bind was updated to fix two security issues: * CVE-2015-1349: A problem with trust anchor management could have caused named to crash (bsc#918330). * CVE-2015-4620: Fix resolver crash when validating (bsc#936476). Security Issues: * CVE-2015-1349 * CVE-2015-4620 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-bind=10833 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-bind=10833 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-bind=10833 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-bind=10833 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.6P1]: bind-devel-9.9.6P1-0.7.1 - SUSE Linux Enterprise Software Development Kit 11 SP3 (ppc64) [New Version: 9.9.6P1]: bind-devel-32bit-9.9.6P1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 9.9.6P1]: bind-9.9.6P1-0.7.1 bind-chrootenv-9.9.6P1-0.7.1 bind-doc-9.9.6P1-0.7.1 bind-libs-9.9.6P1-0.7.1 bind-utils-9.9.6P1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64) [New Version: 9.9.6P1]: bind-libs-32bit-9.9.6P1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 9.9.6P1]: bind-9.9.6P1-0.7.1 bind-chrootenv-9.9.6P1-0.7.1 bind-doc-9.9.6P1-0.7.1 bind-libs-9.9.6P1-0.7.1 bind-utils-9.9.6P1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64) [New Version: 9.9.6P1]: bind-libs-32bit-9.9.6P1-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (ia64) [New Version: 9.9.6P1]: bind-libs-x86-9.9.6P1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 9.9.6P1]: bind-libs-9.9.6P1-0.7.1 bind-utils-9.9.6P1-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64) [New Version: 9.9.6P1]: bind-libs-32bit-9.9.6P1-0.7.1 References: https://www.suse.com/security/cve/CVE-2015-1349.html https://www.suse.com/security/cve/CVE-2015-4620.html https://bugzilla.suse.com/918330 https://bugzilla.suse.com/936476 https://download.suse.com/patch/finder/?keywords=62fe9017ea5999fde9990f72b72740da From sle-updates at lists.suse.com Wed Jul 8 09:08:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2015 17:08:08 +0200 (CEST) Subject: SUSE-SU-2015:1206-1: important: Security update for Xen Message-ID: <20150708150808.89ABA32076@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1206-1 Rating: important References: #932770 #932996 Cross-References: CVE-2015-3209 CVE-2015-4164 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Xen was updated to fix two security issues: * CVE-2015-3209: Heap overflow in qemu pcnet controller allowing guest to host escape. (XSA-135, bsc#932770) * CVE-2015-4164: DoS through iret hypercall handler. (XSA-136, bsc#932996) Security Issues: * CVE-2015-4164 * CVE-2015-3209 Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): xen-3.2.3_17040_46-0.17.1 xen-devel-3.2.3_17040_46-0.17.1 xen-doc-html-3.2.3_17040_46-0.17.1 xen-doc-pdf-3.2.3_17040_46-0.17.1 xen-doc-ps-3.2.3_17040_46-0.17.1 xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-libs-3.2.3_17040_46-0.17.1 xen-tools-3.2.3_17040_46-0.17.1 xen-tools-domU-3.2.3_17040_46-0.17.1 xen-tools-ioemu-3.2.3_17040_46-0.17.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): xen-libs-32bit-3.2.3_17040_46-0.17.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.3-0.17.1 References: https://www.suse.com/security/cve/CVE-2015-3209.html https://www.suse.com/security/cve/CVE-2015-4164.html https://bugzilla.suse.com/932770 https://bugzilla.suse.com/932996 https://download.suse.com/patch/finder/?keywords=f26fb5291b18bbfa26447df16a7ab90f From sle-updates at lists.suse.com Wed Jul 8 10:08:18 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jul 2015 18:08:18 +0200 (CEST) Subject: SUSE-SU-2015:1208-1: moderate: Security update for python-keystoneclient Message-ID: <20150708160818.4C0E032076@maintenance.suse.de> SUSE Security Update: Security update for python-keystoneclient ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1208-1 Rating: moderate References: #928205 Cross-References: CVE-2015-1852 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The python-keystoneclient was updated to fix one security issues. The following vulnerability was fixed: - bsc#928205: S3Token TLS cert verification option not honored (CVE-2015-1852) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-303=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-keystoneclient-1.0.0-16.1 python-keystoneclient-doc-1.0.0-16.1 References: https://www.suse.com/security/cve/CVE-2015-1852.html https://bugzilla.suse.com/928205 From sle-updates at lists.suse.com Thu Jul 9 03:08:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2015 11:08:11 +0200 (CEST) Subject: SUSE-SU-2015:1211-1: critical: Security update for flash-player Message-ID: <20150709090811.7E53831FF0@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1211-1 Rating: critical References: #937339 Cross-References: CVE-2014-0578 CVE-2015-3114 CVE-2015-3115 CVE-2015-3116 CVE-2015-3117 CVE-2015-3118 CVE-2015-3119 CVE-2015-3120 CVE-2015-3121 CVE-2015-3122 CVE-2015-3123 CVE-2015-3124 CVE-2015-3125 CVE-2015-3126 CVE-2015-3127 CVE-2015-3128 CVE-2015-3129 CVE-2015-3130 CVE-2015-3131 CVE-2015-3132 CVE-2015-3133 CVE-2015-3134 CVE-2015-3135 CVE-2015-3136 CVE-2015-3137 CVE-2015-4428 CVE-2015-4429 CVE-2015-4430 CVE-2015-4431 CVE-2015-4432 CVE-2015-4433 CVE-2015-5116 CVE-2015-5117 CVE-2015-5118 CVE-2015-5119 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 35 vulnerabilities is now available. Description: flash-player was updated to fix 35 security issues. These security issues were fixed: - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431: Memory corruption vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3126, CVE-2015-4429: Null pointer dereference issues (bsc#937339). - CVE-2015-3114: A security bypass vulnerability that could lead to information disclosure (bsc#937339). - CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433: Type confusion vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119: Use-after-free vulnerabilities that could lead to code execution (bsc#937339). - CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116: Vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (bsc#937339). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-306=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-306=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.481-93.1 flash-player-gnome-11.2.202.481-93.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.481-93.1 flash-player-gnome-11.2.202.481-93.1 References: https://www.suse.com/security/cve/CVE-2014-0578.html https://www.suse.com/security/cve/CVE-2015-3114.html https://www.suse.com/security/cve/CVE-2015-3115.html https://www.suse.com/security/cve/CVE-2015-3116.html https://www.suse.com/security/cve/CVE-2015-3117.html https://www.suse.com/security/cve/CVE-2015-3118.html https://www.suse.com/security/cve/CVE-2015-3119.html https://www.suse.com/security/cve/CVE-2015-3120.html https://www.suse.com/security/cve/CVE-2015-3121.html https://www.suse.com/security/cve/CVE-2015-3122.html https://www.suse.com/security/cve/CVE-2015-3123.html https://www.suse.com/security/cve/CVE-2015-3124.html https://www.suse.com/security/cve/CVE-2015-3125.html https://www.suse.com/security/cve/CVE-2015-3126.html https://www.suse.com/security/cve/CVE-2015-3127.html https://www.suse.com/security/cve/CVE-2015-3128.html https://www.suse.com/security/cve/CVE-2015-3129.html https://www.suse.com/security/cve/CVE-2015-3130.html https://www.suse.com/security/cve/CVE-2015-3131.html https://www.suse.com/security/cve/CVE-2015-3132.html https://www.suse.com/security/cve/CVE-2015-3133.html https://www.suse.com/security/cve/CVE-2015-3134.html https://www.suse.com/security/cve/CVE-2015-3135.html https://www.suse.com/security/cve/CVE-2015-3136.html https://www.suse.com/security/cve/CVE-2015-3137.html https://www.suse.com/security/cve/CVE-2015-4428.html https://www.suse.com/security/cve/CVE-2015-4429.html https://www.suse.com/security/cve/CVE-2015-4430.html https://www.suse.com/security/cve/CVE-2015-4431.html https://www.suse.com/security/cve/CVE-2015-4432.html https://www.suse.com/security/cve/CVE-2015-4433.html https://www.suse.com/security/cve/CVE-2015-5116.html https://www.suse.com/security/cve/CVE-2015-5117.html https://www.suse.com/security/cve/CVE-2015-5118.html https://www.suse.com/security/cve/CVE-2015-5119.html https://bugzilla.suse.com/937339 From sle-updates at lists.suse.com Thu Jul 9 06:08:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2015 14:08:21 +0200 (CEST) Subject: SUSE-SU-2015:1214-1: critical: Security update for flash-player Message-ID: <20150709120821.9BABA320A2@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1214-1 Rating: critical References: #937339 Cross-References: CVE-2014-0578 CVE-2015-3114 CVE-2015-3115 CVE-2015-3116 CVE-2015-3117 CVE-2015-3118 CVE-2015-3119 CVE-2015-3120 CVE-2015-3121 CVE-2015-3122 CVE-2015-3123 CVE-2015-3124 CVE-2015-3125 CVE-2015-3126 CVE-2015-3127 CVE-2015-3128 CVE-2015-3129 CVE-2015-3130 CVE-2015-3131 CVE-2015-3132 CVE-2015-3133 CVE-2015-3134 CVE-2015-3135 CVE-2015-3136 CVE-2015-3137 CVE-2015-4428 CVE-2015-4429 CVE-2015-4430 CVE-2015-4431 CVE-2015-4432 CVE-2015-4433 CVE-2015-5116 CVE-2015-5117 CVE-2015-5118 CVE-2015-5119 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes 35 vulnerabilities is now available. Description: flash-player was updated to fix 35 security issues. These security issues were fixed: - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431: Memory corruption vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3126, CVE-2015-4429: Null pointer dereference issues (bsc#937339). - CVE-2015-3114: A security bypass vulnerability that could lead to information disclosure (bsc#937339). - CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433: Type confusion vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119: Use-after-free vulnerabilities that could lead to code execution (bsc#937339). - CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116: Vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (bsc#937339). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-20150708-1=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-20150708-1=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.481-0.5.1 flash-player-gnome-11.2.202.481-0.5.1 flash-player-kde4-11.2.202.481-0.5.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.481-0.5.1 flash-player-gnome-11.2.202.481-0.5.1 flash-player-kde4-11.2.202.481-0.5.1 References: https://www.suse.com/security/cve/CVE-2014-0578.html https://www.suse.com/security/cve/CVE-2015-3114.html https://www.suse.com/security/cve/CVE-2015-3115.html https://www.suse.com/security/cve/CVE-2015-3116.html https://www.suse.com/security/cve/CVE-2015-3117.html https://www.suse.com/security/cve/CVE-2015-3118.html https://www.suse.com/security/cve/CVE-2015-3119.html https://www.suse.com/security/cve/CVE-2015-3120.html https://www.suse.com/security/cve/CVE-2015-3121.html https://www.suse.com/security/cve/CVE-2015-3122.html https://www.suse.com/security/cve/CVE-2015-3123.html https://www.suse.com/security/cve/CVE-2015-3124.html https://www.suse.com/security/cve/CVE-2015-3125.html https://www.suse.com/security/cve/CVE-2015-3126.html https://www.suse.com/security/cve/CVE-2015-3127.html https://www.suse.com/security/cve/CVE-2015-3128.html https://www.suse.com/security/cve/CVE-2015-3129.html https://www.suse.com/security/cve/CVE-2015-3130.html https://www.suse.com/security/cve/CVE-2015-3131.html https://www.suse.com/security/cve/CVE-2015-3132.html https://www.suse.com/security/cve/CVE-2015-3133.html https://www.suse.com/security/cve/CVE-2015-3134.html https://www.suse.com/security/cve/CVE-2015-3135.html https://www.suse.com/security/cve/CVE-2015-3136.html https://www.suse.com/security/cve/CVE-2015-3137.html https://www.suse.com/security/cve/CVE-2015-4428.html https://www.suse.com/security/cve/CVE-2015-4429.html https://www.suse.com/security/cve/CVE-2015-4430.html https://www.suse.com/security/cve/CVE-2015-4431.html https://www.suse.com/security/cve/CVE-2015-4432.html https://www.suse.com/security/cve/CVE-2015-4433.html https://www.suse.com/security/cve/CVE-2015-5116.html https://www.suse.com/security/cve/CVE-2015-5117.html https://www.suse.com/security/cve/CVE-2015-5118.html https://www.suse.com/security/cve/CVE-2015-5119.html https://bugzilla.suse.com/937339 From sle-updates at lists.suse.com Thu Jul 9 12:08:03 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2015 20:08:03 +0200 (CEST) Subject: SUSE-RU-2015:1217-1: Recommended update for crowbar-barclamp-nova Message-ID: <20150709180803.BF161320A2@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-nova ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1217-1 Rating: low References: #886571 #916562 #918104 #926605 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for crowbar-barclamp-nova provides the following stability fixes and improvements from the upstream OpenStack project: * Only deal with pacemaker resources on the founder node (bnc#918104) * Only deal with db creation on founder node when using HA (bnc#886571) * Avoid crowbar_join failing on Nova API being unavailable (bnc#916562) * Ensure that api-paste.ini does not contain the auth_token Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-crowbar-barclamp-nova=10609 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (noarch): crowbar-barclamp-nova-1.8+git.1427379412.6109488-0.7.1 References: https://bugzilla.suse.com/886571 https://bugzilla.suse.com/916562 https://bugzilla.suse.com/918104 https://bugzilla.suse.com/926605 https://download.suse.com/patch/finder/?keywords=8b8ee6d2cb2e489b0eeddb1b16d12e8b From sle-updates at lists.suse.com Thu Jul 9 13:08:04 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jul 2015 21:08:04 +0200 (CEST) Subject: SUSE-OU-2015:1218-1: Optional update for openvpn-openssl1 Message-ID: <20150709190804.52939320A5@maintenance.suse.de> SUSE Optional Update: Optional update for openvpn-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1218-1 Rating: low References: #931657 Affected Products: SUSE Linux Enterprise Security Module 11 SP3 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides an optional OpenVPN package built against OpenSSL 1.0 that allows the use of TLS 1.2. This build is based on sources from SUSE Linux Enterprise 12, and consequently brings a newer release of OpenVPN: 2.3.2 instead of the original 2.0.9 which is available on SUSE Linux Enterprise 11 SP3. The set of RPMs is named "openvpn-openssl1" (and sub-packages). It is strongly recommended to do integration tests before deploying the packages in a production environment. Indications: Any user can install this package. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Security Module 11 SP3: zypper in -t patch secsp3-openvpn-openssl1=10709 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Security Module 11 SP3 (i586 ia64 ppc64 s390x x86_64): openvpn-openssl1-2.3.2-0.7.2 openvpn-openssl1-down-root-plugin-2.3.2-0.7.2 References: https://bugzilla.suse.com/931657 https://download.suse.com/patch/finder/?keywords=e9f998de15be6281ebc01c5a84fb2120 From sle-updates at lists.suse.com Thu Jul 9 16:08:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 00:08:19 +0200 (CEST) Subject: SUSE-RU-2015:1219-1: Recommended update for sle-ha-geo-manuals_en Message-ID: <20150709220819.522E6320A4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-ha-geo-manuals_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1219-1 Rating: low References: #914091 Affected Products: SUSE Linux Enterprise High Availability GEO 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest revision of the Geo Clustering Quick Start guide. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability GEO 12: zypper in -t patch SUSE-SLE-HA-GEO-12-2015-308=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability GEO 12 (noarch): sle-ha-geo-manuals_en-12-15.7 sle-ha-geo-quick_en-pdf-12-15.7 References: https://bugzilla.suse.com/914091 From sle-updates at lists.suse.com Fri Jul 10 04:08:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 12:08:07 +0200 (CEST) Subject: SUSE-RU-2015:1220-1: moderate: Recommended update for ipsec-tools Message-ID: <20150710100807.2FC06320A2@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipsec-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1220-1 Rating: moderate References: #905780 #928313 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update allows ipsec-tools racoon to operate in FIPS mode. - MD5 algorithm usage has been replaced by SHA1 usage in a hash table, and for a remotely driven part allowed bsc#905780 - The minimum RSA public exponent in plainrsa-gen has been raised from 3 to 65567. bsc#928313 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-309=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ipsec-tools-0.8.0-11.2 ipsec-tools-debuginfo-0.8.0-11.2 ipsec-tools-debugsource-0.8.0-11.2 References: https://bugzilla.suse.com/905780 https://bugzilla.suse.com/928313 From sle-updates at lists.suse.com Fri Jul 10 06:08:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 14:08:35 +0200 (CEST) Subject: SUSE-RU-2015:1221-1: moderate: Recommended update for mcstrans Message-ID: <20150710120835.30656320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for mcstrans ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1221-1 Rating: moderate References: #935217 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update corrects the security context label of /run/setrans. The incorrect label prevented mcstrans from starting up. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-310=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le): mcstrans-0.3.3-9.1 mcstrans-debuginfo-0.3.3-9.1 mcstrans-debugsource-0.3.3-9.1 References: https://bugzilla.suse.com/935217 From sle-updates at lists.suse.com Fri Jul 10 07:08:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 15:08:31 +0200 (CEST) Subject: SUSE-RU-2015:1222-1: Recommended update for pciutils Message-ID: <20150710130831.59AC6320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1222-1 Rating: low References: #837347 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pciutils fixes a memory leak in function get_cache_name(). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-313=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-313=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le): pciutils-debuginfo-3.2.1-5.1 pciutils-debugsource-3.2.1-5.1 pciutils-devel-3.2.1-5.1 - SUSE Linux Enterprise Server 12 (ppc64le): libpci3-3.2.1-5.1 libpci3-debuginfo-3.2.1-5.1 pciutils-3.2.1-5.1 pciutils-debuginfo-3.2.1-5.1 pciutils-debugsource-3.2.1-5.1 References: https://bugzilla.suse.com/837347 From sle-updates at lists.suse.com Fri Jul 10 07:08:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 15:08:56 +0200 (CEST) Subject: SUSE-RU-2015:1223-1: Recommended update for perl-Module-Runtime Message-ID: <20150710130856.89970320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Module-Runtime ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1223-1 Rating: low References: #917844 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides perl-Module-Runtime 0.014. This version includes the following fixes: - Suppress any CORE::GLOBAL::require override, where possible, to avoid use_package_optimistically() being misled into treating missing modules as broken. - Tighten use_package_optimistically()'s recognition of can't-locate errors so that, when a module fails to load because a module that it uses isn't available, the outer module will be perceived as broken rather than missing. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-312=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): perl-Module-Runtime-0.014-4.1 References: https://bugzilla.suse.com/917844 From sle-updates at lists.suse.com Fri Jul 10 08:08:14 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 16:08:14 +0200 (CEST) Subject: SUSE-SU-2015:1224-1: important: Security update for the Linux Kernel Message-ID: <20150710140814.CAF7C320A2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1224-1 Rating: important References: #915517 #919007 #922583 #923908 #927355 #929525 #929647 #930786 #933429 #933896 #933904 #933907 #935705 #936831 Affected Products: SUSE Linux Enterprise Server 11-SP3-TERADATA ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: The SUSE Linux Enterprise 11 SP3 Teradata kernel was updated to fix the following bugs and security issues. The following security issues have been fixed: - Update patches.fixes/udp-fix-behavior-of-wrong-checksums.patch (bsc#936831, CVE-2015-5364, CVE-2015-5366). - Btrfs: make xattr replace operations atomic (bnc#923908, CVE-2014-9710). - udp: fix behavior of wrong checksums (bsc#936831, CVE-2015-5364, CVE-2015-5366). - vfs: read file_handle only once in handle_to_path (bsc#915517, CVE-2015-1420). - x86: bpf_jit: fix compilation of large bpf programs (bnc#935705,CVE-2015-4700). - udf: Check length of extended attributes and allocation (bsc#936831, CVE-2015-5364, CVE-2015-5366). - Update patches.fixes/udf-Check-component-length-before-reading-it.patch (bsc#933904, CVE-2014-9728, CVE-2014-9730). - Update patches.fixes/udf-Verify-i_size-when-loading-inode.patch (bsc#933904, CVE-2014-9728, CVE-2014-9729). - Update patches.fixes/udf-Verify-symlink-size-before-loading-it.patch (bsc#933904, CVE-2014-9728). - Update patches.fixes/udf-Check-path-length-when-reading-symlink.patch (bnc#933896, CVE-2014-9731). - pipe: fix iov overrun for failed atomic copy (bsc#933429, CVE-2015-1805). - ipv6: Don't reduce hop limit for an interface (bsc#922583, CVE-2015-2922). - net: llc: use correct size for sysctl timeout entries (bsc#919007, CVE-2015-2041). - ipv4: Missing sk_nulls_node_init() in ping_unhash() (bsc#929525, CVE-2015-3636). - ipv6: Don't reduce hop limit for an interface (bsc#922583, CVE-2015-2922). - net: llc: use correct size for sysctl timeout entries (bsc#919007, CVE-2015-2041). - ipv4: Missing sk_nulls_node_init() in ping_unhash() (bsc#929525, CVE-2015-3636). The following non-security issues have been fixed: - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - net/mlx4_core: Don't disable SRIOV if there are active VFs (bsc#927355). - udf: Remove repeated loads blocksize (bsc#933907). - Refresh patches.fixes/deal-with-deadlock-in-d_walk-fix.patch. based on 3.2 stable fix 20defcec264c ("dcache: Fix locking bugs in backported "deal with deadlock in d_walk()""). Not harmfull for regular SLES kernels but RT or PREEMPT kernels would see disbalance. - sched: Fix potential near-infinite distribute_cfs_runtime() loop (bnc#930786) - tty: Correct tty buffer flush (bnc#929647). - tty: hold lock across tty buffer finding and buffer filling (bnc#929647). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-TERADATA: zypper in -t patch slessp3-kernel-201507-2=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-TERADATA (x86_64): kernel-default-3.0.101-57.TDC.2 kernel-default-base-3.0.101-57.TDC.2 kernel-default-devel-3.0.101-57.TDC.2 kernel-source-3.0.101-57.TDC.2 kernel-syms-3.0.101-57.TDC.2 kernel-trace-3.0.101-57.TDC.2 kernel-trace-base-3.0.101-57.TDC.2 kernel-trace-devel-3.0.101-57.TDC.2 kernel-xen-3.0.101-57.TDC.2 kernel-xen-base-3.0.101-57.TDC.2 kernel-xen-devel-3.0.101-57.TDC.2 References: https://bugzilla.suse.com/915517 https://bugzilla.suse.com/919007 https://bugzilla.suse.com/922583 https://bugzilla.suse.com/923908 https://bugzilla.suse.com/927355 https://bugzilla.suse.com/929525 https://bugzilla.suse.com/929647 https://bugzilla.suse.com/930786 https://bugzilla.suse.com/933429 https://bugzilla.suse.com/933896 https://bugzilla.suse.com/933904 https://bugzilla.suse.com/933907 https://bugzilla.suse.com/935705 https://bugzilla.suse.com/936831 From sle-updates at lists.suse.com Fri Jul 10 08:11:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 16:11:27 +0200 (CEST) Subject: SUSE-RU-2015:1222-2: Recommended update for pciutils Message-ID: <20150710141127.5C0C1320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1222-2 Rating: low References: #837347 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pciutils fixes a memory leak in function get_cache_name(). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-313=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-313=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-313=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): pciutils-debuginfo-3.2.1-5.1 pciutils-debugsource-3.2.1-5.1 pciutils-devel-3.2.1-5.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libpci3-3.2.1-5.1 libpci3-32bit-3.2.1-5.1 libpci3-debuginfo-3.2.1-5.1 libpci3-debuginfo-32bit-3.2.1-5.1 pciutils-3.2.1-5.1 pciutils-debuginfo-3.2.1-5.1 pciutils-debugsource-3.2.1-5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libpci3-3.2.1-5.1 libpci3-32bit-3.2.1-5.1 libpci3-debuginfo-3.2.1-5.1 libpci3-debuginfo-32bit-3.2.1-5.1 pciutils-3.2.1-5.1 pciutils-debuginfo-3.2.1-5.1 pciutils-debugsource-3.2.1-5.1 References: https://bugzilla.suse.com/837347 From sle-updates at lists.suse.com Fri Jul 10 08:11:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 16:11:51 +0200 (CEST) Subject: SUSE-RU-2015:1221-2: moderate: Recommended update for mcstrans Message-ID: <20150710141151.5DBE4320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for mcstrans ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1221-2 Rating: moderate References: #935217 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update corrects the security context label of /run/setrans. The incorrect label prevented mcstrans from starting up. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-310=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (s390x x86_64): mcstrans-0.3.3-9.1 mcstrans-debuginfo-0.3.3-9.1 mcstrans-debugsource-0.3.3-9.1 References: https://bugzilla.suse.com/935217 From sle-updates at lists.suse.com Fri Jul 10 08:12:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 16:12:09 +0200 (CEST) Subject: SUSE-RU-2015:1223-2: Recommended update for perl-Module-Runtime Message-ID: <20150710141209.E37ED320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Module-Runtime ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1223-2 Rating: low References: #917844 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides perl-Module-Runtime 0.014. This version includes the following fixes: - Suppress any CORE::GLOBAL::require override, where possible, to avoid use_package_optimistically() being misled into treating missing modules as broken. - Tighten use_package_optimistically()'s recognition of can't-locate errors so that, when a module fails to load because a module that it uses isn't available, the outer module will be perceived as broken rather than missing. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-312=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): perl-Module-Runtime-0.014-4.1 References: https://bugzilla.suse.com/917844 From sle-updates at lists.suse.com Fri Jul 10 08:12:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 16:12:32 +0200 (CEST) Subject: SUSE-RU-2015:1225-1: moderate: Recommended update for lvm2 Message-ID: <20150710141232.9DA4B320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1225-1 Rating: moderate References: #888798 #894202 #908791 #909358 #912499 #922905 #925627 #932300 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for lvm2 and device-mapper provides the following fixes and enhancements: - If the disk is unavailable we need to import the existing ID_FS_XXX variables from the udev database, otherwise the filesystem UUID won't be set and the by-uuid symlinks will disappear, leading to intermittent boot failures. (bsc#909358) - Do not attempt to unmount all volumes if only one path has failed. (bsc#932300) - Add patches for multipath support to device-mapper. (bsc#922905) - LVM2 does not support unpartitioned DASD device which has special format in the first 2 tracks and will silently discard LVM2 label information written to it by pvcreate. Mark this type of device as unsupported. (bsc#894202) - Properly enable lvm2-lvmetad.socket in the package's pre and post- installation scripts. (bsc#908791) - Set silent mode to 0 by default, otherwise some commands will have no output. (bsc#888798, bsc#912499) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-314=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-314=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-314=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-314=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): device-mapper-debuginfo-1.02.78-54.1 device-mapper-devel-1.02.78-54.1 lvm2-debuginfo-2.02.98-54.1 lvm2-debugsource-2.02.98-54.1 lvm2-devel-2.02.98-54.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): device-mapper-1.02.78-54.1 device-mapper-debuginfo-1.02.78-54.1 lvm2-2.02.98-54.1 lvm2-debuginfo-2.02.98-54.1 lvm2-debugsource-2.02.98-54.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): device-mapper-32bit-1.02.78-54.1 device-mapper-debuginfo-32bit-1.02.78-54.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): lvm2-clvm-2.02.98-54.1 lvm2-clvm-debuginfo-2.02.98-54.1 lvm2-cmirrord-2.02.98-54.1 lvm2-cmirrord-debuginfo-2.02.98-54.1 lvm2-debuginfo-2.02.98-54.1 lvm2-debugsource-2.02.98-54.1 - SUSE Linux Enterprise Desktop 12 (x86_64): device-mapper-1.02.78-54.1 device-mapper-32bit-1.02.78-54.1 device-mapper-debuginfo-1.02.78-54.1 device-mapper-debuginfo-32bit-1.02.78-54.1 lvm2-2.02.98-54.1 lvm2-debuginfo-2.02.98-54.1 lvm2-debugsource-2.02.98-54.1 References: https://bugzilla.suse.com/888798 https://bugzilla.suse.com/894202 https://bugzilla.suse.com/908791 https://bugzilla.suse.com/909358 https://bugzilla.suse.com/912499 https://bugzilla.suse.com/922905 https://bugzilla.suse.com/925627 https://bugzilla.suse.com/932300 From sle-updates at lists.suse.com Fri Jul 10 09:08:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 17:08:02 +0200 (CEST) Subject: SUSE-OU-2015:1226-1: Optional update for drm-KMP and xf86-video-intel Message-ID: <20150710150802.3A898320A5@maintenance.suse.de> SUSE Optional Update: Optional update for drm-KMP and xf86-video-intel ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1226-1 Rating: low References: #930085 Affected Products: SUSE Linux Enterprise Point of Service 11 SP3 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds support for Intel Bay Trail CPUs. Two new packages have been included in the product: a newer version of the Intel graphics driver for X.Org (xf86-video-intel) and newer versions of the drm and agpgart kernel modules (drm-kmp). In order to use the updated drivers on Bay Trail systems, the SLEPOS images must be updated to contain packages xf86-video-intel and drm-kmp-default from the SLEPOS 11-SP3 update channel. A new initrd and up-to-date kernel should also be used, unless kexec based boot is preferred (see section 6.4.2 in SLEPOS 11 SP3 documentation). Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Service 11 SP3: zypper in -t patch sleposp3-baytrail-201505=10840 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Point of Service 11 SP3 (i586 x86_64): drm-kmp-default-3.12_3.0.101_0.47.55-0.17.1 xf86-video-intel-2.99.914-0.9.9 - SUSE Linux Enterprise Point of Service 11 SP3 (i586): drm-kmp-pae-3.12_3.0.101_0.47.55-0.17.1 References: https://bugzilla.suse.com/930085 https://download.suse.com/patch/finder/?keywords=9aadd5c0e0cc58582888b796b9efbc62 From sle-updates at lists.suse.com Fri Jul 10 11:08:03 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 19:08:03 +0200 (CEST) Subject: SUSE-SU-2015:1177-2: important: Security update for MySQL Message-ID: <20150710170803.15B0B320A2@maintenance.suse.de> SUSE Security Update: Security update for MySQL ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1177-2 Rating: important References: #934789 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP1 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: This MySQL update fixes the following security issue: * Logjam Attack: MySQL uses 512 bit DH groups in SSL connections. (bsc#934789) Security Issues: * CVE-2015-4000 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 LTSS: zypper in -t patch slessp2-libmysqlclient-devel=10835 - SUSE Linux Enterprise Server 11 SP1 LTSS: zypper in -t patch slessp1-libmysqlclient-devel=10834 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.8.8.2 libmysqlclient_r15-5.0.96-0.8.8.2 mysql-5.0.96-0.8.8.2 mysql-Max-5.0.96-0.8.8.2 mysql-client-5.0.96-0.8.8.2 mysql-tools-5.0.96-0.8.8.2 - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.8.8.2 - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-5.0.96-0.8.8.2 libmysqlclient_r15-5.0.96-0.8.8.2 mysql-5.0.96-0.8.8.2 mysql-Max-5.0.96-0.8.8.2 mysql-client-5.0.96-0.8.8.2 mysql-tools-5.0.96-0.8.8.2 - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64) [New Version: 5.0.96]: libmysqlclient15-32bit-5.0.96-0.8.8.2 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/934789 https://download.suse.com/patch/finder/?keywords=981d8f54c6495496c156cd451d10c084 https://download.suse.com/patch/finder/?keywords=9bf49a65c370d89b69d6200ce055b991 From sle-updates at lists.suse.com Fri Jul 10 11:08:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 19:08:24 +0200 (CEST) Subject: SUSE-SU-2015:1227-1: moderate: Security update for strongswan Message-ID: <20150710170824.46DC2320A5@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1227-1 Rating: moderate References: #933591 Cross-References: CVE-2015-4171 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: strongswan was updated to fix a problem that could enable rogue servers to gain user credentials from a client in certain IKEv2 setups. (CVE-2015-4171) Security Issues: * CVE-2015-4171 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-strongswan=10739 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-strongswan=10739 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-strongswan=10739 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): strongswan-4.4.0-6.27.1 strongswan-doc-4.4.0-6.27.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.27.1 strongswan-doc-4.4.0-6.27.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): strongswan-4.4.0-6.27.1 strongswan-doc-4.4.0-6.27.1 References: https://www.suse.com/security/cve/CVE-2015-4171.html https://bugzilla.suse.com/933591 https://download.suse.com/patch/finder/?keywords=812b92d737144f4bab961ce3080050bc From sle-updates at lists.suse.com Fri Jul 10 11:08:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jul 2015 19:08:43 +0200 (CEST) Subject: SUSE-SU-2015:1228-1: moderate: Security update for strongswan Message-ID: <20150710170843.C3335320A5@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1228-1 Rating: moderate References: #876449 #933591 Cross-References: CVE-2014-2891 CVE-2015-4171 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: strongswan was updated to fix two security issues: * An issue that could enable rogue servers to gain user credentials from a client in certain IKEv2 setups. (CVE-2015-4171) * A bug in decoding ID_DER_ASN1_DN ID payloads that could be used for remote denial of service attacks. (CVE-2014-2891) Security Issues: * CVE-2015-4171 * CVE-2014-2891 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): strongswan-4.4.0-6.19.1 strongswan-doc-4.4.0-6.19.1 References: https://www.suse.com/security/cve/CVE-2014-2891.html https://www.suse.com/security/cve/CVE-2015-4171.html https://bugzilla.suse.com/876449 https://bugzilla.suse.com/933591 https://download.suse.com/patch/finder/?keywords=98e26dc2a1696d47c59ab9aa31ce0c35 From sle-updates at lists.suse.com Tue Jul 14 02:08:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2015 10:08:07 +0200 (CEST) Subject: SUSE-RU-2015:1239-1: Recommended update for freetype2 Message-ID: <20150714080808.05655320A2@maintenance.suse.de> SUSE Recommended Update: Recommended update for freetype2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1239-1 Rating: low References: #933247 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of freetype2 fixes a regression introduced by the security fix for CVE-2014-9671. This is not itself a security issue, it just improves on a previous one. This update is needed for LSB 5 fontconfig usage. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-315=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-315=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-315=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): freetype2-debugsource-2.5.5-7.5.1 freetype2-devel-2.5.5-7.5.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): freetype2-debugsource-2.5.5-7.5.1 ft2demos-2.5.5-7.5.1 libfreetype6-2.5.5-7.5.1 libfreetype6-debuginfo-2.5.5-7.5.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libfreetype6-32bit-2.5.5-7.5.1 libfreetype6-debuginfo-32bit-2.5.5-7.5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): freetype2-debugsource-2.5.5-7.5.1 ft2demos-2.5.5-7.5.1 libfreetype6-2.5.5-7.5.1 libfreetype6-32bit-2.5.5-7.5.1 libfreetype6-debuginfo-2.5.5-7.5.1 libfreetype6-debuginfo-32bit-2.5.5-7.5.1 References: https://bugzilla.suse.com/933247 From sle-updates at lists.suse.com Tue Jul 14 05:07:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2015 13:07:58 +0200 (CEST) Subject: SUSE-RU-2015:1241-1: moderate: Recommended update for xf86-video-intel Message-ID: <20150714110758.6796C320A2@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-video-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1241-1 Rating: moderate References: #908323 #908326 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xf86-video-intel provides the following fixes: - Fix potential memory corruption on Gen8 BLT with 4bit address. - Disable support for DRI3. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-316=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-316=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): xf86-video-intel-2.99.914-7.1 xf86-video-intel-debuginfo-2.99.914-7.1 xf86-video-intel-debugsource-2.99.914-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xf86-video-intel-2.99.914-7.1 xf86-video-intel-debuginfo-2.99.914-7.1 xf86-video-intel-debugsource-2.99.914-7.1 References: https://bugzilla.suse.com/908323 https://bugzilla.suse.com/908326 From sle-updates at lists.suse.com Tue Jul 14 08:08:03 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2015 16:08:03 +0200 (CEST) Subject: SUSE-OU-2015:1242-1: Optional update for SLE HA Manuals Message-ID: <20150714140803.09890320A5@maintenance.suse.de> SUSE Optional Update: Optional update for SLE HA Manuals ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1242-1 Rating: low References: #920443 #931067 #937027 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has three optional fixes can now be installed. Description: The SUSE Linux Enterprise High Availability Extension manuals have been translated to Japanese, Chinese simplified and Chinese traditional. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-317=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (noarch): sle-ha-guide_ja-pdf-12-2.10 sle-ha-guide_zh_CN-pdf-12-2.10 sle-ha-guide_zh_TW-pdf-12-2.10 sle-ha-manuals_ja-12-2.10 sle-ha-manuals_zh_CN-12-2.10 sle-ha-manuals_zh_TW-12-2.10 References: https://bugzilla.suse.com/920443 https://bugzilla.suse.com/931067 https://bugzilla.suse.com/937027 From sle-updates at lists.suse.com Tue Jul 14 09:08:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2015 17:08:02 +0200 (CEST) Subject: SUSE-RU-2015:1243-1: Recommended update for crowbar-barclamp-cinder and openstack-cinder Message-ID: <20150714150802.8A84E320B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-cinder and openstack-cinder ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1243-1 Rating: low References: #886571 #907094 #907669 #918104 #926605 Affected Products: SUSE Cloud 4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. It includes two new package versions. Description: This update for crowbar-barclamp-cinder and openstack-cinder provides the following stability fixes and improvements from the upstream OpenStack project: * crowbar-barclamp-cinder o Only deal with pacemaker resources on the founder node (bnc#918104) o Only deal with db creation on founder node when using HA (bnc#886571) o Add sqlalchemy pool parameters (bnc#907669) * openstack-cinder o Bump stable/icehouse next version to 2014.1.5 o Updated from global requirements o update to eternus dx volumedriver 1.1.1 o Make pool_timeout configurable (bnc#907669) o Make snapshot_delete more robust (bnc#907094) Contraindications: Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 4: zypper in -t patch sleclo40sp3-cinder-0415=10605 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 4 (x86_64) [New Version: 2014.1.5.dev1]: openstack-cinder-2014.1.5.dev1-0.7.1 openstack-cinder-api-2014.1.5.dev1-0.7.1 openstack-cinder-backup-2014.1.5.dev1-0.7.1 openstack-cinder-scheduler-2014.1.5.dev1-0.7.1 openstack-cinder-volume-2014.1.5.dev1-0.7.1 python-cinder-2014.1.5.dev1-0.7.1 - SUSE Cloud 4 (noarch) [New Version: 2014.1.5.dev1]: crowbar-barclamp-cinder-1.8+git.1427379402.01cfccc-0.7.1 openstack-cinder-doc-2014.1.5.dev1-0.7.1 References: https://bugzilla.suse.com/886571 https://bugzilla.suse.com/907094 https://bugzilla.suse.com/907669 https://bugzilla.suse.com/918104 https://bugzilla.suse.com/926605 https://download.suse.com/patch/finder/?keywords=06b81e7881402ce7d99d7e16012f99b8 From sle-updates at lists.suse.com Tue Jul 14 11:08:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jul 2015 19:08:24 +0200 (CEST) Subject: SUSE-RU-2015:1246-1: Recommended update for inst-source-utils Message-ID: <20150714170824.CB033320B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for inst-source-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1246-1 Rating: low References: #937385 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The inst-source-utils package was updated to allow building medias with specific EULA. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-inst-source-utils-3=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-inst-source-utils-3=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-inst-source-utils-3=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-inst-source-utils-3=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-inst-source-utils-3=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-inst-source-utils-3=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-inst-source-utils-3=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): inst-source-utils-2013.1.25-0.7.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (noarch): inst-source-utils-2013.1.25-0.7.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): inst-source-utils-2013.1.25-0.7.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): inst-source-utils-2013.1.25-0.7.1 - SUSE Linux Enterprise Server 11-SP3 (noarch): inst-source-utils-2013.1.25-0.7.1 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): inst-source-utils-2013.1.25-0.7.1 - SUSE Linux Enterprise Desktop 11-SP3 (noarch): inst-source-utils-2013.1.25-0.7.1 References: https://bugzilla.suse.com/937385 From sle-updates at lists.suse.com Wed Jul 15 08:08:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jul 2015 16:08:11 +0200 (CEST) Subject: SUSE-RU-2015:1248-1: moderate: Recommended update for yast2-dns-server Message-ID: <20150715140811.A12E0320B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-dns-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1248-1 Rating: moderate References: #746401 #898659 #899104 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-dns-server provides the following fixes: Fix handling of zones (bsc#898659): - Extend list of zones marked as system (internal) with (0\.)+ip6.arpa - Do not allow to edit system zones (they belong to bind package) - Check if 'bind' package is installed before writing the configuration - Mark all imported zones as 'modified' to be written later - Mark all imported non-system zones as 'is_new' to create a zone file for them - Flush /etc/named.conf cache 'after' writing zones (instead of 'before') - Use "" as the default NETCONFIG_DNS_POLICY (instead of 0) - Do not write system zones to LDAP (bnc#746401) - If systems zones are marked as modified, they are written to named configuration (if LDAP is not in use). Fix Import() and Write() in AutoYast (bnc#898659): - Imported zones were not written to the system as they were not marked as 'modified' - Directory /etc/named.d/ was used even if it didn't exist - The whole named.conf was rewritten from scratch as Yast thought that something has changed that file while Yast was running. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-319=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): yast2-dns-server-3.1.11-6.1 References: https://bugzilla.suse.com/746401 https://bugzilla.suse.com/898659 https://bugzilla.suse.com/899104 From sle-updates at lists.suse.com Thu Jul 16 02:08:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jul 2015 10:08:25 +0200 (CEST) Subject: SUSE-SU-2015:1249-1: moderate: Security update for augeas Message-ID: <20150716080825.6D8D632087@maintenance.suse.de> SUSE Security Update: Security update for augeas ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1249-1 Rating: moderate References: #925225 Cross-References: CVE-2014-8119 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes an untrusted argument escaping problem (CVE-2014-8119): * new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions * aug_match() is changed to return properly escaped output Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-320=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-320=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-320=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): augeas-debuginfo-1.2.0-3.1 augeas-debugsource-1.2.0-3.1 augeas-devel-1.2.0-3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): augeas-1.2.0-3.1 augeas-debuginfo-1.2.0-3.1 augeas-debugsource-1.2.0-3.1 augeas-lenses-1.2.0-3.1 libaugeas0-1.2.0-3.1 libaugeas0-debuginfo-1.2.0-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): augeas-debuginfo-1.2.0-3.1 augeas-debugsource-1.2.0-3.1 libaugeas0-1.2.0-3.1 libaugeas0-debuginfo-1.2.0-3.1 References: https://www.suse.com/security/cve/CVE-2014-8119.html https://bugzilla.suse.com/925225 From sle-updates at lists.suse.com Fri Jul 17 02:11:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2015 10:11:23 +0200 (CEST) Subject: SUSE-RU-2015:1251-1: Recommended update for git Message-ID: <20150717081123.A0D93320B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for git ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1251-1 Rating: low References: #919105 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for git fixes a syntax error in the csh completion script. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-326=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-326=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): git-1.8.5.6-11.10 git-arch-1.8.5.6-11.10 git-core-1.8.5.6-11.10 git-core-debuginfo-1.8.5.6-11.10 git-cvs-1.8.5.6-11.10 git-daemon-1.8.5.6-11.10 git-daemon-debuginfo-1.8.5.6-11.10 git-debugsource-1.8.5.6-11.10 git-email-1.8.5.6-11.10 git-gui-1.8.5.6-11.10 git-svn-1.8.5.6-11.10 git-svn-debuginfo-1.8.5.6-11.10 git-web-1.8.5.6-11.10 gitk-1.8.5.6-11.10 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): git-core-1.8.5.6-11.10 git-core-debuginfo-1.8.5.6-11.10 git-debugsource-1.8.5.6-11.10 References: https://bugzilla.suse.com/919105 From sle-updates at lists.suse.com Fri Jul 17 02:11:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2015 10:11:48 +0200 (CEST) Subject: SUSE-OU-2015:1252-1: Optional Icinga packages Message-ID: <20150717081148.614AF320B3@maintenance.suse.de> SUSE Optional Update: Optional Icinga packages ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1252-1 Rating: low References: #919934 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides Icinga packages for SUSE Manager customers. The Icinga monitoring system has been added to the SUSE Manager Tools Channel as a Technology Preview for SUSE Linux Enterprise Server 12. These packages are not recommended for production use yet. As part of a valid SUSE Manager Server subscription an unlimited number of Icinga servers can be installed within the same organization on SUSE Linux Enterprise Server 12 systems that have a valid Standard or Priority subscription. As long as Icinga is used without integration into SUSE Manager, no SUSE Manager Monitoring subscription is needed for the managed systems. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2015-324=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (ppc64le s390x x86_64): icinga-1.13.2-4.4 icinga-debuginfo-1.13.2-4.4 icinga-debugsource-1.13.2-4.4 icinga-devel-1.13.2-4.4 icinga-doc-1.13.2-4.4 icinga-idoutils-1.13.2-4.4 icinga-idoutils-mysql-1.13.2-4.4 icinga-idoutils-oracle-1.13.2-4.4 icinga-idoutils-pgsql-1.13.2-4.4 icinga-plugins-downtimes-1.13.2-4.4 icinga-plugins-eventhandlers-1.13.2-4.4 icinga-www-1.13.2-4.4 icinga-www-config-1.13.2-4.4 monitoring-tools-1.13.2-4.4 References: https://bugzilla.suse.com/919934 From sle-updates at lists.suse.com Fri Jul 17 02:12:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2015 10:12:08 +0200 (CEST) Subject: SUSE-SU-2015:1253-1: important: Security update for php5 Message-ID: <20150717081208.5969E320B3@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1253-1 Rating: important References: #919080 #927147 #931421 #931769 #931772 #931776 #933227 #935224 #935226 #935227 #935232 #935234 #935274 #935275 Cross-References: CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This security update of PHP fixes the following issues: Security issues fixed: * CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability. * CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity. * CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow. * CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL. * CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type confusion after unserialize() information disclosure. * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. Bugs fixed: * configure php-fpm with --localstatedir=/var [bnc#927147] * fix timezone map [bnc#919080] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-322=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-322=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-30.1 php5-debugsource-5.5.14-30.1 php5-devel-5.5.14-30.1 - SUSE Linux Enterprise Module for Web Scripting 12 (s390x x86_64): apache2-mod_php5-5.5.14-30.1 apache2-mod_php5-debuginfo-5.5.14-30.1 php5-5.5.14-30.1 php5-bcmath-5.5.14-30.1 php5-bcmath-debuginfo-5.5.14-30.1 php5-bz2-5.5.14-30.1 php5-bz2-debuginfo-5.5.14-30.1 php5-calendar-5.5.14-30.1 php5-calendar-debuginfo-5.5.14-30.1 php5-ctype-5.5.14-30.1 php5-ctype-debuginfo-5.5.14-30.1 php5-curl-5.5.14-30.1 php5-curl-debuginfo-5.5.14-30.1 php5-dba-5.5.14-30.1 php5-dba-debuginfo-5.5.14-30.1 php5-debuginfo-5.5.14-30.1 php5-debugsource-5.5.14-30.1 php5-dom-5.5.14-30.1 php5-dom-debuginfo-5.5.14-30.1 php5-enchant-5.5.14-30.1 php5-enchant-debuginfo-5.5.14-30.1 php5-exif-5.5.14-30.1 php5-exif-debuginfo-5.5.14-30.1 php5-fastcgi-5.5.14-30.1 php5-fastcgi-debuginfo-5.5.14-30.1 php5-fileinfo-5.5.14-30.1 php5-fileinfo-debuginfo-5.5.14-30.1 php5-fpm-5.5.14-30.1 php5-fpm-debuginfo-5.5.14-30.1 php5-ftp-5.5.14-30.1 php5-ftp-debuginfo-5.5.14-30.1 php5-gd-5.5.14-30.1 php5-gd-debuginfo-5.5.14-30.1 php5-gettext-5.5.14-30.1 php5-gettext-debuginfo-5.5.14-30.1 php5-gmp-5.5.14-30.1 php5-gmp-debuginfo-5.5.14-30.1 php5-iconv-5.5.14-30.1 php5-iconv-debuginfo-5.5.14-30.1 php5-intl-5.5.14-30.1 php5-intl-debuginfo-5.5.14-30.1 php5-json-5.5.14-30.1 php5-json-debuginfo-5.5.14-30.1 php5-ldap-5.5.14-30.1 php5-ldap-debuginfo-5.5.14-30.1 php5-mbstring-5.5.14-30.1 php5-mbstring-debuginfo-5.5.14-30.1 php5-mcrypt-5.5.14-30.1 php5-mcrypt-debuginfo-5.5.14-30.1 php5-mysql-5.5.14-30.1 php5-mysql-debuginfo-5.5.14-30.1 php5-odbc-5.5.14-30.1 php5-odbc-debuginfo-5.5.14-30.1 php5-openssl-5.5.14-30.1 php5-openssl-debuginfo-5.5.14-30.1 php5-pcntl-5.5.14-30.1 php5-pcntl-debuginfo-5.5.14-30.1 php5-pdo-5.5.14-30.1 php5-pdo-debuginfo-5.5.14-30.1 php5-pgsql-5.5.14-30.1 php5-pgsql-debuginfo-5.5.14-30.1 php5-pspell-5.5.14-30.1 php5-pspell-debuginfo-5.5.14-30.1 php5-shmop-5.5.14-30.1 php5-shmop-debuginfo-5.5.14-30.1 php5-snmp-5.5.14-30.1 php5-snmp-debuginfo-5.5.14-30.1 php5-soap-5.5.14-30.1 php5-soap-debuginfo-5.5.14-30.1 php5-sockets-5.5.14-30.1 php5-sockets-debuginfo-5.5.14-30.1 php5-sqlite-5.5.14-30.1 php5-sqlite-debuginfo-5.5.14-30.1 php5-suhosin-5.5.14-30.1 php5-suhosin-debuginfo-5.5.14-30.1 php5-sysvmsg-5.5.14-30.1 php5-sysvmsg-debuginfo-5.5.14-30.1 php5-sysvsem-5.5.14-30.1 php5-sysvsem-debuginfo-5.5.14-30.1 php5-sysvshm-5.5.14-30.1 php5-sysvshm-debuginfo-5.5.14-30.1 php5-tokenizer-5.5.14-30.1 php5-tokenizer-debuginfo-5.5.14-30.1 php5-wddx-5.5.14-30.1 php5-wddx-debuginfo-5.5.14-30.1 php5-xmlreader-5.5.14-30.1 php5-xmlreader-debuginfo-5.5.14-30.1 php5-xmlrpc-5.5.14-30.1 php5-xmlrpc-debuginfo-5.5.14-30.1 php5-xmlwriter-5.5.14-30.1 php5-xmlwriter-debuginfo-5.5.14-30.1 php5-xsl-5.5.14-30.1 php5-xsl-debuginfo-5.5.14-30.1 php5-zip-5.5.14-30.1 php5-zip-debuginfo-5.5.14-30.1 php5-zlib-5.5.14-30.1 php5-zlib-debuginfo-5.5.14-30.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-30.1 References: https://www.suse.com/security/cve/CVE-2015-3411.html https://www.suse.com/security/cve/CVE-2015-3412.html https://www.suse.com/security/cve/CVE-2015-4021.html https://www.suse.com/security/cve/CVE-2015-4022.html https://www.suse.com/security/cve/CVE-2015-4024.html https://www.suse.com/security/cve/CVE-2015-4026.html https://www.suse.com/security/cve/CVE-2015-4148.html https://www.suse.com/security/cve/CVE-2015-4598.html https://www.suse.com/security/cve/CVE-2015-4599.html https://www.suse.com/security/cve/CVE-2015-4600.html https://www.suse.com/security/cve/CVE-2015-4601.html https://www.suse.com/security/cve/CVE-2015-4602.html https://www.suse.com/security/cve/CVE-2015-4603.html https://www.suse.com/security/cve/CVE-2015-4643.html https://www.suse.com/security/cve/CVE-2015-4644.html https://bugzilla.suse.com/919080 https://bugzilla.suse.com/927147 https://bugzilla.suse.com/931421 https://bugzilla.suse.com/931769 https://bugzilla.suse.com/931772 https://bugzilla.suse.com/931776 https://bugzilla.suse.com/933227 https://bugzilla.suse.com/935224 https://bugzilla.suse.com/935226 https://bugzilla.suse.com/935227 https://bugzilla.suse.com/935232 https://bugzilla.suse.com/935234 https://bugzilla.suse.com/935274 https://bugzilla.suse.com/935275 From sle-updates at lists.suse.com Fri Jul 17 03:08:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2015 11:08:11 +0200 (CEST) Subject: SUSE-SU-2015:1253-2: important: Security update for php5 Message-ID: <20150717090811.3CC15320A5@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1253-2 Rating: important References: #919080 #927147 #931421 #931769 #931772 #931776 #933227 #935224 #935226 #935227 #935232 #935234 #935274 #935275 Cross-References: CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This security update of PHP fixes the following issues: Security issues fixed: * CVE-2015-4024 [bnc#931421]: Fixed multipart/form-data remote DOS Vulnerability. * CVE-2015-4026 [bnc#931776]: pcntl_exec() did not check path validity. * CVE-2015-4022 [bnc#931772]: Fixed and overflow in ftp_genlist() that resulted in a heap overflow. * CVE-2015-4021 [bnc#931769]: Fixed memory corruption in phar_parse_tarfile when entry filename starts with NULL. * CVE-2015-4148 [bnc#933227]: Fixed SoapClient's do_soap_call() type confusion after unserialize() information disclosure. * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. Bugs fixed: * configure php-fpm with --localstatedir=/var [bnc#927147] * fix timezone map [bnc#919080] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-322=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le): apache2-mod_php5-5.5.14-30.1 apache2-mod_php5-debuginfo-5.5.14-30.1 php5-5.5.14-30.1 php5-bcmath-5.5.14-30.1 php5-bcmath-debuginfo-5.5.14-30.1 php5-bz2-5.5.14-30.1 php5-bz2-debuginfo-5.5.14-30.1 php5-calendar-5.5.14-30.1 php5-calendar-debuginfo-5.5.14-30.1 php5-ctype-5.5.14-30.1 php5-ctype-debuginfo-5.5.14-30.1 php5-curl-5.5.14-30.1 php5-curl-debuginfo-5.5.14-30.1 php5-dba-5.5.14-30.1 php5-dba-debuginfo-5.5.14-30.1 php5-debuginfo-5.5.14-30.1 php5-debugsource-5.5.14-30.1 php5-dom-5.5.14-30.1 php5-dom-debuginfo-5.5.14-30.1 php5-enchant-5.5.14-30.1 php5-enchant-debuginfo-5.5.14-30.1 php5-exif-5.5.14-30.1 php5-exif-debuginfo-5.5.14-30.1 php5-fastcgi-5.5.14-30.1 php5-fastcgi-debuginfo-5.5.14-30.1 php5-fileinfo-5.5.14-30.1 php5-fileinfo-debuginfo-5.5.14-30.1 php5-fpm-5.5.14-30.1 php5-fpm-debuginfo-5.5.14-30.1 php5-ftp-5.5.14-30.1 php5-ftp-debuginfo-5.5.14-30.1 php5-gd-5.5.14-30.1 php5-gd-debuginfo-5.5.14-30.1 php5-gettext-5.5.14-30.1 php5-gettext-debuginfo-5.5.14-30.1 php5-gmp-5.5.14-30.1 php5-gmp-debuginfo-5.5.14-30.1 php5-iconv-5.5.14-30.1 php5-iconv-debuginfo-5.5.14-30.1 php5-intl-5.5.14-30.1 php5-intl-debuginfo-5.5.14-30.1 php5-json-5.5.14-30.1 php5-json-debuginfo-5.5.14-30.1 php5-ldap-5.5.14-30.1 php5-ldap-debuginfo-5.5.14-30.1 php5-mbstring-5.5.14-30.1 php5-mbstring-debuginfo-5.5.14-30.1 php5-mcrypt-5.5.14-30.1 php5-mcrypt-debuginfo-5.5.14-30.1 php5-mysql-5.5.14-30.1 php5-mysql-debuginfo-5.5.14-30.1 php5-odbc-5.5.14-30.1 php5-odbc-debuginfo-5.5.14-30.1 php5-openssl-5.5.14-30.1 php5-openssl-debuginfo-5.5.14-30.1 php5-pcntl-5.5.14-30.1 php5-pcntl-debuginfo-5.5.14-30.1 php5-pdo-5.5.14-30.1 php5-pdo-debuginfo-5.5.14-30.1 php5-pgsql-5.5.14-30.1 php5-pgsql-debuginfo-5.5.14-30.1 php5-pspell-5.5.14-30.1 php5-pspell-debuginfo-5.5.14-30.1 php5-shmop-5.5.14-30.1 php5-shmop-debuginfo-5.5.14-30.1 php5-snmp-5.5.14-30.1 php5-snmp-debuginfo-5.5.14-30.1 php5-soap-5.5.14-30.1 php5-soap-debuginfo-5.5.14-30.1 php5-sockets-5.5.14-30.1 php5-sockets-debuginfo-5.5.14-30.1 php5-sqlite-5.5.14-30.1 php5-sqlite-debuginfo-5.5.14-30.1 php5-suhosin-5.5.14-30.1 php5-suhosin-debuginfo-5.5.14-30.1 php5-sysvmsg-5.5.14-30.1 php5-sysvmsg-debuginfo-5.5.14-30.1 php5-sysvsem-5.5.14-30.1 php5-sysvsem-debuginfo-5.5.14-30.1 php5-sysvshm-5.5.14-30.1 php5-sysvshm-debuginfo-5.5.14-30.1 php5-tokenizer-5.5.14-30.1 php5-tokenizer-debuginfo-5.5.14-30.1 php5-wddx-5.5.14-30.1 php5-wddx-debuginfo-5.5.14-30.1 php5-xmlreader-5.5.14-30.1 php5-xmlreader-debuginfo-5.5.14-30.1 php5-xmlrpc-5.5.14-30.1 php5-xmlrpc-debuginfo-5.5.14-30.1 php5-xmlwriter-5.5.14-30.1 php5-xmlwriter-debuginfo-5.5.14-30.1 php5-xsl-5.5.14-30.1 php5-xsl-debuginfo-5.5.14-30.1 php5-zip-5.5.14-30.1 php5-zip-debuginfo-5.5.14-30.1 php5-zlib-5.5.14-30.1 php5-zlib-debuginfo-5.5.14-30.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-30.1 References: https://www.suse.com/security/cve/CVE-2015-3411.html https://www.suse.com/security/cve/CVE-2015-3412.html https://www.suse.com/security/cve/CVE-2015-4021.html https://www.suse.com/security/cve/CVE-2015-4022.html https://www.suse.com/security/cve/CVE-2015-4024.html https://www.suse.com/security/cve/CVE-2015-4026.html https://www.suse.com/security/cve/CVE-2015-4148.html https://www.suse.com/security/cve/CVE-2015-4598.html https://www.suse.com/security/cve/CVE-2015-4599.html https://www.suse.com/security/cve/CVE-2015-4600.html https://www.suse.com/security/cve/CVE-2015-4601.html https://www.suse.com/security/cve/CVE-2015-4602.html https://www.suse.com/security/cve/CVE-2015-4603.html https://www.suse.com/security/cve/CVE-2015-4643.html https://www.suse.com/security/cve/CVE-2015-4644.html https://bugzilla.suse.com/919080 https://bugzilla.suse.com/927147 https://bugzilla.suse.com/931421 https://bugzilla.suse.com/931769 https://bugzilla.suse.com/931772 https://bugzilla.suse.com/931776 https://bugzilla.suse.com/933227 https://bugzilla.suse.com/935224 https://bugzilla.suse.com/935226 https://bugzilla.suse.com/935227 https://bugzilla.suse.com/935232 https://bugzilla.suse.com/935234 https://bugzilla.suse.com/935274 https://bugzilla.suse.com/935275 From sle-updates at lists.suse.com Fri Jul 17 03:10:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2015 11:10:59 +0200 (CEST) Subject: SUSE-SU-2015:1255-1: critical: Security update for flash-player Message-ID: <20150717091059.50CC3320A5@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1255-1 Rating: critical References: #937752 Cross-References: CVE-2015-5122 CVE-2015-5123 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: flash-player was updated to fix two security issues. These security issues were fixed: - CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function (bsc#937752). - CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property (bsc#937752). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-323=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-323=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (i586 x86_64): flash-player-11.2.202.491-96.1 flash-player-gnome-11.2.202.491-96.1 - SUSE Linux Enterprise Desktop 12 (i586 x86_64): flash-player-11.2.202.491-96.1 flash-player-gnome-11.2.202.491-96.1 References: https://www.suse.com/security/cve/CVE-2015-5122.html https://www.suse.com/security/cve/CVE-2015-5123.html https://bugzilla.suse.com/937752 From sle-updates at lists.suse.com Fri Jul 17 04:08:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2015 12:08:20 +0200 (CEST) Subject: SUSE-RU-2015:1257-1: moderate: Recommended update for yast2-firstboot Message-ID: <20150717100820.04FEE320B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-firstboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1257-1 Rating: moderate References: #802822 #895359 #904527 #911952 #924278 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for yast2-firstboot provides the following fixes: - Force mode "installation" for firstboot to always use the correct workflow. (bsc#924278) - Fix the step for host name configuration. (bsc#911952, bsc#802822) - Add missing module for DHCP. (bsc#895359, bsc#904527) - Fix errors in keyboard and language configuration. (bsc#904527) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-325=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-325=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): yast2-firstboot-3.1.5.2-8.3 - SUSE Linux Enterprise Desktop 12 (noarch): yast2-firstboot-3.1.5.2-8.3 References: https://bugzilla.suse.com/802822 https://bugzilla.suse.com/895359 https://bugzilla.suse.com/904527 https://bugzilla.suse.com/911952 https://bugzilla.suse.com/924278 From sle-updates at lists.suse.com Fri Jul 17 04:09:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2015 12:09:43 +0200 (CEST) Subject: SUSE-SU-2015:1258-1: critical: Security update for flash-player Message-ID: <20150717100943.C0A3D320B3@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1258-1 Rating: critical References: #937752 Cross-References: CVE-2015-5122 CVE-2015-5123 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: flash-player was updated to fix two security issues. These security issues were fixed: - CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function (bsc#937752). - CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property (bsc#937752). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12002=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-12002=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.491-0.11.1 flash-player-gnome-11.2.202.491-0.11.1 flash-player-kde4-11.2.202.491-0.11.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.491-0.11.1 flash-player-gnome-11.2.202.491-0.11.1 flash-player-kde4-11.2.202.491-0.11.1 References: https://www.suse.com/security/cve/CVE-2015-5122.html https://www.suse.com/security/cve/CVE-2015-5123.html https://bugzilla.suse.com/937752 From sle-updates at lists.suse.com Fri Jul 17 10:08:03 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2015 18:08:03 +0200 (CEST) Subject: SUSE-SU-2015:1264-1: moderate: Security update for postgresql93 Message-ID: <20150717160803.24CD5320A5@maintenance.suse.de> SUSE Security Update: Security update for postgresql93 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1264-1 Rating: moderate References: #931972 #931973 #931974 Cross-References: CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: PostgreSQL was updated to the security and bugfix release 9.3.8 including 9.3.7. Security issues fixed: * CVE-2015-3165, bsc#931972: Avoid possible crash when client disconnects just before the authentication timeout expires. * CVE-2015-3166, bsc#931973: Consistently check for failure of the printf() family of functions. * CVE-2015-3167, bsc#931974: In contrib/pgcrypto, uniformly report decryption failures as "Wrong key or corrupt data" Bugs fixed: * Protect against wraparound of multixact member IDs. * Avoid failures while fsync'ing data directory during crash restart. * Fix pg_get_functiondef() to show functions' LEAKPROOF property, if set. * Allow libpq to use TLS protocol versions beyond v1. - For the full release notes, see the following two URLs http://www.postgresql.org/docs/9.3/static/release-9-3-8.html http://www.postgresql.org/docs/9.3/static/release-9-3-7.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-328=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-328=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-328=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): postgresql93-devel-9.3.8-8.1 postgresql93-devel-debuginfo-9.3.8-8.1 postgresql93-libs-debugsource-9.3.8-8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libecpg6-9.3.8-8.1 libecpg6-debuginfo-9.3.8-8.1 libpq5-9.3.8-8.1 libpq5-debuginfo-9.3.8-8.1 postgresql93-9.3.8-8.1 postgresql93-contrib-9.3.8-8.1 postgresql93-contrib-debuginfo-9.3.8-8.1 postgresql93-debuginfo-9.3.8-8.1 postgresql93-debugsource-9.3.8-8.1 postgresql93-libs-debugsource-9.3.8-8.1 postgresql93-server-9.3.8-8.1 postgresql93-server-debuginfo-9.3.8-8.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libpq5-32bit-9.3.8-8.1 libpq5-debuginfo-32bit-9.3.8-8.1 - SUSE Linux Enterprise Server 12 (noarch): postgresql93-docs-9.3.8-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libecpg6-9.3.8-8.1 libecpg6-debuginfo-9.3.8-8.1 libpq5-32bit-9.3.8-8.1 libpq5-9.3.8-8.1 libpq5-debuginfo-32bit-9.3.8-8.1 libpq5-debuginfo-9.3.8-8.1 postgresql93-9.3.8-8.1 postgresql93-debuginfo-9.3.8-8.1 postgresql93-debugsource-9.3.8-8.1 postgresql93-libs-debugsource-9.3.8-8.1 References: https://www.suse.com/security/cve/CVE-2015-3165.html https://www.suse.com/security/cve/CVE-2015-3166.html https://www.suse.com/security/cve/CVE-2015-3167.html https://bugzilla.suse.com/931972 https://bugzilla.suse.com/931973 https://bugzilla.suse.com/931974 From sle-updates at lists.suse.com Fri Jul 17 12:09:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jul 2015 20:09:40 +0200 (CEST) Subject: SUSE-SU-2015:1265-1: important: Security update for PHP Message-ID: <20150717180940.8259C320A5@maintenance.suse.de> SUSE Security Update: Security update for PHP ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1265-1 Rating: important References: #919080 #933227 #935074 #935224 #935226 #935227 #935232 #935234 #935274 #935275 Cross-References: CVE-2015-3411 CVE-2015-3412 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: The PHP script interpreter was updated to fix various security issues: * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. * CVE-2015-4148 [bnc#933227]: Fixed a SoapClient's do_soap_call() type confusion after unserialize() information disclosure. Also the following bug were fixed: * fix a segmentation fault in odbc_fetch_array [bnc#935074] * fix timezone map [bnc#919080] Security Issues: * CVE-2015-3411 * CVE-2015-3412 * CVE-2015-4148 * CVE-2015-4598 * CVE-2015-4599 * CVE-2015-4600 * CVE-2015-4601 * CVE-2015-4602 * CVE-2015-4603 * CVE-2015-4643 * CVE-2015-4644 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-apache2-mod_php53=10811 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-apache2-mod_php53=10811 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-apache2-mod_php53=10811 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-0.43.1 php53-imap-5.3.17-0.43.1 php53-posix-5.3.17-0.43.1 php53-readline-5.3.17-0.43.1 php53-sockets-5.3.17-0.43.1 php53-sqlite-5.3.17-0.43.1 php53-tidy-5.3.17-0.43.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): apache2-mod_php53-5.3.17-0.43.1 php53-5.3.17-0.43.1 php53-bcmath-5.3.17-0.43.1 php53-bz2-5.3.17-0.43.1 php53-calendar-5.3.17-0.43.1 php53-ctype-5.3.17-0.43.1 php53-curl-5.3.17-0.43.1 php53-dba-5.3.17-0.43.1 php53-dom-5.3.17-0.43.1 php53-exif-5.3.17-0.43.1 php53-fastcgi-5.3.17-0.43.1 php53-fileinfo-5.3.17-0.43.1 php53-ftp-5.3.17-0.43.1 php53-gd-5.3.17-0.43.1 php53-gettext-5.3.17-0.43.1 php53-gmp-5.3.17-0.43.1 php53-iconv-5.3.17-0.43.1 php53-intl-5.3.17-0.43.1 php53-json-5.3.17-0.43.1 php53-ldap-5.3.17-0.43.1 php53-mbstring-5.3.17-0.43.1 php53-mcrypt-5.3.17-0.43.1 php53-mysql-5.3.17-0.43.1 php53-odbc-5.3.17-0.43.1 php53-openssl-5.3.17-0.43.1 php53-pcntl-5.3.17-0.43.1 php53-pdo-5.3.17-0.43.1 php53-pear-5.3.17-0.43.1 php53-pgsql-5.3.17-0.43.1 php53-pspell-5.3.17-0.43.1 php53-shmop-5.3.17-0.43.1 php53-snmp-5.3.17-0.43.1 php53-soap-5.3.17-0.43.1 php53-suhosin-5.3.17-0.43.1 php53-sysvmsg-5.3.17-0.43.1 php53-sysvsem-5.3.17-0.43.1 php53-sysvshm-5.3.17-0.43.1 php53-tokenizer-5.3.17-0.43.1 php53-wddx-5.3.17-0.43.1 php53-xmlreader-5.3.17-0.43.1 php53-xmlrpc-5.3.17-0.43.1 php53-xmlwriter-5.3.17-0.43.1 php53-xsl-5.3.17-0.43.1 php53-zip-5.3.17-0.43.1 php53-zlib-5.3.17-0.43.