From sle-updates at lists.suse.com Mon Feb 1 07:11:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Feb 2016 15:11:57 +0100 (CET) Subject: SUSE-SU-2016:0296-1: moderate: Security update for mariadb Message-ID: <20160201141157.6C9C03213D@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0296-1 Rating: moderate References: #937787 #957174 #958789 Cross-References: CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: MariaDB has been updated to version 10.0.22, which brings fixes for many security issues and other improvements. The following CVEs have been fixed: - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4913, CVE-2015-4792 - Fix information leak via mysql-systemd-helper script. (CVE-2015-5969, bsc#957174) For a comprehensive list of changes refer to the upstream Release Notes and Change Log documents: - https://kb.askmonty.org/en/mariadb-10022-release-notes/ - https://kb.askmonty.org/en/mariadb-10022-changelog/ Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-183=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-183=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-183=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-183=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libmysqlclient_r18-10.0.22-3.1 libmysqlclient_r18-32bit-10.0.22-3.1 mariadb-debuginfo-10.0.22-3.1 mariadb-debugsource-10.0.22-3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.22-3.1 libmysqlclient_r18-10.0.22-3.1 libmysqld-devel-10.0.22-3.1 libmysqld18-10.0.22-3.1 libmysqld18-debuginfo-10.0.22-3.1 mariadb-debuginfo-10.0.22-3.1 mariadb-debugsource-10.0.22-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmysqlclient18-10.0.22-3.1 libmysqlclient18-debuginfo-10.0.22-3.1 mariadb-10.0.22-3.1 mariadb-client-10.0.22-3.1 mariadb-client-debuginfo-10.0.22-3.1 mariadb-debuginfo-10.0.22-3.1 mariadb-debugsource-10.0.22-3.1 mariadb-errormessages-10.0.22-3.1 mariadb-tools-10.0.22-3.1 mariadb-tools-debuginfo-10.0.22-3.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libmysqlclient18-32bit-10.0.22-3.1 libmysqlclient18-debuginfo-32bit-10.0.22-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libmysqlclient18-10.0.22-3.1 libmysqlclient18-32bit-10.0.22-3.1 libmysqlclient18-debuginfo-10.0.22-3.1 libmysqlclient18-debuginfo-32bit-10.0.22-3.1 libmysqlclient_r18-10.0.22-3.1 libmysqlclient_r18-32bit-10.0.22-3.1 mariadb-10.0.22-3.1 mariadb-client-10.0.22-3.1 mariadb-client-debuginfo-10.0.22-3.1 mariadb-debuginfo-10.0.22-3.1 mariadb-debugsource-10.0.22-3.1 mariadb-errormessages-10.0.22-3.1 References: https://www.suse.com/security/cve/CVE-2015-4792.html https://www.suse.com/security/cve/CVE-2015-4802.html https://www.suse.com/security/cve/CVE-2015-4807.html https://www.suse.com/security/cve/CVE-2015-4815.html https://www.suse.com/security/cve/CVE-2015-4826.html https://www.suse.com/security/cve/CVE-2015-4830.html https://www.suse.com/security/cve/CVE-2015-4836.html https://www.suse.com/security/cve/CVE-2015-4858.html https://www.suse.com/security/cve/CVE-2015-4861.html https://www.suse.com/security/cve/CVE-2015-4870.html https://www.suse.com/security/cve/CVE-2015-4913.html https://www.suse.com/security/cve/CVE-2015-5969.html https://bugzilla.suse.com/937787 https://bugzilla.suse.com/957174 https://bugzilla.suse.com/958789 From sle-updates at lists.suse.com Mon Feb 1 07:12:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Feb 2016 15:12:43 +0100 (CET) Subject: SUSE-RU-2016:0297-1: Recommended update for openstack-ceilometer Message-ID: <20160201141243.C31AF3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-ceilometer ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0297-1 Rating: low References: #958966 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-ceilometer fixes the following issues: - Remove dependency on sphinxcontrib-docbookrestapi. - Remove log message when process notification. - Bump rpm package version to 2014.2.4.juno to avoid downgrade. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-182=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): openstack-ceilometer-2014.2.4.juno-6.1 openstack-ceilometer-agent-compute-2014.2.4.juno-6.1 python-ceilometer-2014.2.4.juno-6.1 References: https://bugzilla.suse.com/958966 From sle-updates at lists.suse.com Mon Feb 1 07:13:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Feb 2016 15:13:04 +0100 (CET) Subject: SUSE-RU-2016:0298-1: moderate: Recommended update for SUSEConnect Message-ID: <20160201141304.8DD613213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0298-1 Rating: moderate References: #946183 #952804 #957354 #963080 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Re-add SUSEConnect binary to /usr/sbin. (bsc#963080) - Use `--match-exact` when searching for a product. (bsc#952804) - Fix fonts on xterm. (bsc#957354) - Remove unneeded link in %post which caused a warning. (bsc#946183) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-185=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-185=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): SUSEConnect-0.2.33-9.11.1 - SUSE Linux Enterprise Desktop 12 (x86_64): SUSEConnect-0.2.33-9.11.1 References: https://bugzilla.suse.com/946183 https://bugzilla.suse.com/952804 https://bugzilla.suse.com/957354 https://bugzilla.suse.com/963080 From sle-updates at lists.suse.com Mon Feb 1 07:14:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Feb 2016 15:14:00 +0100 (CET) Subject: SUSE-RU-2016:0299-1: moderate: Recommended update for SUSEConnect Message-ID: <20160201141400.1CCD33213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0299-1 Rating: moderate References: #952804 #957354 #963080 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Re-add SUSEConnect binary to /usr/sbin. (bsc#963080) - Use `--match-exact` when searching for a product. (bsc#952804) - Fix fonts on xterm. (bsc#957354) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-186=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): SUSEConnect-0.2.33-7.1 References: https://bugzilla.suse.com/952804 https://bugzilla.suse.com/957354 https://bugzilla.suse.com/963080 From sle-updates at lists.suse.com Mon Feb 1 07:14:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Feb 2016 15:14:45 +0100 (CET) Subject: SUSE-RU-2016:0300-1: moderate: Recommended update for libzip Message-ID: <20160201141445.1836B3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzip ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0300-1 Rating: moderate References: #963071 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libzip fixes a segmentation fault when attempting to open an invalid zip file. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-184=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-184=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-184=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-184=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-184=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-184=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libzip-debuginfo-0.11.1-12.1 libzip-debugsource-0.11.1-12.1 libzip-devel-0.11.1-12.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libzip-debuginfo-0.11.1-12.1 libzip-debugsource-0.11.1-12.1 libzip-devel-0.11.1-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libzip-debuginfo-0.11.1-12.1 libzip-debugsource-0.11.1-12.1 libzip2-0.11.1-12.1 libzip2-debuginfo-0.11.1-12.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libzip-debuginfo-0.11.1-12.1 libzip-debugsource-0.11.1-12.1 libzip2-0.11.1-12.1 libzip2-debuginfo-0.11.1-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libzip-debuginfo-0.11.1-12.1 libzip-debugsource-0.11.1-12.1 libzip2-0.11.1-12.1 libzip2-debuginfo-0.11.1-12.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libzip-debuginfo-0.11.1-12.1 libzip-debugsource-0.11.1-12.1 libzip2-0.11.1-12.1 libzip2-debuginfo-0.11.1-12.1 References: https://bugzilla.suse.com/963071 From sle-updates at lists.suse.com Mon Feb 1 12:11:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Feb 2016 20:11:31 +0100 (CET) Subject: SUSE-SU-2016:0303-1: moderate: Security update for kdebase4-workspace Message-ID: <20160201191131.B9402320E8@maintenance.suse.de> SUSE Security Update: Security update for kdebase4-workspace ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0303-1 Rating: moderate References: #904625 #929718 Cross-References: CVE-2014-8651 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for kdebase4-workspace fixes the following issues: - CVE-2014-8651: Privilege escalation via KDE Clock KCM helper when non-default polkit settings are used (bsc#904625) The following non-security bugs were fixed: - bsc#929718: Make kdm recognize an IPv6 localhost address as localhost Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kdebase4-workspace-20160115-12380=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kdebase4-workspace-20160115-12380=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdebase4-workspace-devel-4.3.5-0.12.20.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): kdebase4-workspace-devel-4.3.5-0.12.20.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): kde4-kgreeter-plugins-4.3.5-0.12.20.1 kdebase4-workspace-4.3.5-0.12.20.1 kdebase4-workspace-ksysguardd-4.3.5-0.12.20.1 kdm-4.3.5-0.12.20.1 kwin-4.3.5-0.12.20.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (noarch): kdebase4-wallpapers-4.3.5-0.11.20.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kde4-kgreeter-plugins-4.3.5-0.12.20.1 kdebase4-workspace-4.3.5-0.12.20.1 kdebase4-workspace-ksysguardd-4.3.5-0.12.20.1 kdm-4.3.5-0.12.20.1 kwin-4.3.5-0.12.20.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): kdebase4-wallpapers-4.3.5-0.11.20.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): kde4-kgreeter-plugins-4.3.5-0.12.20.1 kdebase4-workspace-4.3.5-0.12.20.1 kdebase4-workspace-ksysguardd-4.3.5-0.12.20.1 kdm-4.3.5-0.12.20.1 kwin-4.3.5-0.12.20.1 - SUSE Linux Enterprise Server 11-SP3 (noarch): kdebase4-wallpapers-4.3.5-0.11.20.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): kde4-kgreeter-plugins-4.3.5-0.12.20.1 kdebase4-workspace-4.3.5-0.12.20.1 kdebase4-workspace-ksysguardd-4.3.5-0.12.20.1 kdm-4.3.5-0.12.20.1 kwin-4.3.5-0.12.20.1 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): kdebase4-wallpapers-4.3.5-0.11.20.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): kde4-kgreeter-plugins-4.3.5-0.12.20.1 kdebase4-workspace-4.3.5-0.12.20.1 kdebase4-workspace-ksysguardd-4.3.5-0.12.20.1 kdm-4.3.5-0.12.20.1 kwin-4.3.5-0.12.20.1 - SUSE Linux Enterprise Desktop 11-SP3 (noarch): kdebase4-wallpapers-4.3.5-0.11.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdebase4-workspace-debuginfo-4.3.5-0.12.20.1 kdebase4-workspace-debugsource-4.3.5-0.12.20.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): kdebase4-workspace-debuginfo-4.3.5-0.12.20.1 kdebase4-workspace-debugsource-4.3.5-0.12.20.1 References: https://www.suse.com/security/cve/CVE-2014-8651.html https://bugzilla.suse.com/904625 https://bugzilla.suse.com/929718 From sle-updates at lists.suse.com Mon Feb 1 12:12:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Feb 2016 20:12:20 +0100 (CET) Subject: SUSE-SU-2016:0304-1: moderate: Security update for libvirt Message-ID: <20160201191220.0DEEC3213D@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0304-1 Rating: moderate References: #899334 #903757 #904432 #911737 #914297 #914693 #921355 #921555 #921586 #936524 #938228 #948516 #948686 #953110 Cross-References: CVE-2015-0236 CVE-2015-5313 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has 12 fixes is now available. Description: libvirt was updated to fix one security issue and several non-security issues. This security issue was fixed: - CVE-2015-0236: libvirt allowed remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. (bsc#914693) - CVE-2015-5313: path traversal vulnerability allowed libvirtd process to write arbitrary files into file system using root permissions (bsc#953110) Theses non-security issues were fixed: - bsc#948686: Use PAUSED state for domains that are starting up. - bsc#903757: Provide nodeGetSecurityModel implementation in libxl. - bsc#938228: Set disk type to BLOCK when driver is not tap or file. - bsc#948516: Fix profile_status to distinguish between errors and unconfined domains. - bsc#936524: Fix error starting lxc containers with direct interfaces. - bsc#921555: Fixed apparmor generated profile for PCI hostdevs. - bsc#899334: Include additional upstream fixes for systemd TerminateMachine. - bsc#921586: Fix security driver default settings in /etc/libvirt/qemu.conf. - bsc#921355: Fixed a number of QEMU apparmor abstraction problems. - bsc#911737: Additional fix for the case where security labels aren't automatically set. - bsc#914297: Allow setting the URL of an SMT server to use in place of SCC. - bsc#904432: Backported route definition changes. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-189=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-189=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-189=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-189=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-189=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libvirt-client-32bit-1.2.5-27.10.1 libvirt-client-debuginfo-32bit-1.2.5-27.10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libvirt-debugsource-1.2.5-27.10.1 libvirt-devel-1.2.5-27.10.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): libvirt-client-32bit-1.2.5-27.10.1 libvirt-client-debuginfo-32bit-1.2.5-27.10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libvirt-1.2.5-27.10.1 libvirt-client-1.2.5-27.10.1 libvirt-client-debuginfo-1.2.5-27.10.1 libvirt-daemon-1.2.5-27.10.1 libvirt-daemon-config-network-1.2.5-27.10.1 libvirt-daemon-config-nwfilter-1.2.5-27.10.1 libvirt-daemon-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-interface-1.2.5-27.10.1 libvirt-daemon-driver-interface-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-lxc-1.2.5-27.10.1 libvirt-daemon-driver-lxc-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-network-1.2.5-27.10.1 libvirt-daemon-driver-network-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-nodedev-1.2.5-27.10.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-nwfilter-1.2.5-27.10.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-qemu-1.2.5-27.10.1 libvirt-daemon-driver-qemu-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-secret-1.2.5-27.10.1 libvirt-daemon-driver-secret-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-storage-1.2.5-27.10.1 libvirt-daemon-driver-storage-debuginfo-1.2.5-27.10.1 libvirt-daemon-lxc-1.2.5-27.10.1 libvirt-daemon-qemu-1.2.5-27.10.1 libvirt-debugsource-1.2.5-27.10.1 libvirt-doc-1.2.5-27.10.1 libvirt-lock-sanlock-1.2.5-27.10.1 libvirt-lock-sanlock-debuginfo-1.2.5-27.10.1 - SUSE Linux Enterprise Server 12 (x86_64): libvirt-daemon-driver-libxl-1.2.5-27.10.1 libvirt-daemon-driver-libxl-debuginfo-1.2.5-27.10.1 libvirt-daemon-xen-1.2.5-27.10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libvirt-1.2.5-27.10.1 libvirt-client-1.2.5-27.10.1 libvirt-client-32bit-1.2.5-27.10.1 libvirt-client-debuginfo-1.2.5-27.10.1 libvirt-client-debuginfo-32bit-1.2.5-27.10.1 libvirt-daemon-1.2.5-27.10.1 libvirt-daemon-config-network-1.2.5-27.10.1 libvirt-daemon-config-nwfilter-1.2.5-27.10.1 libvirt-daemon-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-interface-1.2.5-27.10.1 libvirt-daemon-driver-interface-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-libxl-1.2.5-27.10.1 libvirt-daemon-driver-libxl-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-lxc-1.2.5-27.10.1 libvirt-daemon-driver-lxc-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-network-1.2.5-27.10.1 libvirt-daemon-driver-network-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-nodedev-1.2.5-27.10.1 libvirt-daemon-driver-nodedev-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-nwfilter-1.2.5-27.10.1 libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-qemu-1.2.5-27.10.1 libvirt-daemon-driver-qemu-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-secret-1.2.5-27.10.1 libvirt-daemon-driver-secret-debuginfo-1.2.5-27.10.1 libvirt-daemon-driver-storage-1.2.5-27.10.1 libvirt-daemon-driver-storage-debuginfo-1.2.5-27.10.1 libvirt-daemon-lxc-1.2.5-27.10.1 libvirt-daemon-qemu-1.2.5-27.10.1 libvirt-daemon-xen-1.2.5-27.10.1 libvirt-debugsource-1.2.5-27.10.1 libvirt-doc-1.2.5-27.10.1 References: https://www.suse.com/security/cve/CVE-2015-0236.html https://www.suse.com/security/cve/CVE-2015-5313.html https://bugzilla.suse.com/899334 https://bugzilla.suse.com/903757 https://bugzilla.suse.com/904432 https://bugzilla.suse.com/911737 https://bugzilla.suse.com/914297 https://bugzilla.suse.com/914693 https://bugzilla.suse.com/921355 https://bugzilla.suse.com/921555 https://bugzilla.suse.com/921586 https://bugzilla.suse.com/936524 https://bugzilla.suse.com/938228 https://bugzilla.suse.com/948516 https://bugzilla.suse.com/948686 https://bugzilla.suse.com/953110 From sle-updates at lists.suse.com Tue Feb 2 11:11:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Feb 2016 19:11:15 +0100 (CET) Subject: SUSE-RU-2016:0314-1: Recommended update for python-pytz Message-ID: <20160202181115.D16ED320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pytz ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0314-1 Rating: low References: #941249 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The IANA timezone database included in python-pytz has been updated to version 2015f. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-python-pytz-12381=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): python-pytz-2015.6-14.3 References: https://bugzilla.suse.com/941249 From sle-updates at lists.suse.com Wed Feb 3 07:20:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Feb 2016 15:20:17 +0100 (CET) Subject: SUSE-RU-2016:0319-1: Recommended update for ibus-pinyin Message-ID: <20160203142017.F21263213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for ibus-pinyin ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0319-1 Rating: low References: #955325 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ibus-pinyin fixes the following issues: - Set ibus-pinyin engine to full pinyin by default when dconf data does not exist. (bsc#955325) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-192=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-192=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-192=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-192=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ibus-pinyin-1.5.0-4.1 ibus-pinyin-debuginfo-1.5.0-4.1 ibus-pinyin-debugsource-1.5.0-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ibus-pinyin-1.5.0-4.1 ibus-pinyin-debuginfo-1.5.0-4.1 ibus-pinyin-debugsource-1.5.0-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ibus-pinyin-1.5.0-4.1 ibus-pinyin-debuginfo-1.5.0-4.1 ibus-pinyin-debugsource-1.5.0-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ibus-pinyin-1.5.0-4.1 ibus-pinyin-debuginfo-1.5.0-4.1 ibus-pinyin-debugsource-1.5.0-4.1 References: https://bugzilla.suse.com/955325 From sle-updates at lists.suse.com Wed Feb 3 07:55:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Feb 2016 15:55:27 +0100 (CET) Subject: SUSE-RU-2016:0321-1: Recommended update for kgraft Message-ID: <20160203145527.4CE3E3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for kgraft ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0321-1 Rating: low References: #939130 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kgraft fixes the following issues: - kgr.sh: Indicate initial patch in kgr patches. - kgr.sh: Use Fixes tag for kgr -v patches output. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-195=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (ppc64le s390x x86_64): kgraft-1.0-22.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-devel-1.0-22.1 References: https://bugzilla.suse.com/939130 From sle-updates at lists.suse.com Wed Feb 3 07:55:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Feb 2016 15:55:50 +0100 (CET) Subject: SUSE-RU-2016:0322-1: Recommended update for gnome-control-center Message-ID: <20160203145550.9977A3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-control-center ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0322-1 Rating: low References: #947761 #955322 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnome-control-center provides the following fixes: - Ensure "Login Screen" button is correctly displayed in "Region & Language" settings after Administrator log-in. (bsc#955322) - Fix untranslated title on the "Add Profile" dialog on Color Panel settings. (bsc#947761) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-194=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-194=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-194=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-194=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gnome-control-center-color-3.10.3-26.1 gnome-control-center-debuginfo-3.10.3-26.1 gnome-control-center-debugsource-3.10.3-26.1 gnome-control-center-goa-3.10.3-26.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gnome-control-center-debuginfo-3.10.3-26.1 gnome-control-center-debugsource-3.10.3-26.1 gnome-control-center-devel-3.10.3-26.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gnome-control-center-3.10.3-26.1 gnome-control-center-debuginfo-3.10.3-26.1 gnome-control-center-debugsource-3.10.3-26.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gnome-control-center-lang-3.10.3-26.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gnome-control-center-3.10.3-26.1 gnome-control-center-color-3.10.3-26.1 gnome-control-center-debuginfo-3.10.3-26.1 gnome-control-center-debugsource-3.10.3-26.1 gnome-control-center-goa-3.10.3-26.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gnome-control-center-lang-3.10.3-26.1 References: https://bugzilla.suse.com/947761 https://bugzilla.suse.com/955322 From sle-updates at lists.suse.com Wed Feb 3 07:56:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Feb 2016 15:56:30 +0100 (CET) Subject: SUSE-RU-2016:0323-1: moderate: Recommended update for targetcli, python-rtslib Message-ID: <20160203145630.352B33213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for targetcli, python-rtslib ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0323-1 Rating: moderate References: #910538 #948529 #954234 #956509 #958274 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for targetcli and python-rtslib provides the following fixes: targetcli: - Remove trailing white spaces before parsing "exit" command. (bsc#948529) - Update systemd service start to load current configuration, if any, using load_targetcli_config. (bsc#954234) - Fix silent failure on backstore file creation when file size is not specified. (bsc#910538) python-rtslib: - Add qla2xxx_wwn WWN type, allowing systems with existing targets to be validated by rtslib and for the configuration to be saved. (bsc#954234) - Fix detection of 64-bit architectures. (bsc#956509) - If the system hostname contains underscores, replace them by dashes before using it to create target names. (bsc#958274) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-193=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-193=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): targetcli-2.1-17.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): python-rtslib-2.2-22.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): targetcli-2.1-17.1 - SUSE Linux Enterprise Server 12 (noarch): python-rtslib-2.2-22.1 References: https://bugzilla.suse.com/910538 https://bugzilla.suse.com/948529 https://bugzilla.suse.com/954234 https://bugzilla.suse.com/956509 https://bugzilla.suse.com/958274 From sle-updates at lists.suse.com Wed Feb 3 09:11:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Feb 2016 17:11:18 +0100 (CET) Subject: SUSE-SU-2016:0324-1: moderate: Recommended update for LibreOffice Message-ID: <20160203161118.1C5053213D@maintenance.suse.de> SUSE Security Update: Recommended update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0324-1 Rating: moderate References: #306333 #547549 #668145 #679938 #681560 #688200 #718113 #806250 #857026 #889755 #890735 #907636 #907966 #910805 #910806 #914911 #934423 #936188 #936190 #939996 #940838 #943075 #945047 #945692 #951579 #954345 Cross-References: CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 19 fixes is now available. Description: This update brings LibreOffice to version 5.0.4, a major version update. It brings lots of new features, bug fixes and also security fixes. Features as seen on http://www.libreoffice.org/discover/new-features/ * LibreOffice 5.0 ships an impressive number of new features for its spreadsheet module, Calc: complex formulae image cropping, new functions, more powerful conditional formatting, table addressing and much more. Calc's blend of performance and features makes it an enterprise-ready, heavy duty spreadsheet application capable of handling all kinds of workload for an impressive range of use cases * New icons, major improvements to menus and sidebar : no other LibreOffice version has looked that good and helped you be creative and get things done the right way. In addition, style management is now more intuitive thanks to the visualization of styles right in the interface. * LibreOffice 5 ships with numerous improvements to document import and export filters for MS Office, PDF, RTF, and more. You can now timestamp PDF documents generated with LibreOffice and enjoy enhanced document conversion fidelity all around. The Pentaho Flow Reporting Engine is now added and used. Security issues fixed: * CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. * CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. * CVE-2015-4551: An arbitrary file disclosure vulnerability in Libreoffice and Openoffice Calc and Writer was fixed. * CVE-2015-5212: A LibreOffice "PrinterSetup Length" integer underflow vulnerability could be used by attackers supplying documents to execute code as the user opening the document. * CVE-2015-5213: A LibreOffice "Piece Table Counter" invalid check design error vulnerability allowed attackers supplying documents to execute code as the user opening the document. * CVE-2015-5214: Multiple Vendor LibreOffice Bookmark Status Memory Corruption Vulnerability allowed attackers supplying documents to execute code as the user opening the document. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libreoffice-504-1174=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-libreoffice-504-1174=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libreoffice-504-1174=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): hyphen-devel-2.8.8-2.1 libhyphen0-2.8.8-2.1 libmythes-1_2-0-1.2.4-2.1 libreoffice-5.0.4.2-23.1 libreoffice-base-5.0.4.2-23.1 libreoffice-base-drivers-postgresql-5.0.4.2-23.1 libreoffice-branding-upstream-5.0.4.2-23.1 libreoffice-calc-5.0.4.2-23.1 libreoffice-calc-extensions-5.0.4.2-23.1 libreoffice-draw-5.0.4.2-23.1 libreoffice-filters-optional-5.0.4.2-23.1 libreoffice-gnome-5.0.4.2-23.1 libreoffice-icon-theme-galaxy-5.0.4.2-23.1 libreoffice-icon-theme-tango-5.0.4.2-23.1 libreoffice-impress-5.0.4.2-23.1 libreoffice-kde4-5.0.4.2-23.1 libreoffice-l10n-af-5.0.4.2-23.1 libreoffice-l10n-ar-5.0.4.2-23.1 libreoffice-l10n-ca-5.0.4.2-23.1 libreoffice-l10n-cs-5.0.4.2-23.1 libreoffice-l10n-da-5.0.4.2-23.1 libreoffice-l10n-de-5.0.4.2-23.1 libreoffice-l10n-en-5.0.4.2-23.1 libreoffice-l10n-es-5.0.4.2-23.1 libreoffice-l10n-fi-5.0.4.2-23.1 libreoffice-l10n-fr-5.0.4.2-23.1 libreoffice-l10n-gu-5.0.4.2-23.1 libreoffice-l10n-hi-5.0.4.2-23.1 libreoffice-l10n-hu-5.0.4.2-23.1 libreoffice-l10n-it-5.0.4.2-23.1 libreoffice-l10n-ja-5.0.4.2-23.1 libreoffice-l10n-ko-5.0.4.2-23.1 libreoffice-l10n-nb-5.0.4.2-23.1 libreoffice-l10n-nl-5.0.4.2-23.1 libreoffice-l10n-nn-5.0.4.2-23.1 libreoffice-l10n-pl-5.0.4.2-23.1 libreoffice-l10n-pt-BR-5.0.4.2-23.1 libreoffice-l10n-pt-PT-5.0.4.2-23.1 libreoffice-l10n-ru-5.0.4.2-23.1 libreoffice-l10n-sk-5.0.4.2-23.1 libreoffice-l10n-sv-5.0.4.2-23.1 libreoffice-l10n-xh-5.0.4.2-23.1 libreoffice-l10n-zh-Hans-5.0.4.2-23.1 libreoffice-l10n-zh-Hant-5.0.4.2-23.1 libreoffice-l10n-zu-5.0.4.2-23.1 libreoffice-mailmerge-5.0.4.2-23.1 libreoffice-math-5.0.4.2-23.1 libreoffice-officebean-5.0.4.2-23.1 libreoffice-pyuno-5.0.4.2-23.1 libreoffice-sdk-5.0.4.2-23.1 libreoffice-voikko-4.1-2.26 libreoffice-writer-5.0.4.2-23.1 libreoffice-writer-extensions-5.0.4.2-23.1 libvoikko-devel-3.7.1-5.2 libvoikko1-3.7.1-5.2 myspell-af_NA-20150827-23.1 myspell-af_ZA-20150827-23.1 myspell-ar-20150827-23.1 myspell-ar_AE-20150827-23.1 myspell-ar_BH-20150827-23.1 myspell-ar_DZ-20150827-23.1 myspell-ar_EG-20150827-23.1 myspell-ar_IQ-20150827-23.1 myspell-ar_JO-20150827-23.1 myspell-ar_KW-20150827-23.1 myspell-ar_LB-20150827-23.1 myspell-ar_LY-20150827-23.1 myspell-ar_MA-20150827-23.1 myspell-ar_OM-20150827-23.1 myspell-ar_QA-20150827-23.1 myspell-ar_SA-20150827-23.1 myspell-ar_SD-20150827-23.1 myspell-ar_SY-20150827-23.1 myspell-ar_TN-20150827-23.1 myspell-ar_YE-20150827-23.1 myspell-be_BY-20150827-23.1 myspell-bg_BG-20150827-23.1 myspell-bn_BD-20150827-23.1 myspell-bn_IN-20150827-23.1 myspell-bs-20150827-23.1 myspell-bs_BA-20150827-23.1 myspell-ca-20150827-23.1 myspell-ca_AD-20150827-23.1 myspell-ca_ES-20150827-23.1 myspell-ca_ES_valencia-20150827-23.1 myspell-ca_FR-20150827-23.1 myspell-ca_IT-20150827-23.1 myspell-cs_CZ-20150827-23.1 myspell-da_DK-20150827-23.1 myspell-de-20150827-23.1 myspell-de_AT-20150827-23.1 myspell-de_CH-20150827-23.1 myspell-de_DE-20150827-23.1 myspell-dictionaries-20150827-23.1 myspell-el_GR-20150827-23.1 myspell-en-20150827-23.1 myspell-en_AU-20150827-23.1 myspell-en_BS-20150827-23.1 myspell-en_BZ-20150827-23.1 myspell-en_CA-20150827-23.1 myspell-en_GB-20150827-23.1 myspell-en_GH-20150827-23.1 myspell-en_IE-20150827-23.1 myspell-en_IN-20150827-23.1 myspell-en_JM-20150827-23.1 myspell-en_MW-20150827-23.1 myspell-en_NA-20150827-23.1 myspell-en_NZ-20150827-23.1 myspell-en_PH-20150827-23.1 myspell-en_TT-20150827-23.1 myspell-en_US-20150827-23.1 myspell-en_ZA-20150827-23.1 myspell-en_ZW-20150827-23.1 myspell-es-20150827-23.1 myspell-es_AR-20150827-23.1 myspell-es_BO-20150827-23.1 myspell-es_CL-20150827-23.1 myspell-es_CO-20150827-23.1 myspell-es_CR-20150827-23.1 myspell-es_CU-20150827-23.1 myspell-es_DO-20150827-23.1 myspell-es_EC-20150827-23.1 myspell-es_ES-20150827-23.1 myspell-es_GT-20150827-23.1 myspell-es_HN-20150827-23.1 myspell-es_MX-20150827-23.1 myspell-es_NI-20150827-23.1 myspell-es_PA-20150827-23.1 myspell-es_PE-20150827-23.1 myspell-es_PR-20150827-23.1 myspell-es_PY-20150827-23.1 myspell-es_SV-20150827-23.1 myspell-es_UY-20150827-23.1 myspell-es_VE-20150827-23.1 myspell-et_EE-20150827-23.1 myspell-fr_BE-20150827-23.1 myspell-fr_CA-20150827-23.1 myspell-fr_CH-20150827-23.1 myspell-fr_FR-20150827-23.1 myspell-fr_LU-20150827-23.1 myspell-fr_MC-20150827-23.1 myspell-gu_IN-20150827-23.1 myspell-he_IL-20150827-23.1 myspell-hi_IN-20150827-23.1 myspell-hr_HR-20150827-23.1 myspell-hu_HU-20150827-23.1 myspell-it_IT-20150827-23.1 myspell-lightproof-en-20150827-23.1 myspell-lightproof-hu_HU-20150827-23.1 myspell-lightproof-pt_BR-20150827-23.1 myspell-lightproof-ru_RU-20150827-23.1 myspell-lo_LA-20150827-23.1 myspell-lt_LT-20150827-23.1 myspell-lv_LV-20150827-23.1 myspell-nb_NO-20150827-23.1 myspell-nl_BE-20150827-23.1 myspell-nl_NL-20150827-23.1 myspell-nn_NO-20150827-23.1 myspell-no-20150827-23.1 myspell-pl_PL-20150827-23.1 myspell-pt_AO-20150827-23.1 myspell-pt_BR-20150827-23.1 myspell-pt_PT-20150827-23.1 myspell-ro-20150827-23.1 myspell-ro_RO-20150827-23.1 myspell-ru_RU-20150827-23.1 myspell-sk_SK-20150827-23.1 myspell-sl_SI-20150827-23.1 myspell-sr-20150827-23.1 myspell-sr_CS-20150827-23.1 myspell-sr_Latn_CS-20150827-23.1 myspell-sr_Latn_RS-20150827-23.1 myspell-sr_RS-20150827-23.1 myspell-sv_FI-20150827-23.1 myspell-sv_SE-20150827-23.1 myspell-te-20150827-23.1 myspell-te_IN-20150827-23.1 myspell-th_TH-20150827-23.1 myspell-vi-20150827-23.1 myspell-vi_VN-20150827-23.1 myspell-zu_ZA-20150827-23.1 mythes-devel-1.2.4-2.1 python-importlib-1.0.2-0.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): google-carlito-fonts-1.1.03.beta1-2.1 libreoffice-share-linker-1-2.