From sle-updates at lists.suse.com Tue Sep 1 07:09:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2015 15:09:36 +0200 (CEST) Subject: SUSE-RU-2015:1467-1: moderate: Recommended update for yast2-installation Message-ID: <20150901130936.84039320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1467-1 Rating: moderate References: #889757 #889791 #897956 #903682 #924278 #938790 #940878 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for yast2-installation provides the following fixes: - Always enable systemd startup services for Second Stage and Firstboot. (bsc#924278) - On AutoYaST installations, if the system starts in multi-user mode, terminate Plymouth to ensure that installation will be finished on console 1 and login prompt will be shown. (bsc#903682, bsc#889757, bsc#897956) - In AutoYaST second stage, continue installation even if plymouth has returned an error. (bsc#940878) - Fixed the "previously used repositories" step to work correctly when reached using the back button. (bsc#889791) - Fix a typo in inst_finish client. (bsc#938790) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-465=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-465=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-465=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (noarch): yast2-installation-devel-doc-3.1.116.5-10.1 - SUSE Linux Enterprise Server 12 (noarch): yast2-installation-3.1.116.5-10.1 - SUSE Linux Enterprise Desktop 12 (noarch): yast2-installation-3.1.116.5-10.1 References: https://bugzilla.suse.com/889757 https://bugzilla.suse.com/889791 https://bugzilla.suse.com/897956 https://bugzilla.suse.com/903682 https://bugzilla.suse.com/924278 https://bugzilla.suse.com/938790 https://bugzilla.suse.com/940878 From sle-updates at lists.suse.com Tue Sep 1 07:11:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2015 15:11:23 +0200 (CEST) Subject: SUSE-RU-2015:1468-1: moderate: Recommended udpate for cloud-regionsrv-client Message-ID: <20150901131123.E0544320F2@maintenance.suse.de> SUSE Recommended Update: Recommended udpate for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1468-1 Rating: moderate References: #917450 #917453 #920295 #921526 #924712 #926647 #937880 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update provides cloud-regionsrv-client version 6.3.18, including fixes for the following issues: - Repository issues with suse-sles-11sp3. (bnc#937880) - SMT server switch on startup. (bnc#926647) - Race condition accessing files in /tmp. (bnc#924712) - Simple way to force a re-registration with update infrastructure. (bnc#921526) - Launching a number of instances simultaneously results in failure to register with SMT servers. (bnc#920295) - Unhandled exception during guest registration. (bnc#917450, bnc#917453) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-cloud-regionsrv-client-12058=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): cloud-regionsrv-client-6.3.18-9.1 References: https://bugzilla.suse.com/917450 https://bugzilla.suse.com/917453 https://bugzilla.suse.com/920295 https://bugzilla.suse.com/921526 https://bugzilla.suse.com/924712 https://bugzilla.suse.com/926647 https://bugzilla.suse.com/937880 From sle-updates at lists.suse.com Tue Sep 1 09:10:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2015 17:10:02 +0200 (CEST) Subject: SUSE-RU-2015:1469-1: moderate: Recommended update for openssl Message-ID: <20150901151003.04698320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1469-1 Rating: moderate References: #937492 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Server 11-SP1-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 SUSE Linux Enterprise Debuginfo 11-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of openssl fixes a regression caused by the security fix for CVE-2015-0287, after which DSA keys could occasionaly not loaded from disk. (bsc#937492) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-openssl-12059=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openssl-12059=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-openssl-12059=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-openssl-12059=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssl-12059=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-openssl-12059=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-openssl-12059=1 - SUSE Linux Enterprise Server 11-SP1-LTSS: zypper in -t patch slessp1-openssl-12059=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-openssl-12059=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-openssl-12059=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-12059=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-12059=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-openssl-12059=1 - SUSE Linux Enterprise Debuginfo 11-SP1: zypper in -t patch dbgsp1-openssl-12059=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.74.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.74.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.74.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.74.1 libopenssl0_9_8-hmac-0.9.8j-0.74.1 openssl-0.9.8j-0.74.1 openssl-doc-0.9.8j-0.74.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.74.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.74.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.74.1 libopenssl0_9_8-hmac-0.9.8j-0.74.1 openssl-0.9.8j-0.74.1 openssl-doc-0.9.8j-0.74.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.74.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.74.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libopenssl0_9_8-x86-0.9.8j-0.74.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.74.1 libopenssl0_9_8-hmac-0.9.8j-0.74.1 openssl-0.9.8j-0.74.1 openssl-doc-0.9.8j-0.74.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.74.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.74.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libopenssl0_9_8-x86-0.9.8j-0.74.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.74.1 libopenssl0_9_8-0.9.8j-0.74.1 libopenssl0_9_8-hmac-0.9.8j-0.74.1 openssl-0.9.8j-0.74.1 openssl-doc-0.9.8j-0.74.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.74.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.74.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.74.1 libopenssl0_9_8-0.9.8j-0.74.1 libopenssl0_9_8-hmac-0.9.8j-0.74.1 openssl-0.9.8j-0.74.1 openssl-doc-0.9.8j-0.74.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.74.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.74.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.74.1 openssl-0.9.8j-0.74.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.74.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.74.1 openssl-0.9.8j-0.74.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.74.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.74.1 openssl-debugsource-0.9.8j-0.74.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.74.1 openssl-debugsource-0.9.8j-0.74.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.74.1 openssl-debugsource-0.9.8j-0.74.1 - SUSE Linux Enterprise Debuginfo 11-SP1 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.74.1 openssl-debugsource-0.9.8j-0.74.1 References: https://www.suse.com/security/cve/CVE-2015-0287.html https://bugzilla.suse.com/937492 From sle-updates at lists.suse.com Tue Sep 1 09:10:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2015 17:10:36 +0200 (CEST) Subject: SUSE-RU-2015:1470-1: Recommended update for crowbar-barclamp-ipmi Message-ID: <20150901151036.710C4320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-ipmi ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1470-1 Rating: low References: #795603 #887544 #928192 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crowbar-barclamp-ipmi provides the following stability fixes and improvements from the upstream OpenStack project. - Do not hardcode the use of channel 1 (bsc#887544, bsc#928192) - Do not parse a static file to parse ipmitool data - Use "ipmitool channel info" and check the type to find the right channel - Fix setting the route for BMC network through NAT (bsc#795603) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-ipmi-12061=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-ipmi-1.9+git.1430320736.0f1e0d1-9.1 References: https://bugzilla.suse.com/795603 https://bugzilla.suse.com/887544 https://bugzilla.suse.com/928192 From sle-updates at lists.suse.com Tue Sep 1 09:11:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2015 17:11:21 +0200 (CEST) Subject: SUSE-RU-2015:1471-1: Recommended update for rubygem-bunny-0_6 Message-ID: <20150901151121.46123320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-bunny-0_6 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1471-1 Rating: low References: #928714 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-bunny-0_6 fixes the measurement of payload lengths. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-bunny-0_6-12060=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-bunny-0_6-0.6.0-11.1 References: https://bugzilla.suse.com/928714 From sle-updates at lists.suse.com Tue Sep 1 10:09:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2015 18:09:42 +0200 (CEST) Subject: SUSE-SU-2015:1472-1: important: Security update for kvm Message-ID: <20150901160942.2BA81320F2@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1472-1 Rating: important References: #938344 Cross-References: CVE-2015-5154 Affected Products: SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: kvm was updated to fix one security issue. This security issue was fixed: - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-kvm-12062=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-kvm-12062=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3 (i586 s390x x86_64): kvm-1.4.2-0.22.34.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): kvm-1.4.2-0.22.34.3 References: https://www.suse.com/security/cve/CVE-2015-5154.html https://bugzilla.suse.com/938344 From sle-updates at lists.suse.com Tue Sep 1 10:10:06 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2015 18:10:06 +0200 (CEST) Subject: SUSE-SU-2015:1473-1: moderate: Security update for subversion Message-ID: <20150901161006.60B5E320F6@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1473-1 Rating: moderate References: #939514 #939517 Cross-References: CVE-2015-3184 CVE-2015-3187 Affected Products: SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: subversion was updated to fix two security issues. These security issues were fixed: - CVE-2015-3187: Information leak (only paths) that were hidden by path-based authz (bsc#939517). - CVE-2015-3184: Information leak in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-470=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.8.10-15.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.10-15.1 libsvn_auth_kwallet-1-0-1.8.10-15.1 libsvn_auth_kwallet-1-0-debuginfo-1.8.10-15.1 subversion-1.8.10-15.1 subversion-debuginfo-1.8.10-15.1 subversion-debugsource-1.8.10-15.1 subversion-devel-1.8.10-15.1 subversion-perl-1.8.10-15.1 subversion-perl-debuginfo-1.8.10-15.1 subversion-python-1.8.10-15.1 subversion-python-debuginfo-1.8.10-15.1 subversion-server-1.8.10-15.1 subversion-server-debuginfo-1.8.10-15.1 subversion-tools-1.8.10-15.1 subversion-tools-debuginfo-1.8.10-15.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): subversion-bash-completion-1.8.10-15.1 References: https://www.suse.com/security/cve/CVE-2015-3184.html https://www.suse.com/security/cve/CVE-2015-3187.html https://bugzilla.suse.com/939514 https://bugzilla.suse.com/939517 From sle-updates at lists.suse.com Wed Sep 2 03:09:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2015 11:09:27 +0200 (CEST) Subject: SUSE-RU-2015:1474-1: Recommended update for crowbar-barclamp-swift Message-ID: <20150902090927.C02E3320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-swift ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1474-1 Rating: low References: #938416 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-barclamp-swift provides the following stability fixes and improvements from the upstream OpenStack project. - Update s3 config snippet for keystonemiddleware - Fix auth_url in dispersion.conf - Create /var/run/swift before starting rsyncd Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-swift-12063=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-swift-1.9+git.1432727756.95668e0-9.1 References: https://bugzilla.suse.com/938416 From sle-updates at lists.suse.com Wed Sep 2 04:09:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2015 12:09:25 +0200 (CEST) Subject: SUSE-SU-2015:1475-1: moderate: Security update for tiff Message-ID: <20150902100925.52840320F2@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1475-1 Rating: moderate References: #914890 #916927 Cross-References: CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: LibTiff was updated to the 4.0.4 stable release fixing various security issues and bugs. These security issues were fixed: - CVE-2014-8127: Out-of-bounds write (bnc#914890). - CVE-2014-8128: Out-of-bounds write (bnc#914890). - CVE-2014-8129: Out-of-bounds write (bnc#914890). - CVE-2014-8130: Out-of-bounds write (bnc#914890). - CVE-2014-9655: Access of uninitialized memory (bnc#916927). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-473=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-473=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-473=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libtiff-devel-4.0.4-12.2 tiff-debuginfo-4.0.4-12.2 tiff-debugsource-4.0.4-12.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libtiff5-4.0.4-12.2 libtiff5-debuginfo-4.0.4-12.2 tiff-4.0.4-12.2 tiff-debuginfo-4.0.4-12.2 tiff-debugsource-4.0.4-12.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libtiff5-32bit-4.0.4-12.2 libtiff5-debuginfo-32bit-4.0.4-12.2 - SUSE Linux Enterprise Desktop 12 (x86_64): libtiff5-32bit-4.0.4-12.2 libtiff5-4.0.4-12.2 libtiff5-debuginfo-32bit-4.0.4-12.2 libtiff5-debuginfo-4.0.4-12.2 tiff-debuginfo-4.0.4-12.2 tiff-debugsource-4.0.4-12.2 References: https://www.suse.com/security/cve/CVE-2014-8127.html https://www.suse.com/security/cve/CVE-2014-8128.html https://www.suse.com/security/cve/CVE-2014-8129.html https://www.suse.com/security/cve/CVE-2014-8130.html https://www.suse.com/security/cve/CVE-2014-9655.html https://bugzilla.suse.com/914890 https://bugzilla.suse.com/916927 From sle-updates at lists.suse.com Wed Sep 2 04:10:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2015 12:10:07 +0200 (CEST) Subject: SUSE-SU-2015:1476-1: important: Security update for MozillaFirefox, mozilla-nss Message-ID: <20150902101007.13FB3320F6@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1476-1 Rating: important References: #940806 #943557 #943558 #943608 Cross-References: CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 CVE-2015-4497 CVE-2015-4498 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical and non critical security vulnerabilities. - Firefox was updated to 38.2.1 ESR (bsc#943608) * MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs - Firefox was updated to 38.2.0 ESR (bsc#940806) * MFSA 2015-78/CVE-2015-4495 (bmo#1178058, bmo#1179262) Same origin violation and local file stealing via PDF reader * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 (bmo#1143130, bmo#1161719, bmo#1177501, bmo#1181204, bmo#1184068, bmo#1188590, bmo#1146213, bmo#1178890, bmo#1182711) Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479 (bmo#1185115, bmo#1144107, bmo#1170344, bmo#1186718) Overflow issues in libstagefright * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 (bmo#1176270, bmo#1182723, bmo#1171603) Vulnerabilities found through code inspection * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers Mozilla NSS switched the CKBI ABI from 1.98 to 2.4, which is what Firefox 38ESR uses. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-472=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-472=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-472=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.2.1esr-45.1 MozillaFirefox-debugsource-38.2.1esr-45.1 MozillaFirefox-devel-38.2.1esr-45.1 mozilla-nss-debuginfo-3.19.2.0-26.2 mozilla-nss-debugsource-3.19.2.0-26.2 mozilla-nss-devel-3.19.2.0-26.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-38.2.1esr-45.1 MozillaFirefox-branding-SLE-31.0-14.1 MozillaFirefox-debuginfo-38.2.1esr-45.1 MozillaFirefox-debugsource-38.2.1esr-45.1 MozillaFirefox-translations-38.2.1esr-45.1 libfreebl3-3.19.2.0-26.2 libfreebl3-debuginfo-3.19.2.0-26.2 libfreebl3-hmac-3.19.2.0-26.2 libsoftokn3-3.19.2.0-26.2 libsoftokn3-debuginfo-3.19.2.0-26.2 libsoftokn3-hmac-3.19.2.0-26.2 mozilla-nss-3.19.2.0-26.2 mozilla-nss-certs-3.19.2.0-26.2 mozilla-nss-certs-debuginfo-3.19.2.0-26.2 mozilla-nss-debuginfo-3.19.2.0-26.2 mozilla-nss-debugsource-3.19.2.0-26.2 mozilla-nss-tools-3.19.2.0-26.2 mozilla-nss-tools-debuginfo-3.19.2.0-26.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libfreebl3-32bit-3.19.2.0-26.2 libfreebl3-debuginfo-32bit-3.19.2.0-26.2 libfreebl3-hmac-32bit-3.19.2.0-26.2 libsoftokn3-32bit-3.19.2.0-26.2 libsoftokn3-debuginfo-32bit-3.19.2.0-26.2 libsoftokn3-hmac-32bit-3.19.2.0-26.2 mozilla-nss-32bit-3.19.2.0-26.2 mozilla-nss-certs-32bit-3.19.2.0-26.2 mozilla-nss-certs-debuginfo-32bit-3.19.2.0-26.2 mozilla-nss-debuginfo-32bit-3.19.2.0-26.2 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-38.2.1esr-45.1 MozillaFirefox-branding-SLE-31.0-14.1 MozillaFirefox-debuginfo-38.2.1esr-45.1 MozillaFirefox-debugsource-38.2.1esr-45.1 MozillaFirefox-translations-38.2.1esr-45.1 libfreebl3-3.19.2.0-26.2 libfreebl3-32bit-3.19.2.0-26.2 libfreebl3-debuginfo-3.19.2.0-26.2 libfreebl3-debuginfo-32bit-3.19.2.0-26.2 libsoftokn3-3.19.2.0-26.2 libsoftokn3-32bit-3.19.2.0-26.2 libsoftokn3-debuginfo-3.19.2.0-26.2 libsoftokn3-debuginfo-32bit-3.19.2.0-26.2 mozilla-nss-3.19.2.0-26.2 mozilla-nss-32bit-3.19.2.0-26.2 mozilla-nss-certs-3.19.2.0-26.2 mozilla-nss-certs-32bit-3.19.2.0-26.2 mozilla-nss-certs-debuginfo-3.19.2.0-26.2 mozilla-nss-certs-debuginfo-32bit-3.19.2.0-26.2 mozilla-nss-debuginfo-3.19.2.0-26.2 mozilla-nss-debuginfo-32bit-3.19.2.0-26.2 mozilla-nss-debugsource-3.19.2.0-26.2 mozilla-nss-tools-3.19.2.0-26.2 mozilla-nss-tools-debuginfo-3.19.2.0-26.2 References: https://www.suse.com/security/cve/CVE-2015-4473.html https://www.suse.com/security/cve/CVE-2015-4474.html https://www.suse.com/security/cve/CVE-2015-4475.html https://www.suse.com/security/cve/CVE-2015-4478.html https://www.suse.com/security/cve/CVE-2015-4479.html https://www.suse.com/security/cve/CVE-2015-4484.html https://www.suse.com/security/cve/CVE-2015-4485.html https://www.suse.com/security/cve/CVE-2015-4486.html https://www.suse.com/security/cve/CVE-2015-4487.html https://www.suse.com/security/cve/CVE-2015-4488.html https://www.suse.com/security/cve/CVE-2015-4489.html https://www.suse.com/security/cve/CVE-2015-4491.html https://www.suse.com/security/cve/CVE-2015-4492.html https://www.suse.com/security/cve/CVE-2015-4495.html https://www.suse.com/security/cve/CVE-2015-4497.html https://www.suse.com/security/cve/CVE-2015-4498.html https://bugzilla.suse.com/940806 https://bugzilla.suse.com/943557 https://bugzilla.suse.com/943558 https://bugzilla.suse.com/943608 From sle-updates at lists.suse.com Wed Sep 2 07:09:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2015 15:09:48 +0200 (CEST) Subject: SUSE-RU-2015:1477-1: moderate: Recommended update for compat-openssl097g Message-ID: <20150902130948.70CB1320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1477-1 Rating: moderate References: #937492 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 SUSE Linux Enterprise Server for SAP 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The compat-openssl097g package was updated to fix a regression in the security patch for CVE-2015-0287 that broke loading DSA keys from file. (bsc#937492) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-compat-openssl097g-12064=1 - SUSE Linux Enterprise Server for SAP 11-SP3: zypper in -t patch slesappsp3-compat-openssl097g-12064=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-compat-openssl097g-12064=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-compat-openssl097g-12064=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-compat-openssl097g-12064=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-compat-openssl097g-12064=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (ppc64 x86_64): compat-openssl097g-0.9.7g-146.22.33.1 compat-openssl097g-32bit-0.9.7g-146.22.33.1 - SUSE Linux Enterprise Server for SAP 11-SP3 (x86_64): compat-openssl097g-0.9.7g-146.22.33.1 compat-openssl097g-32bit-0.9.7g-146.22.33.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): compat-openssl097g-0.9.7g-146.22.33.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): compat-openssl097g-32bit-0.9.7g-146.22.33.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): compat-openssl097g-0.9.7g-146.22.33.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): compat-openssl097g-32bit-0.9.7g-146.22.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): compat-openssl097g-debuginfo-0.9.7g-146.22.33.1 compat-openssl097g-debugsource-0.9.7g-146.22.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): compat-openssl097g-debuginfo-32bit-0.9.7g-146.22.33.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): compat-openssl097g-debuginfo-0.9.7g-146.22.33.1 compat-openssl097g-debugsource-0.9.7g-146.22.33.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): compat-openssl097g-debuginfo-32bit-0.9.7g-146.22.33.1 References: https://www.suse.com/security/cve/CVE-2015-0287.html https://bugzilla.suse.com/937492 From sle-updates at lists.suse.com Wed Sep 2 07:10:15 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2015 15:10:15 +0200 (CEST) Subject: SUSE-SU-2015:1478-1: important: Security update for the Linux Kernel Message-ID: <20150902131015.0D872320F2@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1478-1 Rating: important References: #798406 #821931 #860593 #879878 #891087 #897995 #898693 #900881 #904671 #908870 #909477 #912916 #914742 #915200 #915517 #915577 #916010 #917093 #917830 #918333 #919007 #919018 #919463 #921769 #922583 #923245 #926240 #927257 #928801 #929148 #929283 #929360 #929525 #930284 #930934 #931474 #933429 #935705 #936831 #937032 #937986 #940338 #940398 Cross-References: CVE-2014-8086 CVE-2014-8159 CVE-2014-9683 CVE-2015-0777 CVE-2015-1420 CVE-2015-1421 CVE-2015-1805 CVE-2015-2041 CVE-2015-2042 CVE-2015-2150 CVE-2015-2830 CVE-2015-2922 CVE-2015-3331 CVE-2015-3636 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 18 vulnerabilities and has 25 fixes is now available. Description: The SUSE Linux Enterprise Server 11 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code. - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-0777: drivers/xen/usbback/usbback.c in the Linux kernel allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2150: Xen and the Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bnc#919463). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel did not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allowed local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun" (bnc#933429). - CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly determine the memory locations used for encrypted data, which allowed context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket (bnc#927257). - CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel allowed remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message (bnc#922583). - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bnc#919007). - CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux kernel did not initialize a certain list data structure during an unhash operation, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect (bnc#929525). - CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel allowed local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag (bnc#900881). - CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/ (bnc#914742). - CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename (bnc#918333). - CVE-2015-2042: net/rds/sysctl.c in the Linux kernel used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bnc#919018). - CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel allowed remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data (bnc#915577). The following non-security bugs were fixed: - HID: add ALWAYS_POLL quirk for a Logitech 0xc007 (bnc#931474). - HID: add HP OEM mouse to quirk ALWAYS_POLL (bnc#931474). - HID: add quirk for PIXART OEM mouse used by HP (bnc#931474). - HID: usbhid: add always-poll quirk (bnc#931474). - HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#931474). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b (bnc#931474). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103 (bnc#931474). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f (bnc#931474). - HID: usbhid: enable always-poll quirk for Elan Touchscreen. - HID: usbhid: fix PIXART optical mouse (bnc#931474). - HID: usbhid: more mice with ALWAYS_POLL (bnc#931474). - HID: usbhid: yet another mouse with ALWAYS_POLL (bnc#931474). - bnx2x: Fix kdump when iommu=on (bug#921769). - cifs: fix use-after-free bug in find_writable_file (bnc#909477). - coredump: ensure the fpu state is flushed for proper multi-threaded core dump (bsc#904671, bsc#929360). - dm: fixed that LVM merge snapshot of root logical volume were not working (bsc#928801) - deal with deadlock in d_walk fix (bnc#929148, bnc#929283). - e1000: do not enable dma receives until after dma address has been setup (bsc#821931). - fsnotify: Fix handling of renames in audit (bnc#915200). - inet: add a redirect generation id in inetpeer (bnc#860593). - inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593). - kabi: hide bnc#860593 changes of struct inetpeer_addr_base (bnc#860593). - kernel: fix data corruption when reading /proc/sysinfo (bsc#891087, bsc#937986, LTC#114480). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - time, ntp: Do not update time_state in middle of leap second (bsc#912916). - s390-3215-tty-close-crash.patch: kernel: 3215 tty close crash (bsc#916010, LTC#120873). - s390-3215-tty-close-race.patch: kernel: 3215 console crash (bsc#916010, LTC#94302). - s390-3215-tty-hang.patch: Renamed from patches.arch/s390-tty-hang.patch. - s390-3215-tty-hang.patch: Update references (bnc#898693, bnc#897995, LTC#114562). - s390-dasd-retry-partition-detection.patch: s390/dasd: retry partition detection (bsc#916010, LTC#94302). - s390-dasd-retry-partition-detection.patch: Update references (bsc#916010, LTC#120565). - s390-sclp-tty-refcount.patch: kernel: sclp console tty reference counting (bsc#916010, LTC#115466). - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - scsi/sg: sg_start_req(): make sure that there is not too many elements in iovec (bsc#940338). - x86, xsave: remove thread_has_fpu() bug check in __sanitize_i387_state() (bsc#904671, bsc#929360). - x86-mm-send-tlb-flush-ipis-to-online-cpus-only.patch: x86, mm: Send tlb flush IPIs to online cpus only (bnc#798406). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86/reboot: Fix a warning message triggered by stop_other_cpus() (bnc#930284). - xen: Correctly re-enable interrupts in xen_spin_wait() (bsc#879878, bsc#908870). - xfs: prevent deadlock trying to cover an active log (bsc#917093). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-kernel-20150819-12065=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-kernel-20150819-12065=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.7.37.1 kernel-default-base-3.0.101-0.7.37.1 kernel-default-devel-3.0.101-0.7.37.1 kernel-source-3.0.101-0.7.37.1 kernel-syms-3.0.101-0.7.37.1 kernel-trace-3.0.101-0.7.37.1 kernel-trace-base-3.0.101-0.7.37.1 kernel-trace-devel-3.0.101-0.7.37.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.7.37.1 kernel-ec2-base-3.0.101-0.7.37.1 kernel-ec2-devel-3.0.101-0.7.37.1 kernel-xen-3.0.101-0.7.37.1 kernel-xen-base-3.0.101-0.7.37.1 kernel-xen-devel-3.0.101-0.7.37.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x): kernel-default-man-3.0.101-0.7.37.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): kernel-pae-3.0.101-0.7.37.1 kernel-pae-base-3.0.101-0.7.37.1 kernel-pae-devel-3.0.101-0.7.37.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.7.37.1 kernel-default-debugsource-3.0.101-0.7.37.1 kernel-default-devel-debuginfo-3.0.101-0.7.37.1 kernel-trace-debuginfo-3.0.101-0.7.37.1 kernel-trace-debugsource-3.0.101-0.7.37.1 kernel-trace-devel-debuginfo-3.0.101-0.7.37.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.7.37.1 kernel-ec2-debugsource-3.0.101-0.7.37.1 kernel-xen-debuginfo-3.0.101-0.7.37.1 kernel-xen-debugsource-3.0.101-0.7.37.1 kernel-xen-devel-debuginfo-3.0.101-0.7.37.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586): kernel-pae-debuginfo-3.0.101-0.7.37.1 kernel-pae-debugsource-3.0.101-0.7.37.1 kernel-pae-devel-debuginfo-3.0.101-0.7.37.1 References: https://www.suse.com/security/cve/CVE-2014-8086.html https://www.suse.com/security/cve/CVE-2014-8159.html https://www.suse.com/security/cve/CVE-2014-9683.html https://www.suse.com/security/cve/CVE-2015-0777.html https://www.suse.com/security/cve/CVE-2015-1420.html https://www.suse.com/security/cve/CVE-2015-1421.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-2041.html https://www.suse.com/security/cve/CVE-2015-2042.html https://www.suse.com/security/cve/CVE-2015-2150.html https://www.suse.com/security/cve/CVE-2015-2830.html https://www.suse.com/security/cve/CVE-2015-2922.html https://www.suse.com/security/cve/CVE-2015-3331.html https://www.suse.com/security/cve/CVE-2015-3636.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://www.suse.com/security/cve/CVE-2015-5707.html https://bugzilla.suse.com/798406 https://bugzilla.suse.com/821931 https://bugzilla.suse.com/860593 https://bugzilla.suse.com/879878 https://bugzilla.suse.com/891087 https://bugzilla.suse.com/897995 https://bugzilla.suse.com/898693 https://bugzilla.suse.com/900881 https://bugzilla.suse.com/904671 https://bugzilla.suse.com/908870 https://bugzilla.suse.com/909477 https://bugzilla.suse.com/912916 https://bugzilla.suse.com/914742 https://bugzilla.suse.com/915200 https://bugzilla.suse.com/915517 https://bugzilla.suse.com/915577 https://bugzilla.suse.com/916010 https://bugzilla.suse.com/917093 https://bugzilla.suse.com/917830 https://bugzilla.suse.com/918333 https://bugzilla.suse.com/919007 https://bugzilla.suse.com/919018 https://bugzilla.suse.com/919463 https://bugzilla.suse.com/921769 https://bugzilla.suse.com/922583 https://bugzilla.suse.com/923245 https://bugzilla.suse.com/926240 https://bugzilla.suse.com/927257 https://bugzilla.suse.com/928801 https://bugzilla.suse.com/929148 https://bugzilla.suse.com/929283 https://bugzilla.suse.com/929360 https://bugzilla.suse.com/929525 https://bugzilla.suse.com/930284 https://bugzilla.suse.com/930934 https://bugzilla.suse.com/931474 https://bugzilla.suse.com/933429 https://bugzilla.suse.com/935705 https://bugzilla.suse.com/936831 https://bugzilla.suse.com/937032 https://bugzilla.suse.com/937986 https://bugzilla.suse.com/940338 https://bugzilla.suse.com/940398 From sle-updates at lists.suse.com Wed Sep 2 10:09:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2015 18:09:45 +0200 (CEST) Subject: SUSE-SU-2015:1479-1: important: Security update for xen Message-ID: <20150902160945.DFE6F320F6@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1479-1 Rating: important References: #922709 #932996 #935634 #938344 #939709 #939712 Cross-References: CVE-2015-2751 CVE-2015-3259 CVE-2015-4164 CVE-2015-5154 CVE-2015-5165 CVE-2015-5166 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: xen was updated to fix the following security issues: * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140) * CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139) * CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127) * CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137) * CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136) * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-xen-12066=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-xen-12066=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-xen-12066=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xen-12066=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): xen-devel-4.2.5_12-15.1 - SUSE Linux Enterprise Server 11-SP3 (i586 x86_64): xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1 xen-libs-4.2.5_12-15.1 xen-tools-domU-4.2.5_12-15.1 - SUSE Linux Enterprise Server 11-SP3 (x86_64): xen-4.2.5_12-15.1 xen-doc-html-4.2.5_12-15.1 xen-doc-pdf-4.2.5_12-15.1 xen-libs-32bit-4.2.5_12-15.1 xen-tools-4.2.5_12-15.1 - SUSE Linux Enterprise Server 11-SP3 (i586): xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586): xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1 xen-kmp-pae-4.2.5_12_3.0.101_0.47.55-15.1 xen-libs-4.2.5_12-15.1 xen-tools-domU-4.2.5_12-15.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): xen-debuginfo-4.2.5_12-15.1 xen-debugsource-4.2.5_12-15.1 References: https://www.suse.com/security/cve/CVE-2015-2751.html https://www.suse.com/security/cve/CVE-2015-3259.html https://www.suse.com/security/cve/CVE-2015-4164.html https://www.suse.com/security/cve/CVE-2015-5154.html https://www.suse.com/security/cve/CVE-2015-5165.html https://www.suse.com/security/cve/CVE-2015-5166.html https://bugzilla.suse.com/922709 https://bugzilla.suse.com/932996 https://bugzilla.suse.com/935634 https://bugzilla.suse.com/938344 https://bugzilla.suse.com/939709 https://bugzilla.suse.com/939712 From sle-updates at lists.suse.com Wed Sep 2 11:09:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2015 19:09:31 +0200 (CEST) Subject: SUSE-SU-2015:1479-2: important: Security update for xen Message-ID: <20150902170931.090B2320F2@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1479-2 Rating: important References: #922709 #932996 #935634 #938344 #939709 #939712 Cross-References: CVE-2015-2751 CVE-2015-3259 CVE-2015-4164 CVE-2015-5154 CVE-2015-5165 CVE-2015-5166 Affected Products: SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: xen was updated to fix the following security issues: * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140) * CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139) * CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127) * CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137) * CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136) * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-xen-12066=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): xen-4.2.5_12-15.1 xen-doc-html-4.2.5_12-15.1 xen-doc-pdf-4.2.5_12-15.1 xen-kmp-default-4.2.5_12_3.0.101_0.47.55-15.1 xen-libs-32bit-4.2.5_12-15.1 xen-libs-4.2.5_12-15.1 xen-tools-4.2.5_12-15.1 xen-tools-domU-4.2.5_12-15.1 References: https://www.suse.com/security/cve/CVE-2015-2751.html https://www.suse.com/security/cve/CVE-2015-3259.html https://www.suse.com/security/cve/CVE-2015-4164.html https://www.suse.com/security/cve/CVE-2015-5154.html https://www.suse.com/security/cve/CVE-2015-5165.html https://www.suse.com/security/cve/CVE-2015-5166.html https://bugzilla.suse.com/922709 https://bugzilla.suse.com/932996 https://bugzilla.suse.com/935634 https://bugzilla.suse.com/938344 https://bugzilla.suse.com/939709 https://bugzilla.suse.com/939712 From sle-updates at lists.suse.com Wed Sep 2 15:09:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2015 23:09:48 +0200 (CEST) Subject: SUSE-SU-2015:1480-1: important: Security update for bind Message-ID: <20150902210948.C719C320F2@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1480-1 Rating: important References: #944066 Cross-References: CVE-2015-5722 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-12067=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-bind-12067=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-bind-12067=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-12067=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-bind-12067=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-bind-12067=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-bind-12067=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-bind-12067=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-12067=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-12067=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-bind-12067=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.15.