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-0.43.1 php53-5.3.17-0.43.1 php53-bcmath-5.3.17-0.43.1 php53-bz2-5.3.17-0.43.1 php53-calendar-5.3.17-0.43.1 php53-ctype-5.3.17-0.43.1 php53-curl-5.3.17-0.43.1 php53-dba-5.3.17-0.43.1 php53-dom-5.3.17-0.43.1 php53-exif-5.3.17-0.43.1 php53-fastcgi-5.3.17-0.43.1 php53-fileinfo-5.3.17-0.43.1 php53-ftp-5.3.17-0.43.1 php53-gd-5.3.17-0.43.1 php53-gettext-5.3.17-0.43.1 php53-gmp-5.3.17-0.43.1 php53-iconv-5.3.17-0.43.1 php53-intl-5.3.17-0.43.1 php53-json-5.3.17-0.43.1 php53-ldap-5.3.17-0.43.1 php53-mbstring-5.3.17-0.43.1 php53-mcrypt-5.3.17-0.43.1 php53-mysql-5.3.17-0.43.1 php53-odbc-5.3.17-0.43.1 php53-openssl-5.3.17-0.43.1 php53-pcntl-5.3.17-0.43.1 php53-pdo-5.3.17-0.43.1 php53-pear-5.3.17-0.43.1 php53-pgsql-5.3.17-0.43.1 php53-pspell-5.3.17-0.43.1 php53-shmop-5.3.17-0.43.1 php53-snmp-5.3.17-0.43.1 php53-soap-5.3.17-0.43.1 php53-suhosin-5.3.17-0.43.1 php53-sysvmsg-5.3.17-0.43.1 php53-sysvsem-5.3.17-0.43.1 php53-sysvshm-5.3.17-0.43.1 php53-tokenizer-5.3.17-0.43.1 php53-wddx-5.3.17-0.43.1 php53-xmlreader-5.3.17-0.43.1 php53-xmlrpc-5.3.17-0.43.1 php53-xmlwriter-5.3.17-0.43.1 php53-xsl-5.3.17-0.43.1 php53-zip-5.3.17-0.43.1 php53-zlib-5.3.17-0.43.1 References: https://www.suse.com/security/cve/CVE-2015-3411.html https://www.suse.com/security/cve/CVE-2015-3412.html https://www.suse.com/security/cve/CVE-2015-4148.html https://www.suse.com/security/cve/CVE-2015-4598.html https://www.suse.com/security/cve/CVE-2015-4599.html https://www.suse.com/security/cve/CVE-2015-4600.html https://www.suse.com/security/cve/CVE-2015-4601.html https://www.suse.com/security/cve/CVE-2015-4602.html https://www.suse.com/security/cve/CVE-2015-4603.html https://www.suse.com/security/cve/CVE-2015-4643.html https://www.suse.com/security/cve/CVE-2015-4644.html https://bugzilla.suse.com/919080 https://bugzilla.suse.com/933227 https://bugzilla.suse.com/935074 https://bugzilla.suse.com/935224 https://bugzilla.suse.com/935226 https://bugzilla.suse.com/935227 https://bugzilla.suse.com/935232 https://bugzilla.suse.com/935234 https://bugzilla.suse.com/935274 https://bugzilla.suse.com/935275 https://download.suse.com/patch/finder/?keywords=81cfeb3c78f7d93b7833bcf7ec9abc68 From sle-updates at lists.suse.com Mon Jul 20 03:08:16 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2015 11:08:16 +0200 (CEST) Subject: SUSE-SU-2015:1268-1: important: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss Message-ID: <20150720090816.B9733320B3@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1268-1 Rating: important References: #908275 #935033 #935979 Cross-References: CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed: - bsc#908275: Firefox did not print in landscape orientation. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-201507-12001=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (ia64 ppc64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-x86-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-x86-4.10.8-0.5.1 mozilla-nss-x86-3.19.2_CKBI_1.98-0.10.1 References: https://www.suse.com/security/cve/CVE-2015-2721.html https://www.suse.com/security/cve/CVE-2015-2722.html https://www.suse.com/security/cve/CVE-2015-2724.html https://www.suse.com/security/cve/CVE-2015-2725.html https://www.suse.com/security/cve/CVE-2015-2726.html https://www.suse.com/security/cve/CVE-2015-2728.html https://www.suse.com/security/cve/CVE-2015-2730.html https://www.suse.com/security/cve/CVE-2015-2733.html https://www.suse.com/security/cve/CVE-2015-2734.html https://www.suse.com/security/cve/CVE-2015-2735.html https://www.suse.com/security/cve/CVE-2015-2736.html https://www.suse.com/security/cve/CVE-2015-2737.html https://www.suse.com/security/cve/CVE-2015-2738.html https://www.suse.com/security/cve/CVE-2015-2739.html https://www.suse.com/security/cve/CVE-2015-2740.html https://www.suse.com/security/cve/CVE-2015-2743.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/908275 https://bugzilla.suse.com/935033 https://bugzilla.suse.com/935979 From sle-updates at lists.suse.com Mon Jul 20 04:08:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2015 12:08:36 +0200 (CEST) Subject: SUSE-SU-2015:1269-1: important: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss Message-ID: <20150720100836.B2CAA320A5@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1269-1 Rating: important References: #856315 #935033 #935979 Cross-References: CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-330=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-330=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-330=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-31.8.0esr-37.3 MozillaFirefox-debugsource-31.8.0esr-37.3 MozillaFirefox-devel-31.8.0esr-37.3 mozilla-nspr-debuginfo-4.10.8-3.1 mozilla-nspr-debugsource-4.10.8-3.1 mozilla-nspr-devel-4.10.8-3.1 mozilla-nss-debuginfo-3.19.2_CKBI_1.98-21.1 mozilla-nss-debugsource-3.19.2_CKBI_1.98-21.1 mozilla-nss-devel-3.19.2_CKBI_1.98-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-31.8.0esr-37.3 MozillaFirefox-debuginfo-31.8.0esr-37.3 MozillaFirefox-debugsource-31.8.0esr-37.3 MozillaFirefox-translations-31.8.0esr-37.3 libfreebl3-3.19.2_CKBI_1.98-21.1 libfreebl3-debuginfo-3.19.2_CKBI_1.98-21.1 libfreebl3-hmac-3.19.2_CKBI_1.98-21.1 libsoftokn3-3.19.2_CKBI_1.98-21.1 libsoftokn3-debuginfo-3.19.2_CKBI_1.98-21.1 libsoftokn3-hmac-3.19.2_CKBI_1.98-21.1 mozilla-nspr-4.10.8-3.1 mozilla-nspr-debuginfo-4.10.8-3.1 mozilla-nspr-debugsource-4.10.8-3.1 mozilla-nss-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-debuginfo-3.19.2_CKBI_1.98-21.1 mozilla-nss-debuginfo-3.19.2_CKBI_1.98-21.1 mozilla-nss-debugsource-3.19.2_CKBI_1.98-21.1 mozilla-nss-tools-3.19.2_CKBI_1.98-21.1 mozilla-nss-tools-debuginfo-3.19.2_CKBI_1.98-21.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-21.1 libfreebl3-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 libfreebl3-hmac-32bit-3.19.2_CKBI_1.98-21.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-21.1 libsoftokn3-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 libsoftokn3-hmac-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nspr-32bit-4.10.8-3.1 mozilla-nspr-debuginfo-32bit-4.10.8-3.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-31.8.0esr-37.3 MozillaFirefox-debuginfo-31.8.0esr-37.3 MozillaFirefox-debugsource-31.8.0esr-37.3 MozillaFirefox-translations-31.8.0esr-37.3 libfreebl3-3.19.2_CKBI_1.98-21.1 libfreebl3-32bit-3.19.2_CKBI_1.98-21.1 libfreebl3-debuginfo-3.19.2_CKBI_1.98-21.1 libfreebl3-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 libsoftokn3-3.19.2_CKBI_1.98-21.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-21.1 libsoftokn3-debuginfo-3.19.2_CKBI_1.98-21.1 libsoftokn3-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nspr-32bit-4.10.8-3.1 mozilla-nspr-4.10.8-3.1 mozilla-nspr-debuginfo-32bit-4.10.8-3.1 mozilla-nspr-debuginfo-4.10.8-3.1 mozilla-nspr-debugsource-4.10.8-3.1 mozilla-nss-3.19.2_CKBI_1.98-21.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-debuginfo-3.19.2_CKBI_1.98-21.1 mozilla-nss-certs-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-debuginfo-3.19.2_CKBI_1.98-21.1 mozilla-nss-debuginfo-32bit-3.19.2_CKBI_1.98-21.1 mozilla-nss-debugsource-3.19.2_CKBI_1.98-21.1 mozilla-nss-tools-3.19.2_CKBI_1.98-21.1 mozilla-nss-tools-debuginfo-3.19.2_CKBI_1.98-21.1 References: https://www.suse.com/security/cve/CVE-2015-2721.html https://www.suse.com/security/cve/CVE-2015-2722.html https://www.suse.com/security/cve/CVE-2015-2724.html https://www.suse.com/security/cve/CVE-2015-2725.html https://www.suse.com/security/cve/CVE-2015-2726.html https://www.suse.com/security/cve/CVE-2015-2728.html https://www.suse.com/security/cve/CVE-2015-2730.html https://www.suse.com/security/cve/CVE-2015-2733.html https://www.suse.com/security/cve/CVE-2015-2734.html https://www.suse.com/security/cve/CVE-2015-2735.html https://www.suse.com/security/cve/CVE-2015-2736.html https://www.suse.com/security/cve/CVE-2015-2737.html https://www.suse.com/security/cve/CVE-2015-2738.html https://www.suse.com/security/cve/CVE-2015-2739.html https://www.suse.com/security/cve/CVE-2015-2740.html https://www.suse.com/security/cve/CVE-2015-2743.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/856315 https://bugzilla.suse.com/935033 https://bugzilla.suse.com/935979 From sle-updates at lists.suse.com Mon Jul 20 04:09:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2015 12:09:42 +0200 (CEST) Subject: SUSE-SU-2015:1268-2: important: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss Message-ID: <20150720100942.2A2DB320B3@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1268-2 Rating: important References: #908275 #935033 #935979 Cross-References: CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17 security issues. For more details please check the changelogs. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). - CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This non-security issue was fixed: - bsc#908275: Firefox did not print in landscape orientation. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-201507-12001=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-201507-12001=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-31.8.0esr-0.10.1 mozilla-nspr-devel-4.10.8-0.5.1 mozilla-nss-devel-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-31.8.0esr-0.10.1 mozilla-nspr-devel-4.10.8-0.5.1 mozilla-nss-devel-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP4 (s390x x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libfreebl3-x86-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-x86-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-x86-4.10.8-0.5.1 mozilla-nss-x86-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): MozillaFirefox-31.8.0esr-0.10.1 MozillaFirefox-translations-31.8.0esr-0.10.1 libfreebl3-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-4.10.8-0.5.1 mozilla-nss-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 mozilla-nspr-32bit-4.10.8-0.5.1 mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-31.8.0esr-0.10.1 MozillaFirefox-debugsource-31.8.0esr-0.10.1 mozilla-nspr-debuginfo-4.10.8-0.5.1 mozilla-nspr-debugsource-4.10.8-0.5.1 mozilla-nss-debuginfo-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-debugsource-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): mozilla-nspr-debuginfo-32bit-4.10.8-0.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): mozilla-nspr-debuginfo-x86-4.10.8-0.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-31.8.0esr-0.10.1 MozillaFirefox-debugsource-31.8.0esr-0.10.1 mozilla-nspr-debuginfo-4.10.8-0.5.1 mozilla-nspr-debugsource-4.10.8-0.5.1 mozilla-nss-debuginfo-3.19.2_CKBI_1.98-0.10.1 mozilla-nss-debugsource-3.19.2_CKBI_1.98-0.10.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x x86_64): mozilla-nspr-debuginfo-32bit-4.10.8-0.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): mozilla-nspr-debuginfo-x86-4.10.8-0.5.1 References: https://www.suse.com/security/cve/CVE-2015-2721.html https://www.suse.com/security/cve/CVE-2015-2722.html https://www.suse.com/security/cve/CVE-2015-2724.html https://www.suse.com/security/cve/CVE-2015-2725.html https://www.suse.com/security/cve/CVE-2015-2726.html https://www.suse.com/security/cve/CVE-2015-2728.html https://www.suse.com/security/cve/CVE-2015-2730.html https://www.suse.com/security/cve/CVE-2015-2733.html https://www.suse.com/security/cve/CVE-2015-2734.html https://www.suse.com/security/cve/CVE-2015-2735.html https://www.suse.com/security/cve/CVE-2015-2736.html https://www.suse.com/security/cve/CVE-2015-2737.html https://www.suse.com/security/cve/CVE-2015-2738.html https://www.suse.com/security/cve/CVE-2015-2739.html https://www.suse.com/security/cve/CVE-2015-2740.html https://www.suse.com/security/cve/CVE-2015-2743.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/908275 https://bugzilla.suse.com/935033 https://bugzilla.suse.com/935979 From sle-updates at lists.suse.com Mon Jul 20 07:08:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2015 15:08:24 +0200 (CEST) Subject: SUSE-RU-2015:1270-1: Recommended update for openstack-manila Message-ID: <20150720130824.1CE26320B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-manila ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1270-1 Rating: low References: #922001 #926549 #930850 Affected Products: SUSE Cloud 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openstack-manila provides the following stability fixes and improvements from the upstream OpenStack project: * Reflect real database field type in model to work with postgresql (bnc#922001). * Fix requires to allow older SQLAlchemy * Fix fields deleted in various DB-models for PostgreSQL compatibility (bnc#930850) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 5: zypper in -t patch sleclo50sp3-openstack-manila-0615=10741 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 5 (x86_64): openstack-manila-2014.2-0.11.1 openstack-manila-api-2014.2-0.11.1 openstack-manila-scheduler-2014.2-0.11.1 openstack-manila-share-2014.2-0.11.1 python-manila-2014.2-0.11.1 - SUSE Cloud 5 (noarch): openstack-manila-doc-2014.2-0.11.1 References: https://bugzilla.suse.com/922001 https://bugzilla.suse.com/926549 https://bugzilla.suse.com/930850 https://download.suse.com/patch/finder/?keywords=b0db36dc8f6dcfba297ba2b616eeeb63 From sle-updates at lists.suse.com Mon Jul 20 10:08:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jul 2015 18:08:44 +0200 (CEST) Subject: SUSE-RU-2015:1272-1: moderate: Recommended update for sles-manuals_en Message-ID: <20150720160845.00B99320B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sles-manuals_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1272-1 Rating: moderate References: #936211 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the following changes to the SLED manuals: - Document how to get packages from older SLE 11 SPs for SLE 11 SP4 (FATE#318262) - Make clear that the registration has to be re-entered for Add-Ons (bnc#936211) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sles-manuals_en-201507-12003=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-sles-manuals_en-201507-12003=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): sles-admin_en-pdf-11.4-0.33.1 sles-autoyast_en-pdf-11.4-0.33.1 sles-deployment_en-pdf-11.4-0.33.1 sles-hardening_en-pdf-11.4-0.33.1 sles-installquick_en-pdf-11.4-0.33.1 sles-kvm_en-pdf-11.4-0.33.1 sles-lxcquick_en-pdf-11.4-0.33.1 sles-manuals_en-11.4-0.33.1 sles-security_en-pdf-11.4-0.33.1 sles-storage_en-pdf-11.4-0.33.1 sles-tuning_en-pdf-11.4-0.33.1 sles-xen_en-pdf-11.4-0.33.1 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): sle-apparmor-quick_en-pdf-11.4-0.33.1 sle-audit-quick_en-pdf-11.4-0.33.1 sles-kvm_en-pdf-11.4-0.33.1 References: https://bugzilla.suse.com/936211 From sle-updates at lists.suse.com Tue Jul 21 08:08:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2015 16:08:22 +0200 (CEST) Subject: SUSE-SU-2015:1273-1: important: Security update for mariadb Message-ID: <20150721140822.E89B7320A5@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1273-1 Rating: important References: #906574 #919053 #919062 #920865 #920896 #921333 #924663 #924960 #924961 #934789 #936407 #936408 #936409 Cross-References: CVE-2014-8964 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has one errata is now available. Description: This update fixes the following security issues: * Logjam attack: mysql uses 512 bit dh groups in SSL [bnc#934789] * CVE-2015-3152: mysql --ssl does not enforce SSL [bnc#924663] * CVE-2014-8964: heap buffer overflow [bnc#906574] * CVE-2015-2325: heap buffer overflow in compile_branch() [bnc#924960] * CVE-2015-2326: heap buffer overflow in pcre_compile2() [bnc#924961] * CVE-2015-0501: unspecified vulnerability related to Server:Compiling (CPU April 2015) * CVE-2015-2571: unspecified vulnerability related to Server:Optimizer (CPU April 2015) * CVE-2015-0505: unspecified vulnerability related to Server:DDL (CPU April 2015) * CVE-2015-0499: unspecified vulnerability related to Server:Federated (CPU April 2015) * CVE-2015-2568: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015) * CVE-2015-2573: unspecified vulnerability related to Server:DDL (CPU April 2015) * CVE-2015-0433: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015) * CVE-2015-0441: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-332=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-332=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-332=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-332=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libmysqlclient_r18-10.0.20-18.1 libmysqlclient_r18-32bit-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.20-18.1 libmysqlclient_r18-10.0.20-18.1 libmysqld-devel-10.0.20-18.1 libmysqld18-10.0.20-18.1 libmysqld18-debuginfo-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libmysqlclient18-10.0.20-18.1 libmysqlclient18-debuginfo-10.0.20-18.1 mariadb-10.0.20-18.1 mariadb-client-10.0.20-18.1 mariadb-client-debuginfo-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 mariadb-errormessages-10.0.20-18.1 mariadb-tools-10.0.20-18.1 mariadb-tools-debuginfo-10.0.20-18.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libmysqlclient18-32bit-10.0.20-18.1 libmysqlclient18-debuginfo-32bit-10.0.20-18.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libmysqlclient18-10.0.20-18.1 libmysqlclient18-32bit-10.0.20-18.1 libmysqlclient18-debuginfo-10.0.20-18.1 libmysqlclient18-debuginfo-32bit-10.0.20-18.1 libmysqlclient_r18-10.0.20-18.1 libmysqlclient_r18-32bit-10.0.20-18.1 mariadb-10.0.20-18.1 mariadb-client-10.0.20-18.1 mariadb-client-debuginfo-10.0.20-18.1 mariadb-debuginfo-10.0.20-18.1 mariadb-debugsource-10.0.20-18.1 mariadb-errormessages-10.0.20-18.1 References: https://www.suse.com/security/cve/CVE-2014-8964.html https://www.suse.com/security/cve/CVE-2015-0433.html https://www.suse.com/security/cve/CVE-2015-0441.html https://www.suse.com/security/cve/CVE-2015-0499.html https://www.suse.com/security/cve/CVE-2015-0501.html https://www.suse.com/security/cve/CVE-2015-0505.html https://www.suse.com/security/cve/CVE-2015-2325.html https://www.suse.com/security/cve/CVE-2015-2326.html https://www.suse.com/security/cve/CVE-2015-2568.html https://www.suse.com/security/cve/CVE-2015-2571.html https://www.suse.com/security/cve/CVE-2015-2573.html https://www.suse.com/security/cve/CVE-2015-3152.html https://bugzilla.suse.com/906574 https://bugzilla.suse.com/919053 https://bugzilla.suse.com/919062 https://bugzilla.suse.com/920865 https://bugzilla.suse.com/920896 https://bugzilla.suse.com/921333 https://bugzilla.suse.com/924663 https://bugzilla.suse.com/924960 https://bugzilla.suse.com/924961 https://bugzilla.suse.com/934789 https://bugzilla.suse.com/936407 https://bugzilla.suse.com/936408 https://bugzilla.suse.com/936409 From sle-updates at lists.suse.com Tue Jul 21 09:08:18 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jul 2015 17:08:18 +0200 (CEST) Subject: SUSE-OU-2015:1274-1: Initial release of docker-compose Message-ID: <20150721150818.B5E4C320B3@maintenance.suse.de> SUSE Optional Update: Initial release of docker-compose ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1274-1 Rating: low References: #937245 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds docker-compose to SUSE Linux Enterprise Containers Module 12. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-333=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (noarch): docker-compose-1.2.0-2.1 References: https://bugzilla.suse.com/937245 From sle-updates at lists.suse.com Wed Jul 22 03:08:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2015 11:08:23 +0200 (CEST) Subject: SUSE-RU-2015:1275-1: Recommended update for tcsh Message-ID: <20150722090823.84086320B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1275-1 Rating: low References: #901076 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tcsh fixes locking of .history files when multiple instances of the shell run simultaneously. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-334=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-334=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tcsh-6.18.01-7.4 tcsh-debuginfo-6.18.01-7.4 tcsh-debugsource-6.18.01-7.4 tcsh-lang-6.18.01-7.4 - SUSE Linux Enterprise Desktop 12 (x86_64): tcsh-6.18.01-7.4 tcsh-debuginfo-6.18.01-7.4 tcsh-debugsource-6.18.01-7.4 tcsh-lang-6.18.01-7.4 References: https://bugzilla.suse.com/901076 From sle-updates at lists.suse.com Wed Jul 22 05:08:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2015 13:08:27 +0200 (CEST) Subject: SUSE-SU-2015:1276-1: moderate: Security update for krb5 Message-ID: <20150722110827.982FE320B3@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1276-1 Rating: moderate References: #910457 #910458 #918595 #928978 Cross-References: CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2015-2694 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: krb5 was updated to fix four security issues. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). - CVE-2015-2694: OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass (bsc#928978). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-335=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-335=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): krb5-debuginfo-1.12.1-16.1 krb5-debugsource-1.12.1-16.1 krb5-devel-1.12.1-16.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): krb5-1.12.1-16.1 krb5-client-1.12.1-16.1 krb5-client-debuginfo-1.12.1-16.1 krb5-debuginfo-1.12.1-16.1 krb5-debugsource-1.12.1-16.1 krb5-doc-1.12.1-16.1 krb5-plugin-kdb-ldap-1.12.1-16.1 krb5-plugin-kdb-ldap-debuginfo-1.12.1-16.1 krb5-plugin-preauth-otp-1.12.1-16.1 krb5-plugin-preauth-otp-debuginfo-1.12.1-16.1 krb5-plugin-preauth-pkinit-1.12.1-16.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-16.1 krb5-server-1.12.1-16.1 krb5-server-debuginfo-1.12.1-16.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): krb5-32bit-1.12.1-16.1 krb5-debuginfo-32bit-1.12.1-16.1 References: https://www.suse.com/security/cve/CVE-2014-5353.html https://www.suse.com/security/cve/CVE-2014-5354.html https://www.suse.com/security/cve/CVE-2014-5355.html https://www.suse.com/security/cve/CVE-2015-2694.html https://bugzilla.suse.com/910457 https://bugzilla.suse.com/910458 https://bugzilla.suse.com/918595 https://bugzilla.suse.com/928978 From sle-updates at lists.suse.com Wed Jul 22 10:08:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jul 2015 18:08:22 +0200 (CEST) Subject: SUSE-SU-2015:1281-1: moderate: Security update for tomcat Message-ID: <20150722160822.3F449320A5@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1281-1 Rating: moderate References: #931442 Cross-References: CVE-2014-7810 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes the following security issue: - CVE-2014-7810: Security manager bypass via EL expression (bnc#931442) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-336=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): tomcat-7.0.55-8.2 tomcat-admin-webapps-7.0.55-8.2 tomcat-docs-webapp-7.0.55-8.2 tomcat-el-2_2-api-7.0.55-8.2 tomcat-javadoc-7.0.55-8.2 tomcat-jsp-2_2-api-7.0.55-8.2 tomcat-lib-7.0.55-8.2 tomcat-servlet-3_0-api-7.0.55-8.2 tomcat-webapps-7.0.55-8.2 References: https://www.suse.com/security/cve/CVE-2014-7810.html https://bugzilla.suse.com/931442 From sle-updates at lists.suse.com Thu Jul 23 10:09:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jul 2015 18:09:01 +0200 (CEST) Subject: SUSE-SU-2015:1282-1: moderate: Security update for krb5 Message-ID: <20150723160901.34E2927FF2@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1282-1 Rating: moderate References: #910457 #910458 #918595 Cross-References: CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: krb5 was updated to fix three security issues. Remote authenticated users could cause denial of service. These security issues were fixed: - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457). - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458). - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-krb5-201507-12004=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-krb5-201507-12004=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-krb5-201507-12004=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-krb5-201507-12004=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-krb5-201507-12004=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-krb5-201507-12004=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-krb5-201507-12004=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-krb5-201507-12004=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.68.