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libhyphen0-2.8.8-2.1 libmythes-1_2-0-1.2.4-2.1 libreoffice-5.0.4.2-23.1 libreoffice-base-5.0.4.2-23.1 libreoffice-base-drivers-postgresql-5.0.4.2-23.1 libreoffice-calc-5.0.4.2-23.1 libreoffice-calc-extensions-5.0.4.2-23.1 libreoffice-draw-5.0.4.2-23.1 libreoffice-filters-optional-5.0.4.2-23.1 libreoffice-gnome-5.0.4.2-23.1 libreoffice-icon-theme-galaxy-5.0.4.2-23.1 libreoffice-icon-theme-tango-5.0.4.2-23.1 libreoffice-impress-5.0.4.2-23.1 libreoffice-kde4-5.0.4.2-23.1 libreoffice-l10n-af-5.0.4.2-23.1 libreoffice-l10n-ar-5.0.4.2-23.1 libreoffice-l10n-ca-5.0.4.2-23.1 libreoffice-l10n-cs-5.0.4.2-23.1 libreoffice-l10n-da-5.0.4.2-23.1 libreoffice-l10n-de-5.0.4.2-23.1 libreoffice-l10n-en-5.0.4.2-23.1 libreoffice-l10n-es-5.0.4.2-23.1 libreoffice-l10n-fi-5.0.4.2-23.1 libreoffice-l10n-fr-5.0.4.2-23.1 libreoffice-l10n-gu-5.0.4.2-23.1 libreoffice-l10n-hi-5.0.4.2-23.1 libreoffice-l10n-hu-5.0.4.2-23.1 libreoffice-l10n-it-5.0.4.2-23.1 libreoffice-l10n-ja-5.0.4.2-23.1 libreoffice-l10n-ko-5.0.4.2-23.1 libreoffice-l10n-nb-5.0.4.2-23.1 libreoffice-l10n-nl-5.0.4.2-23.1 libreoffice-l10n-nn-5.0.4.2-23.1 libreoffice-l10n-pl-5.0.4.2-23.1 libreoffice-l10n-pt-BR-5.0.4.2-23.1 libreoffice-l10n-pt-PT-5.0.4.2-23.1 libreoffice-l10n-ru-5.0.4.2-23.1 libreoffice-l10n-sk-5.0.4.2-23.1 libreoffice-l10n-sv-5.0.4.2-23.1 libreoffice-l10n-xh-5.0.4.2-23.1 libreoffice-l10n-zh-Hans-5.0.4.2-23.1 libreoffice-l10n-zh-Hant-5.0.4.2-23.1 libreoffice-l10n-zu-5.0.4.2-23.1 libreoffice-mailmerge-5.0.4.2-23.1 libreoffice-math-5.0.4.2-23.1 libreoffice-officebean-5.0.4.2-23.1 libreoffice-pyuno-5.0.4.2-23.1 libreoffice-sdk-5.0.4.2-23.1 libreoffice-voikko-4.1-2.26 libreoffice-writer-5.0.4.2-23.1 libreoffice-writer-extensions-5.0.4.2-23.1 libvoikko1-3.7.1-5.2 myspell-af_NA-20150827-23.1 myspell-af_ZA-20150827-23.1 myspell-ar-20150827-23.1 myspell-ar_AE-20150827-23.1 myspell-ar_BH-20150827-23.1 myspell-ar_DZ-20150827-23.1 myspell-ar_EG-20150827-23.1 myspell-ar_IQ-20150827-23.1 myspell-ar_JO-20150827-23.1 myspell-ar_KW-20150827-23.1 myspell-ar_LB-20150827-23.1 myspell-ar_LY-20150827-23.1 myspell-ar_MA-20150827-23.1 myspell-ar_OM-20150827-23.1 myspell-ar_QA-20150827-23.1 myspell-ar_SA-20150827-23.1 myspell-ar_SD-20150827-23.1 myspell-ar_SY-20150827-23.1 myspell-ar_TN-20150827-23.1 myspell-ar_YE-20150827-23.1 myspell-be_BY-20150827-23.1 myspell-bg_BG-20150827-23.1 myspell-bn_BD-20150827-23.1 myspell-bn_IN-20150827-23.1 myspell-bs-20150827-23.1 myspell-bs_BA-20150827-23.1 myspell-ca-20150827-23.1 myspell-ca_AD-20150827-23.1 myspell-ca_ES-20150827-23.1 myspell-ca_ES_valencia-20150827-23.1 myspell-ca_FR-20150827-23.1 myspell-ca_IT-20150827-23.1 myspell-cs_CZ-20150827-23.1 myspell-da_DK-20150827-23.1 myspell-de-20150827-23.1 myspell-de_AT-20150827-23.1 myspell-de_CH-20150827-23.1 myspell-de_DE-20150827-23.1 myspell-dictionaries-20150827-23.1 myspell-el_GR-20150827-23.1 myspell-en-20150827-23.1 myspell-en_AU-20150827-23.1 myspell-en_BS-20150827-23.1 myspell-en_BZ-20150827-23.1 myspell-en_CA-20150827-23.1 myspell-en_GB-20150827-23.1 myspell-en_GH-20150827-23.1 myspell-en_IE-20150827-23.1 myspell-en_IN-20150827-23.1 myspell-en_JM-20150827-23.1 myspell-en_MW-20150827-23.1 myspell-en_NA-20150827-23.1 myspell-en_NZ-20150827-23.1 myspell-en_PH-20150827-23.1 myspell-en_TT-20150827-23.1 myspell-en_US-20150827-23.1 myspell-en_ZA-20150827-23.1 myspell-en_ZW-20150827-23.1 myspell-es-20150827-23.1 myspell-es_AR-20150827-23.1 myspell-es_BO-20150827-23.1 myspell-es_CL-20150827-23.1 myspell-es_CO-20150827-23.1 myspell-es_CR-20150827-23.1 myspell-es_CU-20150827-23.1 myspell-es_DO-20150827-23.1 myspell-es_EC-20150827-23.1 myspell-es_ES-20150827-23.1 myspell-es_GT-20150827-23.1 myspell-es_HN-20150827-23.1 myspell-es_MX-20150827-23.1 myspell-es_NI-20150827-23.1 myspell-es_PA-20150827-23.1 myspell-es_PE-20150827-23.1 myspell-es_PR-20150827-23.1 myspell-es_PY-20150827-23.1 myspell-es_SV-20150827-23.1 myspell-es_UY-20150827-23.1 myspell-es_VE-20150827-23.1 myspell-et_EE-20150827-23.1 myspell-fr_BE-20150827-23.1 myspell-fr_CA-20150827-23.1 myspell-fr_CH-20150827-23.1 myspell-fr_FR-20150827-23.1 myspell-fr_LU-20150827-23.1 myspell-fr_MC-20150827-23.1 myspell-gu_IN-20150827-23.1 myspell-he_IL-20150827-23.1 myspell-hi_IN-20150827-23.1 myspell-hr_HR-20150827-23.1 myspell-hu_HU-20150827-23.1 myspell-it_IT-20150827-23.1 myspell-lightproof-en-20150827-23.1 myspell-lightproof-hu_HU-20150827-23.1 myspell-lightproof-pt_BR-20150827-23.1 myspell-lightproof-ru_RU-20150827-23.1 myspell-lo_LA-20150827-23.1 myspell-lt_LT-20150827-23.1 myspell-lv_LV-20150827-23.1 myspell-nb_NO-20150827-23.1 myspell-nl_BE-20150827-23.1 myspell-nl_NL-20150827-23.1 myspell-nn_NO-20150827-23.1 myspell-no-20150827-23.1 myspell-pl_PL-20150827-23.1 myspell-pt_AO-20150827-23.1 myspell-pt_BR-20150827-23.1 myspell-pt_PT-20150827-23.1 myspell-ro-20150827-23.1 myspell-ro_RO-20150827-23.1 myspell-ru_RU-20150827-23.1 myspell-sk_SK-20150827-23.1 myspell-sl_SI-20150827-23.1 myspell-sr-20150827-23.1 myspell-sr_CS-20150827-23.1 myspell-sr_Latn_CS-20150827-23.1 myspell-sr_Latn_RS-20150827-23.1 myspell-sr_RS-20150827-23.1 myspell-sv_FI-20150827-23.1 myspell-sv_SE-20150827-23.1 myspell-te-20150827-23.1 myspell-te_IN-20150827-23.1 myspell-th_TH-20150827-23.1 myspell-vi-20150827-23.1 myspell-vi_VN-20150827-23.1 myspell-zu_ZA-20150827-23.1 python-importlib-1.0.2-0.8.1 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): google-carlito-fonts-1.1.03.beta1-2.1 libreoffice-share-linker-1-2.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): hyphen-debuginfo-2.8.8-2.1 hyphen-debugsource-2.8.8-2.1 libreoffice-debuginfo-5.0.4.2-23.1 libvoikko-debuginfo-3.7.1-5.2 libvoikko-debugsource-3.7.1-5.2 mythes-debuginfo-1.2.4-2.1 mythes-debugsource-1.2.4-2.1 References: https://www.suse.com/security/cve/CVE-2014-8146.html https://www.suse.com/security/cve/CVE-2014-8147.html https://www.suse.com/security/cve/CVE-2014-9093.html https://www.suse.com/security/cve/CVE-2015-4551.html https://www.suse.com/security/cve/CVE-2015-5212.html https://www.suse.com/security/cve/CVE-2015-5213.html https://www.suse.com/security/cve/CVE-2015-5214.html https://bugzilla.suse.com/306333 https://bugzilla.suse.com/547549 https://bugzilla.suse.com/668145 https://bugzilla.suse.com/679938 https://bugzilla.suse.com/681560 https://bugzilla.suse.com/688200 https://bugzilla.suse.com/718113 https://bugzilla.suse.com/806250 https://bugzilla.suse.com/857026 https://bugzilla.suse.com/889755 https://bugzilla.suse.com/890735 https://bugzilla.suse.com/907636 https://bugzilla.suse.com/907966 https://bugzilla.suse.com/910805 https://bugzilla.suse.com/910806 https://bugzilla.suse.com/914911 https://bugzilla.suse.com/934423 https://bugzilla.suse.com/936188 https://bugzilla.suse.com/936190 https://bugzilla.suse.com/939996 https://bugzilla.suse.com/940838 https://bugzilla.suse.com/943075 https://bugzilla.suse.com/945047 https://bugzilla.suse.com/945692 https://bugzilla.suse.com/951579 https://bugzilla.suse.com/954345 From sle-updates at lists.suse.com Thu Feb 4 08:11:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 16:11:54 +0100 (CET) Subject: SUSE-RU-2016:0325-1: Recommended update for release-notes-sled Message-ID: <20160204151154.ADB12320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0325-1 Rating: low References: #959134 #959208 #959576 #961132 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update provides the latest version of the release notes for SUSE Linux Enterprise Desktop 12-SP1: - New method of Online Migration between Service Packs. (fate#315161, bsc#959576, bsc#959134) - Using SSH-Based AutoYaST Without Doing Updates. (fate#320205, bsc#959208) - OpenJDK 8 availability: Clarification, language cleanup. (fate#318956) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-196=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-196=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): release-notes-sled-12.1.20160122-6.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): release-notes-sled-12.1.20160122-6.3 References: https://bugzilla.suse.com/959134 https://bugzilla.suse.com/959208 https://bugzilla.suse.com/959576 https://bugzilla.suse.com/961132 From sle-updates at lists.suse.com Thu Feb 4 08:13:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 16:13:55 +0100 (CET) Subject: SUSE-RU-2016:0329-1: Recommended update for permissions Message-ID: <20160204151355.2658C3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0329-1 Rating: low References: #950557 #961363 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for permissions fixes the following issues: - Change pinger owner to squid:root instead of root:squid, as there is no squid group. (bsc#961363) - Add missing "/" to the squid specific directories. (bsc#950557) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-197=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-197=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-197=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-197=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): permissions-2015.09.28.1626-10.1 permissions-debuginfo-2015.09.28.1626-10.1 permissions-debugsource-2015.09.28.1626-10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): permissions-2015.09.28.1626-10.1 permissions-debuginfo-2015.09.28.1626-10.1 permissions-debugsource-2015.09.28.1626-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): permissions-2015.09.28.1626-10.1 permissions-debuginfo-2015.09.28.1626-10.1 permissions-debugsource-2015.09.28.1626-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): permissions-2015.09.28.1626-10.1 permissions-debuginfo-2015.09.28.1626-10.1 permissions-debugsource-2015.09.28.1626-10.1 References: https://bugzilla.suse.com/950557 https://bugzilla.suse.com/961363 From sle-updates at lists.suse.com Thu Feb 4 09:11:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 17:11:40 +0100 (CET) Subject: SUSE-RU-2016:0333-1: moderate: Recommended update for LibreOffice Message-ID: <20160204161140.288583213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0333-1 Rating: moderate References: #679938 #889755 #939996 #945047 #951579 #954345 #959716 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update to LibreOffice 5.0.4.2 fixes the following issues: - Calc: Problem opening certain ODS files - Remove RPATH on some 3rd party bundled libs. (bsc#951579) - Impress: Upon slide copy/paste the master page was duplicated. (bsc#945047) - Writer: Certain documents with graphics inserted via "Insert - Image - Insert as Link" could hang writer. bsc#954345) - When importing DOCX files, some indentation elements were not imported. (bsc#939996) - When importing PPTX files, certain chart axis number format was incorrect. (bsc#889755) - When saving files to doc format, the chapter name in the header does did not change with chapters. (bsc#679938) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-198=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-198=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-198=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-198=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libreoffice-5.0.4.2-19.3 libreoffice-base-5.0.4.2-19.3 libreoffice-base-debuginfo-5.0.4.2-19.3 libreoffice-base-drivers-mysql-5.0.4.2-19.3 libreoffice-base-drivers-mysql-debuginfo-5.0.4.2-19.3 libreoffice-base-drivers-postgresql-5.0.4.2-19.3 libreoffice-base-drivers-postgresql-debuginfo-5.0.4.2-19.3 libreoffice-calc-5.0.4.2-19.3 libreoffice-calc-debuginfo-5.0.4.2-19.3 libreoffice-calc-extensions-5.0.4.2-19.3 libreoffice-debuginfo-5.0.4.2-19.3 libreoffice-debugsource-5.0.4.2-19.3 libreoffice-draw-5.0.4.2-19.3 libreoffice-draw-debuginfo-5.0.4.2-19.3 libreoffice-filters-optional-5.0.4.2-19.3 libreoffice-gnome-5.0.4.2-19.3 libreoffice-gnome-debuginfo-5.0.4.2-19.3 libreoffice-impress-5.0.4.2-19.3 libreoffice-impress-debuginfo-5.0.4.2-19.3 libreoffice-mailmerge-5.0.4.2-19.3 libreoffice-math-5.0.4.2-19.3 libreoffice-math-debuginfo-5.0.4.2-19.3 libreoffice-officebean-5.0.4.2-19.3 libreoffice-officebean-debuginfo-5.0.4.2-19.3 libreoffice-pyuno-5.0.4.2-19.3 libreoffice-pyuno-debuginfo-5.0.4.2-19.3 libreoffice-writer-5.0.4.2-19.3 libreoffice-writer-debuginfo-5.0.4.2-19.3 libreoffice-writer-extensions-5.0.4.2-19.3 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): libreoffice-icon-theme-galaxy-5.0.4.2-19.3 libreoffice-icon-theme-tango-5.0.4.2-19.3 libreoffice-l10n-af-5.0.4.2-19.3 libreoffice-l10n-ar-5.0.4.2-19.3 libreoffice-l10n-ca-5.0.4.2-19.3 libreoffice-l10n-cs-5.0.4.2-19.3 libreoffice-l10n-da-5.0.4.2-19.3 libreoffice-l10n-de-5.0.4.2-19.3 libreoffice-l10n-en-5.0.4.2-19.3 libreoffice-l10n-es-5.0.4.2-19.3 libreoffice-l10n-fi-5.0.4.2-19.3 libreoffice-l10n-fr-5.0.4.2-19.3 libreoffice-l10n-gu-5.0.4.2-19.3 libreoffice-l10n-hi-5.0.4.2-19.3 libreoffice-l10n-hu-5.0.4.2-19.3 libreoffice-l10n-it-5.0.4.2-19.3 libreoffice-l10n-ja-5.0.4.2-19.3 libreoffice-l10n-ko-5.0.4.2-19.3 libreoffice-l10n-nb-5.0.4.2-19.3 libreoffice-l10n-nl-5.0.4.2-19.3 libreoffice-l10n-nn-5.0.4.2-19.3 libreoffice-l10n-pl-5.0.4.2-19.3 libreoffice-l10n-pt-BR-5.0.4.2-19.3 libreoffice-l10n-pt-PT-5.0.4.2-19.3 libreoffice-l10n-ru-5.0.4.2-19.3 libreoffice-l10n-sk-5.0.4.2-19.3 libreoffice-l10n-sv-5.0.4.2-19.3 libreoffice-l10n-xh-5.0.4.2-19.3 libreoffice-l10n-zh-Hans-5.0.4.2-19.3 libreoffice-l10n-zh-Hant-5.0.4.2-19.3 libreoffice-l10n-zu-5.0.4.2-19.3 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libreoffice-5.0.4.2-19.3 libreoffice-base-5.0.4.2-19.3 libreoffice-base-debuginfo-5.0.4.2-19.3 libreoffice-base-drivers-mysql-5.0.4.2-19.3 libreoffice-base-drivers-mysql-debuginfo-5.0.4.2-19.3 libreoffice-base-drivers-postgresql-5.0.4.2-19.3 libreoffice-base-drivers-postgresql-debuginfo-5.0.4.2-19.3 libreoffice-calc-5.0.4.2-19.3 libreoffice-calc-debuginfo-5.0.4.2-19.3 libreoffice-calc-extensions-5.0.4.2-19.3 libreoffice-debuginfo-5.0.4.2-19.3 libreoffice-debugsource-5.0.4.2-19.3 libreoffice-draw-5.0.4.2-19.3 libreoffice-draw-debuginfo-5.0.4.2-19.3 libreoffice-filters-optional-5.0.4.2-19.3 libreoffice-gnome-5.0.4.2-19.3 libreoffice-gnome-debuginfo-5.0.4.2-19.3 libreoffice-impress-5.0.4.2-19.3 libreoffice-impress-debuginfo-5.0.4.2-19.3 libreoffice-mailmerge-5.0.4.2-19.3 libreoffice-math-5.0.4.2-19.3 libreoffice-math-debuginfo-5.0.4.2-19.3 libreoffice-officebean-5.0.4.2-19.3 libreoffice-officebean-debuginfo-5.0.4.2-19.3 libreoffice-pyuno-5.0.4.2-19.3 libreoffice-pyuno-debuginfo-5.0.4.2-19.3 libreoffice-writer-5.0.4.2-19.3 libreoffice-writer-debuginfo-5.0.4.2-19.3 libreoffice-writer-extensions-5.0.4.2-19.3 - SUSE Linux Enterprise Workstation Extension 12 (noarch): libreoffice-icon-theme-galaxy-5.0.4.2-19.3 libreoffice-icon-theme-tango-5.0.4.2-19.3 libreoffice-l10n-af-5.0.4.2-19.3 libreoffice-l10n-ar-5.0.4.2-19.3 libreoffice-l10n-ca-5.0.4.2-19.3 libreoffice-l10n-cs-5.0.4.2-19.3 libreoffice-l10n-da-5.0.4.2-19.3 libreoffice-l10n-de-5.0.4.2-19.3 libreoffice-l10n-en-5.0.4.2-19.3 libreoffice-l10n-es-5.0.4.2-19.3 libreoffice-l10n-fi-5.0.4.2-19.3 libreoffice-l10n-fr-5.0.4.2-19.3 libreoffice-l10n-gu-5.0.4.2-19.3 libreoffice-l10n-hi-5.0.4.2-19.3 libreoffice-l10n-hu-5.0.4.2-19.3 libreoffice-l10n-it-5.0.4.2-19.3 libreoffice-l10n-ja-5.0.4.2-19.3 libreoffice-l10n-ko-5.0.4.2-19.3 libreoffice-l10n-nb-5.0.4.2-19.3 libreoffice-l10n-nl-5.0.4.2-19.3 libreoffice-l10n-nn-5.0.4.2-19.3 libreoffice-l10n-pl-5.0.4.2-19.3 libreoffice-l10n-pt-BR-5.0.4.2-19.3 libreoffice-l10n-pt-PT-5.0.4.2-19.3 libreoffice-l10n-ru-5.0.4.2-19.3 libreoffice-l10n-sk-5.0.4.2-19.3 libreoffice-l10n-sv-5.0.4.2-19.3 libreoffice-l10n-xh-5.0.4.2-19.3 libreoffice-l10n-zh-Hans-5.0.4.2-19.3 libreoffice-l10n-zh-Hant-5.0.4.2-19.3 libreoffice-l10n-zu-5.0.4.2-19.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libreoffice-5.0.4.2-19.3 libreoffice-base-5.0.4.2-19.3 libreoffice-base-debuginfo-5.0.4.2-19.3 libreoffice-base-drivers-mysql-5.0.4.2-19.3 libreoffice-base-drivers-mysql-debuginfo-5.0.4.2-19.3 libreoffice-base-drivers-postgresql-5.0.4.2-19.3 libreoffice-base-drivers-postgresql-debuginfo-5.0.4.2-19.3 libreoffice-calc-5.0.4.2-19.3 libreoffice-calc-debuginfo-5.0.4.2-19.3 libreoffice-calc-extensions-5.0.4.2-19.3 libreoffice-debuginfo-5.0.4.2-19.3 libreoffice-debugsource-5.0.4.2-19.3 libreoffice-draw-5.0.4.2-19.3 libreoffice-draw-debuginfo-5.0.4.2-19.3 libreoffice-filters-optional-5.0.4.2-19.3 libreoffice-gnome-5.0.4.2-19.3 libreoffice-gnome-debuginfo-5.0.4.2-19.3 libreoffice-impress-5.0.4.2-19.3 libreoffice-impress-debuginfo-5.0.4.2-19.3 libreoffice-mailmerge-5.0.4.2-19.3 libreoffice-math-5.0.4.2-19.3 libreoffice-math-debuginfo-5.0.4.2-19.3 libreoffice-officebean-5.0.4.2-19.3 libreoffice-officebean-debuginfo-5.0.4.2-19.3 libreoffice-pyuno-5.0.4.2-19.3 libreoffice-pyuno-debuginfo-5.0.4.2-19.3 libreoffice-writer-5.0.4.2-19.3 libreoffice-writer-debuginfo-5.0.4.2-19.3 libreoffice-writer-extensions-5.0.4.2-19.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): libreoffice-icon-theme-galaxy-5.0.4.2-19.3 libreoffice-icon-theme-tango-5.0.4.2-19.3 libreoffice-l10n-af-5.0.4.2-19.3 libreoffice-l10n-ar-5.0.4.2-19.3 libreoffice-l10n-ca-5.0.4.2-19.3 libreoffice-l10n-cs-5.0.4.2-19.3 libreoffice-l10n-da-5.0.4.2-19.3 libreoffice-l10n-de-5.0.4.2-19.3 libreoffice-l10n-en-5.0.4.2-19.3 libreoffice-l10n-es-5.0.4.2-19.3 libreoffice-l10n-fi-5.0.4.2-19.3 libreoffice-l10n-fr-5.0.4.2-19.3 libreoffice-l10n-gu-5.0.4.2-19.3 libreoffice-l10n-hi-5.0.4.2-19.3 libreoffice-l10n-hu-5.0.4.2-19.3 libreoffice-l10n-it-5.0.4.2-19.3 libreoffice-l10n-ja-5.0.4.2-19.3 libreoffice-l10n-ko-5.0.4.2-19.3 libreoffice-l10n-nb-5.0.4.2-19.3 libreoffice-l10n-nl-5.0.4.2-19.3 libreoffice-l10n-nn-5.0.4.2-19.3 libreoffice-l10n-pl-5.0.4.2-19.3 libreoffice-l10n-pt-BR-5.0.4.2-19.3 libreoffice-l10n-pt-PT-5.0.4.2-19.3 libreoffice-l10n-ru-5.0.4.2-19.3 libreoffice-l10n-sk-5.0.4.2-19.3 libreoffice-l10n-sv-5.0.4.2-19.3 libreoffice-l10n-xh-5.0.4.2-19.3 libreoffice-l10n-zh-Hans-5.0.4.2-19.3 libreoffice-l10n-zh-Hant-5.0.4.2-19.3 libreoffice-l10n-zu-5.0.4.2-19.3 - SUSE Linux Enterprise Desktop 12 (x86_64): libreoffice-5.0.4.2-19.3 libreoffice-base-5.0.4.2-19.3 libreoffice-base-debuginfo-5.0.4.2-19.3 libreoffice-base-drivers-mysql-5.0.4.2-19.3 libreoffice-base-drivers-mysql-debuginfo-5.0.4.2-19.3 libreoffice-base-drivers-postgresql-5.0.4.2-19.3 libreoffice-base-drivers-postgresql-debuginfo-5.0.4.2-19.3 libreoffice-calc-5.0.4.2-19.3 libreoffice-calc-debuginfo-5.0.4.2-19.3 libreoffice-calc-extensions-5.0.4.2-19.3 libreoffice-debuginfo-5.0.4.2-19.3 libreoffice-debugsource-5.0.4.2-19.3 libreoffice-draw-5.0.4.2-19.3 libreoffice-draw-debuginfo-5.0.4.2-19.3 libreoffice-filters-optional-5.0.4.2-19.3 libreoffice-gnome-5.0.4.2-19.3 libreoffice-gnome-debuginfo-5.0.4.2-19.3 libreoffice-impress-5.0.4.2-19.3 libreoffice-impress-debuginfo-5.0.4.2-19.3 libreoffice-mailmerge-5.0.4.2-19.3 libreoffice-math-5.0.4.2-19.3 libreoffice-math-debuginfo-5.0.4.2-19.3 libreoffice-officebean-5.0.4.2-19.3 libreoffice-officebean-debuginfo-5.0.4.2-19.3 libreoffice-pyuno-5.0.4.2-19.3 libreoffice-pyuno-debuginfo-5.0.4.2-19.3 libreoffice-writer-5.0.4.2-19.3 libreoffice-writer-debuginfo-5.0.4.2-19.3 libreoffice-writer-extensions-5.0.4.2-19.3 - SUSE Linux Enterprise Desktop 12 (noarch): libreoffice-icon-theme-galaxy-5.0.4.2-19.3 libreoffice-icon-theme-tango-5.0.4.2-19.3 libreoffice-l10n-af-5.0.4.2-19.3 libreoffice-l10n-ar-5.0.4.2-19.3 libreoffice-l10n-ca-5.0.4.2-19.3 libreoffice-l10n-cs-5.0.4.2-19.3 libreoffice-l10n-da-5.0.4.2-19.3 libreoffice-l10n-de-5.0.4.2-19.3 libreoffice-l10n-en-5.0.4.2-19.3 libreoffice-l10n-es-5.0.4.2-19.3 libreoffice-l10n-fi-5.0.4.2-19.3 libreoffice-l10n-fr-5.0.4.2-19.3 libreoffice-l10n-gu-5.0.4.2-19.3 libreoffice-l10n-hi-5.0.4.2-19.3 libreoffice-l10n-hu-5.0.4.2-19.3 libreoffice-l10n-it-5.0.4.2-19.3 libreoffice-l10n-ja-5.0.4.2-19.3 libreoffice-l10n-ko-5.0.4.2-19.3 libreoffice-l10n-nb-5.0.4.2-19.3 libreoffice-l10n-nl-5.0.4.2-19.3 libreoffice-l10n-nn-5.0.4.2-19.3 libreoffice-l10n-pl-5.0.4.2-19.3 libreoffice-l10n-pt-BR-5.0.4.2-19.3 libreoffice-l10n-pt-PT-5.0.4.2-19.3 libreoffice-l10n-ru-5.0.4.2-19.3 libreoffice-l10n-sk-5.0.4.2-19.3 libreoffice-l10n-sv-5.0.4.2-19.3 libreoffice-l10n-xh-5.0.4.2-19.3 libreoffice-l10n-zh-Hans-5.0.4.2-19.3 libreoffice-l10n-zh-Hant-5.0.4.2-19.3 libreoffice-l10n-zu-5.0.4.2-19.3 References: https://bugzilla.suse.com/679938 https://bugzilla.suse.com/889755 https://bugzilla.suse.com/939996 https://bugzilla.suse.com/945047 https://bugzilla.suse.com/951579 https://bugzilla.suse.com/954345 https://bugzilla.suse.com/959716 From sle-updates at lists.suse.com Thu Feb 4 11:11:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:11:53 +0100 (CET) Subject: SUSE-SU-2016:0334-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss Message-ID: <20160204181153.515CA3213D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0334-1 Rating: important References: #954447 #963520 #963632 #963635 #963731 Cross-References: CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mozilla-12383=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-mozilla-12383=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-mozilla-12383=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mozilla-12383=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-mozilla-12383=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-mozilla-12383=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-mozilla-12383=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mozilla-12383=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mozilla-12383=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.6.0esr-31.3 mozilla-nss-devel-3.20.2-25.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.6.0esr-31.3 mozilla-nss-devel-3.20.2-25.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): MozillaFirefox-38.6.0esr-31.3 MozillaFirefox-translations-38.6.0esr-31.3 libfreebl3-3.20.2-25.2 libsoftokn3-3.20.2-25.2 mozilla-nss-3.20.2-25.2 mozilla-nss-tools-3.20.2-25.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libfreebl3-32bit-3.20.2-25.2 libsoftokn3-32bit-3.20.2-25.2 mozilla-nss-32bit-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.6.0esr-31.3 MozillaFirefox-branding-SLED-38-18.24 MozillaFirefox-translations-38.6.0esr-31.3 libfreebl3-3.20.2-25.2 libsoftokn3-3.20.2-25.2 mozilla-nss-3.20.2-25.2 mozilla-nss-tools-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP4 (s390x x86_64): libfreebl3-32bit-3.20.2-25.2 libsoftokn3-32bit-3.20.2-25.2 mozilla-nss-32bit-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.20.2-25.2 libsoftokn3-x86-3.20.2-25.2 mozilla-nss-x86-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.6.0esr-31.3 MozillaFirefox-branding-SLED-38-18.24 MozillaFirefox-translations-38.6.0esr-31.3 libfreebl3-3.20.2-25.2 libsoftokn3-3.20.2-25.2 mozilla-nss-3.20.2-25.2 mozilla-nss-tools-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP3 (s390x x86_64): libfreebl3-32bit-3.20.2-25.2 libsoftokn3-32bit-3.20.2-25.2 mozilla-nss-32bit-3.20.2-25.2 - SUSE Linux Enterprise Server 11-SP3 (ia64): libfreebl3-x86-3.20.2-25.2 libsoftokn3-x86-3.20.2-25.2 mozilla-nss-x86-3.20.2-25.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-38.6.0esr-31.3 MozillaFirefox-branding-SLED-38-18.24 MozillaFirefox-translations-38.6.0esr-31.3 libfreebl3-3.20.2-25.2 libsoftokn3-3.20.2-25.2 mozilla-nss-3.20.2-25.2 mozilla-nss-tools-3.20.2-25.2 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libfreebl3-32bit-3.20.2-25.2 libsoftokn3-32bit-3.20.2-25.2 mozilla-nss-32bit-3.20.2-25.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): MozillaFirefox-38.6.0esr-31.3 MozillaFirefox-branding-SLED-38-18.24 MozillaFirefox-translations-38.6.0esr-31.3 libfreebl3-3.20.2-25.2 libsoftokn3-3.20.2-25.2 mozilla-nss-3.20.2-25.2 mozilla-nss-tools-3.20.2-25.2 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libfreebl3-32bit-3.20.2-25.2 libsoftokn3-32bit-3.20.2-25.2 mozilla-nss-32bit-3.20.2-25.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.6.0esr-31.3 MozillaFirefox-debugsource-38.6.0esr-31.3 mozilla-nss-debuginfo-3.20.2-25.2 mozilla-nss-debugsource-3.20.2-25.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.6.0esr-31.3 MozillaFirefox-debugsource-38.6.0esr-31.3 mozilla-nss-debuginfo-3.20.2-25.2 mozilla-nss-debugsource-3.20.2-25.2 References: https://www.suse.com/security/cve/CVE-2016-1930.html https://www.suse.com/security/cve/CVE-2016-1935.html https://www.suse.com/security/cve/CVE-2016-1938.html https://bugzilla.suse.com/954447 https://bugzilla.suse.com/963520 https://bugzilla.suse.com/963632 https://bugzilla.suse.com/963635 https://bugzilla.suse.com/963731 From sle-updates at lists.suse.com Thu Feb 4 11:13:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:13:09 +0100 (CET) Subject: SUSE-SU-2016:0335-1: important: Security update for kernel live patch SP1 0 Message-ID: <20160204181309.E8F053213D@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch SP1 0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0335-1 Rating: important References: #951542 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This kernel live patch for Linux Kernel 3.12.49-11.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-203=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_49-11-default-2-5.1 kgraft-patch-3_12_49-11-xen-2-5.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/951542 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-updates at lists.suse.com Thu Feb 4 11:14:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:14:05 +0100 (CET) Subject: SUSE-SU-2016:0336-1: important: Security update for kernel live patch 9 Message-ID: <20160204181405.6B5313213D@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 9 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0336-1 Rating: important References: #958601 Cross-References: CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This kernel live patch for Linux Kernel 3.12.51-52.31.1 fixes a security issue: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-204=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-52_31-default-2-2.1 kgraft-patch-3_12_51-52_31-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/958601 From sle-updates at lists.suse.com Thu Feb 4 11:14:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:14:26 +0100 (CET) Subject: SUSE-SU-2016:0337-1: important: Security update for kernel live patch 8 Message-ID: <20160204181426.E5B9C3213D@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0337-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.48-52.27.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-206=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_48-52_27-default-2-2.1 kgraft-patch-3_12_48-52_27-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-updates at lists.suse.com Thu Feb 4 11:16:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:16:03 +0100 (CET) Subject: SUSE-SU-2016:0338-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss Message-ID: <20160204181603.17DC03213D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0338-1 Rating: important References: #954447 #963520 #963632 #963635 #963731 #964332 Cross-References: CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520) Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default - bsc#964332: Fixed leaking file descriptors inside FIPS selfcheck code Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-199=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-199=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-199=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-199=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-199=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-199=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-devel-38.6.0esr-57.3 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-devel-3.20.2-37.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-devel-38.6.0esr-57.3 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-devel-3.20.2-37.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-38.6.0esr-57.3 MozillaFirefox-branding-SLE-31.0-20.1 MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-translations-38.6.0esr-57.3 libfreebl3-3.20.2-37.1 libfreebl3-debuginfo-3.20.2-37.1 libfreebl3-hmac-3.20.2-37.1 libsoftokn3-3.20.2-37.1 libsoftokn3-debuginfo-3.20.2-37.1 libsoftokn3-hmac-3.20.2-37.1 mozilla-nss-3.20.2-37.1 mozilla-nss-certs-3.20.2-37.1 mozilla-nss-certs-debuginfo-3.20.2-37.1 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-sysinit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-3.20.2-37.1 mozilla-nss-tools-3.20.2-37.1 mozilla-nss-tools-debuginfo-3.20.2-37.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libfreebl3-32bit-3.20.2-37.1 libfreebl3-debuginfo-32bit-3.20.2-37.1 libfreebl3-hmac-32bit-3.20.2-37.1 libsoftokn3-32bit-3.20.2-37.1 libsoftokn3-debuginfo-32bit-3.20.2-37.1 libsoftokn3-hmac-32bit-3.20.2-37.1 mozilla-nss-32bit-3.20.2-37.1 mozilla-nss-certs-32bit-3.20.2-37.1 mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debuginfo-32bit-3.20.2-37.1 mozilla-nss-sysinit-32bit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-38.6.0esr-57.3 MozillaFirefox-branding-SLE-31.0-20.1 MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-translations-38.6.0esr-57.3 libfreebl3-3.20.2-37.1 libfreebl3-debuginfo-3.20.2-37.1 libfreebl3-hmac-3.20.2-37.1 libsoftokn3-3.20.2-37.1 libsoftokn3-debuginfo-3.20.2-37.1 libsoftokn3-hmac-3.20.2-37.1 mozilla-nss-3.20.2-37.1 mozilla-nss-certs-3.20.2-37.1 mozilla-nss-certs-debuginfo-3.20.2-37.1 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-sysinit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-3.20.2-37.1 mozilla-nss-tools-3.20.2-37.1 mozilla-nss-tools-debuginfo-3.20.2-37.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libfreebl3-32bit-3.20.2-37.1 libfreebl3-debuginfo-32bit-3.20.2-37.1 libfreebl3-hmac-32bit-3.20.2-37.1 libsoftokn3-32bit-3.20.2-37.1 libsoftokn3-debuginfo-32bit-3.20.2-37.1 libsoftokn3-hmac-32bit-3.20.2-37.1 mozilla-nss-32bit-3.20.2-37.1 mozilla-nss-certs-32bit-3.20.2-37.1 mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debuginfo-32bit-3.20.2-37.1 mozilla-nss-sysinit-32bit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-38.6.0esr-57.3 MozillaFirefox-branding-SLE-31.0-20.1 MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-translations-38.6.0esr-57.3 libfreebl3-3.20.2-37.1 libfreebl3-32bit-3.20.2-37.1 libfreebl3-debuginfo-3.20.2-37.1 libfreebl3-debuginfo-32bit-3.20.2-37.1 libsoftokn3-3.20.2-37.1 libsoftokn3-32bit-3.20.2-37.1 libsoftokn3-debuginfo-3.20.2-37.1 libsoftokn3-debuginfo-32bit-3.20.2-37.1 mozilla-nss-3.20.2-37.1 mozilla-nss-32bit-3.20.2-37.1 mozilla-nss-certs-3.20.2-37.1 mozilla-nss-certs-32bit-3.20.2-37.1 mozilla-nss-certs-debuginfo-3.20.2-37.1 mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-sysinit-3.20.2-37.1 mozilla-nss-sysinit-32bit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1 mozilla-nss-tools-3.20.2-37.1 mozilla-nss-tools-debuginfo-3.20.2-37.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-38.6.0esr-57.3 MozillaFirefox-branding-SLE-31.0-20.1 MozillaFirefox-debuginfo-38.6.0esr-57.3 MozillaFirefox-debugsource-38.6.0esr-57.3 MozillaFirefox-translations-38.6.0esr-57.3 libfreebl3-3.20.2-37.1 libfreebl3-32bit-3.20.2-37.1 libfreebl3-debuginfo-3.20.2-37.1 libfreebl3-debuginfo-32bit-3.20.2-37.1 libsoftokn3-3.20.2-37.1 libsoftokn3-32bit-3.20.2-37.1 libsoftokn3-debuginfo-3.20.2-37.1 libsoftokn3-debuginfo-32bit-3.20.2-37.1 mozilla-nss-3.20.2-37.1 mozilla-nss-32bit-3.20.2-37.1 mozilla-nss-certs-3.20.2-37.1 mozilla-nss-certs-32bit-3.20.2-37.1 mozilla-nss-certs-debuginfo-3.20.2-37.1 mozilla-nss-certs-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debuginfo-3.20.2-37.1 mozilla-nss-debuginfo-32bit-3.20.2-37.1 mozilla-nss-debugsource-3.20.2-37.1 mozilla-nss-sysinit-3.20.2-37.1 mozilla-nss-sysinit-32bit-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-3.20.2-37.1 mozilla-nss-sysinit-debuginfo-32bit-3.20.2-37.1 mozilla-nss-tools-3.20.2-37.1 mozilla-nss-tools-debuginfo-3.20.2-37.1 References: https://www.suse.com/security/cve/CVE-2016-1930.html https://www.suse.com/security/cve/CVE-2016-1935.html https://www.suse.com/security/cve/CVE-2016-1938.html https://bugzilla.suse.com/954447 https://bugzilla.suse.com/963520 https://bugzilla.suse.com/963632 https://bugzilla.suse.com/963635 https://bugzilla.suse.com/963731 https://bugzilla.suse.com/964332 From sle-updates at lists.suse.com Thu Feb 4 11:17:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:17:18 +0100 (CET) Subject: SUSE-SU-2016:0339-1: important: Security update for kernel live patch SP1 1 Message-ID: <20160204181718.CF4C13213D@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch SP1 1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0339-1 Rating: important References: #958601 Cross-References: CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This kernel live patch for Linux Kernel 3.12.51-60.20.