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64): bind-devel-32bit-9.9.6P1-0.15.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): bind-9.9.6P1-0.15.1 bind-chrootenv-9.9.6P1-0.15.1 bind-doc-9.9.6P1-0.15.1 bind-libs-9.9.6P1-0.15.1 bind-utils-9.9.6P1-0.15.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): bind-libs-32bit-9.9.6P1-0.15.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.15.1 bind-chrootenv-9.9.6P1-0.15.1 bind-doc-9.9.6P1-0.15.1 bind-libs-9.9.6P1-0.15.1 bind-utils-9.9.6P1-0.15.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.15.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.15.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.15.1 bind-chrootenv-9.9.6P1-0.15.1 bind-doc-9.9.6P1-0.15.1 bind-libs-9.9.6P1-0.15.1 bind-utils-9.9.6P1-0.15.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.15.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): bind-libs-x86-9.9.6P1-0.15.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.15.1 bind-chrootenv-9.9.6P1-0.15.1 bind-devel-9.9.6P1-0.15.1 bind-doc-9.9.6P1-0.15.1 bind-libs-9.9.6P1-0.15.1 bind-utils-9.9.6P1-0.15.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.15.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): bind-libs-9.9.6P1-0.15.1 bind-utils-9.9.6P1-0.15.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): bind-libs-32bit-9.9.6P1-0.15.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): bind-libs-9.9.6P1-0.15.1 bind-utils-9.9.6P1-0.15.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): bind-libs-32bit-9.9.6P1-0.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.15.1 bind-debugsource-9.9.6P1-0.15.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.15.1 bind-debugsource-9.9.6P1-0.15.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.15.1 bind-debugsource-9.9.6P1-0.15.1 References: https://www.suse.com/security/cve/CVE-2015-5722.html https://bugzilla.suse.com/944066 From sle-updates at lists.suse.com Wed Sep 2 15:10:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2015 23:10:20 +0200 (CEST) Subject: SUSE-SU-2015:1481-1: important: Security update for bind Message-ID: <20150902211020.4C139320F6@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1481-1 Rating: important References: #944066 Cross-References: CVE-2015-5722 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-478=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-478=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-478=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bind-debuginfo-9.9.6P1-26.1 bind-debugsource-9.9.6P1-26.1 bind-devel-9.9.6P1-26.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bind-9.9.6P1-26.1 bind-chrootenv-9.9.6P1-26.1 bind-debuginfo-9.9.6P1-26.1 bind-debugsource-9.9.6P1-26.1 bind-libs-9.9.6P1-26.1 bind-libs-debuginfo-9.9.6P1-26.1 bind-utils-9.9.6P1-26.1 bind-utils-debuginfo-9.9.6P1-26.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): bind-libs-32bit-9.9.6P1-26.1 bind-libs-debuginfo-32bit-9.9.6P1-26.1 - SUSE Linux Enterprise Server 12 (noarch): bind-doc-9.9.6P1-26.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bind-debuginfo-9.9.6P1-26.1 bind-debugsource-9.9.6P1-26.1 bind-libs-32bit-9.9.6P1-26.1 bind-libs-9.9.6P1-26.1 bind-libs-debuginfo-32bit-9.9.6P1-26.1 bind-libs-debuginfo-9.9.6P1-26.1 bind-utils-9.9.6P1-26.1 bind-utils-debuginfo-9.9.6P1-26.1 References: https://www.suse.com/security/cve/CVE-2015-5722.html https://bugzilla.suse.com/944066 From sle-updates at lists.suse.com Thu Sep 3 03:09:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2015 11:09:43 +0200 (CEST) Subject: SUSE-SU-2015:1482-1: moderate: Recommended update for openldap2 Message-ID: <20150903090943.3BCC1320F2@maintenance.suse.de> SUSE Security Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1482-1 Rating: moderate References: #924496 #932773 #937766 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: openldap2 was updated to fix one security issue. This security issue was fixed: - CVE-2015-4000: The Logjam Attack / weakdh.org (bsc#937766). This non-security issue was fixed: - bsc#932773: ldapmodify failed with DOS format LDIF files containing "-" separator. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openldap2-12068=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-openldap2-12068=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-openldap2-12068=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openldap2-12068=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-openldap2-12068=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openldap2-12068=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-openldap2-12068=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-openldap2-12068=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openldap2-12068=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openldap2-12068=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): openldap2-back-perl-2.4.26-0.35.1 openldap2-devel-2.4.26-0.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): openldap2-devel-32bit-2.4.26-0.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): openldap2-2.4.26-0.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): openldap2-back-perl-2.4.26-0.35.1 openldap2-devel-2.4.26-0.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): openldap2-devel-32bit-2.4.26-0.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): openldap2-2.4.26-0.35.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): compat-libldap-2_3-0-2.3.37-2.35.1 libldap-2_4-2-2.4.26-0.35.1 openldap2-2.4.26-0.35.1 openldap2-back-meta-2.4.26-0.35.1 openldap2-client-2.4.26-0.35.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libldap-2_4-2-32bit-2.4.26-0.35.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): compat-libldap-2_3-0-2.3.37-2.35.1 libldap-2_4-2-2.4.26-0.35.1 openldap2-2.4.26-0.35.1 openldap2-back-meta-2.4.26-0.35.1 openldap2-client-2.4.26-0.35.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libldap-2_4-2-32bit-2.4.26-0.35.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libldap-2_4-2-x86-2.4.26-0.35.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): compat-libldap-2_3-0-2.3.37-2.35.1 libldap-2_4-2-2.4.26-0.35.1 openldap2-2.4.26-0.35.1 openldap2-back-meta-2.4.26-0.35.1 openldap2-client-2.4.26-0.35.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libldap-2_4-2-32bit-2.4.26-0.35.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libldap-2_4-2-x86-2.4.26-0.35.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libldap-openssl1-2_4-2-2.4.26-0.35.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libldap-openssl1-2_4-2-32bit-2.4.26-0.35.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libldap-openssl1-2_4-2-x86-2.4.26-0.35.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libldap-2_4-2-2.4.26-0.35.1 openldap2-client-2.4.26-0.35.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libldap-2_4-2-32bit-2.4.26-0.35.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libldap-2_4-2-2.4.26-0.35.1 openldap2-client-2.4.26-0.35.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libldap-2_4-2-32bit-2.4.26-0.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.35.1 openldap2-client-debugsource-2.4.26-0.35.1 openldap2-debuginfo-2.4.26-0.35.1 openldap2-debugsource-2.4.26-0.35.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.35.1 openldap2-client-debugsource-2.4.26-0.35.1 openldap2-client-openssl1-debuginfo-2.4.26-0.35.1 openldap2-client-openssl1-debugsource-2.4.26-0.35.1 openldap2-debuginfo-2.4.26-0.35.1 openldap2-debugsource-2.4.26-0.35.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/924496 https://bugzilla.suse.com/932773 https://bugzilla.suse.com/937766 From sle-updates at lists.suse.com Thu Sep 3 04:09:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2015 12:09:24 +0200 (CEST) Subject: SUSE-RU-2015:1483-1: Recommended update for sles-manuals_en Message-ID: <20150903100924.90977320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for sles-manuals_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1483-1 Rating: low References: #936253 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sles-manuals_en adds the Docker Quickstart manual (bsc#936253) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-480=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-480=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): sles-admin_en-pdf-12-34.2 sles-autoyast_en-pdf-12-34.2 sles-deployment_en-pdf-12-34.2 sles-dockerquick_en-pdf-12-34.2 sles-gnomeuser_en-pdf-12-34.2 sles-hardening_en-pdf-12-34.2 sles-installquick_en-pdf-12-34.2 sles-manuals_en-12-34.2 sles-security_en-pdf-12-34.2 sles-storage_en-pdf-12-34.2 sles-tuning_en-pdf-12-34.2 sles-virtualization_en-pdf-12-34.2 - SUSE Linux Enterprise Desktop 12 (noarch): sles-virtualization_en-pdf-12-34.2 References: https://bugzilla.suse.com/936253 From sle-updates at lists.suse.com Thu Sep 3 06:09:30 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2015 14:09:30 +0200 (CEST) Subject: SUSE-SU-2015:1484-1: moderate: Security update for libwmf Message-ID: <20150903120930.3A818320F6@maintenance.suse.de> SUSE Security Update: Security update for libwmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1484-1 Rating: moderate References: #495842 #831299 #933109 #936058 #936062 Cross-References: CVE-2009-1364 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: libwmf was updated to fix five security issues. These security issues were fixed: - CVE-2009-1364: Fixed realloc return value usage (bsc#495842, bnc#831299) - CVE-2015-0848: Heap overflow on libwmf0.2-7 (bsc#933109) - CVE-2015-4588: DecodeImage() did not check that the run-length "count" fits into the total size of the image, which could lead to a heap-based buffer overflow (bsc#933109) - CVE-2015-4695: meta_pen_create heap buffer over read (bsc#936058) - CVE-2015-4696: Use after free (bsc#936062) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-481=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-481=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-481=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libwmf-0_2-7-0.2.8.4-242.3 libwmf-0_2-7-debuginfo-0.2.8.4-242.3 libwmf-debugsource-0.2.8.4-242.3 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libwmf-0_2-7-0.2.8.4-242.3 libwmf-0_2-7-debuginfo-0.2.8.4-242.3 libwmf-debugsource-0.2.8.4-242.3 libwmf-devel-0.2.8.4-242.3 libwmf-gnome-0.2.8.4-242.3 libwmf-gnome-debuginfo-0.2.8.4-242.3 - SUSE Linux Enterprise Desktop 12 (x86_64): libwmf-0_2-7-0.2.8.4-242.3 libwmf-0_2-7-debuginfo-0.2.8.4-242.3 libwmf-debugsource-0.2.8.4-242.3 References: https://www.suse.com/security/cve/CVE-2009-1364.html https://www.suse.com/security/cve/CVE-2015-0848.html https://www.suse.com/security/cve/CVE-2015-4588.html https://www.suse.com/security/cve/CVE-2015-4695.html https://www.suse.com/security/cve/CVE-2015-4696.html https://bugzilla.suse.com/495842 https://bugzilla.suse.com/831299 https://bugzilla.suse.com/933109 https://bugzilla.suse.com/936058 https://bugzilla.suse.com/936062 From sle-updates at lists.suse.com Thu Sep 3 10:09:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2015 18:09:46 +0200 (CEST) Subject: SUSE-OU-2015:1485-1: Optional update for quota Message-ID: <20150903160946.B6825320F6@maintenance.suse.de> SUSE Optional Update: Optional update for quota ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1485-1 Rating: low References: #941765 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: The quota package has been rebuilt to increase its release number, which was lower than the latest builds from SLE 11-SP3. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-quota-12069=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-quota-12069=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-quota-12069=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): quota-3.16-51.1.0 quota-nfs-3.16-51.1.0 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): quota-3.16-51.1.0 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): quota-debuginfo-3.16-51.1.0 quota-debugsource-3.16-51.1.0 References: https://bugzilla.suse.com/941765 From sle-updates at lists.suse.com Thu Sep 3 10:10:12 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2015 18:10:12 +0200 (CEST) Subject: SUSE-OU-2015:1486-1: Optional update for a2ps Message-ID: <20150903161012.80D01320F6@maintenance.suse.de> SUSE Optional Update: Optional update for a2ps ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1486-1 Rating: low References: #940627 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: The a2ps "ASCII text to PostScript" converter has been added to SUSE Linux Enterprise 12 Legacy module. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-483=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le s390x x86_64): a2ps-4.14-2.3 a2ps-debuginfo-4.14-2.3 a2ps-debugsource-4.14-2.3 References: https://bugzilla.suse.com/940627 From sle-updates at lists.suse.com Fri Sep 4 04:09:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 12:09:22 +0200 (CEST) Subject: SUSE-SU-2015:1487-1: important: Live patch for the Linux Kernel Message-ID: <20150904100922.5238F320F6@maintenance.suse.de> SUSE Security Update: Live patch for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1487-1 Rating: important References: #939044 #939241 #939262 #939263 #939270 #939273 #939276 #939277 Cross-References: CVE-2014-8159 CVE-2015-1805 CVE-2015-3331 CVE-2015-3339 CVE-2015-3636 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update contains a kernel live patch for the 3.12.38-44 SUSE Linux Enterprise Server 12 Kernel, fixing following security issues. - CVE-2015-3339: A race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bsc#939263 bsc#939044) - CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux kernel did not initialize a certain list data structure during an unhash operation, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. (bsc#939277) - CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood of UDP packets with invalid checksums were fixed that could be used by remote attackers to delay execution. (bsc#939276) - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel did not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allowed local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." (bsc#939270) - CVE-2015-4700: A BPF Jit optimization flaw could allow local users to panic the kernel. (bsc#939273) - CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly determine the memory locations used for encrypted data, which allowed context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bsc#939262) - CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bsc#939241) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-486=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_38-44-default-2-7.1 kgraft-patch-3_12_38-44-xen-2-7.1 References: https://www.suse.com/security/cve/CVE-2014-8159.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-3331.html https://www.suse.com/security/cve/CVE-2015-3339.html https://www.suse.com/security/cve/CVE-2015-3636.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://bugzilla.suse.com/939044 https://bugzilla.suse.com/939241 https://bugzilla.suse.com/939262 https://bugzilla.suse.com/939263 https://bugzilla.suse.com/939270 https://bugzilla.suse.com/939273 https://bugzilla.suse.com/939276 https://bugzilla.suse.com/939277 From sle-updates at lists.suse.com Fri Sep 4 04:10:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 12:10:57 +0200 (CEST) Subject: SUSE-SU-2015:1488-1: important: Live patch for the Linux Kernel Message-ID: <20150904101057.D0D34320F2@maintenance.suse.de> SUSE Security Update: Live patch for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1488-1 Rating: important References: #916225 #939044 #939240 #939241 #939262 #939263 #939270 #939273 #939276 #939277 Cross-References: CVE-2014-7822 CVE-2014-8159 CVE-2015-1465 CVE-2015-1805 CVE-2015-3331 CVE-2015-3339 CVE-2015-3636 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update contains a kernel live patch for the 3.12.36-38 SUSE Linux Enterprise Server 12 Kernel, fixing following security issues. - CVE-2015-3339: A race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bsc#939263 bsc#939044) - CVE-2015-1465: The IPv4 implementation in the Linux kernel did not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allowed remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. (bsc#939044 bsc#916225) - CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux kernel did not initialize a certain list data structure during an unhash operation, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. (bsc#939277) - CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood of UDP packets with invalid checksums were fixed that could be used by remote attackers to delay execution. (bsc#939276) - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel did not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allowed local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." (bsc#939270) - CVE-2015-4700: A BPF Jit optimization flaw could allow local users to panic the kernel. (bsc#939273) - CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly determine the memory locations used for encrypted data, which allowed context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bsc#939262) - CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bsc#939241) - CVE-2014-7822: The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. (bsc#939240) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-485=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_36-38-default-3-2.1 kgraft-patch-3_12_36-38-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2014-7822.html https://www.suse.com/security/cve/CVE-2014-8159.html https://www.suse.com/security/cve/CVE-2015-1465.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-3331.html https://www.suse.com/security/cve/CVE-2015-3339.html https://www.suse.com/security/cve/CVE-2015-3636.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/939044 https://bugzilla.suse.com/939240 https://bugzilla.suse.com/939241 https://bugzilla.suse.com/939262 https://bugzilla.suse.com/939263 https://bugzilla.suse.com/939270 https://bugzilla.suse.com/939273 https://bugzilla.suse.com/939276 https://bugzilla.suse.com/939277 From sle-updates at lists.suse.com Fri Sep 4 04:13:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 12:13:02 +0200 (CEST) Subject: SUSE-SU-2015:1489-1: important: Live patch for the Linux Kernel Message-ID: <20150904101302.5F365320F2@maintenance.suse.de> SUSE Security Update: Live patch for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1489-1 Rating: important References: #902349 #916225 #939044 #939240 #939241 #939260 #939262 #939263 #939270 #939273 #939276 #939277 Cross-References: CVE-2014-3687 CVE-2014-7822 CVE-2014-8159 CVE-2014-9710 CVE-2015-1465 CVE-2015-1805 CVE-2015-3331 CVE-2015-3339 CVE-2015-3636 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update contains a kernel live patch for the 3.12.32-33 SUSE Linux Enterprise Server 12 Kernel, fixing following security issues. - CVE-2015-3339: A race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bsc#939263 bsc#939044) - CVE-2015-1465: The IPv4 implementation in the Linux kernel did not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allowed remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. (bsc#939044 bsc#916225) - CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux kernel did not initialize a certain list data structure during an unhash operation, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. (bsc#939277) - CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood of UDP packets with invalid checksums were fixed that could be used by remote attackers to delay execution. (bsc#939276) - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel did not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allowed local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." (bsc#939270) - CVE-2015-4700: A BPF Jit optimization flaw could allow local users to panic the kernel. (bsc#939273) - CVE-2014-9710: The Btrfs implementation in the Linux kernel did not ensure that the visible xattr state is consistent with a requested replacement, which allowed local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit. (bsc#939260) - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. (bsc#902349 bsc#939044) - CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly determine the memory locations used for encrypted data, which allowed context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bsc#939262) - CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bsc#939241) - CVE-2014-7822: The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. (bsc#939240) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-484=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_32-33-default-3-2.1 kgraft-patch-3_12_32-33-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2014-3687.html https://www.suse.com/security/cve/CVE-2014-7822.html https://www.suse.com/security/cve/CVE-2014-8159.html https://www.suse.com/security/cve/CVE-2014-9710.html https://www.suse.com/security/cve/CVE-2015-1465.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-3331.html https://www.suse.com/security/cve/CVE-2015-3339.html https://www.suse.com/security/cve/CVE-2015-3636.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://bugzilla.suse.com/902349 https://bugzilla.suse.com/916225 https://bugzilla.suse.com/939044 https://bugzilla.suse.com/939240 https://bugzilla.suse.com/939241 https://bugzilla.suse.com/939260 https://bugzilla.suse.com/939262 https://bugzilla.suse.com/939263 https://bugzilla.suse.com/939270 https://bugzilla.suse.com/939273 https://bugzilla.suse.com/939276 https://bugzilla.suse.com/939277 From sle-updates at lists.suse.com Fri Sep 4 04:15:27 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 12:15:27 +0200 (CEST) Subject: SUSE-SU-2015:1490-1: important: Live patch for the Linux Kernel Message-ID: <20150904101527.DBE6B320F6@maintenance.suse.de> SUSE Security Update: Live patch for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1490-1 Rating: important References: #939044 #939270 #939273 #939276 Cross-References: CVE-2015-1805 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update contains a kernel live patch for the 3.12.43-52.6 SUSE Linux Enterprise Server 12 Kernel, fixing following security issues. - CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood of UDP packets with invalid checksums were fixed that could be used by remote attackers to delay execution. (bsc#939276) - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel did not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allowed local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." (bsc#939270) - CVE-2015-4700: A BPF Jit optimization flaw could allow local users to panic the kernel. (bsc#939273) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-488=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_43-52_6-default-2-6.1 kgraft-patch-3_12_43-52_6-xen-2-6.1 References: https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://bugzilla.suse.com/939044 https://bugzilla.suse.com/939270 https://bugzilla.suse.com/939273 https://bugzilla.suse.com/939276 From sle-updates at lists.suse.com Fri Sep 4 04:16:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 12:16:23 +0200 (CEST) Subject: SUSE-SU-2015:1491-1: important: Live patch for the Linux Kernel Message-ID: <20150904101623.9112B320F7@maintenance.suse.de> SUSE Security Update: Live patch for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1491-1 Rating: important References: #939044 #939241 #939262 #939263 #939270 #939273 #939276 #939277 Cross-References: CVE-2014-8159 CVE-2015-1805 CVE-2015-3331 CVE-2015-3339 CVE-2015-3636 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update contains a kernel live patch for the 3.12.39-47 SUSE Linux Enterprise Server 12 Kernel, fixing following security issues. - CVE-2015-3339: A race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bsc#939263 bsc#939044) - CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux kernel did not initialize a certain list data structure during an unhash operation, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. (bsc#939277) - CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood of UDP packets with invalid checksums were fixed that could be used by remote attackers to delay execution. (bsc#939276) - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel did not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allowed local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." (bsc#939270) - CVE-2015-4700: A BPF Jit optimization flaw could allow local users to panic the kernel. (bsc#939273) - CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly determine the memory locations used for encrypted data, which allowed context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bsc#939262) - CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bsc#939241) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-487=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_39-47-default-2-10.1 kgraft-patch-3_12_39-47-xen-2-10.1 References: https://www.suse.com/security/cve/CVE-2014-8159.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-3331.html https://www.suse.com/security/cve/CVE-2015-3339.html https://www.suse.com/security/cve/CVE-2015-3636.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://bugzilla.suse.com/939044 https://bugzilla.suse.com/939241 https://bugzilla.suse.com/939262 https://bugzilla.suse.com/939263 https://bugzilla.suse.com/939270 https://bugzilla.suse.com/939273 https://bugzilla.suse.com/939276 https://bugzilla.suse.com/939277 From sle-updates at lists.suse.com Fri Sep 4 07:09:29 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 15:09:29 +0200 (CEST) Subject: SUSE-RU-2015:1493-1: moderate: Recommended update for postfix Message-ID: <20150904130929.C27A6320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for postfix ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1493-1 Rating: moderate References: #928885 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Postfix was updated to fix an abort when the system is running in FIPS mode. The fingerprinting methods still used md5 by default, this was replaced by sha1. bsc#928885 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-489=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-489=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-489=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): postfix-debuginfo-2.11.0-14.2 postfix-debugsource-2.11.0-14.2 postfix-devel-2.11.0-14.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): postfix-2.11.0-14.2 postfix-debuginfo-2.11.0-14.2 postfix-debugsource-2.11.0-14.2 postfix-mysql-2.11.0-14.2 postfix-mysql-debuginfo-2.11.0-14.2 - SUSE Linux Enterprise Server 12 (noarch): postfix-doc-2.11.0-14.2 - SUSE Linux Enterprise Desktop 12 (x86_64): postfix-2.11.0-14.2 postfix-debuginfo-2.11.0-14.2 postfix-debugsource-2.11.0-14.2 References: https://bugzilla.suse.com/928885 From sle-updates at lists.suse.com Fri Sep 4 07:09:51 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 15:09:51 +0200 (CEST) Subject: SUSE-RU-2015:1494-1: Recommended update for AppArmor Message-ID: <20150904130951.82BB2320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for AppArmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1494-1 Rating: low References: #911118 #921098 #940749 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for AppArmor provides the following fixes: - Add support for newer versions of Samba. (bsc#921098) - Add more directories needed by nscd(8) to the nameservice abstraction settings. (bsc#911118) - Adjust dnsmasq profile to allow running libvirt leases helper script. (bsc#940749) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-490=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-490=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): apparmor-debugsource-2.8.2-36.1 libapparmor-devel-2.8.2-36.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-36.1 apache2-mod_apparmor-debuginfo-2.8.2-36.1 apparmor-debugsource-2.8.2-36.1 apparmor-parser-2.8.2-36.1 apparmor-parser-debuginfo-2.8.2-36.1 libapparmor1-2.8.2-36.1 libapparmor1-debuginfo-2.8.2-36.1 pam_apparmor-2.8.2-36.1 pam_apparmor-debuginfo-2.8.2-36.1 perl-apparmor-2.8.2-36.1 perl-apparmor-debuginfo-2.8.2-36.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libapparmor1-32bit-2.8.2-36.1 libapparmor1-debuginfo-32bit-2.8.2-36.1 pam_apparmor-32bit-2.8.2-36.1 pam_apparmor-debuginfo-32bit-2.8.2-36.1 - SUSE Linux Enterprise Server 12 (noarch): apparmor-docs-2.8.2-36.1 apparmor-profiles-2.8.2-36.1 apparmor-utils-2.8.2-36.1 References: https://bugzilla.suse.com/911118 https://bugzilla.suse.com/921098 https://bugzilla.suse.com/940749 From sle-updates at lists.suse.com Fri Sep 4 08:09:24 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 16:09:24 +0200 (CEST) Subject: SUSE-RU-2015:1495-1: moderate: Recommended update for xemacs, xemacs-packages Message-ID: <20150904140924.E43DE320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for xemacs, xemacs-packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1495-1 Rating: moderate References: #857207 #902003 #905625 #924490 #930170 #932321 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for xemacs and xemacs-packages provides the following fixes: - Set progress-feedback-use-echo-area to true to allow some modes like C-mode and TeX-mode to write messages. (bsc#905625, bsc#902003, bsc#924490) - Fix a segmentation fault when syntax highlighting is enabled. (bsc#930170) - Fix auto-completion with tramp-ssh connections. (bsc#857207) - Add a patch to be able to apply any custom font/face change at startup. (bsc#932321) - Modify patch xemacs.patch to make open(2) work with O_CREAT. - Avoid error on not existing custom.el. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-491=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-491=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): xemacs-21.5.34-11.6 xemacs-debuginfo-21.5.34-11.6 xemacs-debugsource-21.5.34-11.6 - SUSE Linux Enterprise Workstation Extension 12 (noarch): xemacs-info-21.5.34-11.6 xemacs-packages-20130822-6.38 xemacs-packages-info-20130822-6.38 - SUSE Linux Enterprise Desktop 12 (x86_64): xemacs-21.5.34-11.6 xemacs-debuginfo-21.5.34-11.6 xemacs-debugsource-21.5.34-11.6 - SUSE Linux Enterprise Desktop 12 (noarch): xemacs-info-21.5.34-11.6 xemacs-packages-20130822-6.38 xemacs-packages-info-20130822-6.38 References: https://bugzilla.suse.com/857207 https://bugzilla.suse.com/902003 https://bugzilla.suse.com/905625 https://bugzilla.suse.com/924490 https://bugzilla.suse.com/930170 https://bugzilla.suse.com/932321 From sle-updates at lists.suse.com Fri Sep 4 08:10:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 16:10:53 +0200 (CEST) Subject: SUSE-RU-2015:1494-2: Recommended update for AppArmor Message-ID: <20150904141053.36817320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for AppArmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1494-2 Rating: low References: #911118 #921098 #940749 Affected Products: SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for AppArmor provides the following fixes: - Add support for newer versions of Samba. (bsc#921098) - Add more directories needed by nscd(8) to the nameservice abstraction settings. (bsc#911118) - Adjust dnsmasq profile to allow running libvirt leases helper script. (bsc#940749) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-490=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 12 (x86_64): apparmor-debugsource-2.8.2-36.1 apparmor-parser-2.8.2-36.1 apparmor-parser-debuginfo-2.8.2-36.1 libapparmor1-2.8.2-36.1 libapparmor1-32bit-2.8.2-36.1 libapparmor1-debuginfo-2.8.2-36.1 libapparmor1-debuginfo-32bit-2.8.2-36.1 pam_apparmor-2.8.2-36.1 pam_apparmor-32bit-2.8.2-36.1 pam_apparmor-debuginfo-2.8.2-36.1 pam_apparmor-debuginfo-32bit-2.8.2-36.1 perl-apparmor-2.8.2-36.1 perl-apparmor-debuginfo-2.8.2-36.1 - SUSE Linux Enterprise Desktop 12 (noarch): apparmor-docs-2.8.2-36.1 apparmor-profiles-2.8.2-36.1 apparmor-utils-2.8.2-36.1 References: https://bugzilla.suse.com/911118 https://bugzilla.suse.com/921098 https://bugzilla.suse.com/940749 From sle-updates at lists.suse.com Fri Sep 4 10:09:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 18:09:46 +0200 (CEST) Subject: SUSE-SU-2015:1496-1: important: Security update for bind Message-ID: <20150904160946.088C3320F6@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1496-1 Rating: important References: #944066 Cross-References: CVE-2015-5722 Affected Products: SUSE Linux Enterprise Server 11-SP1-LTSS SUSE Linux Enterprise Debuginfo 11-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The nameserver bind was updated to fix a remote denial of service (crash) attack against bind nameservers doing validation on DNSSEC signed records. (CVE-2015-5722, bsc#944066). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP1-LTSS: zypper in -t patch slessp1-bind-12070=1 - SUSE Linux Enterprise Debuginfo 11-SP1: zypper in -t patch dbgsp1-bind-12070=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 s390x x86_64): bind-9.6ESVR11W1-0.9.1 bind-chrootenv-9.6ESVR11W1-0.9.1 bind-devel-9.6ESVR11W1-0.9.1 bind-doc-9.6ESVR11W1-0.9.1 bind-libs-9.6ESVR11W1-0.9.1 bind-utils-9.6ESVR11W1-0.9.