SUSE-SU-2015:0481-1: important: Security update for Linux kernel

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Mar 11 13:05:42 MDT 2015


   SUSE Security Update: Security update for Linux kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0481-1
Rating:             important
References:         #771619 #779488 #833588 #835839 #847652 #857643 
                    #864049 #865442 #867531 #867723 #870161 #875051 
                    #876633 #880892 #883096 #883948 #887082 #892490 
                    #892782 #895680 #896382 #896390 #896391 #896392 
                    #897995 #898693 #899192 #901885 #902232 #902346 
                    #902349 #902351 #902675 #903640 #904013 #904700 
                    #905100 #905312 #905799 #906586 #907189 #907338 
                    #907396 #909078 #912654 #912705 #915335 
Cross-References:   CVE-2012-4398 CVE-2013-2893 CVE-2013-2897
                    CVE-2013-2899 CVE-2013-2929 CVE-2013-7263
                    CVE-2014-0131 CVE-2014-0181 CVE-2014-2309
                    CVE-2014-3181 CVE-2014-3184 CVE-2014-3185
                    CVE-2014-3186 CVE-2014-3601 CVE-2014-3610
                    CVE-2014-3646 CVE-2014-3647 CVE-2014-3673
                    CVE-2014-3687 CVE-2014-3688 CVE-2014-3690
                    CVE-2014-4608 CVE-2014-4943 CVE-2014-5471
                    CVE-2014-5472 CVE-2014-7826 CVE-2014-7841
                    CVE-2014-7842 CVE-2014-8134 CVE-2014-8369
                    CVE-2014-8559 CVE-2014-8709 CVE-2014-9584
                    CVE-2014-9585
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 LTSS
                    SLE 11 SERVER Unsupported Extras
______________________________________________________________________________

   An update that solves 34 vulnerabilities and has 13 fixes
   is now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated
   to fix security issues on kernels on the x86_64 architecture.

   The following security bugs have been fixed:

       * CVE-2012-4398: The __request_module function in kernel/kmod.c in the
         Linux kernel before 3.4 did not set a certain killable attribute,
         which allowed local users to cause a denial of service (memory
         consumption) via a crafted application (bnc#779488).
       * CVE-2013-2893: The Human Interface Device (HID) subsystem in the
         Linux kernel through 3.11, when CONFIG_LOGITECH_FF,
         CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed
         physically proximate attackers to cause a denial of service
         (heap-based out-of-bounds write) via a crafted device, related to
         (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3)
         drivers/hid/hid-lg4ff.c (bnc#835839).
       * CVE-2013-2897: Multiple array index errors in
         drivers/hid/hid-multitouch.c in the Human Interface Device (HID)
         subsystem in the Linux kernel through 3.11, when
         CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate
         attackers to cause a denial of service (heap memory corruption, or
         NULL pointer dereference and OOPS) via a crafted device (bnc#835839).
       * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface
         Device (HID) subsystem in the Linux kernel through 3.11, when
         CONFIG_HID_PICOLCD is enabled, allowed physically proximate
         attackers to cause a denial of service (NULL pointer dereference and
         OOPS) via a crafted device (bnc#835839).
       * CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use
         the get_dumpable function, which allowed local users to bypass
         intended ptrace restrictions or obtain sensitive information from
         IA64 scratch registers via a crafted application, related to
         kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652).
       * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length
         values before ensuring that associated data structures have been
         initialized, which allowed local users to obtain sensitive
         information from kernel stack memory via a (1) recvfrom, (2)
         recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,
         net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c
         (bnc#857643).
       * CVE-2014-0131: Use-after-free vulnerability in the skb_segment
         function in net/core/skbuff.c in the Linux kernel through 3.13.6
         allowed attackers to obtain sensitive information from kernel memory
         by leveraging the absence of a certain orphaning operation
         (bnc#867723).
       * CVE-2014-0181: The Netlink implementation in the Linux kernel
         through 3.14.1 did not provide a mechanism for authorizing socket
         operations based on the opener of a socket, which allowed local
         users to bypass intended access restrictions and modify network
         configurations by using a Netlink socket for the (1) stdout or (2)
         stderr of a setuid program (bnc#875051).
       * CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the
         Linux kernel through 3.13.6 did not properly count the addition of
         routes, which allowed remote attackers to cause a denial of service
         (memory consumption) via a flood of ICMPv6 Router Advertisement
         packets (bnc#867531).
       * CVE-2014-3181: Multiple stack-based buffer overflows in the
         magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the
         Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed
         physically proximate attackers to cause a denial of service (system
         crash) or possibly execute arbitrary code via a crafted device that
         provides a large amount of (1) EHCI or (2) XHCI data associated with
         an event (bnc#896382).
       * CVE-2014-3184: The report_fixup functions in the HID subsystem in
         the Linux kernel before 3.16.2 might have allowed physically
         proximate attackers to cause a denial of service (out-of-bounds
         write) via a crafted device that provides a small report descriptor,
         related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c,
         (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)
         drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c
         (bnc#896390).
       * CVE-2014-3185: Multiple buffer overflows in the
         command_port_read_callback function in
         drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in
         the Linux kernel before 3.16.2 allowed physically proximate
         attackers to execute arbitrary code or cause a denial of service
         (memory corruption and system crash) via a crafted device that
         provides a large amount of (1) EHCI or (2) XHCI data associated with
         a bulk response (bnc#896391).
       * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in
         devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in
         the Linux kernel through 3.16.3, as used in Android on Nexus 7
         devices, allowed physically proximate attackers to cause a denial of
         service (system crash) or possibly execute arbitrary code via a
         crafted device that sends a large report (bnc#896392).
       * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c
         in the Linux kernel through 3.16.1 miscalculates the number of pages
         during the handling of a mapping failure, which allowed guest OS
         users to (1) cause a denial of service (host OS memory corruption)
         or possibly have unspecified other impact by triggering a large gfn
         value or (2) cause a denial of service (host OS memory consumption)
         by triggering a small gfn value that leads to permanently pinned
         pages (bnc#892782).
       * CVE-2014-3610: The WRMSR processing functionality in the KVM
         subsystem in the Linux kernel through 3.17.2 did not properly handle
         the writing of a non-canonical address to a model-specific register,
         which allowed guest OS users to cause a denial of service (host OS
         crash) by leveraging guest OS privileges, related to the
         wrmsr_interception function in arch/x86/kvm/svm.c and the
         handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192).
       * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux
         kernel through 3.17.2 did not have an exit handler for the INVVPID
         instruction, which allowed guest OS users to cause a denial of
         service (guest OS crash) via a crafted application (bnc#899192).
       * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the
         Linux kernel through 3.17.2 did not properly perform RIP changes,
         which allowed guest OS users to cause a denial of service (guest OS
         crash) via a crafted application (bnc#899192).
       * CVE-2014-3673: The SCTP implementation in the Linux kernel through
         3.17.2 allowed remote attackers to cause a denial of service (system
         crash) via a malformed ASCONF chunk, related to
         net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).
       * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in
         net/sctp/associola.c in the SCTP implementation in the Linux kernel
         through 3.17.2 allowed remote attackers to cause a denial of service
         (panic) via duplicate ASCONF chunks that trigger an incorrect uncork
         within the side-effect interpreter (bnc#902349).
       * CVE-2014-3688: The SCTP implementation in the Linux kernel before
         3.17.4 allowed remote attackers to cause a denial of service (memory
         consumption) by triggering a large number of chunks in an
         associations output queue, as demonstrated by ASCONF probes, related
         to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).
       * CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux
         kernel before 3.17.2 on Intel processors did not ensure that the
         value in the CR4 control register remains the same after a VM entry,
         which allowed host OS users to kill arbitrary processes or cause a
         denial of service (system disruption) by leveraging /dev/kvm access,
         as demonstrated by PR_SET_TSC prctl calls within a modified copy of
         QEMU (bnc#902232).
       * CVE-2014-4608: Multiple integer overflows in the
         lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in
         the LZO decompressor in the Linux kernel before 3.15.2 allowed
         context-dependent attackers to cause a denial of service (memory
         corruption) via a crafted Literal Run (bnc#883948).
       * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the
         Linux kernel through 3.15.6 allowed local users to gain privileges
         by leveraging data-structure differences between an l2tp socket and
         an inet socket (bnc#887082).
       * CVE-2014-5471: Stack consumption vulnerability in the
         parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the
         Linux kernel through 3.16.1 allowed local users to cause a denial of
         service (uncontrolled recursion, and system crash or reboot) via a
         crafted iso9660 image with a CL entry referring to a directory entry
         that has a CL entry (bnc#892490).
       * CVE-2014-5472: The parse_rock_ridge_inode_internal function in
         fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local
         users to cause a denial of service (unkillable mount process) via a
         crafted iso9660 image with a self-referential CL entry (bnc#892490).
       * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel
         through 3.17.2 did not properly handle private syscall numbers
         during use of the ftrace subsystem, which allowed local users to
         gain privileges or cause a denial of service (invalid pointer
         dereference) via a crafted application (bnc#904013).
       * CVE-2014-7841: The sctp_process_param function in
         net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux
         kernel before 3.17.4, when ASCONF is used, allowed remote attackers
         to cause a denial of service (NULL pointer dereference and system
         crash) via a malformed INIT chunk (bnc#905100).
       * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux
         kernel before 3.17.4 allowed guest OS users to cause a denial of
         service (guest OS crash) via a crafted application that performs an
         MMIO transaction or a PIO transaction to trigger a guest userspace
         emulation error report, a similar issue to CVE-2010-5313
         (bnc#905312).
       * CVE-2014-8134: The paravirt_ops_setup function in
         arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an
         improper paravirt_enabled setting for KVM guest kernels, which made
         it easier for guest OS users to bypass the ASLR protection mechanism
         via a crafted application that reads a 16-bit value (bnc#909078).
       * CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c
         in the Linux kernel through 3.17.2 miscalculates the number of pages
         during the handling of a mapping failure, which allowed guest OS
         users to cause a denial of service (host OS page unpinning) or
         possibly have unspecified other impact by leveraging guest OS
         privileges. NOTE: this vulnerability exists because of an incorrect
         fix for CVE-2014-3601 (bnc#902675).
       * CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux
         kernel through 3.17.2 did not properly maintain the semantics of
         rename_lock, which allowed local users to cause a denial of service
         (deadlock and system hang) via a crafted application (bnc#903640).
       * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c
         in the Linux kernel before 3.13.5 did not properly maintain a
         certain tail pointer, which allowed remote attackers to obtain
         sensitive cleartext information by reading packets (bnc#904700).
       * CVE-2014-9584: The parse_rock_ridge_inode_internal function in
         fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a
         length value in the Extensions Reference (ER) System Use Field,
         which allowed local users to obtain sensitive information from
         kernel memory via a crafted iso9660 image (bnc#912654).
       * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the
         Linux kernel through 3.18.2 did not properly choose memory locations
         for the vDSO area, which made it easier for local users to bypass
         the ASLR protection mechanism by guessing a location at the end of a
         PMD (bnc#912705).