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-205=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_20-default-2-2.1 kgraft-patch-3_12_51-60_20-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/958601 From sle-updates at lists.suse.com Thu Feb 4 11:17:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:17:42 +0100 (CET) Subject: SUSE-SU-2016:0340-1: moderate: Security update for curl Message-ID: <20160204181742.DAB833213D@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0340-1 Rating: moderate References: #934333 #936676 #962983 #962996 Cross-References: CVE-2016-0755 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#936676: secure_getenv or __secure_getenv may not be detected correctly at build time The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures - bsc#934333: Curl test suite was not run, is now enabled during build Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-201=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-201=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-201=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-201=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-201=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-201=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl-devel-7.37.0-18.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl-devel-7.37.0-18.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): curl-7.37.0-18.1 curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl4-7.37.0-18.1 libcurl4-debuginfo-7.37.0-18.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcurl4-32bit-7.37.0-18.1 libcurl4-debuginfo-32bit-7.37.0-18.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): curl-7.37.0-18.1 curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl4-7.37.0-18.1 libcurl4-debuginfo-7.37.0-18.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libcurl4-32bit-7.37.0-18.1 libcurl4-debuginfo-32bit-7.37.0-18.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): curl-7.37.0-18.1 curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl4-32bit-7.37.0-18.1 libcurl4-7.37.0-18.1 libcurl4-debuginfo-32bit-7.37.0-18.1 libcurl4-debuginfo-7.37.0-18.1 - SUSE Linux Enterprise Desktop 12 (x86_64): curl-7.37.0-18.1 curl-debuginfo-7.37.0-18.1 curl-debugsource-7.37.0-18.1 libcurl4-32bit-7.37.0-18.1 libcurl4-7.37.0-18.1 libcurl4-debuginfo-32bit-7.37.0-18.1 libcurl4-debuginfo-7.37.0-18.1 References: https://www.suse.com/security/cve/CVE-2016-0755.html https://bugzilla.suse.com/934333 https://bugzilla.suse.com/936676 https://bugzilla.suse.com/962983 https://bugzilla.suse.com/962996 From sle-updates at lists.suse.com Thu Feb 4 11:18:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 19:18:39 +0100 (CET) Subject: SUSE-SU-2016:0341-1: important: Security update for Kernel live patch 10 Message-ID: <20160204181839.7B58E3213D@maintenance.suse.de> SUSE Security Update: Security update for Kernel live patch 10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0341-1 Rating: important References: #962078 Cross-References: CVE-2016-0728 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This kernel live patch for Linux Kernel 3.12.51-52.34.1 fixes one security issue: - A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075, CVE-2016-0728). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-202=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-52_34-default-2-2.1 kgraft-patch-3_12_51-52_34-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-0728.html https://bugzilla.suse.com/962078 From sle-updates at lists.suse.com Thu Feb 4 13:11:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Feb 2016 21:11:10 +0100 (CET) Subject: SUSE-OU-2016:0342-1: Optional update for libXaw7, libXaw3d8 Message-ID: <20160204201110.A30043213D@maintenance.suse.de> SUSE Optional Update: Optional update for libXaw7, libXaw3d8 ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:0342-1 Rating: low References: #963687 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides 32bit builds of libXaw7 and libXaw3d8 for SUSE Linux Enterprise Server 12 and 12-SP1. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-207=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-207=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-207=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-207=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-207=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-207=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-207=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-207=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libXaw3d8-32bit-1.6.2-4.1 libXaw3d8-debuginfo-32bit-1.6.2-4.1 libXaw7-32bit-1.0.12-4.1 libXaw7-debuginfo-32bit-1.0.12-4.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libXaw3d8-32bit-1.6.2-4.1 libXaw3d8-debuginfo-32bit-1.6.2-4.1 libXaw7-32bit-1.0.12-4.1 libXaw7-debuginfo-32bit-1.0.12-4.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libXaw-debugsource-1.0.12-4.1 libXaw-devel-1.0.12-4.1 libXaw3d-debugsource-1.6.2-4.1 libXaw3d-devel-1.6.2-4.1 libXaw3d6-1.6.2-4.1 libXaw3d6-debuginfo-1.6.2-4.1 libXaw3d7-1.6.2-4.1 libXaw3d7-debuginfo-1.6.2-4.1 libXaw6-1.0.12-4.1 libXaw6-debuginfo-1.0.12-4.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libXaw-debugsource-1.0.12-4.1 libXaw-devel-1.0.12-4.1 libXaw3d-debugsource-1.6.2-4.1 libXaw3d-devel-1.6.2-4.1 libXaw3d6-1.6.2-4.1 libXaw3d6-debuginfo-1.6.2-4.1 libXaw3d7-1.6.2-4.1 libXaw3d7-debuginfo-1.6.2-4.1 libXaw6-1.0.12-4.1 libXaw6-debuginfo-1.0.12-4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libXaw-debugsource-1.0.12-4.1 libXaw3d-debugsource-1.6.2-4.1 libXaw3d6-1.6.2-4.1 libXaw3d6-debuginfo-1.6.2-4.1 libXaw3d7-1.6.2-4.1 libXaw3d7-debuginfo-1.6.2-4.1 libXaw3d8-1.6.2-4.1 libXaw3d8-debuginfo-1.6.2-4.1 libXaw7-1.0.12-4.1 libXaw7-debuginfo-1.0.12-4.1 libXaw8-1.0.12-4.1 xaw3dd-1.6.2-4.1 xaw3dd-debuginfo-1.6.2-4.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libXaw3d8-32bit-1.6.2-4.1 libXaw3d8-debuginfo-32bit-1.6.2-4.1 libXaw7-32bit-1.0.12-4.1 libXaw7-debuginfo-32bit-1.0.12-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libXaw-debugsource-1.0.12-4.1 libXaw3d-debugsource-1.6.2-4.1 libXaw3d6-1.6.2-4.1 libXaw3d6-debuginfo-1.6.2-4.1 libXaw3d7-1.6.2-4.1 libXaw3d7-debuginfo-1.6.2-4.1 libXaw3d8-1.6.2-4.1 libXaw3d8-debuginfo-1.6.2-4.1 libXaw7-1.0.12-4.1 libXaw7-debuginfo-1.0.12-4.1 libXaw8-1.0.12-4.1 xaw3dd-1.6.2-4.1 xaw3dd-debuginfo-1.6.2-4.1 - SUSE Linux Enterprise Server 12 (x86_64): libXaw3d8-32bit-1.6.2-4.1 libXaw3d8-debuginfo-32bit-1.6.2-4.1 libXaw7-32bit-1.0.12-4.1 libXaw7-debuginfo-32bit-1.0.12-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libXaw-debugsource-1.0.12-4.1 libXaw3d-debugsource-1.6.2-4.1 libXaw3d8-1.6.2-4.1 libXaw3d8-32bit-1.6.2-4.1 libXaw3d8-debuginfo-1.6.2-4.1 libXaw3d8-debuginfo-32bit-1.6.2-4.1 libXaw7-1.0.12-4.1 libXaw7-32bit-1.0.12-4.1 libXaw7-debuginfo-1.0.12-4.1 libXaw7-debuginfo-32bit-1.0.12-4.1 libXaw8-1.0.12-4.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libXaw-debugsource-1.0.12-4.1 libXaw3d-debugsource-1.6.2-4.1 libXaw3d8-1.6.2-4.1 libXaw3d8-32bit-1.6.2-4.1 libXaw3d8-debuginfo-1.6.2-4.1 libXaw3d8-debuginfo-32bit-1.6.2-4.1 libXaw7-1.0.12-4.1 libXaw7-32bit-1.0.12-4.1 libXaw7-debuginfo-1.0.12-4.1 libXaw7-debuginfo-32bit-1.0.12-4.1 libXaw8-1.0.12-4.1 References: https://bugzilla.suse.com/963687 From sle-updates at lists.suse.com Fri Feb 5 05:11:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Feb 2016 13:11:54 +0100 (CET) Subject: SUSE-SU-2016:0343-1: moderate: Security update for socat Message-ID: <20160205121154.13C8B3213D@maintenance.suse.de> SUSE Security Update: Security update for socat ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0343-1 Rating: moderate References: #821985 #860991 #964844 Cross-References: CVE-2013-3571 CVE-2014-0019 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for socat fixes the following issues: - CVE-2013-3571: Fix a file descriptor leak that could have been misused for a denial of service attack against socat running in server mode (bsc#821985) - CVE-2014-0019: PROXY-CONNECT address was vulnerable to a stack buffer overflow (bsc#860991) - Fix a stack overflow in the parser that could have been leveraged to execute arbitrary code (bsc#964844) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-socat-12384=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-socat-12384=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-socat-12384=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): socat-1.7.0.0-1.18.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): socat-1.7.0.0-1.18.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): socat-debuginfo-1.7.0.0-1.18.2 socat-debugsource-1.7.0.0-1.18.2 References: https://www.suse.com/security/cve/CVE-2013-3571.html https://www.suse.com/security/cve/CVE-2014-0019.html https://bugzilla.suse.com/821985 https://bugzilla.suse.com/860991 https://bugzilla.suse.com/964844 From sle-updates at lists.suse.com Fri Feb 5 05:12:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Feb 2016 13:12:45 +0100 (CET) Subject: SUSE-SU-2016:0344-1: moderate: Security update for socat Message-ID: <20160205121245.C7EC33213D@maintenance.suse.de> SUSE Security Update: Security update for socat ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0344-1 Rating: moderate References: #938913 #964844 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for socat fixed the following issues: - bsc#964844: Fixed security advisory 8, Stack overflow in parser, http://www.openwall.com/lists/oss-security/2016/02/01/5. - bsc#938913: Improved resilience against Logjam attacks (CVE-2015-4000) by increasing the size of the default DH group from 512 to 2048 bit. This change avoids the non-prime 1024 bit DH p parameter in OpenSSL http://www.dest-unreach.org/socat/contrib/socat-secadv7.html. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-209=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-209=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-209=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-209=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): socat-1.7.2.4-3.1 socat-debuginfo-1.7.2.4-3.1 socat-debugsource-1.7.2.4-3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): socat-1.7.2.4-3.1 socat-debuginfo-1.7.2.4-3.1 socat-debugsource-1.7.2.4-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): socat-1.7.2.4-3.1 socat-debuginfo-1.7.2.4-3.1 socat-debugsource-1.7.2.4-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): socat-1.7.2.4-3.1 socat-debuginfo-1.7.2.4-3.1 socat-debugsource-1.7.2.4-3.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/938913 https://bugzilla.suse.com/964844 From sle-updates at lists.suse.com Fri Feb 5 08:11:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Feb 2016 16:11:58 +0100 (CET) Subject: SUSE-RU-2016:0346-1: Recommended update for release-notes-sles Message-ID: <20160205151158.A85EE320E8@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0346-1 Rating: low References: #943582 #959134 #961150 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12-SP1 have been updated to document: - Wayland libraries are not supported. (fate#320285) - In zKVM, avoid reboot after installation. (fate#320021, bsc#943582) - More information about SP update on minimal installations. (fate#315161, bsc#959134) - OpenJDK 8 availability: clarification, language cleanup. (fate#318956) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-210=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): release-notes-sles-12.1.20160122-9.3 References: https://bugzilla.suse.com/943582 https://bugzilla.suse.com/959134 https://bugzilla.suse.com/961150 From sle-updates at lists.suse.com Fri Feb 5 10:11:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Feb 2016 18:11:55 +0100 (CET) Subject: SUSE-SU-2016:0347-1: moderate: Security update for curl Message-ID: <20160205171155.F063E3213D@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0347-1 Rating: moderate References: #926511 #962983 #962996 Cross-References: CVE-2016-0755 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#926511: Check for errors on the control connection during FTP transfers The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-curl-12385=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-curl-12385=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-curl-12385=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-curl-12385=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-curl-12385=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-curl-12385=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-curl-12385=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-curl-12385=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-curl-12385=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.46.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.46.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): curl-7.19.7-1.46.1 libcurl4-7.19.7-1.46.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libcurl4-32bit-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.46.1 libcurl4-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libcurl4-x86-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.46.1 libcurl4-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.46.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libcurl4-x86-7.19.7-1.46.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): curl-7.19.7-1.46.1 libcurl4-7.19.7-1.46.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libcurl4-32bit-7.19.7-1.46.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): curl-7.19.7-1.46.1 libcurl4-7.19.7-1.46.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libcurl4-32bit-7.19.7-1.46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-debuginfo-7.19.7-1.46.1 curl-debugsource-7.19.7-1.46.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): curl-debuginfo-7.19.7-1.46.1 curl-debugsource-7.19.7-1.46.1 References: https://www.suse.com/security/cve/CVE-2016-0755.html https://bugzilla.suse.com/926511 https://bugzilla.suse.com/962983 https://bugzilla.suse.com/962996 From sle-updates at lists.suse.com Fri Feb 5 10:13:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Feb 2016 18:13:08 +0100 (CET) Subject: SUSE-SU-2016:0348-1: moderate: Security update for mysql Message-ID: <20160205171308.51E04320E8@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0348-1 Rating: moderate References: #959724 #960961 #962779 Cross-References: CVE-2015-7744 CVE-2016-0502 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update to MySQL 5.5.47 fixes the following issues (bsc#962779): - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. - CVE-2016-0502: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0505: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Options. - CVE-2016-0546: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. - CVE-2016-0596: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0597: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - CVE-2016-0598: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML. - CVE-2016-0600: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - CVE-2016-0606: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect integrity via unknown vectors related to encryption. - CVE-2016-0608: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via vectors related to UDF. - CVE-2016-0609: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to privileges. - CVE-2016-0616: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. - bsc#959724: Possible buffer overflow from incorrect use of strcpy() and sprintf() The following bugs were fixed: - bsc#960961: Incorrect use of plugin-load option in default_plugins.cnf Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-12386=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-mysql-12386=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-mysql-12386=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-12386=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-mysql-12386=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-mysql-12386=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-mysql-12386=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-12386=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mysql-12386=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.47-0.17.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (ia64): libmysql55client_r18-x86-5.5.47-0.17.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libmysql55client18-5.5.47-0.17.1 libmysql55client_r18-5.5.47-0.17.1 mysql-5.5.47-0.17.1 mysql-client-5.5.47-0.17.1 mysql-tools-5.5.47-0.17.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libmysql55client18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.47-0.17.1 libmysql55client_r18-5.5.47-0.17.1 mysql-5.5.47-0.17.1 mysql-client-5.5.47-0.17.1 mysql-tools-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.47-0.17.1 libmysql55client_r18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.47-0.17.1 libmysql55client_r18-x86-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.47-0.17.1 libmysql55client_r18-5.5.47-0.17.1 mysql-5.5.47-0.17.1 mysql-client-5.5.47-0.17.1 mysql-tools-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Server 11-SP3 (ia64): libmysql55client18-x86-5.5.47-0.17.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libmysql55client18-5.5.47-0.17.1 libmysql55client_r18-5.5.47-0.17.1 mysql-5.5.47-0.17.1 mysql-client-5.5.47-0.17.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libmysql55client18-32bit-5.5.47-0.17.1 libmysql55client_r18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libmysql55client18-5.5.47-0.17.1 libmysql55client_r18-5.5.47-0.17.1 mysql-5.5.47-0.17.1 mysql-client-5.5.47-0.17.1 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libmysql55client18-32bit-5.5.47-0.17.1 libmysql55client_r18-32bit-5.5.47-0.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.47-0.17.1 mysql-debugsource-5.5.47-0.17.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.47-0.17.1 mysql-debugsource-5.5.47-0.17.1 References: https://www.suse.com/security/cve/CVE-2015-7744.html https://www.suse.com/security/cve/CVE-2016-0502.html https://www.suse.com/security/cve/CVE-2016-0505.html https://www.suse.com/security/cve/CVE-2016-0546.html https://www.suse.com/security/cve/CVE-2016-0596.html https://www.suse.com/security/cve/CVE-2016-0597.html https://www.suse.com/security/cve/CVE-2016-0598.html https://www.suse.com/security/cve/CVE-2016-0600.html https://www.suse.com/security/cve/CVE-2016-0606.html https://www.suse.com/security/cve/CVE-2016-0608.html https://www.suse.com/security/cve/CVE-2016-0609.html https://www.suse.com/security/cve/CVE-2016-0616.html https://bugzilla.suse.com/959724 https://bugzilla.suse.com/960961 https://bugzilla.suse.com/962779 From sle-updates at lists.suse.com Fri Feb 5 11:11:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Feb 2016 19:11:32 +0100 (CET) Subject: SUSE-RU-2016:0349-1: Recommended update for crowbar-barclamp-nova Message-ID: <20160205181132.964DA3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-nova ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0349-1 Rating: low References: #935462 #937800 #938200 #941531 #941962 #943166 #944489 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for crowbar-barclamp-nova provides various fixes and improvements: - Add iptables rules to deny unwanted VNC access (bsc#938200) - Raise Nova defaults to avoid hangs on mass-deployment. (bsc#944489) - Block device allocation configuration. (bsc#937800) - Fix usage of wrong attribute to find architecture of node. - Add option to enforce use of config drive. (bsc#943166, bsc#941531) - Correctly configure haproxy for metadata when SSL is on. (bsc#941962) - Increase timeout for synchronization of HA resources. (bsc#935462) - Add versioned requires on crowbar-barclamp-cinder, needed by dependency on the rbd secret_uuid attribute. - Add sqlalchemy pool values for nova. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-nova-12387=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-nova-1.9+git.1448526552.64e2711-17.1 References: https://bugzilla.suse.com/935462 https://bugzilla.suse.com/937800 https://bugzilla.suse.com/938200 https://bugzilla.suse.com/941531 https://bugzilla.suse.com/941962 https://bugzilla.suse.com/943166 https://bugzilla.suse.com/944489 From sle-updates at lists.suse.com Fri Feb 5 11:13:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Feb 2016 19:13:31 +0100 (CET) Subject: SUSE-RU-2016:0350-1: moderate: Recommended update for xorg-x11-server Message-ID: <20160205181331.F3DEF3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0350-1 Rating: moderate References: #771521 #867483 #954321 #961439 #962295 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for xorg-x11-server provides the following fixes: - Add support for %*.*s formats to the async safe *printf functions: XdmcpFatal uses the format specifier %*.*s, which vpnprintf() didn't understand, which caused a backtrace and prevented the reason for the XDMCP failure from being logged. (bsc#954321) - Only initialize pointer when matched: When looping over the registered map ranges, don't use the variable holding the final result as loop variable. It would always be initialized, on an empty list or when we run past the end of the list when no entry was found. (bsc#961439) - Copy open file table correctly, fixing an off-by-one error. (bsc#867483) - Fix panning when configured in xorg.conf*. (bsc#771521) - Disable rotation and other transformation from GPU screens to prevent the Xserver from crashing. (bsc#962295) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-215=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-215=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-215=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.15.2-30.14.1 xorg-x11-server-debugsource-7.6_1.15.2-30.14.1 xorg-x11-server-sdk-7.6_1.15.2-30.14.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xorg-x11-server-7.6_1.15.2-30.14.1 xorg-x11-server-debuginfo-7.6_1.15.2-30.14.1 xorg-x11-server-debugsource-7.6_1.15.2-30.14.1 xorg-x11-server-extra-7.6_1.15.2-30.14.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-30.14.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xorg-x11-server-7.6_1.15.2-30.14.1 xorg-x11-server-debuginfo-7.6_1.15.2-30.14.1 xorg-x11-server-debugsource-7.6_1.15.2-30.14.1 xorg-x11-server-extra-7.6_1.15.2-30.14.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-30.14.1 References: https://bugzilla.suse.com/771521 https://bugzilla.suse.com/867483 https://bugzilla.suse.com/954321 https://bugzilla.suse.com/961439 https://bugzilla.suse.com/962295 From sle-updates at lists.suse.com Fri Feb 5 11:14:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Feb 2016 19:14:54 +0100 (CET) Subject: SUSE-RU-2016:0351-1: moderate: Recommended update for xorg-x11-server Message-ID: <20160205181454.A87093213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0351-1 Rating: moderate References: #771521 #867483 #954321 #961439 #962295 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for xorg-x11-server provides the following fixes: - Add support for %*.*s formats to the async safe *printf functions: XdmcpFatal uses the format specifier %*.*s, which vpnprintf() didn't understand, which caused a backtrace and prevented the reason for the XDMCP failure from being logged. (bsc#954321) - Only initialize pointer when matched: When looping over the registered map ranges, don't use the variable holding the final result as loop variable. It would always be initialized, on an empty list or when we run past the end of the list when no entry was found. (bsc#961439) - Copy open file table correctly, fixing an off-by-one error. (bsc#867483) - Fix panning when configured in xorg.conf*. (bsc#771521) - Disable rotation and other transformation from GPU screens to prevent the Xserver from crashing. (bsc#962295) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-213=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-213=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-213=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.15.2-46.1 xorg-x11-server-debugsource-7.6_1.15.2-46.1 xorg-x11-server-sdk-7.6_1.15.2-46.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): xorg-x11-server-7.6_1.15.2-46.1 xorg-x11-server-debuginfo-7.6_1.15.2-46.1 xorg-x11-server-debugsource-7.6_1.15.2-46.1 xorg-x11-server-extra-7.6_1.15.2-46.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-46.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xorg-x11-server-7.6_1.15.2-46.1 xorg-x11-server-debuginfo-7.6_1.15.2-46.1 xorg-x11-server-debugsource-7.6_1.15.2-46.1 xorg-x11-server-extra-7.6_1.15.2-46.1 xorg-x11-server-extra-debuginfo-7.6_1.15.2-46.1 References: https://bugzilla.suse.com/771521 https://bugzilla.suse.com/867483 https://bugzilla.suse.com/954321 https://bugzilla.suse.com/961439 https://bugzilla.suse.com/962295 From sle-updates at lists.suse.com Fri Feb 5 13:11:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Feb 2016 21:11:16 +0100 (CET) Subject: SUSE-RU-2016:0352-1: moderate: Recommended update for perl-Bootloader Message-ID: <20160205201116.D9B603213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0352-1 Rating: moderate References: #956885 #958608 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for perl-Bootloader fixes the following issues: - Strip superfluous "/boot" parts of path if there's a symbolic link 'boot' pointing to '.' (bsc#956885) - Correctly handle quoting in /etc/fstab (bsc#958608) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perl-Bootloader-12388=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-perl-Bootloader-12388=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-Bootloader-0.4.89.72-3.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): perl-Bootloader-0.4.89.72-3.1 References: https://bugzilla.suse.com/956885 https://bugzilla.suse.com/958608 From sle-updates at lists.suse.com Fri Feb 5 13:11:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Feb 2016 21:11:53 +0100 (CET) Subject: SUSE-SU-2016:0353-1: moderate: Security update for tiff Message-ID: <20160205201153.EBA853213D@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0353-1 Rating: moderate References: #960341 #964225 Cross-References: CVE-2015-7554 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225) - CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools (bsc#960341) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-12389=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-12389=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-tiff-12389=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-12389=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.163.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.163.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.163.1 tiff-3.8.2-141.163.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.163.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.163.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libtiff3-3.8.2-141.163.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libtiff3-32bit-3.8.2-141.163.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.163.1 tiff-debugsource-3.8.2-141.163.1 References: https://www.suse.com/security/cve/CVE-2015-7554.html https://www.suse.com/security/cve/CVE-2015-8781.html https://www.suse.com/security/cve/CVE-2015-8782.html https://www.suse.com/security/cve/CVE-2015-8783.html https://bugzilla.suse.com/960341 https://bugzilla.suse.com/964225 From sle-updates at lists.suse.com Fri Feb 5 13:12:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Feb 2016 21:12:31 +0100 (CET) Subject: SUSE-SU-2016:0354-1: important: Security update for the Linux Kernel Message-ID: <20160205201231.0A5393213D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0354-1 Rating: important References: #777565 #814440 #900610 #904348 #904965 #920016 #923002 #926007 #926709 #926774 #930145 #930788 #932350 #932805 #933721 #935053 #935757 #936118 #937969 #937970 #938706 #939207 #939826 #939926 #939955 #940017 #940925 #941202 #942204 #942305 #942367 #942605 #942688 #942938 #943786 #944296 #944831 #944837 #944989 #944993 #945691 #945825 #945827 #946078 #946309 #947957 #948330 #948347 #948521 #949100 #949298 #949502 #949706 #949744 #949981 #951440 #952084 #952384 #952579 #953527 #953980 #954404 #955354 Cross-References: CVE-2015-0272 CVE-2015-5157 CVE-2015-5307 CVE-2015-6252 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2015-8215 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 54 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384, CVE-2015-7990). - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bnc#937969 bnc#937970 bnc#938706 bnc#939207). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product. (bnc#955354). - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825). - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation (bnc#942367). The following non-security bugs were fixed: - alsa: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - btrfs: fix hang when failing to submit bio of directIO (bnc#942688). - btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688). - btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938). - drm/I915: Add enum hpd_pin to intel_encoder (bsc#942938). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938). - drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938). - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938). - drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938). - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938). - drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938). - drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938). - drm/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938). - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938). - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938). - drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938). - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924). - drm/i915: fix hotplug event bit tracking (bsc#942938). - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938). - drm/i915: fix hpd interrupt register locking (bsc#942938). - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938). - drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938). - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938). - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938). - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938). - drm/i915: Get rid if the "hotplug_supported_mask" in struct drm_i915_private (bsc#942938). - drm/i915: implement ibx_hpd_irq_setup (bsc#942938). - drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938). - drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938). - drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938). - drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938). - drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938). - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938). - drm/i915: Remove i965_hpd_irq_setup (bsc#942938). - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938). - drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938). - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938). - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938). - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938). - ehci-pci: enable interrupt on BayTrail (bnc926007). - Fixing wording in patch comment (bsc#923002) - fix lpfc_send_rscn_event allocation size claims bnc#935757 - hugetlb: simplify migrate_huge_page() (bnc#947957, VM Functionality). - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957, VM Functionality). - IB/iser: Add Discovery support (bsc#923002). - IB/iser: Move informational messages from error to info level (bsc#923002). - IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965). - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965). - inotify: Fix nested sleeps in inotify_read() (bsc#940925). - ipv6: fix tunnel error handling (bsc#952579). - ipv6: probe routes asynchronous in rt6_probe (bsc#936118). - ipvs: drop first packet to dead server (bsc#946078). - ipvs: Fix reuse connection if real server is dead (bnc#945827). - kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch (bnc#920016). - KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440). - ktime: add ktime_after and ktime_before helpe (bsc#904348). - libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - lib/string.c: introduce memchr_inv() (bnc#930788). - macvlan: Support bonding events bsc#948521 - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309). - memory-failure: do code refactor of soft_offline_page() (bnc#947957, VM Functionality). - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957, VM Functionality). - memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957, VM Functionality). - memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957, VM Functionality). - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298). - mm: make page pfmemalloc check more robust (bnc#920016). - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957, VM Functionality). - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957, VM Functionality). - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957, VM Functionality). - Modified -rt patches: 344 of 435, useless noise elided. - Moved iscsi kabi patch to patches.kabi (bsc#923002) - netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350). - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786). - pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819). - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786). - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084). - PCI: delay configuration of SRIOV capability (bnc#952084). - PCI: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084). - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084). - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084). - pktgen: clean up ktime_t helpers (bsc#904348). - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993). - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993). - qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993). - r8169: remember WOL preferences on driver load (bsc#942305). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - Refresh patches.xen/1282-usbback-limit-copying.patch (bsc#941202). - Rename kabi patch appropriately (bsc#923002) - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204). - SCSI: hosts: update to use ida_simple for host_no (bsc#939926) - SCSI: kabi: allow iscsi disocvery session support (bsc#923002). - scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002). - sg: fix read() error reporting (bsc#926774). - Update patches.fixes/fanotify-fix-deadlock-during-thread-exit.patch (bsc#935053, bsc#926709). Add bug reference. - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989). - USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721). - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721). - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721). - USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721). - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605). - xfs: add background scanning to clear eofblocks inodes (bnc#930788). - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788). - xfs: add inode id filtering to eofblocks scan (bnc#930788). - xfs: add minimum file size filtering to eofblocks scan (bnc#930788). - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788). - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788). - xfs: create helper to check whether to free eofblocks on inode (bnc#930788). - xfs: Fix lost direct IO write in the last block (bsc#949744). - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347). - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805). - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788). - xfs: support a tag-based inode_ag_iterator (bnc#930788). - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788). - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805). - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981). - xhci: Allocate correct amount of scratchpad buffers (bnc#933721). - xhci: Calculate old endpoints correctly on device reset (bnc#944831). - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502). - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721). - xhci: do not report PLC when link is in internal resume state (bnc#933721). - xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837). - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721). - xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691). - xhci: report U3 when link is in resume state (bnc#933721). - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721). - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721). - xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721). - XHCI: use uninterruptible sleep for waiting for internal operations (bnc#939955). - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP3: zypper in -t patch slertesp3-kernel-rt-20151204-12390=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-rt-20151204-12390=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP3 (x86_64): kernel-rt-3.0.101.rt130-0.33.44.2 kernel-rt-base-3.0.101.rt130-0.33.44.2 kernel-rt-devel-3.0.101.rt130-0.33.44.2 kernel-rt_trace-3.0.101.rt130-0.33.44.2 kernel-rt_trace-base-3.0.101.rt130-0.33.44.2 kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2 kernel-source-rt-3.0.101.rt130-0.33.44.2 kernel-syms-rt-3.0.101.rt130-0.33.44.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-0.33.44.2 kernel-rt-debugsource-3.0.101.rt130-0.33.44.2 kernel-rt_trace-debuginfo-3.0.101.rt130-0.33.44.2 kernel-rt_trace-debugsource-3.0.101.rt130-0.33.44.2 References: https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-5157.html https://www.suse.com/security/cve/CVE-2015-5307.html https://www.suse.com/security/cve/CVE-2015-6252.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8104.html https://www.suse.com/security/cve/CVE-2015-8215.html https://bugzilla.suse.com/777565 https://bugzilla.suse.com/814440 https://bugzilla.suse.com/900610 https://bugzilla.suse.com/904348 https://bugzilla.suse.com/904965 https://bugzilla.suse.com/920016 https://bugzilla.suse.com/923002 https://bugzilla.suse.com/926007 https://bugzilla.suse.com/926709 https://bugzilla.suse.com/926774 https://bugzilla.suse.com/930145 https://bugzilla.suse.com/930788 https://bugzilla.suse.com/932350 https://bugzilla.suse.com/932805 https://bugzilla.suse.com/933721 https://bugzilla.suse.com/935053 https://bugzilla.suse.com/935757 https://bugzilla.suse.com/936118 https://bugzilla.suse.com/937969 https://bugzilla.suse.com/937970 https://bugzilla.suse.com/938706 https://bugzilla.suse.com/939207 https://bugzilla.suse.com/939826 https://bugzilla.suse.com/939926 https://bugzilla.suse.com/939955 https://bugzilla.suse.com/940017 https://bugzilla.suse.com/940925 https://bugzilla.suse.com/941202 https://bugzilla.suse.com/942204 https://bugzilla.suse.com/942305 https://bugzilla.suse.com/942367 https://bugzilla.suse.com/942605 https://bugzilla.suse.com/942688 https://bugzilla.suse.com/942938 https://bugzilla.suse.com/943786 https://bugzilla.suse.com/944296 https://bugzilla.suse.com/944831 https://bugzilla.suse.com/944837 https://bugzilla.suse.com/944989 https://bugzilla.suse.com/944993 https://bugzilla.suse.com/945691 https://bugzilla.suse.com/945825 https://bugzilla.suse.com/945827 https://bugzilla.suse.com/946078 https://bugzilla.suse.com/946309 https://bugzilla.suse.com/947957 https://bugzilla.suse.com/948330 https://bugzilla.suse.com/948347 https://bugzilla.suse.com/948521 https://bugzilla.suse.com/949100 https://bugzilla.suse.com/949298 https://bugzilla.suse.com/949502 https://bugzilla.suse.com/949706 https://bugzilla.suse.com/949744 https://bugzilla.suse.com/949981 https://bugzilla.suse.com/951440 https://bugzilla.suse.com/952084 https://bugzilla.suse.com/952384 https://bugzilla.suse.com/952579 https://bugzilla.suse.com/953527 https://bugzilla.suse.com/953980 https://bugzilla.suse.com/954404 https://bugzilla.suse.com/955354 From sle-updates at lists.suse.com Mon Feb 8 10:11:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:11:24 +0100 (CET) Subject: SUSE-SU-2016:0380-1: important: Security update for kernel live patch 3 Message-ID: <20160208171124.0B560320A4@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0380-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.38-44.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-221=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_38-44-default-4-2.1 kgraft-patch-3_12_38-44-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-updates at lists.suse.com Mon Feb 8 10:13:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:13:12 +0100 (CET) Subject: SUSE-SU-2016:0381-1: important: Security update for kernel live patch 4 Message-ID: <20160208171312.D804B320A4@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0381-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.39-47.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-220=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_39-47-default-4-2.1 kgraft-patch-3_12_39-47-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-updates at lists.suse.com Mon Feb 8 10:17:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:17:00 +0100 (CET) Subject: SUSE-SU-2016:0383-1: important: Security update for kernel live patch 5 Message-ID: <20160208171700.9AD44320A4@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0383-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.43-52.6.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-219=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_43-52_6-default-4-2.1 kgraft-patch-3_12_43-52_6-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-updates at lists.suse.com Mon Feb 8 10:18:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:18:45 +0100 (CET) Subject: SUSE-SU-2016:0384-1: important: Security update for kernel live patch 2 Message-ID: <20160208171845.226C0320A4@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0384-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.36-38.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-224=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_36-38-default-5-2.1 kgraft-patch-3_12_36-38-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-updates at lists.suse.com Mon Feb 8 10:20:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:20:48 +0100 (CET) Subject: SUSE-SU-2016:0386-1: important: Security update for kernel live patch 6 Message-ID: <20160208172048.1FAC2320A4@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0386-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.44-52.10.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-222=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_44-52_10-default-3-2.1 kgraft-patch-3_12_44-52_10-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-updates at lists.suse.com Mon Feb 8 10:22:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Feb 2016 18:22:30 +0100 (CET) Subject: SUSE-SU-2016:0387-1: important: Security update for kernel live patch 7 Message-ID: <20160208172230.4C8C3320A4@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0387-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.44-52.18.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-223=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_44-52_18-default-3-2.1 kgraft-patch-3_12_44-52_18-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-updates at lists.suse.com Mon Feb 8 13:11:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Feb 2016 21:11:16 +0100 (CET) Subject: SUSE-RU-2016:0388-1: Recommended update for gdm Message-ID: <20160208201116.5D2F5320A8@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0388-1 Rating: low References: #870558 #940159 #950751 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for gdm provides the following fixes: - Don't leak the correctness of root's password when root login is not allowed. (bsc#950751) - Fix black screen when switching virtual terminals after user logged off. (bsc#940159) - Fix incomplete translation of text in the login screen. (bsc#870558) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-225=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-225=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-225=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-225=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-225=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-225=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gdm-debuginfo-3.10.0.1-32.1 gdm-debugsource-3.10.0.1-32.1 gdm-devel-3.10.0.1-32.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gdm-debuginfo-3.10.0.1-32.1 gdm-debugsource-3.10.0.1-32.1 gdm-devel-3.10.0.1-32.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gdm-3.10.0.1-32.1 gdm-debuginfo-3.10.0.1-32.1 gdm-debugsource-3.10.0.1-32.1 libgdm1-3.10.0.1-32.1 libgdm1-debuginfo-3.10.0.1-32.1 typelib-1_0-Gdm-1_0-3.10.0.1-32.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gdm-branding-upstream-3.10.0.1-32.1 gdm-lang-3.10.0.1-32.1 gdmflexiserver-3.10.0.1-32.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gdm-3.10.0.1-32.1 gdm-debuginfo-3.10.0.1-32.1 gdm-debugsource-3.10.0.1-32.1 libgdm1-3.10.0.1-32.1 libgdm1-debuginfo-3.10.0.1-32.1 typelib-1_0-Gdm-1_0-3.10.0.1-32.1 - SUSE Linux Enterprise Server 12 (noarch): gdm-branding-upstream-3.10.0.1-32.1 gdm-lang-3.10.0.1-32.1 gdmflexiserver-3.10.0.1-32.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gdm-3.10.0.1-32.1 gdm-debuginfo-3.10.0.1-32.1 gdm-debugsource-3.10.0.1-32.1 libgdm1-3.10.0.1-32.1 libgdm1-debuginfo-3.10.0.1-32.1 typelib-1_0-Gdm-1_0-3.10.0.1-32.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gdm-branding-upstream-3.10.0.1-32.1 gdm-lang-3.10.0.1-32.1 gdmflexiserver-3.10.0.1-32.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gdm-3.10.0.1-32.1 gdm-debuginfo-3.10.0.1-32.1 gdm-debugsource-3.10.0.1-32.1 libgdm1-3.10.0.1-32.1 libgdm1-debuginfo-3.10.0.1-32.1 typelib-1_0-Gdm-1_0-3.10.0.1-32.1 - SUSE Linux Enterprise Desktop 12 (noarch): gdm-branding-upstream-3.10.0.1-32.1 gdm-lang-3.10.0.1-32.1 gdmflexiserver-3.10.0.1-32.1 References: https://bugzilla.suse.com/870558 https://bugzilla.suse.com/940159 https://bugzilla.suse.com/950751 From sle-updates at lists.suse.com Tue Feb 9 06:11:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Feb 2016 14:11:28 +0100 (CET) Subject: SUSE-SU-2016:0389-1: moderate: Security update for postgresql91 Message-ID: <20160209131128.C1CD6320DF@maintenance.suse.de> SUSE Security Update: Security update for postgresql91 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0389-1 Rating: moderate References: #949669 Cross-References: CVE-2015-5288 Affected Products: SUSE Studio Onsite 1.3 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update of postgresql91 to 9.1.19 fixes the following issues: * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.1.19 release: http://www.postgresql.org/docs/9.1/static/release-9-1-19.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-postgresql91-20160120-12391=1 - SUSE Manager 2.1: zypper in -t patch sleman21-postgresql91-20160120-12391=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-postgresql91-20160120-12391=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-postgresql91-20160120-12391=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-postgresql91-20160120-12391=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-postgresql91-20160120-12391=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-postgresql91-20160120-12391=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): postgresql91-devel-9.1.19-0.5.1 - SUSE Manager 2.1 (s390x x86_64): postgresql91-pltcl-9.1.19-0.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): postgresql91-devel-9.1.19-0.5.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): postgresql91-9.1.19-0.5.1 postgresql91-contrib-9.1.19-0.5.1 postgresql91-docs-9.1.19-0.5.1 postgresql91-server-9.1.19-0.5.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): postgresql91-9.1.19-0.5.1 postgresql91-contrib-9.1.19-0.5.1 postgresql91-docs-9.1.19-0.5.1 postgresql91-server-9.1.19-0.5.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): postgresql91-9.1.19-0.5.1 postgresql91-docs-9.1.19-0.5.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): postgresql91-debuginfo-9.1.19-0.5.1 postgresql91-debugsource-9.1.19-0.5.1 References: https://www.suse.com/security/cve/CVE-2015-5288.html https://bugzilla.suse.com/949669 From sle-updates at lists.suse.com Tue Feb 9 06:11:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Feb 2016 14:11:57 +0100 (CET) Subject: SUSE-SU-2016:0390-1: important: Security update for java-1_8_0-ibm Message-ID: <20160209131157.1C5843213D@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0390-1 Rating: important References: #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following security issues by updating to 8.0-2.10 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0475: An unspecified vulnerability related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-227=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-227=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr2.10-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr2.10-7.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr2.10-7.1 java-1_8_0-ibm-plugin-1.8.0_sr2.10-7.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0475.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-updates at lists.suse.com Tue Feb 9 06:12:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Feb 2016 14:12:33 +0100 (CET) Subject: SUSE-SU-2016:0391-1: important: Security update for rubygem-rails-html-sanitizer Message-ID: <20160209131233.589C63213D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rails-html-sanitizer ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0391-1 Rating: important References: #963326 #963327 #963328 Cross-References: CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2015-7579: XSS vulnerability in rails-html-sanitizer (bsc#963327) - CVE-2015-7578: XSS vulnerability via attributes (bsc#963326) - CVE-2015-7580: XSS via whitelist sanitizer (bsc#963328) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-228=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-rails-html-sanitizer-1.0.2-7.1 References: https://www.suse.com/security/cve/CVE-2015-7578.html https://www.suse.com/security/cve/CVE-2015-7579.html https://www.suse.com/security/cve/CVE-2015-7580.html https://bugzilla.suse.com/963326 https://bugzilla.suse.com/963327 https://bugzilla.suse.com/963328 From sle-updates at lists.suse.com Tue Feb 9 11:11:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Feb 2016 19:11:18 +0100 (CET) Subject: SUSE-RU-2016:0393-1: Recommended update for ant-contrib Message-ID: <20160209181118.8F7BA320DF@maintenance.suse.de> SUSE Recommended Update: Recommended update for ant-contrib ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0393-1 Rating: low References: #922324 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ant-contrib enables the task. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-230=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-230=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): ant-contrib-1.0b3-4.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): ant-contrib-1.0b3-4.1 References: https://bugzilla.suse.com/922324 From sle-updates at lists.suse.com Tue Feb 9 13:11:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Feb 2016 21:11:15 +0100 (CET) Subject: SUSE-RU-2016:0394-1: Recommended update for amazon-ecs-init Message-ID: <20160209201115.693EE3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0394-1 Rating: low References: #963837 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Amazon's EC2 Container Service Initialization has been updated to version 1.7.1, adding support for Docker 1.9.1. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-232=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): amazon-ecs-init-1.7.1-12.1 References: https://bugzilla.suse.com/963837 From sle-updates at lists.suse.com Tue Feb 9 13:11:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Feb 2016 21:11:36 +0100 (CET) Subject: SUSE-RU-2016:0395-1: Recommended update for gcimagebundle, google-daemon, google-startup-scripts Message-ID: <20160209201136.2272D3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcimagebundle, google-daemon, google-startup-scripts ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0395-1 Rating: low References: #963879 #963880 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This collective update for Google's Computing Environment tools provides fixes and enhancements: google-daemon (update to version 1.3.1): - Refactored accounts daemon. - Support "ssh-keys" in project metadata in addition to "sshKeys". - Support instance "override-ssh-keys" in addition to "sshKeys". - Support "additional-ssh-keys" in instance metadata. gcimagebundle (update to version 1.3.1): - Added deprecation warnings for safe_format_and_mount and gcimagebundle. google-startup-scripts (update to version 1.3.1): - Added deprecation warnings for safe_format_and_mount. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-233=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): gcimagebundle-1.3.1-15.1 google-daemon-1.3.1-15.1 google-startup-scripts-1.3.1-15.1 References: https://bugzilla.suse.com/963879 https://bugzilla.suse.com/963880 From sle-updates at lists.suse.com Tue Feb 9 13:12:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Feb 2016 21:12:07 +0100 (CET) Subject: SUSE-RU-2016:0396-1: moderate: Recommended update for susemanager-sync-data Message-ID: <20160209201207.BE0D63213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0396-1 Rating: moderate References: #959548 #963784 #965652 Affected Products: SUSE Manager 2.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for susemanager-sync-data fixes the following issues: - Add support for SUSE-Enterprise-Storage 2.1 (bsc#963784) - Add support for SLE12-SP1-SAP (bsc#959548) - Add support for SLES11-SP3-LTSS-Updates (bsc#965652) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-susemanager-sync-data-12392=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (noarch): susemanager-sync-data-2.1.13-24.1 References: https://bugzilla.suse.com/959548 https://bugzilla.suse.com/963784 https://bugzilla.suse.com/965652 From sle-updates at lists.suse.com Wed Feb 10 05:11:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Feb 2016 13:11:30 +0100 (CET) Subject: SUSE-SU-2016:0398-1: important: Security update for flash-player Message-ID: <20160210121130.D60433213D@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0398-1 Rating: important References: #965901 Cross-References: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - Security update to 11.2.202.569 (bsc#965901): * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-235=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-235=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-235=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-235=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.569-120.1 flash-player-gnome-11.2.202.569-120.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.569-120.1 flash-player-gnome-11.2.202.569-120.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.569-120.1 flash-player-gnome-11.2.202.569-120.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.569-120.1 flash-player-gnome-11.2.202.569-120.1 References: https://www.suse.com/security/cve/CVE-2016-0964.html https://www.suse.com/security/cve/CVE-2016-0965.html https://www.suse.com/security/cve/CVE-2016-0966.html https://www.suse.com/security/cve/CVE-2016-0967.html https://www.suse.com/security/cve/CVE-2016-0968.html https://www.suse.com/security/cve/CVE-2016-0969.html https://www.suse.com/security/cve/CVE-2016-0970.html https://www.suse.com/security/cve/CVE-2016-0971.html https://www.suse.com/security/cve/CVE-2016-0972.html https://www.suse.com/security/cve/CVE-2016-0973.html https://www.suse.com/security/cve/CVE-2016-0974.html https://www.suse.com/security/cve/CVE-2016-0975.html https://www.suse.com/security/cve/CVE-2016-0976.html https://www.suse.com/security/cve/CVE-2016-0977.html https://www.suse.com/security/cve/CVE-2016-0978.html https://www.suse.com/security/cve/CVE-2016-0979.html https://www.suse.com/security/cve/CVE-2016-0980.html https://www.suse.com/security/cve/CVE-2016-0981.html https://www.suse.com/security/cve/CVE-2016-0982.html https://www.suse.com/security/cve/CVE-2016-0983.html https://www.suse.com/security/cve/CVE-2016-0984.html https://www.suse.com/security/cve/CVE-2016-0985.html https://bugzilla.suse.com/965901 From sle-updates at lists.suse.com Wed Feb 10 05:11:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Feb 2016 13:11:56 +0100 (CET) Subject: SUSE-SU-2016:0399-1: important: Security update for java-1_7_1-ibm Message-ID: <20160210121156.2F2CC3213D@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0399-1 Rating: important References: #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues by updating to 7.1-3.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-12394=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-12394=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.30-9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.30-9.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.30-9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.30-9.1 java-1_7_1-ibm-plugin-1.7.1_sr3.30-9.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-7981.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-updates at lists.suse.com Wed Feb 10 05:12:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Feb 2016 13:12:33 +0100 (CET) Subject: SUSE-SU-2016:0400-1: important: Security update for flash-player Message-ID: <20160210121233.5EFD03213D@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0400-1 Rating: important References: #965901 Cross-References: CVE-2016-0964 CVE-2016-0965 CVE-2016-0966 CVE-2016-0967 CVE-2016-0968 CVE-2016-0969 CVE-2016-0970 CVE-2016-0971 CVE-2016-0972 CVE-2016-0973 CVE-2016-0974 CVE-2016-0975 CVE-2016-0976 CVE-2016-0977 CVE-2016-0978 CVE-2016-0979 CVE-2016-0980 CVE-2016-0981 CVE-2016-0982 CVE-2016-0983 CVE-2016-0984 CVE-2016-0985 Affected Products: SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that fixes 22 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - Security update to 11.2.202.569 (bsc#965901): * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-flash-player-12393=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): flash-player-11.2.202.569-0.35.1 flash-player-gnome-11.2.202.569-0.35.1 flash-player-kde4-11.2.202.569-0.35.1 References: https://www.suse.com/security/cve/CVE-2016-0964.html https://www.suse.com/security/cve/CVE-2016-0965.html https://www.suse.com/security/cve/CVE-2016-0966.html https://www.suse.com/security/cve/CVE-2016-0967.html https://www.suse.com/security/cve/CVE-2016-0968.html https://www.suse.com/security/cve/CVE-2016-0969.html https://www.suse.com/security/cve/CVE-2016-0970.html https://www.suse.com/security/cve/CVE-2016-0971.html https://www.suse.com/security/cve/CVE-2016-0972.html https://www.suse.com/security/cve/CVE-2016-0973.html https://www.suse.com/security/cve/CVE-2016-0974.html https://www.suse.com/security/cve/CVE-2016-0975.html https://www.suse.com/security/cve/CVE-2016-0976.html https://www.suse.com/security/cve/CVE-2016-0977.html https://www.suse.com/security/cve/CVE-2016-0978.html https://www.suse.com/security/cve/CVE-2016-0979.html https://www.suse.com/security/cve/CVE-2016-0980.html https://www.suse.com/security/cve/CVE-2016-0981.html https://www.suse.com/security/cve/CVE-2016-0982.html https://www.suse.com/security/cve/CVE-2016-0983.html https://www.suse.com/security/cve/CVE-2016-0984.html https://www.suse.com/security/cve/CVE-2016-0985.html https://bugzilla.suse.com/965901 From sle-updates at lists.suse.com Wed Feb 10 05:12:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Feb 2016 13:12:55 +0100 (CET) Subject: SUSE-SU-2016:0401-1: important: Security update for java-1_7_1-ibm Message-ID: <20160210121255.F37A93213D@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0401-1 Rating: important References: #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues by updating to 7.1-3.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-237=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-237=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-237=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-237=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.30-21.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.30-21.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.30-21.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.30-21.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.30-21.1 java-1_7_1-ibm-plugin-1.7.1_sr3.30-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.30-21.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.30-21.1 - SUSE Linux Enterprise Server 12 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.30-21.1 java-1_7_1-ibm-plugin-1.7.1_sr3.30-21.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-7981.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-updates at lists.suse.com Wed Feb 10 08:12:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Feb 2016 16:12:37 +0100 (CET) Subject: SUSE-OU-2016:0407-1: Initial release of python-boto3 Message-ID: <20160210151237.F36793213D@maintenance.suse.de> SUSE Optional Update: Initial release of python-boto3 ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:0407-1 Rating: low References: #962170 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update releases python-boto3 to the Public Cloud 12 Module. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-238=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-boto3-1.2.3-2.1 References: https://bugzilla.suse.com/962170 From sle-updates at lists.suse.com Wed Feb 10 10:11:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Feb 2016 18:11:13 +0100 (CET) Subject: SUSE-RU-2016:0410-1: Recommended update for gcimagebundle, google-daemon, google-startup-scripts Message-ID: <20160210171113.B027A3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcimagebundle, google-daemon, google-startup-scripts ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0410-1 Rating: low References: #963879 #963880 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This collective update for Google's Computing Environment tools provides fixes and enhancements: google-daemon (update to version 1.3.1): - Refactored accounts daemon. - Support "ssh-keys" in project metadata in addition to "sshKeys". - Support instance "override-ssh-keys" in addition to "sshKeys". - Support "additional-ssh-keys" in instance metadata. gcimagebundle (update to version 1.3.1): - Added deprecation warnings for safe_format_and_mount and gcimagebundle. google-startup-scripts (update to version 1.3.1): - Added deprecation warnings for safe_format_and_mount. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-google-tools-12395=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): gcimagebundle-1.3.1-12.1 - SUSE Linux Enterprise Server 11-PUBCLOUD (noarch): google-daemon-1.3.1-12.1 google-startup-scripts-1.3.1-12.1 References: https://bugzilla.suse.com/963879 https://bugzilla.suse.com/963880 From sle-updates at lists.suse.com Wed Feb 10 11:11:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Feb 2016 19:11:12 +0100 (CET) Subject: SUSE-RU-2016:0411-1: Recommended update for rabbitmq-server and supportutils-plugin-susecloud Message-ID: <20160210181112.A874D3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-server and supportutils-plugin-susecloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0411-1 Rating: low References: #956341 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rabbitmq-server and supportutils-plugin-susecloud fixes the following issues: - Collect some information about rabbitmq in supportconfig. - Do not collect xz files in supportconfig (bsc#956341). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rabbitmq-201602-12396=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): rabbitmq-server-3.4.3-9.1 rabbitmq-server-plugins-3.4.3-9.1 - SUSE OpenStack Cloud 5 (noarch): supportutils-plugin-susecloud-5.0.1448443901.3f8509f-12.1 References: https://bugzilla.suse.com/956341 From sle-updates at lists.suse.com Thu Feb 11 06:13:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Feb 2016 14:13:51 +0100 (CET) Subject: SUSE-RU-2016:0419-1: Recommended update for wayland Message-ID: <20160211131351.3C00D3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for wayland ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0419-1 Rating: low References: #960181 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update brings improvements to Wayland's API: - Add a destructor to the wl_data_device interface. - Add repeat_info event to wl_keyboard. - Generate macros for getting the 'since' version of an event. These enhancements are required to build KDE5 (Plasma 5.5.x) on top of SLE 12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-241=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-241=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-241=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-241=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-241=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-241=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-241=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-241=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libwayland-client0-1.2.1-8.1 libwayland-client0-debuginfo-1.2.1-8.1 libwayland-cursor0-1.2.1-8.1 libwayland-cursor0-debuginfo-1.2.1-8.1 libwayland-server0-1.2.1-8.1 libwayland-server0-debuginfo-1.2.1-8.1 wayland-debugsource-1.2.1-8.