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (s390x x86_64): bind-libs-32bit-9.6ESVR11W1-0.9.1 - SUSE Linux Enterprise Debuginfo 11-SP1 (i586 s390x x86_64): bind-debuginfo-9.6ESVR11W1-0.9.1 bind-debugsource-9.6ESVR11W1-0.9.1 References: https://www.suse.com/security/cve/CVE-2015-5722.html https://bugzilla.suse.com/944066 From sle-updates at lists.suse.com Fri Sep 4 11:09:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 19:09:45 +0200 (CEST) Subject: SUSE-RU-2015:1497-1: Recommended update for SUSE_SLES_SAP-SP4-migration, SUSE_SLES_SAP-release, SUSE_SLES_SAP-release-DVD, sles-release and sles-release-DVD Message-ID: <20150904170945.B8345320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE_SLES_SAP-SP4-migration, SUSE_SLES_SAP-release, SUSE_SLES_SAP-release-DVD, sles-release and sles-release-DVD ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1497-1 Rating: low References: #938211 Affected Products: SLES for SAP Applications ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update prepares the system for a System Upgrade to SUSE Linux Enterprise Server for SAP Applications 11 SP4. Please follow the technical instruction document for the information on how to upgrade systems that are based on SUSE Linux Enterprise Server 11 SP4: http://www.novell.com/support/documentLink.do?externalID=7016711 Please have a look for more Information and Resources about SUSE Linux Enterprise Server 11 SP4 here: http://www.suse.com/promo/sle11sp4.html Indications: Enablement of Upgrade to SLES for SAP 11-SP4 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SLES for SAP Applications: zypper in -t patch slesappsp3-SLES-SAP-SP4-Migration=10850 To bring your system up-to-date, use "zypper patch". Package List: - SLES for SAP Applications (x86_64): SUSE_SLES_SAP-SP4-migration-11.3-1.18 SUSE_SLES_SAP-release-11.3-1.18 SUSE_SLES_SAP-release-DVD-11.3-1.18 References: https://bugzilla.suse.com/938211 https://download.suse.com/patch/finder/?keywords=6b8b0e5c033baf6e57e7930e826b3159 From sle-updates at lists.suse.com Fri Sep 4 12:09:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2015 20:09:43 +0200 (CEST) Subject: SUSE-RU-2015:1498-1: moderate: Recommended update for gnome-shell, gnome-shell-extensions Message-ID: <20150904180943.09C7B320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell, gnome-shell-extensions ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1498-1 Rating: moderate References: #898359 #913204 #926800 #933183 #933768 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for gnome-shell and its extensions provides the following fixes: - Fix a leaked signals issue which could cause login screen hangs after three failed authentication attempts. (bsc#933768) - Fix an image caching issue which prevented the wallpaper from being refreshed after replacing the image file. (bsc#926800) - Minimized Window does not open when you have application tab opened. (bsc#913204) - Fix multiple issues related to windows grouping in SLE Classic. (bsc#933183) - Do not display the network selection dialog in front of locked screen. (bsc#898359) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-493=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-493=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-493=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-493=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): gnome-shell-calendar-3.10.4-40.1 gnome-shell-calendar-debuginfo-3.10.4-40.1 gnome-shell-debuginfo-3.10.4-40.1 gnome-shell-debugsource-3.10.4-40.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gnome-shell-debuginfo-3.10.4-40.1 gnome-shell-debugsource-3.10.4-40.1 gnome-shell-devel-3.10.4-40.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnome-shell-3.10.4-40.1 gnome-shell-browser-plugin-3.10.4-40.1 gnome-shell-browser-plugin-debuginfo-3.10.4-40.1 gnome-shell-debuginfo-3.10.4-40.1 gnome-shell-debugsource-3.10.4-40.1 - SUSE Linux Enterprise Server 12 (noarch): gnome-shell-classic-3.10.1-24.4.1 gnome-shell-extensions-common-3.10.1-24.4.1 gnome-shell-extensions-common-lang-3.10.1-24.4.1 gnome-shell-lang-3.10.4-40.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gnome-shell-3.10.4-40.1 gnome-shell-browser-plugin-3.10.4-40.1 gnome-shell-browser-plugin-debuginfo-3.10.4-40.1 gnome-shell-calendar-3.10.4-40.1 gnome-shell-calendar-debuginfo-3.10.4-40.1 gnome-shell-debuginfo-3.10.4-40.1 gnome-shell-debugsource-3.10.4-40.1 - SUSE Linux Enterprise Desktop 12 (noarch): gnome-shell-classic-3.10.1-24.4.1 gnome-shell-extensions-common-3.10.1-24.4.1 gnome-shell-extensions-common-lang-3.10.1-24.4.1 gnome-shell-lang-3.10.4-40.1 References: https://bugzilla.suse.com/898359 https://bugzilla.suse.com/913204 https://bugzilla.suse.com/926800 https://bugzilla.suse.com/933183 https://bugzilla.suse.com/933768 From sle-updates at lists.suse.com Mon Sep 7 06:09:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2015 14:09:38 +0200 (CEST) Subject: SUSE-SU-2015:1504-1: important: Security update for MozillaFirefox Message-ID: <20150907120938.D3CEC320F6@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1504-1 Rating: important References: #943557 #943558 #943608 Cross-References: CVE-2015-4497 CVE-2015-4498 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Server 11-SP1-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 SUSE Linux Enterprise Debuginfo 11-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: Mozilla Firefox was updated to 38.2.1 ESR, fixing two severe security bugs. (bsc#943608) * MFSA 2015-94/CVE-2015-4497 (bsc#943557): Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bsc#943558): Add-on notification bypass through data URLs Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-firefox-20150831-12071=1 - SUSE Linux Enterprise Server 11-SP1-LTSS: zypper in -t patch slessp1-firefox-20150831-12071=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-firefox-20150831-12071=1 - SUSE Linux Enterprise Debuginfo 11-SP1: zypper in -t patch dbgsp1-firefox-20150831-12071=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-38.2.1esr-17.1 MozillaFirefox-translations-38.2.1esr-17.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 s390x x86_64): MozillaFirefox-38.2.1esr-17.1 MozillaFirefox-translations-38.2.1esr-17.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-38.2.1esr-17.1 MozillaFirefox-debugsource-38.2.1esr-17.1 - SUSE Linux Enterprise Debuginfo 11-SP1 (i586 s390x x86_64): MozillaFirefox-debuginfo-38.2.1esr-17.1 MozillaFirefox-debugsource-38.2.1esr-17.1 References: https://www.suse.com/security/cve/CVE-2015-4497.html https://www.suse.com/security/cve/CVE-2015-4498.html https://bugzilla.suse.com/943557 https://bugzilla.suse.com/943558 https://bugzilla.suse.com/943608 From sle-updates at lists.suse.com Mon Sep 7 09:09:30 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2015 17:09:30 +0200 (CEST) Subject: SUSE-RU-2015:1505-1: Recommended update for osc Message-ID: <20150907150930.090D4320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for osc ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1505-1 Rating: low References: #936939 Affected Products: SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The command-line client for the Open Build Service "osc" was updated to version 0.152.0, which brings the following fixes and enhancements: - Support searching for groups via "group:" prefix. - Show possible used incident projects on "maintained" command. - Support buildtime source services (OBS 2.7). - Support maintenance_incident requests with acceptinfo data (OBS 2.7). - Support maintenance_release requests with acceptinfo data (OBS 2.7). - Recommend sudo (needed for "osc build"). - Improved error logging. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-495=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (noarch): osc-0.152.0-11.1 References: https://bugzilla.suse.com/936939 From sle-updates at lists.suse.com Tue Sep 8 02:09:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2015 10:09:28 +0200 (CEST) Subject: SUSE-RU-2015:1507-1: Recommended update for ses-manual_en Message-ID: <20150908080929.00A10320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1507-1 Rating: low References: #935080 Affected Products: SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest revision of the documentation for SUSE Enterprise Storage 1.0. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-496=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 1.0 (noarch): ses-admin_en-pdf-1-5.19 ses-manual_en-1-5.19 References: https://bugzilla.suse.com/935080 From sle-updates at lists.suse.com Tue Sep 8 05:09:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2015 13:09:35 +0200 (CEST) Subject: SUSE-RU-2015:1508-1: Recommended update for mailx Message-ID: <20150908110935.B2D79320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for mailx ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1508-1 Rating: low References: #922543 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mailx provides the following fixes: - Allow Form Feed as valid characters within mail messages. (bsc#922543) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-498=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): mailx-12.5-25.15 mailx-debuginfo-12.5-25.15 mailx-debugsource-12.5-25.15 References: https://bugzilla.suse.com/922543 From sle-updates at lists.suse.com Tue Sep 8 05:10:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2015 13:10:00 +0200 (CEST) Subject: SUSE-SU-2015:1509-1: important: Security update for java-1_6_0-ibm Message-ID: <20150908111001.0B3B3320F2@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1509-1 Rating: important References: #935540 #936844 #938895 #941939 Cross-References: CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Server 11-SP1-LTSS ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: IBM Java was updated to version 6 SR16 FP7 (6.0-16.7) to fix several security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-1931: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. * CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2601: Easily exploitable vulnerability in the JCE component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2621: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2625: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2632: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2637: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized read access to a subset of Java accessible data. * CVE-2015-2638: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2664: Difficult to exploit vulnerability in the Deployment component requiring logon to Operating System. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-2808: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java accessible data. * CVE-2015-4000: Very difficult to exploit vulnerability in the JSSE component allowed successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability could have resulted in unauthorized update, insert or delete access to some Java accessible data as well as read access to a subset of Java Embedded accessible data. (bnc#935540) * CVE-2015-4731: Easily exploitable vulnerability in the JMX component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4732: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4733: Easily exploitable vulnerability in the RMI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4748: Very difficult to exploit vulnerability in the Security component allowed successful unauthenticated network attacks via OCSP. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. * CVE-2015-4749: Difficult to exploit vulnerability in the JNDI component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized ability to cause a partial denial of service (partial DOS). * CVE-2015-4760: Easily exploitable vulnerability in the 2D component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability could have resulted in unauthorized Operating System takeover including arbitrary code execution. The following non-security bugs were fixed: * bsc#936844: misconfigured update-alternative entries * bsc#941939: provide %{name} instead of %{sdklnk} only in _jvmprivdir Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-java-1_6_0-ibm-12072=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-java-1_6_0-ibm-12072=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-java-1_6_0-ibm-12072=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-12072=1 - SUSE Linux Enterprise Server 11-SP1-LTSS: zypper in -t patch slessp1-java-1_6_0-ibm-12072=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-devel-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr16.7-10.1 java-1_6_0-ibm-fonts-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): java-1_6_0-ibm-1.6.0_sr16.7-10.1 java-1_6_0-ibm-fonts-1.6.0_sr16.7-10.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.7-10.1 java-1_6_0-ibm-plugin-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ppc64 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.7-10.1 java-1_6_0-ibm-fonts-1.6.0_sr16.7-10.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Server 11-SP3 (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Server 11-SP3 (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.7-10.1 java-1_6_0-ibm-devel-1.6.0_sr16.7-10.1 java-1_6_0-ibm-fonts-1.6.0_sr16.7-10.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.7-10.1 java-1_6_0-ibm-fonts-1.6.0_sr16.7-10.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.7-10.1 - SUSE Linux Enterprise Server 11-SP1-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.7-10.1 References: https://www.suse.com/security/cve/CVE-2015-1931.html https://www.suse.com/security/cve/CVE-2015-2590.html https://www.suse.com/security/cve/CVE-2015-2601.html https://www.suse.com/security/cve/CVE-2015-2621.html https://www.suse.com/security/cve/CVE-2015-2625.html https://www.suse.com/security/cve/CVE-2015-2632.html https://www.suse.com/security/cve/CVE-2015-2637.html https://www.suse.com/security/cve/CVE-2015-2638.html https://www.suse.com/security/cve/CVE-2015-2664.html https://www.suse.com/security/cve/CVE-2015-2808.html https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-4731.html https://www.suse.com/security/cve/CVE-2015-4732.html https://www.suse.com/security/cve/CVE-2015-4733.html https://www.suse.com/security/cve/CVE-2015-4748.html https://www.suse.com/security/cve/CVE-2015-4749.html https://www.suse.com/security/cve/CVE-2015-4760.html https://bugzilla.suse.com/935540 https://bugzilla.suse.com/936844 https://bugzilla.suse.com/938895 https://bugzilla.suse.com/941939 From sle-updates at lists.suse.com Tue Sep 8 06:09:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2015 14:09:41 +0200 (CEST) Subject: SUSE-SU-2015:1510-1: moderate: Security update for zeromq Message-ID: <20150908120941.5B788320F6@maintenance.suse.de> SUSE Security Update: Security update for zeromq ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1510-1 Rating: moderate References: #912460 #931978 Cross-References: CVE-2014-9721 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: zeromq was updated to fix one security issue and one non-security bug. The following vulnerability was fixed: * CVE-2014-9721: zeromq protocol downgrade attack on sockets using the ZMTP v3 protocol (boo#931978) The following bug was fixed: * boo#912460: avoid curve test to hang for ppc ppc64 ppc64le architectures Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-499=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-499=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-499=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-499=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libzmq3-4.0.4-13.1 libzmq3-debuginfo-4.0.4-13.1 zeromq-debugsource-4.0.4-13.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libzmq3-4.0.4-13.1 libzmq3-debuginfo-4.0.4-13.1 zeromq-debugsource-4.0.4-13.1 zeromq-devel-4.0.4-13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libzmq3-4.0.4-13.1 libzmq3-debuginfo-4.0.4-13.1 zeromq-debugsource-4.0.4-13.1 - SUSE Enterprise Storage 1.0 (x86_64): libzmq3-4.0.4-13.1 libzmq3-debuginfo-4.0.4-13.1 zeromq-debugsource-4.0.4-13.1 References: https://www.suse.com/security/cve/CVE-2014-9721.html https://bugzilla.suse.com/912460 https://bugzilla.suse.com/931978 From sle-updates at lists.suse.com Tue Sep 8 06:10:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2015 14:10:11 +0200 (CEST) Subject: SUSE-RU-2015:1508-2: Recommended update for mailx Message-ID: <20150908121011.76A11320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for mailx ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1508-2 Rating: low References: #922543 Affected Products: SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mailx provides the following fixes: - Allow Form Feed as valid characters within mail messages. (bsc#922543) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-498=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 12 (x86_64): mailx-12.5-25.15 mailx-debuginfo-12.5-25.15 mailx-debugsource-12.5-25.15 References: https://bugzilla.suse.com/922543 From sle-updates at lists.suse.com Tue Sep 8 09:09:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2015 17:09:42 +0200 (CEST) Subject: SUSE-SU-2015:1511-1: moderate: Security update for libgcrypt Message-ID: <20150908150942.96BE8320F6@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1511-1 Rating: moderate References: #920057 #938343 Cross-References: CVE-2015-0837 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the following issues: Security: * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] (bsc#920057) Bugfixes: * don't drop privileges when locking secure memory (bsc#938343) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-500=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-500=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-500=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.1 libgcrypt-devel-1.6.1-16.1 libgcrypt-devel-debuginfo-1.6.1-16.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.1 libgcrypt20-1.6.1-16.1 libgcrypt20-debuginfo-1.6.1-16.1 libgcrypt20-hmac-1.6.1-16.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgcrypt20-32bit-1.6.1-16.1 libgcrypt20-debuginfo-32bit-1.6.1-16.1 libgcrypt20-hmac-32bit-1.6.1-16.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libgcrypt-debugsource-1.6.1-16.1 libgcrypt20-1.6.1-16.1 libgcrypt20-32bit-1.6.1-16.1 libgcrypt20-debuginfo-1.6.1-16.1 libgcrypt20-debuginfo-32bit-1.6.1-16.1 References: https://www.suse.com/security/cve/CVE-2015-0837.html https://bugzilla.suse.com/920057 https://bugzilla.suse.com/938343 From sle-updates at lists.suse.com Tue Sep 8 10:09:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2015 18:09:40 +0200 (CEST) Subject: SUSE-RU-2015:1512-1: Recommended update for shadow Message-ID: <20150908160940.2696E320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for shadow ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1512-1 Rating: low References: #899409 #935203 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for shadow provides the following fixes: - Add package dependency for aaa_base. (bsc#899409) - Document in the man page that some settings from /etc/login.defs are not evaluated if PAM is used. (bsc#935203) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-503=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-503=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): shadow-4.1.5.1-17.3 shadow-debuginfo-4.1.5.1-17.3 shadow-debugsource-4.1.5.1-17.3 - SUSE Linux Enterprise Desktop 12 (x86_64): shadow-4.1.5.1-17.3 shadow-debuginfo-4.1.5.1-17.3 shadow-debugsource-4.1.5.1-17.3 References: https://bugzilla.suse.com/899409 https://bugzilla.suse.com/935203 From sle-updates at lists.suse.com Tue Sep 8 10:10:13 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2015 18:10:13 +0200 (CEST) Subject: SUSE-SU-2015:1513-1: Security update for tidy Message-ID: <20150908161013.AF015320F6@maintenance.suse.de> SUSE Security Update: Security update for tidy ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1513-1 Rating: low References: #903962 #933588 Cross-References: CVE-2015-5522 CVE-2015-5523 Affected Products: SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities could allow remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. (CVE-2015-5522, CVE-2015-5523) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-501=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libtidy-0_99-0-1.0.20100204cvs-25.3 libtidy-0_99-0-debuginfo-1.0.20100204cvs-25.3 libtidy-0_99-0-devel-1.0.20100204cvs-25.3 tidy-1.0.20100204cvs-25.3 tidy-debuginfo-1.0.20100204cvs-25.3 tidy-debugsource-1.0.20100204cvs-25.3 References: https://www.suse.com/security/cve/CVE-2015-5522.html https://www.suse.com/security/cve/CVE-2015-5523.html https://bugzilla.suse.com/903962 https://bugzilla.suse.com/933588 From sle-updates at lists.suse.com Wed Sep 9 03:09:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2015 11:09:48 +0200 (CEST) Subject: SUSE-RU-2015:1514-1: Recommended update for crowbar-barclamp-database, -pacemaker and -rabbitmq Message-ID: <20150909090948.4876F320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-database, -pacemaker and -rabbitmq ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1514-1 Rating: low References: #922751 #925476 #927469 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crowbar-barclamp-database, -pacemaker and -rabbitmq provides the following stability fixes and improvements from the upstream OpenStack project. - crowbar-barclamp-pacemaker: + Add attribute to set DNS name for haproxy admin IP address (bsc#927469) + Test with $ in password (bsc#922751) + Avoid shell expansion during crm configure (bsc#922751) + Avoid shell expansion during crm_resource update (bsc#922751) + lvm: Compare real paths when checking for physical volumes (bsc#925476) + Change jazz_hands to jazz_fingers + Fix guard options for new guard version + Force output of "crm configure show" to not use colors + Fix and expand comments in sync_mark LWRP - crowbar-barclamp-database: + Update template for /etc/sysconfig/postgresql with latest version + allow VIP and filesystem to start in parallel + ensure VIP is started before postgresql service Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-database-pacemaker-rabbitmq-201507-12073=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-database-1.9+git.1432726691.02b9987-9.1 crowbar-barclamp-pacemaker-1.9+git.1431428382.97486dc-9.1 crowbar-barclamp-rabbitmq-1.9+git.1431343083.d943f1f-9.1 References: https://bugzilla.suse.com/922751 https://bugzilla.suse.com/925476 https://bugzilla.suse.com/927469 From sle-updates at lists.suse.com Wed Sep 9 03:10:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2015 11:10:41 +0200 (CEST) Subject: SUSE-SU-2015:1515-1: Security update for openstack and python-oslo.utils Message-ID: <20150909091041.329EC320F6@maintenance.suse.de> SUSE Security Update: Security update for openstack and python-oslo.utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1515-1 Rating: low References: #918784 #920573 #926596 #928718 #930574 #931204 #935892 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update provides the following fixes provided from the upstream OpenStack-project: - openstack-suse: + do not copy upstream python requirements to the package, we rely on Requires; upstream requirements.txt introduce version caps which we do not follow (bnc#920573) - openstack-sahara: + Fix getting heat stack in Sahara + Fixed scaling with new node group with auto sg + Open all ports for private network for auto SG + Fix for getting auth url for hadoop-swift + Fixed auto security group cleanup in case of creation error + Add list of open ports for Cloudera plugin + Add missed files for migrations in MANIFEST.in + Include launch_command.py in MANIFEST.in + Fix requires - openstack-keystone: + Updated hybrid backend to include fix for bsc#935892 + Deal with PEP-0476 certificate chaining checking + Backport fixes for v3 API sample policy file (lp#1381809 and lp#1392155). + Install v3 sample policy into the doc directory + Update hybrid backend to include latest fixes for v3 protocol (bsc#928718) + backend_argument should be marked secret + Work with pymongo 3.0 + Speed up memcache lock + Fix up _ldap_res_to_model for ldap identity backend + Don't try to convert LDAP attributes to boolean + Fix the wrong update logic of catalog kvs driver + Do parameter check before updating endpoint_group + Correct initialization order for logging to use eventlet locks + Fix the syntax issue on creating table `endpoint_group` - openstack-heat: + Add env storing for loaded environments + Fix block_device_mapping property validation when using get_attr + Add default_client_name in Nova::FloatingIPAssoc + Fix cloud-init Python syntax for Python < 2.6 + Allow lists and strings for Json parameters via provider resources + RandomString physical_resource_id as id not the string + Authenticate the domain user with id instead of username + Tell stevedore not to force verify requirements + Use properties.data when testing for "provided by the user" + Ship /usr/lib/heat directory in openstack-heat-engine subpackage, since that's where plugin are loaded from. + Create openstack-heat-plugin-heat_docker subpackage to ship the heat_docker plugin. + Fix update on failed stack + Enable https for keystone while creating stack user + Change the engine-listener topic + Just to delete the stack when adopt rollback + Release stack lock when successfully acquire + Add dependency on Router External Gateway property + Use only FIP dependencies from graph + Add dependency hidden on router_interface + Update heat.conf.sample + Upgrade requirements for kombu and greenlet to Juno versions (bnc#920573) + Stop patching oslo.messaging private bits - openstack-glance: + Eventlet green threads not released back to pool + Replace assert statements with proper control-flow + Fix intermittent unit test failures + Initiate deletion of image files if the import was interrupted to prevent denial of service (bnc#918784, CVE-2014-9684) - openstack-cinder: + Remove nonexistent LIO terminate_connection call + Disallow backing files when uploading volumes to image + LVM: Pass volume size in MiB to copy_volume() during volume migration + Remove iscsi_helper calls from base iscsi driver + Fix exceptions logging in iSCSI targets + Delete the temporary volume if migration fails + Get the 'consumer' in a correct way for retyping with qos-specs + Fix re-export of iscsi volume when using lioadm + Revert "Add support for customized cluster name" + Failed to discovery when iscsi multipath and CHAP both enabled + Add support for customized cluster name + Only use operational LIFs for iscsi target details + Clear migration_status from a destination volume if migration fails + Deal with PEP-0476 certificate chaining checking - openstack-ceilometer: + Ensure unique list of consumers created + Add bandwidth to measurements + Rely on VM UUID to fetch metrics in libvirt + Retry to connect database when DB2 or mongodb is restarted + Use alarm's evaluation periods in sufficient test + [MongoDB] Fix bug with reconnection to new master node + Fix the value of query_spec.maxSample to advoid to be zero + Fix issue when ceilometer-expirer is called from the wrong user via cronjob and the resulting logs end up having wrong ownership. See also bsc#930574 + Metering data ttl sql backend breaks resource metadata + Stop mocking os.path in test_setup_events_default_config + Move the cron job to collector package (bnc#926596) + Catch exception when evaluate single alarm - python-oslo.utils: + Update to version 1.4.0 * Add a stopwatch + split for duration(s) * Allow providing a logger to save_and_reraise_exception * Utility API to generate EUI-64 IPv6 address * Add a eventlet utils helper module * Add microsecond support to iso8601_from_timestamp * Update Oslo imports to remove namespace package * Add TimeFixture * Add microsecond support to timeutils.utcnow_ts() - python-oslo.i18n: + Update to version 1.3.1 * Remove deprecation warning (bnc#931204) * Correct the translation domain for loading messages * Workflow documentation is now in infra-manual * Imported Translations from Transifex * Activate pep8 check that _ is imported * Make clear in docs to use _LE() when using LOG.exception() * Support building wheels (PEP-427) - python-six: + Update to version 1.9.0 * Support the `flush` parameter to `six.print_`. * Add the `python_2_unicode_compatible` decorator. * Ensure `six.wraps` respects the *updated* and *assigned* arguments. * Fix `six.moves` race condition in multi-threaded code. * Add `six.view(keys|values|itmes)`, which provide dictionary views on Python 2.7+. * Fix add_metaclass when the class has __slots__ containing "__weakref__" or "__dict__". * Always accept *updated* and *assigned* arguments for wraps(). * Fix import six on Python 3.4 with a custom loader. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openstack-201507-12074=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): openstack-ceilometer-2014.2.4.dev18-9.7 openstack-ceilometer-agent-central-2014.2.4.dev18-9.7 openstack-ceilometer-agent-compute-2014.2.4.dev18-9.7 openstack-ceilometer-agent-ipmi-2014.2.4.dev18-9.7 openstack-ceilometer-agent-notification-2014.2.4.dev18-9.7 openstack-ceilometer-alarm-evaluator-2014.2.4.dev18-9.7 openstack-ceilometer-alarm-notifier-2014.2.4.dev18-9.7 openstack-ceilometer-api-2014.2.4.dev18-9.7 openstack-ceilometer-collector-2014.2.4.dev18-9.7 openstack-cinder-2014.2.4.dev19-9.7 openstack-cinder-api-2014.2.4.dev19-9.7 openstack-cinder-backup-2014.2.4.dev19-9.7 openstack-cinder-scheduler-2014.2.4.dev19-9.7 openstack-cinder-volume-2014.2.4.dev19-9.7 openstack-glance-2014.2.4.dev5-9.5 openstack-heat-2014.2.4.dev13-9.6 openstack-heat-api-2014.2.4.dev13-9.6 openstack-heat-api-cfn-2014.2.4.dev13-9.6 openstack-heat-api-cloudwatch-2014.2.4.dev13-9.6 openstack-heat-engine-2014.2.4.dev13-9.6 openstack-keystone-2014.2.4.dev5-11.8 openstack-sahara-2014.2.4.dev3-9.5 openstack-sahara-api-2014.2.4.dev3-9.5 openstack-sahara-engine-2014.2.4.dev3-9.5 python-ceilometer-2014.2.4.dev18-9.7 python-cinder-2014.2.4.dev19-9.7 python-glance-2014.2.4.dev5-9.5 python-heat-2014.2.4.dev13-9.6 python-keystone-2014.2.4.dev5-11.8 python-oslo.i18n-1.3.1-9.6 python-oslo.utils-1.4.0-14.2 python-oslotest-1.2.0-2.5 python-sahara-2014.2.4.dev3-9.5 python-six-1.9.0-9.2 - SUSE OpenStack Cloud 5 (noarch): openstack-ceilometer-doc-2014.2.4.dev18-9.11 openstack-cinder-doc-2014.2.4.dev19-9.12 openstack-glance-doc-2014.2.4.dev5-9.7 openstack-heat-doc-2014.2.4.dev13-9.8 openstack-keystone-doc-2014.2.4.dev5-11.12 openstack-sahara-doc-2014.2.4.dev3-9.5 openstack-suse-sudo-2014.2-9.2 References: https://bugzilla.suse.com/918784 https://bugzilla.suse.com/920573 https://bugzilla.suse.com/926596 https://bugzilla.suse.com/928718 https://bugzilla.suse.com/930574 https://bugzilla.suse.com/931204 https://bugzilla.suse.com/935892 From sle-updates at lists.suse.com Wed Sep 9 10:09:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2015 18:09:59 +0200 (CEST) Subject: SUSE-RU-2015:1516-1: moderate: Recommended update for SAPHanaSR Message-ID: <20150909160959.268C2320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1516-1 Rating: moderate References: #919925 #935755 #936387 #939039 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update provides SAPHanaSR version 0.151, which includes fixes for the following issues: - SAPHanaSR fails to detect remote site name if site names are substring of an other remote site name like SLE and SLEDR. (bsc#939039) - SAPHanaSR together with DAA-SAP-Instance does not work as expected. (bsc#935755) - SAPHanaSR fails to work with multi tenant databases. (bsc#936387) - Leaving Node Maintenance stops HANA Resource Agent. (bsc#919925) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-SAPHanaSR-12078=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (noarch): SAPHanaSR-0.151-0.15.2 SAPHanaSR-doc-0.151-0.15.2 References: https://bugzilla.suse.com/919925 https://bugzilla.suse.com/935755 https://bugzilla.suse.com/936387 https://bugzilla.suse.com/939039 From sle-updates at lists.suse.com Wed Sep 9 10:11:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2015 18:11:01 +0200 (CEST) Subject: SUSE-RU-2015:1517-1: moderate: Recommended update for open-iscsi Message-ID: <20150909161101.99D55320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1517-1 Rating: moderate References: #869278 #923002 #939923 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for open-iscsi provides the following fixes: - Support IB/iSER discovery. (bsc#923002) - Allow non-tcp transport for discovery daemon. (bsc#939923) - Added iscsi_fw_login helper script and new udev rule to call script when iBFT/iscsi boot targets added. (bsc#869278) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-open-iscsi-12075=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-open-iscsi-12075=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-open-iscsi-12075=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-open-iscsi-12075=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): open-iscsi-2.0.873-0.34.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): open-iscsi-2.0.873-0.34.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): open-iscsi-2.0.873-0.34.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): open-iscsi-debuginfo-2.0.873-0.34.1 open-iscsi-debugsource-2.0.873-0.34.1 References: https://bugzilla.suse.com/869278 https://bugzilla.suse.com/923002 https://bugzilla.suse.com/939923 From sle-updates at lists.suse.com Wed Sep 9 10:12:32 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2015 18:12:32 +0200 (CEST) Subject: SUSE-SU-2015:1518-1: moderate: Security update for gnutls Message-ID: <20150909161232.D3312320F6@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1518-1 Rating: moderate References: #929414 #929690 #941794 Cross-References: CVE-2015-3622 CVE-2015-6251 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: gnutls was updated to fix several security vulnerabilities. - fix double free in certificate DN decoding (GNUTLS-SA-2015-3)(bsc#941794,CVE-2015-6251) - fix invalid read in octet string in bundled libtasn1 (bsc#929414,CVE-2015-3622) - fix ServerKeyExchange signature issue (GNUTLS-SA-2015-2)(bsc#929690) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-513=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-513=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-513=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gnutls-debuginfo-3.2.15-11.1 gnutls-debugsource-3.2.15-11.1 libgnutls-devel-3.2.15-11.1 libgnutls-openssl-devel-3.2.15-11.1 libgnutlsxx-devel-3.2.15-11.1 libgnutlsxx28-3.2.15-11.1 libgnutlsxx28-debuginfo-3.2.15-11.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnutls-3.2.15-11.1 gnutls-debuginfo-3.2.15-11.1 gnutls-debugsource-3.2.15-11.1 libgnutls-openssl27-3.2.15-11.1 libgnutls-openssl27-debuginfo-3.2.15-11.1 libgnutls28-3.2.15-11.1 libgnutls28-debuginfo-3.2.15-11.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgnutls28-32bit-3.2.15-11.1 libgnutls28-debuginfo-32bit-3.2.15-11.