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): krb5-server-1.6.3-133.49.68.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.68.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): krb5-server-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): krb5-1.6.3-133.49.68.1 krb5-apps-clients-1.6.3-133.49.68.1 krb5-apps-servers-1.6.3-133.49.68.1 krb5-client-1.6.3-133.49.68.1 krb5-plugin-kdb-ldap-1.6.3-133.49.68.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.68.1 krb5-server-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): krb5-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): krb5-doc-1.6.3-133.49.68.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.68.1 krb5-apps-clients-1.6.3-133.49.68.1 krb5-apps-servers-1.6.3-133.49.68.1 krb5-client-1.6.3-133.49.68.1 krb5-plugin-kdb-ldap-1.6.3-133.49.68.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.68.1 krb5-server-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): krb5-doc-1.6.3-133.49.68.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): krb5-x86-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.68.1 krb5-apps-clients-1.6.3-133.49.68.1 krb5-apps-servers-1.6.3-133.49.68.1 krb5-client-1.6.3-133.49.68.1 krb5-plugin-kdb-ldap-1.6.3-133.49.68.1 krb5-plugin-preauth-pkinit-1.6.3-133.49.68.1 krb5-server-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Server 11-SP3 (noarch): krb5-doc-1.6.3-133.49.68.2 - SUSE Linux Enterprise Server 11-SP3 (ia64): krb5-x86-1.6.3-133.49.68.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): krb5-1.6.3-133.49.68.1 krb5-client-1.6.3-133.49.68.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): krb5-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): krb5-1.6.3-133.49.68.1 krb5-client-1.6.3-133.49.68.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): krb5-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): krb5-debuginfo-1.6.3-133.49.68.1 krb5-debugsource-1.6.3-133.49.68.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x x86_64): krb5-debuginfo-32bit-1.6.3-133.49.68.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): krb5-debuginfo-x86-1.6.3-133.49.68.1 References: https://www.suse.com/security/cve/CVE-2014-5353.html https://www.suse.com/security/cve/CVE-2014-5354.html https://www.suse.com/security/cve/CVE-2014-5355.html https://bugzilla.suse.com/910457 https://bugzilla.suse.com/910458 https://bugzilla.suse.com/918595 From sle-updates at lists.suse.com Fri Jul 24 05:08:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2015 13:08:36 +0200 (CEST) Subject: SUSE-RU-2015:1283-1: Recommended update for supportutils-plugin-susecloud Message-ID: <20150724110836.488B8320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-susecloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1283-1 Rating: low References: #938416 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the following improvement for supportutils-plugin-susecloud: - Capture /var/chef/backup too Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-338=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): supportutils-plugin-susecloud-5.0.1426701846.5af3506-3.1 References: https://bugzilla.suse.com/938416 From sle-updates at lists.suse.com Fri Jul 24 05:08:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jul 2015 13:08:55 +0200 (CEST) Subject: SUSE-RU-2015:1284-1: Recommended update for supportutils-plugin-susecloud Message-ID: <20150724110855.C49BB320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-susecloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1284-1 Rating: low References: #938416 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This recommended update for supportutils-plugin-susecloud provides the following improvement: - Capture /var/chef/backup too Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-supportutils-plugin-susecloud-201507-12005=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): supportutils-plugin-susecloud-5.0.1426701846.5af3506-9.1 References: https://bugzilla.suse.com/938416 From sle-updates at lists.suse.com Mon Jul 27 09:08:34 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jul 2015 17:08:34 +0200 (CEST) Subject: SUSE-RU-2015:1297-1: Recommended update for xdm Message-ID: <20150727150834.6B1A8320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for xdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1297-1 Rating: low References: #934218 #938737 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xdm provides the following fixes: - We do have graphics on Power with KVM, so do not disable the X server in displaymanager's sysconfig. The README.SuSE file was renamed to README.SUSE. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-342=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-342=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xdm-1.1.10-44.1 xdm-debuginfo-1.1.10-44.1 xdm-debugsource-1.1.10-44.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xdm-1.1.10-44.1 xdm-debuginfo-1.1.10-44.1 xdm-debugsource-1.1.10-44.1 References: https://bugzilla.suse.com/934218 https://bugzilla.suse.com/938737 From sle-updates at lists.suse.com Mon Jul 27 10:08:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jul 2015 18:08:37 +0200 (CEST) Subject: SUSE-SU-2015:1298-1: moderate: Security update for python-setuptools Message-ID: <20150727160837.5F455320B3@maintenance.suse.de> SUSE Security Update: Security update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1298-1 Rating: moderate References: #930189 Cross-References: CVE-2013-7440 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Containers 12 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: the following issue was fixed by this update: Non-RFC6125-compliant host name matching was incorrect (CVE-2013-7440 bnc#930189) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-343=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-343=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-343=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-343=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-343=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-setuptools-1.1.7-7.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): python-setuptools-1.1.7-7.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-setuptools-1.1.7-7.1 - SUSE Linux Enterprise Module for Containers 12 (noarch): python-setuptools-1.1.7-7.1 - SUSE Enterprise Storage 1.0 (noarch): python-setuptools-1.1.7-7.1 References: https://www.suse.com/security/cve/CVE-2013-7440.html https://bugzilla.suse.com/930189 From sle-updates at lists.suse.com Mon Jul 27 11:08:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jul 2015 19:08:38 +0200 (CEST) Subject: SUSE-SU-2015:1299-1: important: Security update for xen Message-ID: <20150727170838.AC6FA320B3@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1299-1 Rating: important References: #925466 #935634 #938344 Cross-References: CVE-2015-3259 CVE-2015-5154 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: xen was updated to fix two security issues. These security issues were fixed: - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). This non-security issue was fixed: - Kdump did not work in a XEN environment (bsc#925466). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-12007=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-12007=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-xen-12007=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-12007=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.2_10-5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.2_10_3.0.101_63-5.1 xen-libs-4.4.2_10-5.1 xen-tools-domU-4.4.2_10-5.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.2_10-5.1 xen-doc-html-4.4.2_10-5.1 xen-libs-32bit-4.4.2_10-5.1 xen-tools-4.4.2_10-5.1 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.2_10_3.0.101_63-5.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): xen-kmp-default-4.4.2_10_3.0.101_63-5.1 xen-libs-4.4.2_10-5.1 xen-tools-domU-4.4.2_10-5.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): xen-4.4.2_10-5.1 xen-doc-html-4.4.2_10-5.1 xen-libs-32bit-4.4.2_10-5.1 xen-tools-4.4.2_10-5.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586): xen-kmp-pae-4.4.2_10_3.0.101_63-5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.2_10-5.1 xen-debugsource-4.4.2_10-5.1 References: https://www.suse.com/security/cve/CVE-2015-3259.html https://www.suse.com/security/cve/CVE-2015-5154.html https://bugzilla.suse.com/925466 https://bugzilla.suse.com/935634 https://bugzilla.suse.com/938344 From sle-updates at lists.suse.com Mon Jul 27 14:08:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jul 2015 22:08:21 +0200 (CEST) Subject: SUSE-SU-2015:1300-1: moderate: Security update for novnc Message-ID: <20150727200821.71171320B3@maintenance.suse.de> SUSE Security Update: Security update for novnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1300-1 Rating: moderate References: #922233 Cross-References: CVE-2013-7436 Affected Products: SUSE Cloud 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: novnc was updated to fix a session hijacking problem through insecurely set session token cookies (bnc#922233, CVE-2013-7436). Security Issues: * CVE-2013-7436 Contraindications: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 5: zypper in -t patch sleclo50sp3-novnc=10751 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 5 (x86_64): novnc-0.4-0.13.1 References: https://www.suse.com/security/cve/CVE-2013-7436.html https://bugzilla.suse.com/922233 https://download.suse.com/patch/finder/?keywords=06710141fb88765b2e1c8ede5db148e8 From sle-updates at lists.suse.com Tue Jul 28 03:09:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2015 11:09:20 +0200 (CEST) Subject: SUSE-SU-2015:1302-1: important: Security update for xen Message-ID: <20150728090920.7D9CE320B3@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1302-1 Rating: important References: #925466 #935256 #935634 #938344 Cross-References: CVE-2015-3259 CVE-2015-5154 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: xen was updated to fix two security issues. These security issues were fixed: - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). These non-security issues were fixed: - Restart of xencommons service did lead to loss of xenstore data (bsc#935256). - Kdump did not work in a XEN environment (bsc#925466). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-344=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-344=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-344=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): xen-debugsource-4.4.2_08-22.5.1 xen-devel-4.4.2_08-22.5.1 - SUSE Linux Enterprise Server 12 (x86_64): xen-4.4.2_08-22.5.1 xen-debugsource-4.4.2_08-22.5.1 xen-doc-html-4.4.2_08-22.5.1 xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1 xen-kmp-default-debuginfo-4.4.2_08_k3.12.43_52.6-22.5.1 xen-libs-32bit-4.4.2_08-22.5.1 xen-libs-4.4.2_08-22.5.1 xen-libs-debuginfo-32bit-4.4.2_08-22.5.1 xen-libs-debuginfo-4.4.2_08-22.5.1 xen-tools-4.4.2_08-22.5.1 xen-tools-debuginfo-4.4.2_08-22.5.1 xen-tools-domU-4.4.2_08-22.5.1 xen-tools-domU-debuginfo-4.4.2_08-22.5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xen-4.4.2_08-22.5.1 xen-debugsource-4.4.2_08-22.5.1 xen-kmp-default-4.4.2_08_k3.12.43_52.6-22.5.1 xen-kmp-default-debuginfo-4.4.2_08_k3.12.43_52.6-22.5.1 xen-libs-32bit-4.4.2_08-22.5.1 xen-libs-4.4.2_08-22.5.1 xen-libs-debuginfo-32bit-4.4.2_08-22.5.1 xen-libs-debuginfo-4.4.2_08-22.5.1 References: https://www.suse.com/security/cve/CVE-2015-3259.html https://www.suse.com/security/cve/CVE-2015-5154.html https://bugzilla.suse.com/925466 https://bugzilla.suse.com/935256 https://bugzilla.suse.com/935634 https://bugzilla.suse.com/938344 From sle-updates at lists.suse.com Tue Jul 28 05:08:29 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2015 13:08:29 +0200 (CEST) Subject: SUSE-RU-2015:1303-1: moderate: Recommended update for multipath-tools Message-ID: <20150728110829.E8C36320A5@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1303-1 Rating: moderate References: #903001 #908529 #909358 #917701 #917963 #920189 #921703 #922105 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - Only import ID_FS_XXX variables if not set. (bsc#909358) - Remove 'udev_sync' argument from dm_simplecmd (bsc#903001) - Add dependency on systemd-udevd.service. (bsc#903001) - Use ALUA for HP 3PAR. (bsc#922105) - Add DX8700 S3 and DX8900 S3 defaults. (bsc#921703) - Load all device handler modules on startup. (bsc#908529) - Make vpd page 0x80 optional in libmultipath. (bsc#917963) - Add HP MSA 2040 to the hardware table. (bsc#920189) - Revert 'Skip unhandled device types'. (bsc#917701) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-345=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-345=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-345=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): multipath-tools-debuginfo-0.5.0-40.1 multipath-tools-debugsource-0.5.0-40.1 multipath-tools-devel-0.5.0-40.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kpartx-0.5.0-40.1 kpartx-debuginfo-0.5.0-40.1 multipath-tools-0.5.0-40.1 multipath-tools-debuginfo-0.5.0-40.1 multipath-tools-debugsource-0.5.0-40.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kpartx-0.5.0-40.1 kpartx-debuginfo-0.5.0-40.1 multipath-tools-0.5.0-40.1 multipath-tools-debuginfo-0.5.0-40.1 multipath-tools-debugsource-0.5.0-40.1 References: https://bugzilla.suse.com/903001 https://bugzilla.suse.com/908529 https://bugzilla.suse.com/909358 https://bugzilla.suse.com/917701 https://bugzilla.suse.com/917963 https://bugzilla.suse.com/920189 https://bugzilla.suse.com/921703 https://bugzilla.suse.com/922105 From sle-updates at lists.suse.com Tue Jul 28 13:08:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2015 21:08:55 +0200 (CEST) Subject: SUSE-SU-2015:1304-1: important: Security update for bind Message-ID: <20150728190855.CB407320B2@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1304-1 Rating: important References: #939567 Cross-References: CVE-2015-5477 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-12008=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-bind-12008=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-bind-12008=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-12008=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-bind-12008=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-bind-12008=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-bind-12008=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-bind-12008=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-12008=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-12008=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64): bind-devel-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): bind-9.9.6P1-0.12.1 bind-chrootenv-9.9.6P1-0.12.1 bind-doc-9.9.6P1-0.12.1 bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.12.1 bind-chrootenv-9.9.6P1-0.12.1 bind-doc-9.9.6P1-0.12.1 bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.12.1 bind-chrootenv-9.9.6P1-0.12.1 bind-doc-9.9.6P1-0.12.1 bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): bind-libs-x86-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.12.1 bind-chrootenv-9.9.6P1-0.12.1 bind-devel-9.9.6P1-0.12.1 bind-doc-9.9.6P1-0.12.1 bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): bind-libs-9.9.6P1-0.12.1 bind-utils-9.9.6P1-0.12.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): bind-libs-32bit-9.9.6P1-0.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.12.1 bind-debugsource-9.9.6P1-0.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.12.1 bind-debugsource-9.9.6P1-0.12.1 References: https://www.suse.com/security/cve/CVE-2015-5477.html https://bugzilla.suse.com/939567 From sle-updates at lists.suse.com Tue Jul 28 13:09:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2015 21:09:25 +0200 (CEST) Subject: SUSE-SU-2015:1305-1: important: Security update for bind Message-ID: <20150728190925.F26BA320B4@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1305-1 Rating: important References: #939567 Cross-References: CVE-2015-5477 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-346=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-346=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-346=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bind-debuginfo-9.9.6P1-23.1 bind-debugsource-9.9.6P1-23.1 bind-devel-9.9.6P1-23.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bind-9.9.6P1-23.1 bind-chrootenv-9.9.6P1-23.1 bind-debuginfo-9.9.6P1-23.1 bind-debugsource-9.9.6P1-23.1 bind-libs-9.9.6P1-23.1 bind-libs-debuginfo-9.9.6P1-23.1 bind-utils-9.9.6P1-23.1 bind-utils-debuginfo-9.9.6P1-23.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): bind-libs-32bit-9.9.6P1-23.1 bind-libs-debuginfo-32bit-9.9.6P1-23.1 - SUSE Linux Enterprise Server 12 (noarch): bind-doc-9.9.6P1-23.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bind-debuginfo-9.9.6P1-23.1 bind-debugsource-9.9.6P1-23.1 bind-libs-32bit-9.9.6P1-23.1 bind-libs-9.9.6P1-23.1 bind-libs-debuginfo-32bit-9.9.6P1-23.1 bind-libs-debuginfo-9.9.6P1-23.1 bind-utils-9.9.6P1-23.1 bind-utils-debuginfo-9.9.6P1-23.1 References: https://www.suse.com/security/cve/CVE-2015-5477.html https://bugzilla.suse.com/939567 From sle-updates at lists.suse.com Tue Jul 28 13:09:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2015 21:09:46 +0200 (CEST) Subject: SUSE-RU-2015:1306-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20150728190946.4DA88320B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1306-1 Rating: moderate References: #869888 #895071 #895869 #926318 #929058 #931503 #931685 #934124 #934417 #935433 Affected Products: SUSE Manager Client Tools for SLE 11 SP3 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This collective update for SUSE Manager Client Tools provides fixes and new features. The following new features have been implemented: * Add support for the SSH push contact method to the API and spacecmd. (fate#314858) * Sign repository metadata generated on SUSE Manager. (fate#314603) The following issues have been fixed: osad: * Fix duplicate jabber ids. (bsc#869888, bsc#931685) rhnpush: * Fix --ca-chain option for rhnpush. (bsc#931503, bsc#895869) spacecmd: * Do not escape spacecmd command arguments. * Do not return one package multiple times. * Show contact method with activationkey_details and system_details. * Clone configuration files without loosing trailing new lines. (bsc#926318) spacewalk-client-tools: * Fix --ca-chain option for rhnpush. (bsc#931503, bsc#895869) zypp-plugin-spacewalk: * Check for package signatures when metadata is not signed. (fate#314603) Packages spacewalk-remote-utils and spacewalksd also received minor bug fixes. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for SLE 11 SP3: zypper in -t patch slesctsp3-client-tools-21-201506=10807 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Client Tools for SLE 11 SP3 (i586 ia64 ppc64 s390x x86_64): spacecmd-2.1.25.9-0.7.1 spacewalk-backend-libs-2.1.55.18-0.7.1 spacewalksd-5.0.14.8-0.7.1 zypp-plugin-spacewalk-0.9.9-0.7.1 - SUSE Manager Client Tools for SLE 11 SP3 (noarch): osad-5.11.33.9-0.7.1 rhnpush-5.5.71.8-0.7.2 spacewalk-check-2.1.16.8-0.7.1 spacewalk-client-setup-2.1.16.8-0.7.1 spacewalk-client-tools-2.1.16.8-0.7.1 spacewalk-remote-utils-2.1.3.10-0.7.1 References: https://bugzilla.suse.com/869888 https://bugzilla.suse.com/895071 https://bugzilla.suse.com/895869 https://bugzilla.suse.com/926318 https://bugzilla.suse.com/929058 https://bugzilla.suse.com/931503 https://bugzilla.suse.com/931685 https://bugzilla.suse.com/934124 https://bugzilla.suse.com/934417 https://bugzilla.suse.com/935433 https://download.suse.com/patch/finder/?keywords=63ea623ebc324e47615a545f4f2a2a9c From sle-updates at lists.suse.com Tue Jul 28 14:08:30 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2015 22:08:30 +0200 (CEST) Subject: SUSE-RU-2015:1307-1: moderate: Recommended update for SUSE Manager Proxy 2.1 Message-ID: <20150728200830.D6E37320B2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1307-1 Rating: moderate References: #869888 #895071 #895869 #918082 #922923 #926318 #929058 #930227 #931503 #931685 #934124 #934417 #935433 Affected Products: SUSE Manager Proxy ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. It includes 12 new package versions. Description: This collective update for SUSE Manager Proxy 2.1 provides fixes and new features. The following new features have been implemented: * Add support for the SSH push contact method to the API and spacecmd. (fate#314858) * Sign repository metadata generated on SUSE Manager. (fate#314603) The following issues have been fixed: osad: * Fix duplicate jabber ids. (bsc#869888, bsc#931685) rhnpush: * Fix --ca-chain option for rhnpush. (bsc#931503, bsc#895869) spacecmd: * Do not escape spacecmd command arguments. * Do not return one package multiple times. * Show contact method with activationkey_details and system_details. * Clone configuration files without loosing trailing new lines. (bsc#926318) spacewalk-backend: * Require pyliblzma to enable sync of EPEL repositories. (bsc#934417) * Detect SUSE Manager Tools channel. (bsc#935433) * Import RPMs which vendor is an empty string. (bsc#934124) * Set primary interface during registration. (bsc#929058) * Do not reset primary network interface at hardware refresh. (bsc#895071) spacewalk-certs-tools: * Write logfile for mgr-ssh-push-init to correct location. (bsc#918082) * Add arguments to import custom CA file and server key/certificate files with rhn-ssl-tool. spacewalk-client-tools: * Fix --ca-chain option for rhnpush. (bsc#931503, bsc#895869) spacewalk-proxy-html: * Add PGP keys also to SUSE Manager Proxy. (bsc#930227) spacewalk-proxy-installer: * Use new 'Bring your own certificate' feature and update documentation for configure-proxy.sh. spacewalk-proxy: * Disable WebUI redirecting. (bsc#922923) zypp-plugin-spacewalk: * Check for package signatures when metadata is not signed. Packages spacewalk-remote-utils and spacewalksd also received minor bug fixes. Package python-pyliblzma has been added to the product. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy: zypper in -t patch slemap21-suse-manager-proxy-21-201506=10808 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy (x86_64) [New Version: 0.9.9,2.1.25.9,2.1.55.18 and 5.0.14.8]: python-pyliblzma-0.5.3-0.7.1 spacecmd-2.1.25.9-0.7.1 spacewalk-backend-2.1.55.18-0.7.1 spacewalk-backend-libs-2.1.55.18-0.7.1 spacewalksd-5.0.14.8-0.7.1 zypp-plugin-spacewalk-0.9.9-0.7.1 - SUSE Manager Proxy (noarch) [New Version: 2.1.0.3,2.1.15.7,2.1.16.8,2.1.3.10,2.1.6.6,2.1.6.9,5.11.33.9 and 5.5.71.8]: osad-5.11.33.9-0.7.1 rhnpush-5.5.71.8-0.7.2 spacewalk-certs-tools-2.1.6.6-0.7.1 spacewalk-check-2.1.16.8-0.7.1 spacewalk-client-setup-2.1.16.8-0.7.1 spacewalk-client-tools-2.1.16.8-0.7.1 spacewalk-proxy-broker-2.1.15.7-0.7.1 spacewalk-proxy-common-2.1.15.7-0.7.1 spacewalk-proxy-html-2.1.0.3-0.7.1 spacewalk-proxy-installer-2.1.6.9-0.7.1 spacewalk-proxy-management-2.1.15.7-0.7.1 spacewalk-proxy-package-manager-2.1.15.7-0.7.1 spacewalk-proxy-redirect-2.1.15.7-0.7.1 spacewalk-remote-utils-2.1.3.10-0.7.1 References: https://bugzilla.suse.com/869888 https://bugzilla.suse.com/895071 https://bugzilla.suse.com/895869 https://bugzilla.suse.com/918082 https://bugzilla.suse.com/922923 https://bugzilla.suse.com/926318 https://bugzilla.suse.com/929058 https://bugzilla.suse.com/930227 https://bugzilla.suse.com/931503 https://bugzilla.suse.com/931685 https://bugzilla.suse.com/934124 https://bugzilla.suse.com/934417 https://bugzilla.suse.com/935433 https://download.suse.com/patch/finder/?keywords=5201c9a3aa8bc78d3f0a8a064385f826 From sle-updates at lists.suse.com Tue Jul 28 14:11:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2015 22:11:32 +0200 (CEST) Subject: SUSE-RU-2015:1308-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20150728201132.3E4FE320B2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1308-1 Rating: moderate References: #895869 #931503 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes three new package versions. Description: This collective update for SUSE Manager Client Tools provides fixes and new features. The following new feature has been implemented: * Sign the repository metadata generated on SUSE Manager. (fate#314603) The following issues have been fixed: spacewalk-client-tools: * Fix --ca-chain option for rhnpush. (bsc#931503, bsc#895869) zypp-plugin-spacewalk: * Check for package signatures when metadata is not signed. (fate#314603) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-client-tools-21-201506=10812 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-client-tools-21-201506=10812 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-client-tools-21-201506=10812 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 0.9.9 and 5.0.14.8]: spacewalksd-5.0.14.8-0.7.1 zypp-plugin-spacewalk-0.9.9-0.7.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 2.1.16.8]: spacewalk-check-2.1.16.8-0.7.1 spacewalk-client-setup-2.1.16.8-0.7.1 spacewalk-client-tools-2.1.16.8-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.9.9 and 5.0.14.8]: spacewalksd-5.0.14.8-0.7.1 zypp-plugin-spacewalk-0.9.9-0.7.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 2.1.16.8]: spacewalk-check-2.1.16.8-0.7.1 spacewalk-client-setup-2.1.16.8-0.7.1 spacewalk-client-tools-2.1.16.8-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 0.9.9 and 5.0.14.8]: spacewalksd-5.0.14.8-0.7.1 zypp-plugin-spacewalk-0.9.9-0.7.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 2.1.16.8]: spacewalk-check-2.1.16.8-0.7.1 spacewalk-client-setup-2.1.16.8-0.7.1 spacewalk-client-tools-2.1.16.8-0.7.1 References: https://bugzilla.suse.com/895869 https://bugzilla.suse.com/931503 https://download.suse.com/patch/finder/?keywords=91193b86683dea7d7663bdb4d2271864 From sle-updates at lists.suse.com Tue Jul 28 14:12:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2015 22:12:01 +0200 (CEST) Subject: SUSE-RU-2015:1309-1: Recommended update for SUSE_SLED-SP4-migration and sled-release Message-ID: <20150728201201.D8148320B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE_SLED-SP4-migration and sled-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1309-1 Rating: low References: #922590 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update prepares the system for a System Upgrade to SUSE Linux Enterprise Desktop 11 SP4. Please follow the technical instruction document for the information on how to upgrade your system to SUSE Linux Enterprise Desktop 11 SP4: http://www.novell.com/support/documentLink.do?externalID=7016711 Please have a look for more Information and Resources about SUSE Linux Enterprise Desktop 11 SP4 here: http://www.suse.com/promo/sle11sp4.html Indications: Enablement of Upgrade to SLE SDK 11 SP4. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-SDK-SP4-Migration=10845 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-SLES-SP4-Migration=10843 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-SLE-HA-SP4-Migration=10844 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-SLED-SP4-Migration=10842 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): sle-sdk-SP4-migration-11.3-1.8 sle-sdk-release-11.3-1.201 sle-sdk-release-SDK-11.3-1.201 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): SUSE_SLES-SP4-migration-11.3-1.4 sles-release-11.3-1.201 sles-release-DVD-11.3-1.201 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): sle-hae-SP4-migration-11.3-1.5 sle-hae-release-11.3-1.204 sle-hae-release-cd-11.3-1.204 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): SUSE_SLED-SP4-migration-11.3-1.4 sled-release-11.3-1.201 References: https://bugzilla.suse.com/922590 https://download.suse.com/patch/finder/?keywords=4f7670eec1d7b4a7aa52354ac9a9a399 https://download.suse.com/patch/finder/?keywords=9388c421f5d90c21c929b949c6a645af https://download.suse.com/patch/finder/?keywords=addbf158353c35c0873ee3bc1d66974d https://download.suse.com/patch/finder/?keywords=deac06767faf49ea0a1cdbfbfdbc632a From sle-updates at lists.suse.com Tue Jul 28 14:12:18 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jul 2015 22:12:18 +0200 (CEST) Subject: SUSE-RU-2015:1310-1: moderate: Recommended update for SUSE Manager Server 2.1 Message-ID: <20150728201218.AF199320B4@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1310-1 Rating: moderate References: #859645 #869888 #873203 #895071 #895869 #914606 #915122 #918082 #919722 #922525 #922923 #926146 #926234 #926318 #927940 #929058 #930686 #931503 #931685 #932052 #932652 #932845 #933275 #933587 #933675 #933942 #934124 #934417 #934957 #935433 Affected Products: SUSE Manager Server ______________________________________________________________________________ An update that has 30 recommended fixes can now be installed. It includes 17 new package versions. Description: This collective update for SUSE Manager Server 2.1 provides fixes and new features. The following new features have been implemented: * Add support for the SSH push contact method to the API and spacecmd. (fate#314858) * Sign repository metadata generated on SUSE Manager. (fate#314603) * Provide channels and upgrade paths for SLE 11 SP4 products. (fate#318261) The following issues have been fixed: osad: * Fix duplicate jabber ids. (bsc#869888, bsc#931685) rhnpush: * Fix --ca-chain option for rhnpush. (bsc#931503, bsc#895869) spacecmd: * Do not escape spacecmd command arguments. * Do not return one package multiple times. * Show contact method with activationkey_details and system_details. * Clone configuration files without loosing trailing new lines. (bsc#926318) spacewalk-postgresql: * Block upgrade to PostgreSQL 9.4 temporarily. spacewalk-backend: * Require pyliblzma to enable sync of EPEL repositories. (bsc#934417) * Detect SUSE Manager Tools channel. (bsc#935433) * Import RPMs which vendor is an empty string. (bsc#934124) * Set primary interface during registration. (bsc#929058) * Do not reset primary network interface at hardware refresh. (bsc#895071) spacewalk-branding: * Fix file input control alignment issue with form-control. (bsc#873203) spacewalk-certs-tools: * Write logfile for mgr-ssh-push-init to correct location. (bsc#918082) * Add arguments to import custom CA file and server key/certificate files with rhn-ssl-tool. spacewalk-client-tools: * Fix --ca-chain option for rhnpush. (bsc#931503, bsc#895869) spacewalk-java: * Avoid deadlock in CompareConfigFilesTask when rhn_channel.update_needed_cache is in progress. (bsc#932845) * Drop all product/channel relations before populating. (bsc#932052) * Replace keyword iterator to fix writing support information. (bsc#933675) * Revert "Java Eula database classes moved to Hibernate, fixes BLOB issue". (bsc#930686) * Do not remove tasks from the database during getCandidates(). (bsc#932052) * Force taskomatic to use UTF-8. (bsc#932652) * Fix file input control alignment issue with form-control. (bsc#873203) * Add SLE11-Public-Cloud-Module. (bsc#914606) * Change Activation Key Child Channels from select to checkboxes. (bsc#859645) * Fix NPEx when updating distribution and missing cobbler entry. (bsc#919722) * Fix broken icon in rhn/help/ForgotCredentials.do. (bsc#915122) * Return PATCHED if at least one patch is installed. (bsc#926146) spacewalk-reports: * Fix system-currency report. (bsc#934957) spacewalk-setup: * Configure Tomcat with maxThreads=200 and timeout 20 sec. (bsc#922923) supportutils-plugin-susemanager: * Check if configured connections are aligned. (bsc#922923) * Store spacewalk-debug.tar.gz in the supportconfig directory. * Write current service and repository configuration into supportconfig. susemanager-schema: * Fix rpm version compare in DB. (bsc#927940) susemanager: * Fix mgr-create-bootstrap-repo for SLES 11 SP3 ppc64. (bsc#933942) * Add SLES 12 for SAP to mgr_bootstrap_data. (bsc#933587) * Give taskomatic more time to start up. (bsc#933275) * Check for sufficient disk space during setup. (bsc#926234) zypp-plugin-spacewalk: * Check for package signatures when metadata is not signed. (fate#314603) Packages spacewalk, spacewalk-config, spacewalk-search and spacewalksd also received minor bug fixes. Package python-pyliblzma has been added to the product. How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema with spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server: zypper in -t patch sleman21-suse-manager-21-201506=10827 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server (s390x x86_64) [New Version: 0.9.9,2.1.19,2.1.25.9,2.1.33.12,2.1.55.18 and 5.0.14.8]: python-pyliblzma-0.5.3-0.7.2 spacecmd-2.1.25.9-0.7.2 spacewalk-backend-2.1.55.18-0.7.4 spacewalk-backend-app-2.1.55.18-0.7.4 spacewalk-backend-applet-2.1.55.18-0.7.4 spacewalk-backend-config-files-2.1.55.18-0.7.4 spacewalk-backend-config-files-common-2.1.55.18-0.7.4 spacewalk-backend-config-files-tool-2.1.55.18-0.7.4 spacewalk-backend-iss-2.1.55.18-0.7.4 spacewalk-backend-iss-export-2.1.55.18-0.7.4 spacewalk-backend-libs-2.1.55.18-0.7.4 spacewalk-backend-package-push-server-2.1.55.18-0.7.4 spacewalk-backend-server-2.1.55.18-0.7.4 spacewalk-backend-sql-2.1.55.18-0.7.4 spacewalk-backend-sql-oracle-2.1.55.18-0.7.4 spacewalk-backend-sql-postgresql-2.1.55.18-0.7.4 spacewalk-backend-tools-2.1.55.18-0.7.4 spacewalk-backend-xml-export-libs-2.1.55.18-0.7.4 spacewalk-backend-xmlrpc-2.1.55.18-0.7.4 spacewalk-branding-2.1.33.12-0.7.5 spacewalksd-5.0.14.8-0.7.4 susemanager-2.1.19-0.7.6 susemanager-tools-2.1.19-0.7.6 zypp-plugin-spacewalk-0.9.9-0.7.4 - SUSE Manager Server (noarch) [New Version: 1.0.4,2.1.14.12,2.1.14.7,2.1.14.9,2.1.16.8,2.1.165.18,2.1.5.6,2.1.50.13,2.1.6.6,5.11.33.9 and 5.5.71.8]: osa-dispatcher-5.11.33.9-0.7.4 rhnpush-5.5.71.8-0.7.5 spacewalk-certs-tools-2.1.6.6-0.7.4 spacewalk-check-2.1.16.8-0.7.2 spacewalk-client-setup-2.1.16.8-0.7.2 spacewalk-client-tools-2.1.16.8-0.7.2 spacewalk-common-2.1.0.5-0.7.1 spacewalk-config-2.1.5.6-0.7.5 spacewalk-java-2.1.165.18-0.7.7 spacewalk-java-config-2.1.165.18-0.7.7 spacewalk-java-lib-2.1.165.18-0.7.7 spacewalk-java-oracle-2.1.165.18-0.7.7 spacewalk-java-postgresql-2.1.165.18-0.7.7 spacewalk-oracle-2.1.0.5-0.7.1 spacewalk-postgresql-2.1.0.5-0.7.1 spacewalk-reports-2.1.14.9-0.7.4 spacewalk-search-2.1.14.7-0.7.4 spacewalk-setup-2.1.14.12-0.7.1 spacewalk-taskomatic-2.1.165.18-0.7.7 supportutils-plugin-susemanager-1.0.4-0.5.1 susemanager-schema-2.1.50.13-0.7.2 References: https://bugzilla.suse.com/859645 https://bugzilla.suse.com/869888 https://bugzilla.suse.com/873203 https://bugzilla.suse.com/895071 https://bugzilla.suse.com/895869 https://bugzilla.suse.com/914606 https://bugzilla.suse.com/915122 https://bugzilla.suse.com/918082 https://bugzilla.suse.com/919722 https://bugzilla.suse.com/922525 https://bugzilla.suse.com/922923 https://bugzilla.suse.com/926146 https://bugzilla.suse.com/926234 https://bugzilla.suse.com/926318 https://bugzilla.suse.com/927940 https://bugzilla.suse.com/929058 https://bugzilla.suse.com/930686 https://bugzilla.suse.com/931503 https://bugzilla.suse.com/931685 https://bugzilla.suse.com/932052 https://bugzilla.suse.com/932652 https://bugzilla.suse.com/932845 https://bugzilla.suse.com/933275 https://bugzilla.suse.com/933587 https://bugzilla.suse.com/933675 https://bugzilla.suse.com/933942 https://bugzilla.suse.com/934124 https://bugzilla.suse.com/934417 https://bugzilla.suse.com/934957 https://bugzilla.suse.com/935433 https://download.suse.com/patch/finder/?keywords=d4c840949d9b1e4b7163e23fc36e0636 From sle-updates at lists.suse.com Wed Jul 29 05:08:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2015 13:08:38 +0200 (CEST) Subject: SUSE-OU-2015:1312-1: Initial release of SUSE Manager Client Tools for SLE 11-SP4 Message-ID: <20150729110838.84188320B2@maintenance.suse.de> SUSE Optional Update: Initial release of SUSE Manager Client Tools for SLE 11-SP4 ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1312-1 Rating: low References: #931873 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides SUSE Manager Client Tools 2.1 for SUSE Linux Enterprise 11-SP4. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201507-12009=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.55.6 python-jabberpy-0.5-0.10.1 python-simplejson-2.1.1-1.9.1 rhnlib-2.5.69.7-0.8.1 spacecmd-2.1.25.9-0.8.1 spacewalk-backend-libs-2.1.55.18-0.8.1 spacewalksd-5.0.14.8-0.8.1 suseRegisterInfo-2.1.10-0.8.1 zypp-plugin-spacewalk-0.9.9-0.8.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): osad-5.11.33.9-0.8.1 rhn-custom-info-5.4.22.6-0.8.5 rhn-virtualization-common-5.4.50.5-0.8.5 rhn-virtualization-host-5.4.50.5-0.8.5 rhncfg-5.10.65.11-0.8.4 rhncfg-actions-5.10.65.11-0.8.4 rhncfg-client-5.10.65.11-0.8.4 rhncfg-management-5.10.65.11-0.8.4 rhnmd-5.3.18.4-0.8.1 rhnpush-5.5.71.8-0.8.2 spacewalk-check-2.1.16.8-0.8.1 spacewalk-client-setup-2.1.16.8-0.8.1 spacewalk-client-tools-2.1.16.8-0.8.1 spacewalk-koan-2.1.4.12-0.8.2 spacewalk-oscap-0.0.23.4-0.8.1 spacewalk-remote-utils-2.1.3.10-0.8.1 supportutils-plugin-susemanager-client-1.0.4-0.9.1 References: https://bugzilla.suse.com/931873 From sle-updates at lists.suse.com Wed Jul 29 07:08:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2015 15:08:45 +0200 (CEST) Subject: SUSE-RU-2015:1313-1: Recommended update for libguestfs Message-ID: <20150729130845.DF194320B2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libguestfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1313-1 Rating: low References: #900346 #900530 #906692 #908632 #916567 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libguestfs provides the following fixes: - Use 'zypper -n' to install packages. (bsc#916567) - Package guestfs_lvm_conf.aug. (bsc#908632) - Add isofs and other fs drivers. (bsc#906692) - Handle btrfs subvolume name '@' as used in SLE12. (bsc#900346) - Include gconv modules for hivex. (bsc#900530) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-349=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-349=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libguestfs-devel-1.26.9-2.8.1 ocaml-libguestfs-devel-1.26.9-2.8.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le x86_64): libguestfs-debugsource-1.26.9-2.8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): guestfs-data-1.26.9-2.8.1 guestfs-tools-1.26.9-2.8.1 guestfsd-1.26.9-2.8.1 libguestfs0-1.26.9-2.8.1 perl-Sys-Guestfs-1.26.9-2.8.1 - SUSE Linux Enterprise Server 12 (ppc64le x86_64): guestfs-tools-debuginfo-1.26.9-2.8.1 guestfsd-debuginfo-1.26.9-2.8.1 libguestfs-debugsource-1.26.9-2.8.1 libguestfs0-debuginfo-1.26.9-2.8.1 perl-Sys-Guestfs-debuginfo-1.26.9-2.8.1 References: https://bugzilla.suse.com/900346 https://bugzilla.suse.com/900530 https://bugzilla.suse.com/906692 https://bugzilla.suse.com/908632 https://bugzilla.suse.com/916567 From sle-updates at lists.suse.com Wed Jul 29 08:08:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jul 2015 16:08:45 +0200 (CEST) Subject: SUSE-RU-2015:1314-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20150729140845.0B32A320B2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1314-1 Rating: moderate References: #869888 #895869 #926318 #928304 #931503 #931685 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This collective update for SUSE Manager Client Tools provides fixes and new features. osad: - Fix duplicate jabber ids. (bsc#869888, bsc#931685) python-gudev: - Add requires on python-gobject2. (bsc#928304) rhnpush: - Fix --ca-chain option for rhnpush. (bsc#931503, bsc#895869) spacecmd: - Do not escape spacecmd command arguments. - Do not return one package multiple times. - Add system_setcontactmethod and activationkey_setcontactmethod (FATE#314858) - Show contact method with activationkey_details and system_details. - Clone configuration files without loosing trailing new lines. (bsc#926318) spacewalk-client-tools: - Fix --ca-chain option for rhnpush. (bsc#931503, bsc#895869) zypp-plugin-spacewalk: - Check for package signatures when metadata is not signed. (fate#314603) Packages spacewalk-backend-libs, spacewalk-remote-utils and spacewalksd also received minor bug fixes. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2015-350=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (ppc64le s390x x86_64): python-gudev-147.2-3.1 python-gudev-debuginfo-147.2-3.1 python-gudev-debugsource-147.2-3.1 spacewalksd-5.0.14.8-11.1 spacewalksd-debuginfo-5.0.14.8-11.1 spacewalksd-debugsource-5.0.14.8-11.1 zypp-plugin-spacewalk-0.9.9-9.1 - SUSE Manager Tools 12 (noarch): osad-5.11.33.9-17.1 rhnpush-5.5.71.8-8.1 spacecmd-2.1.25.9-8.1 spacewalk-backend-libs-2.1.55.18-17.1 spacewalk-check-2.1.16.8-15.1 spacewalk-client-setup-2.1.16.8-15.1 spacewalk-client-tools-2.1.16.8-15.1 spacewalk-remote-utils-2.1.3.10-14.1 References: https://bugzilla.suse.com/869888 https://bugzilla.suse.com/895869 https://bugzilla.suse.com/926318 https://bugzilla.suse.com/928304 https://bugzilla.suse.com/931503 https://bugzilla.suse.com/931685 From sle-updates at lists.suse.com Thu Jul 30 06:08:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2015 14:08:44 +0200 (CEST) Subject: SUSE-SU-2015:1316-1: important: Security update for bind Message-ID: <20150730120844.613C0320B2@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1316-1 Rating: important References: #939567 Cross-References: CVE-2015-5477 Affected Products: SUSE Linux Enterprise Server 11-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: bind was updated to fix one security issue. This security issue was fixed: - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP1-LTSS: zypper in -t patch slessp1-bind-12010=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 s390x x86_64): bind-9.6ESVR11W1-0.6.1 bind-chrootenv-9.6ESVR11W1-0.6.1 bind-devel-9.6ESVR11W1-0.6.1 bind-doc-9.6ESVR11W1-0.6.1 bind-libs-9.6ESVR11W1-0.6.1 bind-utils-9.6ESVR11W1-0.6.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (s390x x86_64): bind-libs-32bit-9.6ESVR11W1-0.6.1 References: https://www.suse.com/security/cve/CVE-2015-5477.html https://bugzilla.suse.com/939567 From sle-updates at lists.suse.com Thu Jul 30 08:08:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2015 16:08:51 +0200 (CEST) Subject: SUSE-RU-2015:1318-1: moderate: Recommended update for systemd Message-ID: <20150730140851.653DE320B2@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1318-1 Rating: moderate References: #906900 #909358 #919095 #920195 #921831 #921898 #921920 #926169 #927457 #928265 #931388 #932284 #933365 #933512 #934077 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 15 recommended fixes can now be installed. Description: This update for systemd provides the following fixes: - Support "locally administered" MAC address in persistent rules. (bsc#921831) - Avoid confusing warning messages. (bsc#928265) - Allow more concurrent connections to dbus. (bsc#920195) - Amend patch to fix stack overwrite when using struct rand_pool_info. (bsc#926169) - Adds kernel commandline options 'mount.timeout' and 'rd.timeout' for allowing to modify the default device timeout. (bsc#909358) - Correct systemd-sleep-grub return code. (bsc#919095) - Fix systemd --test option. (bsc#921920) - Fix a race condition where systemd could unmount devices known by sysfs but not by udev. (bsc#921898) - Add examples of how to allow units to be enabled and how to overwrite vendor settings to the systemd.unit man page. (bsc#927457) - Return an error code if "systemctl status" fails. (bsc#931388) - Don't drop bus_name_good and cgroup_realized on daemon-reload. (bsc#933365, bsc#934077) - Respect DefaultTimeoutStopSec in systemd unit files. (bsc#933512) - DBUS serialization has been made more stable. - Let bus connection survive a daemon reload as well as let services track clients which reference certain objects they maintain. This solve the problem that e.g. the sd-pam processes become not closed together with closing an ssh connection after a daemon reload. - Ensure processes started using su(1) by sysv scripts are not stopped early on shutdown. (bsc#906900, bsc#932284) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-354=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-354=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-354=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libgudev-1_0-devel-210-68.2 libudev-devel-210-68.2 systemd-debuginfo-210-68.2 systemd-debugsource-210-68.2 systemd-devel-210-68.2 typelib-1_0-GUdev-1_0-210-68.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libgudev-1_0-0-210-68.2 libgudev-1_0-0-debuginfo-210-68.2 libudev1-210-68.2 libudev1-debuginfo-210-68.2 systemd-210-68.2 systemd-debuginfo-210-68.2 systemd-debugsource-210-68.2 systemd-sysvinit-210-68.2 udev-210-68.2 udev-debuginfo-210-68.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgudev-1_0-0-32bit-210-68.2 libgudev-1_0-0-debuginfo-32bit-210-68.2 libudev1-32bit-210-68.2 libudev1-debuginfo-32bit-210-68.2 systemd-32bit-210-68.2 systemd-debuginfo-32bit-210-68.2 - SUSE Linux Enterprise Server 12 (noarch): systemd-bash-completion-210-68.2 - SUSE Linux Enterprise Desktop 12 (x86_64): libgudev-1_0-0-210-68.2 libgudev-1_0-0-32bit-210-68.2 libgudev-1_0-0-debuginfo-210-68.2 libgudev-1_0-0-debuginfo-32bit-210-68.2 libudev1-210-68.2 libudev1-32bit-210-68.2 libudev1-debuginfo-210-68.2 libudev1-debuginfo-32bit-210-68.2 systemd-210-68.2 systemd-32bit-210-68.2 systemd-debuginfo-210-68.2 systemd-debuginfo-32bit-210-68.2 systemd-debugsource-210-68.2 systemd-sysvinit-210-68.2 udev-210-68.2 udev-debuginfo-210-68.2 - SUSE Linux Enterprise Desktop 12 (noarch): systemd-bash-completion-210-68.2 References: https://bugzilla.suse.com/906900 https://bugzilla.suse.com/909358 https://bugzilla.suse.com/919095 https://bugzilla.suse.com/920195 https://bugzilla.suse.com/921831 https://bugzilla.suse.com/921898 https://bugzilla.suse.com/921920 https://bugzilla.suse.com/926169 https://bugzilla.suse.com/927457 https://bugzilla.suse.com/928265 https://bugzilla.suse.com/931388 https://bugzilla.suse.com/932284 https://bugzilla.suse.com/933365 https://bugzilla.suse.com/933512 https://bugzilla.suse.com/934077 From sle-updates at lists.suse.com Thu Jul 30 08:12:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2015 16:12:46 +0200 (CEST) Subject: SUSE-SU-2015:1319-1: important: Security update for java-1_7_0-openjdk Message-ID: <20150730141246.49EE5320B2@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1319-1 Rating: important References: #938248 Cross-References: CVE-2015-2590 CVE-2015-2596 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data. * CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-352=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-352=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.85-18.2 java-1_7_0-openjdk-debuginfo-1.7.0.85-18.2 java-1_7_0-openjdk-debugsource-1.7.0.85-18.2 java-1_7_0-openjdk-demo-1.7.0.85-18.2 java-1_7_0-openjdk-demo-debuginfo-1.7.0.85-18.2 java-1_7_0-openjdk-devel-1.7.0.85-18.2 java-1_7_0-openjdk-devel-debuginfo-1.7.0.85-18.2 java-1_7_0-openjdk-headless-1.7.0.85-18.