   The following non-security bugs have been fixed:

       * Fix HDIO_DRIVE_* ioctl() Linux 3.9 regression (bnc#833588,
         bnc#905799).
       * HID: add usage_index in struct hid_usage (bnc#835839).
       * Revert PM / reboot: call syscore_shutdown() after
         disable_nonboot_cpus() Reduce time to shutdown large machines
         (bnc#865442 bnc#907396).
       * Revert kernel/sys.c: call disable_nonboot_cpus() in kernel_restart()
         Reduce time to shutdown large machines (bnc#865442 bnc#907396).
       * dm-mpath: fix panic on deleting sg device (bnc#870161).
       * futex: Unlock hb->lock in futex_wait_requeue_pi() error path (fix
         bnc#880892).
       * handle more than just WS2008 in heartbeat negotiation (bnc#901885).
       * memcg: do not expose uninitialized mem_cgroup_per_node to world
         (bnc#883096).
       * mm: fix BUG in __split_huge_page_pmd (bnc#906586).
       * pagecachelimit: reduce lru_lock congestion for heavy parallel
         reclaim fix (bnc#895680, bnc#907189).
       * s390/3215: fix hanging console issue (bnc#898693, bnc#897995,
         LTC#115466).
       * s390/cio: improve cio_commit_config (bnc#864049, bnc#898693,
         LTC#104168).
       * scsi_dh_alua: disable ALUA handling for non-disk devices
         (bnc#876633).
       * target/rd: Refactor rd_build_device_space + rd_release_device_space.
       * timekeeping: Avoid possible deadlock from clock_was_set_delayed
         (bnc#771619, bnc#915335).
       * xfs: recheck buffer pinned status after push trylock failure
         (bnc#907338).
       * xfs: remove log force from xfs_buf_trylock() (bnc#907338).