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gnutls-3.2.15-11.1 gnutls-debuginfo-3.2.15-11.1 gnutls-debugsource-3.2.15-11.1 libgnutls28-3.2.15-11.1 libgnutls28-32bit-3.2.15-11.1 libgnutls28-debuginfo-3.2.15-11.1 libgnutls28-debuginfo-32bit-3.2.15-11.1 References: https://www.suse.com/security/cve/CVE-2015-3622.html https://www.suse.com/security/cve/CVE-2015-6251.html https://bugzilla.suse.com/929414 https://bugzilla.suse.com/929690 https://bugzilla.suse.com/941794 From sle-updates at lists.suse.com Wed Sep 9 10:13:18 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2015 18:13:18 +0200 (CEST) Subject: SUSE-SU-2015:1519-1: important: Security update for qemu Message-ID: <20150909161318.B5968320F6@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1519-1 Rating: important References: #893892 #932267 #932770 Cross-References: CVE-2015-3209 CVE-2015-4037 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: qemu was updated to fix two security issues and augments one non-security bug fix. The following vulnerabilities were fixed: * CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape (XSA-135) (bsc#932770) * CVE-2015-4037: Avoid predictable directory name for smb config (bsc#932267) The fix for the following non-security bug was improved: * bsc#893892: Use improved upstream patch for display issue affecting installs of SLES 11 VMs on SLES 12 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-509=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-509=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): qemu-2.0.2-48.4.1 qemu-block-curl-2.0.2-48.4.1 qemu-block-curl-debuginfo-2.0.2-48.4.1 qemu-debugsource-2.0.2-48.4.1 qemu-guest-agent-2.0.2-48.4.1 qemu-guest-agent-debuginfo-2.0.2-48.4.1 qemu-lang-2.0.2-48.4.1 qemu-tools-2.0.2-48.4.1 qemu-tools-debuginfo-2.0.2-48.4.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): qemu-kvm-2.0.2-48.4.1 - SUSE Linux Enterprise Server 12 (ppc64le): qemu-ppc-2.0.2-48.4.1 qemu-ppc-debuginfo-2.0.2-48.4.1 - SUSE Linux Enterprise Server 12 (noarch): qemu-ipxe-1.0.0-48.4.1 qemu-seabios-1.7.4-48.4.1 qemu-sgabios-8-48.4.1 qemu-vgabios-1.7.4-48.4.1 - SUSE Linux Enterprise Server 12 (x86_64): qemu-block-rbd-2.0.2-48.4.1 qemu-block-rbd-debuginfo-2.0.2-48.4.1 qemu-x86-2.0.2-48.4.1 qemu-x86-debuginfo-2.0.2-48.4.1 - SUSE Linux Enterprise Server 12 (s390x): qemu-s390-2.0.2-48.4.1 qemu-s390-debuginfo-2.0.2-48.4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): qemu-2.0.2-48.4.1 qemu-block-curl-2.0.2-48.4.1 qemu-block-curl-debuginfo-2.0.2-48.4.1 qemu-debugsource-2.0.2-48.4.1 qemu-kvm-2.0.2-48.4.1 qemu-tools-2.0.2-48.4.1 qemu-tools-debuginfo-2.0.2-48.4.1 qemu-x86-2.0.2-48.4.1 qemu-x86-debuginfo-2.0.2-48.4.1 - SUSE Linux Enterprise Desktop 12 (noarch): qemu-ipxe-1.0.0-48.4.1 qemu-seabios-1.7.4-48.4.1 qemu-sgabios-8-48.4.1 qemu-vgabios-1.7.4-48.4.1 References: https://www.suse.com/security/cve/CVE-2015-3209.html https://www.suse.com/security/cve/CVE-2015-4037.html https://bugzilla.suse.com/893892 https://bugzilla.suse.com/932267 https://bugzilla.suse.com/932770 From sle-updates at lists.suse.com Wed Sep 9 10:14:13 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2015 18:14:13 +0200 (CEST) Subject: SUSE-RU-2015:1520-1: moderate: Recommended update for SAPHanaSR Message-ID: <20150909161413.7D72A320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1520-1 Rating: moderate References: #919925 #935755 #936387 #939039 Affected Products: SUSE Linux Enterprise Server for SAP 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update provides SAPHanaSR version 0.151, which includes fixes for the following issues: - SAPHanaSR fails to detect remote site name if site names are substring of an other remote site name like SLE and SLEDR. (bsc#939039) - SAPHanaSR together with DAA-SAP-Instance does not work as expected. (bsc#935755) - SAPHanaSR fails to work with multi tenant databases. (bsc#936387) - Leaving Node Maintenance stops HANA Resource Agent. (bsc#919925) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2015-512=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): SAPHanaSR-0.151-0.11.1 SAPHanaSR-doc-0.151-0.11.1 References: https://bugzilla.suse.com/919925 https://bugzilla.suse.com/935755 https://bugzilla.suse.com/936387 https://bugzilla.suse.com/939039 From sle-updates at lists.suse.com Wed Sep 9 10:15:15 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2015 18:15:15 +0200 (CEST) Subject: SUSE-RU-2015:1521-1: Recommended update for gnome-desktop Message-ID: <20150909161515.08211320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-desktop ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1521-1 Rating: low References: #896687 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds BenQ to the list of supported monitor vendors. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-508=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-508=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-508=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gnome-desktop-debugsource-3.10.2-4.16 libgnome-desktop-3-devel-3.10.2-4.16 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnome-desktop-debugsource-3.10.2-4.16 gnome-version-3.10.2-4.16 libgnome-desktop-3-8-3.10.2-4.16 libgnome-desktop-3-8-debuginfo-3.10.2-4.16 libgnome-desktop-3_0-common-3.10.2-4.16 libgnome-desktop-3_0-common-debuginfo-3.10.2-4.16 typelib-1_0-GnomeDesktop-3_0-3.10.2-4.16 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgnome-desktop-3-8-32bit-3.10.2-4.16 libgnome-desktop-3-8-debuginfo-32bit-3.10.2-4.16 - SUSE Linux Enterprise Server 12 (noarch): gnome-desktop-lang-3.10.2-4.16 - SUSE Linux Enterprise Desktop 12 (x86_64): gnome-desktop-debugsource-3.10.2-4.16 gnome-version-3.10.2-4.16 libgnome-desktop-3-8-3.10.2-4.16 libgnome-desktop-3-8-debuginfo-3.10.2-4.16 libgnome-desktop-3_0-common-3.10.2-4.16 libgnome-desktop-3_0-common-debuginfo-3.10.2-4.16 typelib-1_0-GnomeDesktop-3_0-3.10.2-4.16 - SUSE Linux Enterprise Desktop 12 (noarch): gnome-desktop-lang-3.10.2-4.16 References: https://bugzilla.suse.com/896687 From sle-updates at lists.suse.com Wed Sep 9 10:15:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2015 18:15:45 +0200 (CEST) Subject: SUSE-SU-2015:1522-1: moderate: Security update for rubygem-rack-1_4 Message-ID: <20150909161545.47AE2320F6@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rack-1_4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1522-1 Rating: moderate References: #934797 Cross-References: CVE-2015-3225 Affected Products: SUSE Webyast 1.3 SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: rubygem-rack-1_4 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service. (bsc#934797) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-rubygem-rack-1_4-12076=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-rubygem-rack-1_4-12076=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-rubygem-rack-1_4-12076=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-rubygem-rack-1_4-12076=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-rubygem-rack-1_4-12076=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): rubygem-rack-1_4-1.4.5-0.7.3 - SUSE Studio Onsite 1.3 (x86_64): rubygem-rack-1_4-1.4.5-0.7.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): rubygem-rack-1_4-1.4.5-0.7.3 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): rubygem-rack-1_4-1.4.5-0.7.3 - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-rack-1_4-1.4.5-0.7.3 References: https://www.suse.com/security/cve/CVE-2015-3225.html https://bugzilla.suse.com/934797 From sle-updates at lists.suse.com Wed Sep 9 10:16:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2015 18:16:11 +0200 (CEST) Subject: SUSE-RU-2015:1523-1: moderate: Recommended update for SAPHanaSR Message-ID: <20150909161611.B37A4320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1523-1 Rating: moderate References: #919925 #935755 #936387 #939039 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update provides SAPHanaSR version 0.151, which includes fixes for the following issues: - SAPHanaSR fails to detect remote site name if site names are substring of an other remote site name like SLE and SLEDR. (bsc#939039) - SAPHanaSR together with DAA-SAP-Instance does not work as expected. (bsc#935755) - SAPHanaSR fails to work with multi tenant databases. (bsc#936387) - Leaving Node Maintenance stops HANA Resource Agent. (bsc#919925) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP3: zypper in -t patch slesappsp3-SAPHanaSR-12077=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP3 (noarch): SAPHanaSR-0.151-0.11.2 SAPHanaSR-doc-0.151-0.11.2 References: https://bugzilla.suse.com/919925 https://bugzilla.suse.com/935755 https://bugzilla.suse.com/936387 https://bugzilla.suse.com/939039 From sle-updates at lists.suse.com Wed Sep 9 11:10:17 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2015 19:10:17 +0200 (CEST) Subject: SUSE-SU-2015:1524-1: moderate: Security update for net-snmp Message-ID: <20150909171017.04505320F6@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1524-1 Rating: moderate References: #853382 #935863 #940188 Cross-References: CVE-2015-5621 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: net-snmp was updated to fix one security vulnerability and several bugs. - fix a vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bnc#940188, CVE-2015-5621) - Add build requirement 'procps' to fix a net-snmp-config error. (bsc#935863) - add support for /dev/shm in snmp hostmib (bnc#853382, FATE#316893). - stop snmptrapd on package removal. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-net-snmp-12079=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-net-snmp-12079=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-net-snmp-12079=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-net-snmp-12079=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-net-snmp-12079=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-net-snmp-12079=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-net-snmp-12079=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-net-snmp-12079=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-net-snmp-12079=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): net-snmp-devel-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): net-snmp-devel-32bit-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): net-snmp-devel-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64): net-snmp-devel-32bit-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libsnmp15-5.4.2.1-8.12.24.1 net-snmp-5.4.2.1-8.12.24.1 perl-SNMP-5.4.2.1-8.12.24.1 snmp-mibs-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libsnmp15-5.4.2.1-8.12.24.1 net-snmp-5.4.2.1-8.12.24.1 perl-SNMP-5.4.2.1-8.12.24.1 snmp-mibs-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsnmp15-32bit-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsnmp15-x86-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libsnmp15-5.4.2.1-8.12.24.1 net-snmp-5.4.2.1-8.12.24.1 perl-SNMP-5.4.2.1-8.12.24.1 snmp-mibs-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libsnmp15-32bit-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libsnmp15-x86-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libsnmp15-5.4.2.1-8.12.24.1 net-snmp-5.4.2.1-8.12.24.1 perl-SNMP-5.4.2.1-8.12.24.1 snmp-mibs-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libsnmp15-5.4.2.1-8.12.24.1 net-snmp-5.4.2.1-8.12.24.1 perl-SNMP-5.4.2.1-8.12.24.1 snmp-mibs-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libsnmp15-32bit-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): net-snmp-debuginfo-5.4.2.1-8.12.24.1 net-snmp-debugsource-5.4.2.1-8.12.24.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): net-snmp-debuginfo-5.4.2.1-8.12.24.1 net-snmp-debugsource-5.4.2.1-8.12.24.1 References: https://www.suse.com/security/cve/CVE-2015-5621.html https://bugzilla.suse.com/853382 https://bugzilla.suse.com/935863 https://bugzilla.suse.com/940188 From sle-updates at lists.suse.com Thu Sep 10 05:10:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2015 13:10:00 +0200 (CEST) Subject: SUSE-SU-2015:1525-1: Security update for tidy Message-ID: <20150910111000.CFEE9320F2@maintenance.suse.de> SUSE Security Update: Security update for tidy ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1525-1 Rating: low References: #933588 Cross-References: CVE-2015-5522 CVE-2015-5523 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities could allow remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. (CVE-2015-5522, CVE-2015-5523) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tidy-12080=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-tidy-12080=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-tidy-12080=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-tidy-12080=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tidy-12080=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtidy-1.0-37.1 libtidy-devel-1.0-37.1 tidy-1.0-37.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libtidy-1.0-37.1 libtidy-devel-1.0-37.1 tidy-1.0-37.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libtidy-1.0-37.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libtidy-1.0-37.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tidy-debuginfo-1.0-37.1 tidy-debugsource-1.0-37.1 References: https://www.suse.com/security/cve/CVE-2015-5522.html https://www.suse.com/security/cve/CVE-2015-5523.html https://bugzilla.suse.com/933588 From sle-updates at lists.suse.com Thu Sep 10 05:10:29 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2015 13:10:29 +0200 (CEST) Subject: SUSE-SU-2015:1526-1: moderate: Security update for gnutls Message-ID: <20150910111029.8D172320F6@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1526-1 Rating: moderate References: #925499 #932026 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This security update of gnutls fixes the following issues: - use minimal padding for CBC, the default random length padding causes problems with some servers (bsc#925499) * added gnutls-use_minimal_cbc_padding.patch - use the default DH minimum for gnutls-cli instead of hardcoding 512 * CVE-2015-4000 (Logjam) (bsc#932026) * added gnutls-CVE-2015-4000-logjam-use_the_default_DH_min_for_cli.patch Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gnutls-12081=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-gnutls-12081=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-gnutls-12081=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gnutls-12081=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-gnutls-12081=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-gnutls-12081=1 - SUSE Linux Enterprise High Availability Extension 11-SP3: zypper in -t patch slehasp3-gnutls-12081=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-gnutls-12081=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-gnutls-12081=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gnutls-12081=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-gnutls-12081=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgnutls-devel-2.4.1-24.39.57.1 libgnutls-extra-devel-2.4.1-24.39.57.1 libgnutls-extra26-2.4.1-24.39.57.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libgnutls-devel-2.4.1-24.39.57.1 libgnutls-extra-devel-2.4.1-24.39.57.1 libgnutls-extra26-2.4.1-24.39.57.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): gnutls-2.4.1-24.39.57.1 libgnutls-extra26-2.4.1-24.39.57.1 libgnutls26-2.4.1-24.39.57.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libgnutls26-32bit-2.4.1-24.39.57.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gnutls-2.4.1-24.39.57.1 libgnutls-extra26-2.4.1-24.39.57.1 libgnutls26-2.4.1-24.39.57.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libgnutls26-32bit-2.4.1-24.39.57.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libgnutls26-x86-2.4.1-24.39.57.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): gnutls-2.4.1-24.39.57.1 libgnutls-extra26-2.4.1-24.39.57.1 libgnutls26-2.4.1-24.39.57.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libgnutls26-32bit-2.4.1-24.39.57.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libgnutls26-x86-2.4.1-24.39.57.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgnutls-extra26-2.4.1-24.39.57.1 - SUSE Linux Enterprise High Availability Extension 11-SP3 (i586 ia64 ppc64 s390x x86_64): libgnutls-extra26-2.4.1-24.39.57.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): gnutls-2.4.1-24.39.57.1 libgnutls26-2.4.1-24.39.57.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libgnutls26-32bit-2.4.1-24.39.57.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): gnutls-2.4.1-24.39.57.1 libgnutls26-2.4.1-24.39.57.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libgnutls26-32bit-2.4.1-24.39.57.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gnutls-debuginfo-2.4.1-24.39.57.1 gnutls-debugsource-2.4.1-24.39.57.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): gnutls-debuginfo-2.4.1-24.39.57.1 gnutls-debugsource-2.4.1-24.39.57.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/925499 https://bugzilla.suse.com/932026 From sle-updates at lists.suse.com Thu Sep 10 06:09:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2015 14:09:44 +0200 (CEST) Subject: SUSE-RU-2015:1527-1: Recommended update for release-notes-sled Message-ID: <20150910120944.07410320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1527-1 Rating: low References: #892974 #922880 #944193 Affected Products: SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides the latest version of the release notes for SUSE Linux Enterprise Desktop 11 SP3. - New: Update of PostgreSQL in SLES 11. (fate#319282) - New: Place New Windows Always on Top. (fate#317254) - New: Version update for tcsh. (fate#318340) - New: MOK List Manipulation Tools. (fate#314510) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-release-notes-sled-201508-12082=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP3 (noarch): release-notes-sled-11.3.29-0.11.1 References: https://bugzilla.suse.com/892974 https://bugzilla.suse.com/922880 https://bugzilla.suse.com/944193 From sle-updates at lists.suse.com Thu Sep 10 09:10:06 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2015 17:10:06 +0200 (CEST) Subject: SUSE-SU-2015:1528-1: important: Security update for MozillaFirefox, mozilla-nss Message-ID: <20150910151006.C7C13320F6@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1528-1 Rating: important References: #940806 Cross-References: CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed: - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-firefox38-20150820-12083=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-firefox38-20150820-12083=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-firefox38-20150820-12083=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-firefox38-20150820-12083=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-firefox38-20150820-12083=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-firefox38-20150820-12083=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-firefox38-20150820-12083=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-firefox38-20150820-12083=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-firefox38-20150820-12083=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.2.1esr-19.3 mozilla-nss-devel-3.19.2.0-0.16.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.2.1esr-19.3 mozilla-nss-devel-3.19.2.0-0.16.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): MozillaFirefox-38.2.1esr-19.3 MozillaFirefox-branding-SLES-for-VMware-31.0-0.7.5 MozillaFirefox-translations-38.2.1esr-19.3 libfreebl3-3.19.2.0-0.16.1 libsoftokn3-3.19.2.0-0.16.1 mozilla-nss-3.19.2.0-0.16.1 mozilla-nss-tools-3.19.2.0-0.16.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libfreebl3-32bit-3.19.2.0-0.16.1 libsoftokn3-32bit-3.19.2.0-0.16.1 mozilla-nss-32bit-3.19.2.0-0.16.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.2.1esr-19.3 MozillaFirefox-branding-SLED-31.0-0.12.51 MozillaFirefox-translations-38.2.1esr-19.3 libfreebl3-3.19.2.0-0.16.1 libsoftokn3-3.19.2.0-0.16.1 mozilla-nss-3.19.2.0-0.16.1 mozilla-nss-tools-3.19.2.0-0.16.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libfreebl3-32bit-3.19.2.0-0.16.1 libsoftokn3-32bit-3.19.2.0-0.16.1 mozilla-nss-32bit-3.19.2.0-0.16.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.19.2.0-0.16.1 libsoftokn3-x86-3.19.2.0-0.16.1 mozilla-nss-x86-3.19.2.0-0.16.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.2.1esr-19.3 MozillaFirefox-branding-SLED-31.0-0.12.51 MozillaFirefox-translations-38.2.1esr-19.3 libfreebl3-3.19.2.0-0.16.1 libsoftokn3-3.19.2.0-0.16.1 mozilla-nss-3.19.2.0-0.16.1 mozilla-nss-tools-3.19.2.0-0.16.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libfreebl3-32bit-3.19.2.0-0.16.1 libsoftokn3-32bit-3.19.2.0-0.16.1 mozilla-nss-32bit-3.19.2.0-0.16.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libfreebl3-x86-3.19.2.0-0.16.1 libsoftokn3-x86-3.19.2.0-0.16.1 mozilla-nss-x86-3.19.2.0-0.16.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-38.2.1esr-19.3 MozillaFirefox-branding-SLED-31.0-0.12.51 MozillaFirefox-translations-38.2.1esr-19.3 libfreebl3-3.19.2.0-0.16.1 libsoftokn3-3.19.2.0-0.16.1 mozilla-nss-3.19.2.0-0.16.1 mozilla-nss-tools-3.19.2.0-0.16.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libfreebl3-32bit-3.19.2.0-0.16.1 libsoftokn3-32bit-3.19.2.0-0.16.1 mozilla-nss-32bit-3.19.2.0-0.16.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): MozillaFirefox-38.2.1esr-19.3 MozillaFirefox-branding-SLED-31.0-0.12.51 MozillaFirefox-translations-38.2.1esr-19.3 libfreebl3-3.19.2.0-0.16.1 libsoftokn3-3.19.2.0-0.16.1 mozilla-nss-3.19.2.0-0.16.1 mozilla-nss-tools-3.19.2.0-0.16.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libfreebl3-32bit-3.19.2.0-0.16.1 libsoftokn3-32bit-3.19.2.0-0.16.1 mozilla-nss-32bit-3.19.2.0-0.16.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.2.1esr-19.3 MozillaFirefox-debugsource-38.2.1esr-19.3 mozilla-nss-debuginfo-3.19.2.0-0.16.1 mozilla-nss-debugsource-3.19.2.0-0.16.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.2.1esr-19.3 MozillaFirefox-debugsource-38.2.1esr-19.3 mozilla-nss-debuginfo-3.19.2.0-0.16.1 mozilla-nss-debugsource-3.19.2.0-0.16.1 References: https://www.suse.com/security/cve/CVE-2015-4473.html https://www.suse.com/security/cve/CVE-2015-4474.html https://www.suse.com/security/cve/CVE-2015-4475.html https://www.suse.com/security/cve/CVE-2015-4478.html https://www.suse.com/security/cve/CVE-2015-4479.html https://www.suse.com/security/cve/CVE-2015-4484.html https://www.suse.com/security/cve/CVE-2015-4485.html https://www.suse.com/security/cve/CVE-2015-4486.html https://www.suse.com/security/cve/CVE-2015-4487.html https://www.suse.com/security/cve/CVE-2015-4488.html https://www.suse.com/security/cve/CVE-2015-4489.html https://www.suse.com/security/cve/CVE-2015-4491.html https://www.suse.com/security/cve/CVE-2015-4492.html https://www.suse.com/security/cve/CVE-2015-4495.html https://bugzilla.suse.com/940806 From sle-updates at lists.suse.com Thu Sep 10 10:09:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2015 18:09:47 +0200 (CEST) Subject: SUSE-RU-2015:1529-1: Recommended update for mgetty Message-ID: <20150910160948.017C0320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for mgetty ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1529-1 Rating: low References: #914661 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mgetty adds systemd service files for mgetty and vgetty. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-520=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le): g3utils-1.1.36-57.3 g3utils-debuginfo-1.1.36-57.3 mgetty-1.1.36-57.3 mgetty-debuginfo-1.1.36-57.3 mgetty-debugsource-1.1.36-57.3 References: https://bugzilla.suse.com/914661 From sle-updates at lists.suse.com Thu Sep 10 11:09:56 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2015 19:09:56 +0200 (CEST) Subject: SUSE-RU-2015:1530-1: moderate: Recommended update for yast2 Message-ID: <20150910170956.59183320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1530-1 Rating: moderate References: #851769 #913722 #938059 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for YaST fixes reading of configuration files of bridge network interfaces. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-yast2-12084=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-yast2-12084=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-yast2-12084=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-yast2-12084=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): yast2-devel-doc-2.17.135.2-9.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): yast2-2.17.135.2-9.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): yast2-2.17.135.2-9.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): yast2-2.17.135.2-9.2 References: https://bugzilla.suse.com/851769 https://bugzilla.suse.com/913722 https://bugzilla.suse.com/938059 From sle-updates at lists.suse.com Thu Sep 10 11:10:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2015 19:10:50 +0200 (CEST) Subject: SUSE-RU-2015:1529-2: Recommended update for mgetty Message-ID: <20150910171050.F3185320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for mgetty ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1529-2 Rating: low References: #914661 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mgetty adds systemd service files for mgetty and vgetty. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-520=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-520=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (s390x x86_64): g3utils-1.1.36-57.3 g3utils-debuginfo-1.1.36-57.3 mgetty-1.1.36-57.3 mgetty-debuginfo-1.1.36-57.3 mgetty-debugsource-1.1.36-57.3 - SUSE Linux Enterprise Desktop 12 (x86_64): g3utils-1.1.36-57.3 g3utils-debuginfo-1.1.36-57.3 mgetty-1.1.36-57.3 mgetty-debuginfo-1.1.36-57.3 mgetty-debugsource-1.1.36-57.3 References: https://bugzilla.suse.com/914661 From sle-updates at lists.suse.com Thu Sep 10 11:11:12 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2015 19:11:12 +0200 (CEST) Subject: SUSE-RU-2015:1531-1: moderate: Recommended update for yast2-network Message-ID: <20150910171112.10D05320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1531-1 Rating: moderate References: #874259 #898250 #899363 #905738 #910337 #912169 #912904 #914833 #916013 #916376 #917606 #918356 #934180 #935937 #940192 #940892 #942461 #943297 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 18 recommended fixes can now be installed. Description: This update for yast2-network fixes the following issues: - Error when deleting interfaces using command-line interface. (bsc#940192, bsc#935937) - Internal error in lan AutoYaST client. (bsc#934180) - Keep device configuration provided via linuxrc when AutoYaST's keep_install_network is set. (bsc#874259) - Boot from iSCSI over IPv6 fails and boot drops into a shell. (bsc#916376) - Setting up "bond" device under YaST shows "ethX" instead of "bondX". (bsc#910337) - When renaming virtual device an internal error is raised. (bsc#914833) - YaST crashes while adding a new network device with empty static IP and name change. (bsc#912904) - Apply udev rules provided by AutoYaST profile. (bsc#905738) - Populate bond slave candidates list with proper device names. (bsc#918356) - Ignore /etc/install.inf:usessh flag when the file is present in installed system and always restart the network service in case of updated configuration. (bsc#898250, bsc#899363) - Fix internal error when importing AutoYaST profile. (bsc#940892) - IPv6 forwarding setup is stored persistently. (bsc#916013) The YaST2 core system was updated to match some of the above yast2-network changes and also fixes some other bugs: - Check cpuinfo_flags correctly while evaluating kernel packages for i586. (bsc#943297) - Fix "Reboot" button at the end of online migration. (bsc#942461) - Keep routing state when firewall is enabled/disabled. (bsc#916013) - Fix crash when media is requested during package management operations. (bsc#917606) - Better handling of line breaks in system log viewer. (bsc#912169) - Treat PowerNV platform as CHRP. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-521=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-521=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-521=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): yast2-devel-doc-3.1.108.7-7.1 yast2-network-devel-doc-3.1.112.6-2.14.10 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): yast2-3.1.108.7-7.1 yast2-network-3.1.112.6-2.14.10 - SUSE Linux Enterprise Desktop 12 (x86_64): yast2-3.1.108.7-7.1 yast2-network-3.1.112.6-2.14.10 References: https://bugzilla.suse.com/874259 https://bugzilla.suse.com/898250 https://bugzilla.suse.com/899363 https://bugzilla.suse.com/905738 https://bugzilla.suse.com/910337 https://bugzilla.suse.com/912169 https://bugzilla.suse.com/912904 https://bugzilla.suse.com/914833 https://bugzilla.suse.com/916013 https://bugzilla.suse.com/916376 https://bugzilla.suse.com/917606 https://bugzilla.suse.com/918356 https://bugzilla.suse.com/934180 https://bugzilla.suse.com/935937 https://bugzilla.suse.com/940192 https://bugzilla.suse.com/940892 https://bugzilla.suse.com/942461 https://bugzilla.suse.com/943297 From sle-updates at lists.suse.com Fri Sep 11 06:10:03 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 14:10:03 +0200 (CEST) Subject: SUSE-RU-2015:1541-1: Recommended update for autofs Message-ID: <20150911121003.9593A320F2@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1541-1 Rating: low References: #930095 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autofs increases the buffer used to read map files to support larger multi-mount maps. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-autofs-12086=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-autofs-12086=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-autofs-12086=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-autofs-12086=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-autofs-12086=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-autofs-12086=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-autofs-12086=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): autofs-5.0.6-3.10.20.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): autofs-5.0.6-3.10.20.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): autofs-5.0.6-3.10.20.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): autofs-5.0.6-3.10.20.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): autofs-5.0.6-3.10.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): autofs-debuginfo-5.0.6-3.10.20.1 autofs-debugsource-5.0.6-3.10.20.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): autofs-debuginfo-5.0.6-3.10.20.1 autofs-debugsource-5.0.6-3.10.20.1 References: https://bugzilla.suse.com/930095 From sle-updates at lists.suse.com Fri Sep 11 06:10:30 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 14:10:30 +0200 (CEST) Subject: SUSE-RU-2015:1542-1: Recommended update for WALinuxAgent Message-ID: <20150911121030.661D3320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for WALinuxAgent ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1542-1 Rating: low References: #933695 #933761 #933774 #936908 Affected Products: SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update provides WALinuxAgent version 2.0.14, which brings the following fixes and enhancements: - Fix RDMA configuration. - Fix page blob uploading for Python 2.6. - Fix http request error handling. - Handle http 410 returned by host. - Add support for http proxy. - Add support to execute CustomData after provisioning. - Add a udev rule for product-uuid to be world readable. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-WALinuxAgent-12085=1 - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-WALinuxAgent-12085=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3 (noarch): WALinuxAgent-2.0.14-7.1 - SUSE Linux Enterprise Server 11-PUBCLOUD (noarch): WALinuxAgent-2.0.14-7.1 References: https://bugzilla.suse.com/933695 https://bugzilla.suse.com/933761 https://bugzilla.suse.com/933774 https://bugzilla.suse.com/936908 From sle-updates at lists.suse.com Fri Sep 11 06:11:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 14:11:21 +0200 (CEST) Subject: SUSE-RU-2015:1543-1: moderate: Recommended update for wicked Message-ID: <20150911121121.2C6A1320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1543-1 Rating: moderate References: #903759 #911310 #915025 #916402 #918069 #919573 #925276 #927615 #931288 #934067 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update provides Wicked 0.6.20, which brings many fixes and enhancements: - ifconfig: Handle link up of externally enslaved devices. - ifcfg: Generate link master from master config, added MASTER_DEVICE variable. - fsm: Master/slave transition dependency and state check fixes. - fsm: Improve subordinate device relation updating and logging. - fsm: Reference count config nodes to avoid memleaks. - ethtool: Fix option tables terminator. (bsc#925276) - scripts: Fixed typo breaking wicked scheme scripts. - sysfs: Fixed memleak while reading device path. - client: Config parsing, origin processing, root-directory cleanup and memory leak fixes. - xml: Fixes to memory leaks, location functions cleanup. - firmware: Properly extract discovery type and path. - dhcp4: Improve invalid dhcp options handling. (bsc#918069) - dhcp6: Refresh ipv6 link on newprefix in auto mode to workaround that the kernel does not send us events about mode change when RA timers are unspecified. (bsc#934067) - ethtool: Do not warn when reading ethtool settings while netlink newlink processing and the device is already gone. - ibft: Ignore invalid default gateway (0.0.0.0 and ::) provided by the firmware. (bsc#903759) - wireless: Handle ANY for WPA-EAP methods and send passwd when phase2 method isn't set. (bsc#927615) - bonding: Don't insist that arp_validate=none default is valid in active-backup mode only. (bsc#919573) - nanny: Fix error handling for NULL policy objects and fix to not compare iftype to a dbus class name. (bsc#931288) - spec: Require util-linux-systemd providing logger. (bsc#911310) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-525=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-525=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libwicked-0-6-0.6.20-18.5.1 libwicked-0-6-debuginfo-0.6.20-18.5.1 wicked-0.6.20-18.5.1 wicked-debuginfo-0.6.20-18.5.1 wicked-debugsource-0.6.20-18.5.1 wicked-service-0.6.20-18.5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libwicked-0-6-0.6.20-18.5.1 libwicked-0-6-debuginfo-0.6.20-18.5.1 wicked-0.6.20-18.5.1 wicked-debuginfo-0.6.20-18.5.1 wicked-debugsource-0.6.20-18.5.1 wicked-service-0.6.20-18.5.1 References: https://bugzilla.suse.com/903759 https://bugzilla.suse.com/911310 https://bugzilla.suse.com/915025 https://bugzilla.suse.com/916402 https://bugzilla.suse.com/918069 https://bugzilla.suse.com/919573 https://bugzilla.suse.com/925276 https://bugzilla.suse.com/927615 https://bugzilla.suse.com/931288 https://bugzilla.suse.com/934067 From sle-updates at lists.suse.com Fri Sep 11 07:09:42 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 15:09:42 +0200 (CEST) Subject: SUSE-SU-2015:1544-1: moderate: Security update for openssh Message-ID: <20150911130943.07287320F2@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1544-1 Rating: moderate References: #903649 #932483 #936695 #938746 #943006 #943010 Cross-References: CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: openssh was updated to fix several security issues. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. (bsc#943010) * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. (bsc#943006) Also use %restart_on_update in the trigger script. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-526=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-526=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openssh-6.6p1-29.1 openssh-askpass-gnome-6.6p1-29.1 openssh-askpass-gnome-debuginfo-6.6p1-29.1 openssh-debuginfo-6.6p1-29.1 openssh-debugsource-6.6p1-29.1 openssh-fips-6.6p1-29.1 openssh-helpers-6.6p1-29.1 openssh-helpers-debuginfo-6.6p1-29.1 - SUSE Linux Enterprise Desktop 12 (x86_64): openssh-6.6p1-29.1 openssh-askpass-gnome-6.6p1-29.1 openssh-askpass-gnome-debuginfo-6.6p1-29.1 openssh-debuginfo-6.6p1-29.1 openssh-debugsource-6.6p1-29.1 openssh-helpers-6.6p1-29.1 openssh-helpers-debuginfo-6.6p1-29.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-5352.html https://www.suse.com/security/cve/CVE-2015-5600.html https://www.suse.com/security/cve/CVE-2015-6563.html https://www.suse.com/security/cve/CVE-2015-6564.html https://bugzilla.suse.com/903649 https://bugzilla.suse.com/932483 https://bugzilla.suse.com/936695 https://bugzilla.suse.com/938746 https://bugzilla.suse.com/943006 https://bugzilla.suse.com/943010 From sle-updates at lists.suse.com Fri Sep 11 08:09:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 16:09:39 +0200 (CEST) Subject: SUSE-SU-2015:1545-1: moderate: Security update for conntrack-tools Message-ID: <20150911140939.48C66320F6@maintenance.suse.de> SUSE Security Update: Security update for conntrack-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1545-1 Rating: moderate References: #942149 #944339 Cross-References: CVE-2015-6496 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: Fix a possible crash if conntrackd sees DCCP, SCTP and ICMPv6 traffic and the corresponding kernel modules that track this traffic are not available. (bsc#942149, CVE-2015-6496) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-527=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-527=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-527=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (x86_64): conntrack-tools-1.4.2-5.2 conntrack-tools-debuginfo-1.4.2-5.2 conntrack-tools-debugsource-1.4.2-5.2 libnetfilter_cthelper-debugsource-1.0.0-7.1 libnetfilter_cthelper0-1.0.0-7.1 libnetfilter_cthelper0-debuginfo-1.0.0-7.1 libnetfilter_cttimeout-debugsource-1.0.0-9.1 libnetfilter_cttimeout1-1.0.0-9.1 libnetfilter_cttimeout1-debuginfo-1.0.0-9.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libnetfilter_cthelper-debugsource-1.0.0-7.1 libnetfilter_cthelper-devel-1.0.0-7.1 libnetfilter_cthelper0-1.0.0-7.1 libnetfilter_cthelper0-debuginfo-1.0.0-7.1 libnetfilter_cttimeout-debugsource-1.0.0-9.1 libnetfilter_cttimeout-devel-1.0.0-9.1 libnetfilter_cttimeout1-1.0.0-9.1 libnetfilter_cttimeout1-debuginfo-1.0.0-9.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): conntrack-tools-1.4.2-5.2 conntrack-tools-debuginfo-1.4.2-5.2 conntrack-tools-debugsource-1.4.2-5.2 libnetfilter_cthelper-debugsource-1.0.0-7.1 libnetfilter_cthelper0-1.0.0-7.1 libnetfilter_cthelper0-debuginfo-1.0.0-7.1 libnetfilter_cttimeout-debugsource-1.0.0-9.1 libnetfilter_cttimeout1-1.0.0-9.1 libnetfilter_cttimeout1-debuginfo-1.0.0-9.1 References: https://www.suse.com/security/cve/CVE-2015-6496.html https://bugzilla.suse.com/942149 https://bugzilla.suse.com/944339 From sle-updates at lists.suse.com Fri Sep 11 09:11:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 17:11:01 +0200 (CEST) Subject: SUSE-SU-2015:1547-1: moderate: Security update for openssh Message-ID: <20150911151101.71A9E320F6@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1547-1 Rating: moderate References: #673532 #903649 #905118 #914309 #916549 #932483 #936695 #938746 #943006 #943010 Cross-References: CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 5 fixes is now available. Description: openssh was updated to fix several security issues and bugs. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. These non-security issues were fixed: - bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential for oom_killer. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user. - bsc#916549: Fixed support for aesXXX-gcm at openssh.com. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-openssh-12087=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-openssh-12087=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): openssh-6.2p2-0.17.1 openssh-askpass-6.2p2-0.17.1 openssh-askpass-gnome-6.2p2-0.17.3 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): openssh-6.2p2-0.17.1 openssh-askpass-6.2p2-0.17.1 openssh-askpass-gnome-6.2p2-0.17.3 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-5352.html https://www.suse.com/security/cve/CVE-2015-5600.html https://www.suse.com/security/cve/CVE-2015-6563.html https://www.suse.com/security/cve/CVE-2015-6564.html https://bugzilla.suse.com/673532 https://bugzilla.suse.com/903649 https://bugzilla.suse.com/905118 https://bugzilla.suse.com/914309 https://bugzilla.suse.com/916549 https://bugzilla.suse.com/932483 https://bugzilla.suse.com/936695 https://bugzilla.suse.com/938746 https://bugzilla.suse.com/943006 https://bugzilla.suse.com/943010 From sle-updates at lists.suse.com Fri Sep 11 10:09:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 18:09:48 +0200 (CEST) Subject: SUSE-RU-2015:1548-1: Recommended update for python-oslosphinx Message-ID: <20150911160948.B1569320F7@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-oslosphinx ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1548-1 Rating: low References: #945098 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-oslosphinx version 2.5.0, which includes several fixes and enhancements. For a comprehensive list of changes, please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-529=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-oslosphinx-2.5.0-4.1 References: https://bugzilla.suse.com/945098 From sle-updates at lists.suse.com Fri Sep 11 10:10:09 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 18:10:09 +0200 (CEST) Subject: SUSE-RU-2015:1549-1: Recommended update for sed Message-ID: <20150911161009.18291320F7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sed ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1549-1 Rating: low References: #933029 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sed fixes the behavior of --follow-symlinks when reading from the standard input (stdin). The behavior of "sed --follow-symlinks -" is now identical to "sed -". In both cases, sed will read from the standard input and no longer from a file named '-'. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-530=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-530=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): sed-4.2.2-6.1 sed-debuginfo-4.2.2-6.1 sed-debugsource-4.2.2-6.1 - SUSE Linux Enterprise Server 12 (noarch): sed-lang-4.2.2-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): sed-4.2.2-6.1 sed-debuginfo-4.2.2-6.1 sed-debugsource-4.2.2-6.1 - SUSE Linux Enterprise Desktop 12 (noarch): sed-lang-4.2.2-6.1 References: https://bugzilla.suse.com/933029 From sle-updates at lists.suse.com Fri Sep 11 10:10:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 18:10:35 +0200 (CEST) Subject: SUSE-RU-2015:1550-1: Recommended update for sed Message-ID: <20150911161035.585C4320F7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sed ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1550-1 Rating: low References: #933022 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sed fixes handling of the --follow-symlinks option. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-sed-12088=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sed-12088=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-sed-12088=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-sed-12088=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-sed-12088=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sed-12088=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-sed-12088=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): sed-4.1.5-85.32.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): sed-4.1.5-85.32.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): sed-4.1.5-85.32.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): sed-4.1.5-85.32.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): sed-4.1.5-85.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sed-debuginfo-4.1.5-85.32.1 sed-debugsource-4.1.5-85.32.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): sed-debuginfo-4.1.5-85.32.1 sed-debugsource-4.1.5-85.32.1 References: https://bugzilla.suse.com/933022 From sle-updates at lists.suse.com Fri Sep 11 10:11:01 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 18:11:01 +0200 (CEST) Subject: SUSE-RU-2015:1551-1: Recommended update for cronie Message-ID: <20150911161101.CF9D9320F7@maintenance.suse.de> SUSE Recommended Update: Recommended update for cronie ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1551-1 Rating: low References: #900604 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: cronie has been updated to fix loading of PAM environment from the pam_env module. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-531=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-531=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cron-4.2-58.3 cronie-1.4.11-58.3 cronie-debuginfo-1.4.11-58.3 cronie-debugsource-1.4.11-58.3 - SUSE Linux Enterprise Desktop 12 (x86_64): cron-4.2-58.3 cronie-1.4.11-58.3 cronie-debuginfo-1.4.11-58.3 cronie-debugsource-1.4.11-58.3 References: https://bugzilla.suse.com/900604 From sle-updates at lists.suse.com Fri Sep 11 10:11:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 18:11:23 +0200 (CEST) Subject: SUSE-SU-2015:1547-2: moderate: Security update for openssh Message-ID: <20150911161123.20C2C320F7@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1547-2 Rating: moderate References: #673532 #903649 #905118 #914309 #916549 #932483 #936695 #938746 #943006 #943010 Cross-References: CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 Affected Products: SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 5 fixes is now available. Description: openssh was updated to fix several security issues and bugs. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. These non-security issues were fixed: - bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential for oom_killer. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user. - bsc#916549: Fixed support for aesXXX-gcm at openssh.com. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-openssh-12087=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssh-12087=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): openssh-6.2p2-0.17.1 openssh-askpass-6.2p2-0.17.1 openssh-askpass-gnome-6.2p2-0.17.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.2p2-0.17.3 openssh-debuginfo-6.2p2-0.17.1 openssh-debugsource-6.2p2-0.17.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-5352.html https://www.suse.com/security/cve/CVE-2015-5600.html https://www.suse.com/security/cve/CVE-2015-6563.html https://www.suse.com/security/cve/CVE-2015-6564.html https://bugzilla.suse.com/673532 https://bugzilla.suse.com/903649 https://bugzilla.suse.com/905118 https://bugzilla.suse.com/914309 https://bugzilla.suse.com/916549 https://bugzilla.suse.com/932483 https://bugzilla.suse.com/936695 https://bugzilla.suse.com/938746 https://bugzilla.suse.com/943006 https://bugzilla.suse.com/943010 From sle-updates at lists.suse.com Fri Sep 11 13:10:25 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2015 21:10:25 +0200 (CEST) Subject: SUSE-RU-2015:1552-1: Recommended update for rsyslog Message-ID: <20150911191025.37B45320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1552-1 Rating: low References: #925512 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: rsyslog's AppArmor profile has been adjusted to prevent aa-genprof failures. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-533=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-533=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): rsyslog-8.4.0-8.3 rsyslog-debuginfo-8.4.0-8.3 rsyslog-debugsource-8.4.0-8.3 rsyslog-diag-tools-8.4.0-8.3 rsyslog-diag-tools-debuginfo-8.4.0-8.3 rsyslog-doc-8.4.0-8.3 rsyslog-module-gssapi-8.4.0-8.3 rsyslog-module-gssapi-debuginfo-8.4.0-8.3 rsyslog-module-gtls-8.4.0-8.3 rsyslog-module-gtls-debuginfo-8.4.0-8.3 rsyslog-module-mysql-8.4.0-8.3 rsyslog-module-mysql-debuginfo-8.4.0-8.3 rsyslog-module-pgsql-8.4.0-8.3 rsyslog-module-pgsql-debuginfo-8.4.0-8.3 rsyslog-module-relp-8.4.0-8.3 rsyslog-module-relp-debuginfo-8.4.0-8.3 rsyslog-module-snmp-8.4.0-8.3 rsyslog-module-snmp-debuginfo-8.4.0-8.3 rsyslog-module-udpspoof-8.4.0-8.3 rsyslog-module-udpspoof-debuginfo-8.4.0-8.3 - SUSE Linux Enterprise Desktop 12 (x86_64): rsyslog-8.4.0-8.3 rsyslog-debuginfo-8.4.0-8.3 rsyslog-debugsource-8.4.0-8.3 References: https://bugzilla.suse.com/925512 From sle-updates at lists.suse.com Mon Sep 14 08:09:50 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2015 16:09:50 +0200 (CEST) Subject: SUSE-RU-2015:1553-1: Recommended update for usbutils Message-ID: <20150914140950.ABA2D320F3@maintenance.suse.de> SUSE Recommended Update: Recommended update for usbutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1553-1 Rating: low References: #941820 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for usbutils adds new IDs to the devices' database. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-usbutils-12089=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-usbutils-12089=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-usbutils-12089=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): usbutils-004-1.18.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): usbutils-004-1.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): usbutils-debuginfo-004-1.18.1 usbutils-debugsource-004-1.18.1 References: https://bugzilla.suse.com/941820 From sle-updates at lists.suse.com Mon Sep 14 08:10:15 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2015 16:10:15 +0200 (CEST) Subject: SUSE-RU-2015:1554-1: Recommended update for usbutils Message-ID: <20150914141015.B9F48320F7@maintenance.suse.de> SUSE Recommended Update: Recommended update for usbutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1554-1 Rating: low References: #943773 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for usbutils adds new IDs to the devices' database. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-535=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-535=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): usbutils-007-6.1 usbutils-debuginfo-007-6.1 usbutils-debugsource-007-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): usbutils-007-6.1 usbutils-debuginfo-007-6.1 usbutils-debugsource-007-6.1 References: https://bugzilla.suse.com/943773 From sle-updates at lists.suse.com Mon Sep 14 09:09:43 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2015 17:09:43 +0200 (CEST) Subject: SUSE-RU-2015:1555-1: moderate: Recommended update for docker Message-ID: <20150914150943.1FCCA320F7@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1555-1 Rating: moderate References: #942369 #942370 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: Docker has been updated to version 1.8.1, bringing several fixes and enhancements. For a comprehensive list of changes, please refer to the detailed changelogs in: - https://github.com/docker/docker/releases/tag/v1.8.1 - https://github.com/docker/docker/releases/tag/v1.8.0 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2015-538=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): docker-1.8.1-43.3 docker-debuginfo-1.8.1-43.3 docker-debugsource-1.8.1-43.3 References: https://bugzilla.suse.com/942369 https://bugzilla.suse.com/942370 From sle-updates at lists.suse.com Mon Sep 14 09:10:13 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2015 17:10:13 +0200 (CEST) Subject: SUSE-SU-2015:1556-1: moderate: Security update for net-snmp Message-ID: <20150914151013.69F97320F7@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1556-1 Rating: moderate References: #909479 #935863 #935876 #940084 #940188 Cross-References: CVE-2015-5621 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: The following issues have been fixed within this update: * fix btrfs output inside HOST-RESOURCES-MIB::hrStorageDescr. (bsc#909479) * fix an incompletely initialized vulnerability within the snmp_pdu_parse() function of snmp_api.c. (bsc#940188, CVE-2015-5621) * add build requirement 'procps' to fix a net-snmp-config error (bsc#935863) * --disable-md5 to allow operation in FIPS mode and not use the old algorithm (bsc#935876 bsc#940084) * also stop snmptrapd on removal Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-537=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-537=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-537=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): net-snmp-debuginfo-5.7.2.1-4.3.2 net-snmp-debugsource-5.7.2.1-4.3.2 net-snmp-devel-5.7.2.1-4.3.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libsnmp30-5.7.2.1-4.3.2 libsnmp30-debuginfo-5.7.2.1-4.3.2 net-snmp-5.7.2.1-4.3.2 net-snmp-debuginfo-5.7.2.1-4.3.2 net-snmp-debugsource-5.7.2.1-4.3.2 perl-SNMP-5.7.2.1-4.3.2 perl-SNMP-debuginfo-5.7.2.1-4.3.2 snmp-mibs-5.7.2.1-4.3.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libsnmp30-32bit-5.7.2.1-4.3.2 libsnmp30-debuginfo-32bit-5.7.2.1-4.3.2 - SUSE Linux Enterprise Desktop 12 (x86_64): libsnmp30-32bit-5.7.2.1-4.3.2 libsnmp30-5.7.2.1-4.3.2 libsnmp30-debuginfo-32bit-5.7.2.1-4.3.2 libsnmp30-debuginfo-5.7.2.1-4.3.2 net-snmp-5.7.2.1-4.3.2 net-snmp-debuginfo-5.7.2.1-4.3.2 net-snmp-debugsource-5.7.2.1-4.3.2 perl-SNMP-5.7.2.1-4.3.2 perl-SNMP-debuginfo-5.7.2.1-4.3.2 snmp-mibs-5.7.2.1-4.3.2 References: https://www.suse.com/security/cve/CVE-2015-5621.html https://bugzilla.suse.com/909479 https://bugzilla.suse.com/935863 https://bugzilla.suse.com/935876 https://bugzilla.suse.com/940084 https://bugzilla.suse.com/940188 From sle-updates at lists.suse.com Mon Sep 14 12:09:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2015 20:09:54 +0200 (CEST) Subject: SUSE-OU-2015:1557-1: Initial release of release-notes-sles-for-sap Message-ID: <20150914180954.7C541320F7@maintenance.suse.de> SUSE Optional Update: Initial release of release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1557-1 Rating: low References: #940805 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides the initial compilation of release notes for SUSE Linux Enterprise Server for SAP Applications 11-SP4. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-release-notes-sles-for-sap-12090=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (ppc64 x86_64): release-notes-sles-for-sap-11.4.1-0.4.2 References: https://bugzilla.suse.com/940805 From sle-updates at lists.suse.com Tue Sep 15 05:09:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2015 13:09:47 +0200 (CEST) Subject: SUSE-RU-2015:1559-1: moderate: Recommended update for rubygem-bundler Message-ID: <20150915110947.E689F320F7@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-bundler ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1559-1 Rating: moderate References: #922719 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The rubygem-bundler package contained its own set of SSL root certificates. This update removes them and instead uses the system's certificate database. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-543=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-543=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ruby2.1-rubygem-bundler-1.7.3-3.8 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): ruby2.1-rubygem-bundler-1.7.3-3.8 References: https://bugzilla.suse.com/922719 From sle-updates at lists.suse.com Tue Sep 15 05:10:08 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2015 13:10:08 +0200 (CEST) Subject: SUSE-RU-2015:1560-1: Recommended update for release-notes-sles Message-ID: <20150915111008.CBC07320F7@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1560-1 Rating: low References: #934238 #938757 #943847 #944193 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update provides the latest version of the release notes for SUSE Linux Enterprise Server 11-SP3. - Update copyright statement. - New: Add PSM Library to SLE 11-SP3. (fate#316794) - New: Xen VM and the 511 GB limit. (bsc#938757) - New: Update of PostgreSQL in SLES 11. (fate#319282) - New: Support for openvpn in the SLE 11 Security Module. (fate#318863) - New: Installing the open-fcoe Package Manually. (fate#319239) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-release-notes-sles-201508-12091=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-release-notes-sles-201508-12091=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): release-notes-SLES-for-VMware-11.3.42-0.13.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): release-notes-sles-11.3.42-0.13.1 References: https://bugzilla.suse.com/934238 https://bugzilla.suse.com/938757 https://bugzilla.suse.com/943847 https://bugzilla.suse.com/944193 From sle-updates at lists.suse.com Tue Sep 15 10:09:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2015 18:09:40 +0200 (CEST) Subject: SUSE-RU-2015:1561-1: moderate: Recommended update for kernel module packages Message-ID: <20150915160940.19908320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel module packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1561-1 Rating: moderate References: #936012 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update refreshes some kernel module packages to match updated kernel abis. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-545=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-545=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openvswitch-2.1.2-9.1 openvswitch-debuginfo-2.1.2-9.1 openvswitch-debugsource-2.1.2-9.1 openvswitch-kmp-default-2.1.2_k3.12.44_52.10-9.1 openvswitch-kmp-default-debuginfo-2.1.2_k3.12.44_52.10-9.1 openvswitch-switch-2.1.2-9.1 openvswitch-switch-debuginfo-2.1.2-9.1 - SUSE Linux Enterprise Server 12 (x86_64): lttng-modules-2.4.1-16.2.1 lttng-modules-debugsource-2.4.1-16.2.1 lttng-modules-kmp-default-2.4.1_k3.12.44_52.10-16.2.1 lttng-modules-kmp-default-debuginfo-2.4.1_k3.12.44_52.10-16.2.1 openvswitch-kmp-xen-2.1.2_k3.12.44_52.10-9.1 openvswitch-kmp-xen-debuginfo-2.1.2_k3.12.44_52.10-9.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): cluster-network-kmp-default-1.4_k3.12.44_52.10-26.2.1 cluster-network-kmp-default-debuginfo-1.4_k3.12.44_52.10-26.2.1 dlm-kmp-default-4.0.2_k3.12.44_52.10-22.2.1 dlm-kmp-default-debuginfo-4.0.2_k3.12.44_52.10-22.2.1 drbd-8.4.4.7-9.2.1 drbd-debuginfo-8.4.4.7-9.2.1 drbd-debugsource-8.4.4.7-9.2.1 drbd-kmp-default-8.4.4.7_k3.12.44_52.10-9.2.1 drbd-kmp-default-debuginfo-8.4.4.7_k3.12.44_52.10-9.2.1 gfs2-kmp-default-3.1.6_k3.12.44_52.10-22.2.1 gfs2-kmp-default-debuginfo-3.1.6_k3.12.44_52.10-22.2.1 ocfs2-kmp-default-1.8.2_k3.12.44_52.10-22.2.1 ocfs2-kmp-default-debuginfo-1.8.2_k3.12.44_52.10-22.2.1 - SUSE Linux Enterprise High Availability 12 (x86_64): cluster-network-kmp-xen-1.4_k3.12.44_52.10-26.2.1 cluster-network-kmp-xen-debuginfo-1.4_k3.12.44_52.10-26.2.1 dlm-kmp-xen-4.0.2_k3.12.44_52.10-22.2.1 dlm-kmp-xen-debuginfo-4.0.2_k3.12.44_52.10-22.2.1 drbd-kmp-xen-8.4.4.7_k3.12.44_52.10-9.2.1 drbd-kmp-xen-debuginfo-8.4.4.7_k3.12.44_52.10-9.2.1 gfs2-kmp-xen-3.1.6_k3.12.44_52.10-22.2.1 gfs2-kmp-xen-debuginfo-3.1.6_k3.12.44_52.10-22.2.1 ocfs2-kmp-xen-1.8.2_k3.12.44_52.10-22.2.1 ocfs2-kmp-xen-debuginfo-1.8.2_k3.12.44_52.10-22.2.1 References: https://bugzilla.suse.com/936012 From sle-updates at lists.suse.com Wed Sep 16 05:09:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2015 13:09:39 +0200 (CEST) Subject: SUSE-RU-2015:1562-1: Recommended update for tar Message-ID: <20150916110939.66467320FC@maintenance.suse.de> SUSE Recommended Update: Recommended update for tar ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1562-1 Rating: low References: #940120 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tar enables support for ACLs, extended attributes (Xattr) and SELinux. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-546=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-546=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tar-1.27.1-4.1 tar-debuginfo-1.27.1-4.1 tar-debugsource-1.27.1-4.1 - SUSE Linux Enterprise Server 12 (noarch): tar-lang-1.27.1-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): tar-1.27.1-4.1 tar-debuginfo-1.27.1-4.1 tar-debugsource-1.27.1-4.1 - SUSE Linux Enterprise Desktop 12 (noarch): tar-lang-1.27.1-4.1 References: https://bugzilla.suse.com/940120 From sle-updates at lists.suse.com Wed Sep 16 07:09:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2015 15:09:44 +0200 (CEST) Subject: SUSE-RU-2015:1563-1: Recommended update for brltty Message-ID: <20150916130944.8B251320FC@maintenance.suse.de> SUSE Recommended Update: Recommended update for brltty ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1563-1 Rating: low References: #917176 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for brltty fixes the binary path in systemd's unit file. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-548=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-548=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-548=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): brlapi-devel-5.1-7.29 brltty-debuginfo-5.1-7.29 brltty-debugsource-5.1-7.29 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): brltty-5.1-7.29 brltty-debuginfo-5.1-7.29 brltty-debugsource-5.1-7.29 libbrlapi0_6-5.1-7.29 libbrlapi0_6-debuginfo-5.1-7.29 python3-brlapi-5.1-7.29 python3-brlapi-debuginfo-5.1-7.29 - SUSE Linux Enterprise Desktop 12 (x86_64): brltty-5.1-7.29 brltty-debuginfo-5.1-7.29 brltty-debugsource-5.1-7.29 libbrlapi0_6-5.1-7.29 libbrlapi0_6-debuginfo-5.1-7.29 python3-brlapi-5.1-7.29 python3-brlapi-debuginfo-5.1-7.29 References: https://bugzilla.suse.com/917176 From sle-updates at lists.suse.com Wed Sep 16 07:10:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2015 15:10:07 +0200 (CEST) Subject: SUSE-RU-2015:1564-1: Recommended update for release-notes-sles Message-ID: <20150916131007.A9B7F320F6@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1564-1 Rating: low References: #936551 #938765 #939408 #943224 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 12. - New: iscsitarget and related packages replaced with lio. (bsc#939408 via fate#316773) - New: SUSE Linux Enterprise Toolchain Module 12. (fate#316684) - New: Deprecation of lukemftp client. (bsc#943224 via fate#313673) - Updated: Adjust XEN VM guest memory limit. (bsc#938765) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-547=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): release-notes-sles-12.0.20150910-34.1 References: https://bugzilla.suse.com/936551 https://bugzilla.suse.com/938765 https://bugzilla.suse.com/939408 https://bugzilla.suse.com/943224 From sle-updates at lists.suse.com Wed Sep 16 09:09:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2015 17:09:49 +0200 (CEST) Subject: SUSE-SU-2015:1565-1: moderate: Security update for tomcat6 Message-ID: <20150916150949.B8545320FF@maintenance.suse.de> SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1565-1 Rating: moderate References: #906152 #917127 #926762 #931442 #932698 #934219 Cross-References: CVE-2014-0227 CVE-2014-0230 CVE-2014-7810 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for Tomcat fixes the following security issues: - CVE-2014-7810: Security manager bypass via EL expressions. (bsc#931442) It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could have used this flaw to bypass security manager protections. - CVE-2014-0227: Limited DoS in chunked transfer encoding input filter. (bsc#917127) It was discovered that the ChunkedInputFilter implementation did not fail subsequent attempts to read input early enough. A remote attacker could have used this flaw to perform a denial of service attack, by streaming an unlimited quantity of data, leading to consumption of server resources. - CVE-2014-0230: Non-persistent DoS attack by feeding data by aborting an upload It was possible for a remote attacker to trigger a non-persistent DoS attack by feeding data by aborting an upload. (bsc#926762) Additionally, the following non-security issues have been fixed: - Fix rights of all files within /usr/share/tomcat6/bin. (bsc#906152) - Don't overwrite /var/run/tomcat6.pid when Tomcat is already running. (bsc#934219) - Miscellaneous fixes and improvements to Tomcat's init script. (bsc#932698) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tomcat6-12092=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): tomcat6-6.0.41-0.47.1 tomcat6-admin-webapps-6.0.41-0.47.1 tomcat6-docs-webapp-6.0.41-0.47.1 tomcat6-javadoc-6.0.41-0.47.1 tomcat6-jsp-2_1-api-6.0.41-0.47.1 tomcat6-lib-6.0.41-0.47.1 tomcat6-servlet-2_5-api-6.0.41-0.47.1 tomcat6-webapps-6.0.41-0.47.1 References: https://www.suse.com/security/cve/CVE-2014-0227.html https://www.suse.com/security/cve/CVE-2014-0230.html https://www.suse.com/security/cve/CVE-2014-7810.html https://bugzilla.suse.com/906152 https://bugzilla.suse.com/917127 https://bugzilla.suse.com/926762 https://bugzilla.suse.com/931442 https://bugzilla.suse.com/932698 https://bugzilla.suse.com/934219 From sle-updates at lists.suse.com Thu Sep 17 07:09:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2015 15:09:38 +0200 (CEST) Subject: SUSE-RU-2015:1567-1: Recommended update for release-notes-sles Message-ID: <20150917130938.65B4E320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1567-1 Rating: low References: #938757 #938880 #940594 #942090 #943479 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise Server 11 SP4. - Updated: Support for 10GbE RoCE Express. (bsc#942090, fate#319065) - Updated: List more kernel modules which were updated. (fate#318442) - Updated: Adjust XEN VM guest memory limit. (bsc#938757) - Obsoleted: Migrating SUSE Linux Enterprise Server with WebYaST installed via Wagon. (bsc#940594) - Obsoleted: SMT 11 SP2 to SP3 migration, and other update related entries. (bsc#940594) - Fix minor spelling issues. (bsc#943479) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-release-notes-sles-12093=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): release-notes-sles-11.4.20-0.15.2 References: https://bugzilla.suse.com/938757 https://bugzilla.suse.com/938880 https://bugzilla.suse.com/940594 https://bugzilla.suse.com/942090 https://bugzilla.suse.com/943479 From sle-updates at lists.suse.com Thu Sep 17 08:09:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2015 16:09:38 +0200 (CEST) Subject: SUSE-RU-2015:1568-1: Recommended update for pesign-obs-integration Message-ID: <20150917140938.75089320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign-obs-integration ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1568-1 Rating: low References: #905420 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign-obs-integration adds support for file verify flags. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-553=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-553=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): pesign-obs-integration-10.0-29.1 - SUSE Linux Enterprise Desktop 12 (x86_64): pesign-obs-integration-10.0-29.1 References: https://bugzilla.suse.com/905420 From sle-updates at lists.suse.com Thu Sep 17 08:10:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2015 16:10:02 +0200 (CEST) Subject: SUSE-RU-2015:1569-1: Recommended update for plymouth Message-ID: <20150917141002.B0862320FC@maintenance.suse.de> SUSE Recommended Update: Recommended update for plymouth ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1569-1 Rating: low References: #923992 #926742 #929616 #936005 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update adds RemainAfterExit=yes to plymouth-start.service, avoiding an undesired restart of plymouthd after it has finished. The update also ensures Plymouth is not started if "init=/bin/bash" is present in the Kernel command line. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-552=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-552=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-552=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): plymouth-debuginfo-0.9.0-15.2 plymouth-debugsource-0.9.0-15.2 plymouth-devel-0.9.0-15.2 plymouth-x11-renderer-0.9.0-15.2 plymouth-x11-renderer-debuginfo-0.9.0-15.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libply-boot-client2-0.9.0-15.2 libply-boot-client2-debuginfo-0.9.0-15.2 libply-splash-core2-0.9.0-15.2 libply-splash-core2-debuginfo-0.9.0-15.2 libply-splash-graphics2-0.9.0-15.2 libply-splash-graphics2-debuginfo-0.9.0-15.2 libply2-0.9.0-15.2 libply2-debuginfo-0.9.0-15.2 plymouth-0.9.0-15.2 plymouth-debuginfo-0.9.0-15.2 plymouth-debugsource-0.9.0-15.2 plymouth-dracut-0.9.0-15.2 plymouth-plugin-label-0.9.0-15.2 plymouth-plugin-label-debuginfo-0.9.0-15.2 plymouth-plugin-script-0.9.0-15.2 plymouth-plugin-script-debuginfo-0.9.0-15.2 plymouth-scripts-0.9.0-15.2 - SUSE Linux Enterprise Desktop 12 (x86_64): libply-boot-client2-0.9.0-15.2 libply-boot-client2-debuginfo-0.9.0-15.2 libply-splash-core2-0.9.0-15.2 libply-splash-core2-debuginfo-0.9.0-15.2 libply-splash-graphics2-0.9.0-15.2 libply-splash-graphics2-debuginfo-0.9.0-15.2 libply2-0.9.0-15.2 libply2-debuginfo-0.9.0-15.2 plymouth-0.9.0-15.2 plymouth-debuginfo-0.9.0-15.2 plymouth-debugsource-0.9.0-15.2 plymouth-dracut-0.9.0-15.2 plymouth-plugin-label-0.9.0-15.2 plymouth-plugin-label-debuginfo-0.9.0-15.2 plymouth-plugin-script-0.9.0-15.2 plymouth-plugin-script-debuginfo-0.9.0-15.2 plymouth-scripts-0.9.0-15.2 References: https://bugzilla.suse.com/923992 https://bugzilla.suse.com/926742 https://bugzilla.suse.com/929616 https://bugzilla.suse.com/936005 From sle-updates at lists.suse.com Thu Sep 17 09:09:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2015 17:09:40 +0200 (CEST) Subject: SUSE-RU-2015:1570-1: Recommended update for rubygem-chef Message-ID: <20150917150940.8CFE1320FC@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1570-1 Rating: low References: #930574 #936302 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-chef fixes the following issue: - Running logrotate as root is insecure. Make sure logs are created with the right permissions and logrotate runs as chef:chef. (bsc#930574) - Allow "pausing" of intervallic chef-client runs. (bsc#936302) - Do not repeatedly query rabbitmq-server in chef-create-ampq-password. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-chef-12094=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-chef-10.32.2-0.22.1 rubygem-chef-10.32.2-0.22.1 References: https://bugzilla.suse.com/930574 https://bugzilla.suse.com/936302 From sle-updates at lists.suse.com Fri Sep 18 05:10:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2015 13:10:22 +0200 (CEST) Subject: SUSE-RU-2015:1573-1: moderate: Recommended update for python-requests Message-ID: <20150918111022.3EF0A320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-requests ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1573-1 Rating: moderate References: #935252 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise High Availability 12 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: python-requests was updated to use the system CA certificate store. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-556=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-556=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-556=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-556=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-556=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-requests-2.3.0-6.5.2 - SUSE Linux Enterprise Server 12 (noarch): python-requests-2.3.0-6.5.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-requests-2.3.0-6.5.2 - SUSE Linux Enterprise High Availability 12 (noarch): python-requests-2.3.0-6.5.2 - SUSE Enterprise Storage 1.0 (noarch): python-requests-2.3.0-6.5.2 References: https://bugzilla.suse.com/935252 From sle-updates at lists.suse.com Fri Sep 18 05:12:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2015 13:12:59 +0200 (CEST) Subject: SUSE-RU-2015:1576-1: Recommended udpate for rubygem-chef Message-ID: <20150918111259.4B9C8320FF@maintenance.suse.de> SUSE Recommended Update: Recommended udpate for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1576-1 Rating: low References: #930574 #936302 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-chef provides the following fixes: - Running logrotate as root is insecure. Make sure logs are created with the right permissions and logrotate runs as chef:chef. (bsc#930574) - Allow "pausing" of intervallic chef-client runs (bsc#936302) - Do not repeatedly query rabbitmq-server in chef-create-ampq-password. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-557=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2015-557=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (x86_64): ruby2.1-rubygem-chef-10.32.2-10.1 rubygem-chef-10.32.2-10.1 - SUSE Enterprise Storage 1.0 (x86_64): ruby2.1-rubygem-chef-10.32.2-10.1 rubygem-chef-10.32.2-10.1 References: https://bugzilla.suse.com/930574 https://bugzilla.suse.com/936302 From sle-updates at lists.suse.com Mon Sep 21 01:10:00 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2015 09:10:00 +0200 (CEST) Subject: SUSE-SU-2015:1581-1: important: Security update for openssh Message-ID: <20150921071000.E5EB5320FC@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1581-1 Rating: important References: #673532 #903649 #905118 #914309 #916549 #932483 #936695 #938746 #943006 #943010 #945493 Cross-References: CVE-2015-4000 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. Description: openssh was updated to fix several security issues and bugs. These security issues were fixed: * CVE-2015-5352: The x11_open_helper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window (bsc#936695). * CVE-2015-5600: The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH did not properly restrict the processing of keyboard-interactive devices within a single connection, which made it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list (bsc#938746). * CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483). * Hardening patch to fix sftp RCE (bsc#903649). * CVE-2015-6563: The monitor component in sshd in OpenSSH accepted extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allowed local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. * CVE-2015-6564: Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH might have allowed local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. These non-security issues were fixed: - bsc#914309: sshd inherits oom_adj -17 on SIGHUP causing DoS potential for oom_killer. - bsc#673532: limits.conf fsize change in SLES10SP3 causing problems to WebSphere mqm user. - bsc#916549: Fixed support for aesXXX-gcm at openssh.com. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-openssh-12096=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-openssh-12096=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-openssh-12096=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssh-12096=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): openssh-6.2p2-0.21.1 openssh-askpass-6.2p2-0.21.1 openssh-askpass-gnome-6.2p2-0.21.3 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): openssh-6.2p2-0.21.1 openssh-askpass-6.2p2-0.21.1 openssh-askpass-gnome-6.2p2-0.21.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): openssh-6.2p2-0.21.1 openssh-askpass-6.2p2-0.21.1 openssh-askpass-gnome-6.2p2-0.21.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.2p2-0.21.3 openssh-debuginfo-6.2p2-0.21.1 openssh-debugsource-6.2p2-0.21.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://www.suse.com/security/cve/CVE-2015-5352.html https://www.suse.com/security/cve/CVE-2015-5600.html https://www.suse.com/security/cve/CVE-2015-6563.html https://www.suse.com/security/cve/CVE-2015-6564.html https://bugzilla.suse.com/673532 https://bugzilla.suse.com/903649 https://bugzilla.suse.com/905118 https://bugzilla.suse.com/914309 https://bugzilla.suse.com/916549 https://bugzilla.suse.com/932483 https://bugzilla.suse.com/936695 https://bugzilla.suse.com/938746 https://bugzilla.suse.com/943006 https://bugzilla.suse.com/943010 https://bugzilla.suse.com/945493 From sle-updates at lists.suse.com Mon Sep 21 03:09:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2015 11:09:44 +0200 (CEST) Subject: SUSE-RU-2015:1584-1: moderate: Recommended update for python-six Message-ID: <20150921090944.C0AA2320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-six ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1584-1 Rating: moderate References: #940812 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: python-six was updated to version 1.9.0, which brings several fixes and enhancements. For a comprehensive list of changes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-559=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-559=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-559=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-559=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): python-six-1.9.0-9.7.1 python-six-doc-1.9.0-9.7.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-six-1.9.0-9.7.1 - SUSE Linux Enterprise High Availability 12 (noarch): python-six-1.9.0-9.7.1 - SUSE Linux Enterprise Desktop 12 (noarch): python-six-1.9.0-9.7.1 python-six-doc-1.9.0-9.7.1 References: https://bugzilla.suse.com/940812 From sle-updates at lists.suse.com Mon Sep 21 05:09:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2015 13:09:38 +0200 (CEST) Subject: SUSE-RU-2015:1585-1: moderate: Recommended update for yast2-cluster Message-ID: <20150921110938.EA036320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1585-1 Rating: moderate References: #936352 #939429 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-cluster provides the following fixes: - Remove threads in security tab since it is no longer used in corosync 2.0. (bsc#936352) - Fix crash when attempting to retrieve empty mask of tun device. (bsc#939429) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-560=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (noarch): yast2-cluster-3.1.19-5.3 References: https://bugzilla.suse.com/936352 https://bugzilla.suse.com/939429 From sle-updates at lists.suse.com Mon Sep 21 05:10:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2015 13:10:22 +0200 (CEST) Subject: SUSE-RU-2015:1587-1: Recommended update for kbd Message-ID: <20150921111022.81EE3320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for kbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1587-1 Rating: low References: #915473 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes loading of some console keymaps, including the default keymap used by "loadkeys -d". Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-561=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-561=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kbd-1.15.5-8.4.1 kbd-debuginfo-1.15.5-8.4.1 kbd-debugsource-1.15.5-8.4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kbd-1.15.5-8.4.1 kbd-debuginfo-1.15.5-8.4.1 kbd-debugsource-1.15.5-8.4.1 References: https://bugzilla.suse.com/915473 From sle-updates at lists.suse.com Mon Sep 21 07:09:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2015 15:09:46 +0200 (CEST) Subject: SUSE-RU-2015:1588-1: Recommended update for libdlm Message-ID: <20150921130946.237D5320FC@maintenance.suse.de> SUSE Recommended Update: Recommended update for libdlm ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1588-1 Rating: low References: #944795 #944797 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libdlm provides the following fixes: - Move udev rules to %{_udevrulesdir}, packages should not ship files in /etc/udev/rules.d which is reserved for the sysadmin. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-562=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2015-562=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libdlm-debuginfo-4.0.2-7.3 libdlm-debugsource-4.0.2-7.3 libdlm-devel-4.0.2-7.3 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): libdlm-4.0.2-7.3 libdlm-debuginfo-4.0.2-7.3 libdlm-debugsource-4.0.2-7.3 libdlm3-4.0.2-7.3 libdlm3-debuginfo-4.0.2-7.3 References: https://bugzilla.suse.com/944795 https://bugzilla.suse.com/944797 From sle-updates at lists.suse.com Mon Sep 21 07:10:21 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2015 15:10:21 +0200 (CEST) Subject: SUSE-RU-2015:1589-1: moderate: Recommended update for ipmitool Message-ID: <20150921131021.A3CEC320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmitool ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1589-1 Rating: moderate References: #886184 #932705 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ipmitool provides the following fixes: - Fix broken lanplus retries by re-trying from scratch. (bsc#932705) - Let delloem functions pass a sane error code. (bsc#886184) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-ipmitool-12097=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-ipmitool-12097=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-ipmitool-12097=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ipmitool-12097=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): ipmitool-1.8.12-0.23.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 x86_64): ipmitool-1.8.12-0.23.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): ipmitool-1.8.12-0.23.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 x86_64): ipmitool-debuginfo-1.8.12-0.23.1 ipmitool-debugsource-1.8.12-0.23.1 References: https://bugzilla.suse.com/886184 https://bugzilla.suse.com/932705 From sle-updates at lists.suse.com Mon Sep 21 11:09:52 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2015 19:09:52 +0200 (CEST) Subject: SUSE-RU-2015:1590-1: moderate: Recommended update for yast2-nfs-client Message-ID: <20150921170952.3E113320FC@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-nfs-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1590-1 Rating: moderate References: #867766 #919061 #922307 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-nfs-client provides the following fixes: - Consider path dependencies between mount points, allowing eg. a local mount on top of an NFS mount point. (bsc#922307) - Fix crash when accessing certain variables outside their block local scope. (bsc#919061) - Removed obsolete service (nfsboot) handling. (bsc#867766) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-564=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-564=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): yast2-nfs-client-3.1.9.4-8.20 - SUSE Linux Enterprise Desktop 12 (noarch): yast2-nfs-client-3.1.9.4-8.20 References: https://bugzilla.suse.com/867766 https://bugzilla.suse.com/919061 https://bugzilla.suse.com/922307 From sle-updates at lists.suse.com Mon Sep 21 12:09:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2015 20:09:38 +0200 (CEST) Subject: SUSE-RU-2015:1591-1: Recommended update for mcelog Message-ID: <20150921180938.4D373320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for mcelog ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1591-1 Rating: low References: #942670 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mcelog adds support for Intel's Skylake platform. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mcelog-12098=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-mcelog-12098=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mcelog-12098=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (x86_64): mcelog-1.0.2014.12.20-0.23.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): mcelog-1.0.2014.12.20-0.23.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): mcelog-debuginfo-1.0.2014.12.20-0.23.1 mcelog-debugsource-1.0.2014.12.20-0.23.1 References: https://bugzilla.suse.com/942670 From sle-updates at lists.suse.com Tue Sep 22 02:09:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 10:09:39 +0200 (CEST) Subject: SUSE-SU-2015:1592-1: important: Security update for the Linux Kernel Message-ID: <20150922080939.21D18320FC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1592-1 Rating: important References: #851068 #867362 #873385 #883380 #886785 #894936 #915517 #917830 #919463 #920110 #920250 #920733 #921430 #923245 #924701 #925705 #925881 #925903 #926240 #926953 #927355 #927786 #929142 #929143 #930092 #930761 #930934 #931538 #932348 #932458 #933429 #933896 #933904 #933907 #933936 #934742 #934944 #935053 #935572 #935705 #935866 #935906 #936077 #936423 #936637 #936831 #936875 #936925 #937032 #937402 #937444 #937503 #937641 #937855 #939910 #939994 #940338 #940398 #942350 Cross-References: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0777 CVE-2015-1420 CVE-2015-1805 CVE-2015-2150 CVE-2015-2830 CVE-2015-4167 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 45 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive various security and bugfixes. The following feature was added for RT: - FATE#317131: The SocketCAN (Peak PCI) driver was added for CAN bus support. Following security bugs were fixed: - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code (bsc#940338). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: A race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to a crash which could occur while fetching inode information from a corrupted/malicious udf file system image. (bsc#933907). - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues in handling UDF filesystems in the Linux kernel allowed the corruption of kernel memory and other issues. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash. (bsc#933904 bsc#933896) - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bsc#919463). - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-1805: The Linux kernels implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (bsc#933429). Also the following non-security bugs were fixed: - audit: keep inode pinned (bsc#851068). - btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - cifs: Fix missing crypto allocation (bnc#937402). - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348). - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails. - ext3: Fix data corruption in inodes with journalled data (bsc#936637) - ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipr: Increase default adapter init stage change timeout (bsc#930761). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. (bsc#934742) - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: Fix "ip rule delete table 256" (bsc#873385). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - nfsd: Fix nfsv4 opcode decoding error (bsc#935906). - nfsd: support disabling 64bit dir cookies (bnc#937503). - nfs: never queue requests with rq_cong set on the sending queue (bsc#932458). - nfsv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Disable Bus Master only on kexec reboot (bsc#920110). - pci: disable Bus Master on PCI device shutdown (bsc#920110). - pci: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - pci: Don't try to disable Bus Master on disconnected PCI devices (bsc#920110). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: set host msg status correctly (bnc#933936) - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86, tls: Interpret an all-zero struct user_desc as "no segment" (bsc#920250). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: avoid mounting of xfs filesystems with inconsistent option (bnc#925705) - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP3: zypper in -t patch slertesp3-kernel-rt-201509-12099=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-rt-201509-12099=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP3 (x86_64): kernel-rt-3.0.101.rt130-0.33.40.1 kernel-rt-base-3.0.101.rt130-0.33.40.1 kernel-rt-devel-3.0.101.rt130-0.33.40.1 kernel-rt_trace-3.0.101.rt130-0.33.40.1 kernel-rt_trace-base-3.0.101.rt130-0.33.40.1 kernel-rt_trace-devel-3.0.101.rt130-0.33.40.1 kernel-source-rt-3.0.101.rt130-0.33.40.1 kernel-syms-rt-3.0.101.rt130-0.33.40.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-0.33.40.1 kernel-rt-debugsource-3.0.101.rt130-0.33.40.1 kernel-rt_trace-debuginfo-3.0.101.rt130-0.33.40.1 kernel-rt_trace-debugsource-3.0.101.rt130-0.33.40.1 References: https://www.suse.com/security/cve/CVE-2014-9728.html https://www.suse.com/security/cve/CVE-2014-9729.html https://www.suse.com/security/cve/CVE-2014-9730.html https://www.suse.com/security/cve/CVE-2014-9731.html https://www.suse.com/security/cve/CVE-2015-0777.html https://www.suse.com/security/cve/CVE-2015-1420.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-2150.html https://www.suse.com/security/cve/CVE-2015-2830.html https://www.suse.com/security/cve/CVE-2015-4167.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://www.suse.com/security/cve/CVE-2015-5707.html https://bugzilla.suse.com/851068 https://bugzilla.suse.com/867362 https://bugzilla.suse.com/873385 https://bugzilla.suse.com/883380 https://bugzilla.suse.com/886785 https://bugzilla.suse.com/894936 https://bugzilla.suse.com/915517 https://bugzilla.suse.com/917830 https://bugzilla.suse.com/919463 https://bugzilla.suse.com/920110 https://bugzilla.suse.com/920250 https://bugzilla.suse.com/920733 https://bugzilla.suse.com/921430 https://bugzilla.suse.com/923245 https://bugzilla.suse.com/924701 https://bugzilla.suse.com/925705 https://bugzilla.suse.com/925881 https://bugzilla.suse.com/925903 https://bugzilla.suse.com/926240 https://bugzilla.suse.com/926953 https://bugzilla.suse.com/927355 https://bugzilla.suse.com/927786 https://bugzilla.suse.com/929142 https://bugzilla.suse.com/929143 https://bugzilla.suse.com/930092 https://bugzilla.suse.com/930761 https://bugzilla.suse.com/930934 https://bugzilla.suse.com/931538 https://bugzilla.suse.com/932348 https://bugzilla.suse.com/932458 https://bugzilla.suse.com/933429 https://bugzilla.suse.com/933896 https://bugzilla.suse.com/933904 https://bugzilla.suse.com/933907 https://bugzilla.suse.com/933936 https://bugzilla.suse.com/934742 https://bugzilla.suse.com/934944 https://bugzilla.suse.com/935053 https://bugzilla.suse.com/935572 https://bugzilla.suse.com/935705 https://bugzilla.suse.com/935866 https://bugzilla.suse.com/935906 https://bugzilla.suse.com/936077 https://bugzilla.suse.com/936423 https://bugzilla.suse.com/936637 https://bugzilla.suse.com/936831 https://bugzilla.suse.com/936875 https://bugzilla.suse.com/936925 https://bugzilla.suse.com/937032 https://bugzilla.suse.com/937402 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/937503 https://bugzilla.suse.com/937641 https://bugzilla.suse.com/937855 https://bugzilla.suse.com/939910 https://bugzilla.suse.com/939994 https://bugzilla.suse.com/940338 https://bugzilla.suse.com/940398 https://bugzilla.suse.com/942350 From sle-updates at lists.suse.com Tue Sep 22 05:10:07 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 13:10:07 +0200 (CEST) Subject: SUSE-RU-2015:1599-1: Recommended update for LibVNCServer Message-ID: <20150922111007.EC6B5320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1599-1 Rating: low References: #893343 #904676 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update adds libvncclient.so.0 to SUSE Linux Enterprise Desktop 12. It also marks the old LibVNCServer as obsolete in libvncclient0 package. The old version included binaries, devel and runtime libs. But nothing removes the old package, which leads to file conflicts during upgrade if linuxvnc.rpm is not on the install media. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-567=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-567=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-567=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-12.3 LibVNCServer-devel-0.9.9-12.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-12.3 libvncclient0-0.9.9-12.3 libvncclient0-debuginfo-0.9.9-12.3 libvncserver0-0.9.9-12.3 libvncserver0-debuginfo-0.9.9-12.3 - SUSE Linux Enterprise Desktop 12 (x86_64): LibVNCServer-debugsource-0.9.9-12.3 libvncclient0-0.9.9-12.3 libvncclient0-debuginfo-0.9.9-12.3 libvncserver0-0.9.9-12.3 libvncserver0-debuginfo-0.9.9-12.3 References: https://bugzilla.suse.com/893343 https://bugzilla.suse.com/904676 From sle-updates at lists.suse.com Tue Sep 22 05:10:39 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 13:10:39 +0200 (CEST) Subject: SUSE-RU-2015:1600-1: Recommended update for grep Message-ID: <20150922111039.A251B320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for grep ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1600-1 Rating: low References: #920386 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grep fixes undefined behaviour with -P and non-utf-8 data. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-568=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-568=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): grep-2.16-3.1 grep-debuginfo-2.16-3.1 grep-debugsource-2.16-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): grep-2.16-3.1 grep-debuginfo-2.16-3.1 grep-debugsource-2.16-3.1 References: https://bugzilla.suse.com/920386 From sle-updates at lists.suse.com Tue Sep 22 06:09:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 14:09:49 +0200 (CEST) Subject: SUSE-RU-2015:1601-1: Recommended update for gedit Message-ID: <20150922120949.E1F0D320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for gedit ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1601-1 Rating: low References: #910913 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: gedit was updated to fix a bug where enabling plugin snippets caused crash when closing a tab. This update also includes a new python3-cairo-gobject dependency for gedit. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-569=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-569=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-569=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-569=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gedit-debuginfo-3.10.4-4.21 gedit-debugsource-3.10.4-4.21 gedit-devel-3.10.4-4.21 python3-gobject-debuginfo-3.10.2-3.5 python3-gobject-debugsource-3.10.2-3.5 python3-gobject-devel-3.10.2-3.5 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gedit-3.10.4-4.21 gedit-debuginfo-3.10.4-4.21 gedit-debugsource-3.10.4-4.21 libpyglib-gi-2_0-python3-0-3.10.2-3.5 libpyglib-gi-2_0-python3-0-debuginfo-3.10.2-3.5 python3-gedit-3.10.4-4.21 python3-gobject-3.10.2-3.5 python3-gobject-cairo-3.10.2-3.5 python3-gobject-cairo-debuginfo-3.10.2-3.5 python3-gobject-debuginfo-3.10.2-3.5 python3-gobject-debugsource-3.10.2-3.5 - SUSE Linux Enterprise Server 12 (noarch): gedit-lang-3.10.4-4.21 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): gedit-debuginfo-3.10.4-4.21 gedit-debugsource-3.10.4-4.21 libpyglib-gi-2_0-python3-0-3.10.2-3.5 libpyglib-gi-2_0-python3-0-debuginfo-3.10.2-3.5 python3-gedit-3.10.4-4.21 python3-gobject-3.10.2-3.5 python3-gobject-cairo-3.10.2-3.5 python3-gobject-cairo-debuginfo-3.10.2-3.5 python3-gobject-debuginfo-3.10.2-3.5 python3-gobject-debugsource-3.10.2-3.5 - SUSE Linux Enterprise Desktop 12 (x86_64): gedit-3.10.4-4.21 gedit-debuginfo-3.10.4-4.21 gedit-debugsource-3.10.4-4.21 libpyglib-gi-2_0-python3-0-3.10.2-3.5 libpyglib-gi-2_0-python3-0-debuginfo-3.10.2-3.5 python3-gedit-3.10.4-4.21 python3-gobject-3.10.2-3.5 python3-gobject-cairo-3.10.2-3.5 python3-gobject-cairo-debuginfo-3.10.2-3.5 python3-gobject-debuginfo-3.10.2-3.5 python3-gobject-debugsource-3.10.2-3.5 - SUSE Linux Enterprise Desktop 12 (noarch): gedit-lang-3.10.4-4.21 References: https://bugzilla.suse.com/910913 From sle-updates at lists.suse.com Tue Sep 22 08:09:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 16:09:41 +0200 (CEST) Subject: SUSE-SU-2015:1602-1: Security update for python modules Message-ID: <20150922140941.8400D320FC@maintenance.suse.de> SUSE Security Update: Security update for python modules ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1602-1 Rating: low References: #914910 #928205 #933758 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for several python modules provides the following security fix and improvements. - python-keystonemiddleware: + Fix s3_token middleware parsing insecure option (bsc#928205, CVE-2015-1852) - python-novaclient: + Update novaclient shell to use shared arguments from Session (bnc#933758) + Support using the Keystone V3 API from the Nova CLI (bnc#933758) - python-swiftclient: + Add dependency to python-setuptools (bnc#914910) - python-glanceclient: + Remove deprecation warning Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-570=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-glanceclient-0.15.0-3.1 python-keystoneclient-1.0.0-19.1 python-keystoneclient-doc-1.0.0-19.1 python-keystonemiddleware-1.2.0-4.1 python-novaclient-2.20.0-6.1 python-novaclient-doc-2.20.0-6.1 python-swiftclient-2.3.1-3.1 python-swiftclient-doc-2.3.1-3.1 References: https://bugzilla.suse.com/914910 https://bugzilla.suse.com/928205 https://bugzilla.suse.com/933758 From sle-updates at lists.suse.com Tue Sep 22 08:10:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 16:10:31 +0200 (CEST) Subject: SUSE-RU-2015:1603-1: Recommended update for docbook_4 Message-ID: <20150922141031.579E3320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for docbook_4 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1603-1 Rating: low References: #918565 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for DocBook 4 fixes a subtle XML catalog bug. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-572=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-572=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): docbook_4-4.5-141.1 - SUSE Linux Enterprise Desktop 12 (noarch): docbook_4-4.5-141.1 References: https://bugzilla.suse.com/918565 From sle-updates at lists.suse.com Tue Sep 22 08:10:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 16:10:53 +0200 (CEST) Subject: SUSE-RU-2015:1604-1: moderate: Recommended update for libXi Message-ID: <20150922141053.92122320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for libXi ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1604-1 Rating: moderate References: #940529 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides libXi 1.7.4, which brings several fixes and enhancements: - Fix handling of request elements for the XIChangeHierarchy(XIAddMaster) request. - Fix display locking inside _XIPassiveGrabDevice for error paths. - Fix locking problems in XIGrabTouchBegin(), XIAllowTouchEvents() and XIUngrabTouchBegin(). - Remove fallback for _XEatDataWords, no longer needed on SLE 12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-573=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-573=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-573=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libXi-debugsource-1.7.4-9.2 libXi-devel-1.7.4-9.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libXi-debugsource-1.7.4-9.2 libXi6-1.7.4-9.2 libXi6-debuginfo-1.7.4-9.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libXi6-32bit-1.7.4-9.2 libXi6-debuginfo-32bit-1.7.4-9.2 - SUSE Linux Enterprise Desktop 12 (x86_64): libXi-debugsource-1.7.4-9.2 libXi6-1.7.4-9.2 libXi6-32bit-1.7.4-9.2 libXi6-debuginfo-1.7.4-9.2 libXi6-debuginfo-32bit-1.7.4-9.2 References: https://bugzilla.suse.com/940529 From sle-updates at lists.suse.com Tue Sep 22 08:11:15 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 16:11:15 +0200 (CEST) Subject: SUSE-RU-2015:1605-1: Recommended update for make Message-ID: <20150922141115.43D5B320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for make ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1605-1 Rating: low References: #934131 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for make provides the following fixes: - Force recomputing .VARIABLES when a variable was made undefined. (bsc#934131) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-571=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-571=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): make-4.0-4.1 make-debuginfo-4.0-4.1 make-debugsource-4.0-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): make-4.0-4.1 make-debuginfo-4.0-4.1 make-debugsource-4.0-4.1 References: https://bugzilla.suse.com/934131 From sle-updates at lists.suse.com Tue Sep 22 09:09:47 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 17:09:47 +0200 (CEST) Subject: SUSE-RU-2015:1606-1: Recommended update for yast2-metapackage-handler Message-ID: <20150922150947.32A72320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-metapackage-handler ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1606-1 Rating: low References: #551014 #926313 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-metapackage-handler provides the following fixes: - Do not use repository name as alias, it must be unique, let pkg-bindings create it. (bsc#551014) - OneClickInstallCLI: use /usr/sbin/yast instead of /sbin/YaST. (bsc#926313) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-575=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-575=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): yast2-metapackage-handler-3.1.4-3.2 - SUSE Linux Enterprise Desktop 12 (noarch): yast2-metapackage-handler-3.1.4-3.2 References: https://bugzilla.suse.com/551014 https://bugzilla.suse.com/926313 From sle-updates at lists.suse.com Tue Sep 22 09:10:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 17:10:19 +0200 (CEST) Subject: SUSE-RU-2015:1607-1: Recommended update for python-oslo.i18n, python-oslo.utils Message-ID: <20150922151019.34349320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-oslo.i18n, python-oslo.utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1607-1 Rating: low References: #931204 #945127 #945243 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides newer versions of python-oslo.utils and python-oslo.i18n. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2015-577=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-oslo.i18n-1.3.1-5.1 python-oslo.utils-1.4.0-6.1 References: https://bugzilla.suse.com/931204 https://bugzilla.suse.com/945127 https://bugzilla.suse.com/945243 From sle-updates at lists.suse.com Tue Sep 22 09:10:57 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 17:10:57 +0200 (CEST) Subject: SUSE-RU-2015:1608-1: Recommended update for mcelog Message-ID: <20150922151057.4B4BA320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for mcelog ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1608-1 Rating: low References: #920197 #925436 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mcelog provides the following fixes: - Do not try to set msr on unknown CPU types. (bsc#920197) - Load 'msr' module prior to starting mcelog. (bsc#920197) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-576=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-576=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): mcelog-1.0.1-5.3.3 mcelog-debuginfo-1.0.1-5.3.3 mcelog-debugsource-1.0.1-5.3.3 - SUSE Linux Enterprise Desktop 12 (x86_64): mcelog-1.0.1-5.3.3 mcelog-debuginfo-1.0.1-5.3.3 mcelog-debugsource-1.0.1-5.3.3 References: https://bugzilla.suse.com/920197 https://bugzilla.suse.com/925436 From sle-updates at lists.suse.com Tue Sep 22 10:09:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2015 18:09:36 +0200 (CEST) Subject: SUSE-RU-2015:1609-1: moderate: Recommended update for open-vm-tools Message-ID: <20150922160936.4688D320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1609-1 Rating: moderate References: #913727 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update improves the 'network' script that comes with open-vm-tools, adding support for systemd and fixing an issue that prevented virtual machines hosted on VMware Fusion, Workstation or Player from suspending correctly. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-578=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-578=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): libvmtools0-9.4.0-10.3.3 libvmtools0-debuginfo-9.4.0-10.3.3 open-vm-tools-9.4.0-10.3.3 open-vm-tools-debuginfo-9.4.0-10.3.3 open-vm-tools-debugsource-9.4.0-10.3.3 open-vm-tools-desktop-9.4.0-10.3.3 open-vm-tools-desktop-debuginfo-9.4.0-10.3.3 - SUSE Linux Enterprise Desktop 12 (x86_64): libvmtools0-9.4.0-10.3.3 libvmtools0-debuginfo-9.4.0-10.3.3 open-vm-tools-9.4.0-10.3.3 open-vm-tools-debuginfo-9.4.0-10.3.3 open-vm-tools-debugsource-9.4.0-10.3.3 open-vm-tools-desktop-9.4.0-10.3.3 open-vm-tools-desktop-debuginfo-9.4.0-10.3.3 References: https://bugzilla.suse.com/913727 From sle-updates at lists.suse.com Tue Sep 22 20:11:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2015 04:11:19 +0200 (CEST) Subject: SUSE-RU-2015:1610-1: Recommended update for ucode-intel Message-ID: <20150923021119.BA29A3206F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1610-1 Rating: low References: #913004 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest revision of the microcode for Intel CPUs (version 20150121). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-579=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-579=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): ucode-intel-20150121-3.1 ucode-intel-debuginfo-20150121-3.1 ucode-intel-debugsource-20150121-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ucode-intel-20150121-3.1 ucode-intel-debuginfo-20150121-3.1 ucode-intel-debugsource-20150121-3.1 References: https://bugzilla.suse.com/913004 From sle-updates at lists.suse.com Wed Sep 23 03:09:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2015 11:09:58 +0200 (CEST) Subject: SUSE-SU-2015:1611-1: important: Security update for the Linux Kernel Message-ID: <20150923090958.371B2320FC@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1611-1 Rating: important References: #851068 #867362 #873385 #883380 #886785 #894936 #915517 #917830 #919463 #920110 #920250 #920733 #921430 #923245 #924701 #925705 #925881 #925903 #926240 #926953 #927355 #927786 #929142 #929143 #930092 #930761 #930934 #931538 #932348 #932458 #933429 #933896 #933904 #933907 #933936 #934742 #934944 #935053 #935572 #935705 #935866 #935906 #936077 #936423 #936637 #936831 #936875 #936925 #937032 #937402 #937444 #937503 #937641 #937855 #939910 #939994 #940338 #940398 #942350 Cross-References: CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731 CVE-2015-0777 CVE-2015-1420 CVE-2015-1805 CVE-2015-2150 CVE-2015-2830 CVE-2015-4167 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366 CVE-2015-5707 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 45 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code (bsc#940338). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: A race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to a crash which could occur while fetching inode information from a corrupted/malicious udf file system image. (bsc#933907). - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues in handling UDF filesystems in the Linux kernel allowed the corruption of kernel memory and other issues. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash. (bsc#933904 bsc#933896) - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bsc#919463). - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-1805: The Linux kernels implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (bsc#933429). Also the following non-security bugs were fixed: - audit: keep inode pinned (bsc#851068). - btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#942350). - btrfs: check if previous transaction aborted to avoid fs corruption (bnc#942350). - btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#942350). - cifs: Fix missing crypto allocation (bnc#937402). - client MUST ignore EncryptionKeyLength if CAP_EXTENDED_SECURITY is set (bnc#932348). - drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572). - drm/cirrus: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (bsc#935572). - drm/mgag200: Do not do full cleanup if mgag200_device_init fails. - ext3: Fix data corruption in inodes with journalled data (bsc#936637) - ext4: handle SEEK_HOLE/SEEK_DATA generically (bsc#934944). - fanotify: Fix deadlock with permission events (bsc#935053). - fork: reset mm->pinned_vm (bnc#937855). - hrtimer: prevent timer interrupt DoS (bnc#886785). - hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092). - IB/core: Fix mismatch between locked and pinned pages (bnc#937855). - iommu/amd: Fix memory leak in free_pagetable (bsc#935866). - iommu/amd: Handle integer overflow in dma_ops_area_alloc (bsc#931538). - iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866). - ipr: Increase default adapter init stage change timeout (bsc#930761). - ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned (bsc#927355). - kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444). - kernel: add panic_on_warn. (bsc#934742) - kvm: irqchip: Break up high order allocations of kvm_irq_routing_table (bnc#926953). - libata: prevent HSM state change race between ISR and PIO (bsc#923245). - md: use kzalloc() when bitmap is disabled (bsc#939994). - megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936). - mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355). - mm/hugetlb: check for pte NULL pointer in __page_check_address() (bnc#929143). - mm: restrict access to slab files under procfs and sysfs (bnc#936077). - net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference (bsc#867362). - net: Fix "ip rule delete table 256" (bsc#873385). - net: ipv6: fib: do not sleep inside atomic lock (bsc#867362). - net/mlx4_core: Do not disable SRIOV if there are active VFs (bsc#927355). - nfsd: Fix nfsv4 opcode decoding error (bsc#935906). - nfsd: support disabling 64bit dir cookies (bnc#937503). - nfs: never queue requests with rq_cong set on the sending queue (bsc#932458). - nfsv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bsc#939910). - pagecache limit: add tracepoints (bnc#924701). - pagecache limit: Do not skip over small zones that easily (bnc#925881). - pagecache limit: export debugging counters via /proc/vmstat (bnc#924701). - pagecache limit: fix wrong nr_reclaimed count (bnc#924701). - pagecache limit: reduce starvation due to reclaim retries (bnc#925903). - pci: Add SRIOV helper function to determine if VFs are assigned to guest (bsc#927355). - pci: Disable Bus Master only on kexec reboot (bsc#920110). - pci: disable Bus Master on PCI device shutdown (bsc#920110). - pci: Disable Bus Master unconditionally in pci_device_shutdown() (bsc#920110). - pci: Don't try to disable Bus Master on disconnected PCI devices (bsc#920110). - perf, nmi: Fix unknown NMI warning (bsc#929142). - perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142). - rtlwifi: rtl8192cu: Fix kernel deadlock (bnc#927786). - sched: fix __sched_setscheduler() vs load balancing race (bnc#921430) - scsi_error: add missing case statements in scsi_decide_disposition() (bsc#920733). - scsi: Set hostbyte status in scsi_check_sense() (bsc#920733). - scsi: set host msg status correctly (bnc#933936) - scsi: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934). - st: null pointer dereference panic caused by use after kref_put by st_open (bsc#936875). - udf: Remove repeated loads blocksize (bsc#933907). - usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset (bnc#937641). - vmxnet3: Bump up driver version number (bsc#936423). - vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423). - vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423). - vmxnet3: Register shutdown handler for device (fwd) (bug#936423). - x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032). - x86, tls: Interpret an all-zero struct user_desc as "no segment" (bsc#920250). - x86, tls, ldt: Stop checking lm in LDT_empty (bsc#920250). - xenbus: add proper handling of XS_ERROR from Xenbus for transactions. - xfs: avoid mounting of xfs filesystems with inconsistent option (bnc#925705) - zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925, LTC#126491). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-kernel-201508-12100=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-kernel-201508-12100=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-201508-12100=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-kernel-201508-12100=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-201508-12100=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): kernel-default-3.0.101-0.47.67.2 kernel-default-base-3.0.101-0.47.67.2 kernel-default-devel-3.0.101-0.47.67.2 kernel-source-3.0.101-0.47.67.2 kernel-syms-3.0.101-0.47.67.2 kernel-trace-3.0.101-0.47.67.2 kernel-trace-base-3.0.101-0.47.67.2 kernel-trace-devel-3.0.101-0.47.67.2 kernel-xen-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): kernel-bigsmp-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586): kernel-pae-3.0.101-0.47.67.2 kernel-pae-base-3.0.101-0.47.67.2 kernel-pae-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-0.47.67.2 kernel-default-base-3.0.101-0.47.67.2 kernel-default-devel-3.0.101-0.47.67.2 kernel-source-3.0.101-0.47.67.2 kernel-syms-3.0.101-0.47.67.2 kernel-trace-3.0.101-0.47.67.2 kernel-trace-base-3.0.101-0.47.67.2 kernel-trace-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (i586 x86_64): kernel-ec2-3.0.101-0.47.67.2 kernel-ec2-base-3.0.101-0.47.67.2 kernel-ec2-devel-3.0.101-0.47.67.2 kernel-xen-3.0.101-0.47.67.2 kernel-xen-base-3.0.101-0.47.67.2 kernel-xen-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (x86_64): kernel-bigsmp-3.0.101-0.47.67.2 kernel-bigsmp-base-3.0.101-0.47.67.2 kernel-bigsmp-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (s390x): kernel-default-man-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (ppc64): kernel-ppc64-3.0.101-0.47.67.2 kernel-ppc64-base-3.0.101-0.47.67.2 kernel-ppc64-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-SP3 (i586): kernel-pae-3.0.101-0.47.67.2 kernel-pae-base-3.0.101-0.47.67.2 kernel-pae-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): kernel-default-3.0.101-0.47.67.2 kernel-default-base-3.0.101-0.47.67.2 kernel-default-devel-3.0.101-0.47.67.2 kernel-default-extra-3.0.101-0.47.67.2 kernel-source-3.0.101-0.47.67.2 kernel-syms-3.0.101-0.47.67.2 kernel-trace-devel-3.0.101-0.47.67.2 kernel-xen-3.0.101-0.47.67.2 kernel-xen-base-3.0.101-0.47.67.2 kernel-xen-devel-3.0.101-0.47.67.2 kernel-xen-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): kernel-bigsmp-devel-3.0.101-0.47.67.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586): kernel-pae-3.0.101-0.47.67.2 kernel-pae-base-3.0.101-0.47.67.2 kernel-pae-devel-3.0.101-0.47.67.2 kernel-pae-extra-3.0.101-0.47.67.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.67.2 kernel-default-debugsource-3.0.101-0.47.67.2 kernel-trace-debuginfo-3.0.101-0.47.67.2 kernel-trace-debugsource-3.0.101-0.47.67.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.67.2 kernel-ec2-debugsource-3.0.101-0.47.67.2 kernel-xen-debuginfo-3.0.101-0.47.67.2 kernel-xen-debugsource-3.0.101-0.47.67.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.67.2 kernel-bigsmp-debugsource-3.0.101-0.47.67.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (ppc64): kernel-ppc64-debuginfo-3.0.101-0.47.67.2 kernel-ppc64-debugsource-3.0.101-0.47.67.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.67.2 kernel-pae-debugsource-3.0.101-0.47.67.2 References: https://www.suse.com/security/cve/CVE-2014-9728.html https://www.suse.com/security/cve/CVE-2014-9729.html https://www.suse.com/security/cve/CVE-2014-9730.html https://www.suse.com/security/cve/CVE-2014-9731.html https://www.suse.com/security/cve/CVE-2015-0777.html https://www.suse.com/security/cve/CVE-2015-1420.html https://www.suse.com/security/cve/CVE-2015-1805.html https://www.suse.com/security/cve/CVE-2015-2150.html https://www.suse.com/security/cve/CVE-2015-2830.html https://www.suse.com/security/cve/CVE-2015-4167.html https://www.suse.com/security/cve/CVE-2015-4700.html https://www.suse.com/security/cve/CVE-2015-5364.html https://www.suse.com/security/cve/CVE-2015-5366.html https://www.suse.com/security/cve/CVE-2015-5707.html https://bugzilla.suse.com/851068 https://bugzilla.suse.com/867362 https://bugzilla.suse.com/873385 https://bugzilla.suse.com/883380 https://bugzilla.suse.com/886785 https://bugzilla.suse.com/894936 https://bugzilla.suse.com/915517 https://bugzilla.suse.com/917830 https://bugzilla.suse.com/919463 https://bugzilla.suse.com/920110 https://bugzilla.suse.com/920250 https://bugzilla.suse.com/920733 https://bugzilla.suse.com/921430 https://bugzilla.suse.com/923245 https://bugzilla.suse.com/924701 https://bugzilla.suse.com/925705 https://bugzilla.suse.com/925881 https://bugzilla.suse.com/925903 https://bugzilla.suse.com/926240 https://bugzilla.suse.com/926953 https://bugzilla.suse.com/927355 https://bugzilla.suse.com/927786 https://bugzilla.suse.com/929142 https://bugzilla.suse.com/929143 https://bugzilla.suse.com/930092 https://bugzilla.suse.com/930761 https://bugzilla.suse.com/930934 https://bugzilla.suse.com/931538 https://bugzilla.suse.com/932348 https://bugzilla.suse.com/932458 https://bugzilla.suse.com/933429 https://bugzilla.suse.com/933896 https://bugzilla.suse.com/933904 https://bugzilla.suse.com/933907 https://bugzilla.suse.com/933936 https://bugzilla.suse.com/934742 https://bugzilla.suse.com/934944 https://bugzilla.suse.com/935053 https://bugzilla.suse.com/935572 https://bugzilla.suse.com/935705 https://bugzilla.suse.com/935866 https://bugzilla.suse.com/935906 https://bugzilla.suse.com/936077 https://bugzilla.suse.com/936423 https://bugzilla.suse.com/936637 https://bugzilla.suse.com/936831 https://bugzilla.suse.com/936875 https://bugzilla.suse.com/936925 https://bugzilla.suse.com/937032 https://bugzilla.suse.com/937402 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/937503 https://bugzilla.suse.com/937641 https://bugzilla.suse.com/937855 https://bugzilla.suse.com/939910 https://bugzilla.suse.com/939994 https://bugzilla.suse.com/940338 https://bugzilla.suse.com/940398 https://bugzilla.suse.com/942350 From sle-updates at lists.suse.com Wed Sep 23 08:06:48 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2015 16:06:48 +0200 (CEST) Subject: SUSE-SU-2015:1612-1: moderate: Security update for kernel-source Message-ID: <20150923140648.81062320FE@maintenance.suse.de> SUSE Security Update: Security update for kernel-source ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1612-1 Rating: moderate References: #924525 #936916 #944001 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: The SUSE Linux Enterprise 12 kernel was updated to version 3.12.44-52.13 to receive various bugfixes. - Btrfs: don't initialize a space info as full to prevent ENOSPC (bsc#944001). - kernel/kvm: Fix MSA3/MSA4 detection (bsc#936916, LTC#127868). - zcrypt: Fixed reset and interrupt handling of AP queues (bsc#936916, LTC#126491). - Update s390x kABI files after gcc update (bsc#924525). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-588=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-588=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-588=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-588=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2015-588=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-588=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.44-52.18.1 kernel-default-debugsource-3.12.44-52.18.1 kernel-default-extra-3.12.44-52.18.1 kernel-default-extra-debuginfo-3.12.44-52.18.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.44-52.18.1 kernel-obs-build-debugsource-3.12.44-52.18.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.44-52.18.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.44-52.18.1 kernel-default-base-3.12.44-52.18.1 kernel-default-base-debuginfo-3.12.44-52.18.1 kernel-default-debuginfo-3.12.44-52.18.1 kernel-default-debugsource-3.12.44-52.18.1 kernel-default-devel-3.12.44-52.18.1 kernel-syms-3.12.44-52.18.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.44-52.18.1 kernel-xen-base-3.12.44-52.18.1 kernel-xen-base-debuginfo-3.12.44-52.18.1 kernel-xen-debuginfo-3.12.44-52.18.1 kernel-xen-debugsource-3.12.44-52.18.1 kernel-xen-devel-3.12.44-52.18.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.44-52.18.1 kernel-macros-3.12.44-52.18.1 kernel-source-3.12.44-52.18.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.44-52.18.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.44-52.18.1 kernel-ec2-debuginfo-3.12.44-52.18.1 kernel-ec2-debugsource-3.12.44-52.18.1 kernel-ec2-devel-3.12.44-52.18.1 kernel-ec2-extra-3.12.44-52.18.1 kernel-ec2-extra-debuginfo-3.12.44-52.18.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_44-52_18-default-1-4.2 kgraft-patch-3_12_44-52_18-xen-1-4.2 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.44-52.18.1 kernel-default-debuginfo-3.12.44-52.18.1 kernel-default-debugsource-3.12.44-52.18.1 kernel-default-devel-3.12.44-52.18.1 kernel-default-extra-3.12.44-52.18.1 kernel-default-extra-debuginfo-3.12.44-52.18.1 kernel-syms-3.12.44-52.18.1 kernel-xen-3.12.44-52.18.1 kernel-xen-debuginfo-3.12.44-52.18.1 kernel-xen-debugsource-3.12.44-52.18.1 kernel-xen-devel-3.12.44-52.18.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.44-52.18.1 kernel-macros-3.12.44-52.18.1 kernel-source-3.12.44-52.18.1 References: https://bugzilla.suse.com/924525 https://bugzilla.suse.com/936916 https://bugzilla.suse.com/944001 From sle-updates at lists.suse.com Wed Sep 23 08:07:06 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2015 16:07:06 +0200 (CEST) Subject: SUSE-RU-2015:1613-1: Recommended update for gvfs Message-ID: <20150923140706.D642D320FE@maintenance.suse.de> SUSE Recommended Update: Recommended update for gvfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1613-1 Rating: low References: #903858 #924621 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gvfs provides the following fixes: - Disable printing of debug messages by default. (bsc#903858) - Fix memory leak in gvfs-hal-volume-monitor. (bsc#924621) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-584=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-584=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-584=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gvfs-debuginfo-1.18.3-7.3 gvfs-debugsource-1.18.3-7.3 gvfs-devel-1.18.3-7.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gvfs-1.18.3-7.3 gvfs-backends-1.18.3-7.3 gvfs-backends-debuginfo-1.18.3-7.3 gvfs-debuginfo-1.18.3-7.3 gvfs-debugsource-1.18.3-7.3 gvfs-fuse-1.18.3-7.3 gvfs-fuse-debuginfo-1.18.3-7.3 libgvfscommon0-1.18.3-7.3 libgvfscommon0-debuginfo-1.18.3-7.3 - SUSE Linux Enterprise Server 12 (noarch): gvfs-lang-1.18.3-7.3 - SUSE Linux Enterprise Desktop 12 (x86_64): gvfs-1.18.3-7.3 gvfs-backends-1.18.3-7.3 gvfs-backends-debuginfo-1.18.3-7.3 gvfs-debuginfo-1.18.3-7.3 gvfs-debugsource-1.18.3-7.3 gvfs-fuse-1.18.3-7.3 gvfs-fuse-debuginfo-1.18.3-7.3 libgvfscommon0-1.18.3-7.3 libgvfscommon0-debuginfo-1.18.3-7.3 - SUSE Linux Enterprise Desktop 12 (noarch): gvfs-lang-1.18.3-7.3 References: https://bugzilla.suse.com/903858 https://bugzilla.suse.com/924621 From sle-updates at lists.suse.com Wed Sep 23 08:07:41 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2015 16:07:41 +0200 (CEST) Subject: SUSE-SU-2015:1614-1: important: Security update for flash-player Message-ID: <20150923140741.BB4F2320FE@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1614-1 Rating: important References: #946880 Cross-References: CVE-2015-5567 CVE-2015-5568 CVE-2015-5570 CVE-2015-5571 CVE-2015-5572 CVE-2015-5573 CVE-2015-5574 CVE-2015-5575 CVE-2015-5576 CVE-2015-5577 CVE-2015-5578 CVE-2015-5579 CVE-2015-5580 CVE-2015-5581 CVE-2015-5582 CVE-2015-5584 CVE-2015-5587 CVE-2015-5588 CVE-2015-6676 CVE-2015-6677 CVE-2015-6678 CVE-2015-6679 CVE-2015-6682 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues: More information can be found on: https://helpx.adobe.com/security/products/flash-player/apsb15-23.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12101=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-flash-player-12101=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.521-0.17.1 flash-player-gnome-11.2.202.521-0.17.1 flash-player-kde4-11.2.202.521-0.17.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): flash-player-11.2.202.521-0.17.1 flash-player-gnome-11.2.202.521-0.17.1 flash-player-kde4-11.2.202.521-0.17.1 References: https://www.suse.com/security/cve/CVE-2015-5567.html https://www.suse.com/security/cve/CVE-2015-5568.html https://www.suse.com/security/cve/CVE-2015-5570.html https://www.suse.com/security/cve/CVE-2015-5571.html https://www.suse.com/security/cve/CVE-2015-5572.html https://www.suse.com/security/cve/CVE-2015-5573.html https://www.suse.com/security/cve/CVE-2015-5574.html https://www.suse.com/security/cve/CVE-2015-5575.html https://www.suse.com/security/cve/CVE-2015-5576.html https://www.suse.com/security/cve/CVE-2015-5577.html https://www.suse.com/security/cve/CVE-2015-5578.html https://www.suse.com/security/cve/CVE-2015-5579.html https://www.suse.com/security/cve/CVE-2015-5580.html https://www.suse.com/security/cve/CVE-2015-5581.html https://www.suse.com/security/cve/CVE-2015-5582.html https://www.suse.com/security/cve/CVE-2015-5584.html https://www.suse.com/security/cve/CVE-2015-5587.html https://www.suse.com/security/cve/CVE-2015-5588.html https://www.suse.com/security/cve/CVE-2015-6676.html https://www.suse.com/security/cve/CVE-2015-6677.html https://www.suse.com/security/cve/CVE-2015-6678.html https://www.suse.com/security/cve/CVE-2015-6679.html https://www.suse.com/security/cve/CVE-2015-6682.html https://bugzilla.suse.com/946880 From sle-updates at lists.suse.com Wed Sep 23 08:07:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2015 16:07:53 +0200 (CEST) Subject: SUSE-RU-2015:1615-1: Recommended update for xf86-input-evdev Message-ID: <20150923140753.56D7E320FE@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-input-evdev ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1615-1 Rating: low References: #876089 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xf86-input-evdev adds settings to ensure 'TouchSystems CarrollTouch 4500U' is detected as an absolute device. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-586=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-586=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-586=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le x86_64): xf86-input-evdev-debuginfo-2.8.2-10.1 xf86-input-evdev-debugsource-2.8.2-10.1 xf86-input-evdev-devel-2.8.2-10.1 - SUSE Linux Enterprise Server 12 (ppc64le x86_64): xf86-input-evdev-2.8.2-10.1 xf86-input-evdev-debuginfo-2.8.2-10.1 xf86-input-evdev-debugsource-2.8.2-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xf86-input-evdev-2.8.2-10.1 xf86-input-evdev-debuginfo-2.8.2-10.1 xf86-input-evdev-debugsource-2.8.2-10.1 References: https://bugzilla.suse.com/876089 From sle-updates at lists.suse.com Wed Sep 23 08:08:36 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2015 16:08:36 +0200 (CEST) Subject: SUSE-RU-2015:1617-1: Recommended update for deja-dup Message-ID: <20150923140836.01C0A320FE@maintenance.suse.de> SUSE Recommended Update: Recommended update for deja-dup ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1617-1 Rating: low References: #942890 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for deja-dup provides the following fixes: - Remove stale lock files which are left behind after a backup operation is canceled. (bsc#942890) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-583=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-583=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): deja-dup-28.0-4.1 deja-dup-debuginfo-28.0-4.1 deja-dup-debugsource-28.0-4.1 - SUSE Linux Enterprise Workstation Extension 12 (noarch): deja-dup-lang-28.0-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): deja-dup-28.0-4.1 deja-dup-debuginfo-28.0-4.1 deja-dup-debugsource-28.0-4.1 - SUSE Linux Enterprise Desktop 12 (noarch): deja-dup-lang-28.0-4.1 References: https://bugzilla.suse.com/942890 From sle-updates at lists.suse.com Wed Sep 23 08:08:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2015 16:08:54 +0200 (CEST) Subject: SUSE-SU-2015:1618-1: important: Security update for flash-player Message-ID: <20150923140854.E44DB320FE@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1618-1 Rating: important References: #946880 Cross-References: CVE-2015-5567 CVE-2015-5568 CVE-2015-5570 CVE-2015-5571 CVE-2015-5572 CVE-2015-5573 CVE-2015-5574 CVE-2015-5575 CVE-2015-5576 CVE-2015-5577 CVE-2015-5578 CVE-2015-5579 CVE-2015-5580 CVE-2015-5581 CVE-2015-5582 CVE-2015-5584 CVE-2015-5587 CVE-2015-5588 CVE-2015-6676 CVE-2015-6677 CVE-2015-6678 CVE-2015-6679 CVE-2015-6682 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available. Description: Adobe Flash Player was updated to 11.2.202.521 (APSB15-23 bsc#946880) fixing several security issues: More information can be found on: https://helpx.adobe.com/security/products/flash-player/apsb15-23.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-581=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-581=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.521-102.1 flash-player-gnome-11.2.202.521-102.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.521-102.1 flash-player-gnome-11.2.202.521-102.1 References: https://www.suse.com/security/cve/CVE-2015-5567.html https://www.suse.com/security/cve/CVE-2015-5568.html https://www.suse.com/security/cve/CVE-2015-5570.html https://www.suse.com/security/cve/CVE-2015-5571.html https://www.suse.com/security/cve/CVE-2015-5572.html https://www.suse.com/security/cve/CVE-2015-5573.html https://www.suse.com/security/cve/CVE-2015-5574.html https://www.suse.com/security/cve/CVE-2015-5575.html https://www.suse.com/security/cve/CVE-2015-5576.html https://www.suse.com/security/cve/CVE-2015-5577.html https://www.suse.com/security/cve/CVE-2015-5578.html https://www.suse.com/security/cve/CVE-2015-5579.html https://www.suse.com/security/cve/CVE-2015-5580.html https://www.suse.com/security/cve/CVE-2015-5581.html https://www.suse.com/security/cve/CVE-2015-5582.html https://www.suse.com/security/cve/CVE-2015-5584.html https://www.suse.com/security/cve/CVE-2015-5587.html https://www.suse.com/security/cve/CVE-2015-5588.html https://www.suse.com/security/cve/CVE-2015-6676.html https://www.suse.com/security/cve/CVE-2015-6677.html https://www.suse.com/security/cve/CVE-2015-6678.html https://www.suse.com/security/cve/CVE-2015-6679.html https://www.suse.com/security/cve/CVE-2015-6682.html https://bugzilla.suse.com/946880 From sle-updates at lists.suse.com Wed Sep 23 08:09:05 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2015 16:09:05 +0200 (CEST) Subject: SUSE-RU-2015:1619-1: Recommended update for xf86-input-vmmouse Message-ID: <20150923140905.DAAD9320FE@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-input-vmmouse ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1619-1 Rating: low References: #922188 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xf86-input-vmmouse provides the following fixes: - Do not dereference pointers that weren't allocated if PreInit failed. (bnc#922188) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-585=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-585=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): xf86-input-vmmouse-13.0.0-12.2 xf86-input-vmmouse-debuginfo-13.0.0-12.2 xf86-input-vmmouse-debugsource-13.0.0-12.2 - SUSE Linux Enterprise Desktop 12 (x86_64): xf86-input-vmmouse-13.0.0-12.2 xf86-input-vmmouse-debuginfo-13.0.0-12.2 xf86-input-vmmouse-debugsource-13.0.0-12.2 References: https://bugzilla.suse.com/922188 From sle-updates at lists.suse.com Wed Sep 23 08:09:31 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2015 16:09:31 +0200 (CEST) Subject: SUSE-RU-2015:1620-1: moderate: Recommended update for openldap2 Message-ID: <20150923140931.14463320FE@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1620-1 Rating: moderate References: #904028 #945633 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides OpenLDAP version 2.4.41, which brings several bug fixes and stability improvements. For a comprehensive list of changes between 2.4.39 and 2.4.41 refer to the release notes at http://www.openldap.org/software/release/changes.html. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-587=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2015-587=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-587=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-587=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-587=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.3.1 openldap2-back-perl-debuginfo-2.4.41-18.3.1 openldap2-client-debuginfo-2.4.41-18.3.1 openldap2-client-debugsource-2.4.41-18.3.1 openldap2-debuginfo-2.4.41-18.3.1 openldap2-debugsource-2.4.41-18.3.1 openldap2-devel-2.4.41-18.3.1 openldap2-devel-static-2.4.41-18.3.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): compat-libldap-2_3-0-2.3.37-18.3.1 compat-libldap-2_3-0-debuginfo-2.3.37-18.3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.3.1 libldap-2_4-2-debuginfo-2.4.41-18.3.1 openldap2-2.4.41-18.3.1 openldap2-back-meta-2.4.41-18.3.1 openldap2-back-meta-debuginfo-2.4.41-18.3.1 openldap2-client-2.4.41-18.3.1 openldap2-client-debuginfo-2.4.41-18.3.1 openldap2-client-debugsource-2.4.41-18.3.1 openldap2-debuginfo-2.4.41-18.3.1 openldap2-debugsource-2.4.41-18.3.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.3.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.3.1 - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le s390x x86_64): compat-libldap-2_3-0-2.3.37-18.3.1 compat-libldap-2_3-0-debuginfo-2.3.37-18.3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libldap-2_4-2-2.4.41-18.3.1 libldap-2_4-2-32bit-2.4.41-18.3.1 libldap-2_4-2-debuginfo-2.4.41-18.3.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.3.1 openldap2-client-2.4.41-18.3.1 openldap2-client-debuginfo-2.4.41-18.3.1 openldap2-client-debugsource-2.4.41-18.3.1 References: https://bugzilla.suse.com/904028 https://bugzilla.suse.com/945633 From sle-updates at lists.suse.com Wed Sep 23 09:09:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2015 17:09:46 +0200 (CEST) Subject: SUSE-RU-2015:1621-1: Recommended update for duperemove Message-ID: <20150923150946.F0112320FF@maintenance.suse.de> SUSE Recommended Update: Recommended update for duperemove ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1621-1 Rating: low References: #937609 #937703 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for duperemove provides the following fixes: - Handle partial blocks at end of file. - Fix corrupted output for show-shared-extents tool. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-589=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-589=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): duperemove-0.09.5-11.3.2 duperemove-debuginfo-0.09.5-11.3.2 duperemove-debugsource-0.09.5-11.3.2 - SUSE Linux Enterprise Desktop 12 (x86_64): duperemove-0.09.5-11.3.2 duperemove-debuginfo-0.09.5-11.3.2 duperemove-debugsource-0.09.5-11.3.2 References: https://bugzilla.suse.com/937609 https://bugzilla.suse.com/937703 From sle-updates at lists.suse.com Thu Sep 24 07:09:59 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2015 15:09:59 +0200 (CEST) Subject: SUSE-SU-2015:1626-1: moderate: Security update for libgcrypt Message-ID: <20150924130959.3CFA532101@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1626-1 Rating: moderate References: #920057 Cross-References: CVE-2014-3591 CVE-2015-0837 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update fixes the following issues: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. (bsc#920057) * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libgcrypt-12102=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-libgcrypt-12102=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-libgcrypt-12102=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libgcrypt-12102=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-libgcrypt-12102=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-libgcrypt-12102=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-libgcrypt-12102=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libgcrypt-12102=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libgcrypt-12102=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgcrypt-devel-1.5.0-0.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libgcrypt-devel-32bit-1.5.0-0.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libgcrypt-devel-1.5.0-0.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): libgcrypt-devel-32bit-1.5.0-0.19.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libgcrypt11-1.5.0-0.19.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libgcrypt11-32bit-1.5.0-0.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgcrypt11-1.5.0-0.19.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libgcrypt11-32bit-1.5.0-0.19.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libgcrypt11-x86-1.5.0-0.19.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libgcrypt11-1.5.0-0.19.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libgcrypt11-32bit-1.5.0-0.19.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libgcrypt11-x86-1.5.0-0.19.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libgcrypt11-1.5.0-0.19.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libgcrypt11-32bit-1.5.0-0.19.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libgcrypt11-1.5.0-0.19.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libgcrypt11-32bit-1.5.0-0.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgcrypt-debuginfo-1.5.0-0.19.1 libgcrypt-debugsource-1.5.0-0.19.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): libgcrypt-debuginfo-1.5.0-0.19.1 libgcrypt-debugsource-1.5.0-0.19.1 References: https://www.suse.com/security/cve/CVE-2014-3591.html https://www.suse.com/security/cve/CVE-2015-0837.html https://bugzilla.suse.com/920057 From sle-updates at lists.suse.com Thu Sep 24 11:09:46 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2015 19:09:46 +0200 (CEST) Subject: SUSE-RU-2015:1627-1: Recommended update for ispell Message-ID: <20150924170946.7CD8232138@maintenance.suse.de> SUSE Recommended Update: Recommended update for ispell ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1627-1 Rating: low References: #896947 #916001 #941760 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ispell provides the following fixes: - Fix file encoding issues by using "define-coding-system-alias" with Xemacs. (bsc#896947) - Fix ispell update script to not source old SUSE configuration files. (bsc#916001, bsc#941760) - Make SuSEconfig.ispell script work with non-bash shells. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-591=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-591=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-591=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): ispell-3.3.02-110.2 ispell-american-3.3.02-110.2 ispell-british-3.3.02-110.2 ispell-debuginfo-3.3.02-110.2 ispell-debugsource-3.3.02-110.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ispell-3.3.02-110.2 ispell-american-3.3.02-110.2 ispell-british-3.3.02-110.2 ispell-debuginfo-3.3.02-110.2 ispell-debugsource-3.3.02-110.2 - SUSE Linux Enterprise Desktop 12 (x86_64): ispell-3.3.02-110.2 ispell-american-3.3.02-110.2 ispell-british-3.3.02-110.2 ispell-debuginfo-3.3.02-110.2 ispell-debugsource-3.3.02-110.2 References: https://bugzilla.suse.com/896947 https://bugzilla.suse.com/916001 https://bugzilla.suse.com/941760 From sle-updates at lists.suse.com Fri Sep 25 04:09:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 12:09:54 +0200 (CEST) Subject: SUSE-RU-2015:1630-1: Recommended update for tftp Message-ID: <20150925100954.DDC4F32138@maintenance.suse.de> SUSE Recommended Update: Recommended update for tftp ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1630-1 Rating: low References: #928283 #942102 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tftp provides the following fixes: - Respond from the destination address taken from the first udp message's ancillary data. (bsc#928283, bsc#942102) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-tftp-12103=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tftp-12103=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-tftp-12103=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-tftp-12103=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-tftp-12103=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tftp-12103=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-tftp-12103=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): tftp-0.48-101.34.