From sle-updates at lists.suse.com Thu Oct 1 05:09:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Oct 2015 13:09:28 +0200 (CEST) Subject: SUSE-RU-2015:1660-1: moderate: Recommended update for docker Message-ID: <20151001110928.A1BFF32138@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1660-1 Rating: moderate References: #946653 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Docker has been updated to version 1.8.2, bringing several fixes and enhancements. For a comprehensive list of changes, please refer to the detailed changelogs in: - https://github.com/docker/docker/releases/tag/v1.8.2 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-627=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): docker-1.8.2-46.1 docker-debuginfo-1.8.2-46.1 docker-debugsource-1.8.2-46.1 References: https://bugzilla.suse.com/946653 From sle-updates at lists.suse.com Thu Oct 1 05:09:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Oct 2015 13:09:48 +0200 (CEST) Subject: SUSE-RU-2015:1661-1: moderate: Recommended update for docker-distribution Message-ID: <20151001110948.0B95C32138@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker-distribution ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1661-1 Rating: moderate References: #948097 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides docker-distribution 2.1.1, which brings fixes and enhancements: - Support for listing Registry repositories: A specification and implementation of the catalog API allows users to list the contents of a Registry. - Manifests and layers can now be deleted by reference. - New Storage Drivers: Aliyun OSS, Ceph, Openstack Swift. For a comprehensive list of changes, please refer to the upstream change log at: https://github.com/docker/distribution/releases Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-628=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): docker-distribution-registry-2.1.1-9.2 References: https://bugzilla.suse.com/948097 From sle-updates at lists.suse.com Thu Oct 1 05:10:05 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Oct 2015 13:10:05 +0200 (CEST) Subject: SUSE-OU-2015:1662-1: Initial release of amazon-ecs-init Message-ID: <20151001111005.A323F32138@maintenance.suse.de> SUSE Optional Update: Initial release of amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1662-1 Rating: low References: #941072 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds amazon-ecs-init to the Containers Module for SLES 12. The Amazon Container Service initialization will start the ECS agent. The ECS agent runs in a container and is needed to support integration between the aws-cli ecs command line tool and an instance running in AWS EC2. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-626=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): amazon-ecs-init-1.4.0-6.1 References: https://bugzilla.suse.com/941072 From sle-updates at lists.suse.com Thu Oct 1 05:10:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Oct 2015 13:10:25 +0200 (CEST) Subject: SUSE-SU-2015:1663-1: important: Security update for haproxy Message-ID: <20151001111025.5DE3732138@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1663-1 Rating: important References: #937042 #937202 Cross-References: CVE-2015-3281 CVE-2015-4000 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: haproxy was updated to fix two security issues. These security issues were fixed: - CVE-2015-3281: Information disclosure (bsc#937042). - CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937202). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-625=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-625=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (x86_64): haproxy-1.5.4-2.4.1 haproxy-debuginfo-1.5.4-2.4.1 haproxy-debugsource-1.5.4-2.4.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): haproxy-1.5.4-2.4.1 haproxy-debuginfo-1.5.4-2.4.1 haproxy-debugsource-1.5.4-2.4.1 References: https://www.suse.com/security/cve/CVE-2015-3281.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/937042 https://bugzilla.suse.com/937202 From sle-updates at lists.suse.com Thu Oct 1 08:10:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Oct 2015 16:10:01 +0200 (CEST) Subject: SUSE-SU-2015:1666-1: moderate: Security update for Cloud Compute 12 Message-ID: <20151001141001.0799732138@maintenance.suse.de> SUSE Security Update: Security update for Cloud Compute 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1666-1 Rating: moderate References: #915245 #917091 #920573 #922751 #926596 #926773 #927625 #930574 #931839 #934523 #944339 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This collective update for the Cloud Compute 12 Module provides several fixes and enhancements. openstack-suse: - Do not copy upstream Python requirements to the package. (bsc#920573) openstack-nova: - Fix metadata not returning just instance private IP. (bsc#934523) - Enable tenant/user specific instance filtering. (bsc#927625) - Cleanup allocated networks after rescheduling. (bsc#931839) - Fix instance filtering. (bsc#927625) - Websocket Proxy should verify Origin header to prevent Cross-Site WebSocket hijacking. (bsc#917091, CVE-2015-0259) openstack-neutron: - Change neutron-ha-tool to read password from /etc/neutron/os_password. (bsc#922751) - Change port status when it is bound. (bsc#926773) - Require conntrack-tools for SLE12. (bsc#944339) - Allow images with existing routes in the network 169.254.0.0/16 to access metadata server. (bsc#915245) openstack-ceilometer: - Fix issue when ceilometer-expirer is called from the wrong user via cronjob and the resulting logs end up having wrong ownership. (bsc#930574) - Move the cron job to collector package. (bsc#926596) For a comprehensive list of changes, please refer to the packages' change log. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-629=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): openstack-ceilometer-2014.2.4.dev18-3.2 openstack-ceilometer-agent-compute-2014.2.4.dev18-3.2 openstack-neutron-2014.2.4~a0~dev78-7.2 openstack-neutron-dhcp-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-ha-tool-2014.2.4~a0~dev78-7.2 openstack-neutron-l3-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-lbaas-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-linuxbridge-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-metadata-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-metering-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-openvswitch-agent-2014.2.4~a0~dev78-7.2 openstack-neutron-vpn-agent-2014.2.4~a0~dev78-7.2 openstack-nova-2014.2.4~a0~dev61-6.2 openstack-nova-compute-2014.2.4~a0~dev61-6.2 openstack-suse-sudo-2014.2-5.1 python-ceilometer-2014.2.4.dev18-3.2 python-neutron-2014.2.4~a0~dev78-7.2 python-nova-2014.2.4~a0~dev61-6.2 References: https://bugzilla.suse.com/915245 https://bugzilla.suse.com/917091 https://bugzilla.suse.com/920573 https://bugzilla.suse.com/922751 https://bugzilla.suse.com/926596 https://bugzilla.suse.com/926773 https://bugzilla.suse.com/927625 https://bugzilla.suse.com/930574 https://bugzilla.suse.com/931839 https://bugzilla.suse.com/934523 https://bugzilla.suse.com/944339 From sle-updates at lists.suse.com Fri Oct 2 08:09:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Oct 2015 16:09:44 +0200 (CEST) Subject: SUSE-RU-2015:1670-1: moderate: Recommended update for xf86-video-modesetting Message-ID: <20151002140944.3DEF332138@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-video-modesetting ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1670-1 Rating: moderate References: #942871 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xf86-video-modesetting implements "double buffered shadow mode" to speed up remote management cards. (bsc#942871) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-633=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-633=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le x86_64): xf86-video-modesetting-0.9.0-3.1 xf86-video-modesetting-debuginfo-0.9.0-3.1 xf86-video-modesetting-debugsource-0.9.0-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xf86-video-modesetting-0.9.0-3.1 xf86-video-modesetting-debuginfo-0.9.0-3.1 xf86-video-modesetting-debugsource-0.9.0-3.1 References: https://bugzilla.suse.com/942871 From sle-updates at lists.suse.com Fri Oct 2 10:09:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Oct 2015 18:09:42 +0200 (CEST) Subject: SUSE-RU-2015:1671-1: Recommended update for gtk-vnc Message-ID: <20151002160942.ABE2F32138@maintenance.suse.de> SUSE Recommended Update: Recommended update for gtk-vnc ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1671-1 Rating: low References: #890568 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gtk-vnc fixes an issue that prevented the slide-panel which allows the user to leave full screen mode to be shown. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-634=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-634=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-634=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-634=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (noarch): gtk-vnc-lang-0.5.3-3.15 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gtk-vnc-debugsource-0.5.3-3.15 gtk-vnc-devel-0.5.3-3.15 gtk-vnc2-debugsource-0.5.3-3.3 gtk-vnc2-devel-0.5.3-3.3 libgvncpulse-1_0-0-0.5.3-3.15 libgvncpulse-1_0-0-debuginfo-0.5.3-3.15 typelib-1_0-GVncPulse-1_0-0.5.3-3.15 typelib-1_0-GtkVnc-1_0-0.5.3-3.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gtk-vnc-debugsource-0.5.3-3.15 gtk-vnc2-debugsource-0.5.3-3.3 libgtk-vnc-1_0-0-0.5.3-3.3 libgtk-vnc-1_0-0-debuginfo-0.5.3-3.3 libgtk-vnc-2_0-0-0.5.3-3.15 libgtk-vnc-2_0-0-debuginfo-0.5.3-3.15 libgvnc-1_0-0-0.5.3-3.15 libgvnc-1_0-0-debuginfo-0.5.3-3.15 python-gtk-vnc-0.5.3-3.3 python-gtk-vnc-debuginfo-0.5.3-3.3 typelib-1_0-GVnc-1_0-0.5.3-3.15 typelib-1_0-GtkVnc-2_0-0.5.3-3.15 - SUSE Linux Enterprise Desktop 12 (x86_64): gtk-vnc-debugsource-0.5.3-3.15 gtk-vnc2-debugsource-0.5.3-3.3 libgtk-vnc-1_0-0-0.5.3-3.3 libgtk-vnc-1_0-0-debuginfo-0.5.3-3.3 libgtk-vnc-2_0-0-0.5.3-3.15 libgtk-vnc-2_0-0-debuginfo-0.5.3-3.15 libgvnc-1_0-0-0.5.3-3.15 libgvnc-1_0-0-debuginfo-0.5.3-3.15 typelib-1_0-GVnc-1_0-0.5.3-3.15 typelib-1_0-GtkVnc-2_0-0.5.3-3.15 - SUSE Linux Enterprise Desktop 12 (noarch): gtk-vnc-lang-0.5.3-3.15 References: https://bugzilla.suse.com/890568 From sle-updates at lists.suse.com Fri Oct 2 11:09:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Oct 2015 19:09:42 +0200 (CEST) Subject: SUSE-OU-2015:1672-1: Optional update for virt-top Message-ID: <20151002170942.B55C632138@maintenance.suse.de> SUSE Optional Update: Optional update for virt-top ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1672-1 Rating: low References: #945833 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds virt-top to SUSE Linux Enterprise Server 12. virt-top is a 'top(1)'-like utility for showing stats of virtualized domains. Many keys and command line options are the same as for ordinary 'top'. It uses libvirt so it is capable of showing stats across a variety of different virtualization systems. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-636=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): virt-top-1.0.8-2.1 References: https://bugzilla.suse.com/945833 From sle-updates at lists.suse.com Fri Oct 2 11:10:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Oct 2015 19:10:02 +0200 (CEST) Subject: SUSE-RU-2015:1673-1: Initial release of python-oslo.concurrency Message-ID: <20151002171002.7D64C32138@maintenance.suse.de> SUSE Recommended Update: Initial release of python-oslo.concurrency ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1673-1 Rating: low References: #938960 #948420 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update adds the oslo.concurrency library to SLE 12 Cloud Compute extension. To support this new component, python-retrying has been updated to version 1.3.3. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-635=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-oslo.concurrency-0.4.0-2.1 python-retrying-1.3.3-5.1 References: https://bugzilla.suse.com/938960 https://bugzilla.suse.com/948420 From sle-updates at lists.suse.com Mon Oct 5 07:09:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Oct 2015 15:09:45 +0200 (CEST) Subject: SUSE-SU-2015:1676-1: moderate: Security update for wireshark Message-ID: <20151005130945.C40B232101@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1676-1 Rating: moderate References: #935158 #941500 Cross-References: CVE-2015-3813 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: Wireshark has been updated to 1.12.7. (FATE#319388) The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243 * The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245 * The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248 * The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-1127-12112=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-wireshark-1127-12112=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-wireshark-1127-12112=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-1127-12112=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-wireshark-1127-12112=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-1.12.7-0.5.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): wireshark-1.12.7-0.5.3 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-1.12.7-0.5.3 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): wireshark-1.12.7-0.5.3 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): wireshark-1.12.7-0.5.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-1.12.7-0.5.3 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): wireshark-1.12.7-0.5.3 References: https://www.suse.com/security/cve/CVE-2015-3813.html https://www.suse.com/security/cve/CVE-2015-4652.html https://www.suse.com/security/cve/CVE-2015-6241.html https://www.suse.com/security/cve/CVE-2015-6242.html https://www.suse.com/security/cve/CVE-2015-6243.html https://www.suse.com/security/cve/CVE-2015-6244.html https://www.suse.com/security/cve/CVE-2015-6245.html https://www.suse.com/security/cve/CVE-2015-6246.html https://www.suse.com/security/cve/CVE-2015-6247.html https://www.suse.com/security/cve/CVE-2015-6248.html https://www.suse.com/security/cve/CVE-2015-6249.html https://bugzilla.suse.com/935158 https://bugzilla.suse.com/941500 From sle-updates at lists.suse.com Mon Oct 5 09:09:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Oct 2015 17:09:58 +0200 (CEST) Subject: SUSE-SU-2015:1676-2: moderate: Security update for wireshark Message-ID: <20151005150958.5E79D32138@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1676-2 Rating: moderate References: #935158 #941500 Cross-References: CVE-2015-3813 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: Wireshark has been updated to 1.12.7. (FATE#319388) The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243 * The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245 * The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248 * The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158 CVE-2015-4652) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-wireshark-1127-12112=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-wireshark-1127-12112=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-1127-12112=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-wireshark-1127-12112=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): wireshark-1.12.7-0.5.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): wireshark-1.12.7-0.5.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-1.12.7-0.5.3 wireshark-debugsource-1.12.7-0.5.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-1.12.7-0.5.3 wireshark-debugsource-1.12.7-0.5.3 References: https://www.suse.com/security/cve/CVE-2015-3813.html https://www.suse.com/security/cve/CVE-2015-4652.html https://www.suse.com/security/cve/CVE-2015-6241.html https://www.suse.com/security/cve/CVE-2015-6242.html https://www.suse.com/security/cve/CVE-2015-6243.html https://www.suse.com/security/cve/CVE-2015-6244.html https://www.suse.com/security/cve/CVE-2015-6245.html https://www.suse.com/security/cve/CVE-2015-6246.html https://www.suse.com/security/cve/CVE-2015-6247.html https://www.suse.com/security/cve/CVE-2015-6248.html https://www.suse.com/security/cve/CVE-2015-6249.html https://bugzilla.suse.com/935158 https://bugzilla.suse.com/941500 From sle-updates at lists.suse.com Mon Oct 5 09:10:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Oct 2015 17:10:40 +0200 (CEST) Subject: SUSE-SU-2015:1678-1: moderate: Security update for kernel-source Message-ID: <20151005151040.A0F7E32138@maintenance.suse.de> SUSE Security Update: Security update for kernel-source ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1678-1 Rating: moderate References: #777565 #867362 #873385 #883380 #884333 #886785 #891116 #894936 #915517 #917830 #917968 #919463 #920016 #920110 #920250 #920733 #921430 #923002 #923245 #923431 #924701 #925705 #925881 #925903 #926240 #926953 #927355 #928988 #929076 #929142 #929143 #930092 #930934 #931620 #932350 #932458 #932882 #933429 #933721 #933896 #933904 #933907 #933936 #934944 #935053 #935055 #935572 #935705 #935866 #935906 #936077 #936095 #936118 #936423 #936637 #936831 #936875 #936921 #936925 #937032 #937256 #937402 #937444 #937503 #937641 #937855 #938485 #939910 #939994 #940338 #940398 #940925 #940966 #942204 #942305 #942350 #942367 #942404 #942605 #942688 #942938 #943477 Cross-References: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0777 CVE-2015-1420 CVE-2015-1805 CVE-2015-2150 CVE-2015-2830 CVE-2015-4167 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 CVE-2015-6252 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 67 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367). * CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov() (bsc#940338). * CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bsc#936831). * CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bsc#936831). * CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bsc#915517). * CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O" vector array overrun. (bsc#933429) * CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. (bsc#919463) * CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bsc#926240) * CVE-2015-4700: The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler (bsc#935705). * CVE-2015-4167: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 did not validate certain length values, which allowed local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem (bsc#933907). * CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bsc#917830) * CVE-2014-9728: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not validate certain lengths, which allowed local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c (bsc#933904). * CVE-2014-9730: The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). * CVE-2014-9729: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 did not ensure a certain data-structure size consistency, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). * CVE-2014-9731: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allowed local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c (bsc#933896). The following non-security bugs were fixed: - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - Btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942404). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942404). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - Btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942404). - Btrfs: fix hang when failing to submit bio of directIO (bnc#942688). - Btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688). - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688). - DRM/I915: Add enum hpd_pin to intel_encoder (bsc#942938). - DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - DRM/i915: Get rid of the 'hotplug_supported_mask' in struct drm_i915_private (bsc#942938). - DRM/i915: Remove i965_hpd_irq_setup (bsc#942938). - DRM/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - Ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - IB/iser: Add Discovery support (bsc#923002). - IB/iser: Move informational messages from error to info level (bsc#923002). - NFS: never queue requests with rq_cong set on the sending queue (bsc#932458). - NFSD: Fix nfsv4 opcode decoding error (bsc#935906). - NFSv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - PCI: Disable Bus Master only on kexec reboot (bsc#920110). - PCI: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - PCI: Do not try to disable Bus Master on disconnected PCI devices (bsc#920110). - PCI: Lock down register access when trusted_kernel is true (fate#314486, bnc#884333)(bsc#923431). - PCI: disable Bus Master on PCI device shutdown (bsc#920110). - USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721). - USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721). - Apparmor: fix file_permission if profile is updated (bsc#917968). - block: Discard bios do not have data (bsc#928988). - cifs: Fix missing crypto allocation (bnc#937402). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails (FATE#317582). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (FATE#317582). - drm: ast,cirrus,mgag200: use drm_can_sleep (FATE#317582, bnc#883380, bsc#935572). - ehci-pci: enable interrupt on BayTrail (bnc926007). - exec: kill the unnecessary mm->def_flags setting in load_elf_binary() (fate#317831,bnc#891116)). - ext3: Fix data corruption in inodes with journalled data (bsc#936637). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hv_storvsc: use small sg_tablesize on x86 (bnc#937256). - ibmveth: Add GRO support (bsc#935055). - ibmveth: Add support for Large Receive Offload (bsc#935055). - ibmveth: Add support for TSO (bsc#935055). - ibmveth: add support for TSO6. - ibmveth: change rx buffer default allocation for CMO (bsc#935055). - igb: do not reuse pages with pfmemalloc flag fix (bnc#920016). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kabi: wrapper include file with __GENKSYMS__ check to avoid kabi change (bsc920110). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. - kernel: do full redraw of the 3270 screen on reconnect (bnc#943477, LTC#129509). - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#938485). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm, THP: do not hold mmap_sem in khugepaged when allocating THP (VM Performance). - mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620). - mm, thp: fix collapsing of hugepages on madvise (VM Functionality). - mm, thp: only collapse hugepages to nodes with affinity for zone_reclaim_mode (VM Functionality, bnc#931620). - mm, thp: really limit transparent hugepage allocation to local node (VM Performance, bnc#931620). - mm, thp: respect MPOL_PREFERRED policy with non-local node (VM Performance, bnc#931620). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM Performance, bnc#931620). - mm/thp: allocate transparent hugepages on local node (VM Performance, bnc#931620). - mm: make page pfmemalloc check more robust (bnc#920016). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - mm: thp: khugepaged: add policy for finding target node (VM Functionality, bnc#931620). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - net: Fix "ip rule delete table 256" (bsc#873385). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - nfsd: support disabling 64bit dir cookies (bnc#937503). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (FATE#309111, bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - qlcnic: Fix NULL pointer dereference in qlcnic_hwmon_show_temp() (bsc#936095). - r8169: remember WOL preferences on driver load (bsc#942305). - s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi: Correctly set the scsi host/msg/status bytes (bnc#933936). - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - scsi: Moved iscsi kabi patch to patches.kabi (bsc#923002) - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: kabi: allow iscsi disocvery session support (bsc#923002). - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - sg_start_req(): make sure that there's not too many elements in iovec (bsc#940338). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - supported.conf: enable sch_mqprio (bsc#932882) - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - x86, tls: Interpret an all-zero struct user_desc as "no segment" (bsc#920250). - x86-64: Do not apply destructive erratum workaround on unaffected CPUs (bsc#929076). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: fix problem when using md+XFS under high load (bnc#925705). - xhci: Allocate correct amount of scratchpad buffers (bnc#933721). - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721). - xhci: do not report PLC when link is in internal resume state (bnc#933721). - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721). - xhci: report U3 when link is in resume state (bnc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721). - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921, bnc#936925, LTC#126491). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-20150908-12114=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-20150908-12114=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20150908-12114=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-kernel-20150908-12114=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-20150908-12114=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-65.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-65.1 kernel-default-base-3.0.101-65.1 kernel-default-devel-3.0.101-65.1 kernel-source-3.0.101-65.1 kernel-syms-3.0.101-65.1 kernel-trace-3.0.101-65.1 kernel-trace-base-3.0.101-65.1 kernel-trace-devel-3.0.101-65.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-65.1 kernel-ec2-base-3.0.101-65.1 kernel-ec2-devel-3.0.101-65.1 kernel-xen-3.0.101-65.1 kernel-xen-base-3.0.101-65.1 kernel-xen-devel-3.0.101-65.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-65.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-ppc64-3.0.101-65.1 kernel-ppc64-base-3.0.101-65.1 kernel-ppc64-devel-3.0.101-65.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-65.1 kernel-pae-base-3.0.101-65.1 kernel-pae-devel-3.0.101-65.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-65.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-65.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-65.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-65.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-65.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): kernel-default-3.0.101-65.1 kernel-default-base-3.0.101-65.1 kernel-default-devel-3.0.101-65.1 kernel-default-extra-3.0.101-65.1 kernel-source-3.0.101-65.1 kernel-syms-3.0.101-65.1 kernel-trace-devel-3.0.101-65.1 kernel-xen-3.0.101-65.1 kernel-xen-base-3.0.101-65.1 kernel-xen-devel-3.0.101-65.1 kernel-xen-extra-3.0.101-65.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586): kernel-pae-3.0.101-65.1 kernel-pae-base-3.0.101-65.1 kernel-pae-devel-3.0.101-65.1 kernel-pae-extra-3.0.101-65.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-65.1 kernel-default-debugsource-3.0.101-65.1 kernel-trace-debuginfo-3.0.101-65.1 kernel-trace-debugsource-3.0.101-65.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-65.1 kernel-trace-devel-debuginfo-3.0.101-65.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-65.1 kernel-ec2-debugsource-3.0.101-65.1 kernel-xen-debuginfo-3.0.101-65.1 kernel-xen-debugsource-3.0.101-65.1 kernel-xen-devel-debuginfo-3.0.101-65.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-ppc64-debuginfo-3.0.101-65.1 kernel-ppc64-debugsource-3.0.101-65.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-65.1 kernel-pae-debugsource-3.0.101-65.1 kernel-pae-devel-debuginfo-3.0.101-65.1 References: https://www.suse.com/security/cve/CVE-2014-9728.html https://www.suse.com/security/cve/CVE-2014-9729.html https://www.suse.com/security/cve/CVE-2014-9730.html https://www.suse.com/security/cve/CVE-2014-9731.html https://www.suse.com/security/cve/CVE-2015-0777.html https://www.suse.com/security/cve/CVE-2015-1420.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-2150.html https://www.suse.com/security/cve/CVE-2015-2830.html https://www.suse.com/security/cve/CVE-2015-4167.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://www.suse.com/security/cve/CVE-2015-5707.html https://www.suse.com/security/cve/CVE-2015-6252.html https://bugzilla.suse.com/777565 https://bugzilla.suse.com/867362 https://bugzilla.suse.com/873385 https://bugzilla.suse.com/883380 https://bugzilla.suse.com/884333 https://bugzilla.suse.com/886785 https://bugzilla.suse.com/891116 https://bugzilla.suse.com/894936 https://bugzilla.suse.com/915517 https://bugzilla.suse.com/917830 https://bugzilla.suse.com/917968 https://bugzilla.suse.com/919463 https://bugzilla.suse.com/920016 https://bugzilla.suse.com/920110 https://bugzilla.suse.com/920250 https://bugzilla.suse.com/920733 https://bugzilla.suse.com/921430 https://bugzilla.suse.com/923002 https://bugzilla.suse.com/923245 https://bugzilla.suse.com/923431 https://bugzilla.suse.com/924701 https://bugzilla.suse.com/925705 https://bugzilla.suse.com/925881 https://bugzilla.suse.com/925903 https://bugzilla.suse.com/926240 https://bugzilla.suse.com/926953 https://bugzilla.suse.com/927355 https://bugzilla.suse.com/928988 https://bugzilla.suse.com/929076 https://bugzilla.suse.com/929142 https://bugzilla.suse.com/929143 https://bugzilla.suse.com/930092 https://bugzilla.suse.com/930934 https://bugzilla.suse.com/931620 https://bugzilla.suse.com/932350 https://bugzilla.suse.com/932458 https://bugzilla.suse.com/932882 https://bugzilla.suse.com/933429 https://bugzilla.suse.com/933721 https://bugzilla.suse.com/933896 https://bugzilla.suse.com/933904 https://bugzilla.suse.com/933907 https://bugzilla.suse.com/933936 https://bugzilla.suse.com/934944 https://bugzilla.suse.com/935053 https://bugzilla.suse.com/935055 https://bugzilla.suse.com/935572 https://bugzilla.suse.com/935705 https://bugzilla.suse.com/935866 https://bugzilla.suse.com/935906 https://bugzilla.suse.com/936077 https://bugzilla.suse.com/936095 https://bugzilla.suse.com/936118 https://bugzilla.suse.com/936423 https://bugzilla.suse.com/936637 https://bugzilla.suse.com/936831 https://bugzilla.suse.com/936875 https://bugzilla.suse.com/936921 https://bugzilla.suse.com/936925 https://bugzilla.suse.com/937032 https://bugzilla.suse.com/937256 https://bugzilla.suse.com/937402 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/937503 https://bugzilla.suse.com/937641 https://bugzilla.suse.com/937855 https://bugzilla.suse.com/938485 https://bugzilla.suse.com/939910 https://bugzilla.suse.com/939994 https://bugzilla.suse.com/940338 https://bugzilla.suse.com/940398 https://bugzilla.suse.com/940925 https://bugzilla.suse.com/940966 https://bugzilla.suse.com/942204 https://bugzilla.suse.com/942305 https://bugzilla.suse.com/942350 https://bugzilla.suse.com/942367 https://bugzilla.suse.com/942404 https://bugzilla.suse.com/942605 https://bugzilla.suse.com/942688 https://bugzilla.suse.com/942938 https://bugzilla.suse.com/943477 From sle-updates at lists.suse.com Mon Oct 5 10:10:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Oct 2015 18:10:02 +0200 (CEST) Subject: SUSE-SU-2015:1680-1: important: Security update for MozillaFirefox, mozilla-nspr Message-ID: <20151005161002.F101832138@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nspr ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1680-1 Rating: important References: #947003 Cross-References: CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-640=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-640=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-640=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.3.0esr-48.1 MozillaFirefox-debugsource-38.3.0esr-48.1 MozillaFirefox-devel-38.3.0esr-48.1 mozilla-nspr-debuginfo-4.10.9-6.1 mozilla-nspr-debugsource-4.10.9-6.1 mozilla-nspr-devel-4.10.9-6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-38.3.0esr-48.1 MozillaFirefox-debuginfo-38.3.0esr-48.1 MozillaFirefox-debugsource-38.3.0esr-48.1 MozillaFirefox-translations-38.3.0esr-48.1 mozilla-nspr-4.10.9-6.1 mozilla-nspr-debuginfo-4.10.9-6.1 mozilla-nspr-debugsource-4.10.9-6.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): mozilla-nspr-32bit-4.10.9-6.1 mozilla-nspr-debuginfo-32bit-4.10.9-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-38.3.0esr-48.1 MozillaFirefox-debuginfo-38.3.0esr-48.1 MozillaFirefox-debugsource-38.3.0esr-48.1 MozillaFirefox-translations-38.3.0esr-48.1 mozilla-nspr-32bit-4.10.9-6.1 mozilla-nspr-4.10.9-6.1 mozilla-nspr-debuginfo-32bit-4.10.9-6.1 mozilla-nspr-debuginfo-4.10.9-6.1 mozilla-nspr-debugsource-4.10.9-6.1 References: https://www.suse.com/security/cve/CVE-2015-4500.html https://www.suse.com/security/cve/CVE-2015-4501.html https://www.suse.com/security/cve/CVE-2015-4506.html https://www.suse.com/security/cve/CVE-2015-4509.html https://www.suse.com/security/cve/CVE-2015-4511.html https://www.suse.com/security/cve/CVE-2015-4517.html https://www.suse.com/security/cve/CVE-2015-4519.html https://www.suse.com/security/cve/CVE-2015-4520.html https://www.suse.com/security/cve/CVE-2015-4521.html https://www.suse.com/security/cve/CVE-2015-4522.html https://www.suse.com/security/cve/CVE-2015-7174.html https://www.suse.com/security/cve/CVE-2015-7175.html https://www.suse.com/security/cve/CVE-2015-7176.html https://www.suse.com/security/cve/CVE-2015-7177.html https://www.suse.com/security/cve/CVE-2015-7180.html https://bugzilla.suse.com/947003 From sle-updates at lists.suse.com Mon Oct 5 11:09:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Oct 2015 19:09:44 +0200 (CEST) Subject: SUSE-SU-2015:1682-1: moderate: Security update for icedtea-web Message-ID: <20151005170944.D0DCD32138@maintenance.suse.de> SUSE Security Update: Security update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1682-1 Rating: moderate References: #944208 #944209 Cross-References: CVE-2015-5234 CVE-2015-5235 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The Java IcedTea-Web Plugin was updated to 1.6.1 bringing various features, bug- and securityfixes. * Enabled Entry-Point attribute check * permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not t all. * fixed DownloadService * comments in deployment.properties now should persists load/save * fixed bug in caching of files with query * fixed issues with recreating of existing shortcut * trustAll/trustNone now processed correctly * headless no longer shows dialogues * RH1231441 Unable to read the text of the buttons of the security dialogue * Fixed RH1233697 icedtea-web: applet origin spoofing (CVE-2015-5235, bsc#944208) * Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets (CVE-2015-5234, bsc#944209) * MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed * NetX - fixed issues with -html shortcuts - fixed issue with -html receiving garbage in width and height * PolicyEditor - file flag made to work when used standalone - file flag and main argument cannot be used in combination The update to 1.6 is included and brings: * Massively improved offline abilities. Added Xoffline switch to force work without inet connection. * Improved to be able to run with any JDK * JDK 6 and older no longer supported * JDK 8 support added (URLPermission granted if applicable) * JDK 9 supported * Added support for Entry-Point manifest attribute * Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property to control scan of Manifest file * starting arguments now accept also -- abbreviations * Added new documentation * Added support for menu shortcuts - both javaws applications/applets and html applets are supported * added support for -html switch for javaws. Now you can run most of the applets without browser at all * Control Panel - PR1856: ControlPanel UI improvement for lower resolutions (800*600) * NetX - PR1858: Java Console accepts multi-byte encodings - PR1859: Java Console UI improvement for lower resolutions (800*600) - RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception java.lang.ClassCastException in method sun.applet.PluginAppletViewer$8.run() - Dropped support for long unmaintained -basedir argument - Returned support for -jnlp argument - RH1095311, PR574 - References class sun.misc.Ref removed in OpenJDK 9 - fixed, and so buildable on JDK9 * Plugin - PR1743 - Intermittant deadlock in PluginRequestProcessor - PR1298 - LiveConnect - problem setting array elements (applet variables) from JS - RH1121549: coverity defects - Resolves method overloading correctly with superclass heirarchy distance * PolicyEditor - codebases can be renamed in-place, copied, and pasted - codebase URLs can be copied to system clipboard - displays a progress dialog while opening or saving files - codebases without permissions assigned save to file anyway (and re-appear on next open) - PR1776: NullPointer on save-and-exit - PR1850: duplicate codebases when launching from security dialogs - Fixed bug where clicking "Cancel" on the "Save before Exiting" dialog could result in the editor exiting without saving changes - Keyboard accelerators and mnemonics greatly improved - "File - New" allows editing a new policy without first selecting the file to save to * Common - PR1769: support signed applets which specify Sandbox permissions in their manifests * Temporary Permissions in security dialog now multi-selectable and based on PolicyEditor permissions The update to 1.5.2 brings OpenJDK 8 support (fate#318956) * NetX - RH1095311, PR574 - References class sun.misc.Ref removed in OpenJDK 9 - fixed, and so buildable on JDK9 - RH1154177 - decoded file needed from cache - fixed NPE in https dialog - empty codebase behaves as "." Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-642=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-642=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): java-1_7_0-openjdk-plugin-1.6.1-2.3.1 java-1_7_0-openjdk-plugin-debuginfo-1.6.1-2.3.1 java-1_7_0-openjdk-plugin-debugsource-1.6.1-2.3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): java-1_7_0-openjdk-plugin-1.6.1-2.3.1 java-1_7_0-openjdk-plugin-debuginfo-1.6.1-2.3.1 java-1_7_0-openjdk-plugin-debugsource-1.6.1-2.3.1 References: https://www.suse.com/security/cve/CVE-2015-5234.html https://www.suse.com/security/cve/CVE-2015-5235.html https://bugzilla.suse.com/944208 https://bugzilla.suse.com/944209 From sle-updates at lists.suse.com Mon Oct 5 11:10:18 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Oct 2015 19:10:18 +0200 (CEST) Subject: SUSE-SU-2015:1683-1: moderate: Security update for conntrack-tools Message-ID: <20151005171018.EE26B32138@maintenance.suse.de> SUSE Security Update: Security update for conntrack-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1683-1 Rating: moderate References: #942149 Cross-References: CVE-2015-6496 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Fix a possible crash if conntrackd sees DCCP, SCTP and ICMPv6 traffic and the corresponding kernel modules that track this traffic are not available. (bsc#942149, CVE-2015-6496) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-conntrack-tools-12115=1 - SUSE Linux Enterprise High Availability Extension 11-SP3: zypper in -t patch slehasp3-conntrack-tools-12115=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-conntrack-tools-12115=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): conntrack-tools-1.0.0-0.9.1 - SUSE Linux Enterprise High Availability Extension 11-SP3 (i586 ia64 ppc64 s390x x86_64): conntrack-tools-1.0.0-0.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): conntrack-tools-debuginfo-1.0.0-0.9.1 conntrack-tools-debugsource-1.0.0-0.9.1 References: https://www.suse.com/security/cve/CVE-2015-6496.html https://bugzilla.suse.com/942149 From sle-updates at lists.suse.com Tue Oct 6 05:09:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Oct 2015 13:09:32 +0200 (CEST) Subject: SUSE-SU-2015:1689-1: moderate: Security update for icedtea-web Message-ID: <20151006110932.D323C32138@maintenance.suse.de> SUSE Security Update: Security update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1689-1 Rating: moderate References: #944208 #944209 Cross-References: CVE-2015-5234 CVE-2015-5235 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The Java Plugin IcedTea Web was updated to 1.5.2, fixing bugs and security issues. * permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. * fixed DownloadService * RH1231441 Unable to read the text of the buttons of the security dialogue * Fixed RH1233697 icedtea-web: applet origin spoofing (CVE-2015-5235, bsc#944208) * Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets (CVE-2015-5234, bsc#944209) * MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-icedtea-web-12116=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-icedtea-web-12116=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): icedtea-web-1.5.3-0.9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): icedtea-web-debuginfo-1.5.3-0.9.1 icedtea-web-debugsource-1.5.3-0.9.1 References: https://www.suse.com/security/cve/CVE-2015-5234.html https://www.suse.com/security/cve/CVE-2015-5235.html https://bugzilla.suse.com/944208 https://bugzilla.suse.com/944209 From sle-updates at lists.suse.com Tue Oct 6 05:10:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Oct 2015 13:10:11 +0200 (CEST) Subject: SUSE-RU-2015:1690-1: moderate: Recommended update for xorg-x11-server Message-ID: <20151006111011.848A432138@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1690-1 Rating: moderate References: #942501 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-server provides the following fixes: - Export GetMaster() so that external modules (like tigervnc) can use it. (bsc#942501) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-643=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-643=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-643=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.15.2-30.3.2 xorg-x11-server-debugsource-7.6_1.15.2-30.3.2 xorg-x11-server-sdk-7.6_1.15.2-30.3.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xorg-x11-server-7.6_1.15.2-30.3.2 xorg-x11-server-debuginfo-7.6_1.15.2-30.3.2 xorg-x11-server-debugsource-7.6_1.15.2-30.3.2 xorg-x11-server-extra-7.6_1.15.2-30.3.2 xorg-x11-server-extra-debuginfo-7.6_1.15.2-30.3.2 - SUSE Linux Enterprise Desktop 12 (x86_64): xorg-x11-server-7.6_1.15.2-30.3.2 xorg-x11-server-debuginfo-7.6_1.15.2-30.3.2 xorg-x11-server-debugsource-7.6_1.15.2-30.3.2 xorg-x11-server-extra-7.6_1.15.2-30.3.2 xorg-x11-server-extra-debuginfo-7.6_1.15.2-30.3.2 References: https://bugzilla.suse.com/942501 From sle-updates at lists.suse.com Tue Oct 6 11:09:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Oct 2015 19:09:37 +0200 (CEST) Subject: SUSE-RU-2015:1691-1: moderate: Recommended update for lio-utils, python-rtslib, targetcli Message-ID: <20151006170937.E9DB13213B@maintenance.suse.de> SUSE Recommended Update: Recommended update for lio-utils, python-rtslib, targetcli ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1691-1 Rating: moderate References: #907029 #908270 #910721 #919474 #940216 #940531 #945230 #947335 #947555 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for lio-utils, python-rtslib and targetcli brings features and fixes various issues. Support for the Ceph RBD backend has been added to python-rtslib and targetcli. (bsc#947335, fate#319433, fate#318836) Additionally, the following issues have been fixed: - When running as root, mount configFS under /sys/kernel/config if it's not yet mounted. (bsc#907029) - Convert user-input of an empty string to "NULL" when writing sysfs string attributes such as userid and password. (bsc#919474) - Wait for configFS to mount when loading iscsi_target_mod module. (bsc#910721) - Update systemd service file to start after configfs. (bsc#908270) - Fix TPG disable logic. (bsc#940216) - Allow portals for non-existent IP addresses in targetcli. (bsc#940531) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-646=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): lio-mibs-4.1-15.3.3 lio-mibs-debuginfo-4.1-15.3.3 lio-utils-4.1-15.3.3 lio-utils-debuginfo-4.1-15.3.3 lio-utils-debugsource-4.1-15.3.3 targetcli-2.1-9.1 - SUSE Linux Enterprise Server 12 (noarch): python-rtslib-2.2-15.1 References: https://bugzilla.suse.com/907029 https://bugzilla.suse.com/908270 https://bugzilla.suse.com/910721 https://bugzilla.suse.com/919474 https://bugzilla.suse.com/940216 https://bugzilla.suse.com/940531 https://bugzilla.suse.com/945230 https://bugzilla.suse.com/947335 https://bugzilla.suse.com/947555 From sle-updates at lists.suse.com Wed Oct 7 04:10:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Oct 2015 12:10:31 +0200 (CEST) Subject: SUSE-RU-2015:1692-1: Recommended update for release-notes-sles Message-ID: <20151007101031.CE9343213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1692-1 Rating: low References: #898195 #944833 #946804 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 have been updated to document: - New: Dropped wireless drivers. (fate#319452) - New: Dropped YaST modules. (bsc#898195 via fate#314685) - Updated: Pagecache limits. (bsc#946804 via fate#309111) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-647=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): release-notes-sles-12.0.20150928-41.1 References: https://bugzilla.suse.com/898195 https://bugzilla.suse.com/944833 https://bugzilla.suse.com/946804 From sle-updates at lists.suse.com Wed Oct 7 06:09:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Oct 2015 14:09:44 +0200 (CEST) Subject: SUSE-RU-2015:1693-1: moderate: Recommended update for postfix Message-ID: <20151007120944.DE2AD3213B@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1693-1 Rating: moderate References: #871575 #944722 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The Postfix mail server has been updated to version 2.1.16, which brings several fixes and enhancements: - Bugfix: sender_dependent_relayhost_maps ignored the relayhost setting in the case of a DUNNO lookup result. - Robustness: don't segfault due to excessive recursion after a faulty configuration runs into the virtual_alias_recursion_limit. - Bugfix: core dump when smtp_policy_maps specifies an invalid TLS level. - Bugfix: qmqpd null pointer bug when it logs a lost connection while not in a mail transaction. - Bugfix: with connection caching enabled (the default), recipients could be given to the wrong mail server. (bsc#944722) - Security: opportunistic TLS by default uses "medium" or stronger ciphers instead of "export" or stronger. - Security: Postfix TLS support by default no longer uses SSLv2 or SSLv3. - Remove references to SuSEconfig.postfix from sysconfig docs. (bsc#871575) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-648=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-648=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-648=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): postfix-debuginfo-2.11.6-19.1 postfix-debugsource-2.11.6-19.1 postfix-devel-2.11.6-19.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): postfix-2.11.6-19.1 postfix-debuginfo-2.11.6-19.1 postfix-debugsource-2.11.6-19.1 postfix-mysql-2.11.6-19.1 postfix-mysql-debuginfo-2.11.6-19.1 - SUSE Linux Enterprise Server 12 (noarch): postfix-doc-2.11.6-19.1 - SUSE Linux Enterprise Desktop 12 (x86_64): postfix-2.11.6-19.1 postfix-debuginfo-2.11.6-19.1 postfix-debugsource-2.11.6-19.1 References: https://bugzilla.suse.com/871575 https://bugzilla.suse.com/944722 From sle-updates at lists.suse.com Wed Oct 7 10:10:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Oct 2015 18:10:51 +0200 (CEST) Subject: SUSE-RU-2015:1694-1: Recommended update for nss_ldap Message-ID: <20151007161051.9F6593213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for nss_ldap ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1694-1 Rating: low References: #934444 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nss_ldap provides the following fixes: - Fix an LDAP connection issue in one-shot operation mode. (bsc#934444) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-651=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): nss_ldap-265-29.9 nss_ldap-debuginfo-265-29.9 nss_ldap-debugsource-265-29.9 - SUSE Linux Enterprise Server 12 (s390x x86_64): nss_ldap-32bit-265-29.9 nss_ldap-debuginfo-32bit-265-29.9 References: https://bugzilla.suse.com/934444 From sle-updates at lists.suse.com Wed Oct 7 10:11:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Oct 2015 18:11:20 +0200 (CEST) Subject: SUSE-SU-2015:1695-1: moderate: Security update for openssh Message-ID: <20151007161120.77D383213D@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1695-1 Rating: moderate References: #903649 #932483 #936695 #938746 #939932 #943006 #943010 #945484 #945493 #947458 Cross-References: CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 5 fixes is now available. Description: OpenSSH was updated to fix several security issues and bugs. Please note that due to a bug in the previous shipped openssh version, sshd might not correctly restart. Please verify that the ssh daemon is running after installing this update. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function, when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. (bsc#936695) * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. (bsc#938746) * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM. (bsc#932483) * Hardening patch to fix sftp RCE. (bsc#903649) * CVE-2015-6563: The monitor component in sshd accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. Additional a bug was fixed that could lead to openssh not working in chroot (bsc#947458). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssh-12119=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-openssh-12119=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-12119=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-6.6p1-13.1 openssh-askpass-gnome-6.6p1-13.3 openssh-fips-6.6p1-13.1 openssh-helpers-6.6p1-13.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): openssh-6.6p1-13.1 openssh-askpass-gnome-6.6p1-13.3 openssh-helpers-6.6p1-13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-13.3 openssh-debuginfo-6.6p1-13.1 openssh-debugsource-6.6p1-13.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-5352.html https://www.suse.com/security/cve/CVE-2015-5600.html https://www.suse.com/security/cve/CVE-2015-6563.html https://www.suse.com/security/cve/CVE-2015-6564.html https://bugzilla.suse.com/903649 https://bugzilla.suse.com/932483 https://bugzilla.suse.com/936695 https://bugzilla.suse.com/938746 https://bugzilla.suse.com/939932 https://bugzilla.suse.com/943006 https://bugzilla.suse.com/943010 https://bugzilla.suse.com/945484 https://bugzilla.suse.com/945493 https://bugzilla.suse.com/947458 From sle-updates at lists.suse.com Wed Oct 7 10:13:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Oct 2015 18:13:46 +0200 (CEST) Subject: SUSE-RU-2015:1696-1: moderate: Recommended update for smt Message-ID: <20151007161346.C0E883213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1696-1 Rating: moderate References: #907791 #932736 #939076 #942300 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for SMT provides fixes and new features: - Implement forwarding registrations to SCC. (bsc#942300, bsc#907791) - Implement delete systems requests to SCC. - Enable reports based on local data for SCC-connected SMT server. - Use a connect timeout when checking if a file exists. (bsc#932736) - Implement /subscriptions/products for Docker integration. - Make Rest interface work if PerlTaintChecks are enabled. (bsc#939076) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-smt-12118=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-smt-12118=1 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64): res-signingkeys-2.0.13-9.3 smt-2.0.13-9.3 smt-support-2.0.13-9.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): smt-debuginfo-2.0.13-9.3 smt-debugsource-2.0.13-9.3 References: https://bugzilla.suse.com/907791 https://bugzilla.suse.com/932736 https://bugzilla.suse.com/939076 https://bugzilla.suse.com/942300 From sle-updates at lists.suse.com Wed Oct 7 10:14:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Oct 2015 18:14:51 +0200 (CEST) Subject: SUSE-RU-2015:1697-1: moderate: Recommended update for openvpn Message-ID: <20151007161451.9CDCB3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1697-1 Rating: moderate References: #941569 #946977 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides OpenVPN 2.3.8, which brings several fixes and enhancements. For a comprehensive list of changes between 2.3.2 and 2.3.8, please refer to the release notes in https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-652=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openvpn-2.3.8-16.3.1 openvpn-auth-pam-plugin-2.3.8-16.3.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.3.1 openvpn-debuginfo-2.3.8-16.3.1 openvpn-debugsource-2.3.8-16.3.1 References: https://bugzilla.suse.com/941569 https://bugzilla.suse.com/946977 From sle-updates at lists.suse.com Wed Oct 7 11:10:29 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Oct 2015 19:10:29 +0200 (CEST) Subject: SUSE-RU-2015:1694-2: Recommended update for nss_ldap Message-ID: <20151007171029.BB5AA3213B@maintenance.suse.de> SUSE Recommended Update: Recommended update for nss_ldap ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1694-2 Rating: low References: #934444 Affected Products: SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nss_ldap provides the following fixes: - Fix an LDAP connection issue in one-shot operation mode. (bsc#934444) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-651=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 12 (x86_64): nss_ldap-265-29.9 nss_ldap-32bit-265-29.9 nss_ldap-debuginfo-265-29.9 nss_ldap-debuginfo-32bit-265-29.9 nss_ldap-debugsource-265-29.9 References: https://bugzilla.suse.com/934444 From sle-updates at lists.suse.com Wed Oct 7 11:10:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Oct 2015 19:10:52 +0200 (CEST) Subject: SUSE-RU-2015:1698-1: moderate: Recommended update for sbd Message-ID: <20151007171052.F18A93213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1698-1 Rating: moderate References: #865365 #869612 #881231 #895103 #942401 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for sbd provides the following fixes: - Invoke crm_xml_init(), fixing a potential segmentation fault. (bsc#881231, bsc#942401) - Adjust timeout for s390(x) to be compatible with vmwatchdog. (bsc#895103) - Allow watchdog to be disabled. (bsc#865365) - Allow sbd to wait for devices to appear on start-up. (bsc#869612) - Correct the example CIB configuration syntax in man page. - Adjust loglevel for start-up device polling. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-sbd-12120=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sbd-12120=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): sbd-1.2.1-0.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sbd-debuginfo-1.2.1-0.12.1 sbd-debugsource-1.2.1-0.12.1 References: https://bugzilla.suse.com/865365 https://bugzilla.suse.com/869612 https://bugzilla.suse.com/881231 https://bugzilla.suse.com/895103 https://bugzilla.suse.com/942401 From sle-updates at lists.suse.com Wed Oct 7 11:12:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Oct 2015 19:12:09 +0200 (CEST) Subject: SUSE-RU-2015:1697-2: moderate: Recommended update for openvpn Message-ID: <20151007171209.8CFC13213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvpn ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1697-2 Rating: moderate References: #941569 #946977 Affected Products: SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides OpenVPN 2.3.8, which brings several fixes and enhancements. For a comprehensive list of changes between 2.3.2 and 2.3.8, please refer to the release notes in https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-652=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 12 (x86_64): openvpn-2.3.8-16.3.1 openvpn-debuginfo-2.3.8-16.3.1 openvpn-debugsource-2.3.8-16.3.1 References: https://bugzilla.suse.com/941569 https://bugzilla.suse.com/946977 From sle-updates at lists.suse.com Thu Oct 8 06:09:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Oct 2015 14:09:39 +0200 (CEST) Subject: SUSE-RU-2015:1700-1: Recommended update for cmake Message-ID: <20151008120939.D78A63213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for cmake ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1700-1 Rating: low References: #947585 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cmake adds cmake.attr and cmake.prov as sources, ported from a recent version of cmake, to produce automatic RPM provides. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-654=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-654=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cmake-2.8.12.1-8.1 cmake-debuginfo-2.8.12.1-8.1 cmake-debugsource-2.8.12.1-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): cmake-2.8.12.1-8.1 cmake-debuginfo-2.8.12.1-8.1 cmake-debugsource-2.8.12.1-8.1 References: https://bugzilla.suse.com/947585 From sle-updates at lists.suse.com Thu Oct 8 08:10:05 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Oct 2015 16:10:05 +0200 (CEST) Subject: SUSE-SU-2015:1701-1: important: Security update for php5 Message-ID: <20151008141005.D3F5C3213C@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1701-1 Rating: important References: #945412 #945428 Cross-References: CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The PHP5 script interpreter was updated to fix security issues: * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-php5-12121=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-php5-12121=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): apache2-mod_php5-5.2.14-0.7.30.72.1 php5-5.2.14-0.7.30.72.1 php5-bcmath-5.2.14-0.7.30.72.1 php5-bz2-5.2.14-0.7.30.72.1 php5-calendar-5.2.14-0.7.30.72.1 php5-ctype-5.2.14-0.7.30.72.1 php5-curl-5.2.14-0.7.30.72.1 php5-dba-5.2.14-0.7.30.72.1 php5-dbase-5.2.14-0.7.30.72.1 php5-dom-5.2.14-0.7.30.72.1 php5-exif-5.2.14-0.7.30.72.1 php5-fastcgi-5.2.14-0.7.30.72.1 php5-ftp-5.2.14-0.7.30.72.1 php5-gd-5.2.14-0.7.30.72.1 php5-gettext-5.2.14-0.7.30.72.1 php5-gmp-5.2.14-0.7.30.72.1 php5-hash-5.2.14-0.7.30.72.1 php5-iconv-5.2.14-0.7.30.72.1 php5-json-5.2.14-0.7.30.72.1 php5-ldap-5.2.14-0.7.30.72.1 php5-mbstring-5.2.14-0.7.30.72.1 php5-mcrypt-5.2.14-0.7.30.72.1 php5-mysql-5.2.14-0.7.30.72.1 php5-odbc-5.2.14-0.7.30.72.1 php5-openssl-5.2.14-0.7.30.72.1 php5-pcntl-5.2.14-0.7.30.72.1 php5-pdo-5.2.14-0.7.30.72.1 php5-pear-5.2.14-0.7.30.72.1 php5-pgsql-5.2.14-0.7.30.72.1 php5-pspell-5.2.14-0.7.30.72.1 php5-shmop-5.2.14-0.7.30.72.1 php5-snmp-5.2.14-0.7.30.72.1 php5-soap-5.2.14-0.7.30.72.1 php5-suhosin-5.2.14-0.7.30.72.1 php5-sysvmsg-5.2.14-0.7.30.72.1 php5-sysvsem-5.2.14-0.7.30.72.1 php5-sysvshm-5.2.14-0.7.30.72.1 php5-tokenizer-5.2.14-0.7.30.72.1 php5-wddx-5.2.14-0.7.30.72.1 php5-xmlreader-5.2.14-0.7.30.72.1 php5-xmlrpc-5.2.14-0.7.30.72.1 php5-xmlwriter-5.2.14-0.7.30.72.1 php5-xsl-5.2.14-0.7.30.72.1 php5-zip-5.2.14-0.7.30.72.1 php5-zlib-5.2.14-0.7.30.72.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): php5-debuginfo-5.2.14-0.7.30.72.1 php5-debugsource-5.2.14-0.7.30.72.1 References: https://www.suse.com/security/cve/CVE-2015-6836.html https://www.suse.com/security/cve/CVE-2015-6837.html https://www.suse.com/security/cve/CVE-2015-6838.html https://bugzilla.suse.com/945412 https://bugzilla.suse.com/945428 From sle-updates at lists.suse.com Thu Oct 8 10:09:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Oct 2015 18:09:32 +0200 (CEST) Subject: SUSE-RU-2015:1702-1: Recommended update for release-notes-ha Message-ID: <20151008160932.A983D3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1702-1 Rating: low References: #940788 #949243 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise High Availability Extension 12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-656=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (noarch): release-notes-ha-12.0.20151007-6.5.1 References: https://bugzilla.suse.com/940788 https://bugzilla.suse.com/949243 From sle-updates at lists.suse.com Fri Oct 9 01:09:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Oct 2015 09:09:59 +0200 (CEST) Subject: SUSE-SU-2015:1703-1: important: Security update for MozillaFirefox Message-ID: <20151009070959.E955F3213D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1703-1 Rating: important References: #947003 Cross-References: CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-firefox-20150923-12122=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-firefox-20150923-12122=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-firefox-20150923-12122=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-firefox-20150923-12122=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-firefox-20150923-12122=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-firefox-20150923-12122=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-firefox-20150923-12122=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-firefox-20150923-12122=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-firefox-20150923-12122=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.3.0esr-22.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.3.0esr-22.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): MozillaFirefox-38.3.0esr-22.1 MozillaFirefox-translations-38.3.0esr-22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.3.0esr-22.1 MozillaFirefox-translations-38.3.0esr-22.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.3.0esr-22.1 MozillaFirefox-translations-38.3.0esr-22.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-38.3.0esr-22.1 MozillaFirefox-translations-38.3.0esr-22.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): MozillaFirefox-38.3.0esr-22.1 MozillaFirefox-translations-38.3.0esr-22.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.3.0esr-22.1 MozillaFirefox-debugsource-38.3.0esr-22.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.3.0esr-22.1 MozillaFirefox-debugsource-38.3.0esr-22.1 References: https://www.suse.com/security/cve/CVE-2015-4500.html https://www.suse.com/security/cve/CVE-2015-4501.html https://www.suse.com/security/cve/CVE-2015-4506.html https://www.suse.com/security/cve/CVE-2015-4509.html https://www.suse.com/security/cve/CVE-2015-4511.html https://www.suse.com/security/cve/CVE-2015-4517.html https://www.suse.com/security/cve/CVE-2015-4519.html https://www.suse.com/security/cve/CVE-2015-4520.html https://www.suse.com/security/cve/CVE-2015-4521.html https://www.suse.com/security/cve/CVE-2015-4522.html https://www.suse.com/security/cve/CVE-2015-7174.html https://www.suse.com/security/cve/CVE-2015-7175.html https://www.suse.com/security/cve/CVE-2015-7176.html https://www.suse.com/security/cve/CVE-2015-7177.html https://www.suse.com/security/cve/CVE-2015-7180.html https://bugzilla.suse.com/947003 From sle-updates at lists.suse.com Fri Oct 9 03:09:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Oct 2015 11:09:53 +0200 (CEST) Subject: SUSE-SU-2015:1705-1: moderate: Security update for rpcbind Message-ID: <20151009090953.CCAF23213E@maintenance.suse.de> SUSE Security Update: Security update for rpcbind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1705-1 Rating: moderate References: #940191 #946204 Cross-References: CVE-2015-7236 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-659=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): rpcbind-0.2.1_rc4-13.3.1 rpcbind-debuginfo-0.2.1_rc4-13.3.1 rpcbind-debugsource-0.2.1_rc4-13.3.1 References: https://www.suse.com/security/cve/CVE-2015-7236.html https://bugzilla.suse.com/940191 https://bugzilla.suse.com/946204 From sle-updates at lists.suse.com Fri Oct 9 03:10:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Oct 2015 11:10:40 +0200 (CEST) Subject: SUSE-SU-2015:1706-1: moderate: Security update for rpcbind Message-ID: <20151009091040.254B53213E@maintenance.suse.de> SUSE Security Update: Security update for rpcbind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1706-1 Rating: moderate References: #940191 #946204 Cross-References: CVE-2015-7236 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-rpcbind-12123=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-rpcbind-12123=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-rpcbind-12123=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-rpcbind-12123=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-rpcbind-12123=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-rpcbind-12123=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-rpcbind-12123=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): rpcbind-0.1.6+git20080930-6.24.1 - SUSE Linux Enterprise Server 11-SP4 (ia64 ppc64 s390x x86_64): rpcbind-0.1.6+git20080930-6.24.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): rpcbind-0.1.6+git20080930-6.24.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): rpcbind-0.1.6+git20080930-6.24.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): rpcbind-0.1.6+git20080930-6.24.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): rpcbind-debuginfo-0.1.6+git20080930-6.24.1 rpcbind-debugsource-0.1.6+git20080930-6.24.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): rpcbind-debuginfo-0.1.6+git20080930-6.24.1 rpcbind-debugsource-0.1.6+git20080930-6.24.1 References: https://www.suse.com/security/cve/CVE-2015-7236.html https://bugzilla.suse.com/940191 https://bugzilla.suse.com/946204 From sle-updates at lists.suse.com Fri Oct 9 03:11:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Oct 2015 11:11:22 +0200 (CEST) Subject: SUSE-SU-2015:1707-1: moderate: Security update for libssh Message-ID: <20151009091122.5EF243213E@maintenance.suse.de> SUSE Security Update: Security update for libssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1707-1 Rating: moderate References: #928323 Cross-References: CVE-2015-3146 Affected Products: SUSE Linux Enterprise Workstation Extension 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The encryption library libssh was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-660=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libssh-debugsource-0.6.3-8.1 libssh4-0.6.3-8.1 libssh4-debuginfo-0.6.3-8.1 References: https://www.suse.com/security/cve/CVE-2015-3146.html https://bugzilla.suse.com/928323 From sle-updates at lists.suse.com Fri Oct 9 04:09:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Oct 2015 12:09:41 +0200 (CEST) Subject: SUSE-SU-2015:1705-2: moderate: Security update for rpcbind Message-ID: <20151009100941.B0DB43213E@maintenance.suse.de> SUSE Security Update: Security update for rpcbind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1705-2 Rating: moderate References: #940191 #946204 Cross-References: CVE-2015-7236 Affected Products: SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-659=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 12 (x86_64): rpcbind-0.2.1_rc4-13.3.1 rpcbind-debuginfo-0.2.1_rc4-13.3.1 rpcbind-debugsource-0.2.1_rc4-13.3.1 References: https://www.suse.com/security/cve/CVE-2015-7236.html https://bugzilla.suse.com/940191 https://bugzilla.suse.com/946204 From sle-updates at lists.suse.com Fri Oct 9 04:10:18 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Oct 2015 12:10:18 +0200 (CEST) Subject: SUSE-SU-2015:1706-2: moderate: Security update for rpcbind Message-ID: <20151009101018.AC6F23213E@maintenance.suse.de> SUSE Security Update: Security update for rpcbind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1706-2 Rating: moderate References: #940191 #946204 Cross-References: CVE-2015-7236 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: A use-after-free security bug in rpcbind was fixed which could lead to a remote denial of service. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-rpcbind-12123=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-rpcbind-12123=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586): rpcbind-0.1.6+git20080930-6.24.1 - SUSE Linux Enterprise Server 11-SP4 (i586): rpcbind-0.1.6+git20080930-6.24.1 References: https://www.suse.com/security/cve/CVE-2015-7236.html https://bugzilla.suse.com/940191 https://bugzilla.suse.com/946204 From sle-updates at lists.suse.com Fri Oct 9 04:10:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Oct 2015 12:10:52 +0200 (CEST) Subject: SUSE-SU-2015:1707-2: moderate: Security update for libssh Message-ID: <20151009101052.85A743213E@maintenance.suse.de> SUSE Security Update: Security update for libssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1707-2 Rating: moderate References: #928323 Cross-References: CVE-2015-3146 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The encryption library libssh was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-660=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-660=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libssh-debugsource-0.6.3-8.1 libssh-devel-0.6.3-8.1 libssh-devel-doc-0.6.3-8.1 libssh4-0.6.3-8.1 libssh4-debuginfo-0.6.3-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libssh-debugsource-0.6.3-8.1 libssh4-0.6.3-8.1 libssh4-debuginfo-0.6.3-8.1 References: https://www.suse.com/security/cve/CVE-2015-3146.html https://bugzilla.suse.com/928323 From sle-updates at lists.suse.com Fri Oct 9 09:10:26 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Oct 2015 17:10:26 +0200 (CEST) Subject: SUSE-SU-2015:1713-1: moderate: Security update for wireshark Message-ID: <20151009151026.99F3B3213E@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1713-1 Rating: moderate References: #935158 #941500 Cross-References: CVE-2015-3813 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: Wireshark has been updated to 1.12.7. (FATE#319388) The following vulnerabilities have been fixed: * Wireshark could crash when adding an item to the protocol tree. wnpa-sec-2015-21 CVE-2015-6241 * Wireshark could attempt to free invalid memory. wnpa-sec-2015-22 CVE-2015-6242 * Wireshark could crash when searching for a protocol dissector. wnpa-sec-2015-23 CVE-2015-6243 * The ZigBee dissector could crash. wnpa-sec-2015-24 CVE-2015-6244 * The GSM RLC/MAC dissector could go into an infinite loop. wnpa-sec-2015-25 CVE-2015-6245 * The WaveAgent dissector could crash. wnpa-sec-2015-26 CVE-2015-6246 * The OpenFlow dissector could go into an infinite loop. wnpa-sec-2015-27 CVE-2015-6247 * Wireshark could crash due to invalid ptvcursor length checking. wnpa-sec-2015-28 CVE-2015-6248 * The WCCP dissector could crash. wnpa-sec-2015-29 CVE-2015-6249 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html Also a fix from 1.12.6 in GSM DTAP was backported. (bnc#935158) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-661=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-661=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-661=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): wireshark-debuginfo-1.12.7-15.1 wireshark-debugsource-1.12.7-15.1 wireshark-devel-1.12.7-15.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): wireshark-1.12.7-15.1 wireshark-debuginfo-1.12.7-15.1 wireshark-debugsource-1.12.7-15.1 - SUSE Linux Enterprise Desktop 12 (x86_64): wireshark-1.12.7-15.1 wireshark-debuginfo-1.12.7-15.1 wireshark-debugsource-1.12.7-15.1 References: https://www.suse.com/security/cve/CVE-2015-3813.html https://www.suse.com/security/cve/CVE-2015-6241.html https://www.suse.com/security/cve/CVE-2015-6242.html https://www.suse.com/security/cve/CVE-2015-6243.html https://www.suse.com/security/cve/CVE-2015-6244.html https://www.suse.com/security/cve/CVE-2015-6245.html https://www.suse.com/security/cve/CVE-2015-6246.html https://www.suse.com/security/cve/CVE-2015-6247.html https://www.suse.com/security/cve/CVE-2015-6248.html https://www.suse.com/security/cve/CVE-2015-6249.html https://bugzilla.suse.com/935158 https://bugzilla.suse.com/941500 From sle-updates at lists.suse.com Fri Oct 9 10:11:29 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Oct 2015 18:11:29 +0200 (CEST) Subject: SUSE-RU-2015:1714-1: Recommended update for accountsservice Message-ID: <20151009161129.8B81E3213E@maintenance.suse.de> SUSE Recommended Update: Recommended update for accountsservice ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1714-1 Rating: low References: #933083 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for accountsservice provides the following fixes: - Load settings of accounts which are not 'human' but can still be used to login to the system ('root', for example). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-662=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-662=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-662=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): accountsservice-debuginfo-0.6.35-3.10 accountsservice-debugsource-0.6.35-3.10 accountsservice-devel-0.6.35-3.10 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): accountsservice-0.6.35-3.10 accountsservice-debuginfo-0.6.35-3.10 accountsservice-debugsource-0.6.35-3.10 libaccountsservice0-0.6.35-3.10 libaccountsservice0-debuginfo-0.6.35-3.10 typelib-1_0-AccountsService-1_0-0.6.35-3.10 - SUSE Linux Enterprise Server 12 (noarch): accountsservice-lang-0.6.35-3.10 - SUSE Linux Enterprise Desktop 12 (x86_64): accountsservice-0.6.35-3.10 accountsservice-debuginfo-0.6.35-3.10 accountsservice-debugsource-0.6.35-3.10 libaccountsservice0-0.6.35-3.10 libaccountsservice0-debuginfo-0.6.35-3.10 typelib-1_0-AccountsService-1_0-0.6.35-3.10 - SUSE Linux Enterprise Desktop 12 (noarch): accountsservice-lang-0.6.35-3.10 References: https://bugzilla.suse.com/933083 From sle-updates at lists.suse.com Sat Oct 10 06:09:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Oct 2015 14:09:44 +0200 (CEST) Subject: SUSE-RU-2015:1715-1: moderate: Recommended update for openhpi Message-ID: <20151010120944.AA8C03213E@maintenance.suse.de> SUSE Recommended Update: Recommended update for openhpi ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1715-1 Rating: moderate References: #916934 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openhpi provides the following fixes: - Make configuration file's permissions more strict. (bsc#916934) - Fix a build issue that prevented openhpi from building when MD5 is disabled in net-snmp. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-664=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-664=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): openhpi-debuginfo-3.4.0-5.1 openhpi-debugsource-3.4.0-5.1 openhpi-devel-3.4.0-5.