   Security Issues:

       * CVE-2012-4398
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398>
       * CVE-2013-2893
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893>
       * CVE-2013-2897
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897>
       * CVE-2013-2899
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899>
       * CVE-2013-2929
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929>
       * CVE-2013-7263
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263>
       * CVE-2014-0131
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131>
       * CVE-2014-0181
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181>
       * CVE-2014-2309
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309>
       * CVE-2014-3181
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181>
       * CVE-2014-3184
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184>
       * CVE-2014-3185
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185>
       * CVE-2014-3186
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186>
       * CVE-2014-3601
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601>
       * CVE-2014-3610
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610>
       * CVE-2014-3646
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646>
       * CVE-2014-3647
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647>
       * CVE-2014-3673
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673>
       * CVE-2014-3687
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687>
       * CVE-2014-3688
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688>
       * CVE-2014-3690
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690>
       * CVE-2014-4608
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608>
       * CVE-2014-4943
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943>
       * CVE-2014-5471
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471>
       * CVE-2014-5472
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472>
       * CVE-2014-7826
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826>
       * CVE-2014-7841
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841>
       * CVE-2014-7842
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842>
       * CVE-2014-8134
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134>
       * CVE-2014-8369
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369>
       * CVE-2014-8559
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559>
       * CVE-2014-8709
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709>
       * CVE-2014-9584
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584>
       * CVE-2014-9585
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585>

Indications:

   Everyone using the Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 LTSS:

      zypper in -t patch slessp2-kernel=10239 slessp2-kernel=10245 slessp2-kernel=10246

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64) [New Version: 3.0.101]:

      kernel-default-3.0.101-0.7.29.1
      kernel-default-base-3.0.101-0.7.29.1
      kernel-default-devel-3.0.101-0.7.29.1
      kernel-source-3.0.101-0.7.29.1
      kernel-syms-3.0.101-0.7.29.1
      kernel-trace-3.0.101-0.7.29.1
      kernel-trace-base-3.0.101-0.7.29.1
      kernel-trace-devel-3.0.101-0.7.29.1

   - SUSE Linux Enterprise Server 11 SP2 LTSS (i586 x86_64) [New Version: 3.0.101]:

      kernel-ec2-3.0.101-0.7.29.1
      kernel-ec2-base-3.0.101-0.7.29.1
      kernel-ec2-devel-3.0.101-0.7.29.1
      kernel-xen-3.0.101-0.7.29.1
      kernel-xen-base-3.0.101-0.7.29.1
      kernel-xen-devel-3.0.101-0.7.29.1
      xen-kmp-default-4.1.6_08_3.0.101_0.7.29-0.5.19
      xen-kmp-trace-4.1.6_08_3.0.101_0.7.29-0.5.19

   - SUSE Linux Enterprise Server 11 SP2 LTSS (s390x) [New Version: 3.0.101]:

      kernel-default-man-3.0.101-0.7.29.1

   - SUSE Linux Enterprise Server 11 SP2 LTSS (i586) [New Version: 3.0.101]:

      kernel-pae-3.0.101-0.7.29.1
      kernel-pae-base-3.0.101-0.7.29.1
      kernel-pae-devel-3.0.101-0.7.29.1
      xen-kmp-pae-4.1.6_08_3.0.101_0.7.29-0.5.19

   - SLE 11 SERVER Unsupported Extras (i586 s390x x86_64):

      ext4-writeable-kmp-default-0_3.0.101_0.7.29-0.14.142
      ext4-writeable-kmp-trace-0_3.0.101_0.7.29-0.14.142
      kernel-default-extra-3.0.101-0.7.29.1

   - SLE 11 SERVER Unsupported Extras (i586 x86_64):

      ext4-writeable-kmp-xen-0_3.0.101_0.7.29-0.14.142
      kernel-xen-extra-3.0.101-0.7.29.1

   - SLE 11 SERVER Unsupported Extras (i586):

      ext4-writeable-kmp-pae-0_3.0.101_0.7.29-0.14.142
      kernel-pae-extra-3.0.101-0.7.29.1