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): tftp-0.48-101.34.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): tftp-0.48-101.34.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): tftp-0.48-101.34.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): tftp-0.48-101.34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tftp-debuginfo-0.48-101.34.1 tftp-debugsource-0.48-101.34.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): tftp-debuginfo-0.48-101.34.1 tftp-debugsource-0.48-101.34.1 References: https://bugzilla.suse.com/928283 https://bugzilla.suse.com/942102 From sle-updates at lists.suse.com Fri Sep 25 04:10:40 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 12:10:40 +0200 (CEST) Subject: SUSE-RU-2015:1631-1: moderate: Recommended update for os-prober Message-ID: <20150925101040.163C532138@maintenance.suse.de> SUSE Recommended Update: Recommended update for os-prober ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1631-1 Rating: moderate References: #892364 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for os-proper improves probing of operating systems on btrfs volumes for grub2. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-595=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-595=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): os-prober-1.61-13.3 os-prober-debuginfo-1.61-13.3 os-prober-debugsource-1.61-13.3 - SUSE Linux Enterprise Desktop 12 (x86_64): os-prober-1.61-13.3 os-prober-debuginfo-1.61-13.3 os-prober-debugsource-1.61-13.3 References: https://bugzilla.suse.com/892364 From sle-updates at lists.suse.com Fri Sep 25 06:09:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 14:09:45 +0200 (CEST) Subject: SUSE-OU-2015:1632-1: Initial release of Amazon's EC2 utilities Message-ID: <20150925120945.DE80432138@maintenance.suse.de> SUSE Optional Update: Initial release of Amazon's EC2 utilities ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1632-1 Rating: low References: #943482 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: The following packages have been added to the SLES 12 Public Cloud Module: - python-ec2deprecateimg: Deprecate images owned by the specified account by adding tags named "Deprecated on", "Removal date", and "Replacement image". - python-ec2publishimg: Publish images owned by the specified account by adding tags named "Published on", "Removal date", and "Replacement image". - python-ec2uploadimg: Upload a compressed .raw disk image to Amazoon EC2 and create a snapshot or register and AMI. - python-ec2utilsbase: Shared functionality for various ec2utils packages. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-598=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-ec2deprecateimg-2.1.2-2.2 python-ec2publishimg-0.1.0-2.1 python-ec2uploadimg-0.7.0-2.1 python-ec2utilsbase-0.3.0-4.1 References: https://bugzilla.suse.com/943482 From sle-updates at lists.suse.com Fri Sep 25 07:09:55 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 15:09:55 +0200 (CEST) Subject: SUSE-SU-2015:1633-1: important: Security update for php5 Message-ID: <20150925130955.0989832138@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1633-1 Rating: important References: #935074 #942291 #942293 #942294 #942295 #942296 #944302 #945402 #945403 #945412 #945428 Cross-References: CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has three fixes is now available. Description: This update of PHP5 brings several security fixes. Security fixes: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293] * CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296] * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] * CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] Bugfixes: * Compare with SQL_NULL_DATA correctly [bnc#935074] * If MD5 was disabled in net-snmp we have to disable the used MD5 function in ext/snmp/snmp.c as well. (bsc#944302) Also the Suhosin framework was updated to 0.9.38. [fate#319325] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-603=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2015-603=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-36.1 php5-debugsource-5.5.14-36.1 php5-devel-5.5.14-36.1 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-36.1 apache2-mod_php5-debuginfo-5.5.14-36.1 php5-5.5.14-36.1 php5-bcmath-5.5.14-36.1 php5-bcmath-debuginfo-5.5.14-36.1 php5-bz2-5.5.14-36.1 php5-bz2-debuginfo-5.5.14-36.1 php5-calendar-5.5.14-36.1 php5-calendar-debuginfo-5.5.14-36.1 php5-ctype-5.5.14-36.1 php5-ctype-debuginfo-5.5.14-36.1 php5-curl-5.5.14-36.1 php5-curl-debuginfo-5.5.14-36.1 php5-dba-5.5.14-36.1 php5-dba-debuginfo-5.5.14-36.1 php5-debuginfo-5.5.14-36.1 php5-debugsource-5.5.14-36.1 php5-dom-5.5.14-36.1 php5-dom-debuginfo-5.5.14-36.1 php5-enchant-5.5.14-36.1 php5-enchant-debuginfo-5.5.14-36.1 php5-exif-5.5.14-36.1 php5-exif-debuginfo-5.5.14-36.1 php5-fastcgi-5.5.14-36.1 php5-fastcgi-debuginfo-5.5.14-36.1 php5-fileinfo-5.5.14-36.1 php5-fileinfo-debuginfo-5.5.14-36.1 php5-fpm-5.5.14-36.1 php5-fpm-debuginfo-5.5.14-36.1 php5-ftp-5.5.14-36.1 php5-ftp-debuginfo-5.5.14-36.1 php5-gd-5.5.14-36.1 php5-gd-debuginfo-5.5.14-36.1 php5-gettext-5.5.14-36.1 php5-gettext-debuginfo-5.5.14-36.1 php5-gmp-5.5.14-36.1 php5-gmp-debuginfo-5.5.14-36.1 php5-iconv-5.5.14-36.1 php5-iconv-debuginfo-5.5.14-36.1 php5-intl-5.5.14-36.1 php5-intl-debuginfo-5.5.14-36.1 php5-json-5.5.14-36.1 php5-json-debuginfo-5.5.14-36.1 php5-ldap-5.5.14-36.1 php5-ldap-debuginfo-5.5.14-36.1 php5-mbstring-5.5.14-36.1 php5-mbstring-debuginfo-5.5.14-36.1 php5-mcrypt-5.5.14-36.1 php5-mcrypt-debuginfo-5.5.14-36.1 php5-mysql-5.5.14-36.1 php5-mysql-debuginfo-5.5.14-36.1 php5-odbc-5.5.14-36.1 php5-odbc-debuginfo-5.5.14-36.1 php5-opcache-5.5.14-36.1 php5-opcache-debuginfo-5.5.14-36.1 php5-openssl-5.5.14-36.1 php5-openssl-debuginfo-5.5.14-36.1 php5-pcntl-5.5.14-36.1 php5-pcntl-debuginfo-5.5.14-36.1 php5-pdo-5.5.14-36.1 php5-pdo-debuginfo-5.5.14-36.1 php5-pgsql-5.5.14-36.1 php5-pgsql-debuginfo-5.5.14-36.1 php5-posix-5.5.14-36.1 php5-posix-debuginfo-5.5.14-36.1 php5-pspell-5.5.14-36.1 php5-pspell-debuginfo-5.5.14-36.1 php5-shmop-5.5.14-36.1 php5-shmop-debuginfo-5.5.14-36.1 php5-snmp-5.5.14-36.1 php5-snmp-debuginfo-5.5.14-36.1 php5-soap-5.5.14-36.1 php5-soap-debuginfo-5.5.14-36.1 php5-sockets-5.5.14-36.1 php5-sockets-debuginfo-5.5.14-36.1 php5-sqlite-5.5.14-36.1 php5-sqlite-debuginfo-5.5.14-36.1 php5-suhosin-5.5.14-36.1 php5-suhosin-debuginfo-5.5.14-36.1 php5-sysvmsg-5.5.14-36.1 php5-sysvmsg-debuginfo-5.5.14-36.1 php5-sysvsem-5.5.14-36.1 php5-sysvsem-debuginfo-5.5.14-36.1 php5-sysvshm-5.5.14-36.1 php5-sysvshm-debuginfo-5.5.14-36.1 php5-tokenizer-5.5.14-36.1 php5-tokenizer-debuginfo-5.5.14-36.1 php5-wddx-5.5.14-36.1 php5-wddx-debuginfo-5.5.14-36.1 php5-xmlreader-5.5.14-36.1 php5-xmlreader-debuginfo-5.5.14-36.1 php5-xmlrpc-5.5.14-36.1 php5-xmlrpc-debuginfo-5.5.14-36.1 php5-xmlwriter-5.5.14-36.1 php5-xmlwriter-debuginfo-5.5.14-36.1 php5-xsl-5.5.14-36.1 php5-xsl-debuginfo-5.5.14-36.1 php5-zip-5.5.14-36.1 php5-zip-debuginfo-5.5.14-36.1 php5-zlib-5.5.14-36.1 php5-zlib-debuginfo-5.5.14-36.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-36.1 References: https://www.suse.com/security/cve/CVE-2015-6831.html https://www.suse.com/security/cve/CVE-2015-6832.html https://www.suse.com/security/cve/CVE-2015-6833.html https://www.suse.com/security/cve/CVE-2015-6834.html https://www.suse.com/security/cve/CVE-2015-6835.html https://www.suse.com/security/cve/CVE-2015-6836.html https://www.suse.com/security/cve/CVE-2015-6837.html https://www.suse.com/security/cve/CVE-2015-6838.html https://bugzilla.suse.com/935074 https://bugzilla.suse.com/942291 https://bugzilla.suse.com/942293 https://bugzilla.suse.com/942294 https://bugzilla.suse.com/942295 https://bugzilla.suse.com/942296 https://bugzilla.suse.com/944302 https://bugzilla.suse.com/945402 https://bugzilla.suse.com/945403 https://bugzilla.suse.com/945412 https://bugzilla.suse.com/945428 From sle-updates at lists.suse.com Fri Sep 25 07:12:12 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 15:12:12 +0200 (CEST) Subject: SUSE-RU-2015:1634-1: moderate: Recommended update for s390-tools Message-ID: <20150925131212.6780732138@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1634-1 Rating: moderate References: #939086 #939387 #945695 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for s390-tools provides the following fixes: - Fix display of incorrect device types in lszfcp. (bsc#945695) - Fix lsluns to not scan FCP devices no longer online or in bad state. (bsc#945695) - Fix time stamp handling for data sets in cmsfs-fuse. (bsc#945695) - Re-add file system based dump to zipl/zfcpdump. (bsc#939387) - Fix ziorep tools to handle device busids a.b.xxxx with a and b being non-zero. (bsc#939086) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-s390-tools-12106=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-s390-tools-12106=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (s390x): osasnmpd-1.15.0-0.158.1 s390-tools-1.15.0-0.158.1 s390-tools-zdsfs-1.15.0-0.158.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (s390x): s390-tools-debuginfo-1.15.0-0.158.1 s390-tools-debugsource-1.15.0-0.158.1 References: https://bugzilla.suse.com/939086 https://bugzilla.suse.com/939387 https://bugzilla.suse.com/945695 From sle-updates at lists.suse.com Fri Sep 25 07:12:58 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 15:12:58 +0200 (CEST) Subject: SUSE-RU-2015:1635-1: Recommended update for tftp Message-ID: <20150925131258.8CAB032138@maintenance.suse.de> SUSE Recommended Update: Recommended update for tftp ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1635-1 Rating: low References: #793883 #928283 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tftp provides the following fixes: - Prevent buffer overflow in handling of \x macro. (bsc#793883) - For \i and \x, expand v6-mapped addresses as native IPv4. (bsc#793883) - Respond from the destination address taken from the first udp message's ancillary data. (bsc#928283) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-600=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-600=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tftp-5.2-10.3 tftp-debuginfo-5.2-10.3 tftp-debugsource-5.2-10.3 - SUSE Linux Enterprise Desktop 12 (x86_64): tftp-5.2-10.3 tftp-debuginfo-5.2-10.3 tftp-debugsource-5.2-10.3 References: https://bugzilla.suse.com/793883 https://bugzilla.suse.com/928283 From sle-updates at lists.suse.com Fri Sep 25 07:13:38 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 15:13:38 +0200 (CEST) Subject: SUSE-RU-2015:1636-1: Recommended update for crowbar-barclamp-crowbar Message-ID: <20150925131338.876B932138@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-crowbar ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1636-1 Rating: low References: #857375 #926395 #927469 #934227 #935233 #936712 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update provides the following fixes provided from the upstream OpenStack project: - Fix display_name when barclamps[barclamp] doesn't exists (bsc#935233) - Handle /nodes/families json requests properly (bsc#926395) - Fix 'unique_device_for()' for SLES12 virtio devices (bsc#936712) - Fixing Reinstall, Power Off and Power Cycle for the windows nodes - Fix for search_env_filtered(), (bsc#934227) - Allow passing in logger as an option to RemoteNode methods - chef_object: find the correct init command to manipulate services - node_object: add function run_service to manipulate services on a node - apply_role: disable 15-minute chef run during apply_role partially fixes bsc#857375 - service_object: rename variable to be clear it's a node_name not a node object - service_object: add some logging to wait_for_chef_clients - Use admin name attribute when computing host for admin URL (bsc#927469) - Make replaceSpace replace all whitespaces, not just space - Change replaceSpace to also take into accounts commas - Show asset tag if set on the node - add and adjust links on port 80 page Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-crowbar-12105=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-crowbar-1.9+git.1437477743.ba6b49d-14.1 References: https://bugzilla.suse.com/857375 https://bugzilla.suse.com/926395 https://bugzilla.suse.com/927469 https://bugzilla.suse.com/934227 https://bugzilla.suse.com/935233 https://bugzilla.suse.com/936712 From sle-updates at lists.suse.com Fri Sep 25 07:15:02 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 15:15:02 +0200 (CEST) Subject: SUSE-SU-2015:1637-1: moderate: Security update for coreutils Message-ID: <20150925131502.83E2132138@maintenance.suse.de> SUSE Security Update: Security update for coreutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1637-1 Rating: moderate References: #866010 #901905 #907290 #921559 #928749 #930565 #933396 Cross-References: CVE-2015-4041 CVE-2015-4042 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has 5 fixes is now available. Description: This update for coreutils provides the following fixes: - Fix memory handling error with case insensitive sort using UTF-8. (CVE-2015-4041, CVE-2015-4042) - Ensure "df -a" shows all remote file system entries. - Only suppress remote mounts of separate exports with "df --total". - Document that "df -a" might list duplicated file systems. - Adjust references to info nodes in man pages. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-599=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-599=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): coreutils-8.22-9.1 coreutils-debuginfo-8.22-9.1 coreutils-debugsource-8.22-9.1 - SUSE Linux Enterprise Server 12 (noarch): coreutils-lang-8.22-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): coreutils-8.22-9.1 coreutils-debuginfo-8.22-9.1 coreutils-debugsource-8.22-9.1 - SUSE Linux Enterprise Desktop 12 (noarch): coreutils-lang-8.22-9.1 References: https://www.suse.com/security/cve/CVE-2015-4041.html https://www.suse.com/security/cve/CVE-2015-4042.html https://bugzilla.suse.com/866010 https://bugzilla.suse.com/901905 https://bugzilla.suse.com/907290 https://bugzilla.suse.com/921559 https://bugzilla.suse.com/928749 https://bugzilla.suse.com/930565 https://bugzilla.suse.com/933396 From sle-updates at lists.suse.com Fri Sep 25 08:09:49 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 16:09:49 +0200 (CEST) Subject: SUSE-RU-2015:1638-1: Recommended update for alsa-utils Message-ID: <20150925140949.C4B8732138@maintenance.suse.de> SUSE Recommended Update: Recommended update for alsa-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1638-1 Rating: low References: #940950 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for alsa-utils supresses alsactl invocations on systems without sound cards. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-605=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-605=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): alsa-utils-1.0.27.2-9.2 alsa-utils-debuginfo-1.0.27.2-9.2 alsa-utils-debugsource-1.0.27.2-9.2 - SUSE Linux Enterprise Desktop 12 (x86_64): alsa-utils-1.0.27.2-9.2 alsa-utils-debuginfo-1.0.27.2-9.2 alsa-utils-debugsource-1.0.27.2-9.2 References: https://bugzilla.suse.com/940950 From sle-updates at lists.suse.com Fri Sep 25 08:10:13 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 16:10:13 +0200 (CEST) Subject: SUSE-OU-2015:1639-1: Optional update for SLE HA manuals Message-ID: <20150925141013.39A2F32138@maintenance.suse.de> SUSE Optional Update: Optional update for SLE HA manuals ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1639-1 Rating: low References: #937417 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: The SUSE Linux Enterprise High Availability Extension manuals have been translated to Japanese, Simplified Chinese and Traditional Chinese. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-sle-ha-manuals_ja-zh-12107=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-sle-ha-manuals_ja-zh-12107=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (noarch): sle-ha-guide_ja-pdf-11.4-0.4.2 sle-ha-guide_zh_CN-pdf-11.4-0.4.2 sle-ha-guide_zh_TW-pdf-11.4-0.4.2 sle-ha-manuals_ja-11.4-0.4.2 sle-ha-manuals_zh_CN-11.4-0.4.2 sle-ha-manuals_zh_TW-11.4-0.4.2 - SUSE Linux Enterprise High Availability Extension 11-SP4 (noarch): sle-ha-guide_ja-pdf-11.4-0.4.2 sle-ha-guide_zh_CN-pdf-11.4-0.4.2 sle-ha-guide_zh_TW-pdf-11.4-0.4.2 sle-ha-manuals_ja-11.4-0.4.2 sle-ha-manuals_zh_CN-11.4-0.4.2 sle-ha-manuals_zh_TW-11.4-0.4.2 References: https://bugzilla.suse.com/937417 From sle-updates at lists.suse.com Fri Sep 25 08:10:35 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 16:10:35 +0200 (CEST) Subject: SUSE-RU-2015:1640-1: Recommended update for blktrace Message-ID: <20150925141035.7334C32138@maintenance.suse.de> SUSE Recommended Update: Recommended update for blktrace ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1640-1 Rating: low References: #939307 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes blktrace to run on systems with more than 512 CPUs. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-606=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-606=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): blktrace-1.0.5-7.3 blktrace-debuginfo-1.0.5-7.3 blktrace-debugsource-1.0.5-7.3 - SUSE Linux Enterprise Desktop 12 (x86_64): blktrace-1.0.5-7.3 blktrace-debuginfo-1.0.5-7.3 blktrace-debugsource-1.0.5-7.3 References: https://bugzilla.suse.com/939307 From sle-updates at lists.suse.com Fri Sep 25 09:09:53 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 17:09:53 +0200 (CEST) Subject: SUSE-RU-2015:1641-1: Recommended update for shotwell Message-ID: <20150925150953.0AB8532138@maintenance.suse.de> SUSE Recommended Update: Recommended update for shotwell ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1641-1 Rating: low References: #943559 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Shotwell fixes uploading of images to Flickr. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-608=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-608=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): shotwell-0.15.1-8.3 shotwell-debuginfo-0.15.1-8.3 shotwell-debugsource-0.15.1-8.3 - SUSE Linux Enterprise Workstation Extension 12 (noarch): shotwell-lang-0.15.1-8.3 - SUSE Linux Enterprise Desktop 12 (x86_64): shotwell-0.15.1-8.3 shotwell-debuginfo-0.15.1-8.3 shotwell-debugsource-0.15.1-8.3 - SUSE Linux Enterprise Desktop 12 (noarch): shotwell-lang-0.15.1-8.3 References: https://bugzilla.suse.com/943559 From sle-updates at lists.suse.com Fri Sep 25 10:09:45 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 18:09:45 +0200 (CEST) Subject: SUSE-RU-2015:1642-1: Recommended update for pidgin-sipe Message-ID: <20150925160945.25A1D32101@maintenance.suse.de> SUSE Recommended Update: Recommended update for pidgin-sipe ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1642-1 Rating: low References: #934588 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: pidgin-sipe has been updated to version 1.19.1, which brings support to newer releases of the Linc server. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-pidgin-sipe-12108=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-pidgin-sipe-12108=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pidgin-sipe-12108=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-pidgin-sipe-12108=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): pidgin-sipe-1.19.1-19.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): pidgin-sipe-1.19.1-19.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): pidgin-sipe-debuginfo-1.19.1-19.3 pidgin-sipe-debugsource-1.19.1-19.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): pidgin-sipe-debuginfo-1.19.1-19.3 pidgin-sipe-debugsource-1.19.1-19.3 References: https://bugzilla.suse.com/934588 From sle-updates at lists.suse.com Fri Sep 25 13:10:22 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2015 21:10:22 +0200 (CEST) Subject: SUSE-SU-2015:1643-1: important: Security update for Xen Message-ID: <20150925191022.92AF232101@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1643-1 Rating: important References: #932770 #932996 #938344 #939712 Cross-References: CVE-2015-3209 CVE-2015-4164 CVE-2015-5154 CVE-2015-5165 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: Xen was updated to fix the following security issues: * CVE-2015-5154: Host code execution via IDE subsystem CD-ROM. (bsc#938344) * CVE-2015-3209: Heap overflow in QEMU's pcnet controller allowing guest to host escape. (bsc#932770) * CVE-2015-4164: DoS through iret hypercall handler. (bsc#932996) * CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model. (XSA-140, bsc#939712) Security Issues: * CVE-2015-5154 * CVE-2015-3209 * CVE-2015-4164 * CVE-2015-5165 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): xen-3.2.3_17040_46-0.21.1 xen-devel-3.2.3_17040_46-0.21.1 xen-doc-html-3.2.3_17040_46-0.21.1 xen-doc-pdf-3.2.3_17040_46-0.21.1 xen-doc-ps-3.2.3_17040_46-0.21.1 xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-libs-3.2.3_17040_46-0.21.1 xen-tools-3.2.3_17040_46-0.21.1 xen-tools-domU-3.2.3_17040_46-0.21.1 xen-tools-ioemu-3.2.3_17040_46-0.21.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): xen-libs-32bit-3.2.3_17040_46-0.21.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.4-0.21.1 References: https://www.suse.com/security/cve/CVE-2015-3209.html https://www.suse.com/security/cve/CVE-2015-4164.html https://www.suse.com/security/cve/CVE-2015-5154.html https://www.suse.com/security/cve/CVE-2015-5165.html https://bugzilla.suse.com/932770 https://bugzilla.suse.com/932996 https://bugzilla.suse.com/938344 https://bugzilla.suse.com/939712 https://download.suse.com/patch/finder/?keywords=8837c9fd890aaac522c74dc7741b001c From sle-updates at lists.suse.com Tue Sep 29 14:09:54 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2015 22:09:54 +0200 (CEST) Subject: SUSE-RU-2015:1645-1: moderate: Recommended update for yast2-security Message-ID: <20150929200954.5DEBB32138@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-security ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1645-1 Rating: moderate References: #899104 #900829 #907907 #911523 #941620 #942379 #946889 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for the YaST Security Module provides several fixes and enhancements: - Redefined security levels and updated list of mandatory and optional services. (fate#318425) - Adapted management of the display manager shutdown to use DISPLAYMANAGER_SHUTDOWN instead of AllowShutdown. (bsc#946889) - Added some entries to the list of optional services. (bsc#942379) - When checking services, systemd aliases are now taken into account (so, for example, rsyslog is accounted as syslog). - Removed references to runlevels (obsolete). Only current systemd target is analyzed. - Fixed an error setting the shutdown behaviour of KDM. (bsc#907907) - Fix paths for systemd target links. (bsc#911523) - Fixed the interface to show and process values from sysctl.conf correctly. - Remove X-KDE-Library from desktop file. (bsc#899104) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-616=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-616=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): yast2-security-3.1.11.2-5.1 - SUSE Linux Enterprise Desktop 12 (noarch): yast2-security-3.1.11.2-5.1 References: https://bugzilla.suse.com/899104 https://bugzilla.suse.com/900829 https://bugzilla.suse.com/907907 https://bugzilla.suse.com/911523 https://bugzilla.suse.com/941620 https://bugzilla.suse.com/942379 https://bugzilla.suse.com/946889 From sle-updates at lists.suse.com Tue Sep 29 14:11:28 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2015 22:11:28 +0200 (CEST) Subject: SUSE-RU-2015:1646-1: moderate: Recommended update for libvirt Message-ID: <20150929201128.C221332138@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1646-1 Rating: moderate References: #938228 #939420 #943240 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libvirt provides the following fixes: - Do not include mount rules in LXC's AppArmor profile: they are not supported by AppArmor on 11-SP4. (bsc#943240) - Set disk type to BLOCK when driver is not tap or file. (bsc#938228) - Fix virt-aa-helper AppArmor profile. (bsc#939420) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libvirt-12109=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libvirt-12109=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-libvirt-12109=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libvirt-12109=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-devel-1.2.5-7.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libvirt-devel-32bit-1.2.5-7.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-1.2.5-7.1 libvirt-client-1.2.5-7.1 libvirt-doc-1.2.5-7.1 libvirt-lock-sanlock-1.2.5-7.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libvirt-client-32bit-1.2.5-7.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libvirt-1.2.5-7.1 libvirt-client-1.2.5-7.1 libvirt-doc-1.2.5-7.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libvirt-client-32bit-1.2.5-7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libvirt-debuginfo-1.2.5-7.1 libvirt-debugsource-1.2.5-7.1 References: https://bugzilla.suse.com/938228 https://bugzilla.suse.com/939420 https://bugzilla.suse.com/943240 From sle-updates at lists.suse.com Tue Sep 29 14:13:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2015 22:13:11 +0200 (CEST) Subject: SUSE-RU-2015:1649-1: Recommended update for open-vm-tools Message-ID: <20150929201311.0E7E932138@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1649-1 Rating: low References: #943236 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools fixes the following issue: - Fix vmware-vmblock-fuse error when starting vmtoolsd without -desktop package installed (bsc#943236) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-open-vm-tools-12110=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-open-vm-tools-12110=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-open-vm-tools-12110=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): libvmtools0-9.4.6-4.1 open-vm-tools-9.4.6-4.1 open-vm-tools-desktop-9.4.6-4.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libvmtools0-9.4.6-4.1 open-vm-tools-9.4.6-4.1 open-vm-tools-desktop-9.4.6-4.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): open-vm-tools-debuginfo-9.4.6-4.1 open-vm-tools-debugsource-9.4.6-4.1 References: https://bugzilla.suse.com/943236 From sle-updates at lists.suse.com Wed Sep 30 04:09:20 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2015 12:09:20 +0200 (CEST) Subject: SUSE-SU-2015:1651-1: moderate: Recommended update for python-setuptools Message-ID: <20150930100920.C60FC32138@maintenance.suse.de> SUSE Security Update: Recommended update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1651-1 Rating: moderate References: #930189 Cross-References: CVE-2013-7440 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: python-setuptools was updated to fix one security issue. The following vulnerability was fixed: * CVE-2013-7440: Non-RFC6125-compliant host name matching was incorrect (bsc#930189) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-python-setuptools-12111=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-python-setuptools-12111=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-python-setuptools-12111=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-python-setuptools-12111=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-setuptools-0.6c11-6.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): python-setuptools-0.6c11-6.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): python-setuptools-0.6c11-6.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): python-setuptools-0.6c11-6.1 References: https://www.suse.com/security/cve/CVE-2013-7440.html https://bugzilla.suse.com/930189 From sle-updates at lists.suse.com Wed Sep 30 06:09:23 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2015 14:09:23 +0200 (CEST) Subject: SUSE-RU-2015:1652-1: Recommended update for perl-IO-Socket-SSL Message-ID: <20150930120923.6832332138@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-IO-Socket-SSL ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1652-1 Rating: low References: #924976 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds DHE-RSA to perl-IO-Socket-SSL's default client cipher list, enabling support for perfect forward secrecy (PFS) on older machines. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-621=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-621=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): perl-IO-Socket-SSL-1.962-3.1 - SUSE Linux Enterprise Desktop 12 (noarch): perl-IO-Socket-SSL-1.962-3.1 References: https://bugzilla.suse.com/924976 From sle-updates at lists.suse.com Wed Sep 30 06:09:44 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2015 14:09:44 +0200 (CEST) Subject: SUSE-RU-2015:1653-1: Recommended update for gdb Message-ID: <20150930120944.88BD132138@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1653-1 Rating: low References: #936050 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The GNU Debugger gdb received additional patches for IBM zSeries z13 instruction support. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-622=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-622=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-622=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gdb-debuginfo-7.9.1-12.1 gdb-debugsource-7.9.1-12.1 gdbserver-7.9.1-12.1 gdbserver-debuginfo-7.9.1-12.1 - SUSE Linux Enterprise Software Development Kit 12 (s390x): gdb-debuginfo-32bit-7.9.1-12.1 gdbserver-32bit-7.9.1-12.1 gdbserver-debuginfo-32bit-7.9.1-12.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gdb-7.9.1-12.1 gdb-debuginfo-7.9.1-12.1 gdb-debugsource-7.9.1-12.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gdb-7.9.1-12.1 gdb-debuginfo-7.9.1-12.1 gdb-debugsource-7.9.1-12.1 References: https://bugzilla.suse.com/936050 From sle-updates at lists.suse.com Wed Sep 30 06:10:11 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2015 14:10:11 +0200 (CEST) Subject: SUSE-RU-2015:1654-1: Recommended update for susehelp Message-ID: <20150930121011.27B8632138@maintenance.suse.de> SUSE Recommended Update: Recommended update for susehelp ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1654-1 Rating: low References: #938724 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for susehelp provides the following fixes: - Replace SuSE with SUSE in the packages' summaries and descriptions. (bsc#938724) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2015-620=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-620=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-620=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (noarch): susehelp_cz-2009.10.06-22.1 susehelp_es-2009.10.06-22.1 susehelp_fr-2009.10.06-22.1 susehelp_hu-2009.10.06-22.1 susehelp_it-2009.10.06-22.1 - SUSE Linux Enterprise Server 12 (noarch): susehelp-2009.10.06-22.1 susehelp_de-2009.10.06-22.1 susehelp_en-2009.10.06-22.1 - SUSE Linux Enterprise Desktop 12 (noarch): susehelp-2009.10.06-22.1 susehelp_cz-2009.10.06-22.1 susehelp_de-2009.10.06-22.1 susehelp_en-2009.10.06-22.1 susehelp_es-2009.10.06-22.1 susehelp_fr-2009.10.06-22.1 susehelp_hu-2009.10.06-22.1 susehelp_it-2009.10.06-22.1 References: https://bugzilla.suse.com/938724 From sle-updates at lists.suse.com Wed Sep 30 09:09:26 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2015 17:09:26 +0200 (CEST) Subject: SUSE-OU-2015:1656-1: Optional update for ocaml Message-ID: <20150930150926.EF74C32138@maintenance.suse.de> SUSE Optional Update: Optional update for ocaml ______________________________________________________________________________ Announcement ID: SUSE-OU-2015:1656-1 Rating: low References: #901836 #945833 Affected Products: SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: Objective CAML (ocaml) was updated to version 4.02.3, which brings many fixes and enhancements. The findlib library (ocaml-findlib) was updated to version 1.5.5. For a comprehensive list of changes, please refer to the upstream change log: http://caml.inria.fr/pub/distrib/ocaml-4.02/notes/Changes Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-623=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ocaml-4.02.3-6.3.1 ocaml-compiler-libs-4.02.3-6.3.1 ocaml-debuginfo-4.02.3-6.3.1 ocaml-debugsource-4.02.3-6.3.1 ocaml-rpm-macros-4.02.3-6.3.1 ocaml-runtime-4.02.3-6.3.1 ocaml-runtime-debuginfo-4.02.3-6.3.1 References: https://bugzilla.suse.com/901836 https://bugzilla.suse.com/945833 From sle-updates at lists.suse.com Wed Sep 30 15:09:19 2015 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2015 23:09:19 +0200 (CEST) Subject: SUSE-RU-2015:1657-1: important: Recommended update for plymouth Message-ID: <20150930210919.9140532101@maintenance.suse.de> SUSE Recommended Update: Recommended update for plymouth ______________________________________________________________________________ Announcement ID: SUSE-RU-2015:1657-1 Rating: important References: #946640 #946986 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for plymouth fixes a buffer overrun which could lead to a segmentation fault and termination of the plymouthd daemon. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2015-624=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2015-624=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2015-624=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): plymouth-debuginfo-0.9.0-18.1 plymouth-debugsource-0.9.0-18.1 plymouth-devel-0.9.0-18.1 plymouth-x11-renderer-0.9.0-18.1 plymouth-x11-renderer-debuginfo-0.9.0-18.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libply-boot-client2-0.9.0-18.1 libply-boot-client2-debuginfo-0.9.0-18.1 libply-splash-core2-0.9.0-18.1 libply-splash-core2-debuginfo-0.9.0-18.1 libply-splash-graphics2-0.9.0-18.1 libply-splash-graphics2-debuginfo-0.9.0-18.1 libply2-0.9.0-18.1 libply2-debuginfo-0.9.0-18.1 plymouth-0.9.0-18.1 plymouth-debuginfo-0.9.0-18.1 plymouth-debugsource-0.9.0-18.1 plymouth-dracut-0.9.0-18.1 plymouth-plugin-label-0.9.0-18.1 plymouth-plugin-label-debuginfo-0.9.0-18.1 plymouth-plugin-script-0.9.0-18.1 plymouth-plugin-script-debuginfo-0.9.0-18.1 plymouth-scripts-0.9.0-18.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libply-boot-client2-0.9.0-18.1 libply-boot-client2-debuginfo-0.9.0-18.1 libply-splash-core2-0.9.0-18.1 libply-splash-core2-debuginfo-0.9.0-18.1 libply-splash-graphics2-0.9.0-18.1 libply-splash-graphics2-debuginfo-0.9.0-18.1 libply2-0.9.0-18.1 libply2-debuginfo-0.9.0-18.1 plymouth-0.9.0-18.1 plymouth-debuginfo-0.9.0-18.1 plymouth-debugsource-0.9.0-18.1 plymouth-dracut-0.9.0-18.1 plymouth-plugin-label-0.9.0-18.1 plymouth-plugin-label-debuginfo-0.9.0-18.1 plymouth-plugin-script-0.9.0-18.1 plymouth-plugin-script-debuginfo-0.9.0-18.1 plymouth-scripts-0.9.0-18.1 References: https://bugzilla.suse.com/946640 https://bugzilla.suse.com/946986