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openhpi-3.4.0-5.1 openhpi-clients-3.4.0-5.1 openhpi-clients-debuginfo-3.4.0-5.1 openhpi-daemon-3.4.0-5.1 openhpi-daemon-debuginfo-3.4.0-5.1 openhpi-debuginfo-3.4.0-5.1 openhpi-debugsource-3.4.0-5.1 References: https://bugzilla.suse.com/916934 From sle-updates at lists.suse.com Sat Oct 10 06:10:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Oct 2015 14:10:09 +0200 (CEST) Subject: SUSE-OU-2015:1716-1: Optional update for binutils Message-ID: <20151010121009.EED5B3213E@maintenance.suse.de> SUSE Optional Update: Optional update for binutils ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1716-1 Rating: low References: #949066 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: ARM64 (aarch64) binaries produced by binutils 2.25 gold linker had incorrect (4k) section alignment. As a result, those binaries could not be mapped when being executed on a SLE 12 kernel. This update adjusts the section alignment to 64k, as required by the ABI. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-663=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-663=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-663=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): binutils-debuginfo-2.25.0-13.1 binutils-debugsource-2.25.0-13.1 binutils-devel-2.25.0-13.1 cross-ppc-binutils-2.25.0-13.1 cross-ppc-binutils-debuginfo-2.25.0-13.1 cross-ppc-binutils-debugsource-2.25.0-13.1 cross-spu-binutils-2.25.0-13.1 cross-spu-binutils-debuginfo-2.25.0-13.1 cross-spu-binutils-debugsource-2.25.0-13.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le x86_64): binutils-gold-2.25.0-13.1 binutils-gold-debuginfo-2.25.0-13.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): binutils-2.25.0-13.1 binutils-debuginfo-2.25.0-13.1 binutils-debugsource-2.25.0-13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): binutils-2.25.0-13.1 binutils-debuginfo-2.25.0-13.1 binutils-debugsource-2.25.0-13.1 References: https://bugzilla.suse.com/949066 From sle-updates at lists.suse.com Mon Oct 12 10:09:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Oct 2015 18:09:40 +0200 (CEST) Subject: SUSE-RU-2015:1722-1: Recommended update for xdm Message-ID: <20151012160940.AD2093213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for xdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1722-1 Rating: low References: #939594 #940263 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xdm provides the following fixes: - Fix display-manager wrapper: only call TakeDevices in case $DM actually fails to start. (bsc#939594) - Replace font resources for login screen with font face names. For smaller screens the sizes are reduced so they fit the screen better. - Add '-' to font names in etc/X11/xdm/Xresources to avoid confusion. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-665=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-665=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xdm-1.1.10-45.1 xdm-debuginfo-1.1.10-45.1 xdm-debugsource-1.1.10-45.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xdm-1.1.10-45.1 xdm-debuginfo-1.1.10-45.1 xdm-debugsource-1.1.10-45.1 References: https://bugzilla.suse.com/939594 https://bugzilla.suse.com/940263 From sle-updates at lists.suse.com Tue Oct 13 02:09:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Oct 2015 10:09:37 +0200 (CEST) Subject: SUSE-RU-2015:1725-1: Recommended update for systemd-presets-branding-SLE Message-ID: <20151013080937.686ED3213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-presets-branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1725-1 Rating: low References: #921075 #944761 #948824 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for systemd presets adjusts the following settings: - Enable fstrim.timer and disable fstrim.service. TRIM should be performed once a week and not on every boot. (fate#317727) - Enable the sapconf.service in one shot mode. (bsc#944761) - Enable smartd by default. (bnc#921075). - Enable rollback.service by default. (bsc#948824, fate#319118) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-667=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-667=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): systemd-presets-branding-SLE-12.0-14.7.1 - SUSE Linux Enterprise Desktop 12 (noarch): systemd-presets-branding-SLE-12.0-14.7.1 References: https://bugzilla.suse.com/921075 https://bugzilla.suse.com/944761 https://bugzilla.suse.com/948824 From sle-updates at lists.suse.com Tue Oct 13 02:10:26 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Oct 2015 10:10:26 +0200 (CEST) Subject: SUSE-RU-2015:1726-1: moderate: Recommended update for openscap Message-ID: <20151013081026.9A2C83213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openscap ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1726-1 Rating: moderate References: #939789 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: openscap was updated to: - Auto-detect the CPE version of the running system. (bsc#939789) - Also scap-yast2sec-xccdf.xml was adjusted to use the correct CPE name for SUSE Linux Enterprise Server 12. (bsc#939789) This makes oscap xccdf eval --profile Default /usr/share/openscap/scap-xccdf.xml work better. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-666=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-666=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-666=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): openscap-debuginfo-1.1.0-3.1 openscap-debugsource-1.1.0-3.1 openscap-devel-1.1.0-3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libopenscap8-1.1.0-3.1 libopenscap8-debuginfo-1.1.0-3.1 openscap-1.1.0-3.1 openscap-content-1.1.0-3.1 openscap-debuginfo-1.1.0-3.1 openscap-debugsource-1.1.0-3.1 openscap-extra-probes-1.1.0-3.1 openscap-extra-probes-debuginfo-1.1.0-3.1 openscap-utils-1.1.0-3.1 openscap-utils-debuginfo-1.1.0-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libopenscap8-1.1.0-3.1 libopenscap8-debuginfo-1.1.0-3.1 openscap-1.1.0-3.1 openscap-content-1.1.0-3.1 openscap-debuginfo-1.1.0-3.1 openscap-debugsource-1.1.0-3.1 openscap-extra-probes-1.1.0-3.1 openscap-extra-probes-debuginfo-1.1.0-3.1 openscap-utils-1.1.0-3.1 openscap-utils-debuginfo-1.1.0-3.1 References: https://bugzilla.suse.com/939789 From sle-updates at lists.suse.com Tue Oct 13 03:09:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Oct 2015 11:09:42 +0200 (CEST) Subject: SUSE-SU-2015:1727-1: important: Security update for kernel-source Message-ID: <20151013090942.C34BF3213F@maintenance.suse.de> SUSE Security Update: Security update for kernel-source ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1727-1 Rating: important References: #856382 #886785 #898159 #907973 #908950 #912183 #914818 #916543 #920016 #922071 #924722 #929092 #929871 #930813 #932285 #932350 #934430 #934942 #934962 #936556 #936773 #937609 #937612 #937613 #937616 #938550 #938706 #938891 #938892 #938893 #939145 #939266 #939716 #939834 #939994 #940398 #940545 #940679 #940776 #940912 #940925 #940965 #941098 #941305 #941908 #941951 #942160 #942204 #942307 #942367 #948536 Cross-References: CVE-2015-5156 CVE-2015-5157 CVE-2015-5283 CVE-2015-5697 CVE-2015-6252 CVE-2015-6937 CVE-2015-7613 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 44 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.48-52.27 to receive various security and bugfixes. Following security bugs were fixed: * CVE-2015-7613: A flaw was found in the Linux kernel IPC code that could lead to arbitrary code execution. The ipc_addid() function initialized a shared object that has unset uid/gid values. Since the fields are not initialized, the check can falsely succeed. (bsc#948536) * CVE-2015-5156: When a guests KVM network devices is in a bridge configuration the kernel can create a situation in which packets are fragmented in an unexpected fashion. The GRO functionality can create a situation in which multiple SKB's are chained together in a single packets fraglist (by design). (bsc#940776) * CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bsc#938706). * CVE-2015-6252: A flaw was found in the way the Linux kernel's vhost driver treated userspace provided log file descriptor when processing the VHOST_SET_LOG_FD ioctl command. The file descriptor was never released and continued to consume kernel memory. A privileged local user with access to the /dev/vhost-net files could use this flaw to create a denial-of-service attack (bsc#942367). * CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. (bnc#939994) * CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#945825) * CVE-2015-5283: A NULL pointer dereference flaw was found in SCTP implementation allowing a local user to cause system DoS. Creation of multiple sockets in parallel when system doesn't have SCTP module loaded can lead to kernel panic. (bsc#947155) The following non-security bugs were fixed: - ALSA: hda - Abort the probe without i915 binding for HSW/BDW (bsc#936556). - Btrfs: Backport subvolume mount option handling (bsc#934962) - Btrfs: Handle unaligned length in extent_same (bsc#937609). - Btrfs: advertise which crc32c implementation is being used on mount (bsc#946057). - Btrfs: allow mounting btrfs subvolumes with different ro/rw options. - Btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942509). - Btrfs: clean up error handling in mount_subvol() (bsc#934962). - Btrfs: cleanup orphans while looking up default subvolume (bsc#914818). - Btrfs: do not update mtime/ctime on deduped inodes (bsc#937616). - Btrfs: fail on mismatched subvol and subvolid mount options (bsc#934962). - Btrfs: fix chunk allocation regression leading to transaction abort (bnc#938550). - Btrfs: fix clone / extent-same deadlocks (bsc#937612). - Btrfs: fix crash on close_ctree() if cleaner starts new transaction (bnc#938891). - Btrfs: fix deadlock with extent-same and readpage (bsc#937612). - Btrfs: fix file corruption after cloning inline extents (bnc#942512). - Btrfs: fix file read corruption after extent cloning and fsync (bnc#946902). - Btrfs: fix find_free_dev_extent() malfunction in case device tree has hole (bnc#938550). - Btrfs: fix hang when failing to submit bio of directIO (bnc#942685). - Btrfs: fix list transaction->pending_ordered corruption (bnc#938893). - Btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942685). - Btrfs: fix memory leak in the extent_same ioctl (bsc#937613). - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942685). - Btrfs: fix race between balance and unused block group deletion (bnc#938892). - Btrfs: fix range cloning when same inode used as source and destination (bnc#942511). - Btrfs: fix read corruption of compressed and shared extents (bnc#946906). - Btrfs: fix uninit variable in clone ioctl (bnc#942511). - Btrfs: fix use-after-free in mount_subvol(). - Btrfs: fix wrong check for btrfs_force_chunk_alloc() (bnc#938550). - Btrfs: lock superblock before remounting for rw subvol (bsc#934962). - Btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609). - Btrfs: remove all subvol options before mounting top-level (bsc#934962). - Btrfs: show subvol= and subvolid= in /proc/mounts (bsc#934962). - Btrfs: unify subvol= and subvolid= mounting (bsc#934962). - Btrfs: fill ->last_trans for delayed inode in btrfs_fill_inode (bnc#942925). - Btrfs: fix metadata inconsistencies after directory fsync (bnc#942925). - Btrfs: fix stale dir entries after removing a link and fsync (bnc#942925). - Btrfs: fix stale dir entries after unlink, inode eviction and fsync (bnc#942925). - Btrfs: fix stale directory entries after fsync log replay (bnc#942925). - Btrfs: make btrfs_search_forward return with nodes unlocked (bnc#942925). - Btrfs: support NFSv2 export (bnc#929871). - Btrfs: update fix for read corruption of compressed and shared extents (bsc#948256). - Drivers: hv: do not do hypercalls when hypercall_page is NULL. - Drivers: hv: vmbus: add special crash handler. - Drivers: hv: vmbus: add special kexec handler. - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from hv_synic_cleanup(). - Input: evdev - do not report errors form flush() (bsc#939834). - Input: synaptics - do not retrieve the board id on old firmwares (bsc#929092). - Input: synaptics - log queried and quirked dimension values (bsc#929092). - Input: synaptics - query min dimensions for fw v8.1. - Input: synaptics - remove X1 Carbon 3rd gen from the topbuttonpad list (bsc#929092). - Input: synaptics - remove X250 from the topbuttonpad list. - Input: synaptics - remove obsolete min/max quirk for X240 (bsc#929092). - Input: synaptics - skip quirks when post-2013 dimensions (bsc#929092). - Input: synaptics - split synaptics_resolution(), query first (bsc#929092). - Input: synaptics - support min/max board id in min_max_pnpid_table (bsc#929092). - NFS: Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - NFSv4: do not set SETATTR for O_RDONLY|O_EXCL (bsc#939716). - PCI: Move MPS configuration check to pci_configure_device() (bsc#943313). - PCI: Set MPS to match upstream bridge (bsc#943313). - SCSI: fix regression in scsi_send_eh_cmnd() (bsc#930813). - SCSI: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - SCSI: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398). - UAS: fixup for remaining use of dead_list (bnc#934942). - USB: storage: use %*ph specifier to dump small buffers (bnc#934942). - aio: fix reqs_available handling (bsc#943378). - audit: do not generate loginuid log when audit disabled (bsc#941098). - blk-merge: do not compute bi_phys_segments from bi_vcnt for cloned bio (bnc#934430). - blk-merge: fix blk_recount_segments (bnc#934430). - blk-merge: recaculate segment if it isn't less than max segments (bnc#934430). - block: add queue flag for disabling SG merging (bnc#934430). - block: blk-merge: fix blk_recount_segments() (bnc#934430). - config: disable CONFIG_TCM_RBD on ppc64le and s390x - cpufreq: intel_pstate: Add CPU ID for Braswell processor. - dlm: fix missing endian conversion of rcom_status flags (bsc#940679). - dm cache mq: fix memory allocation failure for large cache devices (bsc#942707). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/radeon: fix hotplug race at startup (bsc#942307). - ethtool, net/mlx4_en: Add 100M, 20G, 56G speeds ethtool reporting support (bsc#945710). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hv: fcopy: add memory barrier to propagate state (bnc#943529). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - intel_pstate: Add CPU IDs for Broadwell processors. - intel_pstate: Add CPUID for BDW-H CPU. - intel_pstate: Add support for SkyLake. - intel_pstate: Correct BYT VID values (bnc#907973). - intel_pstate: Remove periodic P state boost (bnc#907973). - intel_pstate: add sample time scaling (bnc#907973, bnc#924722, bnc#916543). - intel_pstate: don't touch turbo bit if turbo disabled or unavailable (bnc#907973). - intel_pstate: remove setting P state to MAX on init (bnc#907973). - intel_pstate: remove unneeded sample buffers (bnc#907973). - intel_pstate: set BYT MSR with wrmsrl_on_cpu() (bnc#907973). - ipr: Fix incorrect trace indexing (bsc#940912). - ipr: Fix invalid array indexing for HRRQ (bsc#940912). - iwlwifi: dvm: drop non VO frames when flushing (bsc#940545). - kABI workaround for ieee80211_ops.flush argument change (bsc#940545). - kconfig: Do not print status messages in make -s mode (bnc#942160). - kernel/modsign_uefi.c: Check for EFI_RUNTIME_SERVICES in load_uefi_certs (bsc#856382). - kernel: do full redraw of the 3270 screen on reconnect (bnc#943476, LTC#129509). - kexec: define kexec_in_progress in !CONFIG_KEXEC case. - kvm: Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS (bsc#947537). - lpfc: Fix scsi prep dma buf error (bsc#908950). - mac80211: add vif to flush call (bsc#940545). - md/bitmap: do not abuse i_writecount for bitmap files (bsc#943270). - md/bitmap: protect clearing of ->bitmap by mddev->lock (bnc#912183). - md/raid5: use ->lock to protect accessing raid5 sysfs attributes (bnc#912183). - md: fix problems with freeing private data after ->run failure (bnc#912183). - md: level_store: group all important changes into one place (bnc#912183). - md: move GET_BITMAP_FILE ioctl out from mddev_lock (bsc#943270). - md: protect ->pers changes with mddev->lock (bnc#912183). - md: remove mddev_lock from rdev_attr_show() (bnc#912183). - md: remove mddev_lock() from md_attr_show() (bnc#912183). - md: remove need for mddev_lock() in md_seq_show() (bnc#912183). - md: split detach operation out from ->stop (bnc#912183). - md: tidy up set_bitmap_file (bsc#943270). - megaraid_sas: Handle firmware initialization after fast boot (bsc#922071). - mfd: lpc_ich: Assign subdevice ids automatically (bnc#898159). - mm: filemap: Avoid unnecessary barriers and waitqueue lookups -fix (VM/FS Performance (bnc#941951)). - mm: make page pfmemalloc check more robust (bnc#920016). - mm: numa: disable change protection for vma(VM_HUGETLB) (bnc#943573). - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - net/mlx4_core: Add ethernet backplane autoneg device capability (bsc#945710). - net/mlx4_core: Introduce ACCESS_REG CMD and eth_prot_ctrl dev cap (bsc#945710). - net/mlx4_en: Use PTYS register to query ethtool settings (bsc#945710). - net/mlx4_en: Use PTYS register to set ethtool settings (Speed) (bsc#945710). - rcu: Reject memory-order-induced stall-warning false positives (bnc#941908). - s390/dasd: fix kernel panic when alias is set offline (bnc#940965, LTC#128595). - sched: Fix KMALLOC_MAX_SIZE overflow during cpumask allocation (bnc#939266). - sched: Fix cpu_active_mask/cpu_online_mask race (bsc#936773). - sched, numa: do not hint for NUMA balancing on VM_MIXEDMAP mappings (bnc#943573). - uas: Add US_FL_MAX_SECTORS_240 flag (bnc#934942). - uas: Add response iu handling (bnc#934942). - uas: Add uas_get_tag() helper function (bnc#934942). - uas: Check against unexpected completions (bnc#934942). - uas: Cleanup uas_log_cmd_state usage (bnc#934942). - uas: Do not log urb status error on cancellation (bnc#934942). - uas: Do not use scsi_host_find_tag (bnc#934942). - uas: Drop COMMAND_COMPLETED flag (bnc#934942). - uas: Drop all references to a scsi_cmnd once it has been aborted (bnc#934942). - uas: Drop inflight list (bnc#934942). - uas: Fix memleak of non-submitted urbs (bnc#934942). - uas: Fix resetting flag handling (bnc#934942). - uas: Free data urbs on completion (bnc#934942). - uas: Log error codes when logging errors (bnc#934942). - uas: Reduce number of function arguments for uas_alloc_foo functions (bnc#934942). - uas: Remove cmnd reference from the cmd urb (bnc#934942). - uas: Remove support for old sense ui as used in pre-production hardware (bnc#934942). - uas: Remove task-management / abort error handling code (bnc#934942). - uas: Set max_sectors_240 quirk for ASM1053 devices (bnc#934942). - uas: Simplify reset / disconnect handling (bnc#934942). - uas: Simplify unlink of data urbs on error (bnc#934942). - uas: Use scsi_print_command (bnc#934942). - uas: pre_reset and suspend: Fix a few races (bnc#934942). - uas: zap_pending: data urbs should have completed at this time (bnc#934942). - x86/kernel: Do not reserve crashkernel high memory if crashkernel low memory reserving failed (bsc#939145). - x86/smpboot: Check for cpu_active on cpu initialization (bsc#932285). - x86/smpboot: Check for cpu_active on cpu initialization (bsc#936773). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#944028). - xhci: rework cycle bit checking for new dequeue pointers (bnc#944028). - xfs: Fix file type directory corruption for btree directories (bsc#941305). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-668=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-668=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-668=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-668=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-668=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-668=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.48-52.27.1 kernel-default-debugsource-3.12.48-52.27.1 kernel-default-extra-3.12.48-52.27.1 kernel-default-extra-debuginfo-3.12.48-52.27.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.48-52.27.1 kernel-obs-build-debugsource-3.12.48-52.27.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.48-52.27.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.48-52.27.1 kernel-default-base-3.12.48-52.27.1 kernel-default-base-debuginfo-3.12.48-52.27.1 kernel-default-debuginfo-3.12.48-52.27.1 kernel-default-debugsource-3.12.48-52.27.1 kernel-default-devel-3.12.48-52.27.1 kernel-syms-3.12.48-52.27.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.48-52.27.2 kernel-xen-base-3.12.48-52.27.2 kernel-xen-base-debuginfo-3.12.48-52.27.2 kernel-xen-debuginfo-3.12.48-52.27.2 kernel-xen-debugsource-3.12.48-52.27.2 kernel-xen-devel-3.12.48-52.27.2 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.48-52.27.1 kernel-macros-3.12.48-52.27.1 kernel-source-3.12.48-52.27.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.48-52.27.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.48-52.27.1 kernel-ec2-debuginfo-3.12.48-52.27.1 kernel-ec2-debugsource-3.12.48-52.27.1 kernel-ec2-devel-3.12.48-52.27.1 kernel-ec2-extra-3.12.48-52.27.1 kernel-ec2-extra-debuginfo-3.12.48-52.27.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_48-52_27-default-1-2.6 kgraft-patch-3_12_48-52_27-xen-1-2.6 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.48-52.27.1 kernel-default-debuginfo-3.12.48-52.27.1 kernel-default-debugsource-3.12.48-52.27.1 kernel-default-devel-3.12.48-52.27.1 kernel-default-extra-3.12.48-52.27.1 kernel-default-extra-debuginfo-3.12.48-52.27.1 kernel-syms-3.12.48-52.27.1 kernel-xen-3.12.48-52.27.2 kernel-xen-debuginfo-3.12.48-52.27.2 kernel-xen-debugsource-3.12.48-52.27.2 kernel-xen-devel-3.12.48-52.27.2 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.48-52.27.1 kernel-macros-3.12.48-52.27.1 kernel-source-3.12.48-52.27.1 References: https://www.suse.com/security/cve/CVE-2015-5156.html https://www.suse.com/security/cve/CVE-2015-5157.html https://www.suse.com/security/cve/CVE-2015-5283.html https://www.suse.com/security/cve/CVE-2015-5697.html https://www.suse.com/security/cve/CVE-2015-6252.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7613.html https://bugzilla.suse.com/856382 https://bugzilla.suse.com/886785 https://bugzilla.suse.com/898159 https://bugzilla.suse.com/907973 https://bugzilla.suse.com/908950 https://bugzilla.suse.com/912183 https://bugzilla.suse.com/914818 https://bugzilla.suse.com/916543 https://bugzilla.suse.com/920016 https://bugzilla.suse.com/922071 https://bugzilla.suse.com/924722 https://bugzilla.suse.com/929092 https://bugzilla.suse.com/929871 https://bugzilla.suse.com/930813 https://bugzilla.suse.com/932285 https://bugzilla.suse.com/932350 https://bugzilla.suse.com/934430 https://bugzilla.suse.com/934942 https://bugzilla.suse.com/934962 https://bugzilla.suse.com/936556 https://bugzilla.suse.com/936773 https://bugzilla.suse.com/937609 https://bugzilla.suse.com/937612 https://bugzilla.suse.com/937613 https://bugzilla.suse.com/937616 https://bugzilla.suse.com/938550 https://bugzilla.suse.com/938706 https://bugzilla.suse.com/938891 https://bugzilla.suse.com/938892 https://bugzilla.suse.com/938893 https://bugzilla.suse.com/939145 https://bugzilla.suse.com/939266 https://bugzilla.suse.com/939716 https://bugzilla.suse.com/939834 https://bugzilla.suse.com/939994 https://bugzilla.suse.com/940398 https://bugzilla.suse.com/940545 https://bugzilla.suse.com/940679 https://bugzilla.suse.com/940776 https://bugzilla.suse.com/940912 https://bugzilla.suse.com/940925 https://bugzilla.suse.com/940965 https://bugzilla.suse.com/941098 https://bugzilla.suse.com/941305 https://bugzilla.suse.com/941908 https://bugzilla.suse.com/941951 https://bugzilla.suse.com/942160 https://bugzilla.suse.com/942204 https://bugzilla.suse.com/942307 https://bugzilla.suse.com/942367 https://bugzilla.suse.com/948536 From sle-updates at lists.suse.com Tue Oct 13 04:09:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Oct 2015 12:09:48 +0200 (CEST) Subject: SUSE-OU-2015:1728-1: Initial release of openstack-nova-docker Message-ID: <20151013100948.059803213D@maintenance.suse.de> SUSE Optional Update: Initial release of openstack-nova-docker ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1728-1 Rating: low References: #937661 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for the Cloud Compute 12 extension introduces support for Docker. The following packages have been added to the product: - openstack-nova-docker: The Docker Driver for OpenStack Compute. - python-docker-py: A Docker API client written in Python. - python-websocket-client: A WebSocket client for Python. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-670=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): openstack-nova-docker-0.0.0.post141-2.3 python-docker-py-1.1.0-20.2 python-websocket-client-0.15.0-7.3 References: https://bugzilla.suse.com/937661 From sle-updates at lists.suse.com Tue Oct 13 04:10:06 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Oct 2015 12:10:06 +0200 (CEST) Subject: SUSE-RU-2015:1729-1: Recommended update for release-notes-suse-cloud Message-ID: <20151013101006.7357F3213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-suse-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1729-1 Rating: low References: #920794 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the following additions for the release notes: - Add mention of VXLAN support. - Add mentions of DVR and docker driver as tech preview. - Mention the issue with shared storage and qemu/kvm UID/GID not being the same on SLE11 and SLE12 after upgrade (bsc#920794). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-release-notes-suse-cloud-201507-12125=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): release-notes-suse-cloud-5.0.5-0.11.1 References: https://bugzilla.suse.com/920794 From sle-updates at lists.suse.com Tue Oct 13 04:10:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Oct 2015 12:10:25 +0200 (CEST) Subject: SUSE-RU-2015:1730-1: moderate: Recommended update for various Crowbar barclamps and OpenStack components Message-ID: <20151013101025.EEB523213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for various Crowbar barclamps and OpenStack components ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1730-1 Rating: moderate References: #895594 #915245 #917091 #917328 #919963 #922751 #927625 #928189 #931043 #931284 #931839 #934225 #934523 #934651 #934688 #937117 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that solves one vulnerability and has 15 fixes is now available. Description: This update provides fixes and enhancements for various Crowbar barclamps and OpenStack components. crowbar-barclamp-ceilometer: - Do not assume ceilometer-agent-hyperv is listed in elements. (bsc#937117) crowbar-barclamp-cinder: - Fix hideShow toggle of password_field in backends. (bsc#919963) crowbar-barclamp-neutron: - Set dhcp_agents_per_network option. (bsc#928189) - Set dhcp_agents_per_network only in HA mode. (bsc#934651) - Allocate SDN IP for NSX nodes. (bsc#934688) - Pass keystone admin password to neutron-ha-tool via file. (bsc#922751) - Use lower MTU value for GRE+VXLAN tunnels. (bsc#917328) - Allow Nova to work with ssl-keystone. (bsc#895594) crowbar-barclamp-nova: - Add support for Docker as tech preview. (fate#317913) - Enable the 2.1 API. (bsc#934225) - Fix parsing of "virsh secret-list" header. (bsc#931284) - Allow neutron+glance+cinder to work with ssl-keystone. (bsc#895594) openstack-neutron: - Change neutron-ha-tool to read password from /etc/neutron/os_password. (bsc#922751) - Allow images with existing routes in the network 169.254.0.0/16 to access metadata server. (bnc#915245) openstack-nova: - Backport of the NUMA checks from the master branch. (bsc#931043) - Fix metadata not returning just instance private IP. (bsc#934523) - Enable tenant/user specific instance filtering. (bsc#927625) - Cleanup allocated networks after rescheduling. (bsc#931839) - Websocket Proxy should verify Origin header to prevent Cross-Site WebSocket hijacking. (bsc#917091, CVE-2015-0259) The packages crowbar-barclamp-keystone, crowbar-barclamp-hyperv and openstack-resource-agents also received bug fixes and enhancements. For a comprehensive list of changes please refer to each package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-201508-12124=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): openstack-neutron-2014.2.4~a0~dev78-13.4 openstack-neutron-dhcp-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-ha-tool-2014.2.4~a0~dev78-13.4 openstack-neutron-ibm-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-l3-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-lbaas-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-linuxbridge-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-metadata-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-metering-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-mlnx-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-nec-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-nvsd-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-openvswitch-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-plugin-cisco-2014.2.4~a0~dev78-13.4 openstack-neutron-restproxy-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-ryu-agent-2014.2.4~a0~dev78-13.4 openstack-neutron-server-2014.2.4~a0~dev78-13.4 openstack-neutron-vpn-agent-2014.2.4~a0~dev78-13.4 openstack-nova-2014.2.4~a0~dev61-11.4 openstack-nova-api-2014.2.4~a0~dev61-11.4 openstack-nova-cells-2014.2.4~a0~dev61-11.4 openstack-nova-cert-2014.2.4~a0~dev61-11.4 openstack-nova-compute-2014.2.4~a0~dev61-11.4 openstack-nova-conductor-2014.2.4~a0~dev61-11.4 openstack-nova-console-2014.2.4~a0~dev61-11.4 openstack-nova-consoleauth-2014.2.4~a0~dev61-11.4 openstack-nova-novncproxy-2014.2.4~a0~dev61-11.4 openstack-nova-objectstore-2014.2.4~a0~dev61-11.4 openstack-nova-scheduler-2014.2.4~a0~dev61-11.4 openstack-nova-serialproxy-2014.2.4~a0~dev61-11.4 openstack-nova-vncproxy-2014.2.4~a0~dev61-11.4 python-neutron-2014.2.4~a0~dev78-13.4 python-nova-2014.2.4~a0~dev61-11.4 - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-ceilometer-1.9+git.1438201205.04a7436-9.8 crowbar-barclamp-cinder-1.9+git.1438200979.c385b03-10.8 crowbar-barclamp-hyperv-1.9+git.1432022529.1952009-10.8 crowbar-barclamp-hyperv-data-1.9+git.1432022529.1952009-10.8 crowbar-barclamp-keystone-1.9+git.1438197158.e32ec9e-10.7 crowbar-barclamp-neutron-1.9+git.1438265717.eb633ae-9.8 crowbar-barclamp-nova-1.9+git.1438201051.f8b5f34-9.8 openstack-neutron-doc-2014.2.4~a0~dev78-13.9 openstack-nova-doc-2014.2.4~a0~dev61-11.4 openstack-resource-agents-1.0+git.1417010594.e813e10-9.2 References: https://www.suse.com/security/cve/CVE-2015-0259.html https://bugzilla.suse.com/895594 https://bugzilla.suse.com/915245 https://bugzilla.suse.com/917091 https://bugzilla.suse.com/917328 https://bugzilla.suse.com/919963 https://bugzilla.suse.com/922751 https://bugzilla.suse.com/927625 https://bugzilla.suse.com/928189 https://bugzilla.suse.com/931043 https://bugzilla.suse.com/931284 https://bugzilla.suse.com/931839 https://bugzilla.suse.com/934225 https://bugzilla.suse.com/934523 https://bugzilla.suse.com/934651 https://bugzilla.suse.com/934688 https://bugzilla.suse.com/937117 From sle-updates at lists.suse.com Tue Oct 13 10:09:33 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Oct 2015 18:09:33 +0200 (CEST) Subject: SUSE-RU-2015:1731-1: Recommended update for ethtool Message-ID: <20151013160933.DF5DE3213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ethtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1731-1 Rating: low References: #927309 #945710 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The list of advertised speed modes recognized by Ethtool has been updated to include the following full-duplex modes: 56000baseKR4, 56000baseCR4, 56000baseSR4, 56000baseLR4 and 10000baseKX4. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-672=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-672=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ethtool-3.12.1-5.1 ethtool-debuginfo-3.12.1-5.1 ethtool-debugsource-3.12.1-5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ethtool-3.12.1-5.1 ethtool-debuginfo-3.12.1-5.1 ethtool-debugsource-3.12.1-5.1 References: https://bugzilla.suse.com/927309 https://bugzilla.suse.com/945710 From sle-updates at lists.suse.com Tue Oct 13 10:10:12 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Oct 2015 18:10:12 +0200 (CEST) Subject: SUSE-RU-2015:1732-1: moderate: Recommended update for tgt Message-ID: <20151013161012.580B73213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for tgt ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1732-1 Rating: moderate References: #828214 #934642 #945604 #947346 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for tgt provides the following fixes: - Allow passing of command line options via sysconfig. (bsc#828214) - Fix tgtd start-up by giving tgtd time to open the socket. (bsc#934642) - Fix rctgtd systemd service symlink. (bsc#945604) - Drop invalid ExecStopPre entry from tgtd.service. (bsc#947346) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-673=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tgt-1.0.44-6.1 tgt-debuginfo-1.0.44-6.1 tgt-debugsource-1.0.44-6.1 References: https://bugzilla.suse.com/828214 https://bugzilla.suse.com/934642 https://bugzilla.suse.com/945604 https://bugzilla.suse.com/947346 From sle-updates at lists.suse.com Wed Oct 14 02:09:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 10:09:36 +0200 (CEST) Subject: SUSE-SU-2015:1733-1: moderate: Security update for spice Message-ID: <20151014080936.B76C23213D@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1733-1 Rating: moderate References: #944460 #948976 Cross-References: CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Spice was updated to fix three security issues. The following vulnerabilities were fixed: * CVE-2015-3247: heap corruption in the spice server (bsc#944460) * CVE-2015-5261: Guest could have accessed host memory using crafted images (bsc#948976) * CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944460) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-674=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-674=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-674=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): libspice-server-devel-0.12.4-8.5.1 spice-debugsource-0.12.4-8.5.1 - SUSE Linux Enterprise Server 12 (x86_64): libspice-server1-0.12.4-8.5.1 libspice-server1-debuginfo-0.12.4-8.5.1 spice-debugsource-0.12.4-8.5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libspice-server1-0.12.4-8.5.1 libspice-server1-debuginfo-0.12.4-8.5.1 spice-debugsource-0.12.4-8.5.1 References: https://www.suse.com/security/cve/CVE-2015-3247.html https://www.suse.com/security/cve/CVE-2015-5260.html https://www.suse.com/security/cve/CVE-2015-5261.html https://bugzilla.suse.com/944460 https://bugzilla.suse.com/948976 From sle-updates at lists.suse.com Wed Oct 14 05:09:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 13:09:49 +0200 (CEST) Subject: SUSE-OU-2015:1735-1: Initial release of SLES 11-SP4 Docker image Message-ID: <20151014110949.6B6593213F@maintenance.suse.de> SUSE Optional Update: Initial release of SLES 11-SP4 Docker image ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1735-1 Rating: low References: #946718 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the initial version of the SUSE Linux Enterprise Server 11 SP4 Docker image. The following package has been added to the Containers Module: sles11sp4-docker-image. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-676=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): sles11sp4-docker-image-1.0.0-20150922122847 References: https://bugzilla.suse.com/946718 From sle-updates at lists.suse.com Wed Oct 14 06:09:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 14:09:42 +0200 (CEST) Subject: SUSE-RU-2015:1736-1: moderate: Recommended update for net-snmp Message-ID: <20151014120942.BD2533213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1736-1 Rating: moderate References: #944302 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update reenables the MD5 auth support (disabled earlier for FIPS usage), as its an external interface to NET-SNMP and needs to stay, so third party applications and tools do not break. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-677=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-677=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-677=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): net-snmp-debuginfo-5.7.2.1-4.6.1 net-snmp-debugsource-5.7.2.1-4.6.1 net-snmp-devel-5.7.2.1-4.6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libsnmp30-5.7.2.1-4.6.1 libsnmp30-debuginfo-5.7.2.1-4.6.1 net-snmp-5.7.2.1-4.6.1 net-snmp-debuginfo-5.7.2.1-4.6.1 net-snmp-debugsource-5.7.2.1-4.6.1 perl-SNMP-5.7.2.1-4.6.1 perl-SNMP-debuginfo-5.7.2.1-4.6.1 snmp-mibs-5.7.2.1-4.6.