References:

   http://support.novell.com/security/cve/CVE-2012-4398.html
   http://support.novell.com/security/cve/CVE-2013-2893.html
   http://support.novell.com/security/cve/CVE-2013-2897.html
   http://support.novell.com/security/cve/CVE-2013-2899.html
   http://support.novell.com/security/cve/CVE-2013-2929.html
   http://support.novell.com/security/cve/CVE-2013-7263.html
   http://support.novell.com/security/cve/CVE-2014-0131.html
   http://support.novell.com/security/cve/CVE-2014-0181.html
   http://support.novell.com/security/cve/CVE-2014-2309.html
   http://support.novell.com/security/cve/CVE-2014-3181.html
   http://support.novell.com/security/cve/CVE-2014-3184.html
   http://support.novell.com/security/cve/CVE-2014-3185.html
   http://support.novell.com/security/cve/CVE-2014-3186.html
   http://support.novell.com/security/cve/CVE-2014-3601.html
   http://support.novell.com/security/cve/CVE-2014-3610.html
   http://support.novell.com/security/cve/CVE-2014-3646.html
   http://support.novell.com/security/cve/CVE-2014-3647.html
   http://support.novell.com/security/cve/CVE-2014-3673.html
   http://support.novell.com/security/cve/CVE-2014-3687.html
   http://support.novell.com/security/cve/CVE-2014-3688.html
   http://support.novell.com/security/cve/CVE-2014-3690.html
   http://support.novell.com/security/cve/CVE-2014-4608.html
   http://support.novell.com/security/cve/CVE-2014-4943.html
   http://support.novell.com/security/cve/CVE-2014-5471.html
   http://support.novell.com/security/cve/CVE-2014-5472.html
   http://support.novell.com/security/cve/CVE-2014-7826.html
   http://support.novell.com/security/cve/CVE-2014-7841.html
   http://support.novell.com/security/cve/CVE-2014-7842.html
   http://support.novell.com/security/cve/CVE-2014-8134.html
   http://support.novell.com/security/cve/CVE-2014-8369.html
   http://support.novell.com/security/cve/CVE-2014-8559.html
   http://support.novell.com/security/cve/CVE-2014-8709.html
   http://support.novell.com/security/cve/CVE-2014-9584.html
   http://support.novell.com/security/cve/CVE-2014-9585.html
   https://bugzilla.suse.com/771619
   https://bugzilla.suse.com/779488
   https://bugzilla.suse.com/833588
   https://bugzilla.suse.com/835839
   https://bugzilla.suse.com/847652
   https://bugzilla.suse.com/857643
   https://bugzilla.suse.com/864049
   https://bugzilla.suse.com/865442
   https://bugzilla.suse.com/867531
   https://bugzilla.suse.com/867723
   https://bugzilla.suse.com/870161
   https://bugzilla.suse.com/875051
   https://bugzilla.suse.com/876633
   https://bugzilla.suse.com/880892
   https://bugzilla.suse.com/883096
   https://bugzilla.suse.com/883948
   https://bugzilla.suse.com/887082
   https://bugzilla.suse.com/892490
   https://bugzilla.suse.com/892782
   https://bugzilla.suse.com/895680
   https://bugzilla.suse.com/896382
   https://bugzilla.suse.com/896390
   https://bugzilla.suse.com/896391
   https://bugzilla.suse.com/896392
   https://bugzilla.suse.com/897995
   https://bugzilla.suse.com/898693
   https://bugzilla.suse.com/899192
   https://bugzilla.suse.com/901885
   https://bugzilla.suse.com/902232
   https://bugzilla.suse.com/902346
   https://bugzilla.suse.com/902349
   https://bugzilla.suse.com/902351
   https://bugzilla.suse.com/902675
   https://bugzilla.suse.com/903640
   https://bugzilla.suse.com/904013
   https://bugzilla.suse.com/904700
   https://bugzilla.suse.com/905100
   https://bugzilla.suse.com/905312
   https://bugzilla.suse.com/905799
   https://bugzilla.suse.com/906586
   https://bugzilla.suse.com/907189
   https://bugzilla.suse.com/907338
   https://bugzilla.suse.com/907396
   https://bugzilla.suse.com/909078
   https://bugzilla.suse.com/912654
   https://bugzilla.suse.com/912705
   https://bugzilla.suse.com/915335
   http://download.suse.com/patch/finder/?keywords=1aca006b7fb12ba06b40aba057729bf1
   http://download.suse.com/patch/finder/?keywords=276c3f04008f2b450bc62f6bb64d06fc
   http://download.suse.com/patch/finder/?keywords=450d3910ce461844d33188377a397db4
   http://download.suse.com/patch/finder/?keywords=55fa96c03a923b1679e1f132d850294c
   http://download.suse.com/patch/finder/?keywords=9462f7a25fba741ea356e4bc7df2eff7
   http://download.suse.com/patch/finder/?keywords=9d8f78866ba011d27c2f208e892fe2d8



More information about the sle-updates mailing list