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libwayland-client0-1.2.1-8.1 libwayland-client0-debuginfo-1.2.1-8.1 libwayland-cursor0-1.2.1-8.1 libwayland-cursor0-debuginfo-1.2.1-8.1 libwayland-server0-1.2.1-8.1 libwayland-server0-debuginfo-1.2.1-8.1 wayland-debugsource-1.2.1-8.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): wayland-debugsource-1.2.1-8.1 wayland-devel-1.2.1-8.1 wayland-devel-debuginfo-1.2.1-8.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): wayland-debugsource-1.2.1-8.1 wayland-devel-1.2.1-8.1 wayland-devel-debuginfo-1.2.1-8.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libwayland-client0-32bit-1.2.1-8.1 libwayland-client0-debuginfo-32bit-1.2.1-8.1 libwayland-cursor0-32bit-1.2.1-8.1 libwayland-cursor0-debuginfo-32bit-1.2.1-8.1 libwayland-server0-32bit-1.2.1-8.1 libwayland-server0-debuginfo-32bit-1.2.1-8.1 wayland-debugsource-1.2.1-8.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libwayland-client0-32bit-1.2.1-8.1 libwayland-client0-debuginfo-32bit-1.2.1-8.1 libwayland-cursor0-32bit-1.2.1-8.1 libwayland-cursor0-debuginfo-32bit-1.2.1-8.1 libwayland-server0-32bit-1.2.1-8.1 libwayland-server0-debuginfo-32bit-1.2.1-8.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libwayland-client0-1.2.1-8.1 libwayland-client0-32bit-1.2.1-8.1 libwayland-client0-debuginfo-1.2.1-8.1 libwayland-client0-debuginfo-32bit-1.2.1-8.1 libwayland-cursor0-1.2.1-8.1 libwayland-cursor0-32bit-1.2.1-8.1 libwayland-cursor0-debuginfo-1.2.1-8.1 libwayland-cursor0-debuginfo-32bit-1.2.1-8.1 libwayland-server0-1.2.1-8.1 libwayland-server0-32bit-1.2.1-8.1 libwayland-server0-debuginfo-1.2.1-8.1 libwayland-server0-debuginfo-32bit-1.2.1-8.1 wayland-debugsource-1.2.1-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libwayland-client0-1.2.1-8.1 libwayland-client0-32bit-1.2.1-8.1 libwayland-client0-debuginfo-1.2.1-8.1 libwayland-client0-debuginfo-32bit-1.2.1-8.1 libwayland-cursor0-1.2.1-8.1 libwayland-cursor0-32bit-1.2.1-8.1 libwayland-cursor0-debuginfo-1.2.1-8.1 libwayland-cursor0-debuginfo-32bit-1.2.1-8.1 libwayland-server0-1.2.1-8.1 libwayland-server0-32bit-1.2.1-8.1 libwayland-server0-debuginfo-1.2.1-8.1 libwayland-server0-debuginfo-32bit-1.2.1-8.1 wayland-debugsource-1.2.1-8.1 References: https://bugzilla.suse.com/960181 From sle-updates at lists.suse.com Thu Feb 11 07:11:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:11:37 +0100 (CET) Subject: SUSE-SU-2016:0428-1: important: Security update for java-1_6_0-ibm Message-ID: <20160211141137.4CEB03213D@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0428-1 Rating: important References: #960286 #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-244=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.20-30.1 java-1_6_0-ibm-fonts-1.6.0_sr16.20-30.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.20-30.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.20-30.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-7981.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960286 https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-updates at lists.suse.com Thu Feb 11 07:12:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:12:33 +0100 (CET) Subject: SUSE-SU-2016:0429-1: moderate: Security update for krb5 Message-ID: <20160211141233.2AB8F3213D@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0429-1 Rating: moderate References: #963964 #963968 #963975 Cross-References: CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-243=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-243=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-243=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-243=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-243=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-243=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): krb5-debuginfo-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 krb5-devel-1.12.1-25.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): krb5-debuginfo-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 krb5-devel-1.12.1-25.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): krb5-1.12.1-25.1 krb5-client-1.12.1-25.1 krb5-client-debuginfo-1.12.1-25.1 krb5-debuginfo-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 krb5-doc-1.12.1-25.1 krb5-plugin-kdb-ldap-1.12.1-25.1 krb5-plugin-kdb-ldap-debuginfo-1.12.1-25.1 krb5-plugin-preauth-otp-1.12.1-25.1 krb5-plugin-preauth-otp-debuginfo-1.12.1-25.1 krb5-plugin-preauth-pkinit-1.12.1-25.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-25.1 krb5-server-1.12.1-25.1 krb5-server-debuginfo-1.12.1-25.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): krb5-32bit-1.12.1-25.1 krb5-debuginfo-32bit-1.12.1-25.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): krb5-1.12.1-25.1 krb5-client-1.12.1-25.1 krb5-client-debuginfo-1.12.1-25.1 krb5-debuginfo-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 krb5-doc-1.12.1-25.1 krb5-plugin-kdb-ldap-1.12.1-25.1 krb5-plugin-kdb-ldap-debuginfo-1.12.1-25.1 krb5-plugin-preauth-otp-1.12.1-25.1 krb5-plugin-preauth-otp-debuginfo-1.12.1-25.1 krb5-plugin-preauth-pkinit-1.12.1-25.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.1-25.1 krb5-server-1.12.1-25.1 krb5-server-debuginfo-1.12.1-25.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): krb5-32bit-1.12.1-25.1 krb5-debuginfo-32bit-1.12.1-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): krb5-1.12.1-25.1 krb5-32bit-1.12.1-25.1 krb5-client-1.12.1-25.1 krb5-client-debuginfo-1.12.1-25.1 krb5-debuginfo-1.12.1-25.1 krb5-debuginfo-32bit-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 - SUSE Linux Enterprise Desktop 12 (x86_64): krb5-1.12.1-25.1 krb5-32bit-1.12.1-25.1 krb5-client-1.12.1-25.1 krb5-client-debuginfo-1.12.1-25.1 krb5-debuginfo-1.12.1-25.1 krb5-debuginfo-32bit-1.12.1-25.1 krb5-debugsource-1.12.1-25.1 References: https://www.suse.com/security/cve/CVE-2015-8629.html https://www.suse.com/security/cve/CVE-2015-8630.html https://www.suse.com/security/cve/CVE-2015-8631.html https://bugzilla.suse.com/963964 https://bugzilla.suse.com/963968 https://bugzilla.suse.com/963975 From sle-updates at lists.suse.com Thu Feb 11 07:13:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:13:20 +0100 (CET) Subject: SUSE-SU-2016:0430-1: moderate: Security update for krb5 Message-ID: <20160211141320.307B53213D@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0430-1 Rating: moderate References: #963968 #963975 Cross-References: CVE-2015-8629 CVE-2015-8631 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-krb5-12397=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-krb5-12397=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-krb5-12397=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-krb5-12397=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-devel-1.6.3-133.49.106.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): krb5-devel-32bit-1.6.3-133.49.106.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): krb5-server-1.6.3-133.49.106.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-1.6.3-133.49.106.1 krb5-apps-clients-1.6.3-133.49.106.1 krb5-apps-servers-1.6.3-133.49.106.1 krb5-client-1.6.3-133.49.106.1 krb5-server-1.6.3-133.49.106.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): krb5-32bit-1.6.3-133.49.106.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): krb5-x86-1.6.3-133.49.106.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): krb5-1.6.3-133.49.106.1 krb5-client-1.6.3-133.49.106.1 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): krb5-32bit-1.6.3-133.49.106.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): krb5-debuginfo-1.6.3-133.49.106.1 krb5-debugsource-1.6.3-133.49.106.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): krb5-debuginfo-32bit-1.6.3-133.49.106.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): krb5-debuginfo-x86-1.6.3-133.49.106.1 References: https://www.suse.com/security/cve/CVE-2015-8629.html https://www.suse.com/security/cve/CVE-2015-8631.html https://bugzilla.suse.com/963968 https://bugzilla.suse.com/963975 From sle-updates at lists.suse.com Thu Feb 11 07:13:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:13:54 +0100 (CET) Subject: SUSE-SU-2016:0431-1: important: Security update for java-1_6_0-ibm Message-ID: <20160211141354.A2C123213D@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0431-1 Rating: important References: #960286 #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-12399=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.20-49.1 java-1_6_0-ibm-devel-1.6.0_sr16.20-49.1 java-1_6_0-ibm-fonts-1.6.0_sr16.20-49.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.20-49.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.20-49.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.20-49.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-7981.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960286 https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-updates at lists.suse.com Thu Feb 11 07:14:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:14:36 +0100 (CET) Subject: SUSE-SU-2016:0432-1: moderate: Security update for rubygem-activemodel-4_2 Message-ID: <20160211141436.6B6183213D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activemodel-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0432-1 Rating: moderate References: #963334 Cross-References: CVE-2016-0753 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activemodel-4_2 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention (bsc#963334) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-247=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-activemodel-4_2-4.2.2-5.1 References: https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963334 From sle-updates at lists.suse.com Thu Feb 11 07:15:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Feb 2016 15:15:03 +0100 (CET) Subject: SUSE-SU-2016:0433-1: important: Security update for java-1_7_0-ibm Message-ID: <20160211141503.5B3AD3213D@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0433-1 Rating: important References: #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues by updating to 7.0-9.30 (bsc#963937): - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng is vulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_7_0-ibm-12398=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.30-45.1 java-1_7_0-ibm-devel-1.7.0_sr9.30-45.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.30-45.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.30-45.1 java-1_7_0-ibm-plugin-1.7.0_sr9.30-45.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-7981.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 From sle-updates at lists.suse.com Thu Feb 11 13:11:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Feb 2016 21:11:06 +0100 (CET) Subject: SUSE-SU-2016:0434-1: important: Security update for kernel live patch 1 Message-ID: <20160211201106.9B4CA3213D@maintenance.suse.de> SUSE Security Update: Security update for kernel live patch 1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0434-1 Rating: important References: #916225 #940342 #951542 #951625 #953052 #954005 #958601 Cross-References: CVE-2015-2925 CVE-2015-6937 CVE-2015-7872 CVE-2015-7990 CVE-2015-8539 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This kernel live patch for Linux Kernel 3.12.32-33.1 fixes security issues and bugs: Security issues fixed: - CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958601). - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#953052) - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#953052). - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951542). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#951625). Non-security bugfix were also done: - xfs: Fix lost direct IO write in the last block (bsc#954005). - simple fix in kallsyms initialization (bsc#940342 bsc#916225) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-249=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_32-33-default-5-2.1 kgraft-patch-3_12_32-33-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2015-2925.html https://www.suse.com/security/cve/CVE-2015-6937.html https://www.suse.com/security/cve/CVE-2015-7872.html https://www.suse.com/security/cve/CVE-2015-7990.html https://www.suse.com/security/cve/CVE-2015-8539.html https://bugzilla.suse.com/916225 https://bugzilla.suse.com/940342 https://bugzilla.suse.com/951542 https://bugzilla.suse.com/951625 https://bugzilla.suse.com/953052 https://bugzilla.suse.com/954005 https://bugzilla.suse.com/958601 From sle-updates at lists.suse.com Thu Feb 11 13:12:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Feb 2016 21:12:48 +0100 (CET) Subject: SUSE-SU-2016:0435-1: moderate: Security update for rubygem-activesupport-4_2 Message-ID: <20160211201248.2337B3213D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activesupport-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0435-1 Rating: moderate References: #963329 #963334 Cross-References: CVE-2015-7576 CVE-2016-0753 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-activesupport-4_2 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329) - CVE-2016-0753: Input Validation Circumvention (bsc#963334) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-250=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-activesupport-4_2-4.2.2-6.1 References: https://www.suse.com/security/cve/CVE-2015-7576.html https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963329 https://bugzilla.suse.com/963334 From sle-updates at lists.suse.com Thu Feb 11 13:13:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Feb 2016 21:13:18 +0100 (CET) Subject: SUSE-RU-2016:0436-1: moderate: Recommended update for rubygem-chef Message-ID: <20160211201318.CC1B03213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0436-1 Rating: moderate References: #960012 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef fixes the following issues: - Allow re-creating client with public key information. - Fix starting chef-client daemon from chef cookbook (bsc#960012). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-chef-12400=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-chef-10.32.2-25.1 rubygem-chef-10.32.2-25.1 References: https://bugzilla.suse.com/960012 From sle-updates at lists.suse.com Fri Feb 12 10:11:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Feb 2016 18:11:23 +0100 (CET) Subject: SUSE-RU-2016:0443-1: Recommended update for certification-sles-eal4 Message-ID: <20160212171123.102993213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for certification-sles-eal4 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0443-1 Rating: low References: #966284 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The EAL4 Configuration Guide has been updated to version 1.11, which brings more details about: - The AES-NI CPU instruction on x86 and IBM System Z systems. - SELinux management. - OpenSSH client configuration. - IPSEC IKE configuration. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-251=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): certification-sles-eal4-12.0-0.10.1 References: https://bugzilla.suse.com/966284 From sle-updates at lists.suse.com Fri Feb 12 10:11:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Feb 2016 18:11:49 +0100 (CET) Subject: SUSE-RU-2016:0444-1: Recommended update for timezone Message-ID: <20160212171149.3BABE3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0444-1 Rating: low References: #963921 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2016a) for your system, including the following changes: - America/Cayman will not observe daylight saving this year. - Asia/Chita switches from +0800 to +0900 on 2016-03-27 at 02:00. - Asia/Tehran now has DST predictions for the year 2038 and later. - America/Metlakatla switched from PST all year to AKST/AKDT on 2015-11-01 at 02:00. - America/Santa_Isabel has been removed, and replaced with a backward compatibility link to America/Tijuana. - Asia/Karachi's two transition times in 2002 were off by a minute. This release also includes changes affecting past time stamps, documentation and some minor code fixes. For a comprehensive list, refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz/2016-January/023106.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-252=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-252=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-252=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-252=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): timezone-2016a-0.29.1 timezone-debuginfo-2016a-0.29.1 timezone-debugsource-2016a-0.29.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): timezone-java-2016a-0.29.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): timezone-2016a-0.29.1 timezone-debuginfo-2016a-0.29.1 timezone-debugsource-2016a-0.29.1 - SUSE Linux Enterprise Server 12 (noarch): timezone-java-2016a-0.29.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): timezone-2016a-0.29.1 timezone-debuginfo-2016a-0.29.1 timezone-debugsource-2016a-0.29.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): timezone-java-2016a-0.29.1 - SUSE Linux Enterprise Desktop 12 (x86_64): timezone-2016a-0.29.1 timezone-debuginfo-2016a-0.29.1 timezone-debugsource-2016a-0.29.1 - SUSE Linux Enterprise Desktop 12 (noarch): timezone-java-2016a-0.29.1 References: https://bugzilla.suse.com/963921 From sle-updates at lists.suse.com Fri Feb 12 11:11:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Feb 2016 19:11:27 +0100 (CET) Subject: SUSE-RU-2016:0445-1: Recommended update for timezone Message-ID: <20160212181127.2E5533213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0445-1 Rating: low References: #963921 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2016a) for your system, including the following changes: - America/Cayman will not observe daylight saving this year. - Asia/Chita switches from +0800 to +0900 on 2016-03-27 at 02:00. - Asia/Tehran now has DST predictions for the year 2038 and later. - America/Metlakatla switched from PST all year to AKST/AKDT on 2015-11-01 at 02:00. - America/Santa_Isabel has been removed, and replaced with a backward compatibility link to America/Tijuana. - Asia/Karachi's two transition times in 2002 were off by a minute. This release also includes changes affecting past time stamps, documentation and some minor code fixes. For a comprehensive list, refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz/2016-January/023106.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-timezone-12401=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-timezone-12401=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-timezone-12401=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-timezone-12401=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-timezone-12401=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-12401=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-timezone-12401=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-timezone-12401=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): timezone-java-2016a-0.14.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-2016a-0.14.2 - SUSE Linux Enterprise Server 11-SP4 (noarch): timezone-java-2016a-0.14.3 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): timezone-2016a-0.14.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): timezone-java-2016a-0.14.3 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): timezone-2016a-0.14.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (noarch): timezone-java-2016a-0.14.3 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): timezone-2016a-0.14.2 - SUSE Linux Enterprise Desktop 11-SP4 (noarch): timezone-java-2016a-0.14.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2016a-0.14.2 timezone-debugsource-2016a-0.14.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): timezone-debuginfo-2016a-0.14.2 timezone-debugsource-2016a-0.14.2 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): timezone-debuginfo-2016a-0.14.2 timezone-debugsource-2016a-0.14.2 References: https://bugzilla.suse.com/963921 From sle-updates at lists.suse.com Fri Feb 12 11:11:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Feb 2016 19:11:56 +0100 (CET) Subject: SUSE-RU-2016:0446-1: moderate: Recommended update for squashfs Message-ID: <20160212181156.140563213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for squashfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0446-1 Rating: moderate References: #953723 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for squashfs fixes a file corruption issue caused by a rare race condition. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-253=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-253=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-253=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-253=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): squashfs-4.3-3.1 squashfs-debuginfo-4.3-3.1 squashfs-debugsource-4.3-3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): squashfs-4.3-3.1 squashfs-debuginfo-4.3-3.1 squashfs-debugsource-4.3-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): squashfs-4.3-3.1 squashfs-debuginfo-4.3-3.1 squashfs-debugsource-4.3-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): squashfs-4.3-3.1 squashfs-debuginfo-4.3-3.1 squashfs-debugsource-4.3-3.1 References: https://bugzilla.suse.com/953723 From sle-updates at lists.suse.com Fri Feb 12 13:11:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Feb 2016 21:11:08 +0100 (CET) Subject: SUSE-RU-2016:0447-1: Recommended update for cloud-regionsrv-client Message-ID: <20160212201108.5EA653213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0447-1 Rating: low References: #959206 #964334 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Handle proxy configuration properly. (bsc#964334) - Make generic-config provide regionsrv-certs to allow it to be installed without conflicts. (bsc#959206) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-256=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-6.4.4-31.1 cloud-regionsrv-client-generic-config-1.0.0-31.1 cloud-regionsrv-client-plugin-gce-1.0.0-31.1 References: https://bugzilla.suse.com/959206 https://bugzilla.suse.com/964334 From sle-updates at lists.suse.com Fri Feb 12 13:11:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Feb 2016 21:11:39 +0100 (CET) Subject: SUSE-RU-2016:0448-1: Recommended update for cloud-regionsrv-client Message-ID: <20160212201139.E79453213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0448-1 Rating: low References: #950858 #950865 #958402 #959206 #964335 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Handle proxy configuration properly. (bsc#964335) - Make generic-config provide regionsrv-certs to allow it to be installed without conflicts. (bsc#959206) - Continue to register other products even if one fails. (bsc#958402) - Detect and properly report errors when the base product registration fails. (bsc#950858) - Properly register the base product. (bsc#950865) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-cloud-regionsrv-client-12402=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): cloud-regionsrv-client-6.4.4-15.1 References: https://bugzilla.suse.com/950858 https://bugzilla.suse.com/950865 https://bugzilla.suse.com/958402 https://bugzilla.suse.com/959206 https://bugzilla.suse.com/964335 From sle-updates at lists.suse.com Fri Feb 12 13:12:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Feb 2016 21:12:45 +0100 (CET) Subject: SUSE-RU-2016:0449-1: moderate: Recommended update for btrfsprogs Message-ID: <20160212201245.46D383213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0449-1 Rating: moderate References: #956819 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for btrfsprogs fixes a mkfs failure on architectures with sectorsize greater than 4 kbytes. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-255=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-255=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-255=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): btrfsprogs-debuginfo-4.1.2-7.1 btrfsprogs-debugsource-4.1.2-7.1 libbtrfs-devel-4.1.2-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): btrfsprogs-4.1.2-7.1 btrfsprogs-debuginfo-4.1.2-7.1 btrfsprogs-debugsource-4.1.2-7.1 libbtrfs0-4.1.2-7.1 libbtrfs0-debuginfo-4.1.2-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): btrfsprogs-4.1.2-7.1 btrfsprogs-debuginfo-4.1.2-7.1 btrfsprogs-debugsource-4.1.2-7.1 libbtrfs0-4.1.2-7.1 libbtrfs0-debuginfo-4.1.2-7.1 References: https://bugzilla.suse.com/956819 From sle-updates at lists.suse.com Mon Feb 15 10:11:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Feb 2016 18:11:23 +0100 (CET) Subject: SUSE-SU-2016:0455-1: moderate: Security update for libnettle Message-ID: <20160215171123.D3B983213D@maintenance.suse.de> SUSE Security Update: Security update for libnettle ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0455-1 Rating: moderate References: #964845 #964847 #964849 Cross-References: CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libnettle fixes the following security issues: - CVE-2015-8803: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964845) - CVE-2015-8804: Fixed carry folding bug in x86_64 ecc_384_modp. (bsc#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964849) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-259=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-259=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-259=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-259=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-259=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-259=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libnettle-debugsource-2.7.1-9.1 libnettle-devel-2.7.1-9.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libnettle-debugsource-2.7.1-9.1 libnettle-devel-2.7.1-9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libhogweed2-2.7.1-9.1 libhogweed2-debuginfo-2.7.1-9.1 libnettle-debugsource-2.7.1-9.1 libnettle4-2.7.1-9.1 libnettle4-debuginfo-2.7.1-9.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libhogweed2-32bit-2.7.1-9.1 libhogweed2-debuginfo-32bit-2.7.1-9.1 libnettle4-32bit-2.7.1-9.1 libnettle4-debuginfo-32bit-2.7.1-9.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libhogweed2-2.7.1-9.1 libhogweed2-debuginfo-2.7.1-9.1 libnettle-debugsource-2.7.1-9.1 libnettle4-2.7.1-9.1 libnettle4-debuginfo-2.7.1-9.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libhogweed2-32bit-2.7.1-9.1 libhogweed2-debuginfo-32bit-2.7.1-9.1 libnettle4-32bit-2.7.1-9.1 libnettle4-debuginfo-32bit-2.7.1-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libhogweed2-2.7.1-9.1 libhogweed2-32bit-2.7.1-9.1 libhogweed2-debuginfo-2.7.1-9.1 libhogweed2-debuginfo-32bit-2.7.1-9.1 libnettle-debugsource-2.7.1-9.1 libnettle4-2.7.1-9.1 libnettle4-32bit-2.7.1-9.1 libnettle4-debuginfo-2.7.1-9.1 libnettle4-debuginfo-32bit-2.7.1-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libhogweed2-2.7.1-9.1 libhogweed2-32bit-2.7.1-9.1 libhogweed2-debuginfo-2.7.1-9.1 libhogweed2-debuginfo-32bit-2.7.1-9.1 libnettle-debugsource-2.7.1-9.1 libnettle4-2.7.1-9.1 libnettle4-32bit-2.7.1-9.1 libnettle4-debuginfo-2.7.1-9.1 libnettle4-debuginfo-32bit-2.7.1-9.1 References: https://www.suse.com/security/cve/CVE-2015-8803.html https://www.suse.com/security/cve/CVE-2015-8804.html https://www.suse.com/security/cve/CVE-2015-8805.html https://bugzilla.suse.com/964845 https://bugzilla.suse.com/964847 https://bugzilla.suse.com/964849 From sle-updates at lists.suse.com Mon Feb 15 10:12:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Feb 2016 18:12:08 +0100 (CET) Subject: SUSE-SU-2016:0456-1: moderate: Security update for rubygem-actionview-4_2 Message-ID: <20160215171208.937883213D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionview-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0456-1 Rating: moderate References: #963332 Cross-References: CVE-2016-0752 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionview-4_2 fixes the following issues: - CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-260=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.2-5.1 References: https://www.suse.com/security/cve/CVE-2016-0752.html https://bugzilla.suse.com/963332 From sle-updates at lists.suse.com Mon Feb 15 10:12:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Feb 2016 18:12:29 +0100 (CET) Subject: SUSE-SU-2016:0457-1: moderate: Security update for rubygem-actionpack-4_2 Message-ID: <20160215171229.412DE3213D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0457-1 Rating: moderate References: #963329 #963331 #963332 #963335 Cross-References: CVE-2015-7576 CVE-2015-7581 CVE-2016-0751 CVE-2016-0752 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for rubygem-actionpack-4_2 fixes the following issues: - CVE-2016-0751: Object Leak DoS (bsc#963331) - CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes (bsc#963335) - CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332) - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-262=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 References: https://www.suse.com/security/cve/CVE-2015-7576.html https://www.suse.com/security/cve/CVE-2015-7581.html https://www.suse.com/security/cve/CVE-2016-0751.html https://www.suse.com/security/cve/CVE-2016-0752.html https://bugzilla.suse.com/963329 https://bugzilla.suse.com/963331 https://bugzilla.suse.com/963332 https://bugzilla.suse.com/963335 From sle-updates at lists.suse.com Mon Feb 15 10:13:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Feb 2016 18:13:20 +0100 (CET) Subject: SUSE-SU-2016:0458-1: moderate: Security update for rubygem-activerecord-4_2 Message-ID: <20160215171320.0D5913213D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activerecord-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0458-1 Rating: moderate References: #963330 #963334 Cross-References: CVE-2015-7577 CVE-2016-0753 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-activerecord-4_2 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention (bsc#963334) - CVE-2015-7577: Nested attributes rejection proc bypass (bsc#963330) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-261=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-activerecord-4_2-4.2.2-5.1 References: https://www.suse.com/security/cve/CVE-2015-7577.html https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963330 https://bugzilla.suse.com/963334 From sle-updates at lists.suse.com Mon Feb 15 11:11:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Feb 2016 19:11:19 +0100 (CET) Subject: SUSE-SU-2016:0459-1: important: Security update for qemu Message-ID: <20160215181119.8BBA0320DF@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0459-1 Rating: important References: #954864 #956829 #957162 Cross-References: CVE-2015-7512 CVE-2015-8345 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update fixes the following security issues: - Enforce receive packet size, thus eliminating buffer overflow and potential security issue. (bsc#957162 CVE-2015-7512) - Infinite loop in processing command block list. CVE-2015-8345 (bsc#956829): This update also fixes a non-security bug: - Due to space restrictions in limited bios data areas, don't create mptable if vcpu count is "high" (ie more than ~19). (bsc#954864) (No supported guests are negatively impacted by this change, which is taken from upstream seabios) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-263=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-263=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): qemu-2.3.1-7.7 qemu-block-curl-2.3.1-7.7 qemu-block-curl-debuginfo-2.3.1-7.7 qemu-debugsource-2.3.1-7.7 qemu-guest-agent-2.3.1-7.7 qemu-guest-agent-debuginfo-2.3.1-7.7 qemu-lang-2.3.1-7.7 qemu-tools-2.3.1-7.7 qemu-tools-debuginfo-2.3.1-7.7 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): qemu-kvm-2.3.1-7.7 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): qemu-ppc-2.3.1-7.7 qemu-ppc-debuginfo-2.3.1-7.7 - SUSE Linux Enterprise Server 12-SP1 (x86_64): qemu-block-rbd-2.3.1-7.7 qemu-block-rbd-debuginfo-2.3.1-7.7 qemu-x86-2.3.1-7.7 - SUSE Linux Enterprise Server 12-SP1 (noarch): qemu-ipxe-1.0.0-7.7 qemu-seabios-1.8.1-7.7 qemu-sgabios-8-7.7 qemu-vgabios-1.8.1-7.7 - SUSE Linux Enterprise Server 12-SP1 (s390x): qemu-s390-2.3.1-7.7 qemu-s390-debuginfo-2.3.1-7.7 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): qemu-2.3.1-7.7 qemu-block-curl-2.3.1-7.7 qemu-block-curl-debuginfo-2.3.1-7.7 qemu-debugsource-2.3.1-7.7 qemu-kvm-2.3.1-7.7 qemu-tools-2.3.1-7.7 qemu-tools-debuginfo-2.3.1-7.7 qemu-x86-2.3.1-7.7 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): qemu-ipxe-1.0.0-7.7 qemu-seabios-1.8.1-7.7 qemu-sgabios-8-7.7 qemu-vgabios-1.8.1-7.7 References: https://www.suse.com/security/cve/CVE-2015-7512.html https://www.suse.com/security/cve/CVE-2015-8345.html https://bugzilla.suse.com/954864 https://bugzilla.suse.com/956829 https://bugzilla.suse.com/957162 From sle-updates at lists.suse.com Mon Feb 15 12:11:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Feb 2016 20:11:20 +0100 (CET) Subject: SUSE-RU-2016:0460-1: moderate: Recommended update for gnome-keyring Message-ID: <20160215191120.065193213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-keyring ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0460-1 Rating: moderate References: #961271 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-keyring fixes a crash caused by mixed calls to egg_secure_free() and gcry_free(). This issue prevented the keyring daemon from unlocking Gnome 2 Key Storage. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-267=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-267=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-267=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-267=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gnome-keyring-3.10.1-17.1 gnome-keyring-debuginfo-3.10.1-17.1 gnome-keyring-debugsource-3.10.1-17.1 gnome-keyring-pam-3.10.1-17.1 gnome-keyring-pam-debuginfo-3.10.1-17.1 libgck-modules-gnome-keyring-3.10.1-17.1 libgck-modules-gnome-keyring-debuginfo-3.10.1-17.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gnome-keyring-32bit-3.10.1-17.1 gnome-keyring-debuginfo-32bit-3.10.1-17.1 gnome-keyring-pam-32bit-3.10.1-17.1 gnome-keyring-pam-debuginfo-32bit-3.10.1-17.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gnome-keyring-lang-3.10.1-17.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnome-keyring-3.10.1-17.1 gnome-keyring-debuginfo-3.10.1-17.1 gnome-keyring-debugsource-3.10.1-17.1 gnome-keyring-pam-3.10.1-17.1 gnome-keyring-pam-debuginfo-3.10.1-17.1 libgck-modules-gnome-keyring-3.10.1-17.1 libgck-modules-gnome-keyring-debuginfo-3.10.1-17.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): gnome-keyring-32bit-3.10.1-17.1 gnome-keyring-debuginfo-32bit-3.10.1-17.1 gnome-keyring-pam-32bit-3.10.1-17.1 gnome-keyring-pam-debuginfo-32bit-3.10.1-17.1 - SUSE Linux Enterprise Server 12 (noarch): gnome-keyring-lang-3.10.1-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gnome-keyring-3.10.1-17.1 gnome-keyring-32bit-3.10.1-17.1 gnome-keyring-debuginfo-3.10.1-17.1 gnome-keyring-debuginfo-32bit-3.10.1-17.1 gnome-keyring-debugsource-3.10.1-17.1 gnome-keyring-pam-3.10.1-17.1 gnome-keyring-pam-32bit-3.10.1-17.1 gnome-keyring-pam-debuginfo-3.10.1-17.1 gnome-keyring-pam-debuginfo-32bit-3.10.1-17.1 libgck-modules-gnome-keyring-3.10.1-17.1 libgck-modules-gnome-keyring-debuginfo-3.10.1-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gnome-keyring-lang-3.10.1-17.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gnome-keyring-3.10.1-17.1 gnome-keyring-32bit-3.10.1-17.1 gnome-keyring-debuginfo-3.10.1-17.1 gnome-keyring-debuginfo-32bit-3.10.1-17.1 gnome-keyring-debugsource-3.10.1-17.1 gnome-keyring-pam-3.10.1-17.1 gnome-keyring-pam-32bit-3.10.1-17.1 gnome-keyring-pam-debuginfo-3.10.1-17.1 gnome-keyring-pam-debuginfo-32bit-3.10.1-17.1 libgck-modules-gnome-keyring-3.10.1-17.1 libgck-modules-gnome-keyring-debuginfo-3.10.1-17.1 - SUSE Linux Enterprise Desktop 12 (noarch): gnome-keyring-lang-3.10.1-17.1 References: https://bugzilla.suse.com/961271 From sle-updates at lists.suse.com Mon Feb 15 12:11:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Feb 2016 20:11:43 +0100 (CET) Subject: SUSE-RU-2016:0461-1: Recommended update for certification-sles-eal4 Message-ID: <20160215191143.3E8C03213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for certification-sles-eal4 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0461-1 Rating: low References: #966476 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The EAL4 Configuration Guide has been updated to version 1.12, which brings more details about generation of SSH keys using ssh-keygen. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-264=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): certification-sles-eal4-12.0-0.13.1 References: https://bugzilla.suse.com/966476 From sle-updates at lists.suse.com Mon Feb 15 12:12:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Feb 2016 20:12:06 +0100 (CET) Subject: SUSE-RU-2016:0462-1: moderate: Recommended update for kdump Message-ID: <20160215191206.23ED93213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0462-1 Rating: moderate References: #932339 #934581 #941834 #943214 #962103 Affected Products: SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for kdump provides the following fixes: - Create a bind mount from /root to /kdump/root. (bsc#962103) - Update kdump initial ram disk at runlevels 3 or 5. (bsc#943214) - Refresh initrd if /etc/hosts is changed. (bsc#943214) - Create symlinks to /root instead of bind mounts. (bsc#941834) - Reload kdump only once if multiple udev events happen in parallel. (bsc#934581) - Handle dump files with many ELF program headers. (bsc#932339) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-kdump-12403=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-kdump-12403=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-kdump-12403=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kdump-12403=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): kdump-0.8.4-0.47.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): kdump-0.8.4-0.47.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): kdump-0.8.4-0.47.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): kdump-debuginfo-0.8.4-0.47.2 kdump-debugsource-0.8.4-0.47.2 References: https://bugzilla.suse.com/932339 https://bugzilla.suse.com/934581 https://bugzilla.suse.com/941834 https://bugzilla.suse.com/943214 https://bugzilla.suse.com/962103 From sle-updates at lists.suse.com Mon Feb 15 12:13:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Feb 2016 20:13:28 +0100 (CET) Subject: SUSE-RU-2016:0463-1: moderate: Recommended update for xf86-video-modesetting Message-ID: <20160215191328.778ED3213E@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-video-modesetting ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0463-1 Rating: moderate References: #962344 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes a memory leak in xf86-video-modesetting. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-266=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-266=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-266=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-266=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64): xf86-video-modesetting-0.9.0-6.1 xf86-video-modesetting-debuginfo-0.9.0-6.1 xf86-video-modesetting-debugsource-0.9.0-6.1 - SUSE Linux Enterprise Server 12 (ppc64le x86_64): xf86-video-modesetting-0.9.0-6.1 xf86-video-modesetting-debuginfo-0.9.0-6.1 xf86-video-modesetting-debugsource-0.9.0-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xf86-video-modesetting-0.9.0-6.1 xf86-video-modesetting-debuginfo-0.9.0-6.1 xf86-video-modesetting-debugsource-0.9.0-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xf86-video-modesetting-0.9.0-6.1 xf86-video-modesetting-debuginfo-0.9.0-6.1 xf86-video-modesetting-debugsource-0.9.0-6.1 References: https://bugzilla.suse.com/962344 From sle-updates at lists.suse.com Tue Feb 16 09:12:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Feb 2016 17:12:09 +0100 (CET) Subject: SUSE-RU-2016:0467-1: moderate: Recommended update for sg3_utils Message-ID: <20160216161209.99A373213E@maintenance.suse.de> SUSE Recommended Update: Recommended update for sg3_utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0467-1 Rating: moderate References: #943168 #955222 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sg3_utils provides several fixes: rescan-scsi-bus.sh: - Enhanced the udevadm_settle function, and changed calls to udevadm trigger to only use sd devices, to prevent it from hanging when a udev event is stuck on a dm-multipath device in recovery mode. - Enhanced findremapped and findmultipath to handle another case where udev might have already updated the scsi id, but multipath has not. - Added retries when flushing removed multipaths, as it can sometimes fail transiently. - Enhanced findresized to print the before and after sizes of multipath devices. - When passing the flag to find remapped LUNs, it will now also try to update the size. sg_inq: - Fixed display of software version and date, and added decoding of additional features for rdac page c2. - Updated decoding of rdac c9 page to be current. sg_rdac: - Added support for rdac extended page 2c and mode select(10) to all functionality. - Fixed mode select(6) logic, as there was an invalid parameter preventing it from working. - Updated feature decoding in print_rdac_mode to be current. - Added -6 flag to force to use 6 byte CDBs. sg_vpd_vendor: - vp_arr[] data structure had rdac incorrectly listed as an EMC array. - Updated rdac page names. - Fixed rdac page c0 decoding to get correct number of bytes for board identifier. - Same fixes and enhancements for decoding as in sg_inq for pages c2 and c9. - Updated rdac pages c3 and c4 decoding to decode additional information. - Updated rdac page c8 to decode initiator transport IDs for FC, SAS, iSCSI, and SRP. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-sg3_utils-12404=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sg3_utils-12404=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-sg3_utils-12404=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sg3_utils-12404=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): sg3_utils-devel-1.40-0.21.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): sg3_utils-1.40-0.21.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): sg3_utils-1.40-0.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sg3_utils-debuginfo-1.40-0.21.1 sg3_utils-debugsource-1.40-0.21.1 References: https://bugzilla.suse.com/943168 https://bugzilla.suse.com/955222 From sle-updates at lists.suse.com Tue Feb 16 10:11:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Feb 2016 18:11:48 +0100 (CET) Subject: SUSE-RU-2016:0468-1: moderate: Recommended update for libsolv, libzypp, zypper Message-ID: <20160216171148.E9F903213E@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0468-1 Rating: moderate References: #606220 #637791 #710541 #793424 #948566 #949196 #949945 #951707 #953214 #953458 #955053 #955615 #956443 #956480 #957606 #957862 #959564 #959804 #961719 #961738 #964150 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 21 recommended fixes can now be installed. Description: This update for the Software Update Stack provides fixes and enhancements. libsolv: - Fix rule generation for linked packages. (bsc#961738) - Fix update handling of multiversion packages. (bsc#957606) - Fix orphan handling for dup with keeporphans set. (bsc#957606) - Change product links to also look at timestamps. (bsc#956443) - Rework multiversion orphaned handling. (bsc#957606) - Support key type changes in repodata_internalize(). - Allow serialization of REPOKEY_TYPE_DELETED. - Improve appdata handling of installed packages. - Improve performance when run under Xen. libzypp: - Filter unwanted btrfs subvolumes. (bsc#949945) - Fix plural form detection in createPot. (bsc#955053) - Fix Japanese translations. (bsc#949196) - More specific exception message if GPG binary is missing. (bsc#637791) zypper: - Don't load repos when removing packages. (bsc#606220) - Propagate repo refresh errors even if main action succeeded. (bsc#961719) - Fix misaligned TAB stops in colored prompts. (bsc#948566) - Enhance guessing of 'obs://' URLs on openSUSE Leap. (bsc#959804) - Don't return 0 if repositories were skipped during refresh. (bsc#959564) - Fix '-y' command option as alias for --non-interactive global option. (bsc#957862) - Mention location where rpm installs source packages to in command help and man page. (bsc#710541) - Explain difference between 'dup' and 'dup --from' in man page. - Explain meaning of 'System Packages' and '@System' shown in search results. (bsc#953458) - Fix different data returned in xml and text output of lu/lp commands. (bsc#793424) - Indicate patches requiring a restart of the package manager itself and enhance Status column in 'lp -a' output. - Also report needed but locked patches in 'pchk'. - Fix claiming an error after successful download. (bsc#956480) - Fix tab-completion if zypper is defined as an alias. (bsc#955615) - Fix plural form detection in createPot. (bsc#955053) - Fix typo. (bsc#953214) - Fix miss-aligned output when LANG=C. (bsc#951707) - Provide --priority option on 'addrepo' command. - Support '--priority 0' to restore the default repository priority in add/modifyrepo. - Fix Japanese translations. (bsc#949196) - Add -x shorthand option for --match-exact. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-269=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-269=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-269=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libsolv-debugsource-0.6.18-2.18.1 libsolv-devel-0.6.18-2.18.1 libsolv-devel-debuginfo-0.6.18-2.18.1 libzypp-debuginfo-15.21.1-7.1 libzypp-debugsource-15.21.1-7.1 libzypp-devel-15.21.1-7.1 libzypp-devel-doc-15.21.1-7.1 perl-solv-0.6.18-2.18.1 perl-solv-debuginfo-0.6.18-2.18.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libsolv-debugsource-0.6.18-2.18.1 libsolv-tools-0.6.18-2.18.1 libsolv-tools-debuginfo-0.6.18-2.18.1 libzypp-15.21.1-7.1 libzypp-debuginfo-15.21.1-7.1 libzypp-debugsource-15.21.1-7.1 perl-solv-0.6.18-2.18.1 perl-solv-debuginfo-0.6.18-2.18.1 python-solv-0.6.18-2.18.1 python-solv-debuginfo-0.6.18-2.18.1 zypper-1.12.31-7.1 zypper-debuginfo-1.12.31-7.1 zypper-debugsource-1.12.31-7.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): zypper-log-1.12.31-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libsolv-debugsource-0.6.18-2.18.1 libsolv-tools-0.6.18-2.18.1 libsolv-tools-debuginfo-0.6.18-2.18.1 libzypp-15.21.1-7.1 libzypp-debuginfo-15.21.1-7.1 libzypp-debugsource-15.21.1-7.1 python-solv-0.6.18-2.18.1 python-solv-debuginfo-0.6.18-2.18.1 zypper-1.12.31-7.1 zypper-debuginfo-1.12.31-7.1 zypper-debugsource-1.12.31-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): zypper-log-1.12.31-7.1 References: https://bugzilla.suse.com/606220 https://bugzilla.suse.com/637791 https://bugzilla.suse.com/710541 https://bugzilla.suse.com/793424 https://bugzilla.suse.com/948566 https://bugzilla.suse.com/949196 https://bugzilla.suse.com/949945 https://bugzilla.suse.com/951707 https://bugzilla.suse.com/953214 https://bugzilla.suse.com/953458 https://bugzilla.suse.com/955053 https://bugzilla.suse.com/955615 https://bugzilla.suse.com/956443 https://bugzilla.suse.com/956480 https://bugzilla.suse.com/957606 https://bugzilla.suse.com/957862 https://bugzilla.suse.com/959564 https://bugzilla.suse.com/959804 https://bugzilla.suse.com/961719 https://bugzilla.suse.com/961738 https://bugzilla.suse.com/964150 From sle-updates at lists.suse.com Tue Feb 16 11:12:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Feb 2016 19:12:17 +0100 (CET) Subject: SUSE-RU-2016:0469-1: Recommended update for shared-mime-info Message-ID: <20160216181217.D4DCE3213E@maintenance.suse.de> SUSE Recommended Update: Recommended update for shared-mime-info ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0469-1 Rating: low References: #862596 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for shared-mime-info removes excessive calls to fdatasync() from update-mime-database. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-270=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-270=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-270=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-270=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-270=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-270=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): shared-mime-info-lang-1.2-7.1 - SUSE Linux Enterprise Workstation Extension 12 (noarch): shared-mime-info-lang-1.2-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): shared-mime-info-1.2-7.1 shared-mime-info-debuginfo-1.2-7.1 shared-mime-info-debugsource-1.2-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): shared-mime-info-1.2-7.1 shared-mime-info-debuginfo-1.2-7.1 shared-mime-info-debugsource-1.2-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): shared-mime-info-1.2-7.1 shared-mime-info-debuginfo-1.2-7.1 shared-mime-info-debugsource-1.2-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): shared-mime-info-lang-1.2-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): shared-mime-info-1.2-7.1 shared-mime-info-debuginfo-1.2-7.1 shared-mime-info-debugsource-1.2-7.1 - SUSE Linux Enterprise Desktop 12 (noarch): shared-mime-info-lang-1.2-7.1 References: https://bugzilla.suse.com/862596 From sle-updates at lists.suse.com Tue Feb 16 12:15:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Feb 2016 20:15:41 +0100 (CET) Subject: SUSE-SU-2016:0470-1: important: Security update for glibc Message-ID: <20160216191541.235193213D@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0470-1 Rating: important References: #830257 #847227 #863499 #892065 #918187 #920338 #927080 #945779 #950944 #961721 #962736 #962737 #962738 #962739 Cross-References: CVE-2013-2207 CVE-2013-4458 CVE-2014-8121 CVE-2014-9761 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has four fixes is now available. Description: This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) - CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal (bsc#830257) - CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 (bsc#847227) - CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) - bsc#920338: Read past end of pattern in fnmatch - CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) The following non-security bugs were fixed: - bnc#892065: SIGSEV tst-setlocale3 in glibc-2.11.3-17.68.1 - bnc#863499: Memory leak in getaddrinfo when many RRs are returned - bsc#892065: Avoid unbound alloca in setenv - bsc#945779: Properly reread entry after failure in nss_files getent function Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-glibc-12405=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-glibc-12405=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 i686 s390x x86_64): glibc-2.11.3-17.45.66.1 glibc-devel-2.11.3-17.45.66.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): glibc-html-2.11.3-17.45.66.1 glibc-i18ndata-2.11.3-17.45.66.1 glibc-info-2.11.3-17.45.66.1 glibc-locale-2.11.3-17.45.66.1 glibc-profile-2.11.3-17.45.66.1 nscd-2.11.3-17.45.66.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): glibc-32bit-2.11.3-17.45.66.1 glibc-devel-32bit-2.11.3-17.45.66.1 glibc-locale-32bit-2.11.3-17.45.66.1 glibc-profile-32bit-2.11.3-17.45.66.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 i686 s390x x86_64): glibc-debuginfo-2.11.3-17.45.66.1 glibc-debugsource-2.11.3-17.45.66.1 References: https://www.suse.com/security/cve/CVE-2013-2207.html https://www.suse.com/security/cve/CVE-2013-4458.html https://www.suse.com/security/cve/CVE-2014-8121.html https://www.suse.com/security/cve/CVE-2014-9761.html https://www.suse.com/security/cve/CVE-2015-1781.html https://www.suse.com/security/cve/CVE-2015-7547.html https://www.suse.com/security/cve/CVE-2015-8776.html https://www.suse.com/security/cve/CVE-2015-8777.html https://www.suse.com/security/cve/CVE-2015-8778.html https://www.suse.com/security/cve/CVE-2015-8779.html https://bugzilla.suse.com/830257 https://bugzilla.suse.com/847227 https://bugzilla.suse.com/863499 https://bugzilla.suse.com/892065 https://bugzilla.suse.com/918187 https://bugzilla.suse.com/920338 https://bugzilla.suse.com/927080 https://bugzilla.suse.com/945779 https://bugzilla.suse.com/950944 https://bugzilla.suse.com/961721 https://bugzilla.suse.com/962736 https://bugzilla.suse.com/962737 https://bugzilla.suse.com/962738 https://bugzilla.suse.com/962739 From sle-updates at lists.suse.com Tue Feb 16 12:22:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Feb 2016 20:22:55 +0100 (CET) Subject: SUSE-SU-2016:0471-1: important: Security update for glibc Message-ID: <20160216192255.E08E73213F@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0471-1 Rating: important References: #950944 #955647 #956716 #958315 #961721 #962736 #962737 #962738 #962739 Cross-References: CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#955647: Resource leak in resolver - bsc#956716: Don't do lock elision on an error checking mutex - bsc#958315: Reinitialize dl_load_write_lock on fork Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-271=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-271=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-271=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): glibc-debuginfo-2.19-35.1 glibc-debugsource-2.19-35.1 glibc-devel-static-2.19-35.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): glibc-info-2.19-35.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): glibc-2.19-35.1 glibc-debuginfo-2.19-35.1 glibc-debugsource-2.19-35.1 glibc-devel-2.19-35.1 glibc-devel-debuginfo-2.19-35.1 glibc-locale-2.19-35.1 glibc-locale-debuginfo-2.19-35.1 glibc-profile-2.19-35.1 nscd-2.19-35.1 nscd-debuginfo-2.19-35.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): glibc-32bit-2.19-35.1 glibc-debuginfo-32bit-2.19-35.1 glibc-devel-32bit-2.19-35.1 glibc-devel-debuginfo-32bit-2.19-35.1 glibc-locale-32bit-2.19-35.1 glibc-locale-debuginfo-32bit-2.19-35.1 glibc-profile-32bit-2.19-35.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): glibc-html-2.19-35.1 glibc-i18ndata-2.19-35.1 glibc-info-2.19-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): glibc-2.19-35.1 glibc-32bit-2.19-35.1 glibc-debuginfo-2.19-35.1 glibc-debuginfo-32bit-2.19-35.1 glibc-debugsource-2.19-35.1 glibc-devel-2.19-35.1 glibc-devel-32bit-2.19-35.1 glibc-devel-debuginfo-2.19-35.1 glibc-devel-debuginfo-32bit-2.19-35.1 glibc-locale-2.19-35.1 glibc-locale-32bit-2.19-35.1 glibc-locale-debuginfo-2.19-35.1 glibc-locale-debuginfo-32bit-2.19-35.1 nscd-2.19-35.1 nscd-debuginfo-2.19-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): glibc-i18ndata-2.19-35.1 References: https://www.suse.com/security/cve/CVE-2014-9761.html https://www.suse.com/security/cve/CVE-2015-7547.html https://www.suse.com/security/cve/CVE-2015-8776.html https://www.suse.com/security/cve/CVE-2015-8777.html https://www.suse.com/security/cve/CVE-2015-8778.html https://www.suse.com/security/cve/CVE-2015-8779.html https://bugzilla.suse.com/950944 https://bugzilla.suse.com/955647 https://bugzilla.suse.com/956716 https://bugzilla.suse.com/958315 https://bugzilla.suse.com/961721 https://bugzilla.suse.com/962736 https://bugzilla.suse.com/962737 https://bugzilla.suse.com/962738 https://bugzilla.suse.com/962739 From sle-updates at lists.suse.com Tue Feb 16 12:28:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Feb 2016 20:28:44 +0100 (CET) Subject: SUSE-SU-2016:0472-1: important: Security update for glibc Message-ID: <20160216192844.2617E3213F@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0472-1 Rating: important References: #930721 #942317 #950944 #956988 #961721 #962736 #962737 #962738 #962739 Cross-References: CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for glibc fixes the following issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glibc-12406=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-glibc-12406=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-glibc-12406=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glibc-12406=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-glibc-12406=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-glibc-12406=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-glibc-12406=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glibc-12406=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-glibc-12406=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glibc-html-2.11.3-17.95.2 glibc-info-2.11.3-17.95.2 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 x86_64): glibc-html-2.11.3-17.95.2 glibc-info-2.11.3-17.95.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): glibc-2.11.3-17.95.2 glibc-devel-2.11.3-17.95.2 glibc-html-2.11.3-17.95.2 glibc-i18ndata-2.11.3-17.95.2 glibc-info-2.11.3-17.95.2 glibc-locale-2.11.3-17.95.2 glibc-profile-2.11.3-17.95.2 nscd-2.11.3-17.95.2 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): glibc-32bit-2.11.3-17.95.2 glibc-devel-32bit-2.11.3-17.95.2 glibc-locale-32bit-2.11.3-17.95.2 glibc-profile-32bit-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.95.2 glibc-devel-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.95.2 glibc-i18ndata-2.11.3-17.95.2 glibc-info-2.11.3-17.95.2 glibc-locale-2.11.3-17.95.2 glibc-profile-2.11.3-17.95.2 nscd-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.95.2 glibc-devel-32bit-2.11.3-17.95.2 glibc-locale-32bit-2.11.3-17.95.2 glibc-profile-32bit-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): glibc-locale-x86-2.11.3-17.95.2 glibc-profile-x86-2.11.3-17.95.2 glibc-x86-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-2.11.3-17.95.2 glibc-devel-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): glibc-html-2.11.3-17.95.2 glibc-i18ndata-2.11.3-17.95.2 glibc-info-2.11.3-17.95.2 glibc-locale-2.11.3-17.95.2 glibc-profile-2.11.3-17.95.2 nscd-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): glibc-32bit-2.11.3-17.95.2 glibc-devel-32bit-2.11.3-17.95.2 glibc-locale-32bit-2.11.3-17.95.2 glibc-profile-32bit-2.11.3-17.95.2 - SUSE Linux Enterprise Server 11-SP3 (ia64): glibc-locale-x86-2.11.3-17.95.2 glibc-profile-x86-2.11.3-17.95.2 glibc-x86-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 i686 x86_64): glibc-2.11.3-17.95.2 glibc-devel-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): glibc-i18ndata-2.11.3-17.95.2 glibc-locale-2.11.3-17.95.2 nscd-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): glibc-32bit-2.11.3-17.95.2 glibc-devel-32bit-2.11.3-17.95.2 glibc-locale-32bit-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 i686 x86_64): glibc-2.11.3-17.95.2 glibc-devel-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): glibc-i18ndata-2.11.3-17.95.2 glibc-locale-2.11.3-17.95.2 nscd-2.11.3-17.95.2 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): glibc-32bit-2.11.3-17.95.2 glibc-devel-32bit-2.11.3-17.95.2 glibc-locale-32bit-2.11.3-17.95.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.95.2 glibc-debugsource-2.11.3-17.95.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 i686 ia64 ppc64 s390x x86_64): glibc-debuginfo-2.11.3-17.95.2 glibc-debugsource-2.11.3-17.95.2 References: https://www.suse.com/security/cve/CVE-2014-9761.html https://www.suse.com/security/cve/CVE-2015-7547.html https://www.suse.com/security/cve/CVE-2015-8776.html https://www.suse.com/security/cve/CVE-2015-8777.html https://www.suse.com/security/cve/CVE-2015-8778.html https://www.suse.com/security/cve/CVE-2015-8779.html https://bugzilla.suse.com/930721 https://bugzilla.suse.com/942317 https://bugzilla.suse.com/950944 https://bugzilla.suse.com/956988 https://bugzilla.suse.com/961721 https://bugzilla.suse.com/962736 https://bugzilla.suse.com/962737 https://bugzilla.suse.com/962738 https://bugzilla.suse.com/962739 From sle-updates at lists.suse.com Tue Feb 16 12:30:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Feb 2016 20:30:42 +0100 (CET) Subject: SUSE-SU-2016:0473-1: important: Security update for glibc Message-ID: <20160216193042.6B39E3213F@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0473-1 Rating: important References: #950944 #955647 #956716 #958315 #961721 #962736 #962737 #962738 #962739 Cross-References: CVE-2014-9761 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed: - bsc#955647: Resource leak in resolver - bsc#956716: Don't do lock elision on an error checking mutex - bsc#958315: Reinitialize dl_load_write_lock on fork Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-272=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-272=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-272=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): glibc-debuginfo-2.19-22.13.1 glibc-debugsource-2.19-22.13.1 glibc-devel-static-2.19-22.13.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): glibc-2.19-22.13.1 glibc-debuginfo-2.19-22.13.1 glibc-debugsource-2.19-22.13.1 glibc-devel-2.19-22.13.1 glibc-devel-debuginfo-2.19-22.13.1 glibc-locale-2.19-22.13.1 glibc-locale-debuginfo-2.19-22.13.1 glibc-profile-2.19-22.13.1 nscd-2.19-22.13.1 nscd-debuginfo-2.19-22.13.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): glibc-32bit-2.19-22.13.1 glibc-debuginfo-32bit-2.19-22.13.1 glibc-devel-32bit-2.19-22.13.1 glibc-devel-debuginfo-32bit-2.19-22.13.1 glibc-locale-32bit-2.19-22.13.1 glibc-locale-debuginfo-32bit-2.19-22.13.1 glibc-profile-32bit-2.19-22.13.1 - SUSE Linux Enterprise Server 12 (noarch): glibc-html-2.19-22.13.1 glibc-i18ndata-2.19-22.13.1 glibc-info-2.19-22.13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): glibc-2.19-22.13.1 glibc-32bit-2.19-22.13.1 glibc-debuginfo-2.19-22.13.1 glibc-debuginfo-32bit-2.19-22.13.1 glibc-debugsource-2.19-22.13.1 glibc-devel-2.19-22.13.1 glibc-devel-32bit-2.19-22.13.1 glibc-devel-debuginfo-2.19-22.13.1 glibc-devel-debuginfo-32bit-2.19-22.13.1 glibc-locale-2.19-22.13.1 glibc-locale-32bit-2.19-22.13.1 glibc-locale-debuginfo-2.19-22.13.1 glibc-locale-debuginfo-32bit-2.19-22.13.1 nscd-2.19-22.13.1 nscd-debuginfo-2.19-22.13.1 - SUSE Linux Enterprise Desktop 12 (noarch): glibc-i18ndata-2.19-22.13.1 References: https://www.suse.com/security/cve/CVE-2014-9761.html https://www.suse.com/security/cve/CVE-2015-7547.html https://www.suse.com/security/cve/CVE-2015-8776.html https://www.suse.com/security/cve/CVE-2015-8777.html https://www.suse.com/security/cve/CVE-2015-8778.html https://www.suse.com/security/cve/CVE-2015-8779.html https://bugzilla.suse.com/950944 https://bugzilla.suse.com/955647 https://bugzilla.suse.com/956716 https://bugzilla.suse.com/958315 https://bugzilla.suse.com/961721 https://bugzilla.suse.com/962736 https://bugzilla.suse.com/962737 https://bugzilla.suse.com/962738 https://bugzilla.suse.com/962739 From sle-updates at lists.suse.com Tue Feb 16 12:32:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Feb 2016 20:32:29 +0100 (CET) Subject: SUSE-RU-2016:0474-1: Recommended update for yast2-kdump Message-ID: <20160216193229.9DCED3213D@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0474-1 Rating: low References: #480466 #962008 #962341 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-kdump fixes the following issues: - Preserve existing content of XEN_APPEND in /etc/sysconfig/bootloader. (bsc#962008) - Avoid exporting unknown settings when cloning a system. (bsc#962341, bsc#480466) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-yast2-kdump-12407=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-yast2-kdump-12407=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-yast2-kdump-12407=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): yast2-kdump-2.17.30-8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-kdump-2.17.30-8.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): yast2-kdump-2.17.30-8.1 References: https://bugzilla.suse.com/480466 https://bugzilla.suse.com/962008 https://bugzilla.suse.com/962341 From sle-updates at lists.suse.com Tue Feb 16 14:11:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Feb 2016 22:11:43 +0100 (CET) Subject: SUSE-SU-2016:0481-1: moderate: Security update for dhcp Message-ID: <20160216211143.8076B3213E@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0481-1 Rating: moderate References: #880984 #919959 #926159 #928390 #936923 #947780 #961305 Cross-References: CVE-2015-8605 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#947780: DHCP server could abort with "Unable to set up timer: out of range" on very long or infinite timer intervals / lease lifetimes - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-dhcp-12410=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-dhcp-12410=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-dhcp-12410=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-dhcp-12410=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-dhcp-12410=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-dhcp-12410=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-dhcp-12410=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dhcp-12410=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dhcp-12410=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-devel-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): dhcp-devel-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): dhcp-4.2.4.P2-0.24.1 dhcp-client-4.2.4.P2-0.24.1 dhcp-relay-4.2.4.P2-0.24.1 dhcp-server-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-4.2.4.P2-0.24.1 dhcp-client-4.2.4.P2-0.24.1 dhcp-relay-4.2.4.P2-0.24.1 dhcp-server-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): dhcp-4.2.4.P2-0.24.1 dhcp-client-4.2.4.P2-0.24.1 dhcp-relay-4.2.4.P2-0.24.1 dhcp-server-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): dhcp-4.2.4.P2-0.24.1 dhcp-client-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): dhcp-4.2.4.P2-0.24.1 dhcp-client-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): dhcp-debuginfo-4.2.4.P2-0.24.1 dhcp-debugsource-4.2.4.P2-0.24.