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libsnmp30-32bit-5.7.2.1-4.6.1 libsnmp30-debuginfo-32bit-5.7.2.1-4.6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libsnmp30-32bit-5.7.2.1-4.6.1 libsnmp30-5.7.2.1-4.6.1 libsnmp30-debuginfo-32bit-5.7.2.1-4.6.1 libsnmp30-debuginfo-5.7.2.1-4.6.1 net-snmp-5.7.2.1-4.6.1 net-snmp-debuginfo-5.7.2.1-4.6.1 net-snmp-debugsource-5.7.2.1-4.6.1 perl-SNMP-5.7.2.1-4.6.1 perl-SNMP-debuginfo-5.7.2.1-4.6.1 snmp-mibs-5.7.2.1-4.6.1 References: https://bugzilla.suse.com/944302 From sle-updates at lists.suse.com Wed Oct 14 08:09:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 16:09:54 +0200 (CEST) Subject: SUSE-OU-2015:1737-1: Initial release of python-susepubliccloudinfo Message-ID: <20151014140954.77E8D3213D@maintenance.suse.de> SUSE Optional Update: Initial release of python-susepubliccloudinfo ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1737-1 Rating: low References: #943490 #949281 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: The pint tool, provided by the new python-susepubliccloudinfo package, can be used to retrieve information useful for Public Cloud deployments of SUSE Linux Enterprise. SUSE Linux Enterprise images in the Partner frameworks have a defined image lifecycle. The tool can be used to retrieve information about the images considered current as well as retrieve historical information providing a chain of replacement images from any image in the past to the image considered currently active. The tool also provides information about the IP addresses of the servers that comprise the SUSE operated update infrastructure. This information is useful for routing configuration, allowing outgoing traffic to trusted external hosts only. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-susepubliccloudinfo-12126=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): python-docopt-0.6.2-2.1 python-susepubliccloudinfo-0.2.0-4.1 References: https://bugzilla.suse.com/943490 https://bugzilla.suse.com/949281 From sle-updates at lists.suse.com Wed Oct 14 08:10:29 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 16:10:29 +0200 (CEST) Subject: SUSE-OU-2015:1738-1: Initial release of python-susepubliccloudinfo Message-ID: <20151014141029.49AC73213F@maintenance.suse.de> SUSE Optional Update: Initial release of python-susepubliccloudinfo ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1738-1 Rating: low References: #943490 #949281 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: The pint tool, provided by the new python-susepubliccloudinfo package, can be used to retrieve information useful for Public Cloud deployments of SUSE Linux Enterprise. SUSE Linux Enterprise images in the Partner frameworks have a defined image lifecycle. The tool can be used to retrieve information about the images considered current as well as retrieve historical information providing a chain of replacement images from any image in the past to the image considered currently active. The tool also provides information about the IP addresses of the servers that comprise the SUSE operated update infrastructure. This information is useful for routing configuration, allowing outgoing traffic to trusted external hosts only. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-679=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-docopt-0.6.2-7.1 python-susepubliccloudinfo-0.2.0-8.1 References: https://bugzilla.suse.com/943490 https://bugzilla.suse.com/949281 From sle-updates at lists.suse.com Wed Oct 14 09:10:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 17:10:09 +0200 (CEST) Subject: SUSE-RU-2015:1739-1: Recommended update for sblim-cmpi-sysfs Message-ID: <20151014151009.66AE23213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sblim-cmpi-sysfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1739-1 Rating: low References: #927344 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sblim-cmpi-sysfs fixes enumeration of devices represented as symlinks in /sys/block. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-684=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-684=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): sblim-cmpi-sysfs-1.2.0-3.3 sblim-cmpi-sysfs-debuginfo-1.2.0-3.3 sblim-cmpi-sysfs-debugsource-1.2.0-3.3 - SUSE Linux Enterprise Desktop 12 (x86_64): sblim-cmpi-sysfs-1.2.0-3.3 sblim-cmpi-sysfs-debuginfo-1.2.0-3.3 sblim-cmpi-sysfs-debugsource-1.2.0-3.3 References: https://bugzilla.suse.com/927344 From sle-updates at lists.suse.com Wed Oct 14 09:10:30 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 17:10:30 +0200 (CEST) Subject: SUSE-SU-2015:1740-1: important: Security update for flash-player Message-ID: <20151014151030.EC7043213F@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1740-1 Rating: important References: #950169 Cross-References: CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643 CVE-2015-7644 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: flash-player was updated to version 11.2.202.535 to fix 13 security issues (bsc#950169). These security issues were fixed: - A vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628). - A defense-in-depth feature in the Flash broker API (CVE-2015-5569). - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644). - A buffer overflow vulnerability that could lead to code execution (CVE-2015-7632). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-680=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-680=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.535-105.1 flash-player-gnome-11.2.202.535-105.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.535-105.1 flash-player-gnome-11.2.202.535-105.1 References: https://www.suse.com/security/cve/CVE-2015-5569.html https://www.suse.com/security/cve/CVE-2015-7625.html https://www.suse.com/security/cve/CVE-2015-7626.html https://www.suse.com/security/cve/CVE-2015-7627.html https://www.suse.com/security/cve/CVE-2015-7628.html https://www.suse.com/security/cve/CVE-2015-7629.html https://www.suse.com/security/cve/CVE-2015-7630.html https://www.suse.com/security/cve/CVE-2015-7631.html https://www.suse.com/security/cve/CVE-2015-7632.html https://www.suse.com/security/cve/CVE-2015-7633.html https://www.suse.com/security/cve/CVE-2015-7634.html https://www.suse.com/security/cve/CVE-2015-7643.html https://www.suse.com/security/cve/CVE-2015-7644.html https://bugzilla.suse.com/950169 From sle-updates at lists.suse.com Wed Oct 14 09:10:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 17:10:49 +0200 (CEST) Subject: SUSE-RU-2015:1741-1: Recommended update for timezone Message-ID: <20151014151049.F0D953213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1741-1 Rating: low References: #948227 #948568 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides the latest timezone information (2015g) for your system, including the following changes: - Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25. - Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time. - Fiji's 2016 fall-back transition is scheduled for January 17, not 24. - Fort Nelson, British Columbia will not fall back on 2015-11-01. It has effectively been on MST (-0700) since it advanced its clocks on 2015-03-08. Add new zone America/Fort_Nelson. This release also includes changes affecting past time stamps, documentation and some minor code fixes. For a comprehensive list, refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz/2015-October/022728.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-682=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-682=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): timezone-2015g-0.26.1 timezone-debuginfo-2015g-0.26.1 timezone-debugsource-2015g-0.26.1 - SUSE Linux Enterprise Server 12 (noarch): timezone-java-2015g-0.26.1 - SUSE Linux Enterprise Desktop 12 (x86_64): timezone-2015g-0.26.1 timezone-debuginfo-2015g-0.26.1 timezone-debugsource-2015g-0.26.1 - SUSE Linux Enterprise Desktop 12 (noarch): timezone-java-2015g-0.26.1 References: https://bugzilla.suse.com/948227 https://bugzilla.suse.com/948568 From sle-updates at lists.suse.com Wed Oct 14 09:11:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 17:11:20 +0200 (CEST) Subject: SUSE-SU-2015:1742-1: important: Security update for flash-player Message-ID: <20151014151120.D87343213F@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1742-1 Rating: important References: #950169 Cross-References: CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7643 CVE-2015-7644 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: flash-player was updated to version 11.2.202.535 to fix 13 security issues (bsc#950169). These security issues were fixed: - A vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628). - A defense-in-depth feature in the Flash broker API (CVE-2015-5569). - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644). - A buffer overflow vulnerability that could lead to code execution (CVE-2015-7632). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12127=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-12127=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.535-0.20.1 flash-player-gnome-11.2.202.535-0.20.1 flash-player-kde4-11.2.202.535-0.20.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.535-0.20.1 flash-player-gnome-11.2.202.535-0.20.1 flash-player-kde4-11.2.202.535-0.20.1 References: https://www.suse.com/security/cve/CVE-2015-5569.html https://www.suse.com/security/cve/CVE-2015-7625.html https://www.suse.com/security/cve/CVE-2015-7626.html https://www.suse.com/security/cve/CVE-2015-7627.html https://www.suse.com/security/cve/CVE-2015-7628.html https://www.suse.com/security/cve/CVE-2015-7629.html https://www.suse.com/security/cve/CVE-2015-7630.html https://www.suse.com/security/cve/CVE-2015-7631.html https://www.suse.com/security/cve/CVE-2015-7632.html https://www.suse.com/security/cve/CVE-2015-7633.html https://www.suse.com/security/cve/CVE-2015-7634.html https://www.suse.com/security/cve/CVE-2015-7643.html https://www.suse.com/security/cve/CVE-2015-7644.html https://bugzilla.suse.com/950169 From sle-updates at lists.suse.com Wed Oct 14 09:11:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 17:11:51 +0200 (CEST) Subject: SUSE-RU-2015:1743-1: Recommended update for timezone Message-ID: <20151014151151.D48EC3213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1743-1 Rating: low References: #948227 #948568 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides the latest timezone information (2015g) for your system, including the following changes: - Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25. - Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time. - Fiji's 2016 fall-back transition is scheduled for January 17, not 24. - Fort Nelson, British Columbia will not fall back on 2015-11-01. It has effectively been on MST (-0700) since it advanced its clocks on 2015-03-08. Add new zone America/Fort_Nelson. This release also includes changes affecting past time stamps, documentation and some minor code fixes. For a comprehensive list, refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz/2015-October/022728.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-timezone-2015g-12128=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-timezone-2015g-12128=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-timezone-2015g-12128=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-timezone-2015g-12128=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-timezone-2015g-12128=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-timezone-2015g-12128=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-timezone-2015g-12128=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-timezone-2015g-12128=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-2015g-12128=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-timezone-2015g-12128=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-timezone-2015g-12128=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): timezone-java-2015g-0.11.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (noarch): timezone-java-2015g-0.11.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): timezone-2015g-0.11.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): timezone-java-2015g-0.11.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-2015g-0.11.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): timezone-java-2015g-0.11.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): timezone-2015g-0.11.1 - SUSE Linux Enterprise Server 11-SP3 (noarch): timezone-java-2015g-0.11.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): timezone-2015g-0.11.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (noarch): timezone-java-2015g-0.11.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): timezone-2015g-0.11.1 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): timezone-java-2015g-0.11.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): timezone-2015g-0.11.1 - SUSE Linux Enterprise Desktop 11-SP3 (noarch): timezone-java-2015g-0.11.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2015g-0.11.1 timezone-debugsource-2015g-0.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2015g-0.11.1 timezone-debugsource-2015g-0.11.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): timezone-debuginfo-2015g-0.11.1 timezone-debugsource-2015g-0.11.1 References: https://bugzilla.suse.com/948227 https://bugzilla.suse.com/948568 From sle-updates at lists.suse.com Wed Oct 14 11:10:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 19:10:07 +0200 (CEST) Subject: SUSE-RU-2015:1745-1: Recommended update for gconf2 Message-ID: <20151014171007.81FB83213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gconf2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1745-1 Rating: low References: #909045 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gconf2 modifies gconftool to use fdatasync() instead of fsync(), as the latter comes with a significant performance penalty. Additionally, when the tool detects that the operating system is being installed, explicit calls to data synchronization functions are skipped. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gconf2-12129=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-gconf2-12129=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-gconf2-12129=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gconf2-12129=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-gconf2-12129=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-gconf2-12129=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-gconf2-12129=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gconf2-12129=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-gconf2-12129=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gconf2-devel-2.28.0-1.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): gconf2-doc-2.28.0-1.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): gconf2-devel-2.28.0-1.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): gconf2-doc-2.28.0-1.8.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): gconf2-2.28.0-1.8.1 gconf2-doc-2.28.0-1.8.1 gconf2-lang-2.28.0-1.8.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): gconf2-32bit-2.28.0-1.8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gconf2-2.28.0-1.8.1 gconf2-doc-2.28.0-1.8.1 gconf2-lang-2.28.0-1.8.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): gconf2-32bit-2.28.0-1.8.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): gconf2-x86-2.28.0-1.8.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): gconf2-2.28.0-1.8.1 gconf2-doc-2.28.0-1.8.1 gconf2-lang-2.28.0-1.8.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): gconf2-32bit-2.28.0-1.8.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): gconf2-x86-2.28.0-1.8.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): gconf2-2.28.0-1.8.1 gconf2-lang-2.28.0-1.8.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): gconf2-32bit-2.28.0-1.8.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): gconf2-2.28.0-1.8.1 gconf2-lang-2.28.0-1.8.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): gconf2-32bit-2.28.0-1.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gconf2-debuginfo-2.28.0-1.8.1 gconf2-debugsource-2.28.0-1.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): gconf2-debuginfo-32bit-2.28.0-1.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gconf2-debuginfo-x86-2.28.0-1.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): gconf2-debuginfo-2.28.0-1.8.1 gconf2-debugsource-2.28.0-1.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x x86_64): gconf2-debuginfo-32bit-2.28.0-1.8.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): gconf2-debuginfo-x86-2.28.0-1.8.1 References: https://bugzilla.suse.com/909045 From sle-updates at lists.suse.com Wed Oct 14 11:10:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 19:10:39 +0200 (CEST) Subject: SUSE-RU-2015:1746-1: Recommended update for gconf2 Message-ID: <20151014171039.4E45E3213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gconf2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1746-1 Rating: low References: #909045 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gconf2 modifies gconftool to use fdatasync() instead of fsync(), as the latter comes with a significant performance penalty. Additionally, when the tool detects that the operating system is being installed, explicit calls to data synchronization functions are skipped. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-685=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-685=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-685=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gconf2-debuginfo-3.2.6-7.1 gconf2-debugsource-3.2.6-7.1 gconf2-devel-3.2.6-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gconf2-3.2.6-7.1 gconf2-debuginfo-3.2.6-7.1 gconf2-debugsource-3.2.6-7.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): gconf2-32bit-3.2.6-7.1 gconf2-debuginfo-32bit-3.2.6-7.1 - SUSE Linux Enterprise Server 12 (noarch): gconf2-lang-3.2.6-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gconf2-3.2.6-7.1 gconf2-32bit-3.2.6-7.1 gconf2-debuginfo-3.2.6-7.1 gconf2-debuginfo-32bit-3.2.6-7.1 gconf2-debugsource-3.2.6-7.1 - SUSE Linux Enterprise Desktop 12 (noarch): gconf2-lang-3.2.6-7.1 References: https://bugzilla.suse.com/909045 From sle-updates at lists.suse.com Wed Oct 14 13:09:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 21:09:55 +0200 (CEST) Subject: SUSE-RU-2015:1747-1: moderate: Recommended update for glibc Message-ID: <20151014190955.8C9B53213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1747-1 Rating: moderate References: #942317 #945779 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: glibc was updated to fix a regression in a previous security fix, where users from large groups could go missing (bsc#945779, GLIBC BZ #18991). Also on PowerPC links to Power7 libraries are created for Power8 platform (bsc#942317) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-12130=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-glibc-12130=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-glibc-12130=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-12130=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-glibc-12130=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-glibc-12130=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-glibc-12130=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-12130=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-12130=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.90.4 glibc-info-2.11.3-17.90.4 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): glibc-html-2.11.3-17.90.4 glibc-info-2.11.3-17.90.4 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): glibc-2.11.3-17.90.4 glibc-devel-2.11.3-17.90.4 glibc-html-2.11.3-17.90.4 glibc-i18ndata-2.11.3-17.90.4 glibc-info-2.11.3-17.90.4 glibc-locale-2.11.3-17.90.4 glibc-profile-2.11.3-17.90.4 nscd-2.11.3-17.90.4 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): glibc-32bit-2.11.3-17.90.4 glibc-devel-32bit-2.11.3-17.90.4 glibc-locale-32bit-2.11.3-17.90.4 glibc-profile-32bit-2.11.3-17.90.4 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.90.4 glibc-devel-2.11.3-17.90.4 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.90.4 glibc-i18ndata-2.11.3-17.90.4 glibc-info-2.11.3-17.90.4 glibc-locale-2.11.3-17.90.4 glibc-profile-2.11.3-17.90.4 nscd-2.11.3-17.90.4 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.90.4 glibc-devel-32bit-2.11.3-17.90.4 glibc-locale-32bit-2.11.3-17.90.4 glibc-profile-32bit-2.11.3-17.90.4 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.90.4 glibc-profile-x86-2.11.3-17.90.4 glibc-x86-2.11.3-17.90.4 - SUSE Linux Enterprise Server 11-SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.90.4 glibc-devel-2.11.3-17.90.4 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.90.4 glibc-i18ndata-2.11.3-17.90.4 glibc-info-2.11.3-17.90.4 glibc-locale-2.11.3-17.90.4 glibc-profile-2.11.3-17.90.4 nscd-2.11.3-17.90.4 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.90.4 glibc-devel-32bit-2.11.3-17.90.4 glibc-locale-32bit-2.11.3-17.90.4 glibc-profile-32bit-2.11.3-17.90.4 - SUSE Linux Enterprise Server 11-SP3 (ia64): glibc-locale-x86-2.11.3-17.90.4 glibc-profile-x86-2.11.3-17.90.4 glibc-x86-2.11.3-17.90.4 - SUSE Linux Enterprise Desktop 11-SP4 (i586 i686 x86_64): glibc-2.11.3-17.90.4 glibc-devel-2.11.3-17.90.4 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): glibc-i18ndata-2.11.3-17.90.4 glibc-locale-2.11.3-17.90.4 nscd-2.11.3-17.90.4 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): glibc-32bit-2.11.3-17.90.4 glibc-devel-32bit-2.11.3-17.90.4 glibc-locale-32bit-2.11.3-17.90.4 - SUSE Linux Enterprise Desktop 11-SP3 (i586 i686 x86_64): glibc-2.11.3-17.90.4 glibc-devel-2.11.3-17.90.4 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): glibc-i18ndata-2.11.3-17.90.4 glibc-locale-2.11.3-17.90.4 nscd-2.11.3-17.90.4 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): glibc-32bit-2.11.3-17.90.4 glibc-devel-32bit-2.11.3-17.90.4 glibc-locale-32bit-2.11.3-17.90.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.90.4 glibc-debugsource-2.11.3-17.90.4 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.90.4 glibc-debugsource-2.11.3-17.90.4 References: https://bugzilla.suse.com/942317 https://bugzilla.suse.com/945779 From sle-updates at lists.suse.com Wed Oct 14 13:10:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 21:10:37 +0200 (CEST) Subject: SUSE-RU-2015:1748-1: moderate: Recommended update for nfs-utils Message-ID: <20151014191037.C241D3213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1748-1 Rating: moderate References: #898674 #912277 #930972 #941645 #941833 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for nfs-utils provides the following fixes: - Correctly handle NFSV4LEASETIME setting in nfsserver.init. (bsc#941833) - Only start rpc.gssd if /etc/krb5.keytab exists. (bsc#912277) - Allow setting of STATD_PORT, STATD_HOSTNAME, LOCKD_TCPPORT and LOCKD_UDPPORT in sysconfig.nfs. (bsc#941645) - Install nfs-config.service so sysconfig.nfs variables are available to rpc-statd.service. (bsc#930972, bsc#941645) - Use start-statd helper to start statd so that systemctl is used and proper sysconfig variables applied. (bsc#941645) - Make blkmapd dump useful device information to syslog. (bsc#898674) - Fix multipath handling in blkmapd. (bsc#898674) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-689=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-689=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): nfs-client-1.3.0-9.1 nfs-client-debuginfo-1.3.0-9.1 nfs-doc-1.3.0-9.1 nfs-kernel-server-1.3.0-9.1 nfs-kernel-server-debuginfo-1.3.0-9.1 nfs-utils-debugsource-1.3.0-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): nfs-client-1.3.0-9.1 nfs-client-debuginfo-1.3.0-9.1 nfs-kernel-server-1.3.0-9.1 nfs-kernel-server-debuginfo-1.3.0-9.1 nfs-utils-debugsource-1.3.0-9.1 References: https://bugzilla.suse.com/898674 https://bugzilla.suse.com/912277 https://bugzilla.suse.com/930972 https://bugzilla.suse.com/941645 https://bugzilla.suse.com/941833 From sle-updates at lists.suse.com Wed Oct 14 13:11:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Oct 2015 21:11:50 +0200 (CEST) Subject: SUSE-RU-2015:1749-1: Recommended update for wayland Message-ID: <20151014191150.B1B493213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for wayland ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1749-1 Rating: low References: #948612 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Wayland adds new functionality to the server API and protocol like a new subsurface compositor interface and functions to improve the stability of compositors which will be used by 3rd-party packages. These changes are binary compatible with previous releases and won't provide any benefit by themselves to users, but 3rd-party packages will be able to use them in the future. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-687=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-687=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-687=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-687=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libwayland-client0-1.2.1-5.1 libwayland-client0-debuginfo-1.2.1-5.1 libwayland-cursor0-1.2.1-5.1 libwayland-cursor0-debuginfo-1.2.1-5.1 libwayland-server0-1.2.1-5.1 libwayland-server0-debuginfo-1.2.1-5.1 wayland-debugsource-1.2.1-5.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): wayland-debugsource-1.2.1-5.1 wayland-devel-1.2.1-5.1 wayland-devel-debuginfo-1.2.1-5.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libwayland-client0-32bit-1.2.1-5.1 libwayland-client0-debuginfo-32bit-1.2.1-5.1 libwayland-cursor0-32bit-1.2.1-5.1 libwayland-cursor0-debuginfo-32bit-1.2.1-5.1 libwayland-server0-32bit-1.2.1-5.1 libwayland-server0-debuginfo-32bit-1.2.1-5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libwayland-client0-1.2.1-5.1 libwayland-client0-32bit-1.2.1-5.1 libwayland-client0-debuginfo-1.2.1-5.1 libwayland-client0-debuginfo-32bit-1.2.1-5.1 libwayland-cursor0-1.2.1-5.1 libwayland-cursor0-32bit-1.2.1-5.1 libwayland-cursor0-debuginfo-1.2.1-5.1 libwayland-cursor0-debuginfo-32bit-1.2.1-5.1 libwayland-server0-1.2.1-5.1 libwayland-server0-32bit-1.2.1-5.1 libwayland-server0-debuginfo-1.2.1-5.1 libwayland-server0-debuginfo-32bit-1.2.1-5.1 wayland-debugsource-1.2.1-5.1 References: https://bugzilla.suse.com/948612 From sle-updates at lists.suse.com Thu Oct 15 05:20:14 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 13:20:14 +0200 (CEST) Subject: SUSE-RU-2015:1753-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20151015112014.0B9103213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1753-1 Rating: moderate References: #923990 #929979 #932288 #933738 #935377 #936182 #936545 #936869 #937029 #940361 #944263 #945380 #946381 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for SUSE Manager Client Tools provides the following fixes and enhancements: hwdata: - Updated pci, usb and vendor ids. osad: - Re-send subscription stanzas after a while. (bsc#933738) spacecmd: - Revert "1207606 - Do not return one package multiple times". (bsc#945380) - Check for existence of device description in spacecmd system_listhardware. (bsc#932288) spacewalk-backend: - Read repository checksum type after setting the certificate for a repository. - Define db_password to be read as a string. (bsc#946381) - Enhance date only in patches to full ISO datetime. (bsc#937029) - Fix UnboundLocalError on rhnFault in dist upgrade. (bsc#936182) - Detect new and old SUSE patch style. (bsc#936869) spacewalk-client-tools: - Add info on how to increase verbosity. (bsc#944263) - Disable dmidecode on s390 and s390x. (bsc#936545) - Recognize '.site' as an official TLD. (bsc#923990) - Check for multiple entries in /etc/hostname. (bsc#929979) suseRegisterInfo: - Enable zypp readonly switch for product information retrieval. (bsc#940361) zypp-plugin-spacewalk: - Fix output of client events. (bsc#935377) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2015-693=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (ppc64le s390x x86_64): suseRegisterInfo-2.1.11-15.1 zypp-plugin-spacewalk-0.9.10-12.1 - SUSE Manager Tools 12 (noarch): hwdata-0.282-3.1 osad-5.11.33.10-20.1 spacecmd-2.1.25.10-11.1 spacewalk-backend-libs-2.1.55.21-20.1 spacewalk-check-2.1.16.9-18.1 spacewalk-client-setup-2.1.16.9-18.1 spacewalk-client-tools-2.1.16.9-18.1 References: https://bugzilla.suse.com/923990 https://bugzilla.suse.com/929979 https://bugzilla.suse.com/932288 https://bugzilla.suse.com/933738 https://bugzilla.suse.com/935377 https://bugzilla.suse.com/936182 https://bugzilla.suse.com/936545 https://bugzilla.suse.com/936869 https://bugzilla.suse.com/937029 https://bugzilla.suse.com/940361 https://bugzilla.suse.com/944263 https://bugzilla.suse.com/945380 https://bugzilla.suse.com/946381 From sle-updates at lists.suse.com Thu Oct 15 05:22:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 13:22:52 +0200 (CEST) Subject: SUSE-RU-2015:1754-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20151015112252.EC4303213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1754-1 Rating: moderate References: #923990 #929979 #935377 #936545 #940361 #944263 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for SUSE Manager Client Tools provides the following fixes and enhancements: spacewalk-client-tools: - Add info on how to increase verbosity. (bsc#944263) - Disable dmidecode on s390 and s390x. (bsc#936545) - Recognize '.site' as an official TLD. (bsc#923990) - Check for multiple entries in /etc/hostname. (bsc#929979) suseRegisterInfo: - Enable zypp readonly switch for product information retrieval. (bsc#940361) zypp-plugin-spacewalk: - Fix output of client events. (bsc#935377) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-client-tools-21-201509-12132=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-client-tools-21-201509-12132=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-client-tools-21-201509-12132=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-client-tools-21-201509-12132=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-client-tools-21-201509-12132=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): suseRegisterInfo-2.1.11-11.1 zypp-plugin-spacewalk-0.9.10-12.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): spacewalk-check-2.1.16.9-12.1 spacewalk-client-setup-2.1.16.9-12.1 spacewalk-client-tools-2.1.16.9-12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): suseRegisterInfo-2.1.11-11.1 zypp-plugin-spacewalk-0.9.10-12.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): spacewalk-check-2.1.16.9-12.1 spacewalk-client-setup-2.1.16.9-12.1 spacewalk-client-tools-2.1.16.9-12.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): suseRegisterInfo-2.1.11-11.1 zypp-plugin-spacewalk-0.9.10-12.1 - SUSE Linux Enterprise Server 11-SP3 (noarch): spacewalk-check-2.1.16.9-12.1 spacewalk-client-setup-2.1.16.9-12.1 spacewalk-client-tools-2.1.16.9-12.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): suseRegisterInfo-2.1.11-11.1 zypp-plugin-spacewalk-0.9.10-12.1 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): spacewalk-check-2.1.16.9-12.1 spacewalk-client-setup-2.1.16.9-12.1 spacewalk-client-tools-2.1.16.9-12.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): suseRegisterInfo-2.1.11-11.1 zypp-plugin-spacewalk-0.9.10-12.1 - SUSE Linux Enterprise Desktop 11-SP3 (noarch): spacewalk-check-2.1.16.9-12.1 spacewalk-client-setup-2.1.16.9-12.1 spacewalk-client-tools-2.1.16.9-12.1 References: https://bugzilla.suse.com/923990 https://bugzilla.suse.com/929979 https://bugzilla.suse.com/935377 https://bugzilla.suse.com/936545 https://bugzilla.suse.com/940361 https://bugzilla.suse.com/944263 From sle-updates at lists.suse.com Thu Oct 15 05:24:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 13:24:11 +0200 (CEST) Subject: SUSE-RU-2015:1755-1: Recommended update for yast2-registration and SUSEConnect Message-ID: <20151015112411.AEEE03213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration and SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1755-1 Rating: low References: #949424 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-registration and SUSEConnect provides the following fixes and improvements: yast2-registration: - Addon selection dialog - avoid possible ID duplicates when an addon with multiple versions is displayed, fixes the problem when registering SES1.0 or SES2.0 extension (bsc#949424) - Addon selection dialog - sort the addons by the displayed label, not by the internal name (which might not be unique) (bsc#949424) - Require connect >= 0.2.14.42 to allow using a SCC server side workaround for bsc#949424 in the original GA installer SUSEConnect: - Ensure version of SUSEConnect is bumped in order to be able to distinct requests from affected YaST version in SCC API Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-696=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-696=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): SUSEConnect-0.2.14.42-9.3.1 ruby2.1-rubygem-suse-connect-0.2.14.42-9.3.1 - SUSE Linux Enterprise Server 12 (noarch): yast2-registration-3.1.129.2-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): SUSEConnect-0.2.14.42-9.3.1 ruby2.1-rubygem-suse-connect-0.2.14.42-9.3.1 - SUSE Linux Enterprise Desktop 12 (noarch): yast2-registration-3.1.129.2-21.1 References: https://bugzilla.suse.com/949424 From sle-updates at lists.suse.com Thu Oct 15 05:24:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 13:24:32 +0200 (CEST) Subject: SUSE-RU-2015:1756-1: moderate: Recommended update for SUSE Manager Proxy 2.1 Message-ID: <20151015112432.9A10F3213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1756-1 Rating: moderate References: #823813 #923990 #929979 #932288 #933738 #935377 #936545 #940361 #940923 #944263 #945380 #946381 Affected Products: SUSE Manager Proxy 2.1 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This collective update for SUSE Manager Proxy 2.1 provides the following fixes and enhancements: jabberd: - Change attribute of config files from %config(noreplace) to %config. (bsc#940923) - Automatically clean stale locks on startup. (bsc#933738) osad: - Re-send subscription stanzas after a while. (bsc#933738) sm-client-tools: - Show progress bar while registering for better user interaction. (bsc#823813) - Added support for openSUSE clients. spacecmd: - Revert "1207606 - Do not return one package multiple times". (bsc#945380) - Check for existence of device description in spacecmd system_listhardware. (bsc#932288) spacewalk-backend: - Read repository checksum type after setting the certificate for a repository. - Define db_password to be read as a string. (bsc#946381) spacewalk-certs-tools: - FULLY_UPDATE_THIS_BOX defaults to 0 now. Add option '--up2date' to mgr-bootstrap to fully update the system after registration. - Add sudo support to ssh-push. spacewalk-client-tools: - Add info on how to increase verbosity. (bsc#944263) - Disable dmidecode on s390 and s390x. (bsc#936545) - Recognize '.site' as an official TLD. (bsc#923990) - Check for multiple entries in /etc/hostname. (bsc#929979) spacewalk-web: - Added sudo user configuration option and comments. suseRegisterInfo: - Enable zypp readonly switch for product information retrieval. (bsc#940361) zypp-plugin-spacewalk: - Fix output of client events. (bsc#935377) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-suse-manager-proxy-21-201509-12132=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 2.1 (x86_64): jabberd-2.2.17-0.11.1 jabberd-db-2.2.17-0.11.1 spacecmd-2.1.25.10-12.1 spacewalk-backend-2.1.55.21-15.2 spacewalk-backend-libs-2.1.55.21-15.2 suseRegisterInfo-2.1.11-11.1 zypp-plugin-spacewalk-0.9.10-12.1 - SUSE Manager Proxy 2.1 (noarch): osad-5.11.33.10-12.1 sm-client-tools-1.2.3-0.11.1 spacewalk-base-minimal-2.1.60.13-9.1 spacewalk-base-minimal-config-2.1.60.13-9.1 spacewalk-certs-tools-2.1.6.7-9.1 spacewalk-check-2.1.16.9-12.1 spacewalk-client-setup-2.1.16.9-12.1 spacewalk-client-tools-2.1.16.9-12.1 References: https://bugzilla.suse.com/823813 https://bugzilla.suse.com/923990 https://bugzilla.suse.com/929979 https://bugzilla.suse.com/932288 https://bugzilla.suse.com/933738 https://bugzilla.suse.com/935377 https://bugzilla.suse.com/936545 https://bugzilla.suse.com/940361 https://bugzilla.suse.com/940923 https://bugzilla.suse.com/944263 https://bugzilla.suse.com/945380 https://bugzilla.suse.com/946381 From sle-updates at lists.suse.com Thu Oct 15 05:26:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 13:26:51 +0200 (CEST) Subject: SUSE-SU-2015:1757-1: important: Security update for docker Message-ID: <20151015112651.01B223213F@maintenance.suse.de> SUSE Security Update: Security update for docker ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1757-1 Rating: important References: #949660 Cross-References: CVE-2014-8178 CVE-2014-8179 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: docker was updated to version 1.8.3 to fix two security issues. These security issues were fixed: - CVE-2014-8178: Manipulated layer IDs could have lead to local graph poisoning (bsc#949660). - CVE-2014-8179: Manifest validation and parsing logic errors allowed pull-by-digest validation bypass (bsc#949660). This non-security issues was fixed: - Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry More information about docker 1.8.3 can be found at https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/ Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-691=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): docker-1.8.3-49.1 