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.85-18.2 - SUSE Linux Enterprise Desktop 12 (x86_64): java-1_7_0-openjdk-1.7.0.85-18.2 java-1_7_0-openjdk-debuginfo-1.7.0.85-18.2 java-1_7_0-openjdk-debugsource-1.7.0.85-18.2 java-1_7_0-openjdk-headless-1.7.0.85-18.2 java-1_7_0-openjdk-headless-debuginfo-1.7.0.85-18.2 References: https://www.suse.com/security/cve/CVE-2015-2590.html https://www.suse.com/security/cve/CVE-2015-2596.html https://www.suse.com/security/cve/CVE-2015-2597.html https://www.suse.com/security/cve/CVE-2015-2601.html https://www.suse.com/security/cve/CVE-2015-2613.html https://www.suse.com/security/cve/CVE-2015-2619.html https://www.suse.com/security/cve/CVE-2015-2621.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2627.html https://www.suse.com/security/cve/CVE-2015-2628.html https://www.suse.com/security/cve/CVE-2015-2632.html https://www.suse.com/security/cve/CVE-2015-2637.html https://www.suse.com/security/cve/CVE-2015-2638.html https://www.suse.com/security/cve/CVE-2015-2664.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4729.html https://www.suse.com/security/cve/CVE-2015-4731.html https://www.suse.com/security/cve/CVE-2015-4732.html https://www.suse.com/security/cve/CVE-2015-4733.html https://www.suse.com/security/cve/CVE-2015-4736.html https://www.suse.com/security/cve/CVE-2015-4748.html https://www.suse.com/security/cve/CVE-2015-4749.html https://www.suse.com/security/cve/CVE-2015-4760.html https://bugzilla.suse.com/938248 From sle-updates at lists.suse.com Thu Jul 30 09:08:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2015 17:08:47 +0200 (CEST) Subject: SUSE-SU-2015:1320-1: important: Security update for java-1_7_0-openjdk Message-ID: <20150730150847.909A1320B2@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1320-1 Rating: important References: #938248 Cross-References: CVE-2015-2590 CVE-2015-2596 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2596: Difficult to exploit vulnerability in the Hotspot component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data. * CVE-2015-2597: Easily exploitable vulnerability in the Install component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2627: Very difficult to exploit vulnerability in the Install component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2628: Easily exploitable vulnerability in the CORBA component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4736: Difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-java-1_7_0-openjdk-12012=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-java-1_7_0-openjdk-12012=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-java-1_7_0-openjdk-12012=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-java-1_7_0-openjdk-12012=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): java-1_7_0-openjdk-1.7.0.85-0.11.2 java-1_7_0-openjdk-demo-1.7.0.85-0.11.2 java-1_7_0-openjdk-devel-1.7.0.85-0.11.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): java-1_7_0-openjdk-1.7.0.85-0.11.2 java-1_7_0-openjdk-demo-1.7.0.85-0.11.2 java-1_7_0-openjdk-devel-1.7.0.85-0.11.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): java-1_7_0-openjdk-debuginfo-1.7.0.85-0.11.2 java-1_7_0-openjdk-debugsource-1.7.0.85-0.11.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): java-1_7_0-openjdk-debuginfo-1.7.0.85-0.11.2 java-1_7_0-openjdk-debugsource-1.7.0.85-0.11.2 References: https://www.suse.com/security/cve/CVE-2015-2590.html https://www.suse.com/security/cve/CVE-2015-2596.html https://www.suse.com/security/cve/CVE-2015-2597.html https://www.suse.com/security/cve/CVE-2015-2601.html https://www.suse.com/security/cve/CVE-2015-2613.html https://www.suse.com/security/cve/CVE-2015-2619.html https://www.suse.com/security/cve/CVE-2015-2621.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2627.html https://www.suse.com/security/cve/CVE-2015-2628.html https://www.suse.com/security/cve/CVE-2015-2632.html https://www.suse.com/security/cve/CVE-2015-2637.html https://www.suse.com/security/cve/CVE-2015-2638.html https://www.suse.com/security/cve/CVE-2015-2664.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4729.html https://www.suse.com/security/cve/CVE-2015-4731.html https://www.suse.com/security/cve/CVE-2015-4732.html https://www.suse.com/security/cve/CVE-2015-4733.html https://www.suse.com/security/cve/CVE-2015-4736.html https://www.suse.com/security/cve/CVE-2015-4748.html https://www.suse.com/security/cve/CVE-2015-4749.html https://www.suse.com/security/cve/CVE-2015-4760.html https://bugzilla.suse.com/938248 From sle-updates at lists.suse.com Thu Jul 30 10:08:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2015 18:08:38 +0200 (CEST) Subject: SUSE-RU-2015:1321-1: Recommended update for release-notes-sles Message-ID: <20150730160838.51397320B2@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1321-1 Rating: low References: #890640 #899495 #907776 #913245 #919070 #926284 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. It includes one version update. Description: This update provides the latest version of the release notes for SUSE Linux Enterprise Server 11 SP3: * New: Introduction of new flag TAINT_UNSIGNED_MODULE to mark unsigned kernel modules. (fate#317134) * New: Update of makedumpfile and crash for systems with 46-bit addressing mode. (fate#316603) * New: Version update for tcsh. (fate#318340) * New: Introduction of SUSE Enterprise Storage's Ceph client for SLES 11-SP3. (fate#318330) * New: Document new TLS-related options available in the OpenLDAP 2.4 client. (bsc#926284, fate#319043) * New: Document that use of watchdogs with Xen might cause restarts. (bsc#899495) * New: Introduction of optional OpenSSL 1.0 packages. (fate#316898) * New: Introduction of new option "Place New Windows Always on Top" in Metacity. (fate#317254) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-release-notes-sles-201506=10763 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-release-notes-sles-201506=10763 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64) [New Version: 11.3.39]: release-notes-SLES-for-VMware-11.3.39-0.8.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64) [New Version: 11.3.39]: release-notes-sles-11.3.39-0.8.1 References: https://bugzilla.suse.com/890640 https://bugzilla.suse.com/899495 https://bugzilla.suse.com/907776 https://bugzilla.suse.com/913245 https://bugzilla.suse.com/919070 https://bugzilla.suse.com/926284 https://download.suse.com/patch/finder/?keywords=9882717f16e7da3cb61c06ea323364d9 From sle-updates at lists.suse.com Thu Jul 30 10:09:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jul 2015 18:09:55 +0200 (CEST) Subject: SUSE-SU-2015:1322-1: important: Security update for bind Message-ID: <20150730160955.D93DB320B2@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1322-1 Rating: important References: #939567 Cross-References: CVE-2015-5477 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. It includes one version update. Description: bind was updated to fix one security issue: * CVE-2015-5477: Remote Denial-of-Service via TKEY queries. (bsc#939567) Exposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling. Security Issues: * CVE-2015-5477 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 9.6ESVR11P1]: bind-9.6ESVR11P1-0.14.1 bind-chrootenv-9.6ESVR11P1-0.14.1 bind-devel-9.6ESVR11P1-0.14.1 bind-doc-9.6ESVR11P1-0.14.1 bind-libs-9.6ESVR11P1-0.14.1 bind-utils-9.6ESVR11P1-0.14.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 9.6ESVR11P1]: bind-libs-32bit-9.6ESVR11P1-0.14.1 References: https://www.suse.com/security/cve/CVE-2015-5477.html https://bugzilla.suse.com/939567 https://download.suse.com/patch/finder/?keywords=fe704ff20633640972645403977f8036 From sle-updates at lists.suse.com Fri Jul 31 02:08:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2015 10:08:45 +0200 (CEST) Subject: SUSE-SU-2015:1324-1: important: Security update for the SUSE Linux Enterprise 12 kernel Message-ID: <20150731080845.EFD0C320B3@maintenance.suse.de> SUSE Security Update: Security update for the SUSE Linux Enterprise 12 kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1324-1 Rating: important References: #854817 #854824 #858727 #866911 #867362 #895814 #903279 #907092 #908491 #915183 #917630 #918618 #921430 #924071 #924526 #926369 #926953 #927455 #927697 #927786 #928131 #929475 #929696 #929879 #929974 #930092 #930399 #930579 #930599 #930972 #931124 #931403 #931538 #931620 #931860 #931988 #932348 #932793 #932897 #932898 #932899 #932900 #932967 #933117 #933429 #933637 #933896 #933904 #933907 #934160 #935083 #935085 #935088 #935174 #935542 #935881 #935918 #936012 #936423 #936445 #936446 #936502 #936556 #936831 #936875 #937032 #937087 #937609 #937612 #937613 #937616 #938022 #938023 #938024 Cross-References: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-1805 CVE-2015-3212 CVE-2015-4036 CVE-2015-4167 CVE-2015-4692 CVE-2015-5364 CVE-2015-5366 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 63 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive various security and bugfixes. These features were added: - mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array support (bsc#854824). - mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (bsc#854817). Following security bugs were fixed: - CVE-2015-1805: iov overrun for failed atomic copy could have lead to DoS or privilege escalation (bsc#933429). - CVE-2015-3212: A race condition in the way the Linux kernel handled lists of associations in SCTP sockets could have lead to list corruption and kernel panics (bsc#936502). - CVE-2015-4036: DoS via memory corruption in vhost/scsi driver (bsc#931988). - CVE-2015-4167: Linux kernel built with the UDF file system(CONFIG_UDF_FS) support was vulnerable to a crash. It occurred while fetching inode information from a corrupted/malicious udf file system image (bsc#933907). - CVE-2015-4692: DoS via NULL pointer dereference in kvm_apic_has_events function (bsc#935542). - CVE-2015-5364: Remote DoS via flood of UDP packets with invalid checksums (bsc#936831). - CVE-2015-5366: Remote DoS of EPOLLET epoll applications via flood of UDP packets with invalid checksums (bsc#936831). Security issues already fixed in the previous update but not referenced by CVE: - CVE-2014-9728: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9729: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9730: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904). - CVE-2014-9731: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to information leakage (bsc#933896). The following non-security bugs were fixed: - ALSA: hda - add codec ID for Skylake display audio codec (bsc#936556). - ALSA: hda/hdmi - apply Haswell fix-ups to Skylake display codec (bsc#936556). - ALSA: hda_controller: Separate stream_tag for input and output streams (bsc#936556). - ALSA: hda_intel: add AZX_DCAPS_I915_POWERWELL for SKL and BSW (bsc#936556). - ALSA: hda_intel: apply the Seperate stream_tag for Skylake (bsc#936556). - ALSA: hda_intel: apply the Seperate stream_tag for Sunrise Point (bsc#936556). - Btrfs: Handle unaligned length in extent_same (bsc#937609). - Btrfs: add missing inode item update in fallocate() (bsc#938023). - Btrfs: check pending chunks when shrinking fs to avoid corruption (bsc#936445). - Btrfs: do not update mtime/ctime on deduped inodes (bsc#937616). - Btrfs: fix block group ->space_info null pointer dereference (bsc#935088). - Btrfs: fix clone / extent-same deadlocks (bsc#937612). - Btrfs: fix deadlock with extent-same and readpage (bsc#937612). - Btrfs: fix fsync data loss after append write (bsc#936446). - Btrfs: fix hang during inode eviction due to concurrent readahead (bsc#935085). - Btrfs: fix memory leak in the extent_same ioctl (bsc#937613). - Btrfs: fix race when reusing stale extent buffers that leads to BUG_ON (bsc#926369). - Btrfs: fix use after free when close_ctree frees the orphan_rsv (bsc#938022). - Btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609). - Btrfs: provide super_operations->inode_get_dev (bsc#927455). - Drivers: hv: balloon: check if ha_region_mutex was acquired in MEM_CANCEL_ONLINE case. - Drivers: hv: fcopy: process deferred messages when we complete the transaction. - Drivers: hv: fcopy: rename fcopy_work -> fcopy_timeout_work. - Drivers: hv: fcopy: set .owner reference for file operations. - Drivers: hv: fcopy: switch to using the hvutil_device_state state machine. - Drivers: hv: hv_balloon: correctly handle num_pages>INT_MAX case. - Drivers: hv: hv_balloon: correctly handle val.freeram lower than num_pages case. - Drivers: hv: hv_balloon: do not lose memory when onlining order is not natural. - Drivers: hv: hv_balloon: do not online pages in offline blocks. - Drivers: hv: hv_balloon: eliminate jumps in piecewiese linear floor function. - Drivers: hv: hv_balloon: eliminate the trylock path in acquire/release_region_mutex. - Drivers: hv: hv_balloon: keep locks balanced on add_memory() failure. - Drivers: hv: hv_balloon: refuse to balloon below the floor. - Drivers: hv: hv_balloon: report offline pages as being used. - Drivers: hv: hv_balloon: survive ballooning request with num_pages=0. - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h. - Drivers: hv: kvp: rename kvp_work -> kvp_timeout_work. - Drivers: hv: kvp: reset kvp_context. - Drivers: hv: kvp: switch to using the hvutil_device_state state machine. - Drivers: hv: util: Fix a bug in the KVP code. reapply upstream change ontop of v3.12-stable change - Drivers: hv: util: On device remove, close the channel after de-initializing the service. - Drivers: hv: util: introduce hv_utils_transport abstraction. - Drivers: hv: util: introduce state machine for util drivers. - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h. - Drivers: hv: vmbus: Add device and vendor ID to vmbus devices. - Drivers: hv: vmbus: Add support for VMBus panic notifier handler (bsc#934160). - Drivers: hv: vmbus: Add support for the NetworkDirect GUID. - Drivers: hv: vmbus: Correcting truncation error for constant HV_CRASH_CTL_CRASH_NOTIFY (bsc#934160). - Drivers: hv: vmbus: Export the vmbus_sendpacket_pagebuffer_ctl(). - Drivers: hv: vmbus: Fix a bug in rescind processing in vmbus_close_internal(). - Drivers: hv: vmbus: Fix a siganlling host signalling issue. - Drivers: hv: vmbus: Get rid of some unnecessary messages. - Drivers: hv: vmbus: Get rid of some unused definitions. - Drivers: hv: vmbus: Handle both rescind and offer messages in the same context. - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state. - Drivers: hv: vmbus: Introduce a function to remove a rescinded offer. - Drivers: hv: vmbus: Perform device register in the per-channel work element. - Drivers: hv: vmbus: Permit sending of packets without payload. - Drivers: hv: vmbus: Properly handle child device remove. - Drivers: hv: vmbus: Remove the channel from the channel list(s) on failure. - Drivers: hv: vmbus: Suport an API to send packet with additional control. - Drivers: hv: vmbus: Suport an API to send pagebuffers with additional control. - Drivers: hv: vmbus: Teardown clockevent devices on module unload. - Drivers: hv: vmbus: Teardown synthetic interrupt controllers on module unload. - Drivers: hv: vmbus: Use a round-robin algorithm for picking the outgoing channel. - Drivers: hv: vmbus: Use the vp_index map even for channels bound to CPU 0. - Drivers: hv: vmbus: avoid double kfree for device_obj. - Drivers: hv: vmbus: briefly comment num_sc and next_oc. - Drivers: hv: vmbus: decrease num_sc on subchannel removal. - Drivers: hv: vmbus: distribute subchannels among all vcpus. - Drivers: hv: vmbus: do cleanup on all vmbus_open() failure paths. - Drivers: hv: vmbus: introduce vmbus_acpi_remove. - Drivers: hv: vmbus: kill tasklets on module unload. - Drivers: hv: vmbus: move init_vp_index() call to vmbus_process_offer(). - Drivers: hv: vmbus: prevent cpu offlining on newer hypervisors. - Drivers: hv: vmbus: rename channel work queues. - Drivers: hv: vmbus: teardown hv_vmbus_con workqueue and vmbus_connection pages on shutdown. - Drivers: hv: vmbus: unify calls to percpu_channel_enq(). - Drivers: hv: vmbus: unregister panic notifier on module unload. - Drivers: hv: vmbus:Update preferred vmbus protocol version to windows 10. - Drivers: hv: vss: process deferred messages when we complete the transaction. - Drivers: hv: vss: switch to using the hvutil_device_state state machine. - Enable CONFIG_BRIDGE_NF_EBTABLES on s390x (bsc#936012) - Fix connection reuse when sk_error_report is used (bsc#930972). - GHES: Carve out error queueing in a separate function (bsc#917630). - GHES: Carve out the panic functionality (bsc#917630). - GHES: Elliminate double-loop in the NMI handler (bsc#917630). - GHES: Make NMI handler have a single reader (bsc#917630). - GHES: Panic right after detection (bsc#917630). - IB/mlx4: Fix wrong usage of IPv4 protocol for multicast attach/detach (bsc#918618). - Initialize hv_netvsc_packet->xmit_more to avoid transfer stalls - KVM: PPC: BOOK3S: HV: CMA: Reserve cma region only in hypervisor mode (bsc#908491). - KVM: s390: virtio-ccw: Handle command rejects (bsc#931860). - MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696). - MODSIGN: loading keys from db when SecureBoot disabled (bsc#929696). - PCI: pciehp: Add hotplug_lock to serialize hotplug events (bsc#866911). - Revert "MODSIGN: loading keys from db when SecureBoot disabled". This reverts commit b45412d4, because it breaks legacy boot. - SUNRPC: Report connection error values to rpc_tasks on the pending queue (bsc#930972). - Update s390x kabi files with netfilter change (bsc#936012) - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bsc#932348). - cpufreq: pcc: Enable autoload of pcc-cpufreq for ACPI processors (bsc#933117). - dmapi: fix value from newer Linux strnlen_user() (bsc#932897). - drm/i915/hsw: Fix workaround for server AUX channel clock divisor (bsc#935918). - drm/i915: Evict CS TLBs between batches (bsc#935918). - drm/i915: Fix DDC probe for passive adapters (bsc#935918). - drm/i915: Handle failure to kick out a conflicting fb driver (bsc#935918). - drm/i915: drop WaSetupGtModeTdRowDispatch:snb (bsc#935918). - drm/i915: save/restore GMBUS freq across suspend/resume on gen4 (bsc#935918). - edd: support original Phoenix EDD 3.0 information (bsc#929974). - ext4: fix over-defensive complaint after journal abort (bsc#935174). - fs/cifs: Fix corrupt SMB2 ioctl requests (bsc#931124). - ftrace: add oco handling patch (bsc#924526). - ftrace: allow architectures to specify ftrace compile options (bsc#924526). - ftrace: let notrace function attribute disable hotpatching if necessary (bsc#924526). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bsc#930092). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bsc#930092). - hv: channel: match var type to return type of wait_for_completion. - hv: do not schedule new works in vmbus_onoffer()/vmbus_onoffer_rescind(). - hv: hv_balloon: match var type to return type of wait_for_completion. - hv: hv_util: move vmbus_open() to a later place. - hv: hypervvssd: call endmntent before call setmntent again. - hv: no rmmod for hv_vmbus and hv_utils. - hv: remove the per-channel workqueue. - hv: run non-blocking message handlers in the dispatch tasklet. - hv: vmbus: missing curly braces in vmbus_process_offer(). - hv: vmbus_free_channels(): remove the redundant free_channel(). - hv: vmbus_open(): reset the channel state on ENOMEM. - hv: vmbus_post_msg: retry the hypercall on some transient errors. - hv_netvsc: Allocate the receive buffer from the correct NUMA node. - hv_netvsc: Allocate the sendbuf in a NUMA aware way. - hv_netvsc: Clean up two unused variables. - hv_netvsc: Cleanup the test for freeing skb when we use sendbuf mechanism. - hv_netvsc: Define a macro RNDIS_AND_PPI_SIZE. - hv_netvsc: Eliminate memory allocation in the packet send path. - hv_netvsc: Fix a bug in netvsc_start_xmit(). - hv_netvsc: Fix the packet free when it is in skb headroom. - hv_netvsc: Implement batching in send buffer. - hv_netvsc: Implement partial copy into send buffer. - hv_netvsc: Use the xmit_more skb flag to optimize signaling the host. - hv_netvsc: change member name of struct netvsc_stats. - hv_netvsc: introduce netif-msg into netvsc module. - hv_netvsc: remove unused variable in netvsc_send(). - hv_netvsc: remove vmbus_are_subchannels_present() in rndis_filter_device_add(). - hv_netvsc: try linearizing big SKBs before dropping them. - hv_netvsc: use per_cpu stats to calculate TX/RX data. - hv_netvsc: use single existing drop path in netvsc_start_xmit. - hv_vmbus: Add gradually increased delay for retries in vmbus_post_msg(). - hyperv: Implement netvsc_get_channels() ethool op. - hyperv: hyperv_fb: match wait_for_completion_timeout return type. - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935881). - ipr: Increase default adapter init stage change timeout (bsc#930579). - ipv6: do not delete previously existing ECMP routes if add fails (bsc#930399). - ipv6: fix ECMP route replacement (bsc#930399). - jbd2: improve error messages for inconsistent journal heads (bsc#935174). - jbd2: revise KERN_EMERG error messages (bsc#935174). - kabi/severities: Add s390 symbols allowed to change in bsc#931860 - kabi: only use sops->get_inode_dev with proper fsflag. - kernel: add panic_on_warn. - kexec: allocate the kexec control page with KEXEC_CONTROL_MEMORY_GFP (bsc#928131). - kgr: fix redirection on s390x arch (bsc#903279). - kgr: move kgr_task_in_progress() to sched.h. - kgr: send a fake signal to all blocking tasks. - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bsc#926953). - libata: Blacklist queued TRIM on all Samsung 800-series (bsc#930599). - mei: bus: () can be static. - mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bsc#931620). - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM Performance, bsc#931620). - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM Performance, bsc#931620). - mm/thp: allocate transparent hugepages on local node (VM Performance, bsc#931620). - net/mlx4_en: Call register_netdevice in the proper location (bsc#858727). - net/mlx4_en: Do not attempt to TX offload the outer UDP checksum for VXLAN (bsc#858727). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: introduce netdev_alloc_pcpu_stats() for drivers. - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - netdev: set __percpu attribute on netdev_alloc_pcpu_stats. - netdev_alloc_pcpu_stats: use less common iterator variable. - netfilter: xt_NFQUEUE: fix --queue-bypass regression (bsc#935083) - ovl: default permissions (bsc#924071). - ovl: move s_stack_depth . - powerpc/perf/hv-24x7: use kmem_cache instead of aligned stack allocations (bsc#931403). - powerpc/pseries: Correct cpu affinity for dlpar added cpus (bsc#932967). - powerpc: Add VM_FAULT_HWPOISON handling to powerpc page fault handler (bsc#929475). - powerpc: Fill in si_addr_lsb siginfo field (bsc#929475). - powerpc: Simplify do_sigbus (bsc#929475). - reiserfs: Fix use after free in journal teardown (bsc#927697). - rtlwifi: rtl8192cu: Fix kernel deadlock (bsc#927786). - s390/airq: add support for irq ranges (bsc#931860). - s390/airq: silence lockdep warning (bsc#931860). - s390/compat,signal: change return values to -EFAULT (bsc#929879). - s390/ftrace: hotpatch support for function tracing (bsc#924526). - s390/irq: improve displayed interrupt order in /proc/interrupts (bsc#931860). - s390/kernel: use stnsm 255 instead of stosm 0 (bsc#929879). - s390/kgr: reorganize kgr infrastructure in entry64.S. - s390/mm: align 64-bit PIE binaries to 4GB (bsc#929879). - s390/mm: limit STACK_RND_MASK for compat tasks (bsc#929879). - s390/rwlock: add missing local_irq_restore calls (bsc#929879). - s390/sclp_vt220: Fix kernel panic due to early terminal input (bsc#931860). - s390/smp: only send external call ipi if needed (bsc#929879). - s390/spinlock,rwlock: always to a load-and-test first (bsc#929879). - s390/spinlock: cleanup spinlock code (bsc#929879). - s390/spinlock: optimize spin_unlock code (bsc#929879). - s390/spinlock: optimize spinlock code sequence (bsc#929879). - s390/spinlock: refactor arch_spin_lock_wait[_flags] (bsc#929879). - s390/time: use stck clock fast for do_account_vtime (bsc#929879). - s390: Remove zfcpdump NR_CPUS dependency (bsc#929879). - s390: add z13 code generation support (bsc#929879). - s390: avoid z13 cache aliasing (bsc#929879). - s390: fix control register update (bsc#929879). - s390: optimize control register update (bsc#929879). - s390: z13 base performance (bsc#929879). - sched: fix __sched_setscheduler() vs load balancing race (bsc#921430) - scsi: retry MODE SENSE on unit attention (bsc#895814). - scsi_dh_alua: Recheck state on unit attention (bsc#895814). - scsi_dh_alua: fixup crash in alua_rtpg_work() (bsc#895814). - scsi_dh_alua: parse device id instead of target id (bsc#895814). - scsi_dh_alua: recheck RTPG in regular intervals (bsc#895814). - scsi_dh_alua: update all port states (bsc#895814). - sd: always retry READ CAPACITY for ALUA state transition (bsc#895814). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - supported.conf: add btrfs to kernel-$flavor-base (bsc#933637) - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bsc#938024). - vTPM: set virtual device before passing to ibmvtpm_reset_crq (bsc#937087). - vfs: add super_operations->get_inode_dev (bsc#927455). - virtio-ccw: virtio-ccw adapter interrupt support (bsc#931860). - virtio-rng: do not crash if virtqueue is broken (bsc#931860). - virtio: fail adding buffer on broken queues (bsc#931860). - virtio: virtio_break_device() to mark all virtqueues broken (bsc#931860). - virtio_blk: verify if queue is broken after virtqueue_get_buf() (bsc#931860). - virtio_ccw: fix hang in set offline processing (bsc#931860). - virtio_ccw: fix vcdev pointer handling issues (bsc#931860). - virtio_ccw: introduce device_lost in virtio_ccw_device (bsc#931860). - virtio_net: do not crash if virtqueue is broken (bsc#931860). - virtio_net: verify if queue is broken after virtqueue_get_buf() (bsc#931860). - virtio_ring: adapt to notify() returning bool (bsc#931860). - virtio_ring: add new function virtqueue_is_broken() (bsc#931860). - virtio_ring: change host notification API (bsc#931860). - virtio_ring: let virtqueue_{kick()/notify()} return a bool (bsc#931860). - virtio_ring: plug kmemleak false positive (bsc#931860). - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding spinlock (bsc#931860). - virtio_scsi: verify if queue is broken after virtqueue_get_buf() (bsc#931860). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86/PCI: Use host bridge _CRS info on Foxconn K8M890-8237A (bsc#907092). - x86/PCI: Use host bridge _CRS info on systems with >32 bit addressing (bsc#907092). - x86/kgr: move kgr infrastructure from asm to C. - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - xfrm: release dst_orig in case of error in xfrm_lookup() (bsc#932793). - xfs: Skip dirty pages in ->releasepage (bsc#915183). - xfs: fix xfs_setattr for DMAPI (bsc#932900). - xfs_dmapi: fix transaction ilocks (bsc#932899). - xfs_dmapi: fix value from newer Linux strnlen_user() (bsc#932897). - xfs_dmapi: xfs_dm_rdwr() uses dir file ops not file's ops (bsc#932898). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-356=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-356=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-356=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-356=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-356=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-356=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.44-52.10.1 kernel-default-debugsource-3.12.44-52.10.1 kernel-default-extra-3.12.44-52.10.1 kernel-default-extra-debuginfo-3.12.44-52.10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.44-52.10.1 kernel-obs-build-debugsource-3.12.44-52.10.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.44-52.10.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.44-52.10.1 kernel-default-base-3.12.44-52.10.1 kernel-default-base-debuginfo-3.12.44-52.10.1 kernel-default-debuginfo-3.12.44-52.10.1 kernel-default-debugsource-3.12.44-52.10.1 kernel-default-devel-3.12.44-52.10.1 kernel-syms-3.12.44-52.10.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.44-52.10.1 kernel-xen-base-3.12.44-52.10.1 kernel-xen-base-debuginfo-3.12.44-52.10.1 kernel-xen-debuginfo-3.12.44-52.10.1 kernel-xen-debugsource-3.12.44-52.10.1 kernel-xen-devel-3.12.44-52.10.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.44-52.10.1 kernel-macros-3.12.44-52.10.1 kernel-source-3.12.44-52.10.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.44-52.10.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.44-52.10.1 kernel-ec2-debuginfo-3.12.44-52.10.1 kernel-ec2-debugsource-3.12.44-52.10.1 kernel-ec2-devel-3.12.44-52.10.1 kernel-ec2-extra-3.12.44-52.10.1 kernel-ec2-extra-debuginfo-3.12.44-52.10.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_44-52_10-default-1-2.1 kgraft-patch-3_12_44-52_10-xen-1-2.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.44-52.10.1 kernel-default-debuginfo-3.12.44-52.10.1 kernel-default-debugsource-3.12.44-52.10.1 kernel-default-devel-3.12.44-52.10.1 kernel-default-extra-3.12.44-52.10.1 kernel-default-extra-debuginfo-3.12.44-52.10.1 kernel-syms-3.12.44-52.10.1 kernel-xen-3.12.44-52.10.1 kernel-xen-debuginfo-3.12.44-52.10.1 kernel-xen-debugsource-3.12.44-52.10.1 kernel-xen-devel-3.12.44-52.10.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.44-52.10.1 kernel-macros-3.12.44-52.10.1 kernel-source-3.12.44-52.10.1 References: https://www.suse.com/security/cve/CVE-2014-9728.html https://www.suse.com/security/cve/CVE-2014-9729.html https://www.suse.com/security/cve/CVE-2014-9730.html https://www.suse.com/security/cve/CVE-2014-9731.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-3212.html https://www.suse.com/security/cve/CVE-2015-4036.html https://www.suse.com/security/cve/CVE-2015-4167.html https://www.suse.com/security/cve/CVE-2015-4692.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://bugzilla.suse.com/854817 https://bugzilla.suse.com/854824 https://bugzilla.suse.com/858727 https://bugzilla.suse.com/866911 https://bugzilla.suse.com/867362 https://bugzilla.suse.com/895814 https://bugzilla.suse.com/903279 https://bugzilla.suse.com/907092 https://bugzilla.suse.com/908491 https://bugzilla.suse.com/915183 https://bugzilla.suse.com/917630 https://bugzilla.suse.com/918618 https://bugzilla.suse.com/921430 https://bugzilla.suse.com/924071 https://bugzilla.suse.com/924526 https://bugzilla.suse.com/926369 https://bugzilla.suse.com/926953 https://bugzilla.suse.com/927455 https://bugzilla.suse.com/927697 https://bugzilla.suse.com/927786 https://bugzilla.suse.com/928131 https://bugzilla.suse.com/929475 https://bugzilla.suse.com/929696 https://bugzilla.suse.com/929879 https://bugzilla.suse.com/929974 https://bugzilla.suse.com/930092 https://bugzilla.suse.com/930399 https://bugzilla.suse.com/930579 https://bugzilla.suse.com/930599 https://bugzilla.suse.com/930972 https://bugzilla.suse.com/931124 https://bugzilla.suse.com/931403 https://bugzilla.suse.com/931538 https://bugzilla.suse.com/931620 https://bugzilla.suse.com/931860 https://bugzilla.suse.com/931988 https://bugzilla.suse.com/932348 https://bugzilla.suse.com/932793 https://bugzilla.suse.com/932897 https://bugzilla.suse.com/932898 https://bugzilla.suse.com/932899 https://bugzilla.suse.com/932900 https://bugzilla.suse.com/932967 https://bugzilla.suse.com/933117 https://bugzilla.suse.com/933429 https://bugzilla.suse.com/933637 https://bugzilla.suse.com/933896 https://bugzilla.suse.com/933904 https://bugzilla.suse.com/933907 https://bugzilla.suse.com/934160 https://bugzilla.suse.com/935083 https://bugzilla.suse.com/935085 https://bugzilla.suse.com/935088 https://bugzilla.suse.com/935174 https://bugzilla.suse.com/935542 https://bugzilla.suse.com/935881 https://bugzilla.suse.com/935918 https://bugzilla.suse.com/936012 https://bugzilla.suse.com/936423 https://bugzilla.suse.com/936445 https://bugzilla.suse.com/936446 https://bugzilla.suse.com/936502 https://bugzilla.suse.com/936556 https://bugzilla.suse.com/936831 https://bugzilla.suse.com/936875 https://bugzilla.suse.com/937032 https://bugzilla.suse.com/937087 https://bugzilla.suse.com/937609 https://bugzilla.suse.com/937612 https://bugzilla.suse.com/937613 https://bugzilla.suse.com/937616 https://bugzilla.suse.com/938022 https://bugzilla.suse.com/938023 https://bugzilla.suse.com/938024 From sle-updates at lists.suse.com Fri Jul 31 06:08:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2015 14:08:40 +0200 (CEST) Subject: SUSE-RU-2015:1327-1: Recommended update for release-notes-sles Message-ID: <20150731120840.9D2FB320B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1327-1 Rating: low References: #900935 #912272 #927292 #930353 #934230 #934752 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 12. - New: Importing PTF key. (bsc#927292 via fate#319093) - New: Activating uuidd socket. (bsc#900935 via fate#318949) - New: pm-profiler replaced with tuned. (bsc#912272 via fate#319043) - New: YaST: IPv6 open-iscsi support. (fate#316261) - New: libzypp gpg check handling. (bsc#934230 via fate#319082) - Updated: Docker references. (fate#317064) - Removed entry: Extended Built-in Management Infrastructure Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-357=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): release-notes-sles-12.0.20150722-29.1 References: https://bugzilla.suse.com/900935 https://bugzilla.suse.com/912272 https://bugzilla.suse.com/927292 https://bugzilla.suse.com/930353 https://bugzilla.suse.com/934230 https://bugzilla.suse.com/934752 From sle-updates at lists.suse.com Fri Jul 31 07:08:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2015 15:08:37 +0200 (CEST) Subject: SUSE-OU-2015:1328-1: Optional update for docbook Message-ID: <20150731130837.12BBA320B5@maintenance.suse.de> SUSE Optional Update: Optional update for docbook ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1328-1 Rating: low References: #912669 #914681 #918565 #928012 #928753 #930685 #936253 #937209 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 8 optional fixes can now be installed. Description: This update introduces DocBook 5 to SUSE Linux Enterprise Software Development Kit 12. The following new packages have been added: docbook_5, docbook5-xsl-stylesheets and saxon6. docbook-xsl-stylesheet received several bugfixes. Jing was updated and now uses saxon6 as build and runtime dependency. suse-xsl-stylesheets was updated to the stable release 2.0.2, which brings fixes and enhancements. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-358=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-358=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-358=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (noarch): docbook-xsl-stylesheets-1.78.1+svn9743-4.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): docbook-xsl-stylesheets-1.78.1+svn9743-4.1 docbook5-xsl-stylesheets-1.78.1-2.4 docbook_5-5.1CR3-4.1 jing-20091111-19.3.1 saxon6-6.5.5-4.2 suse-xsl-stylesheets-2.0.2-2.5.2 - SUSE Linux Enterprise Desktop 12 (noarch): docbook-xsl-stylesheets-1.78.1+svn9743-4.1 References: https://bugzilla.suse.com/912669 https://bugzilla.suse.com/914681 https://bugzilla.suse.com/918565 https://bugzilla.suse.com/928012 https://bugzilla.suse.com/928753 https://bugzilla.suse.com/930685 https://bugzilla.suse.com/936253 https://bugzilla.suse.com/937209 From sle-updates at lists.suse.com Fri Jul 31 08:08:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2015 16:08:47 +0200 (CEST) Subject: SUSE-SU-2015:1329-1: important: Security update for java-1_7_1-ibm Message-ID: <20150731140847.EC132320B5@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1329-1 Rating: important References: #935540 #938895 Cross-References: CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: IBM Java was updated to 7.1-3.10 to fix several security issues. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-12013=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-12013=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.10-3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.10-3.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.10-3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.10-3.1 java-1_7_1-ibm-plugin-1.7.1_sr3.10-3.1 References: https://www.suse.com/security/cve/CVE-2015-1931.html https://www.suse.com/security/cve/CVE-2015-2590.html https://www.suse.com/security/cve/CVE-2015-2601.html https://www.suse.com/security/cve/CVE-2015-2613.html https://www.suse.com/security/cve/CVE-2015-2619.html https://www.suse.com/security/cve/CVE-2015-2621.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2632.html https://www.suse.com/security/cve/CVE-2015-2637.html https://www.suse.com/security/cve/CVE-2015-2638.html https://www.suse.com/security/cve/CVE-2015-2664.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4729.html https://www.suse.com/security/cve/CVE-2015-4731.html https://www.suse.com/security/cve/CVE-2015-4732.html https://www.suse.com/security/cve/CVE-2015-4733.html https://www.suse.com/security/cve/CVE-2015-4748.html https://www.suse.com/security/cve/CVE-2015-4749.html https://www.suse.com/security/cve/CVE-2015-4760.html https://bugzilla.suse.com/935540 https://bugzilla.suse.com/938895 From sle-updates at lists.suse.com Fri Jul 31 08:09:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2015 16:09:27 +0200 (CEST) Subject: SUSE-RU-2015:1330-1: moderate: Recommended update for gcc48, libffi48, libgcj48 Message-ID: <20150731140927.23A08320B5@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc48, libffi48, libgcj48 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1330-1 Rating: moderate References: #889990 #917169 #919274 #922534 #924525 #924687 #927993 #930176 #934689 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: The system compiler gcc48 was updated to the GCC 4.8.5 release, fixing a lot of bugs and bringing some improvements. It includes various bug fixes found by our customers: * Fixes bogus integer overflow in constant expression. [bnc#934689] * Fixes ICE with atomics on aarch64. [bnc#930176] * Includes fix for -imacros bug. [bnc#917169] * Includes fix for incorrect -Warray-bounds warnings. [bnc#919274] * Includes updated -mhotpatch for s390x. [bnc#924525] * Includes fix for ppc64le issue with doubleword vector extract. [bnc#924687] * Includes patches to allow building against ISL 0.14. * Backport rework of the memory allocator for C++ exceptions used in OOM situations. [bnc#889990] * Fix a reload issue on S390 (GCC PR66306). * Avoid accessing invalid memory when passing aggregates by value. [bnc#922534] Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-361=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-361=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-361=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-361=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): gcc48-gij-32bit-4.8.5-18.1 gcc48-gij-4.8.5-18.1 gcc48-gij-debuginfo-32bit-4.8.5-18.1 gcc48-gij-debuginfo-4.8.5-18.1 libgcj48-32bit-4.8.5-18.1 libgcj48-4.8.5-18.1 libgcj48-debuginfo-32bit-4.8.5-18.1 libgcj48-debuginfo-4.8.5-18.1 libgcj48-debugsource-4.8.5-18.1 libgcj48-jar-4.8.5-18.1 libgcj_bc1-4.8.5-18.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gcc48-debuginfo-4.8.5-18.1 gcc48-debugsource-4.8.5-18.1 gcc48-fortran-4.8.5-18.1 gcc48-fortran-debuginfo-4.8.5-18.1 gcc48-gij-4.8.5-18.1 gcc48-gij-debuginfo-4.8.5-18.1 gcc48-java-4.8.5-18.1 gcc48-java-debuginfo-4.8.5-18.1 gcc48-obj-c++-4.8.5-18.1 gcc48-obj-c++-debuginfo-4.8.5-18.1 gcc48-objc-4.8.5-18.1 gcc48-objc-debuginfo-4.8.5-18.1 libffi48-debugsource-4.8.5-18.1 libffi48-devel-4.8.5-18.1 libgcj48-4.8.5-18.1 libgcj48-debuginfo-4.8.5-18.1 libgcj48-debugsource-4.8.5-18.1 libgcj48-devel-4.8.5-18.1 libgcj48-devel-debuginfo-4.8.5-18.1 libgcj48-jar-4.8.5-18.1 libgcj_bc1-4.8.5-18.1 libobjc4-4.8.5-18.1 libobjc4-debuginfo-4.8.5-18.1 - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): gcc48-objc-32bit-4.8.5-18.1 libgfortran3-32bit-4.8.5-18.1 libobjc4-32bit-4.8.5-18.1 - SUSE Linux Enterprise Software Development Kit 12 (x86_64): gcc48-ada-4.8.5-18.1 gcc48-ada-debuginfo-4.8.5-18.1 libada48-4.8.5-18.1 libada48-debuginfo-4.8.5-18.1 libquadmath0-32bit-4.8.5-18.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cpp48-4.8.5-18.1 cpp48-debuginfo-4.8.5-18.1 gcc48-4.8.5-18.1 gcc48-c++-4.8.5-18.1 gcc48-c++-debuginfo-4.8.5-18.1 gcc48-debuginfo-4.8.5-18.1 gcc48-debugsource-4.8.5-18.1 gcc48-locale-4.8.5-18.1 libatomic1-4.8.5-18.1 libatomic1-debuginfo-4.8.5-18.1 libffi4-4.8.5-18.1 libffi4-debuginfo-4.8.5-18.1 libffi48-debugsource-4.8.5-18.1 libgcc_s1-4.8.5-18.1 libgcc_s1-debuginfo-4.8.5-18.1 libgfortran3-4.8.5-18.1 libgfortran3-debuginfo-4.8.5-18.1 libgomp1-4.8.5-18.1 libgomp1-debuginfo-4.8.5-18.1 libitm1-4.8.5-18.1 libitm1-debuginfo-4.8.5-18.1 libstdc++48-devel-4.8.5-18.1 libstdc++6-4.8.5-18.1 libstdc++6-debuginfo-4.8.5-18.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): gcc48-32bit-4.8.5-18.1 libatomic1-32bit-4.8.5-18.1 libffi4-32bit-4.8.5-18.1 libgcc_s1-32bit-4.8.5-18.1 libgomp1-32bit-4.8.5-18.1 libitm1-32bit-4.8.5-18.1 libstdc++48-devel-32bit-4.8.5-18.1 libstdc++6-32bit-4.8.5-18.1 - SUSE Linux Enterprise Server 12 (x86_64): libasan0-32bit-4.8.5-18.1 libasan0-4.8.5-18.1 libasan0-debuginfo-4.8.5-18.1 libquadmath0-4.8.5-18.1 libquadmath0-debuginfo-4.8.5-18.1 libtsan0-4.8.5-18.1 libtsan0-debuginfo-4.8.5-18.1 - SUSE Linux Enterprise Server 12 (noarch): gcc48-info-4.8.5-18.1 - SUSE Linux Enterprise Desktop 12 (x86_64): cpp48-4.8.5-18.1 cpp48-debuginfo-4.8.5-18.1 gcc48-32bit-4.8.5-18.1 gcc48-4.8.5-18.1 gcc48-c++-4.8.5-18.1 gcc48-c++-debuginfo-4.8.5-18.1 gcc48-debuginfo-4.8.5-18.1 gcc48-debugsource-4.8.5-18.1 gcc48-gij-32bit-4.8.5-18.1 gcc48-gij-4.8.5-18.1 gcc48-gij-debuginfo-32bit-4.8.5-18.1 gcc48-gij-debuginfo-4.8.5-18.1 libasan0-32bit-4.8.5-18.1 libasan0-4.8.5-18.1 libasan0-debuginfo-4.8.5-18.1 libatomic1-32bit-4.8.5-18.1 libatomic1-4.8.5-18.1 libatomic1-debuginfo-4.8.5-18.1 libffi4-32bit-4.8.5-18.1 libffi4-4.8.5-18.1 libffi4-debuginfo-4.8.5-18.1 libffi48-debugsource-4.8.5-18.1 libgcc_s1-32bit-4.8.5-18.1 libgcc_s1-4.8.5-18.1 libgcc_s1-debuginfo-4.8.5-18.1 libgcj48-32bit-4.8.5-18.1 libgcj48-4.8.5-18.1 libgcj48-debuginfo-32bit-4.8.5-18.1 libgcj48-debuginfo-4.8.5-18.1 libgcj48-debugsource-4.8.5-18.1 libgcj48-jar-4.8.5-18.1 libgcj_bc1-4.8.5-18.1 libgfortran3-4.8.5-18.1 libgfortran3-debuginfo-4.8.5-18.1 libgomp1-32bit-4.8.5-18.1 libgomp1-4.8.5-18.1 libgomp1-debuginfo-4.8.5-18.1 libitm1-32bit-4.8.5-18.1 libitm1-4.8.5-18.1 libitm1-debuginfo-4.8.5-18.1 libquadmath0-4.8.5-18.1 libquadmath0-debuginfo-4.8.5-18.1 libstdc++48-devel-32bit-4.8.5-18.1 libstdc++48-devel-4.8.5-18.1 libstdc++6-32bit-4.8.5-18.1 libstdc++6-4.8.5-18.1 libstdc++6-debuginfo-4.8.5-18.1 libtsan0-4.8.5-18.1 libtsan0-debuginfo-4.8.5-18.1 - SUSE Linux Enterprise Desktop 12 (noarch): gcc48-info-4.8.5-18.1 References: https://bugzilla.suse.com/889990 https://bugzilla.suse.com/917169 https://bugzilla.suse.com/919274 https://bugzilla.suse.com/922534 https://bugzilla.suse.com/924525 https://bugzilla.suse.com/924687 https://bugzilla.suse.com/927993 https://bugzilla.suse.com/930176 https://bugzilla.suse.com/934689 From sle-updates at lists.suse.com Fri Jul 31 08:11:03 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 31 Jul 2015 16:11:03 +0200 (CEST) Subject: SUSE-SU-2015:1331-1: important: Security update for java-1_7_1-ibm Message-ID: <20150731141103.44F1C320B5@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1331-1 Rating: important References: #935540 #938895 Cross-References: CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: IBM Java was updated to 7.1-3.10 to fix several security issues. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2613: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. * CVE-2015-2619: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. * CVE-2015-4729: Very difficult to exploit vulnerability in the Deployment component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java SE accessible data as well as read access to a subset of Java SE accessible data. * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-359=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-359=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.10-14.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.10-14.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.10-14.1 - SUSE Linux Enterprise Server 12 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.10-14.1 java-1_7_1-ibm-plugin-1.7.1_sr3.10-14.1 References: https://www.suse.com/security/cve/CVE-2015-1931.html https://www.suse.com/security/cve/CVE-2015-2590.html https://www.suse.com/security/cve/CVE-2015-2601.html https://www.suse.com/security/cve/CVE-2015-2613.html https://www.suse.com/security/cve/CVE-2015-2619.html https://www.suse.com/security/cve/CVE-2015-2621.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2632.html https://www.suse.com/security/cve/CVE-2015-2637.html https://www.suse.com/security/cve/CVE-2015-2638.html https://www.suse.com/security/cve/CVE-2015-2664.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4729.html https://www.suse.com/security/cve/CVE-2015-4731.html https://www.suse.com/security/cve/CVE-2015-4732.html https://www.suse.com/security/cve/CVE-2015-4733.html https://www.suse.com/security/cve/CVE-2015-4748.html https://www.suse.com/security/cve/CVE-2015-4749.html https://www.suse.com/security/cve/CVE-2015-4760.html https://bugzilla.suse.com/935540 https://bugzilla.suse.com/938895