docker-debuginfo-1.8.3-49.1 docker-debugsource-1.8.3-49.1 References: https://www.suse.com/security/cve/CVE-2014-8178.html https://www.suse.com/security/cve/CVE-2014-8179.html https://bugzilla.suse.com/949660 From sle-updates at lists.suse.com Thu Oct 15 05:27:10 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 13:27:10 +0200 (CEST) Subject: SUSE-RU-2015:1758-1: moderate: Recommended update for SUSE Manager Server 2.1 Message-ID: <20151015112710.BBA693213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1758-1 Rating: moderate References: #823813 #900087 #907525 #907825 #910666 #912339 #917771 #918994 #919093 #923990 #929379 #929979 #931239 #931519 #932288 #933298 #933304 #933738 #935377 #935387 #936545 #937030 #937046 #940361 #940511 #940811 #940923 #943283 #944220 #944263 #944729 #945275 #945380 #946248 #946381 Affected Products: SUSE Manager 2.1 ______________________________________________________________________________ An update that has 35 recommended fixes can now be installed. Description: This collective update for SUSE Manager Server 2.1 provides the following new features: - Prevent creation of channels with reserved names. (bsc#939349, fate#319308) - Add SLE-Toolchain-12 Module. (bsc#942918, fate#316684) - Support sudo with ssh-push. Additionally, several issues have been fixed: jabberd: - Change attribute of config files from %config(noreplace) to %config. (bsc#940923) - Automatically clean stale locks on startup. (bsc#933738) osad: - Re-send subscription stanzas after a while. (bsc#933738) pxe-default-image: - Add missing dependency on haveged. sm-client-tools: - Show progress bar while registering for better user interaction. (bsc#823813) - Added support for openSUSE clients. spacecmd: - Revert "1207606 - Do not return one package multiple times". (bsc#945380) - Check for existence of device description in spacecmd system_listhardware. (bsc#932288) spacewalk-backend: - Read repository checksum type after setting the certificate for a repository. - Define db_password to be read as a string. (bsc#946381) spacewalk-branding: - Display a warning if the update stack is not up-to-date. - Remove Upgrade Path from jsp page and StringResources. spacewalk-certs-tools: - FULLY_UPDATE_THIS_BOX defaults to 0 now. Add option '--up2date' to mgr-bootstrap to fully update the system after registration. - Add sudo support to ssh-push. spacewalk-client-tools: - Add info on how to increase verbosity. (bsc#944263) - Disable dmidecode on s390 and s390x. (bsc#936545) - Recognize '.site' as an official TLD. (bsc#923990) - Check for multiple entries in /etc/hostname. (bsc#929979) spacewalk-java: - Support ssh-push with sudo. - Fix CVE Audit for LTSS channels by looking at individual packages. (bsc#944729) - Use same regexp for channel name as in CreateChannelCommand. (bsc#946248) - Prevent major version Service Pack updates from 11 to 12. - Display a warning if the update stack is not up-to-date. - Fix output of client events. (bsc#935377) - Fix pagination buttons. (bsc#935387) - Fix typo in Organization users page. (bsc#943283) - Do not return a OES repository with null credentials. (bsc#937030) - Fix link back to the associated channel. (bsc#931519) spacewalk-web: - Added sudo user configuration option and comments. suseRegisterInfo: - Enable zypp readonly switch for product information retrieval. (bsc#940361) susemanager: - Added python-gobject2, libudev1 and udev to SLE12 bootstrap repository. (bsc#945275) - Do some more checks for validity of email address during setup. (bsc#933304) - Refer to mgr-sync instead of mgr-ncc-sync after successful setup. (bsc#940811) - Timeout when user does not enter credentials for 60 seconds for mgr-sync. susemanager-jsp_en, susemanager-manuals_en: - Update text and image files. (bsc#940511) - Use "Organization Credentials" instead of "Mirror Credentials". (bsc#907825) - "Setup without Internet Connection". (bsc#937046) - Traceback email and web.default_mail_from explanation. (bsc#933298) - Emphasis taskomatic.maxmemory in documentation. (bsc#931239) - RPC Connection Timeout Settings. (bsc#929379) - Setup hints. (bsc#919093) - Deleting SUSE Channels. (bsc#917771) - Proxy to Internet / Certs. (bsc#912339) - Doc comments done. (bsc#910666) - NCC to SCC switch with SUSE Manager 2.1 (YaST changes). (bsc#907525) - CVE Audit clarifications. (bsc#900087) susemanager-schema: - Set errata-cache job to run every minute if old schedule is still active. (bsc#918994) susemanager-sync-data: - Add channels for SLE Point of Service 11-SP2. (bsc#944220) - Changed SAP All-in-One names. zypp-plugin-spacewalk: - Fix output of client events. (bsc#935377) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-suse-manager-21-201509-12132=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (s390x x86_64): jabberd-2.2.17-0.11.1 jabberd-db-2.2.17-0.11.1 spacecmd-2.1.25.10-12.1 spacewalk-backend-2.1.55.21-15.2 spacewalk-backend-app-2.1.55.21-15.2 spacewalk-backend-applet-2.1.55.21-15.2 spacewalk-backend-config-files-2.1.55.21-15.2 spacewalk-backend-config-files-common-2.1.55.21-15.2 spacewalk-backend-config-files-tool-2.1.55.21-15.2 spacewalk-backend-iss-2.1.55.21-15.2 spacewalk-backend-iss-export-2.1.55.21-15.2 spacewalk-backend-libs-2.1.55.21-15.2 spacewalk-backend-package-push-server-2.1.55.21-15.2 spacewalk-backend-server-2.1.55.21-15.2 spacewalk-backend-sql-2.1.55.21-15.2 spacewalk-backend-sql-oracle-2.1.55.21-15.2 spacewalk-backend-sql-postgresql-2.1.55.21-15.2 spacewalk-backend-tools-2.1.55.21-15.2 spacewalk-backend-xml-export-libs-2.1.55.21-15.2 spacewalk-backend-xmlrpc-2.1.55.21-15.2 spacewalk-branding-2.1.33.13-9.1 suseRegisterInfo-2.1.11-11.1 susemanager-2.1.21-12.1 susemanager-tools-2.1.21-12.1 zypp-plugin-spacewalk-0.9.10-12.1 - SUSE Manager 2.1 (noarch): osa-dispatcher-5.11.33.10-12.1 pxe-default-image-0.1-0.22.1 sm-client-tools-1.2.3-0.11.1 spacewalk-base-2.1.60.13-9.1 spacewalk-base-minimal-2.1.60.13-9.1 spacewalk-base-minimal-config-2.1.60.13-9.1 spacewalk-certs-tools-2.1.6.7-9.1 spacewalk-check-2.1.16.9-12.1 spacewalk-client-setup-2.1.16.9-12.1 spacewalk-client-tools-2.1.16.9-12.1 spacewalk-grail-2.1.60.13-9.1 spacewalk-html-2.1.60.13-9.1 spacewalk-java-2.1.165.19-9.1 spacewalk-java-config-2.1.165.19-9.1 spacewalk-java-lib-2.1.165.19-9.1 spacewalk-java-oracle-2.1.165.19-9.1 spacewalk-java-postgresql-2.1.165.19-9.1 spacewalk-pxt-2.1.60.13-9.1 spacewalk-sniglets-2.1.60.13-9.1 spacewalk-taskomatic-2.1.165.19-9.1 susemanager-client-config_en-pdf-2.1-19.4 susemanager-install_en-pdf-2.1-19.4 susemanager-jsp_en-2.1-19.8 susemanager-manuals_en-2.1-19.4 susemanager-proxy-quick_en-pdf-2.1-19.4 susemanager-reference_en-pdf-2.1-19.4 susemanager-schema-2.1.50.14-9.1 susemanager-sync-data-2.1.9-12.1 susemanager-user_en-pdf-2.1-19.4 References: https://bugzilla.suse.com/823813 https://bugzilla.suse.com/900087 https://bugzilla.suse.com/907525 https://bugzilla.suse.com/907825 https://bugzilla.suse.com/910666 https://bugzilla.suse.com/912339 https://bugzilla.suse.com/917771 https://bugzilla.suse.com/918994 https://bugzilla.suse.com/919093 https://bugzilla.suse.com/923990 https://bugzilla.suse.com/929379 https://bugzilla.suse.com/929979 https://bugzilla.suse.com/931239 https://bugzilla.suse.com/931519 https://bugzilla.suse.com/932288 https://bugzilla.suse.com/933298 https://bugzilla.suse.com/933304 https://bugzilla.suse.com/933738 https://bugzilla.suse.com/935377 https://bugzilla.suse.com/935387 https://bugzilla.suse.com/936545 https://bugzilla.suse.com/937030 https://bugzilla.suse.com/937046 https://bugzilla.suse.com/940361 https://bugzilla.suse.com/940511 https://bugzilla.suse.com/940811 https://bugzilla.suse.com/940923 https://bugzilla.suse.com/943283 https://bugzilla.suse.com/944220 https://bugzilla.suse.com/944263 https://bugzilla.suse.com/944729 https://bugzilla.suse.com/945275 https://bugzilla.suse.com/945380 https://bugzilla.suse.com/946248 https://bugzilla.suse.com/946381 From sle-updates at lists.suse.com Thu Oct 15 05:33:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 13:33:59 +0200 (CEST) Subject: SUSE-RU-2015:1759-1: moderate: Recommended update for xorg-x11-server Message-ID: <20151015113359.13BE23213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1759-1 Rating: moderate References: #934643 #941230 #945423 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for xorg-x11-server provides the following fixes: - Fix crash on VT switch on a 2nd generation server (ie. after a server reset). (bsc#945423) - Fix jpeg in tightvnc encoding. (bsc#941230) - Fix pointer events in VNC. (bsc#934643) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-server-12134=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-xorg-x11-server-12134=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-xorg-x11-server-12134=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-server-12134=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-xorg-x11-server-12134=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-xorg-x11-server-12134=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-xorg-x11-server-12134=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-server-12134=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-server-12134=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.111.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.111.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): xorg-x11-Xvnc-7.4-27.111.1 xorg-x11-server-7.4-27.111.1 xorg-x11-server-extra-7.4-27.111.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.111.1 xorg-x11-server-7.4-27.111.1 xorg-x11-server-extra-7.4-27.111.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.111.1 xorg-x11-server-7.4-27.111.1 xorg-x11-server-extra-7.4-27.111.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): xorg-x11-Xvnc-7.4-27.111.1 xorg-x11-server-7.4-27.111.1 xorg-x11-server-extra-7.4-27.111.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): xorg-x11-Xvnc-7.4-27.111.1 xorg-x11-server-7.4-27.111.1 xorg-x11-server-extra-7.4-27.111.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.111.1 xorg-x11-server-debugsource-7.4-27.111.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.111.1 xorg-x11-server-debugsource-7.4-27.111.1 References: https://bugzilla.suse.com/934643 https://bugzilla.suse.com/941230 https://bugzilla.suse.com/945423 From sle-updates at lists.suse.com Thu Oct 15 05:34:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 13:34:57 +0200 (CEST) Subject: SUSE-RU-2015:1760-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20151015113457.0A7B73213F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1760-1 Rating: moderate References: #923990 #929979 #932288 #933738 #935377 #936545 #940361 #944263 #945380 #946381 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for SUSE Manager Client Tools provides the following fixes and enhancements: osad: - Re-send subscription stanzas after a while. (bsc#933738) spacecmd: - Revert "1207606 - Do not return one package multiple times". (bsc#945380) - Check for existence of device description in spacecmd system_listhardware. (bsc#932288) spacewalk-backend: - Read repository checksum type after setting the certificate for a repository. - Define db_password to be read as a string. (bsc#946381) spacewalk-client-tools: - Add info on how to increase verbosity. (bsc#944263) - Disable dmidecode on s390 and s390x. (bsc#936545) - Recognize '.site' as an official TLD. (bsc#923990) - Check for multiple entries in /etc/hostname. (bsc#929979) suseRegisterInfo: - Enable zypp readonly switch for product information retrieval. (bsc#940361) zypp-plugin-spacewalk: - Fix output of client events. (bsc#935377) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-21-201509-12132=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-21-201509-12132=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): spacecmd-2.1.25.10-12.1 spacewalk-backend-libs-2.1.55.21-15.2 suseRegisterInfo-2.1.11-11.1 zypp-plugin-spacewalk-0.9.10-12.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): osad-5.11.33.10-12.1 spacewalk-check-2.1.16.9-12.1 spacewalk-client-setup-2.1.16.9-12.1 spacewalk-client-tools-2.1.16.9-12.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): spacecmd-2.1.25.10-12.1 spacewalk-backend-libs-2.1.55.21-15.2 suseRegisterInfo-2.1.11-11.1 zypp-plugin-spacewalk-0.9.10-12.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): osad-5.11.33.10-12.1 spacewalk-check-2.1.16.9-12.1 spacewalk-client-setup-2.1.16.9-12.1 spacewalk-client-tools-2.1.16.9-12.1 References: https://bugzilla.suse.com/923990 https://bugzilla.suse.com/929979 https://bugzilla.suse.com/932288 https://bugzilla.suse.com/933738 https://bugzilla.suse.com/935377 https://bugzilla.suse.com/936545 https://bugzilla.suse.com/940361 https://bugzilla.suse.com/944263 https://bugzilla.suse.com/945380 https://bugzilla.suse.com/946381 From sle-updates at lists.suse.com Thu Oct 15 08:09:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 16:09:56 +0200 (CEST) Subject: SUSE-RU-2015:1761-1: moderate: Recommended update for Ceph Message-ID: <20151015140956.48A0032147@maintenance.suse.de> SUSE Recommended Update: Recommended update for Ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1761-1 Rating: moderate References: #948925 Affected Products: SUSE Enterprise Storage 2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Ceph brings back the "write-same" operation, which was unintentionally removed during the integration of Ceph 0.94.3. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2015-698=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2 (x86_64): ceph-0.94.3+git.1444304050.353c00e-4.3 ceph-common-0.94.3+git.1444304050.353c00e-4.3 ceph-common-debuginfo-0.94.3+git.1444304050.353c00e-4.3 ceph-debuginfo-0.94.3+git.1444304050.353c00e-4.3 ceph-debugsource-0.94.3+git.1444304050.353c00e-4.3 ceph-fuse-0.94.3+git.1444304050.353c00e-4.3 ceph-fuse-debuginfo-0.94.3+git.1444304050.353c00e-4.3 ceph-radosgw-0.94.3+git.1444304050.353c00e-4.3 ceph-radosgw-debuginfo-0.94.3+git.1444304050.353c00e-4.3 ceph-test-0.94.3+git.1444304050.353c00e-4.3 ceph-test-debuginfo-0.94.3+git.1444304050.353c00e-4.3 libcephfs1-0.94.3+git.1444304050.353c00e-4.3 libcephfs1-debuginfo-0.94.3+git.1444304050.353c00e-4.3 librados2-0.94.3+git.1444304050.353c00e-4.3 librados2-debuginfo-0.94.3+git.1444304050.353c00e-4.3 libradosstriper1-0.94.3+git.1444304050.353c00e-4.3 libradosstriper1-debuginfo-0.94.3+git.1444304050.353c00e-4.3 librbd1-0.94.3+git.1444304050.353c00e-4.3 librbd1-debuginfo-0.94.3+git.1444304050.353c00e-4.3 python-cephfs-0.94.3+git.1444304050.353c00e-4.3 python-rados-0.94.3+git.1444304050.353c00e-4.3 python-rbd-0.94.3+git.1444304050.353c00e-4.3 rbd-fuse-0.94.3+git.1444304050.353c00e-4.3 rbd-fuse-debuginfo-0.94.3+git.1444304050.353c00e-4.3 rest-bench-0.94.3+git.1444304050.353c00e-4.3 rest-bench-debuginfo-0.94.3+git.1444304050.353c00e-4.3 References: https://bugzilla.suse.com/948925 From sle-updates at lists.suse.com Thu Oct 15 08:10:15 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 16:10:15 +0200 (CEST) Subject: SUSE-RU-2015:1762-1: important: Recommended update for dracut Message-ID: <20151015141015.DAE4132147@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1762-1 Rating: important References: #898711 #904533 #905746 #912734 #919179 #922676 #931307 #932981 #936736 #939101 #940100 #940585 #943312 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for Dracut provides the following fixes: - Revert patch for bsc#912734 ("parse rootflags correctly") to fix a regression. The bug which got fixed by the reverted patch is solved via documentation TID: https://www.suse.com/support/kb/doc.php?id=7016840 (bsc#940100) - Ensure that the correct FONT_MAP files are installed into the initrd. (bsc#932981, bsc#943312, bsc#904533) - Check for existence of link targets (/run), fixing a critical bug for s390x kiwi images which need the symlink from /var/run to /run. (bsc#922676) - Multiple fixes to iSCSI and multipath booting. (bsc#919179, bsc#898711) - Fix a few issues and improve support for DMRAID. (bsc#905746, bsc#940585) - Fix nfs rootfs in case of mounting via IPv4 address and not hostname. (bsc#931307) - Do not open an unprotected root shell on failure. (bsc#936736) - Update active_devices.txt from /boot/zipl device. (bsc#939101) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-699=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-699=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): dracut-037-51.13.1 dracut-debuginfo-037-51.13.1 dracut-debugsource-037-51.13.1 dracut-fips-037-51.13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): dracut-037-51.13.1 dracut-debuginfo-037-51.13.1 dracut-debugsource-037-51.13.1 References: https://bugzilla.suse.com/898711 https://bugzilla.suse.com/904533 https://bugzilla.suse.com/905746 https://bugzilla.suse.com/912734 https://bugzilla.suse.com/919179 https://bugzilla.suse.com/922676 https://bugzilla.suse.com/931307 https://bugzilla.suse.com/932981 https://bugzilla.suse.com/936736 https://bugzilla.suse.com/939101 https://bugzilla.suse.com/940100 https://bugzilla.suse.com/940585 https://bugzilla.suse.com/943312 From sle-updates at lists.suse.com Thu Oct 15 10:09:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 18:09:41 +0200 (CEST) Subject: SUSE-RU-2015:1763-1: moderate: Recommended update for apache2-mod_nss Message-ID: <20151015160941.AB20F32147@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1763-1 Rating: moderate References: #897712 #902068 #927402 #928039 #930186 #930922 #933265 #933832 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: apache2-mod_nss was updated to fix various bugs. The apache2 mod_nss module was updated to fix various bugs. * The default cipher list in the config template was updated and some less secure ciphers removed. (bsc#928039) * Various improvements and bugfixes to Server Name Indication (SNI) support were done, fixing bugs on machines with multiple vhosts and similar. (bnc#927402, bsc#927402, bsc#928039, bsc#930922, bsc#930186, bnc#897712) * Added an alert about incorrect permissions on the certificate database (bsc#933265) * Adding small fixes for support of TLS v1.2 [bnc#902068] * send TLS server name extension on proxy connections [bsc#933832] Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-700=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): apache2-mod_nss-1.0.8-10.8.1 apache2-mod_nss-debuginfo-1.0.8-10.8.1 apache2-mod_nss-debugsource-1.0.8-10.8.1 References: https://bugzilla.suse.com/897712 https://bugzilla.suse.com/902068 https://bugzilla.suse.com/927402 https://bugzilla.suse.com/928039 https://bugzilla.suse.com/930186 https://bugzilla.suse.com/930922 https://bugzilla.suse.com/933265 https://bugzilla.suse.com/933832 From sle-updates at lists.suse.com Thu Oct 15 11:09:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Oct 2015 19:09:40 +0200 (CEST) Subject: SUSE-RU-2015:1764-1: Recommended update for python-novaclient Message-ID: <20151015170940.2916432147@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-novaclient ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1764-1 Rating: low References: #946205 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-novaclient adds a runtime dependency on python-keystoneclient. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-python-novaclient-12137=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): python-novaclient-2.20.0-12.1 python-novaclient-doc-2.20.0-12.1 References: https://bugzilla.suse.com/946205 From sle-updates at lists.suse.com Fri Oct 16 02:09:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Oct 2015 10:09:37 +0200 (CEST) Subject: SUSE-SU-2015:1765-1: moderate: Security update for vorbis-tools Message-ID: <20151016080937.8A7E7320DB@maintenance.suse.de> SUSE Security Update: Security update for vorbis-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1765-1 Rating: moderate References: #943795 Cross-References: CVE-2015-6749 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: vorbis-tools was updated to fix a buffer overflow in aiff_open() that could be triggered by opening prepared malicious files. (CVE-2015-6749, bsc#943795). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-704=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-704=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): vorbis-tools-1.4.0-26.1 vorbis-tools-debuginfo-1.4.0-26.1 vorbis-tools-debugsource-1.4.0-26.1 - SUSE Linux Enterprise Server 12 (noarch): vorbis-tools-lang-1.4.0-26.1 - SUSE Linux Enterprise Desktop 12 (x86_64): vorbis-tools-1.4.0-26.1 vorbis-tools-debuginfo-1.4.0-26.1 vorbis-tools-debugsource-1.4.0-26.1 - SUSE Linux Enterprise Desktop 12 (noarch): vorbis-tools-lang-1.4.0-26.1 References: https://www.suse.com/security/cve/CVE-2015-6749.html https://bugzilla.suse.com/943795 From sle-updates at lists.suse.com Fri Oct 16 05:09:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Oct 2015 13:09:38 +0200 (CEST) Subject: SUSE-RU-2015:1766-1: moderate: Recommended update for xf86-video-qxl Message-ID: <20151016110938.4890C31FF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-video-qxl ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1766-1 Rating: moderate References: #945279 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xf86-video-qxl fixes potential crashes within the driver when resetting or VT switching Xserver. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xf86-video-qxl-12138=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xf86-video-qxl-12138=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xf86-video-qxl-0.1.3-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xf86-video-qxl-debuginfo-0.1.3-3.1 xf86-video-qxl-debugsource-0.1.3-3.1 References: https://bugzilla.suse.com/945279 From sle-updates at lists.suse.com Fri Oct 16 08:10:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Oct 2015 16:10:00 +0200 (CEST) Subject: SUSE-RU-2015:1767-1: Recommended update for pciutils-ids Message-ID: <20151016141000.4AA95320D8@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils-ids ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1767-1 Rating: low References: #911528 #944104 #944436 #944825 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: The system's PCI IDs database has been updated to version 2015.10.07. Additionally, the merge-pciids.pl script was fixed to not print warnings about conflicting definitions by default. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-708=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-708=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): pciutils-ids-2015.09.01-8.1 - SUSE Linux Enterprise Desktop 12 (noarch): pciutils-ids-2015.09.01-8.1 References: https://bugzilla.suse.com/911528 https://bugzilla.suse.com/944104 https://bugzilla.suse.com/944436 https://bugzilla.suse.com/944825 From sle-updates at lists.suse.com Fri Oct 16 09:09:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Oct 2015 17:09:41 +0200 (CEST) Subject: SUSE-RU-2015:1769-1: Recommended update for gdm Message-ID: <20151016150941.D01B3320DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1769-1 Rating: low References: #882032 #926264 #949741 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for gdm provides the following fixes: - Respect DISPLAYMANAGER_ROOT_LOGIN_REMOTE option from /etc/sysconfig/displaymanager. (bsc#926264) - Fix permissions of /var/log/gdm. (bsc#882032) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-709=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-709=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-709=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gdm-debuginfo-3.10.0.1-23.1 gdm-debugsource-3.10.0.1-23.1 gdm-devel-3.10.0.1-23.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gdm-3.10.0.1-23.1 gdm-debuginfo-3.10.0.1-23.1 gdm-debugsource-3.10.0.1-23.1 libgdm1-3.10.0.1-23.1 libgdm1-debuginfo-3.10.0.1-23.1 typelib-1_0-Gdm-1_0-3.10.0.1-23.1 - SUSE Linux Enterprise Server 12 (noarch): gdm-branding-upstream-3.10.0.1-23.1 gdm-lang-3.10.0.1-23.1 gdmflexiserver-3.10.0.1-23.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gdm-3.10.0.1-23.1 gdm-debuginfo-3.10.0.1-23.1 gdm-debugsource-3.10.0.1-23.1 libgdm1-3.10.0.1-23.1 libgdm1-debuginfo-3.10.0.1-23.1 typelib-1_0-Gdm-1_0-3.10.0.1-23.1 - SUSE Linux Enterprise Desktop 12 (noarch): gdm-branding-upstream-3.10.0.1-23.1 gdm-lang-3.10.0.1-23.1 gdmflexiserver-3.10.0.1-23.1 References: https://bugzilla.suse.com/882032 https://bugzilla.suse.com/926264 https://bugzilla.suse.com/949741 From sle-updates at lists.suse.com Fri Oct 16 09:10:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Oct 2015 17:10:25 +0200 (CEST) Subject: SUSE-SU-2015:1770-1: critical: Security update for flash-player Message-ID: <20151016151025.A5C7D320DB@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1770-1 Rating: critical References: #950474 Cross-References: CVE-2015-7645 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-707=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-707=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.540-108.1 flash-player-gnome-11.2.202.540-108.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.540-108.1 flash-player-gnome-11.2.202.540-108.1 References: https://www.suse.com/security/cve/CVE-2015-7645.html https://bugzilla.suse.com/950474 From sle-updates at lists.suse.com Fri Oct 16 09:10:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Oct 2015 17:10:44 +0200 (CEST) Subject: SUSE-SU-2015:1771-1: critical: Security update for flash-player Message-ID: <20151016151045.01283320DB@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1771-1 Rating: critical References: #950474 Cross-References: CVE-2015-7645 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12139=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-12139=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.540-0.23.1 flash-player-gnome-11.2.202.540-0.23.1 flash-player-kde4-11.2.202.540-0.23.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.540-0.23.1 flash-player-gnome-11.2.202.540-0.23.1 flash-player-kde4-11.2.202.540-0.23.1 References: https://www.suse.com/security/cve/CVE-2015-7645.html https://bugzilla.suse.com/950474 From sle-updates at lists.suse.com Fri Oct 16 10:09:34 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Oct 2015 18:09:34 +0200 (CEST) Subject: SUSE-RU-2015:1772-1: Recommended update for timezone Message-ID: <20151016160934.6463B320DB@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1772-1 Rating: low References: #948227 #948568 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. It includes one version update. Description: This update provides the latest timezone information (2015g) for your system, including the following changes: * Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25. * Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time. * Fiji's 2016 fall-back transition is scheduled for January 17, not 24. * Fort Nelson, British Columbia will not fall back on 2015-11-01. It has effectively been on MST (-0700) since it advanced its clocks on 2015-03-08. Add new zone America/Fort_Nelson. This release also includes changes affecting past time stamps, documentation and some minor code fixes. For a comprehensive list, refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz/2015-October/022728.html Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 2015g]: timezone-2015g-0.5.1 References: https://bugzilla.suse.com/948227 https://bugzilla.suse.com/948568 https://download.suse.com/patch/finder/?keywords=76d9cfe3e241d852aa1ab573f2dd26a8 From sle-updates at lists.suse.com Mon Oct 19 01:09:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Oct 2015 09:09:40 +0200 (CEST) Subject: SUSE-RU-2015:1774-1: Recommended update for cmpi-provider-register Message-ID: <20151019070940.4CE0C320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for cmpi-provider-register ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1774-1 Rating: low References: #642831 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cmpi-provider-register provides the following fixes: - Do not put empty element (i.e., the current directory) in LD_LIBRARY_PATH if LD_LIBRARY_PATH is set but empty. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-711=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-711=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): cmpi-provider-register-1.0.1-3.1 - SUSE Linux Enterprise Desktop 12 (noarch): cmpi-provider-register-1.0.1-3.1 References: https://bugzilla.suse.com/642831 From sle-updates at lists.suse.com Mon Oct 19 02:09:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Oct 2015 10:09:41 +0200 (CEST) Subject: SUSE-SU-2015:1775-1: moderate: Security update for vorbis-tools Message-ID: <20151019080941.0B9DF320F0@maintenance.suse.de> SUSE Security Update: Security update for vorbis-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1775-1 Rating: moderate References: #914439 #914441 #943795 Cross-References: CVE-2014-9638 CVE-2014-9639 CVE-2015-6749 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: vorbis-tools was updated to fix several security issues. - A buffer overflow in aiff_open() that could be triggered by opening prepared malicious files (CVE-2015-6749, bsc#943795). - A division by zero and integer overflow by crafted WAV files was fixed (CVE-2014-9638, CVE-2014-9639, bnc#914439, bnc#914441). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-vorbis-tools-12141=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-vorbis-tools-12141=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-vorbis-tools-12141=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-vorbis-tools-12141=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): vorbis-tools-1.1.1-174.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): vorbis-tools-1.1.1-174.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): vorbis-tools-debuginfo-1.1.1-174.1 vorbis-tools-debugsource-1.1.1-174.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): vorbis-tools-debuginfo-1.1.1-174.1 vorbis-tools-debugsource-1.1.1-174.1 References: https://www.suse.com/security/cve/CVE-2014-9638.html https://www.suse.com/security/cve/CVE-2014-9639.html https://www.suse.com/security/cve/CVE-2015-6749.html https://bugzilla.suse.com/914439 https://bugzilla.suse.com/914441 https://bugzilla.suse.com/943795 From sle-updates at lists.suse.com Mon Oct 19 02:10:26 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Oct 2015 10:10:26 +0200 (CEST) Subject: SUSE-SU-2015:1776-1: moderate: Security update for haproxy Message-ID: <20151019081026.9196A320F0@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1776-1 Rating: moderate References: #937042 #937202 #947204 Cross-References: CVE-2015-3281 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: haxproy was updated to backport various security fixes and related patches (bsc#937202) (bsc#937042) (CVE-2015-3281) + BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data + BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id + MEDIUM: ssl: replace standards DH groups with custom ones + BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten + MINOR: ssl: add a destructor to free allocated SSL ressources + BUG/MINOR: ssl: Display correct filename in error message + MINOR: ssl: load certificates in alphabetical order + BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks + BUG/MEDIUM: ssl: force a full GC in case of memory shortage + BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. + BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates + MINOR: ssl: add statement to force some ssl options in global. + MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs Also the init script was fixed for the haproxy status checks (bsc#947204) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-haproxy-12142=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): haproxy-1.5.4-12.1 References: https://www.suse.com/security/cve/CVE-2015-3281.html https://bugzilla.suse.com/937042 https://bugzilla.suse.com/937202 https://bugzilla.suse.com/947204 From sle-updates at lists.suse.com Mon Oct 19 10:09:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Oct 2015 18:09:48 +0200 (CEST) Subject: SUSE-RU-2015:1780-1: moderate: Recommended update for apache2-mod_nss Message-ID: <20151019160948.99B5C320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1780-1 Rating: moderate References: #921182 #927402 #928039 #930186 #930922 #933265 #933832 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: The apache2 mod_nss module was updated to fix various bugs. * The default cipher list in the config template was updated and some less secure ciphers removed. (bsc#928039) * Various improvements and bugfixes to Server Name Indication (SNI) support were done, fixing bugs on machines with multiple vhosts and similar. (bnc#927402, bsc#927402, bsc#928039, bsc#930922, bsc#930186) * Added an alert about incorrect permissions on the certificate database (bsc#933265) * Send TLS server name extension on proxy connections (bsc#933832) * Removed the currently unsupported cipher ecdhe_rsa_aes_256_sha256 from the sample config (bsc#921182) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-apache2-mod_nss-12143=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-apache2-mod_nss-12143=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-apache2-mod_nss-12143=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-apache2-mod_nss-12143=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-apache2-mod_nss-12143=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): apache2-mod_nss-1.0.8-0.4.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.8-0.4.19.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.8-0.4.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-debuginfo-1.0.8-0.4.19.1 apache2-mod_nss-debugsource-1.0.8-0.4.19.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-debuginfo-1.0.8-0.4.19.1 apache2-mod_nss-debugsource-1.0.8-0.4.19.1 References: https://bugzilla.suse.com/921182 https://bugzilla.suse.com/927402 https://bugzilla.suse.com/928039 https://bugzilla.suse.com/930186 https://bugzilla.suse.com/930922 https://bugzilla.suse.com/933265 https://bugzilla.suse.com/933832 From sle-updates at lists.suse.com Tue Oct 20 02:09:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Oct 2015 10:09:52 +0200 (CEST) Subject: SUSE-SU-2015:1782-1: important: Security update for qemu Message-ID: <20151020080952.A1662320E8@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1782-1 Rating: important References: #902737 #928308 #934506 #934517 #936537 #937125 #937572 #938344 #939216 #943446 #944017 #945404 #945778 #945987 #945989 Cross-References: CVE-2014-7815 CVE-2015-5154 CVE-2015-5278 CVE-2015-5279 CVE-2015-6855 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 10 fixes is now available. Description: qemu was updated to fix several security issues and bugs. The following vulnerabilities were fixed: - CVE-2015-5154: Heap-based buffer overflow in the IDE subsystem in QEMU, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. (bsc#938344). - CVE-2015-5278: QEMU was vulnerable to an infinite loop issue that could occur when receiving packets over the network. (bsc#945989) - CVE-2015-5279: QEMU was vulnerable to a heap buffer overflow issue that could occur when receiving packets over the network. (bsc#945987) - CVE-2015-6855: QEMU was vulnerable to a divide by zero issue that could occur while executing an IDE command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. (bsc#945404) - CVE-2014-7815: The set_pixel_format function in ui/vnc.c in QEMU allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. (bsc#902737): Also these non-security issues were fixed: - bsc#937572: Fixed dictzip on big endian systems - bsc#934517: Fix 'info tlb' causes guest to freeze - bsc#934506: Fix vte monitor consol looks empy - bsc#937125: Fix parsing of scsi-disk wwn uint64 property - bsc#945778: Drop .probe hooks for DictZip and tar block drivers - bsc#937572: Fold common-obj-y -> block-obj-y change into original patches - bsc#928308,bsc#944017: Fix virtio-ccw index errors when initrd gets too large - bsc#936537: Fix possible qemu-img error when converting to compressed qcow2 image - bsc#939216: Fix reboot fail after install using uefi - bsc#943446: qemu-img convert doesn't create MB aligned VHDs anymore Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-715=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-715=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): qemu-2.0.2-48.9.1 qemu-block-curl-2.0.2-48.9.1 qemu-block-curl-debuginfo-2.0.2-48.9.1 qemu-debugsource-2.0.2-48.9.1 qemu-guest-agent-2.0.2-48.9.1 qemu-guest-agent-debuginfo-2.0.2-48.9.1 qemu-lang-2.0.2-48.9.1 qemu-tools-2.0.2-48.9.1 qemu-tools-debuginfo-2.0.2-48.9.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): qemu-kvm-2.0.2-48.9.1 - SUSE Linux Enterprise Server 12 (ppc64le): qemu-ppc-2.0.2-48.9.1 qemu-ppc-debuginfo-2.0.2-48.9.1 - SUSE Linux Enterprise Server 12 (noarch): qemu-ipxe-1.0.0-48.9.1 qemu-seabios-1.7.4-48.9.1 qemu-sgabios-8-48.9.1 qemu-vgabios-1.7.4-48.9.1 - SUSE Linux Enterprise Server 12 (x86_64): qemu-block-rbd-2.0.2-48.9.1 qemu-block-rbd-debuginfo-2.0.2-48.9.1 qemu-x86-2.0.2-48.9.1 qemu-x86-debuginfo-2.0.2-48.9.1 - SUSE Linux Enterprise Server 12 (s390x): qemu-s390-2.0.2-48.9.1 qemu-s390-debuginfo-2.0.2-48.9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): qemu-2.0.2-48.9.1 qemu-block-curl-2.0.2-48.9.1 qemu-block-curl-debuginfo-2.0.2-48.9.1 qemu-debugsource-2.0.2-48.9.1 qemu-kvm-2.0.2-48.9.1 qemu-tools-2.0.2-48.9.1 qemu-tools-debuginfo-2.0.2-48.9.1 qemu-x86-2.0.2-48.9.1 qemu-x86-debuginfo-2.0.2-48.9.1 - SUSE Linux Enterprise Desktop 12 (noarch): qemu-ipxe-1.0.0-48.9.1 qemu-seabios-1.7.4-48.9.1 qemu-sgabios-8-48.9.1 qemu-vgabios-1.7.4-48.9.1 References: https://www.suse.com/security/cve/CVE-2014-7815.html https://www.suse.com/security/cve/CVE-2015-5154.html https://www.suse.com/security/cve/CVE-2015-5278.html https://www.suse.com/security/cve/CVE-2015-5279.html https://www.suse.com/security/cve/CVE-2015-6855.html https://bugzilla.suse.com/902737 https://bugzilla.suse.com/928308 https://bugzilla.suse.com/934506 https://bugzilla.suse.com/934517 https://bugzilla.suse.com/936537 https://bugzilla.suse.com/937125 https://bugzilla.suse.com/937572 https://bugzilla.suse.com/938344 https://bugzilla.suse.com/939216 https://bugzilla.suse.com/943446 https://bugzilla.suse.com/944017 https://bugzilla.suse.com/945404 https://bugzilla.suse.com/945778 https://bugzilla.suse.com/945987 https://bugzilla.suse.com/945989 From sle-updates at lists.suse.com Tue Oct 20 04:10:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Oct 2015 12:10:07 +0200 (CEST) Subject: SUSE-RU-2015:1783-1: moderate: Recommended update for ksh Message-ID: <20151020101007.33779320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for ksh ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1783-1 Rating: moderate References: #887320 #924043 #924318 #926172 #934437 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for the Korn Shell (ksh) provides the following fixes: - Close the correct file descriptor when renumbering and avoid extra fork. (bsc#926172, bsc#934437) - Fix freeing memory twice if an array is turned into a compound variable and then unset. (bsc#924043) - Fix potential hangs in command substitution with large output. (bsc#887320) - Fix potential job list corruption that could lead to segmentation fault. (bsc#924318) - Fix segmentation fault with 'typeset -RF'. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ksh-12144=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-ksh-12144=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-ksh-12144=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ksh-12144=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-ksh-12144=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ksh-12144=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-ksh-12144=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-ksh-12144=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ksh-12144=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ksh-12144=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-ksh-12144=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ksh-devel-93u-0.31.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): ksh-devel-93u-0.31.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): ksh-93u-0.31.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ksh-93u-0.31.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): ksh-93u-0.31.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): ksh-93u-0.31.1 ksh-devel-93u-0.31.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): ksh-93u-0.31.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): ksh-93u-0.31.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ksh-debuginfo-93u-0.31.1 ksh-debugsource-93u-0.31.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): ksh-debuginfo-93u-0.31.1 ksh-debugsource-93u-0.31.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): ksh-debuginfo-93u-0.31.1 ksh-debugsource-93u-0.31.1 References: https://bugzilla.suse.com/887320 https://bugzilla.suse.com/924043 https://bugzilla.suse.com/924318 https://bugzilla.suse.com/926172 https://bugzilla.suse.com/934437 From sle-updates at lists.suse.com Tue Oct 20 04:12:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Oct 2015 12:12:02 +0200 (CEST) Subject: SUSE-RU-2015:1784-1: Recommended update for alacarte Message-ID: <20151020101202.96AA9320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for alacarte ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1784-1 Rating: low References: #947793 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes translation of text to non-English languages in Alacarte's user interface. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-716=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-716=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): alacarte-3.10.0-6.1 - SUSE Linux Enterprise Workstation Extension 12 (noarch): alacarte-lang-3.10.0-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): alacarte-3.10.0-6.1 - SUSE Linux Enterprise Desktop 12 (noarch): alacarte-lang-3.10.0-6.1 References: https://bugzilla.suse.com/947793 From sle-updates at lists.suse.com Tue Oct 20 05:10:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Oct 2015 13:10:02 +0200 (CEST) Subject: SUSE-SU-2015:1785-1: important: Security update for librsvg Message-ID: <20151020111002.AC016320F0@maintenance.suse.de> SUSE Security Update: Security update for librsvg ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1785-1 Rating: important References: #840753 Cross-References: CVE-2013-1881 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: librsvg was updated to fix one security issue. This security issue was fixed: - CVE-2013-1881: GNOME libsvg allowed remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (bsc#840753). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-librsvg-12145=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-librsvg-12145=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-librsvg-12145=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-librsvg-12145=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-librsvg-12145=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-librsvg-12145=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-librsvg-12145=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-librsvg-12145=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-librsvg-12145=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): librsvg-devel-2.26.0-2.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): librsvg-devel-2.26.0-2.5.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): librsvg-2.26.0-2.5.1 rsvg-view-2.26.0-2.5.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): librsvg-32bit-2.26.0-2.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): librsvg-2.26.0-2.5.1 rsvg-view-2.26.0-2.5.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): librsvg-32bit-2.26.0-2.5.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): librsvg-x86-2.26.0-2.5.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): librsvg-2.26.0-2.5.1 rsvg-view-2.26.0-2.5.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): librsvg-32bit-2.26.0-2.5.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): librsvg-x86-2.26.0-2.5.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): librsvg-2.26.0-2.5.1 rsvg-view-2.26.0-2.5.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): librsvg-32bit-2.26.0-2.5.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): librsvg-2.26.0-2.5.1 rsvg-view-2.26.0-2.5.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): librsvg-32bit-2.26.0-2.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): librsvg-debuginfo-2.26.0-2.5.1 librsvg-debugsource-2.26.0-2.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): librsvg-debuginfo-32bit-2.26.0-2.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): librsvg-debuginfo-x86-2.26.0-2.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): librsvg-debuginfo-2.26.0-2.5.1 librsvg-debugsource-2.26.0-2.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64 s390x x86_64): librsvg-debuginfo-32bit-2.26.0-2.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (ia64): librsvg-debuginfo-x86-2.26.0-2.5.1 References: https://www.suse.com/security/cve/CVE-2013-1881.html https://bugzilla.suse.com/840753 From sle-updates at lists.suse.com Tue Oct 20 07:09:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Oct 2015 15:09:57 +0200 (CEST) Subject: SUSE-RU-2015:1786-1: Recommended update for crowbar-barclamp-keystone Message-ID: <20151020130957.D1E6A320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-keystone ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1786-1 Rating: low References: #941537 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-barclamp-keystone provides the following fixes and enhancements: - Make token expiration configurable. (bsc#941537) - Allow to enable domain specific drivers. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-keystone-12148=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-keystone-1.9+git.1443094779.a198905-13.2 References: https://bugzilla.suse.com/941537 From sle-updates at lists.suse.com Tue Oct 20 07:10:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Oct 2015 15:10:27 +0200 (CEST) Subject: SUSE-SU-2015:1787-1: moderate: Security update for gtk2 Message-ID: <20151020131027.5CD76320F0@maintenance.suse.de> SUSE Security Update: Security update for gtk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1787-1 Rating: moderate References: #922741 #942801 #948791 Cross-References: CVE-2015-4491 CVE-2015-7674 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: gtk2 was updated to fix two security issues. These security issues were fixed: - CVE-2015-4491: Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, allowed remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that were mishandled during scaling (bsc#942801). - CVE-2015-7674: Fix overflow when scaling GIF files (bsc#948791). This non-security issue was fixed: - Add the script which generates gdk-pixbuf64.loaders to the spec file (bsc#922741). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gtk2-12146=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-gtk2-12146=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-gtk2-12146=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gtk2-12146=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-gtk2-12146=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-gtk2-12146=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-gtk2-12146=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gtk2-12146=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-devel-2.18.9-0.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): gtk2-devel-32bit-2.18.9-0.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): gtk2-devel-2.18.9-0.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64): gtk2-devel-32bit-2.18.9-0.35.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): gtk2-2.18.9-0.35.1 gtk2-doc-2.18.9-0.35.1 gtk2-lang-2.18.9-0.35.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): gtk2-32bit-2.18.9-0.35.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-2.18.9-0.35.1 gtk2-doc-2.18.9-0.35.1 gtk2-lang-2.18.9-0.35.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): gtk2-32bit-2.18.9-0.35.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): gtk2-x86-2.18.9-0.35.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): gtk2-2.18.9-0.35.1 gtk2-doc-2.18.9-0.35.1 gtk2-lang-2.18.9-0.35.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): gtk2-32bit-2.18.9-0.35.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): gtk2-x86-2.18.9-0.35.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): gtk2-2.18.9-0.35.1 gtk2-lang-2.18.9-0.35.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): gtk2-32bit-2.18.9-0.35.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): gtk2-2.18.9-0.35.1 gtk2-lang-2.18.9-0.35.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): gtk2-32bit-2.18.9-0.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-debuginfo-2.18.9-0.35.1 gtk2-debugsource-2.18.9-0.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): gtk2-debuginfo-32bit-2.18.9-0.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gtk2-debuginfo-x86-2.18.9-0.35.1 References: https://www.suse.com/security/cve/CVE-2015-4491.html https://www.suse.com/security/cve/CVE-2015-7674.html https://bugzilla.suse.com/922741 https://bugzilla.suse.com/942801 https://bugzilla.suse.com/948791 From sle-updates at lists.suse.com Tue Oct 20 07:11:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Oct 2015 15:11:37 +0200 (CEST) Subject: SUSE-SU-2015:1788-1: moderate: Security update for mysql Message-ID: <20151020131137.EFF75320F0@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1788-1 Rating: moderate References: #924663 #928962 #934401 #938412 Cross-References: CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4756 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: MySQL was updated to version 5.5.45, fixing bugs and security issues. A list of all changes can be found on: - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-44.html To fix the "BACKRONYM" security issue (CVE-2015-3152) the behaviour of the SSL options was changed slightly to meet expectations: Now using '--ssl-verify-server-cert' and '--ssl[-*]' implies that the ssl connection is required. The mysql client will now print an error if ssl is required, but the server can not handle a ssl connection [bnc#924663], [bnc#928962], [CVE-2015-3152] Additional bugs fixed: - fix rc.mysql-multi script to start instances after restart properly [bnc#934401]. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-12147=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-mysql-12147=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-mysql-12147=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-12147=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-mysql-12147=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-mysql-12147=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-mysql-12147=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-12147=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mysql-12147=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.45-0.11.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.45-0.11.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.45-0.11.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ia64): libmysql55client_r18-x86-5.5.45-0.11.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libmysql55client18-5.5.45-0.11.1 libmysql55client_r18-5.5.45-0.11.1 mysql-5.5.45-0.11.1 mysql-client-5.5.45-0.11.1 mysql-tools-5.5.45-0.11.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libmysql55client18-32bit-5.5.45-0.11.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.45-0.11.1 libmysql55client_r18-5.5.45-0.11.1 mysql-5.5.45-0.11.1 mysql-client-5.5.45-0.11.1 mysql-tools-5.5.45-0.11.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.45-0.11.1 libmysql55client_r18-32bit-5.5.45-0.11.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.45-0.11.1 libmysql55client_r18-x86-5.5.45-0.11.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.45-0.11.1 libmysql55client_r18-5.5.45-0.11.1 mysql-5.5.45-0.11.1 mysql-client-5.5.45-0.11.1 mysql-tools-5.5.45-0.11.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.45-0.11.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libmysql55client18-x86-5.5.45-0.11.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libmysql55client18-5.5.45-0.11.1 libmysql55client_r18-5.5.45-0.11.1 mysql-5.5.45-0.11.1 mysql-client-5.5.45-0.11.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libmysql55client18-32bit-5.5.45-0.11.1 libmysql55client_r18-32bit-5.5.45-0.11.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libmysql55client18-5.5.45-0.11.1 libmysql55client_r18-5.5.45-0.11.1 mysql-5.5.45-0.11.1 mysql-client-5.5.45-0.11.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libmysql55client18-32bit-5.5.45-0.11.1 libmysql55client_r18-32bit-5.5.45-0.11.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.45-0.11.1 mysql-debugsource-5.5.45-0.11.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.45-0.11.1 mysql-debugsource-5.5.45-0.11.1 References: https://www.suse.com/security/cve/CVE-2015-2582.html https://www.suse.com/security/cve/CVE-2015-2611.html https://www.suse.com/security/cve/CVE-2015-2617.html https://www.suse.com/security/cve/CVE-2015-2620.html https://www.suse.com/security/cve/CVE-2015-2639.html https://www.suse.com/security/cve/CVE-2015-2641.html https://www.suse.com/security/cve/CVE-2015-2643.html https://www.suse.com/security/cve/CVE-2015-2648.html https://www.suse.com/security/cve/CVE-2015-2661.html https://www.suse.com/security/cve/CVE-2015-3152.html https://www.suse.com/security/cve/CVE-2015-4737.html https://www.suse.com/security/cve/CVE-2015-4752.html https://www.suse.com/security/cve/CVE-2015-4756.html https://www.suse.com/security/cve/CVE-2015-4757.html https://www.suse.com/security/cve/CVE-2015-4761.html https://www.suse.com/security/cve/CVE-2015-4767.html https://www.suse.com/security/cve/CVE-2015-4769.html https://www.suse.com/security/cve/CVE-2015-4771.html https://www.suse.com/security/cve/CVE-2015-4772.html https://bugzilla.suse.com/924663 https://bugzilla.suse.com/928962 https://bugzilla.suse.com/934401 https://bugzilla.suse.com/938412 From sle-updates at lists.suse.com Tue Oct 20 08:10:33 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Oct 2015 16:10:33 +0200 (CEST) Subject: SUSE-RU-2015:1789-1: Recommended update for postfix Message-ID: <20151020141033.2916C320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1789-1 Rating: low References: #838165 #863350 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Postfix fixes an issue in the SuSEconfig.postfix script which could cause misleading warnings when the package was updated. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-postfix-12150=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-postfix-12150=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-postfix-12150=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-postfix-12150=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-postfix-12150=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-postfix-12150=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-postfix-12150=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-postfix-12150=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-postfix-12150=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-postfix-12150=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): postfix-devel-2.9.4-0.23.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): postfix-devel-2.9.4-0.23.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): postfix-2.9.4-0.23.2 postfix-doc-2.9.4-0.23.2 postfix-mysql-2.9.4-0.23.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): postfix-2.9.4-0.23.2 postfix-doc-2.9.4-0.23.2 postfix-mysql-2.9.4-0.23.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): postfix-2.9.4-0.23.2 postfix-doc-2.9.4-0.23.2 postfix-mysql-2.9.4-0.23.2 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): postfix-openssl1-2.9.4-0.23.2 postfix-openssl1-devel-2.9.4-0.23.2 postfix-openssl1-doc-2.9.4-0.23.2 postfix-openssl1-mysql-2.9.4-0.23.2 postfix-openssl1-postgresql-2.9.4-0.23.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): postfix-2.9.4-0.23.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): postfix-2.9.4-0.23.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): postfix-debuginfo-2.9.4-0.23.2 postfix-debugsource-2.9.4-0.23.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): postfix-debuginfo-2.9.4-0.23.2 postfix-debugsource-2.9.4-0.23.2 postfix-openssl1-debuginfo-2.9.4-0.23.2 postfix-openssl1-debugsource-2.9.4-0.23.2 References: https://bugzilla.suse.com/838165 https://bugzilla.suse.com/863350 From sle-updates at lists.suse.com Wed Oct 21 02:09:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Oct 2015 10:09:49 +0200 (CEST) Subject: SUSE-SU-2015:1790-1: moderate: Security update for icu Message-ID: <20151021080949.6D128320F0@maintenance.suse.de> SUSE Security Update: Security update for icu ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1790-1 Rating: moderate References: #917129 Cross-References: CVE-2014-9654 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: icu was updated to fix one security issue. This security issue was fixed: - CVE-2014-9654: Insufficient size limit checks in regular expression compiler (bsc#917129). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-icu-12151=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-icu-12151=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-icu-12151=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-icu-12151=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libicu-devel-4.0-7.30.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libicu-devel-32bit-4.0-7.30.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): icu-4.0-7.30.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libicu-32bit-4.0-7.30.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libicu-4.0-7.30.2 libicu-doc-4.0-7.30.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libicu-32bit-4.0-7.30.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): libicu-x86-4.0-7.30.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): icu-4.0-7.30.2 libicu-4.0-7.30.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): icu-debuginfo-4.0-7.30.2 icu-debugsource-4.0-7.30.2 References: https://www.suse.com/security/cve/CVE-2014-9654.html https://bugzilla.suse.com/917129 From sle-updates at lists.suse.com Wed Oct 21 04:09:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Oct 2015 12:09:49 +0200 (CEST) Subject: SUSE-SU-2015:1791-1: moderate: Security update for strongswan Message-ID: <20151021100949.B8963320F0@maintenance.suse.de> SUSE Security Update: Security update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1791-1 Rating: moderate References: #933591 Cross-References: CVE-2015-4171 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: strongswan was updated to fix one security issue. This security issue was fixed: - CVE-2015-4171: A problem that could enable rogue servers to gain user credentials from a client in certain IKEv2 setups. (bsc#933591) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-strongswan-12152=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-strongswan-12152=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-4.4.0-6.29.2 strongswan-doc-4.4.0-6.29.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): strongswan-debuginfo-4.4.0-6.29.2 strongswan-debugsource-4.4.0-6.29.2 References: https://www.suse.com/security/cve/CVE-2015-4171.html https://bugzilla.suse.com/933591 From sle-updates at lists.suse.com Wed Oct 21 04:10:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Oct 2015 12:10:20 +0200 (CEST) Subject: SUSE-SU-2015:1792-1: moderate: Security update for augeas Message-ID: <20151021101020.F24A7320F0@maintenance.suse.de> SUSE Security Update: Security update for augeas ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1792-1 Rating: moderate References: #925225 Cross-References: CVE-2014-8119 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update fixes an untrusted argument escaping problem (CVE-2014-8119): * new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions * aug_match() is changed to return properly escaped output Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-augeas-12153=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-augeas-12153=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-augeas-12153=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-augeas-12153=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-augeas-12153=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-augeas-12153=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-augeas-12153=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-augeas-12153=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-augeas-12153=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): augeas-devel-0.9.0-3.17.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): augeas-devel-0.9.0-3.17.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): augeas-0.9.0-3.17.2 augeas-lenses-0.9.0-3.17.2 libaugeas0-0.9.0-3.17.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): augeas-0.9.0-3.17.2 augeas-lenses-0.9.0-3.17.2 libaugeas0-0.9.0-3.17.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): augeas-0.9.0-3.17.2 augeas-lenses-0.9.0-3.17.2 libaugeas0-0.9.0-3.17.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libaugeas0-0.9.0-3.17.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libaugeas0-0.9.0-3.17.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): augeas-debuginfo-0.9.0-3.17.2 augeas-debugsource-0.9.0-3.17.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): augeas-debuginfo-0.9.0-3.17.2 augeas-debugsource-0.9.0-3.17.2 References: https://www.suse.com/security/cve/CVE-2014-8119.html https://bugzilla.suse.com/925225 From sle-updates at lists.suse.com Wed Oct 21 06:09:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Oct 2015 14:09:45 +0200 (CEST) Subject: SUSE-RU-2015:1793-1: Recommended update for release-notes-sles Message-ID: <20151021120945.51AF6320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1793-1 Rating: low References: #943017 #947023 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 have been updated to document: - New: NTP 4.2.8. (bsc#943017, fate#319525) - New: Boot from devices larger than 2 TiB. (fate#317853) - New: module-init-tools replaced by kmod. (fate#317866) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-729=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): release-notes-sles-12.0.20151013-44.3 References: https://bugzilla.suse.com/943017 https://bugzilla.suse.com/947023 From sle-updates at lists.suse.com Wed Oct 21 06:10:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Oct 2015 14:10:45 +0200 (CEST) Subject: SUSE-RU-2015:1795-1: Recommended update for release-notes-sles Message-ID: <20151021121045.E9952320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1795-1 Rating: low References: #943017 #947139 #948760 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 11 SP4. - New: NTP 4.2.8. (bsc#943017, fate#319526) - New: TLS 1.2 for OpenVPN. (fate#319013) - Fix typo (LTSS for SLES 11 SP3). (bsc#948760) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-release-notes-sles-12154=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): release-notes-sles-11.4.21-0.18.4 References: https://bugzilla.suse.com/943017 https://bugzilla.suse.com/947139 https://bugzilla.suse.com/948760 From sle-updates at lists.suse.com Wed Oct 21 06:11:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Oct 2015 14:11:27 +0200 (CEST) Subject: SUSE-RU-2015:1796-1: Recommended update for cloud-init Message-ID: <20151021121127.3A551320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1796-1 Rating: low References: #948930 #948995 #948996 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: cloud-init uses the Jinja2 Python module to generate configuration files from templates, but this dependency was not defined in the package's spec file. This update adds the missing requirement to cloud-init. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-727=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (ppc64le s390x x86_64): cloud-init-0.7.6-17.1 python-MarkupSafe-0.18-5.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Jinja2-2.7.3-15.1 References: https://bugzilla.suse.com/948930 https://bugzilla.suse.com/948995 https://bugzilla.suse.com/948996 From sle-updates at lists.suse.com Wed Oct 21 07:09:37 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Oct 2015 15:09:37 +0200 (CEST) Subject: SUSE-RU-2015:1798-1: Recommended update for release-notes-sled Message-ID: <20151021130937.BD38C320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1798-1 Rating: low References: #943017 #948424 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides the latest version of the release notes for SUSE Linux Enterprise Desktop 12: - New: Support for extended attributes in tar. (fate#319391) - New: Boot from devices larger than 2 TiB. (fate#317853) - New: iscsitarget and related packages replaced with lio. (fate#316773) - New: Support level of FTP clients. (fate#313673) - New: NTP 4.2.8. (bsc#943017, fate#319525) - New: module-init-tools replaced by kmod. (fate#317866) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-730=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-730=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (noarch): release-notes-sled-12.0.20151015-35.1 - SUSE Linux Enterprise Desktop 12 (noarch): release-notes-sled-12.0.20151015-35.1 References: https://bugzilla.suse.com/943017 https://bugzilla.suse.com/948424 From sle-updates at lists.suse.com Wed Oct 21 07:10:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Oct 2015 15:10:11 +0200 (CEST) Subject: SUSE-RU-2015:1799-1: moderate: Recommended update for sapconf Message-ID: <20151021131011.6A270320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1799-1 Rating: moderate References: #892517 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sapconf provides the following fixes: - Take new defaults to the config file when the new value is greater. (bsc#892517) The preference to takeover the new (greater) value is recommended by SAP. - Set new default value for number of open files. (bsc#892517) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-sapconf-12155=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sapconf-12155=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-sapconf-12155=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): sapconf-3.1-8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): sapconf-3.1-8.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): sapconf-3.1-8.1 References: https://bugzilla.suse.com/892517 From sle-updates at lists.suse.com Wed Oct 21 07:10:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Oct 2015 15:10:35 +0200 (CEST) Subject: SUSE-RU-2015:1800-1: moderate: Recommended update for s390-tools Message-ID: <20151021131035.9C62C320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1800-1 Rating: moderate References: #930125 #939086 #945695 Affected Products: SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for s390-tools provides the following fixes: - Fix display of incorrect device types in lszfcp. (bsc#945695) - Fix lsluns to not scan FCP devices no longer online or in bad state. (bsc#945695) - Fix time stamp handling for data sets in cmsfs-fuse. (bsc#945695) - Fix ziorep tools to handle device busids a.b.xxxx with a and b being non-zero. (bsc#939086) - Modify /etc/udev/rules.d/60-readahead.rules so that it doesn't + try to set a value for read_ahead_kb until after the pseudo file exists in sysfs. (bsc#930125) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-s390-tools-12156=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-s390-tools-12156=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3 (s390x): osasnmpd-1.15.0-0.150.1 s390-tools-1.15.0-0.150.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): s390-tools-debuginfo-1.15.0-0.150.1 s390-tools-debugsource-1.15.0-0.150.1 References: https://bugzilla.suse.com/930125 https://bugzilla.suse.com/939086 https://bugzilla.suse.com/945695 From sle-updates at lists.suse.com Wed Oct 21 11:09:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Oct 2015 19:09:45 +0200 (CEST) Subject: SUSE-RU-2015:1801-1: Recommended update for release-notes-susemanager Message-ID: <20151021170945.AF53F320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1801-1 Rating: low References: #950993 Affected Products: SUSE Manager 2.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: SUSE Manager 2.1 Release Notes have been updated to document: New features: - Support ssh push with sudo New channels available: - SLE12-Toolchain - SLEPOS 11 SP2 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-release-notes-susemanager-12157=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (s390x x86_64): release-notes-susemanager-2.1.0-0.41.1 References: https://bugzilla.suse.com/950993 From sle-updates at lists.suse.com Thu Oct 22 06:10:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Oct 2015 14:10:00 +0200 (CEST) Subject: SUSE-OU-2015:1803-1: Optional update for gcc5, binutils and gdb Message-ID: <20151022121000.4E850320F0@maintenance.suse.de> SUSE Optional Update: Optional update for gcc5, binutils and gdb ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1803-1 Rating: low References: #776968 #877566 #891040 #896586 #936050 #943792 #945634 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: The core toolchain components were updated to newer version to bring various features, improved performance and usability, and also bugfixes. This GNU Compiler Collection feature update is provided for the Intel/AMD x86_64, IBM zSeries and IBM PowerPC 64bit architectures. The GNU Compiler Collection 5.2 is provided new with this update. Changes to previously released GCC 4.8 series are documented on: https://gcc.gnu.org/gcc-4.9/changes.html and https://gcc.gnu.org/gcc-5/changes.html Major features: * AddressSanitzer, UndefinedBehaviour and PointerBoundsChecker checking frameworks were added. * Lots of Register Allocation, Link Time, Interprocedural and Feedback Directed optimization improvements were done. * Architecture support for IBM zSeries z13. * The new libstdc++ CXX11 ABI is available, (The old ABI is still used by default.) The binutils suite was updated to version 2.25.0, bringing new platform support, features and and bugfixes, including: * IBM zSeries z13 hardware support (fate#318036, bnc#936050). * various IBM Power8 improvements (fate#318238, bnc#926412). * AVX512 support on the Intel EM64T platform (fate#318520). * CVE-2012-3509: Fixed a integer overflow in libiberty. The GNU Debugger gdb was updated to version 7.9.1, bringing new platform support, features and bugfixes. The gdb update also includes IBM zSeries z13 support. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gcc5-toolchain-201509-12158=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gcc5-toolchain-201509-12158=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-gcc5-toolchain-201509-12158=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gcc5-toolchain-201509-12158=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): binutils-devel-2.25.0-5.5 cross-ppc-binutils-2.25.0-5.7 cross-spu-binutils-2.25.0-5.7 gdbserver-7.9.1-3.2 libstdc++6-devel-gcc5-5.2.1+r226025-2.4 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): libitm1-5.2.1+r226025-2.4 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): binutils-devel-32bit-2.25.0-5.5 cpp5-5.2.1+r226025-2.4 gcc5-32bit-5.2.1+r226025-2.4 gcc5-5.2.1+r226025-2.4 gcc5-c++-32bit-5.2.1+r226025-2.4 gcc5-c++-5.2.1+r226025-2.4 gcc5-fortran-32bit-5.2.1+r226025-2.4 gcc5-fortran-5.2.1+r226025-2.4 gcc5-info-5.2.1+r226025-2.4 gcc5-locale-5.2.1+r226025-2.4 libffi-devel-gcc5-32bit-5.2.1+r226025-2.1 libffi-devel-gcc5-5.2.1+r226025-2.1 libitm1-32bit-5.2.1+r226025-2.4 libstdc++6-devel-gcc5-32bit-5.2.1+r226025-2.4 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 x86_64): binutils-gold-2.25.0-5.5 libasan2-5.2.1+r226025-2.4 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 x86_64): libasan2-32bit-5.2.1+r226025-2.4 libubsan0-32bit-5.2.1+r226025-2.4 libubsan0-5.2.1+r226025-2.4 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libcilkrts5-5.2.1+r226025-2.4 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x): gdb-32bit-7.9.1-3.2 gdbserver-32bit-7.9.1-3.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64): libatomic1-5.2.1+r226025-2.4 libgfortran3-5.2.1+r226025-2.4 libquadmath0-5.2.1+r226025-2.4 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libcilkrts5-32bit-5.2.1+r226025-2.4 liblsan0-5.2.1+r226025-2.4 libtsan0-5.2.1+r226025-2.4 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): gdbserver-x86-7.9.1-3.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): binutils-2.25.0-5.5 gdb-7.9.1-3.2 libgcc_s1-5.2.1+r226025-2.4 libgfortran3-5.2.1+r226025-2.4 libgomp1-5.2.1+r226025-2.4 libstdc++6-5.2.1+r226025-2.4 libstdc++6-locale-5.2.1+r226025-2.4 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libatomic1-32bit-5.2.1+r226025-2.4 libatomic1-5.2.1+r226025-2.4 libgcc_s1-32bit-5.2.1+r226025-2.4 libgfortran3-32bit-5.2.1+r226025-2.4 libgomp1-32bit-5.2.1+r226025-2.4 libstdc++6-32bit-5.2.1+r226025-2.4 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 x86_64): libquadmath0-5.2.1+r226025-2.4 - SUSE Linux Enterprise Server 11-SP4 (ppc64 x86_64): libffi4-32bit-5.2.1+r226025-2.1 libffi4-5.2.1+r226025-2.1 - SUSE Linux Enterprise Server 11-SP4 (x86_64): libquadmath0-32bit-5.2.1+r226025-2.4 - SUSE Linux Enterprise Server 11-SP4 (ia64): gdb-x86-7.9.1-3.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): binutils-2.25.0-5.5 gdb-7.9.1-3.2 libgcc_s1-5.2.1+r226025-2.4 libgfortran3-5.2.1+r226025-2.4 libgomp1-5.2.1+r226025-2.4 libquadmath0-5.2.1+r226025-2.4 libstdc++6-5.2.1+r226025-2.4 libstdc++6-locale-5.2.1+r226025-2.4 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libgcc_s1-32bit-5.2.1+r226025-2.4 libgfortran3-32bit-5.2.1+r226025-2.4 libgomp1-32bit-5.2.1+r226025-2.4 libquadmath0-32bit-5.2.1+r226025-2.4 libstdc++6-32bit-5.2.1+r226025-2.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): binutils-debuginfo-2.25.0-5.5 binutils-debugsource-2.25.0-5.5 cross-ppc-binutils-debuginfo-2.25.0-5.7 cross-ppc-binutils-debugsource-2.25.0-5.7 cross-spu-binutils-debuginfo-2.25.0-5.7 cross-spu-binutils-debugsource-2.25.0-5.7 gcc5-debuginfo-5.2.1+r226025-2.4 gdb-debuginfo-7.9.1-3.2 gdb-debugsource-7.9.1-3.2 libffi-gcc5-debuginfo-5.2.1+r226025-2.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x): gdb-debuginfo-32bit-7.9.1-3.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gcc5-debugsource-5.2.1+r226025-2.4 gdb-debuginfo-x86-7.9.1-3.2 References: https://www.suse.com/security/cve/CVE-2012-3509.html https://bugzilla.suse.com/776968 https://bugzilla.suse.com/877566 https://bugzilla.suse.com/891040 https://bugzilla.suse.com/896586 https://bugzilla.suse.com/936050 https://bugzilla.suse.com/943792 https://bugzilla.suse.com/945634 From sle-updates at lists.suse.com Thu Oct 22 06:12:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Oct 2015 14:12:01 +0200 (CEST) Subject: SUSE-RU-2015:1804-1: Recommended update for release-notes-sdk Message-ID: <20151022121201.E295B320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1804-1 Rating: low References: #938881 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Release Notes for the Software Development Kit 11 SP4 have been updated to document the availability of GCC 5.2. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-release-notes-sdk-12159=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): release-notes-sdk-11.4.4-0.9.4 References: https://bugzilla.suse.com/938881 From sle-updates at lists.suse.com Thu Oct 22 08:10:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Oct 2015 16:10:02 +0200 (CEST) Subject: SUSE-RU-2015:1805-1: Recommended update for cloud-init Message-ID: <20151022141002.0999F320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1805-1 Rating: low References: #948930 #948995 #948996 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: cloud-init uses the Jinja2 Python module to generate configuration files from templates, but this dependency was not defined in the package's spec file. This update adds the missing requirement to cloud-init. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-cloud-init-12160=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): cloud-init-0.7.6-9.2 python-Jinja2-2.6-2.15.2 python-MarkupSafe-0.18-0.4.1 References: https://bugzilla.suse.com/948930 https://bugzilla.suse.com/948995 https://bugzilla.suse.com/948996 From sle-updates at lists.suse.com Thu Oct 22 09:09:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Oct 2015 17:09:53 +0200 (CEST) Subject: SUSE-RU-2015:1806-1: Recommended update for tgt Message-ID: <20151022150953.DA58B320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for tgt ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1806-1 Rating: low References: #949468 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tgt contains the following changes: - Update systemd service file, based on the latest upstream (bnc#949468) - Remove duplicate inclusion of target configuration from /etc/tgt/conf.d in /etc/tgt/targets.conf, modifying patch setup-tgt-conf.d.patch Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-737=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tgt-1.0.44-9.1 tgt-debuginfo-1.0.44-9.1 tgt-debugsource-1.0.44-9.1 References: https://bugzilla.suse.com/949468 From sle-updates at lists.suse.com Thu Oct 22 10:09:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Oct 2015 18:09:45 +0200 (CEST) Subject: SUSE-OU-2015:1807-1: Optional update for python-manilaclient Message-ID: <20151022160945.C5660320E8@maintenance.suse.de> SUSE Optional Update: Optional update for python-manilaclient ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1807-1 Rating: low References: #938960 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides version 1.1.0 of python-manilaclient with various fixes and improvements. - Uncap library requirements for liberty - Validate required parameters for token-based authentication - Print share export locations more pretty - Make public shares visible for all tenants - Add Manila client and CLI support for listing scheduler pools - Add basic manage/unmanage share functionality - Manila access-allow CLI command doesn't accept backslash - Add support of snapshot gigabytes quotas - Add support of nova network to share networks - Add keystone-session support - Add is_default column to type-list command output - Add hint for HDFS protocol while creating shares - Add -d short option for --debug - Remove links field from Manila client share details output - Print expected and actual request body in fake client - Add support of arg "access_level" to allow_access operation - Sync the oslo commom exceptions file to resolve detailed error message - Add service id to information printed by console client - Workflow documentation is now in infra-manual - Fix snapshot-list filter key 'usage' - Improve documentation - Add filtering to share-network-list command - Improve snapshots list API filtering - Add new filters for 'security-service-list' command - Adjust Requires and BuildRequires according to requirements.txt but relax requirements to be able to run with Cloud 5. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-python-manilaclient-12161=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): python-manilaclient-1.1.0-9.1 python-manilaclient-doc-1.1.0-9.1 References: https://bugzilla.suse.com/938960 From sle-updates at lists.suse.com Thu Oct 22 10:10:06 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Oct 2015 18:10:06 +0200 (CEST) Subject: SUSE-OU-2015:1808-1: Optional update for OpenStack Manila Message-ID: <20151022161006.607AE320F0@maintenance.suse.de> SUSE Optional Update: Optional update for OpenStack Manila ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1808-1 Rating: low References: #938960 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: OpenStack Manila has been updated to Kilo version, which brings various fixes and improvements. The updated components are provided as a Technology Preview and are consequently not L3-supported. The following packages have been added to SUSE Cloud 5 Compute Node on SLES 12: - openstack-manila (version 2015.1.1.dev6) - python-oslo.context (version 0.2.0) - python-oslo.log (version 1.0.0) - python-manilaclient (version 1.1.0) Additionally, python-alembic received a fix in order to run with the Kilo version of Manila. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-739=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): openstack-manila-2015.1.1.dev6-2.2 openstack-manila-api-2015.1.1.dev6-2.2 openstack-manila-scheduler-2015.1.1.dev6-2.2 openstack-manila-share-2015.1.1.dev6-2.2 python-alembic-0.6.7-4.5 python-manila-2015.1.1.dev6-2.2 python-manilaclient-1.1.0-2.3 python-manilaclient-doc-1.1.0-2.3 python-oslo.context-0.2.0-2.4 python-oslo.log-1.0.0-2.1 References: https://bugzilla.suse.com/938960 From sle-updates at lists.suse.com Thu Oct 22 15:09:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Oct 2015 23:09:52 +0200 (CEST) Subject: SUSE-RU-2015:1809-1: moderate: Recommended update for Machinery Message-ID: <20151022210952.1D711320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for Machinery ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1809-1 Rating: moderate References: #950362 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Machinery 1.14.2, which brings the following new features: - The x86_64 machinery-helper is now shipped with Machinery. It speeds up inspection of unmanaged-files. - Export of AutoYaST files is now possible with system descriptions, which have empty repository scopes. - Introduce format version 5 which adds the "environment" scope. This is a hidden scope which is used internally by Machinery. For more details please refer to https://github.com/SUSE/machinery/blob/master/docs/System-Description-Forma t.md#version-5. Several fixes and enhancements are also included in this release: - Allow limiting the `list` command output to certain system descriptions by passing them along as argument. - Add `move` command to rename system descriptions. - Add inspection of RPM based Docker containers. - Align output of `machinery config`. - Add rpc_pipefs to filtered filesystems. - Handle socket errors for `-i` option. - Add `containerize` command to the experimental features. - Fix: Typo in HTML package view. - Fix: Clean up binding the server for HTML view to IP addresses. - Fix: Make links to sections with common elements clearer in HTML comparison view. - Fix: XML files are no longer treated as binary files in HTML view. - Fix: Scrolling issue of file view. - Fix: Show `Files extracted` status in `compare --html` when both status are the same. - Fix: Validate port option in the `show`, `compare`, and `serve` commands. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2015-740=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): machinery-1.14.2-35.1 machinery-debuginfo-1.14.2-35.1 machinery-debugsource-1.14.2-35.1 References: https://bugzilla.suse.com/950362 From sle-updates at lists.suse.com Fri Oct 23 03:09:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Oct 2015 11:09:36 +0200 (CEST) Subject: SUSE-SU-2015:1810-1: moderate: Security update for python-Django Message-ID: <20151023090936.9730D320F0@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1810-1 Rating: moderate References: #937522 #937523 #941587 Cross-References: CVE-2015-5143 CVE-2015-5144 CVE-2015-5963 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Django fixes the following security issues: - Prevent Denial-of-service possibility by filling session store. (bsc#937522, CVE-2015-5143) - Prevent Header injection possibility. (bsc#937523, CVE-2015-5144) - A remote denial of service (resource exhaustion) attack against the django session store was fixed in Python Django. This might have allowed remote attackers to exhaust existing web sessions. (bsc#941587, CVE-2015-5963) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-python-Django-12162=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): python-Django-1.6.11-10.2 References: https://www.suse.com/security/cve/CVE-2015-5143.html https://www.suse.com/security/cve/CVE-2015-5144.html https://www.suse.com/security/cve/CVE-2015-5963.html https://bugzilla.suse.com/937522 https://bugzilla.suse.com/937523 https://bugzilla.suse.com/941587 From sle-updates at lists.suse.com Fri Oct 23 09:10:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Oct 2015 17:10:28 +0200 (CEST) Subject: SUSE-RU-2015:1814-1: moderate: Recommended update for aws-cli, python-botocore Message-ID: <20151023151028.3E6EE320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-cli, python-botocore ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1814-1 Rating: moderate References: #949877 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This latest release of the aws-cli - version 1.8.12 - includes support for the new IoT (Internet of Things) feature [https://aws.amazon.com/iot/], enhances support for Amazon EC2 Container Service (ECS) [https://aws.amazon.com/ecs/], supports the newly released Elastic Search Service [https://aws.amazon.com/elasticsearch-service/], has better integration with Identity and Access Management (IAM), and contains a number of bug fixes and other feature improvements. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-742=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): aws-cli-1.8.12-10.1 python-botocore-1.2.10-10.1 References: https://bugzilla.suse.com/949877 From sle-updates at lists.suse.com Fri Oct 23 10:09:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Oct 2015 18:09:45 +0200 (CEST) Subject: SUSE-SU-2015:1815-1: moderate: Security update for python-Django Message-ID: <20151023160945.6CAAA320F0@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1815-1 Rating: moderate References: #937522 #937523 #941587 Cross-References: CVE-2015-5143 CVE-2015-5144 CVE-2015-5963 Affected Products: SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Django fixes the following security issues: - Prevent Denial-of-service possibility by filling session store. (bsc#937522, CVE-2015-5143) - Prevent Header injection possibility. (bsc#937523, CVE-2015-5144) - A remote denial of service (resource exhaustion) attack against the django session store was fixed in Python Django. This might have allowed remote attackers to exhaust existing web sessions. (bsc#941587, CVE-2015-5963) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-743=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 1.0 (noarch): python-Django-1.6.11-8.1 References: https://www.suse.com/security/cve/CVE-2015-5143.html https://www.suse.com/security/cve/CVE-2015-5144.html https://www.suse.com/security/cve/CVE-2015-5963.html https://bugzilla.suse.com/937522 https://bugzilla.suse.com/937523 https://bugzilla.suse.com/941587 From sle-updates at lists.suse.com Mon Oct 26 08:09:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Oct 2015 15:09:53 +0100 (CET) Subject: SUSE-SU-2015:1818-1: important: Security update for php53 Message-ID: <20151026140953.2B3D8320AC@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1818-1 Rating: important References: #935074 #942291 #942294 #942295 #942296 #945412 #945428 Cross-References: CVE-2015-6831 CVE-2015-6833 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update of PHP5 brings several security fixes. Security fixes: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] It also includes a bugfix for the odbc module: * compare with SQL_NULL_DATA correctly [bnc#935074] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12163=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-php53-12163=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-php53-12163=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12163=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-php53-12163=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12163=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-php53-12163=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-48.1 php53-imap-5.3.17-48.1 php53-posix-5.3.17-48.1 php53-readline-5.3.17-48.1 php53-sockets-5.3.17-48.1 php53-sqlite-5.3.17-48.1 php53-tidy-5.3.17-48.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-48.1 php53-imap-5.3.17-48.1 php53-posix-5.3.17-48.1 php53-readline-5.3.17-48.1 php53-sockets-5.3.17-48.1 php53-sqlite-5.3.17-48.1 php53-tidy-5.3.17-48.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): apache2-mod_php53-5.3.17-48.1 php53-5.3.17-48.1 php53-bcmath-5.3.17-48.1 php53-bz2-5.3.17-48.1 php53-calendar-5.3.17-48.1 php53-ctype-5.3.17-48.1 php53-curl-5.3.17-48.1 php53-dba-5.3.17-48.1 php53-dom-5.3.17-48.1 php53-exif-5.3.17-48.1 php53-fastcgi-5.3.17-48.1 php53-fileinfo-5.3.17-48.1 php53-ftp-5.3.17-48.1 php53-gd-5.3.17-48.1 php53-gettext-5.3.17-48.1 php53-gmp-5.3.17-48.1 php53-iconv-5.3.17-48.1 php53-intl-5.3.17-48.1 php53-json-5.3.17-48.1 php53-ldap-5.3.17-48.1 php53-mbstring-5.3.17-48.1 php53-mcrypt-5.3.17-48.1 php53-mysql-5.3.17-48.1 php53-odbc-5.3.17-48.1 php53-openssl-5.3.17-48.1 php53-pcntl-5.3.17-48.1 php53-pdo-5.3.17-48.1 php53-pear-5.3.17-48.1 php53-pgsql-5.3.17-48.1 php53-pspell-5.3.17-48.1 php53-shmop-5.3.17-48.1 php53-snmp-5.3.17-48.1 php53-soap-5.3.17-48.1 php53-suhosin-5.3.17-48.1 php53-sysvmsg-5.3.17-48.1 php53-sysvsem-5.3.17-48.1 php53-sysvshm-5.3.17-48.1 php53-tokenizer-5.3.17-48.1 php53-wddx-5.3.17-48.1 php53-xmlreader-5.3.17-48.1 php53-xmlrpc-5.3.17-48.1 php53-xmlwriter-5.3.17-48.1 php53-xsl-5.3.17-48.1 php53-zip-5.3.17-48.1 php53-zlib-5.3.17-48.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-48.1 php53-5.3.17-48.1 php53-bcmath-5.3.17-48.1 php53-bz2-5.3.17-48.1 php53-calendar-5.3.17-48.1 php53-ctype-5.3.17-48.1 php53-curl-5.3.17-48.1 php53-dba-5.3.17-48.1 php53-dom-5.3.17-48.1 php53-exif-5.3.17-48.1 php53-fastcgi-5.3.17-48.1 php53-fileinfo-5.3.17-48.1 php53-ftp-5.3.17-48.1 php53-gd-5.3.17-48.1 php53-gettext-5.3.17-48.1 php53-gmp-5.3.17-48.1 php53-iconv-5.3.17-48.1 php53-intl-5.3.17-48.1 php53-json-5.3.17-48.1 php53-ldap-5.3.17-48.1 php53-mbstring-5.3.17-48.1 php53-mcrypt-5.3.17-48.1 php53-mysql-5.3.17-48.1 php53-odbc-5.3.17-48.1 php53-openssl-5.3.17-48.1 php53-pcntl-5.3.17-48.1 php53-pdo-5.3.17-48.1 php53-pear-5.3.17-48.1 php53-pgsql-5.3.17-48.1 php53-pspell-5.3.17-48.1 php53-shmop-5.3.17-48.1 php53-snmp-5.3.17-48.1 php53-soap-5.3.17-48.1 php53-suhosin-5.3.17-48.1 php53-sysvmsg-5.3.17-48.1 php53-sysvsem-5.3.17-48.1 php53-sysvshm-5.3.17-48.1 php53-tokenizer-5.3.17-48.1 php53-wddx-5.3.17-48.1 php53-xmlreader-5.3.17-48.1 php53-xmlrpc-5.3.17-48.1 php53-xmlwriter-5.3.17-48.1 php53-xsl-5.3.17-48.1 php53-zip-5.3.17-48.1 php53-zlib-5.3.17-48.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-48.1 php53-5.3.17-48.1 php53-bcmath-5.3.17-48.1 php53-bz2-5.3.17-48.1 php53-calendar-5.3.17-48.1 php53-ctype-5.3.17-48.1 php53-curl-5.3.17-48.1 php53-dba-5.3.17-48.1 php53-dom-5.3.17-48.1 php53-exif-5.3.17-48.1 php53-fastcgi-5.3.17-48.1 php53-fileinfo-5.3.17-48.1 php53-ftp-5.3.17-48.1 php53-gd-5.3.17-48.1 php53-gettext-5.3.17-48.1 php53-gmp-5.3.17-48.1 php53-iconv-5.3.17-48.1 php53-intl-5.3.17-48.1 php53-json-5.3.17-48.1 php53-ldap-5.3.17-48.1 php53-mbstring-5.3.17-48.1 php53-mcrypt-5.3.17-48.1 php53-mysql-5.3.17-48.1 php53-odbc-5.3.17-48.1 php53-openssl-5.3.17-48.1 php53-pcntl-5.3.17-48.1 php53-pdo-5.3.17-48.1 php53-pear-5.3.17-48.1 php53-pgsql-5.3.17-48.1 php53-pspell-5.3.17-48.1 php53-shmop-5.3.17-48.1 php53-snmp-5.3.17-48.1 php53-soap-5.3.17-48.1 php53-suhosin-5.3.17-48.1 php53-sysvmsg-5.3.17-48.1 php53-sysvsem-5.3.17-48.1 php53-sysvshm-5.3.17-48.1 php53-tokenizer-5.3.17-48.1 php53-wddx-5.3.17-48.1 php53-xmlreader-5.3.17-48.1 php53-xmlrpc-5.3.17-48.1 php53-xmlwriter-5.3.17-48.1 php53-xsl-5.3.17-48.1 php53-zip-5.3.17-48.1 php53-zlib-5.3.17-48.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-48.1 php53-debugsource-5.3.17-48.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-48.1 php53-debugsource-5.3.17-48.1 References: https://www.suse.com/security/cve/CVE-2015-6831.html https://www.suse.com/security/cve/CVE-2015-6833.html https://www.suse.com/security/cve/CVE-2015-6836.html https://www.suse.com/security/cve/CVE-2015-6837.html https://www.suse.com/security/cve/CVE-2015-6838.html https://bugzilla.suse.com/935074 https://bugzilla.suse.com/942291 https://bugzilla.suse.com/942294 https://bugzilla.suse.com/942295 https://bugzilla.suse.com/942296 https://bugzilla.suse.com/945412 https://bugzilla.suse.com/945428 From sle-updates at lists.suse.com Mon Oct 26 10:09:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Oct 2015 17:09:45 +0100 (CET) Subject: SUSE-RU-2015:1819-1: Recommended update for kgraft Message-ID: <20151026160945.73ABA320AC@maintenance.suse.de> SUSE Recommended Update: Recommended update for kgraft ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1819-1 Rating: low References: #931694 #936372 #939130 #939131 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update of the kgraft helper toolset brings following fixes and improvements: - improve information displayed by "kgr patches" (bsc#939131 bsc#936372) - correctly display information of an initial (emtpy) patch (bsc#939130) - ship the kgraft-devel subpackage (bsc#931694) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-745=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (ppc64le s390x x86_64): kgraft-1.0-19.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-devel-1.0-19.1 References: https://bugzilla.suse.com/931694 https://bugzilla.suse.com/936372 https://bugzilla.suse.com/939130 https://bugzilla.suse.com/939131 From sle-updates at lists.suse.com Mon Oct 26 11:09:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Oct 2015 18:09:56 +0100 (CET) Subject: SUSE-RU-2015:1820-1: Recommended update for supportutils Message-ID: <20151026170956.829E4320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1820-1 Rating: low References: #944445 #950216 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for supportutils provides the following fixes and enhancements: - Capture information about IBM's PowerNV platform. (bsc#944445) - Collect important libvirt log files. (bsc#950216) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-747=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-747=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): supportutils-3.0-65.1 - SUSE Linux Enterprise Desktop 12 (noarch): supportutils-3.0-65.1 References: https://bugzilla.suse.com/944445 https://bugzilla.suse.com/950216 From sle-updates at lists.suse.com Mon Oct 26 11:10:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Oct 2015 18:10:31 +0100 (CET) Subject: SUSE-SU-2015:1821-1: moderate: Security update for postgresql93 Message-ID: <20151026171031.58527320F0@maintenance.suse.de> SUSE Security Update: Security update for postgresql93 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1821-1 Rating: moderate References: #949669 #949670 Cross-References: CVE-2015-5288 CVE-2015-5289 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The PostreSQL database postgresql93 was updated to the bugfix release 9.3.10: Security issues fixed: - CVE-2015-5289, bsc#949670: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. - CVE-2015-5288, bsc#949669: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. For the full release notes, see: http://www.postgresql.org/docs/current/static/release-9-3-10.html Other bugs fixed: * Move systemd related stuff and user creation to postgresql-init. * Remove some obsolete %suse_version conditionals. * Relax dependency on libpq to major version. * Fix possible failure to recover from an inconsistent database state. See full release notes for details. * Fix rare failure to invalidate relation cache init file. * Avoid deadlock between incoming sessions and CREATE/DROP DATABASE. * Improve planner's cost estimates for semi-joins and anti-joins with inner indexscans * For the full release notes for 9.3.9 see: http://www.postgresql.org/docs/9.3/static/release-9-3-9.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-746=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-746=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-746=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): postgresql93-devel-9.3.10-11.1 postgresql93-devel-debuginfo-9.3.10-11.1 postgresql93-libs-debugsource-9.3.10-11.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): postgresql93-9.3.10-11.1 postgresql93-contrib-9.3.10-11.1 postgresql93-contrib-debuginfo-9.3.10-11.1 postgresql93-debuginfo-9.3.10-11.1 postgresql93-debugsource-9.3.10-11.1 postgresql93-libs-debugsource-9.3.10-11.1 postgresql93-server-9.3.10-11.1 postgresql93-server-debuginfo-9.3.10-11.1 - SUSE Linux Enterprise Server 12 (noarch): postgresql93-docs-9.3.10-11.1 - SUSE Linux Enterprise Desktop 12 (x86_64): postgresql93-9.3.10-11.1 postgresql93-debuginfo-9.3.10-11.1 postgresql93-debugsource-9.3.10-11.1 postgresql93-libs-debugsource-9.3.10-11.1 References: https://www.suse.com/security/cve/CVE-2015-5288.html https://www.suse.com/security/cve/CVE-2015-5289.html https://bugzilla.suse.com/949669 https://bugzilla.suse.com/949670 From sle-updates at lists.suse.com Mon Oct 26 12:10:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Oct 2015 19:10:00 +0100 (CET) Subject: SUSE-RU-2015:1822-1: Recommended update for yast2-sysconfig Message-ID: <20151026181000.AFF66320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-sysconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1822-1 Rating: low References: #899104 #926485 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-sysconfig improves compatibility with systemd when restarting or reloading services. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-749=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-749=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-749=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (noarch): yast2-sysconfig-devel-doc-3.1.2.2-7.1 - SUSE Linux Enterprise Server 12 (noarch): yast2-sysconfig-3.1.2.2-7.1 - SUSE Linux Enterprise Desktop 12 (noarch): yast2-sysconfig-3.1.2.2-7.1 References: https://bugzilla.suse.com/899104 https://bugzilla.suse.com/926485 From sle-updates at lists.suse.com Mon Oct 26 12:10:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Oct 2015 19:10:40 +0100 (CET) Subject: SUSE-RU-2015:1823-1: moderate: Recommended update for sax2 Message-ID: <20151026181040.D34AE320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for sax2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1823-1 Rating: moderate References: #927399 #928621 #929106 #930491 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for SaX2 provides the following fixes: - Use modesetting instead of fbdev driver for "ast" in secure boot mode. (bsc#927399) - Profiles weren't applied for "ast" driver due to a typo in the driver map. This resulted in using "ast" instead of "fbdev" driver for configuration on AST machines in secureboot mode. (bsc#927399) - With KMS hwinfo obtains the video modes from the driver. Use this list to present a selection of modes to the user. (bsc#928621, bsc#930491) - Show driver instead of gfx card in GUI for unknown cards to SaX2 when user specified the driver manually. (bsc#929106, bsc#930491) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-sax2-12164=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-sax2-12164=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-sax2-12164=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-sax2-12164=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-sax2-12164=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 x86_64): sax2-libsax-devel-8.1-561.586.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): sax2-libsax-python-8.1-561.586.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): sax2-8.1-561.586.2 sax2-gui-8.1-561.586.2 sax2-ident-8.1-561.586.2 sax2-libsax-8.1-561.586.2 sax2-libsax-perl-8.1-561.586.2 sax2-libsax-python-8.1-561.586.2 sax2-tools-8.1-561.586.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): sax2-tools-8.1-561.586.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 x86_64): sax2-8.1-561.586.2 sax2-gui-8.1-561.586.2 sax2-ident-8.1-561.586.2 sax2-libsax-8.1-561.586.2 sax2-libsax-perl-8.1-561.586.2 sax2-libsax-python-8.1-561.586.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): sax2-8.1-561.586.2 sax2-gui-8.1-561.586.2 sax2-ident-8.1-561.586.2 sax2-libsax-8.1-561.586.2 sax2-libsax-perl-8.1-561.586.2 sax2-tools-8.1-561.586.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): sax2-debuginfo-8.1-561.586.2 sax2-debugsource-8.1-561.586.2 References: https://bugzilla.suse.com/927399 https://bugzilla.suse.com/928621 https://bugzilla.suse.com/929106 https://bugzilla.suse.com/930491 From sle-updates at lists.suse.com Tue Oct 27 01:09:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Oct 2015 08:09:36 +0100 (CET) Subject: SUSE-RU-2015:1824-1: moderate: Recommended update for yast2-http-server Message-ID: <20151027070936.448D9320AC@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-http-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1824-1 Rating: moderate References: #770331 #860856 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-http-server provides the following fixes: - Do not stop reading settings when new configuration file got confirmed by user. (bsc#770331) - Check for manually created files in order to prevent data loss. (bsc#860856) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-yast2-http-server-12165=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-yast2-http-server-12165=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-yast2-http-server-12165=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (noarch): yast2-http-server-2.17.17-7.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): yast2-http-server-2.17.17-7.1 - SUSE Linux Enterprise Server 11-SP3 (noarch): yast2-http-server-2.17.17-7.1 References: https://bugzilla.suse.com/770331 https://bugzilla.suse.com/860856 From sle-updates at lists.suse.com Tue Oct 27 04:09:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Oct 2015 11:09:39 +0100 (CET) Subject: SUSE-RU-2015:1826-1: moderate: Recommended update for openCryptoki Message-ID: <20151027100939.BC43E320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1826-1 Rating: moderate References: #946172 #948114 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openCryptoki provides the following fixes: - Fixed GPF when calling C_SignUpdate using ICFS token. (bsc#946172) - Fixed failure to import ECDSA because of lack of attribute. (bsc#948114) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-751=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-751=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): openCryptoki-debuginfo-3.1-8.3.1 openCryptoki-debugsource-3.1-8.3.1 openCryptoki-devel-3.1-8.3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390 s390x x86_64): openCryptoki-3.1-8.3.1 openCryptoki-debuginfo-3.1-8.3.1 openCryptoki-debugsource-3.1-8.3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openCryptoki-64bit-3.1-8.3.1 - SUSE Linux Enterprise Server 12 (s390): openCryptoki-32bit-3.1-8.3.1 References: https://bugzilla.suse.com/946172 https://bugzilla.suse.com/948114 From sle-updates at lists.suse.com Tue Oct 27 04:10:12 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Oct 2015 11:10:12 +0100 (CET) Subject: SUSE-RU-2015:1827-1: Recommended update for python-coverage Message-ID: <20151027101012.1F38B320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-coverage ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1827-1 Rating: low References: #950619 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-coverage adjusts the package's spec file to require coreutils. This package is needed for the rm(1) call by the pre-installation script. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-752=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (ppc64le s390x x86_64): python-coverage-3.7-4.1 python-coverage-debuginfo-3.7-4.1 python-coverage-debugsource-3.7-4.1 References: https://bugzilla.suse.com/950619 From sle-updates at lists.suse.com Tue Oct 27 04:10:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Oct 2015 11:10:31 +0100 (CET) Subject: SUSE-RU-2015:1828-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20151027101031.EB77B320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1828-1 Rating: moderate References: #948057 #948129 #948130 #950858 #950865 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update provides cloud-regionsrv-client 6.4.2: - Detect and properly report errors when the base product registration fails. (bsc#950858) - Properly register the base product. (bsc#950865) - If the server to which the guest is registered to is not available, attempt to find another available SMT server. (bsc#948129, bsc#948130) - Register base product properly even if no other products are set up. (bsc#948057) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-753=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-6.4.2-23.1 cloud-regionsrv-client-generic-config-1.0.0-23.1 cloud-regionsrv-client-plugin-gce-1.0.0-23.1 References: https://bugzilla.suse.com/948057 https://bugzilla.suse.com/948129 https://bugzilla.suse.com/948130 https://bugzilla.suse.com/950858 https://bugzilla.suse.com/950865 From sle-updates at lists.suse.com Tue Oct 27 05:10:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Oct 2015 12:10:07 +0100 (CET) Subject: SUSE-SU-2015:1829-1: moderate: Security update for lxc Message-ID: <20151027111007.AD039320AC@maintenance.suse.de> SUSE Security Update: Security update for lxc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1829-1 Rating: moderate References: #946744 Cross-References: CVE-2015-1335 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: lxc was update to fix one security issue. The following vulnerability was fixed: * CVE-2015-1335: A directory traversal flaw while lxc-start is initially setting up the mounts for a container (bsc#946744) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-lxc-12166=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-lxc-12166=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-lxc-12166=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-lxc-12166=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-lxc-12166=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-lxc-12166=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-lxc-12166=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-lxc-12166=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-lxc-12166=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): lxc-devel-0.8.0-0.25.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): lxc-0.8.0-0.25.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): lxc-devel-0.8.0-0.25.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): lxc-0.8.0-0.25.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): lxc-0.8.0-0.25.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): lxc-0.8.0-0.25.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): lxc-0.8.0-0.25.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): lxc-0.8.0-0.25.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): lxc-0.8.0-0.25.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): lxc-debuginfo-0.8.0-0.25.1 lxc-debugsource-0.8.0-0.25.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): lxc-debuginfo-0.8.0-0.25.1 lxc-debugsource-0.8.0-0.25.1 References: https://www.suse.com/security/cve/CVE-2015-1335.html https://bugzilla.suse.com/946744 From sle-updates at lists.suse.com Tue Oct 27 09:09:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Oct 2015 16:09:55 +0100 (CET) Subject: SUSE-RU-2015:1832-1: Recommended update for release-notes-sles Message-ID: <20151027150955.5AD41320AC@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1832-1 Rating: low References: #951752 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest version of the release notes for SUSE Linux Enterprise Server 11-SP3. - New: SaX2: Changing Video Resolution. (bsc#951752 via fate#318974) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-release-notes-sles-12167=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-release-notes-sles-12167=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): release-notes-SLES-for-VMware-11.3.43-0.16.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): release-notes-sles-11.3.43-0.16.1 References: https://bugzilla.suse.com/951752 From sle-updates at lists.suse.com Tue Oct 27 10:09:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Oct 2015 17:09:48 +0100 (CET) Subject: SUSE-SU-2015:1833-1: moderate: Security update for gcc48 Message-ID: <20151027160948.0C3A5320F0@maintenance.suse.de> SUSE Security Update: Security update for gcc48 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1833-1 Rating: moderate References: #945842 #947772 #947791 #948168 #949000 Cross-References: CVE-2015-5276 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for GCC 4.8 provides the following fixes: - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) - Fix linker segmentation fault when building SLOF on ppc64le. (bsc#949000) - Fix no_instrument_function attribute handling on PPC64 with -mprofile-kernel. (bsc#947791) - Fix internal compiler error with aarch64 target using PCH and builtin functions. (bsc#947772) - Fix libffi issues on aarch64. (bsc#948168) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-756=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-756=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-756=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-756=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): gcc48-gij-32bit-4.8.5-24.1 gcc48-gij-4.8.5-24.1 gcc48-gij-debuginfo-32bit-4.8.5-24.1 gcc48-gij-debuginfo-4.8.5-24.1 libgcj48-32bit-4.8.5-24.1 libgcj48-4.8.5-24.1 libgcj48-debuginfo-32bit-4.8.5-24.1 libgcj48-debuginfo-4.8.5-24.1 libgcj48-debugsource-4.8.5-24.1 libgcj48-jar-4.8.5-24.1 libgcj_bc1-4.8.5-24.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gcc48-debuginfo-4.8.5-24.1 gcc48-debugsource-4.8.5-24.1 gcc48-fortran-4.8.5-24.1 gcc48-fortran-debuginfo-4.8.5-24.1 gcc48-gij-4.8.5-24.1 gcc48-gij-debuginfo-4.8.5-24.1 gcc48-java-4.8.5-24.1 gcc48-java-debuginfo-4.8.5-24.1 gcc48-obj-c++-4.8.5-24.1 gcc48-obj-c++-debuginfo-4.8.5-24.1 gcc48-objc-4.8.5-24.1 gcc48-objc-debuginfo-4.8.5-24.1 libffi48-debugsource-4.8.5-24.1 libffi48-devel-4.8.5-24.1 libgcj48-4.8.5-24.1 libgcj48-debuginfo-4.8.5-24.1 libgcj48-debugsource-4.8.5-24.1 libgcj48-devel-4.8.5-24.1 libgcj48-devel-debuginfo-4.8.5-24.1 libgcj48-jar-4.8.5-24.1 libgcj_bc1-4.8.5-24.1 libobjc4-4.8.5-24.1 libobjc4-debuginfo-4.8.5-24.1 - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): gcc48-objc-32bit-4.8.5-24.1 libobjc4-32bit-4.8.5-24.1 - SUSE Linux Enterprise Software Development Kit 12 (x86_64): gcc48-ada-4.8.5-24.1 gcc48-ada-debuginfo-4.8.5-24.1 libada48-4.8.5-24.1 libada48-debuginfo-4.8.5-24.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cpp48-4.8.5-24.1 cpp48-debuginfo-4.8.5-24.1 gcc48-4.8.5-24.1 gcc48-c++-4.8.5-24.1 gcc48-c++-debuginfo-4.8.5-24.1 gcc48-debuginfo-4.8.5-24.1 gcc48-debugsource-4.8.5-24.1 gcc48-locale-4.8.5-24.1 libstdc++48-devel-4.8.5-24.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): gcc48-32bit-4.8.5-24.1 libstdc++48-devel-32bit-4.8.5-24.1 - SUSE Linux Enterprise Server 12 (x86_64): libasan0-32bit-4.8.5-24.1 libasan0-32bit-debuginfo-4.8.5-24.1 libasan0-4.8.5-24.1 libasan0-debuginfo-4.8.5-24.1 - SUSE Linux Enterprise Server 12 (noarch): gcc48-info-4.8.5-24.1 - SUSE Linux Enterprise Server 12 (s390x): libffi48-debugsource-4.8.5-24.1 - SUSE Linux Enterprise Desktop 12 (x86_64): cpp48-4.8.5-24.1 cpp48-debuginfo-4.8.5-24.1 gcc48-32bit-4.8.5-24.1 gcc48-4.8.5-24.1 gcc48-c++-4.8.5-24.1 gcc48-c++-debuginfo-4.8.5-24.1 gcc48-debuginfo-4.8.5-24.1 gcc48-debugsource-4.8.5-24.1 gcc48-gij-32bit-4.8.5-24.1 gcc48-gij-4.8.5-24.1 gcc48-gij-debuginfo-32bit-4.8.5-24.1 gcc48-gij-debuginfo-4.8.5-24.1 libasan0-32bit-4.8.5-24.1 libasan0-32bit-debuginfo-4.8.5-24.1 libasan0-4.8.5-24.1 libasan0-debuginfo-4.8.5-24.1 libgcj48-32bit-4.8.5-24.1 libgcj48-4.8.5-24.1 libgcj48-debuginfo-32bit-4.8.5-24.1 libgcj48-debuginfo-4.8.5-24.1 libgcj48-debugsource-4.8.5-24.1 libgcj48-jar-4.8.5-24.1 libgcj_bc1-4.8.5-24.1 libstdc++48-devel-32bit-4.8.5-24.1 libstdc++48-devel-4.8.5-24.1 - SUSE Linux Enterprise Desktop 12 (noarch): gcc48-info-4.8.5-24.1 References: https://www.suse.com/security/cve/CVE-2015-5276.html https://bugzilla.suse.com/945842 https://bugzilla.suse.com/947772 https://bugzilla.suse.com/947791 https://bugzilla.suse.com/948168 https://bugzilla.suse.com/949000 From sle-updates at lists.suse.com Tue Oct 27 11:09:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Oct 2015 18:09:44 +0100 (CET) Subject: SUSE-RU-2015:1834-1: moderate: Recommended update for php5 Message-ID: <20151027170944.22F6B320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for php5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1834-1 Rating: moderate References: #949134 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update reenables the suhosin extension that was disabled by mistake in the previous update. [bnc#949134] Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-757=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-757=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-39.1 php5-debugsource-5.5.14-39.1 php5-devel-5.5.14-39.1 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-39.1 apache2-mod_php5-debuginfo-5.5.14-39.1 php5-5.5.14-39.1 php5-bcmath-5.5.14-39.1 php5-bcmath-debuginfo-5.5.14-39.1 php5-bz2-5.5.14-39.1 php5-bz2-debuginfo-5.5.14-39.1 php5-calendar-5.5.14-39.1 php5-calendar-debuginfo-5.5.14-39.1 php5-ctype-5.5.14-39.1 php5-ctype-debuginfo-5.5.14-39.1 php5-curl-5.5.14-39.1 php5-curl-debuginfo-5.5.14-39.1 php5-dba-5.5.14-39.1 php5-dba-debuginfo-5.5.14-39.1 php5-debuginfo-5.5.14-39.1 php5-debugsource-5.5.14-39.1 php5-dom-5.5.14-39.1 php5-dom-debuginfo-5.5.14-39.1 php5-enchant-5.5.14-39.1 php5-enchant-debuginfo-5.5.14-39.1 php5-exif-5.5.14-39.1 php5-exif-debuginfo-5.5.14-39.1 php5-fastcgi-5.5.14-39.1 php5-fastcgi-debuginfo-5.5.14-39.1 php5-fileinfo-5.5.14-39.1 php5-fileinfo-debuginfo-5.5.14-39.1 php5-fpm-5.5.14-39.1 php5-fpm-debuginfo-5.5.14-39.1 php5-ftp-5.5.14-39.1 php5-ftp-debuginfo-5.5.14-39.1 php5-gd-5.5.14-39.1 php5-gd-debuginfo-5.5.14-39.1 php5-gettext-5.5.14-39.1 php5-gettext-debuginfo-5.5.14-39.1 php5-gmp-5.5.14-39.1 php5-gmp-debuginfo-5.5.14-39.1 php5-iconv-5.5.14-39.1 php5-iconv-debuginfo-5.5.14-39.1 php5-intl-5.5.14-39.1 php5-intl-debuginfo-5.5.14-39.1 php5-json-5.5.14-39.1 php5-json-debuginfo-5.5.14-39.1 php5-ldap-5.5.14-39.1 php5-ldap-debuginfo-5.5.14-39.1 php5-mbstring-5.5.14-39.1 php5-mbstring-debuginfo-5.5.14-39.1 php5-mcrypt-5.5.14-39.1 php5-mcrypt-debuginfo-5.5.14-39.1 php5-mysql-5.5.14-39.1 php5-mysql-debuginfo-5.5.14-39.1 php5-odbc-5.5.14-39.1 php5-odbc-debuginfo-5.5.14-39.1 php5-opcache-5.5.14-39.1 php5-opcache-debuginfo-5.5.14-39.1 php5-openssl-5.5.14-39.1 php5-openssl-debuginfo-5.5.14-39.1 php5-pcntl-5.5.14-39.1 php5-pcntl-debuginfo-5.5.14-39.1 php5-pdo-5.5.14-39.1 php5-pdo-debuginfo-5.5.14-39.1 php5-pgsql-5.5.14-39.1 php5-pgsql-debuginfo-5.5.14-39.1 php5-posix-5.5.14-39.1 php5-posix-debuginfo-5.5.14-39.1 php5-pspell-5.5.14-39.1 php5-pspell-debuginfo-5.5.14-39.1 php5-shmop-5.5.14-39.1 php5-shmop-debuginfo-5.5.14-39.1 php5-snmp-5.5.14-39.1 php5-snmp-debuginfo-5.5.14-39.1 php5-soap-5.5.14-39.1 php5-soap-debuginfo-5.5.14-39.1 php5-sockets-5.5.14-39.1 php5-sockets-debuginfo-5.5.14-39.1 php5-sqlite-5.5.14-39.1 php5-sqlite-debuginfo-5.5.14-39.1 php5-suhosin-5.5.14-39.1 php5-suhosin-debuginfo-5.5.14-39.1 php5-sysvmsg-5.5.14-39.1 php5-sysvmsg-debuginfo-5.5.14-39.1 php5-sysvsem-5.5.14-39.1 php5-sysvsem-debuginfo-5.5.14-39.1 php5-sysvshm-5.5.14-39.1 php5-sysvshm-debuginfo-5.5.14-39.1 php5-tokenizer-5.5.14-39.1 php5-tokenizer-debuginfo-5.5.14-39.1 php5-wddx-5.5.14-39.1 php5-wddx-debuginfo-5.5.14-39.1 php5-xmlreader-5.5.14-39.1 php5-xmlreader-debuginfo-5.5.14-39.1 php5-xmlrpc-5.5.14-39.1 php5-xmlrpc-debuginfo-5.5.14-39.1 php5-xmlwriter-5.5.14-39.1 php5-xmlwriter-debuginfo-5.5.14-39.1 php5-xsl-5.5.14-39.1 php5-xsl-debuginfo-5.5.14-39.1 php5-zip-5.5.14-39.1 php5-zip-debuginfo-5.5.14-39.1 php5-zlib-5.5.14-39.1 php5-zlib-debuginfo-5.5.14-39.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-39.1 References: https://bugzilla.suse.com/949134 From sle-updates at lists.suse.com Wed Oct 28 05:09:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Oct 2015 12:09:43 +0100 (CET) Subject: SUSE-RU-2015:1837-1: Recommended update for sysstat Message-ID: <20151028110943.9F543320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1837-1 Rating: low References: #935144 #944951 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sysstat provides the following fixes: - Fix missing ',' in JSON output before "file-utc-time" parameter. (bsc#944951) - Add libsensors4-devel to BuildRequires on x86_64, so that sensors support is included. (bsc#935144) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-760=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-760=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): sysstat-10.2.1-3.1 sysstat-debuginfo-10.2.1-3.1 sysstat-debugsource-10.2.1-3.1 sysstat-isag-10.2.1-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): sysstat-10.2.1-3.1 sysstat-debuginfo-10.2.1-3.1 sysstat-debugsource-10.2.1-3.1 References: https://bugzilla.suse.com/935144 https://bugzilla.suse.com/944951 From sle-updates at lists.suse.com Wed Oct 28 05:10:18 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Oct 2015 12:10:18 +0100 (CET) Subject: SUSE-SU-2015:1838-1: moderate: Security update for polkit Message-ID: <20151028111018.1902B320F0@maintenance.suse.de> SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1838-1 Rating: moderate References: #912889 #933922 #935119 #939246 #943816 #950114 Cross-References: CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: polkit was updated to the 0.113 release, fixing security issues and bugs. Security issues fixed: * Fixes CVE-2015-4625, a local privilege escalation due to predictable authentication session cookie values. Thanks to Tavis Ormandy, Google Project Zero for reporting this issue. For the future, authentication agents are encouraged to use PolkitAgentSession instead of using the D-Bus agent response API directly. (bsc#935119) * Fixes CVE-2015-3256, various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (bsc#943816) * Fixes CVE-2015-3255, a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. Thanks to Laurent Bigonville for reporting this issue. (bsc#939246) * Fixes CVE-2015-3218, which allowed any local user to crash polkitd. Thanks to Tavis Ormandy, Google Project Zero, for reporting this issue. (bsc#933922) Other issues fixed: * On systemd-213 and later, the "active" state is shared across all sessions of an user, instead of being tracked separately. * pkexec, when not given a program to execute, runs the users shell by default. * Fixed shutdown problems on powerpc64le (bsc#950114) * polkit had a memory leak (bsc#912889) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-759=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-759=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-759=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-759=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libpolkit0-32bit-0.113-4.1 libpolkit0-debuginfo-32bit-0.113-4.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): polkit-debuginfo-0.113-4.1 polkit-debugsource-0.113-4.1 polkit-devel-0.113-4.1 polkit-devel-debuginfo-0.113-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libpolkit0-0.113-4.1 libpolkit0-debuginfo-0.113-4.1 polkit-0.113-4.1 polkit-debuginfo-0.113-4.1 polkit-debugsource-0.113-4.1 typelib-1_0-Polkit-1_0-0.113-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libpolkit0-0.113-4.1 libpolkit0-32bit-0.113-4.1 libpolkit0-debuginfo-0.113-4.1 libpolkit0-debuginfo-32bit-0.113-4.1 polkit-0.113-4.1 polkit-debuginfo-0.113-4.1 polkit-debugsource-0.113-4.1 typelib-1_0-Polkit-1_0-0.113-4.1 References: https://www.suse.com/security/cve/CVE-2015-3218.html https://www.suse.com/security/cve/CVE-2015-3255.html https://www.suse.com/security/cve/CVE-2015-3256.html https://www.suse.com/security/cve/CVE-2015-4625.html https://bugzilla.suse.com/912889 https://bugzilla.suse.com/933922 https://bugzilla.suse.com/935119 https://bugzilla.suse.com/939246 https://bugzilla.suse.com/943816 https://bugzilla.suse.com/950114 From sle-updates at lists.suse.com Wed Oct 28 09:09:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Oct 2015 16:09:56 +0100 (CET) Subject: SUSE-RU-2015:1839-1: moderate: Recommended update for s390-tools Message-ID: <20151028150956.2036D320AC@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1839-1 Rating: moderate References: #940818 #943777 #944390 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This collective update for s390-tools provides the following fixes: - Fix error messages that didn't have a "\n" on the end. (bsc#940818) - Install 40-z90crypt.rules into /etc/udev/rules.d/. (bsc#943777) - Added a missing symbolic link, usr/sbin/rccio_ignore, for the cio_ignore service. - Fix znetconf to handle non-existent devices. (bsc#944390) - Fix time stamp handling for data sets in cmsfs-fuse. (bsc#944390) - Fix lsluns to not scan FCP devices no longer online or in bad state. (bsc#944390) - Fix display of incorrect device types in lszfcp. (bsc#944390) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-761=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (s390x): osasnmpd-1.24.1-39.11.3 osasnmpd-debuginfo-1.24.1-39.11.3 s390-tools-1.24.1-39.11.3 s390-tools-debuginfo-1.24.1-39.11.3 s390-tools-debugsource-1.24.1-39.11.3 s390-tools-zdsfs-1.24.1-39.11.3 s390-tools-zdsfs-debuginfo-1.24.1-39.11.3 References: https://bugzilla.suse.com/940818 https://bugzilla.suse.com/943777 https://bugzilla.suse.com/944390 From sle-updates at lists.suse.com Wed Oct 28 10:09:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Oct 2015 17:09:51 +0100 (CET) Subject: SUSE-SU-2015:1840-1: moderate: Security update for openssh Message-ID: <20151028160951.943EB320F0@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1840-1 Rating: moderate References: #673532 #903649 #905118 #914309 #932483 #936695 #938746 Cross-References: CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: openssh was updated to fix four security issues. These security issues were fixed: - CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). - CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). - CVE-2015-4000: Removed and disabled weak DH groups (bsc#932483). - Hardening patch to fix sftp RCE (bsc#903649). These non-security issues were fixed: - bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential for oom_killer. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-openssh-12168=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): openssh-5.1p1-41.69.1 openssh-askpass-5.1p1-41.69.1 openssh-askpass-gnome-5.1p1-41.69.4 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-5352.html https://www.suse.com/security/cve/CVE-2015-5600.html https://bugzilla.suse.com/673532 https://bugzilla.suse.com/903649 https://bugzilla.suse.com/905118 https://bugzilla.suse.com/914309 https://bugzilla.suse.com/932483 https://bugzilla.suse.com/936695 https://bugzilla.suse.com/938746 From sle-updates at lists.suse.com Wed Oct 28 12:10:10 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Oct 2015 19:10:10 +0100 (CET) Subject: SUSE-RU-2015:1841-1: Recommended update for apache2-mod_auth_ntlm_winbind Message-ID: <20151028181010.052E8320AC@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_auth_ntlm_winbind ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1841-1 Rating: low References: #866921 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2-mod_auth_ntlm_winbind provides the following fixes: - Only send "Proxy-Authenticate" replies when we are in a forward proxy. - Clean up compile warnings on 64-bit architectures. (bnc#866921) - Ensure that the authenticated user context is set to NULL when freed. - Add a workaround for proxy authorization in IE. - Fix a typo in strcmp usage in process_msg(). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-apache2-mod_auth_ntlm_winbind-12169=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-apache2-mod_auth_ntlm_winbind-12169=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-apache2-mod_auth_ntlm_winbind-12169=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-apache2-mod_auth_ntlm_winbind-12169=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_auth_ntlm_winbind-0.0.0.lorikeet_svn_785-3.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_auth_ntlm_winbind-0.0.0.lorikeet_svn_785-3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_auth_ntlm_winbind-debuginfo-0.0.0.lorikeet_svn_785-3.1 apache2-mod_auth_ntlm_winbind-debugsource-0.0.0.lorikeet_svn_785-3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): apache2-mod_auth_ntlm_winbind-debuginfo-0.0.0.lorikeet_svn_785-3.1 apache2-mod_auth_ntlm_winbind-debugsource-0.0.0.lorikeet_svn_785-3.1 References: https://bugzilla.suse.com/866921 From sle-updates at lists.suse.com Fri Oct 30 03:09:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Oct 2015 10:09:52 +0100 (CET) Subject: SUSE-SU-2015:1844-1: moderate: Security update for glibc Message-ID: <20151030090952.E0FE8320F0@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1844-1 Rating: moderate References: #915955 #918187 #920338 #927080 #928723 #931480 #934084 #937853 #939211 #940195 #940332 #944494 #945779 Cross-References: CVE-2014-8121 CVE-2015-1781 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has 11 fixes is now available. Description: glibc was updated to fix bugs and security issues. Security issues fixed: * A buffer overflow in nss_dns was fixed that could lead to crashes. (CVE-2015-1781, bsc#927080, BZ #18287) * A denial of service attack (out of memory) in the NSS files backend was fixed (CVE-2014-8121, bsc#918187, GLIBC BZ #18007) Non security bugs fixed: * Fix regression in threaded application malloc performance (bsc#915955, GLIBC#17195) * Fix read past end of pattern in fnmatch (bsc#920338, GLIBC#17062, GLIBC#18032, GLIBC#18036) * Record TTL also for DNS PTR queries (bsc#928723, GLIBC#18513) * Increase MINSIGSTKSZ and SIGSTKSZ for aarch64 (bsc#931480, GLIBC#16850) * Fix handling of IPv6 nameservers (bsc#939211, GLIBC#13028, GLIBC#17053) * Avoid use of asm/ptrace.h (bsc#934084) * Do not corrupt the top of a threaded heap if top chunk is MINSIZE (GLIBC#18502) * Terminate unwinding after makecontext_ret on s390 (bsc#940332. bsc#944494, GLIBC#18508) * Restore signal mask in set/swapcontext on s390 (bsc#940195, bsc#944494, GLIBC#18080) * fix dlopen in static binaries (bsc#937853, GLIBC#17250) * Properly reread entry after failure in nss_files getent function (bsc#945779, BZ #18991) Features added: * AVX512 support (fate#318844) * Add compatibility symlinks for LSB 3.0 (fate#318933) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-764=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-764=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-764=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): glibc-debuginfo-2.19-22.7.1 glibc-debugsource-2.19-22.7.1 glibc-devel-static-2.19-22.7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): glibc-2.19-22.7.1 glibc-debuginfo-2.19-22.7.1 glibc-debugsource-2.19-22.7.1 glibc-devel-2.19-22.7.1 glibc-devel-debuginfo-2.19-22.7.1 glibc-locale-2.19-22.7.1 glibc-locale-debuginfo-2.19-22.7.1 glibc-profile-2.19-22.7.1 nscd-2.19-22.7.1 nscd-debuginfo-2.19-22.7.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): glibc-32bit-2.19-22.7.1 glibc-debuginfo-32bit-2.19-22.7.1 glibc-devel-32bit-2.19-22.7.1 glibc-devel-debuginfo-32bit-2.19-22.7.1 glibc-locale-32bit-2.19-22.7.1 glibc-locale-debuginfo-32bit-2.19-22.7.1 glibc-profile-32bit-2.19-22.7.1 - SUSE Linux Enterprise Server 12 (noarch): glibc-html-2.19-22.7.1 glibc-i18ndata-2.19-22.7.1 glibc-info-2.19-22.7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): glibc-2.19-22.7.1 glibc-32bit-2.19-22.7.1 glibc-debuginfo-2.19-22.7.1 glibc-debuginfo-32bit-2.19-22.7.1 glibc-debugsource-2.19-22.7.1 glibc-devel-2.19-22.7.1 glibc-devel-32bit-2.19-22.7.1 glibc-devel-debuginfo-2.19-22.7.1 glibc-devel-debuginfo-32bit-2.19-22.7.1 glibc-locale-2.19-22.7.1 glibc-locale-32bit-2.19-22.7.1 glibc-locale-debuginfo-2.19-22.7.1 glibc-locale-debuginfo-32bit-2.19-22.7.1 nscd-2.19-22.7.1 nscd-debuginfo-2.19-22.7.1 - SUSE Linux Enterprise Desktop 12 (noarch): glibc-i18ndata-2.19-22.7.1 References: https://www.suse.com/security/cve/CVE-2014-8121.html https://www.suse.com/security/cve/CVE-2015-1781.html https://bugzilla.suse.com/915955 https://bugzilla.suse.com/918187 https://bugzilla.suse.com/920338 https://bugzilla.suse.com/927080 https://bugzilla.suse.com/928723 https://bugzilla.suse.com/931480 https://bugzilla.suse.com/934084 https://bugzilla.suse.com/937853 https://bugzilla.suse.com/939211 https://bugzilla.suse.com/940195 https://bugzilla.suse.com/940332 https://bugzilla.suse.com/944494 https://bugzilla.suse.com/945779 From sle-updates at lists.suse.com Fri Oct 30 03:12:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Oct 2015 10:12:59 +0100 (CET) Subject: SUSE-RU-2015:1845-1: Recommended update for tgt Message-ID: <20151030091259.3C858320B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for tgt ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1845-1 Rating: low References: #828214 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tgt provides the following fixes: - Allow passing of command line options via sysconfig. (bsc#828214) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-tgt-12170=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tgt-12170=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-tgt-12170=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tgt-12170=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): tgt-0.9.10-0.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): tgt-0.9.10-0.19.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): tgt-0.9.10-0.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tgt-debuginfo-0.9.10-0.19.1 tgt-debugsource-0.9.10-0.19.1 References: https://bugzilla.suse.com/828214 From sle-updates at lists.suse.com Fri Oct 30 05:09:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Oct 2015 12:09:48 +0100 (CET) Subject: SUSE-SU-2015:1846-1: important: Security update for openstack-swift Message-ID: <20151030110948.8A97B320FF@maintenance.suse.de> SUSE Security Update: Security update for openstack-swift ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1846-1 Rating: important References: #900253 #927793 #942641 Cross-References: CVE-2014-7960 CVE-2015-1856 CVE-2015-5223 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: openstack-swift was updated to fix three security issues. These security issues were fixed: - CVE-2015-1856: OpenStack Object Storage (Swift), when allow_version is configured, allowed remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container (bsc#927793). - CVE-2014-7960: OpenStack Object Storage (Swift) allowed remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined (bsc#900253). - CVE-2015-5223: Information leak via Swift tempurls (bsc#942641). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openstack-swift-12171=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): openstack-swift-2.1.0-11.1 openstack-swift-account-2.1.0-11.1 openstack-swift-container-2.1.0-11.1 openstack-swift-object-2.1.0-11.1 openstack-swift-proxy-2.1.0-11.1 python-swift-2.1.0-11.1 - SUSE OpenStack Cloud 5 (noarch): openstack-swift-doc-2.1.0-11.1 References: https://www.suse.com/security/cve/CVE-2014-7960.html https://www.suse.com/security/cve/CVE-2015-1856.html https://www.suse.com/security/cve/CVE-2015-5223.html https://bugzilla.suse.com/900253 https://bugzilla.suse.com/927793 https://bugzilla.suse.com/942641 From sle-updates at lists.suse.com Fri Oct 30 06:09:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Oct 2015 13:09:48 +0100 (CET) Subject: SUSE-OU-2015:1847-1: moderate: Optional update for postgresql94 Message-ID: <20151030120948.82208320F0@maintenance.suse.de> SUSE Optional Update: Optional update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1847-1 Rating: moderate References: #941886 #945706 #949669 #949670 #950486 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update delivers PostgreSQL 9.4.5 to the SUSE Linux Enterprise 12 codebase. Major enhancements: * Security and bugfix release 9.4.5: * CVE-2015-5289, bsc#949670: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. * CVE-2015-5288, bsc#949669: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. * Add jsonb, a more capable and efficient data type for storing JSON data * Add new SQL command ALTER SYSTEM for changing postgresql.conf configuration file entries * Reduce lock strength for some ALTER TABLE commands * Allow materialized views to be refreshed without blocking concurrent reads * Add support for logical decoding of WAL data, to allow database changes to be streamed out in a customizable format * Allow background worker processes to be dynamically registered, started and terminated * For the full release notse, see: http://www.postgresql.org/docs/current/static/release-9-4-5.html * Move systemd related stuff and user creation to postgresql-init (bsc#950486) * Remove some obsolete %suse_version conditionals * Adjust build time dependencies. * Fix some more rpmlint warnings. * Relax dependency on libpq to major version. * Make sure that plpgsql.h gets installed, because pldebugger needs it. * Move ~postgres/.bash_profile to postgresql-server to avoid a file conflict between the versioned server packages. Full release notes can be found here: http://www.postgresql.org/docs/9.4/static/release-9-4.html The existing client libraries libecpg6 and libpq5 are now taken from the postgresql94 build instgead of the postgresql93 build. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-767=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-767=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-767=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): postgresql94-devel-9.4.5-4.1 postgresql94-devel-debuginfo-9.4.5-4.1 postgresql94-libs-debugsource-9.4.5-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libecpg6-9.4.5-4.1 libecpg6-debuginfo-9.4.5-4.1 libpq5-9.4.5-4.1 libpq5-debuginfo-9.4.5-4.1 postgresql94-9.4.5-4.5 postgresql94-contrib-9.4.5-4.5 postgresql94-contrib-debuginfo-9.4.5-4.5 postgresql94-debuginfo-9.4.5-4.5 postgresql94-debugsource-9.4.5-4.5 postgresql94-libs-debugsource-9.4.5-4.1 postgresql94-server-9.4.5-4.5 postgresql94-server-debuginfo-9.4.5-4.5 - SUSE Linux Enterprise Server 12 (s390x x86_64): libpq5-32bit-9.4.5-4.1 libpq5-debuginfo-32bit-9.4.5-4.1 - SUSE Linux Enterprise Server 12 (noarch): postgresql-init-9.4-17.8.1 postgresql94-docs-9.4.5-4.5 - SUSE Linux Enterprise Desktop 12 (x86_64): libecpg6-9.4.5-4.1 libecpg6-debuginfo-9.4.5-4.1 libpq5-32bit-9.4.5-4.1 libpq5-9.4.5-4.1 libpq5-debuginfo-32bit-9.4.5-4.1 libpq5-debuginfo-9.4.5-4.1 postgresql94-9.4.5-4.5 postgresql94-debuginfo-9.4.5-4.5 postgresql94-debugsource-9.4.5-4.5 postgresql94-libs-debugsource-9.4.5-4.1 References: https://www.suse.com/security/cve/CVE-2015-5288.html https://www.suse.com/security/cve/CVE-2015-5289.html https://bugzilla.suse.com/941886 https://bugzilla.suse.com/945706 https://bugzilla.suse.com/949669 https://bugzilla.suse.com/949670 https://bugzilla.suse.com/950486 From sle-updates at lists.suse.com Fri Oct 30 07:09:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Oct 2015 14:09:54 +0100 (CET) Subject: SUSE-RU-2015:1848-1: moderate: Recommended update for permissions Message-ID: <20151030130954.74C4D320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1848-1 Rating: moderate References: #685093 #891268 #895647 #904060 #906336 #943471 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: The default permission settings received the following adjustments: - Adjust radosgw to root:www mode 0750. (bsc#943471) - Add capability cap_bind_net_service to radosgw. (bsc#943471) - Remove /usr/bin/get_printing_ticket. (bsc#685093, bsc#906336) - Add iouyap capabilities. (bsc#904060) - Add settings for the Squid Proxy server. (bsc#891268) - Document that "chkstat --system --set" needs to be run after editing. (bsc#895647) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-768=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-768=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): permissions-2015.09.28.1626-3.1 permissions-debuginfo-2015.09.28.1626-3.1 permissions-debugsource-2015.09.28.1626-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): permissions-2015.09.28.1626-3.1 permissions-debuginfo-2015.09.28.1626-3.1 permissions-debugsource-2015.09.28.1626-3.1 References: https://bugzilla.suse.com/685093 https://bugzilla.suse.com/891268 https://bugzilla.suse.com/895647 https://bugzilla.suse.com/904060 https://bugzilla.suse.com/906336 https://bugzilla.suse.com/943471 From sle-updates at lists.suse.com Fri Oct 30 07:11:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Oct 2015 14:11:58 +0100 (CET) Subject: SUSE-RU-2015:1850-1: moderate: Recommended update for mkinitrd Message-ID: <20151030131158.20202320F0@maintenance.suse.de> SUSE Recommended Update: Recommended update for mkinitrd ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1850-1 Rating: moderate References: #932042 #938470 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mkinitrd provides the following fixes: - Ignore non-existent extra dependencies. (bsc#932042) - Find driver for nvme devices. (bsc#938470) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mkinitrd-12172=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-mkinitrd-12172=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mkinitrd-12172=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): mkinitrd-2.4.2-100.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): mkinitrd-2.4.2-100.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mkinitrd-debuginfo-2.4.2-100.2 mkinitrd-debugsource-2.4.2-100.2 References: https://bugzilla.suse.com/932042 https://bugzilla.suse.com/938470 From sle-updates at lists.suse.com Fri Oct 30 10:10:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Oct 2015 17:10:24 +0100 (CET) Subject: SUSE-SU-2015:1851-1: moderate: Security update for apache2 Message-ID: <20151030161024.24A31320B7@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1851-1 Rating: moderate References: #444878 #869790 #911159 #915666 #927845 #930228 #931002 #931723 #938723 #938728 #939516 #949766 #949771 Cross-References: CVE-2014-8111 CVE-2015-3183 CVE-2015-3185 CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that solves four vulnerabilities and has 9 fixes is now available. Description: The Apache2 webserver was updated to fix several issues: Security issues fixed: - The chunked transfer coding implementation in the Apache HTTP Server did not properly parse chunk headers, which allowed remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c. [bsc#938728, CVE-2015-3183] - The LOGJAM security issue was addressed by: [bnc#931723 CVE-2015-4000] * changing the SSLCipherSuite cipherstring to disable export cipher suites and deploy Ephemeral Elliptic-Curve Diffie-Hellman (ECDHE) ciphers. * Adjust 'gensslcert' script to generate a strong and unique Diffie Hellman Group and append it to the server certificate file. - The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x did not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allowed remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. [bnc#938723 bnc#939516 CVE-2015-3185] - Tomcat mod_jk information leak due to incorrect JkMount/JkUnmount directives processing [bnc#927845 CVE-2014-8111] Other bugs fixed: - Now provides a suse_maintenance_mmn_# [bnc#915666]. - Hardcoded modules in the %files [bnc#444878]. - Fixed the IfModule directive around SSLSessionCache [bnc#911159]. - allow only TCP ports in Yast2 firewall files [bnc#931002] - fixed a regression when some LDAP searches or comparisons might be done with the wrong credentials when a backend connection is reused [bnc#930228] - Fixed split-logfile2 script [bnc#869790] - remove the changed MODULE_MAGIC_NUMBER_MINOR from which confuses modules the way that they expect functionality that our apache does not provide [bnc#915666] - gensslcert: CN now defaults to `hostname -f` [bnc#949766], fix help [bnc#949771] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-772=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-772=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-772=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): apache2-debuginfo-2.4.10-14.10.1 apache2-debugsource-2.4.10-14.10.1 apache2-devel-2.4.10-14.10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): apache2-2.4.10-14.10.1 apache2-debuginfo-2.4.10-14.10.1 apache2-debugsource-2.4.10-14.10.1 apache2-example-pages-2.4.10-14.10.1 apache2-mod_auth_kerb-5.4-2.4.1 apache2-mod_auth_kerb-debuginfo-5.4-2.4.1 apache2-mod_auth_kerb-debugsource-5.4-2.4.1 apache2-mod_jk-1.2.40-2.6.1 apache2-mod_jk-debuginfo-1.2.40-2.6.1 apache2-mod_jk-debugsource-1.2.40-2.6.1 apache2-mod_security2-2.8.0-3.4.1 apache2-mod_security2-debuginfo-2.8.0-3.4.1 apache2-mod_security2-debugsource-2.8.0-3.4.1 apache2-prefork-2.4.10-14.10.1 apache2-prefork-debuginfo-2.4.10-14.10.1 apache2-utils-2.4.10-14.10.1 apache2-utils-debuginfo-2.4.10-14.10.1 apache2-worker-2.4.10-14.10.1 apache2-worker-debuginfo-2.4.10-14.10.1 - SUSE Linux Enterprise Server 12 (noarch): apache2-doc-2.4.10-14.10.1 - SUSE Enterprise Storage 1.0 (x86_64): apache2-mod_fastcgi-2.4.7-3.4.1 apache2-mod_fastcgi-debuginfo-2.4.7-3.4.1 apache2-mod_fastcgi-debugsource-2.4.7-3.4.1 References: https://www.suse.com/security/cve/CVE-2014-8111.html https://www.suse.com/security/cve/CVE-2015-3183.html https://www.suse.com/security/cve/CVE-2015-3185.html https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/444878 https://bugzilla.suse.com/869790 https://bugzilla.suse.com/911159 https://bugzilla.suse.com/915666 https://bugzilla.suse.com/927845 https://bugzilla.suse.com/930228 https://bugzilla.suse.com/931002 https://bugzilla.suse.com/931723 https://bugzilla.suse.com/938723 https://bugzilla.suse.com/938728 https://bugzilla.suse.com/939516 https://bugzilla.suse.com/949766 https://bugzilla.suse.com/949771 From sle-updates at lists.suse.com Fri Oct 30 10:13:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Oct 2015 17:13:23 +0100 (CET) Subject: SUSE-RU-2015:1852-1: Recommended update for apparmor-profiles Message-ID: <20151030161323.ADCF1320B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor-profiles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1852-1 Rating: low References: #927592 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apparmor-profiles adjusts the nscd profile to allow reading of /etc/netconfig. This is necessary on systems which use nss_nis6. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-apparmor-profiles-12173=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-apparmor-profiles-12173=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-apparmor-profiles-12173=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-apparmor-profiles-12173=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-apparmor-profiles-12173=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): apparmor-profiles-2.3-48.20.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): apparmor-profiles-2.3-48.20.1 - SUSE Linux Enterprise Server 11-SP3 (noarch): apparmor-profiles-2.3-48.20.1 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): apparmor-profiles-2.3-48.20.1 - SUSE Linux Enterprise Desktop 11-SP3 (noarch): apparmor-profiles-2.3-48.20.1 References: https://bugzilla.suse.com/927592 From sle-updates at lists.suse.com Fri Oct 30 10:13:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Oct 2015 17:13:48 +0100 (CET) Subject: SUSE-SU-2015:1853-1: important: Security update for xen Message-ID: <20151030161348.5C6EE320F0@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1853-1 Rating: important References: #877642 #907514 #910258 #918984 #923967 #932267 #941074 #944463 #944697 #947165 #950367 #950703 #950705 #950706 Cross-References: CVE-2014-0222 CVE-2015-4037 CVE-2015-5239 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7971 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 6 fixes is now available. Description: xen was updated to fix nine security issues. These security issues were fixed: - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). These non-security issues were fixed: - bsc#907514: Bus fatal error: SLES 12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error: SLES11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error: SLES11-SP3 sudden reboot has been observed - bsc#941074: Device 51728 could not be connected. Hotplug scripts not working Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-xen-12174=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-xen-12174=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-xen-12174=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-12174=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): xen-devel-4.2.5_14-18.2 - SUSE Linux Enterprise Server 11-SP3 (i586 x86_64): xen-kmp-default-4.2.5_14_3.0.101_0.47.67-18.2 xen-libs-4.2.5_14-18.2 xen-tools-domU-4.2.5_14-18.2 - SUSE Linux Enterprise Server 11-SP3 (x86_64): xen-4.2.5_14-18.2 xen-doc-html-4.2.5_14-18.2 xen-doc-pdf-4.2.5_14-18.2 xen-libs-32bit-4.2.5_14-18.2 xen-tools-4.2.5_14-18.2 - SUSE Linux Enterprise Server 11-SP3 (i586): xen-kmp-pae-4.2.5_14_3.0.101_0.47.67-18.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): xen-kmp-default-4.2.5_14_3.0.101_0.47.67-18.2 xen-libs-4.2.5_14-18.2 xen-tools-domU-4.2.5_14-18.2 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): xen-4.2.5_14-18.2 xen-doc-html-4.2.5_14-18.2 xen-doc-pdf-4.2.5_14-18.2 xen-libs-32bit-4.2.5_14-18.2 xen-tools-4.2.5_14-18.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586): xen-kmp-pae-4.2.5_14_3.0.101_0.47.67-18.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_14-18.2 xen-debugsource-4.2.5_14-18.2 References: https://www.suse.com/security/cve/CVE-2014-0222.html https://www.suse.com/security/cve/CVE-2015-4037.html https://www.suse.com/security/cve/CVE-2015-5239.html https://www.suse.com/security/cve/CVE-2015-6815.html https://www.suse.com/security/cve/CVE-2015-7311.html https://www.suse.com/security/cve/CVE-2015-7835.html https://www.suse.com/security/cve/CVE-2015-7969.html https://www.suse.com/security/cve/CVE-2015-7971.html https://bugzilla.suse.com/877642 https://bugzilla.suse.com/907514 https://bugzilla.suse.com/910258 https://bugzilla.suse.com/918984 https://bugzilla.suse.com/923967 https://bugzilla.suse.com/932267 https://bugzilla.suse.com/941074 https://bugzilla.suse.com/944463 https://bugzilla.suse.com/944697 https://bugzilla.suse.com/947165 https://bugzilla.suse.com/950367 https://bugzilla.suse.com/950703 https://bugzilla.suse.com/950705 https://bugzilla.suse.com/950706 From sle-updates at lists.suse.com Fri Oct 30 10:17:13 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Oct 2015 17:17:13 +0100 (CET) Subject: SUSE-RU-2015:1854-1: Recommended update for vacation Message-ID: <20151030161713.58789320B7@maintenance.suse.de> SUSE Recommended Update: Recommended update for vacation ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1854-1 Rating: low References: #944326 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for the vacation tool fixes handling of "From" mail headers that are too long and can be folded in two lines. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-vacation-12175=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-vacation-12175=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-vacation-12175=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-vacation-12175=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-vacation-12175=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-vacation-12175=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-vacation-12175=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): vacation-1.2.6.2-128.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): vacation-1.2.6.2-128.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): vacation-1.2.6.2-128.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): vacation-1.2.6.2-128.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): vacation-1.2.6.2-128.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): vacation-debuginfo-1.2.6.2-128.1 vacation-debugsource-1.2.6.2-128.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): vacation-debuginfo-1.2.6.2-128.1 vacation-debugsource-1.2.6.2-128.1 References: https://bugzilla.suse.com/944326