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): dhcp-debuginfo-4.2.4.P2-0.24.1 dhcp-debugsource-4.2.4.P2-0.24.1 References: https://www.suse.com/security/cve/CVE-2015-8605.html https://bugzilla.suse.com/880984 https://bugzilla.suse.com/919959 https://bugzilla.suse.com/926159 https://bugzilla.suse.com/928390 https://bugzilla.suse.com/936923 https://bugzilla.suse.com/947780 https://bugzilla.suse.com/961305 From sle-updates at lists.suse.com Tue Feb 16 14:13:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Feb 2016 22:13:46 +0100 (CET) Subject: SUSE-SU-2016:0482-1: moderate: Security update for postgresql94 Message-ID: <20160216211346.604763213F@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0482-1 Rating: moderate References: #949669 #949670 Cross-References: CVE-2015-5288 CVE-2015-5289 Affected Products: SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update of postgresql94 to 9.4.5 fixes the following issues: * CVE-2015-5289: json or jsonb input values constructed from arbitrary user input could have crashed the PostgreSQL server and caused a denial of service (bsc#949670) * CVE-2015-5288: crypt() (pgCrypto extension) couldi potentially be exploited to read a few additional bytes of memory (bsc#949669) Also contains all changes and bugfixes in the upstream 9.4.5 release: http://www.postgresql.org/docs/current/static/release-9-4-5.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-postgreqsql94-20160120-12409=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-postgreqsql94-20160120-12409=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (s390x x86_64): postgresql94-pltcl-9.4.5-0.8.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-devel-9.4.5-0.8.3 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): postgresql94-devel-9.4.5-0.8.3 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libecpg6-9.4.5-0.8.3 libpq5-9.4.5-0.8.3 postgresql94-9.4.5-0.8.3 postgresql94-contrib-9.4.5-0.8.3 postgresql94-docs-9.4.5-0.8.3 postgresql94-server-9.4.5-0.8.3 - SUSE Linux Enterprise Server for VMWare 11-SP3 (x86_64): libpq5-32bit-9.4.5-0.8.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libecpg6-9.4.5-0.8.3 libpq5-9.4.5-0.8.3 postgresql94-9.4.5-0.8.3 postgresql94-contrib-9.4.5-0.8.3 postgresql94-docs-9.4.5-0.8.3 postgresql94-server-9.4.5-0.8.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpq5-32bit-9.4.5-0.8.3 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libecpg6-9.4.5-0.8.3 libpq5-9.4.5-0.8.3 postgresql94-9.4.5-0.8.3 postgresql94-contrib-9.4.5-0.8.3 postgresql94-docs-9.4.5-0.8.3 postgresql94-server-9.4.5-0.8.3 - SUSE Linux Enterprise Server 11-SP3 (ppc64 s390x x86_64): libpq5-32bit-9.4.5-0.8.3 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libecpg6-9.4.5-0.8.3 libpq5-9.4.5-0.8.3 postgresql94-9.4.5-0.8.3 postgresql94-docs-9.4.5-0.8.3 - SUSE Linux Enterprise Desktop 11-SP4 (x86_64): libpq5-32bit-9.4.5-0.8.3 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libecpg6-9.4.5-0.8.3 libpq5-9.4.5-0.8.3 postgresql94-9.4.5-0.8.3 postgresql94-docs-9.4.5-0.8.3 - SUSE Linux Enterprise Desktop 11-SP3 (x86_64): libpq5-32bit-9.4.5-0.8.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-debuginfo-9.4.5-0.8.3 postgresql94-debugsource-9.4.5-0.8.3 postgresql94-libs-debuginfo-9.4.5-0.8.3 postgresql94-libs-debugsource-9.4.5-0.8.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): postgresql94-debuginfo-9.4.5-0.8.3 postgresql94-debugsource-9.4.5-0.8.3 References: https://www.suse.com/security/cve/CVE-2015-5288.html https://www.suse.com/security/cve/CVE-2015-5289.html https://bugzilla.suse.com/949669 https://bugzilla.suse.com/949670 From sle-updates at lists.suse.com Wed Feb 17 07:11:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Feb 2016 15:11:22 +0100 (CET) Subject: SUSE-RU-2016:0493-1: moderate: Recommended update for puppet Message-ID: <20160217141122.91DCB2800C@maintenance.suse.de> SUSE Recommended Update: Recommended update for puppet ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0493-1 Rating: moderate References: #927946 #951553 #964437 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: Puppet was updated to version 3.8.5, which brings several fixes, enhancements and new features. For a comprehensive list of changes, please refer to the Release Notes available at: http://docs.puppetlabs.com/puppet/3.8/reference/release_notes.html http://docs.puppetlabs.com/puppet/3.7/reference/release_notes.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2016-279=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-279=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-279=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): puppet-3.8.5-5.1 puppet-server-3.8.5-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): puppet-3.8.5-5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): puppet-3.8.5-5.1 References: https://bugzilla.suse.com/927946 https://bugzilla.suse.com/951553 https://bugzilla.suse.com/964437 From sle-updates at lists.suse.com Wed Feb 17 12:12:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Feb 2016 20:12:42 +0100 (CET) Subject: SUSE-RU-2016:0494-1: Recommended update for libpeas Message-ID: <20160217191242.7FD9F31FF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpeas ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0494-1 Rating: low References: #956453 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The list of recommended loaders in libpeas has been updated to include the Python 3 loader. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-280=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-280=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-280=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-280=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-280=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-280=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-280=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-280=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libpeas-debugsource-1.9.0-5.17 libpeas-loader-python-1.9.0-5.17 libpeas-loader-python-debuginfo-1.9.0-5.17 libpeas-loader-python3-1.9.0-5.17 libpeas-loader-python3-debuginfo-1.9.0-5.17 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): libpeas-lang-1.9.0-5.17 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libpeas-debugsource-1.9.0-5.17 libpeas-loader-python-1.9.0-5.17 libpeas-loader-python-debuginfo-1.9.0-5.17 libpeas-loader-python3-1.9.0-5.17 libpeas-loader-python3-debuginfo-1.9.0-5.17 - SUSE Linux Enterprise Workstation Extension 12 (noarch): libpeas-lang-1.9.0-5.17 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpeas-debugsource-1.9.0-5.17 libpeas-devel-1.9.0-5.17 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libpeas-debugsource-1.9.0-5.17 libpeas-devel-1.9.0-5.17 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpeas-1_0-0-1.9.0-5.17 libpeas-1_0-0-debuginfo-1.9.0-5.17 libpeas-debugsource-1.9.0-5.17 libpeas-gtk-1_0-0-1.9.0-5.17 libpeas-gtk-1_0-0-debuginfo-1.9.0-5.17 typelib-1_0-Peas-1_0-1.9.0-5.17 typelib-1_0-PeasGtk-1_0-1.9.0-5.17 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libpeas-1_0-0-1.9.0-5.17 libpeas-1_0-0-debuginfo-1.9.0-5.17 libpeas-debugsource-1.9.0-5.17 libpeas-gtk-1_0-0-1.9.0-5.17 libpeas-gtk-1_0-0-debuginfo-1.9.0-5.17 typelib-1_0-Peas-1_0-1.9.0-5.17 typelib-1_0-PeasGtk-1_0-1.9.0-5.17 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpeas-1_0-0-1.9.0-5.17 libpeas-1_0-0-debuginfo-1.9.0-5.17 libpeas-debugsource-1.9.0-5.17 libpeas-gtk-1_0-0-1.9.0-5.17 libpeas-gtk-1_0-0-debuginfo-1.9.0-5.17 libpeas-loader-python-1.9.0-5.17 libpeas-loader-python-debuginfo-1.9.0-5.17 libpeas-loader-python3-1.9.0-5.17 libpeas-loader-python3-debuginfo-1.9.0-5.17 typelib-1_0-Peas-1_0-1.9.0-5.17 typelib-1_0-PeasGtk-1_0-1.9.0-5.17 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): libpeas-lang-1.9.0-5.17 - SUSE Linux Enterprise Desktop 12 (x86_64): libpeas-1_0-0-1.9.0-5.17 libpeas-1_0-0-debuginfo-1.9.0-5.17 libpeas-debugsource-1.9.0-5.17 libpeas-gtk-1_0-0-1.9.0-5.17 libpeas-gtk-1_0-0-debuginfo-1.9.0-5.17 libpeas-loader-python-1.9.0-5.17 libpeas-loader-python-debuginfo-1.9.0-5.17 libpeas-loader-python3-1.9.0-5.17 libpeas-loader-python3-debuginfo-1.9.0-5.17 typelib-1_0-Peas-1_0-1.9.0-5.17 typelib-1_0-PeasGtk-1_0-1.9.0-5.17 - SUSE Linux Enterprise Desktop 12 (noarch): libpeas-lang-1.9.0-5.17 References: https://bugzilla.suse.com/956453 From sle-updates at lists.suse.com Wed Feb 17 12:13:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Feb 2016 20:13:08 +0100 (CET) Subject: SUSE-RU-2016:0495-1: Recommended update for yast2-smt Message-ID: <20160217191308.3C07D31FF8@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0495-1 Rating: low References: #956249 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-smt fixes detection of the system's registration status when configuring SMT. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-281=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): yast2-smt-3.0.6-3.1 References: https://bugzilla.suse.com/956249 From sle-updates at lists.suse.com Wed Feb 17 13:11:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Feb 2016 21:11:04 +0100 (CET) Subject: SUSE-RU-2016:0496-1: Recommended update for certification-sles-eal4 Message-ID: <20160217201104.B883932074@maintenance.suse.de> SUSE Recommended Update: Recommended update for certification-sles-eal4 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0496-1 Rating: low References: #967072 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The EAL4 Configuration Guide has been updated to version 1.14, covering the recently released glibc patches to fix CVE-2015-7547. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-282=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): certification-sles-eal4-12.0-0.16.1 References: https://bugzilla.suse.com/967072 From sle-updates at lists.suse.com Thu Feb 18 07:11:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Feb 2016 15:11:42 +0100 (CET) Subject: SUSE-RU-2016:0504-1: moderate: Recommended update for kdump Message-ID: <20160218141142.7173A320A4@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0504-1 Rating: moderate References: #932339 #934581 #941834 #943214 #962103 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for kdump provides the following fixes: - Create a bind mount from /root to /kdump/root. (bsc#962103) - Update kdump initial ram disk at runlevels 3 or 5. (bsc#943214) - Refresh initrd if /etc/hosts is changed. (bsc#943214) - Create symlinks to /root instead of bind mounts. (bsc#941834) - Reload kdump only once if multiple udev events happen in parallel. (bsc#934581) - Fix an endianity issue. (bsc#932339) - Use kernel config to check if a kernel is relocatable. (bsc#932339) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kdump-12411=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-kdump-12411=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kdump-12411=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdump-0.8.4-0.55.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): kdump-0.8.4-0.55.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kdump-debuginfo-0.8.4-0.55.1 kdump-debugsource-0.8.4-0.55.1 References: https://bugzilla.suse.com/932339 https://bugzilla.suse.com/934581 https://bugzilla.suse.com/941834 https://bugzilla.suse.com/943214 https://bugzilla.suse.com/962103 From sle-updates at lists.suse.com Thu Feb 18 08:11:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Feb 2016 16:11:43 +0100 (CET) Subject: SUSE-RU-2016:0505-1: Recommended update for fence-agents Message-ID: <20160218151143.6C12B32096@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0505-1 Rating: low References: #964748 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents introduces a new "fence_compute" agent, which will be used on SUSE OpenStack Cloud 6 to support high availability for compute nodes. This agent interacts with OpenStack Nova to evacuate instances and mark a compute node as down on issues. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-284=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): fence-agents-4.0.17-5.1 fence-agents-debuginfo-4.0.17-5.1 fence-agents-debugsource-4.0.17-5.1 References: https://bugzilla.suse.com/964748 From sle-updates at lists.suse.com Thu Feb 18 10:11:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Feb 2016 18:11:34 +0100 (CET) Subject: SUSE-RU-2016:0506-1: moderate: Recommended update for openstack-neutron Message-ID: <20160218171134.57122320A4@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0506-1 Rating: moderate References: #917069 #958966 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openstack-neutron fixes the following issues: - Bump rpm package version to 2014.2.4.juno to avoid downgrade. - Resubmit of "Remove bridge cleanup call" fix. - Fix inconsistency in DHCPv6 hosts and options generation. - Remove patch for bsc#917069 now that the underlying problem was fixed in Studio. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-285=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): openstack-neutron-2014.2.4.juno-13.1 openstack-neutron-dhcp-agent-2014.2.4.juno-13.1 openstack-neutron-ha-tool-2014.2.4.juno-13.1 openstack-neutron-l3-agent-2014.2.4.juno-13.1 openstack-neutron-lbaas-agent-2014.2.4.juno-13.1 openstack-neutron-linuxbridge-agent-2014.2.4.juno-13.1 openstack-neutron-metadata-agent-2014.2.4.juno-13.1 openstack-neutron-metering-agent-2014.2.4.juno-13.1 openstack-neutron-openvswitch-agent-2014.2.4.juno-13.1 openstack-neutron-vpn-agent-2014.2.4.juno-13.1 python-neutron-2014.2.4.juno-13.1 References: https://bugzilla.suse.com/917069 https://bugzilla.suse.com/958966 From sle-updates at lists.suse.com Thu Feb 18 13:11:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Feb 2016 21:11:38 +0100 (CET) Subject: SUSE-RU-2016:0507-1: Recommended update for gnome-calculator Message-ID: <20160218201138.AF1213213E@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-calculator ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0507-1 Rating: low References: #945603 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Gnome Calculator was updated to fix handling of values in memory after undoing operations with Control-Z. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-287=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-287=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-287=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-287=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gnome-calculator-3.10.2-5.1 gnome-calculator-debuginfo-3.10.2-5.1 gnome-calculator-debugsource-3.10.2-5.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): gnome-calculator-lang-3.10.2-5.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): gnome-calculator-3.10.2-5.1 gnome-calculator-debuginfo-3.10.2-5.1 gnome-calculator-debugsource-3.10.2-5.1 - SUSE Linux Enterprise Workstation Extension 12 (noarch): gnome-calculator-lang-3.10.2-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gnome-calculator-3.10.2-5.1 gnome-calculator-debuginfo-3.10.2-5.1 gnome-calculator-debugsource-3.10.2-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gnome-calculator-lang-3.10.2-5.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gnome-calculator-3.10.2-5.1 gnome-calculator-debuginfo-3.10.2-5.1 gnome-calculator-debugsource-3.10.2-5.1 - SUSE Linux Enterprise Desktop 12 (noarch): gnome-calculator-lang-3.10.2-5.1 References: https://bugzilla.suse.com/945603 From sle-updates at lists.suse.com Thu Feb 18 13:12:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Feb 2016 21:12:02 +0100 (CET) Subject: SUSE-RU-2016:0508-1: Recommended update for inst-source-utils Message-ID: <20160218201202.534B03213E@maintenance.suse.de> SUSE Recommended Update: Recommended update for inst-source-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0508-1 Rating: low References: #910388 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for inst-source-utils provides the following fixes: - Set LC_CTYPE in mk_listings. (bnc#910388) - Add endoflife tag to product structure in ABXML.pm. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-286=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-286=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-286=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-286=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): inst-source-utils-2015.10.27-3.1 - SUSE Linux Enterprise Server 12 (noarch): inst-source-utils-2015.10.27-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): inst-source-utils-2015.10.27-3.1 - SUSE Linux Enterprise Desktop 12 (noarch): inst-source-utils-2015.10.27-3.1 References: https://bugzilla.suse.com/910388 From sle-updates at lists.suse.com Thu Feb 18 14:11:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Feb 2016 22:11:52 +0100 (CET) Subject: SUSE-RU-2016:0509-1: Recommended update for python-docker-py Message-ID: <20160218211152.402A932139@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-docker-py ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0509-1 Rating: low References: #954486 #954690 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The python-docker-py module has been updated to version 1.5.0, which brings several fixes and enhancements. The following functionalities have been deprecated: - Client.execute has been removed in favor of Client.exec_create and Client.exec_start. - Passing host config in the Client.start method is now deprecated. Please use the host_config in Client.create_container instead. The following new features have been implemented: - Added support for the networking API introduced in Docker 1.9.0. - Added support for the volumes API introduced in Docker 1.9.0. - Added support for the group_add parameter in create_host_config. - Added support for the CPU CFS (cpu_quota and cpu_period) parameteres in create_host_config. - Added support for the archive API endpoint (Client.get_archive, Client.put_archive). - Added support for ps_args parameter in Client.top. - Added utils.parse_env_file to support env-files. - Added support for arbitrary log drivers. - Added support for URL paths in the docker host URL (base_url). - The extra_hosts parameter in host config can now also be provided as a list. - Added support for memory_limit and memswap_limit in host config to comply with recent deprecations. - Added support for volume_driver in Client.create_container. - Added support for advanced modes in volume binds (using the mode key). - Added support for decode in Client.build (decodes JSON stream on the fly). - docker-py will now look for login configuration under the new config path, and fall back to the old ~/.dockercfg path if not present. - Added support for privileged param in Client.exec_create (only available in API >= 1.19). - Volume binds can now also be specified as a list of strings. - Added exec_create, exec_start, exec_inspect and exec_resize to client, accurately mirroring the Exec API. - Added auth_config param to Client.pull (allows to use one-off credentials for this pull request). - Added support for ipc_mode in host config. - Added support for the log_config param in host config. - Added support for the ulimit param in host config. - Added support for container resource limits in Client.build. - When a resource identifier (image or container ID) is passed to a Client method, we now check for None values to avoid crashing (now raises docker.errors.NullResource). - Added tools to parse port ranges inside the new docker.utils.ports package. - Added a version_info attribute to the docker package. For a comprehensive list of changes please refer to the Release Notes at https://github.com/docker/docker-py/blob/master/docs/change_log.md#150 This update also bundles a newer version of python-websocket-client (0.32.0), which is a requirement of python-docker-py 1.5.0, and python-backports-ssl_match_hostname, which is a new runtime requirement of python-websocket-client. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-288=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-288=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-288=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-backports.ssl_match_hostname-3.4.0.2-8.1 python-docker-py-1.5.0-23.1 python-websocket-client-0.32.0-10.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-backports.ssl_match_hostname-3.4.0.2-8.1 python-docker-py-1.5.0-23.1 python-websocket-client-0.32.0-10.1 - SUSE Linux Enterprise Module for Containers 12 (noarch): python-backports.ssl_match_hostname-3.4.0.2-8.1 python-docker-py-1.5.0-23.1 python-websocket-client-0.32.0-10.1 References: https://bugzilla.suse.com/954486 https://bugzilla.suse.com/954690 From sle-updates at lists.suse.com Fri Feb 19 14:11:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Feb 2016 22:11:15 +0100 (CET) Subject: SUSE-RU-2016:0516-1: moderate: Recommended update for zypper Message-ID: <20160219211115.92A743213E@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0516-1 Rating: moderate References: #793424 #893833 #948566 #953458 #955615 #956480 #959564 #961719 #965027 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for zypper fixes the following issues: - Fail if tty is bad or at EOF when reading user input. (bsc#965027) - Propagate repo refresh errors even if main action succeeded. (bsc#961719) - Fix misaligned TAB stops in colored prompts. (bsc#948566) - Fix claiming an error after successful download. (bsc#956480) - Don't return 0 if repositories were skipped during refresh. (bsc#959564) - Explain meaning of 'System Packages' and '@System' shown in search results. (bsc#953458) - Fix different data returned in xml and text output of lu/lp commands. (bsc#793424, bsc#893833) - Also report needed but locked patches in 'pchk'. - Fix tab-completion if zypper is defined as an alias. (bsc#955615) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-290=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-290=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): zypper-1.11.50-2.30.1 zypper-debuginfo-1.11.50-2.30.1 zypper-debugsource-1.11.50-2.30.1 - SUSE Linux Enterprise Server 12 (noarch): zypper-log-1.11.50-2.30.1 - SUSE Linux Enterprise Desktop 12 (x86_64): zypper-1.11.50-2.30.1 zypper-debuginfo-1.11.50-2.30.1 zypper-debugsource-1.11.50-2.30.1 - SUSE Linux Enterprise Desktop 12 (noarch): zypper-log-1.11.50-2.30.1 References: https://bugzilla.suse.com/793424 https://bugzilla.suse.com/893833 https://bugzilla.suse.com/948566 https://bugzilla.suse.com/953458 https://bugzilla.suse.com/955615 https://bugzilla.suse.com/956480 https://bugzilla.suse.com/959564 https://bugzilla.suse.com/961719 https://bugzilla.suse.com/965027 From sle-updates at lists.suse.com Fri Feb 19 15:11:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Feb 2016 23:11:28 +0100 (CET) Subject: SUSE-RU-2016:0517-1: Recommended update for openslp Message-ID: <20160219221128.298D532147@maintenance.suse.de> SUSE Recommended Update: Recommended update for openslp ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0517-1 Rating: low References: #950777 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for OpenSLP adjusts slpd's initialization to use SystemD's forking mechanism, avoiding stale PID files after the daemon is stopped. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-291=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-291=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-291=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-291=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-291=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-291=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): openslp-debuginfo-2.0.0-8.1 openslp-debugsource-2.0.0-8.1 openslp-devel-2.0.0-8.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): openslp-debuginfo-2.0.0-8.1 openslp-debugsource-2.0.0-8.1 openslp-devel-2.0.0-8.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openslp-2.0.0-8.1 openslp-debuginfo-2.0.0-8.1 openslp-debugsource-2.0.0-8.1 openslp-server-2.0.0-8.1 openslp-server-debuginfo-2.0.0-8.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): openslp-32bit-2.0.0-8.1 openslp-debuginfo-32bit-2.0.0-8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openslp-2.0.0-8.1 openslp-debuginfo-2.0.0-8.1 openslp-debugsource-2.0.0-8.1 openslp-server-2.0.0-8.1 openslp-server-debuginfo-2.0.0-8.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): openslp-32bit-2.0.0-8.1 openslp-debuginfo-32bit-2.0.0-8.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): openslp-2.0.0-8.1 openslp-32bit-2.0.0-8.1 openslp-debuginfo-2.0.0-8.1 openslp-debuginfo-32bit-2.0.0-8.1 openslp-debugsource-2.0.0-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): openslp-2.0.0-8.1 openslp-32bit-2.0.0-8.1 openslp-debuginfo-2.0.0-8.1 openslp-debuginfo-32bit-2.0.0-8.1 openslp-debugsource-2.0.0-8.1 References: https://bugzilla.suse.com/950777 From sle-updates at lists.suse.com Mon Feb 22 06:11:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Feb 2016 14:11:15 +0100 (CET) Subject: SUSE-SU-2016:0539-1: important: Security update for postgresql93 Message-ID: <20160222131115.C2A0D32147@maintenance.suse.de> SUSE Security Update: Security update for postgresql93 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0539-1 Rating: important References: #966435 #966436 Cross-References: CVE-2007-4772 CVE-2016-0766 CVE-2016-0773 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for postgresql93 fixes the following issues: - Security and bugfix release 9.3.11: * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix "unresolved symbol" errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.3/static/release-9-3-11.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-292=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-292=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-292=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): postgresql93-devel-9.3.11-14.1 postgresql93-devel-debuginfo-9.3.11-14.1 postgresql93-libs-debugsource-9.3.11-14.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): postgresql93-9.3.11-14.2 postgresql93-contrib-9.3.11-14.2 postgresql93-contrib-debuginfo-9.3.11-14.2 postgresql93-debuginfo-9.3.11-14.2 postgresql93-debugsource-9.3.11-14.2 postgresql93-server-9.3.11-14.2 postgresql93-server-debuginfo-9.3.11-14.2 - SUSE Linux Enterprise Server 12 (noarch): postgresql93-docs-9.3.11-14.2 - SUSE Linux Enterprise Desktop 12 (x86_64): postgresql93-9.3.11-14.2 postgresql93-debuginfo-9.3.11-14.2 postgresql93-debugsource-9.3.11-14.2 References: https://www.suse.com/security/cve/CVE-2007-4772.html https://www.suse.com/security/cve/CVE-2016-0766.html https://www.suse.com/security/cve/CVE-2016-0773.html https://bugzilla.suse.com/966435 https://bugzilla.suse.com/966436 From sle-updates at lists.suse.com Mon Feb 22 10:11:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Feb 2016 18:11:17 +0100 (CET) Subject: SUSE-SU-2016:0540-1: moderate: Security update for dhcp Message-ID: <20160222171117.5E6D33213E@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0540-1 Rating: moderate References: #880984 #891961 #910686 #912098 #919959 #926159 #928390 #936923 #947780 #956159 #960506 #961305 Cross-References: CVE-2015-8605 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has 11 fixes is now available. Description: This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#956159: fixed service files to start dhcpd after slapd - bsc#960506: Improve exit reason and logging when /sbin/dhclient-script is unable to pre-init requested interface - bsc#947780: DHCP server could abort with "Unable to set up timer: out of range" on very long or infinite timer intervals / lease lifetimes - bsc#912098: dhclient could pretend to run while silently declining leases - bsc#919959: server: Do not log success report before send reported success - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#910686: Prevent a dependency conflict of dhcp-devel with bind-devel package The following tracked changes affect the build of the package only: - bsc#891961: Disabled /sbin/service legacy-action hooks Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-293=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-293=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-293=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): dhcp-debuginfo-4.2.6-14.3.1 dhcp-debugsource-4.2.6-14.3.1 dhcp-devel-4.2.6-14.3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): dhcp-4.2.6-14.3.1 dhcp-client-4.2.6-14.3.1 dhcp-client-debuginfo-4.2.6-14.3.1 dhcp-debuginfo-4.2.6-14.3.1 dhcp-debugsource-4.2.6-14.3.1 dhcp-relay-4.2.6-14.3.1 dhcp-relay-debuginfo-4.2.6-14.3.1 dhcp-server-4.2.6-14.3.1 dhcp-server-debuginfo-4.2.6-14.3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): dhcp-4.2.6-14.3.1 dhcp-client-4.2.6-14.3.1 dhcp-client-debuginfo-4.2.6-14.3.1 dhcp-debuginfo-4.2.6-14.3.1 dhcp-debugsource-4.2.6-14.3.1 References: https://www.suse.com/security/cve/CVE-2015-8605.html https://bugzilla.suse.com/880984 https://bugzilla.suse.com/891961 https://bugzilla.suse.com/910686 https://bugzilla.suse.com/912098 https://bugzilla.suse.com/919959 https://bugzilla.suse.com/926159 https://bugzilla.suse.com/928390 https://bugzilla.suse.com/936923 https://bugzilla.suse.com/947780 https://bugzilla.suse.com/956159 https://bugzilla.suse.com/960506 https://bugzilla.suse.com/961305 From sle-updates at lists.suse.com Mon Feb 22 10:14:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Feb 2016 18:14:36 +0100 (CET) Subject: SUSE-SU-2016:0541-1: moderate: Security update for dhcp Message-ID: <20160222171436.0432B3213E@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0541-1 Rating: moderate References: #880984 #936923 #956159 #960506 #961305 Cross-References: CVE-2015-8605 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#956159: fixed service files to start dhcpd after slapd - bsc#960506: Improve exit reason and logging when /sbin/dhclient-script is unable to pre-init requested interface Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-294=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-294=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-294=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): dhcp-debuginfo-4.3.3-4.1 dhcp-debugsource-4.3.3-4.1 dhcp-devel-4.3.3-4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dhcp-4.3.3-4.1 dhcp-client-4.3.3-4.1 dhcp-client-debuginfo-4.3.3-4.1 dhcp-debuginfo-4.3.3-4.1 dhcp-debugsource-4.3.3-4.1 dhcp-relay-4.3.3-4.1 dhcp-relay-debuginfo-4.3.3-4.1 dhcp-server-4.3.3-4.1 dhcp-server-debuginfo-4.3.3-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dhcp-4.3.3-4.1 dhcp-client-4.3.3-4.1 dhcp-client-debuginfo-4.3.3-4.1 dhcp-debuginfo-4.3.3-4.1 dhcp-debugsource-4.3.3-4.1 References: https://www.suse.com/security/cve/CVE-2015-8605.html https://bugzilla.suse.com/880984 https://bugzilla.suse.com/936923 https://bugzilla.suse.com/956159 https://bugzilla.suse.com/960506 https://bugzilla.suse.com/961305 From sle-updates at lists.suse.com Mon Feb 22 13:11:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Feb 2016 21:11:13 +0100 (CET) Subject: SUSE-RU-2016:0542-1: moderate: Recommended update for booth Message-ID: <20160222201114.003AC32147@maintenance.suse.de> SUSE Recommended Update: Recommended update for booth ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0542-1 Rating: moderate References: #956321 Affected Products: SUSE Linux Enterprise High Availability GEO 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for booth provides fixes and enhancements: - Implement attribute prerequisites. (fate#318182) - Keep attributes in the CIB. (fate#318182) - Better control of election cause. - Mark expired tickets as lost. (bsc#956321) - Add 'other' as possible site reference. - Implement GEO attributes OCF RA support. (fate#318182) - Add geostore sample RA. (fate#318182) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability GEO 12-SP1: zypper in -t patch SUSE-SLE-HA-GEO-12-SP1-2016-296=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability GEO 12-SP1 (s390x x86_64): booth-0.2.0-29.9 booth-debuginfo-0.2.0-29.9 booth-debugsource-0.2.0-29.9 References: https://bugzilla.suse.com/956321 From sle-updates at lists.suse.com Mon Feb 22 16:11:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Feb 2016 00:11:27 +0100 (CET) Subject: SUSE-RU-2016:0543-1: Recommended update for clamav Message-ID: <20160222231127.E97273213E@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamav ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0543-1 Rating: low References: #960237 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ClamAV enables support for new regular expression signatures by using the Perl-compatible regex library (pcre). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-clamav-12412=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-clamav-12412=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-12412=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-0.99-0.8.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): clamav-0.99-0.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-debuginfo-0.99-0.8.1 clamav-debugsource-0.99-0.8.1 References: https://bugzilla.suse.com/960237 From sle-updates at lists.suse.com Mon Feb 22 16:13:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Feb 2016 00:13:18 +0100 (CET) Subject: SUSE-RU-2016:0545-1: Recommended update for clamav Message-ID: <20160222231318.446603213E@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamav ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0545-1 Rating: low References: #960237 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ClamAV enables support for new regular expression signatures by using the Perl-compatible regex library (pcre). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-297=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-297=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-297=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-297=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): clamav-0.99-19.1 clamav-debuginfo-0.99-19.1 clamav-debugsource-0.99-19.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): clamav-0.99-19.1 clamav-debuginfo-0.99-19.1 clamav-debugsource-0.99-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): clamav-0.99-19.1 clamav-debuginfo-0.99-19.1 clamav-debugsource-0.99-19.1 - SUSE Linux Enterprise Desktop 12 (x86_64): clamav-0.99-19.1 clamav-debuginfo-0.99-19.1 clamav-debugsource-0.99-19.1 References: https://bugzilla.suse.com/960237 From sle-updates at lists.suse.com Tue Feb 23 05:11:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Feb 2016 13:11:31 +0100 (CET) Subject: SUSE-RU-2016:0546-1: Recommended update for cpuset Message-ID: <20160223121131.69FC032149@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpuset ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0546-1 Rating: low References: #957323 #959992 #964672 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cpuset fixes the following issues: - Prevent exception when reading unknown scheduler policy code from /proc/pid/stat. (bsc#959992) - Remove reference to non-existent option from documentation. (bsc#957323) - Fix miscellaneous issues in the documentation provided within the package. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-299=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-299=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cpuset-1.5.7-19.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cpuset-1.5.7-19.1 References: https://bugzilla.suse.com/957323 https://bugzilla.suse.com/959992 https://bugzilla.suse.com/964672 From sle-updates at lists.suse.com Tue Feb 23 07:11:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Feb 2016 15:11:33 +0100 (CET) Subject: SUSE-RU-2016:0547-1: Recommended update for gnome-desktop Message-ID: <20160223141133.8B5CF32149@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-desktop ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0547-1 Rating: low References: #952146 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Some of the translations in gnome-desktop use the ratio symbol which isn't convertible to non-UTF-8 locale encodings. Failure to parse date strings containing the character could result in gnome-shell not starting up properly. This update replaces the ratio symbol with a plain colon when a non-UTF-8 locale is in use. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-300=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-300=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-300=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-300=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-300=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-300=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gnome-desktop-debugsource-3.10.2-7.21 libgnome-desktop-3-devel-3.10.2-7.21 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gnome-desktop-debugsource-3.10.2-7.21 libgnome-desktop-3-devel-3.10.2-7.21 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gnome-desktop-debugsource-3.10.2-7.21 gnome-version-3.10.2-7.21 libgnome-desktop-3-8-3.10.2-7.21 libgnome-desktop-3-8-debuginfo-3.10.2-7.21 libgnome-desktop-3_0-common-3.10.2-7.21 libgnome-desktop-3_0-common-debuginfo-3.10.2-7.21 typelib-1_0-GnomeDesktop-3_0-3.10.2-7.21 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgnome-desktop-3-8-32bit-3.10.2-7.21 libgnome-desktop-3-8-debuginfo-32bit-3.10.2-7.21 - SUSE Linux Enterprise Server 12-SP1 (noarch): gnome-desktop-lang-3.10.2-7.21 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnome-desktop-debugsource-3.10.2-7.21 gnome-version-3.10.2-7.21 libgnome-desktop-3-8-3.10.2-7.21 libgnome-desktop-3-8-debuginfo-3.10.2-7.21 libgnome-desktop-3_0-common-3.10.2-7.21 libgnome-desktop-3_0-common-debuginfo-3.10.2-7.21 typelib-1_0-GnomeDesktop-3_0-3.10.2-7.21 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgnome-desktop-3-8-32bit-3.10.2-7.21 libgnome-desktop-3-8-debuginfo-32bit-3.10.2-7.21 - SUSE Linux Enterprise Server 12 (noarch): gnome-desktop-lang-3.10.2-7.21 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gnome-desktop-debugsource-3.10.2-7.21 gnome-version-3.10.2-7.21 libgnome-desktop-3-8-3.10.2-7.21 libgnome-desktop-3-8-debuginfo-3.10.2-7.21 libgnome-desktop-3_0-common-3.10.2-7.21 libgnome-desktop-3_0-common-debuginfo-3.10.2-7.21 typelib-1_0-GnomeDesktop-3_0-3.10.2-7.21 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gnome-desktop-lang-3.10.2-7.21 - SUSE Linux Enterprise Desktop 12 (x86_64): gnome-desktop-debugsource-3.10.2-7.21 gnome-version-3.10.2-7.21 libgnome-desktop-3-8-3.10.2-7.21 libgnome-desktop-3-8-debuginfo-3.10.2-7.21 libgnome-desktop-3_0-common-3.10.2-7.21 libgnome-desktop-3_0-common-debuginfo-3.10.2-7.21 typelib-1_0-GnomeDesktop-3_0-3.10.2-7.21 - SUSE Linux Enterprise Desktop 12 (noarch): gnome-desktop-lang-3.10.2-7.21 References: https://bugzilla.suse.com/952146 From sle-updates at lists.suse.com Tue Feb 23 09:11:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Feb 2016 17:11:43 +0100 (CET) Subject: SUSE-RU-2016:0548-1: moderate: Recommended update for google-cloud-sdk Message-ID: <20160223161143.846743214D@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-cloud-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0548-1 Rating: moderate References: #954690 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Google Cloud SDK has been updated to version 0.9.87, bringing several fixes, enhancements and new features. A comprehensive list of changes is available in the package's change log. The Python Client for Google APIs has been updated to version 1.4.2. This update removes the embedded oauth2client, which is now delivered as a separate package "python-oauth2client". Some runtime dependencies required by these updates have been added to the Public Cloud Module 12: python-antlr3_runtime, python-enum34, python-keyring, python-oauth2, python-oauth2client, python-oauth2client-gce, python-portpicker. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-302=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-302=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-302=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-302=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-keyring-3.6-2.2.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): python-enum34-1.0-4.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-api-python-client-1.4.2-4.1 google-cloud-sdk-0.9.87-9.2 python-antlr3_runtime-3.1.3-2.2 python-enum34-1.0-4.1 python-gcs-oauth2-boto-plugin-1.8-5.2 python-keyring-3.6-2.2.1 python-oauth2-1.9-2.3 python-oauth2client-1.5.1-5.1 python-oauth2client-gce-1.5.1-5.1 python-portpicker-1.1.0-2.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): python-enum34-1.0-4.1 References: https://bugzilla.suse.com/954690 From sle-updates at lists.suse.com Tue Feb 23 11:11:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Feb 2016 19:11:43 +0100 (CET) Subject: SUSE-RU-2016:0550-1: Recommended update for xorg-x11-driver-input Message-ID: <20160223181143.7C9953214D@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-driver-input ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0550-1 Rating: low References: #951739 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-driver-input provides the following fixes: - The Elo fdi file needs to get loaded after the synaptics one. The latter has a catch-all rule which needs to be overridden. This happens when the overriding rule is loaded after the one to override. (bsc#951739) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-driver-input-12413=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-xorg-x11-driver-input-12413=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): xorg-x11-driver-input-7.4-13.59.9 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): xorg-x11-driver-input-7.4-13.59.9 References: https://bugzilla.suse.com/951739 From sle-updates at lists.suse.com Tue Feb 23 12:11:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Feb 2016 20:11:15 +0100 (CET) Subject: SUSE-RU-2016:0551-1: Recommended update for libspectre Message-ID: <20160223191115.50FC732148@maintenance.suse.de> SUSE Recommended Update: Recommended update for libspectre ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0551-1 Rating: low References: #898327 #958630 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libspectre fixes rotation of Postscript documents. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-304=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-304=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-304=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-304=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-304=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-304=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libspectre-debugsource-0.2.7-8.2 libspectre-devel-0.2.7-8.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libspectre-debugsource-0.2.7-8.2 libspectre-devel-0.2.7-8.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libspectre-debugsource-0.2.7-8.2 libspectre1-0.2.7-8.2 libspectre1-debuginfo-0.2.7-8.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libspectre-debugsource-0.2.7-8.2 libspectre1-0.2.7-8.2 libspectre1-debuginfo-0.2.7-8.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libspectre-debugsource-0.2.7-8.2 libspectre1-0.2.7-8.2 libspectre1-debuginfo-0.2.7-8.2 - SUSE Linux Enterprise Desktop 12 (x86_64): libspectre-debugsource-0.2.7-8.2 libspectre1-0.2.7-8.2 libspectre1-debuginfo-0.2.7-8.2 References: https://bugzilla.suse.com/898327 https://bugzilla.suse.com/958630 From sle-updates at lists.suse.com Tue Feb 23 12:11:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Feb 2016 20:11:57 +0100 (CET) Subject: SUSE-RU-2016:0552-1: moderate: Recommended update for python-sip Message-ID: <20160223191157.56EB13214D@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-sip ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0552-1 Rating: moderate References: #955823 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-sip provides the following fixes: - Fixed the handling of non-pointer object variables so that they are only wrapped once and the Python object cached. - Fixed a regression in the handling of static non-pointer object variables. - Fixed the /KeepReference/ function annotation when applied to static functions. - The PyQt4 and PyQt5 specific data structures are now completely separate in preparation for the signal changes needed by PyQt5. - Renamed the PyQt4Flags and PyQt4NoQMetaObject annotations so that they are not PyQt4 specific. - Implemented the PyQt5 signal emitters. - Add a space between "const" and the variable name for multi-const types in generated code. - Added the /NoSetter/ variable annotation. In order to not generate code that changes values of const variables. - Changed the handling of timelines so that the latest version is enabled if no known version is explicitly enabled. - Added the -B option to sip to allow timeline backstops to be defined. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-305=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-305=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-305=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-305=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-305=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-305=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): python-qt4-debuginfo-4.10.3-7.11 python-qt4-debugsource-4.10.3-7.11 python-qt4-devel-4.10.3-7.11 python-qt4-utils-4.10.3-7.11 python-qt4-utils-debuginfo-4.10.3-7.11 python-sip-debuginfo-4.15.4-3.1 python-sip-debugsource-4.15.4-3.1 python-sip-devel-4.15.4-3.1 python-sip-devel-debuginfo-4.15.4-3.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): python-qt4-debuginfo-4.10.3-7.11 python-qt4-debugsource-4.10.3-7.11 python-qt4-devel-4.10.3-7.11 python-qt4-utils-4.10.3-7.11 python-qt4-utils-debuginfo-4.10.3-7.11 python-sip-debuginfo-4.15.4-3.1 python-sip-debugsource-4.15.4-3.1 python-sip-devel-4.15.4-3.1 python-sip-devel-debuginfo-4.15.4-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): python-qt4-4.10.3-7.11 python-qt4-debuginfo-4.10.3-7.11 python-qt4-debugsource-4.10.3-7.11 python-sip-4.15.4-3.1 python-sip-debuginfo-4.15.4-3.1 python-sip-debugsource-4.15.4-3.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): python-qt4-4.10.3-7.11 python-qt4-debuginfo-4.10.3-7.11 python-qt4-debugsource-4.10.3-7.11 python-sip-4.15.4-3.1 python-sip-debuginfo-4.15.4-3.1 python-sip-debugsource-4.15.4-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): python-qt4-4.10.3-7.11 python-qt4-debuginfo-4.10.3-7.11 python-qt4-debugsource-4.10.3-7.11 python-sip-4.15.4-3.1 python-sip-debuginfo-4.15.4-3.1 python-sip-debugsource-4.15.4-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): python-qt4-4.10.3-7.11 python-qt4-debuginfo-4.10.3-7.11 python-qt4-debugsource-4.10.3-7.11 python-sip-4.15.4-3.1 python-sip-debuginfo-4.15.4-3.1 python-sip-debugsource-4.15.4-3.1 References: https://bugzilla.suse.com/955823 From sle-updates at lists.suse.com Wed Feb 24 05:12:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 13:12:01 +0100 (CET) Subject: SUSE-SU-2016:0554-1: important: Security update for MozillaFirefox Message-ID: <20160224121201.4B4C63214D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0554-1 Rating: important References: #967087 Cross-References: CVE-2016-1523 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR (bsc#967087) * MFSA 2016-14/CVE-2016-1523 (bmo#1246093) Vulnerabilities in Graphite 2 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-307=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-307=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-307=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-307=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-307=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-307=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-devel-38.6.1esr-60.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-devel-38.6.1esr-60.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-38.6.1esr-60.1 MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-translations-38.6.1esr-60.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-38.6.1esr-60.1 MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-translations-38.6.1esr-60.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-38.6.1esr-60.1 MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-translations-38.6.1esr-60.1 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-38.6.1esr-60.1 MozillaFirefox-debuginfo-38.6.1esr-60.1 MozillaFirefox-debugsource-38.6.1esr-60.1 MozillaFirefox-translations-38.6.1esr-60.1 References: https://www.suse.com/security/cve/CVE-2016-1523.html https://bugzilla.suse.com/967087 From sle-updates at lists.suse.com Wed Feb 24 05:12:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 13:12:30 +0100 (CET) Subject: SUSE-SU-2016:0555-1: important: Security update for postgresql94 Message-ID: <20160224121230.EEE563214D@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0555-1 Rating: important References: #578053 #966435 #966436 Cross-References: CVE-2007-4772 CVE-2016-0766 CVE-2016-0773 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). * Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). * Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). * Fix many issues in pg_dump with specific object types * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS * Fix deparsing error with ON CONFLICT ... WHERE clauses * Fix tableoid errors for postgres_fdw * Prevent floating-point exceptions in pgbench * Make \det search Foreign Table names consistently * Fix quoting of domain constraint names in pg_dump * Prevent putting expanded objects into Const nodes * Allow compile of PL/Java on Windows * Fix "unresolved symbol" errors in PL/Python execution * Allow Python2 and Python3 to be used in the same database * Add support for Python 3.5 in PL/Python * Fix issue with subdirectory creation during initdb * Make pg_ctl report status correctly on Windows * Suppress confusing error when using pg_receivexlog with older servers * Multiple documentation corrections and additions * Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6.html - PL/Perl still needs to be linked with rpath, so that it can find libperl.so at runtime. bsc#578053, postgresql-plperl-keep-rpath.patch Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-306=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-306=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-306=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-306=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-306=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-306=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): postgresql94-devel-9.4.6-7.1 postgresql94-devel-debuginfo-9.4.6-7.1 postgresql94-libs-debugsource-9.4.6-7.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): postgresql94-devel-9.4.6-7.1 postgresql94-devel-debuginfo-9.4.6-7.1 postgresql94-libs-debugsource-9.4.6-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libecpg6-9.4.6-7.1 libecpg6-debuginfo-9.4.6-7.1 libpq5-9.4.6-7.1 libpq5-debuginfo-9.4.6-7.1 postgresql94-9.4.6-7.2 postgresql94-contrib-9.4.6-7.2 postgresql94-contrib-debuginfo-9.4.6-7.2 postgresql94-debuginfo-9.4.6-7.2 postgresql94-debugsource-9.4.6-7.2 postgresql94-libs-debugsource-9.4.6-7.1 postgresql94-server-9.4.6-7.2 postgresql94-server-debuginfo-9.4.6-7.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpq5-32bit-9.4.6-7.1 libpq5-debuginfo-32bit-9.4.6-7.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): postgresql94-docs-9.4.6-7.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libecpg6-9.4.6-7.1 libecpg6-debuginfo-9.4.6-7.1 libpq5-9.4.6-7.1 libpq5-debuginfo-9.4.6-7.1 postgresql94-9.4.6-7.2 postgresql94-contrib-9.4.6-7.2 postgresql94-contrib-debuginfo-9.4.6-7.2 postgresql94-debuginfo-9.4.6-7.2 postgresql94-debugsource-9.4.6-7.2 postgresql94-libs-debugsource-9.4.6-7.1 postgresql94-server-9.4.6-7.2 postgresql94-server-debuginfo-9.4.6-7.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libpq5-32bit-9.4.6-7.1 libpq5-debuginfo-32bit-9.4.6-7.1 - SUSE Linux Enterprise Server 12 (noarch): postgresql94-docs-9.4.6-7.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libecpg6-9.4.6-7.1 libecpg6-debuginfo-9.4.6-7.1 libpq5-32bit-9.4.6-7.1 libpq5-9.4.6-7.1 libpq5-debuginfo-32bit-9.4.6-7.1 libpq5-debuginfo-9.4.6-7.1 postgresql94-9.4.6-7.2 postgresql94-debuginfo-9.4.6-7.2 postgresql94-debugsource-9.4.6-7.2 postgresql94-libs-debugsource-9.4.6-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libecpg6-9.4.6-7.1 libecpg6-debuginfo-9.4.6-7.1 libpq5-32bit-9.4.6-7.1 libpq5-9.4.6-7.1 libpq5-debuginfo-32bit-9.4.6-7.1 libpq5-debuginfo-9.4.6-7.1 postgresql94-9.4.6-7.2 postgresql94-debuginfo-9.4.6-7.2 postgresql94-debugsource-9.4.6-7.2 postgresql94-libs-debugsource-9.4.6-7.1 References: https://www.suse.com/security/cve/CVE-2007-4772.html https://www.suse.com/security/cve/CVE-2016-0766.html https://www.suse.com/security/cve/CVE-2016-0773.html https://bugzilla.suse.com/578053 https://bugzilla.suse.com/966435 https://bugzilla.suse.com/966436 From sle-updates at lists.suse.com Wed Feb 24 07:11:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 15:11:40 +0100 (CET) Subject: SUSE-RU-2016:0556-1: Recommended update for openvswitch Message-ID: <20160224141140.023333214D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0556-1 Rating: low References: #951314 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update ensures openvswitch is started before the network service. This is needed to, for example, allow wicked to drive OVS bridge configuration during boot. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-308=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openvswitch-2.1.2-12.11 openvswitch-debuginfo-2.1.2-12.11 openvswitch-debugsource-2.1.2-12.11 openvswitch-kmp-default-2.1.2_k3.12.51_52.39-12.11 openvswitch-kmp-default-debuginfo-2.1.2_k3.12.51_52.39-12.11 openvswitch-switch-2.1.2-12.11 openvswitch-switch-debuginfo-2.1.2-12.11 - SUSE Linux Enterprise Server 12 (x86_64): openvswitch-kmp-xen-2.1.2_k3.12.51_52.39-12.11 openvswitch-kmp-xen-debuginfo-2.1.2_k3.12.51_52.39-12.11 References: https://bugzilla.suse.com/951314 From sle-updates at lists.suse.com Wed Feb 24 07:12:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 15:12:01 +0100 (CET) Subject: SUSE-RU-2016:0557-1: moderate: Recommended update for openstack-neutron Message-ID: <20160224141201.543D43214D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0557-1 Rating: moderate References: #966299 Affected Products: SUSE OpenStack Cloud Compute 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-neutron fixes ovs-cleanup dependency for openvswitch: use the systemd unit "openvswitch" instead of "openvswitch-switch". Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-309=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): openstack-neutron-2014.2.4.juno-16.1 openstack-neutron-dhcp-agent-2014.2.4.juno-16.1 openstack-neutron-ha-tool-2014.2.4.juno-16.1 openstack-neutron-l3-agent-2014.2.4.juno-16.1 openstack-neutron-lbaas-agent-2014.2.4.juno-16.1 openstack-neutron-linuxbridge-agent-2014.2.4.juno-16.1 openstack-neutron-metadata-agent-2014.2.4.juno-16.1 openstack-neutron-metering-agent-2014.2.4.juno-16.1 openstack-neutron-openvswitch-agent-2014.2.4.juno-16.1 openstack-neutron-vpn-agent-2014.2.4.juno-16.1 python-neutron-2014.2.4.juno-16.1 References: https://bugzilla.suse.com/966299 From sle-updates at lists.suse.com Wed Feb 24 08:11:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 16:11:35 +0100 (CET) Subject: SUSE-RU-2016:0558-1: Recommended update for python-ec2utilsbase Message-ID: <20160224151135.19ED232148@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ec2utilsbase ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0558-1 Rating: low References: #966958 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides fixes and enhancements for Amazon's EC2 utilities. python-ec2deprecateimg and python-ec2publishimg: - Do not show traceback when no account is provided on command line. - Update for compatibility with new base implementation of get_from_config(). python-ec2publishimg (update to version 0.1.1): - Do not show traceback when no account is provided on command line. - Update for compatibility with new base implementation of get_from_config(). python-ec2uploadimg (update to version 0.7.2): - Add error condition if uniqueness requirement is not met on command line. - Update for compatibility with new base implementation of get_from_config(). python-ec2utilsbase (update to version 1.0.0): - Add new required argument to get_from_config(). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-314=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-ec2deprecateimg-2.1.3-5.1 python-ec2publishimg-0.1.1-5.1 python-ec2uploadimg-0.7.2-12.1 python-ec2utilsbase-1.0.0-10.1 References: https://bugzilla.suse.com/966958 From sle-updates at lists.suse.com Wed Feb 24 08:11:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 16:11:59 +0100 (CET) Subject: SUSE-RU-2016:0559-1: moderate: Recommended update for google-daemon, google-startup-scripts Message-ID: <20160224151159.BA1AD3214D@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-daemon, google-startup-scripts ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0559-1 Rating: moderate References: #965896 #966582 #966583 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This collective update for Google's Computing Environment tools provides fixes and enhancements: google-daemon (update to version 1.3.2): - The instance "sshKey" data is being deprecated by the platform (GCE). Therefore the initialization client needs to properly deal with this condition. google-startup-scripts (update to version 1.3.2): - Fix insecure usage of temporary files when generating keys. (bsc#965896) - Provide a shutdown service for systemd based systems to better control the stop order. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-google-tools-12415=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (noarch): google-daemon-1.3.2-15.2 google-startup-scripts-1.3.2-17.1 References: https://bugzilla.suse.com/965896 https://bugzilla.suse.com/966582 https://bugzilla.suse.com/966583 From sle-updates at lists.suse.com Wed Feb 24 08:12:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 16:12:42 +0100 (CET) Subject: SUSE-RU-2016:0560-1: moderate: Recommended update for crowbar-barclamps Message-ID: <20160224151242.21B593214D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamps ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0560-1 Rating: moderate References: #816746 #918751 #930986 #935283 #935912 #941528 #944467 #945219 #950365 #950798 #955811 #957587 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update provides fixes and improvements, provided by the upstream-openstack-project, for crowbar-barclamp-deployer, crowbar-barclamp-dns, crowbar-barclamp-network, crowbar-barclamp-neutron, crowbar-barclamp-nova and crowbar-barclamp-provisioner. The following issues have been fixed: - Only allocate IP addresses to nodes when they're allocated, not when discovered (bsc#941528). - Fix interface mappings when floating is not on a VLAN (bsc#955811). - Several fixes for better openvswitch support on SLE12 compute nodes (bsc#930986, bsc#935912, bsc#945219, bsc#950798). - Avoid hang in nova in SSL accept on handshake (bsc#957587). - Do not add conf file entries for virtual interfaces (bsc#816746). - Fix installing nodes with large disks > 4 TB (bsc#935283, bsc#944467). - Correctly mark SLE12 compute nodes as off in Crowbar when shut down. - Restrict access to tftpboot dir to admin network (bsc#950365). For a detailed description of all changes, please refer to the changelog. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-201602-12414=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-deployer-1.9+git.1446477627.fec33f8-13.1 crowbar-barclamp-dns-1.9+git.1446466313.fa83c0b-12.1 crowbar-barclamp-network-1.9+git.1452176450.0b2990e-15.1 crowbar-barclamp-neutron-1.9+git.1452525711.441a283-18.1 crowbar-barclamp-nova-1.9+git.1452519725.3d6f8bf-20.1 crowbar-barclamp-provisioner-1.9+git.1452588189.9e09aed-9.1 References: https://bugzilla.suse.com/816746 https://bugzilla.suse.com/918751 https://bugzilla.suse.com/930986 https://bugzilla.suse.com/935283 https://bugzilla.suse.com/935912 https://bugzilla.suse.com/941528 https://bugzilla.suse.com/944467 https://bugzilla.suse.com/945219 https://bugzilla.suse.com/950365 https://bugzilla.suse.com/950798 https://bugzilla.suse.com/955811 https://bugzilla.suse.com/957587 From sle-updates at lists.suse.com Wed Feb 24 08:15:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 16:15:38 +0100 (CET) Subject: SUSE-RU-2016:0561-1: moderate: Recommended update for google-daemon, google-startup-scripts Message-ID: <20160224151538.1D1653214F@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-daemon, google-startup-scripts ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0561-1 Rating: moderate References: #965896 #966582 #966583 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This collective update for Google's Computing Environment tools provides fixes and enhancements: google-daemon (update to version 1.3.2): - The instance "sshKey" data is being deprecated by the platform (GCE). Therefore the initialization client needs to properly deal with this condition. google-startup-scripts (update to version 1.3.2): - Fix insecure usage of temporary files when generating keys. (bsc#965896) - Provide a shutdown service for systemd based systems to better control the stop order. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-315=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-daemon-1.3.2-18.1 google-startup-scripts-1.3.2-20.1 References: https://bugzilla.suse.com/965896 https://bugzilla.suse.com/966582 https://bugzilla.suse.com/966583 From sle-updates at lists.suse.com Wed Feb 24 08:16:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 16:16:22 +0100 (CET) Subject: SUSE-RU-2016:0562-1: Recommended update for syslinux Message-ID: <20160224151622.9C7283214F@maintenance.suse.de> SUSE Recommended Update: Recommended update for syslinux ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0562-1 Rating: low References: #964471 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for syslinux enables building of the syslinux-x86_64 package, which will be shipped with SUSE Manager Server for s390x. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-311=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-311=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (x86_64): syslinux-4.04-37.1 syslinux-debuginfo-4.04-37.1 syslinux-debugsource-4.04-37.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): syslinux-4.04-37.1 syslinux-debuginfo-4.04-37.1 syslinux-debugsource-4.04-37.1 References: https://bugzilla.suse.com/964471 From sle-updates at lists.suse.com Wed Feb 24 08:16:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 16:16:43 +0100 (CET) Subject: SUSE-RU-2016:0563-1: Recommended update for yast2-drbd Message-ID: <20160224151643.3BF3F3214F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0563-1 Rating: low References: #955564 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-drbd allows users to configure whether lvmetad should be used or not. When lvmetad is enabled, the volume group metadata and PV state flags are obtained from the lvmetad instance and no scanning is done by the individual commands. Because lvmetad's cache cannot be synchronized between nodes, users are advised to disable lvmetad in cluster environments. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-312=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (noarch): yast2-drbd-3.1.19-3.13 References: https://bugzilla.suse.com/955564 From sle-updates at lists.suse.com Wed Feb 24 10:11:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 18:11:41 +0100 (CET) Subject: SUSE-SU-2016:0564-1: important: Security update for MozillaFirefox Message-ID: <20160224171141.7760B32148@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0564-1 Rating: important References: #967087 Cross-References: CVE-2016-1523 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR (bsc#967087) * MFSA 2016-14/CVE-2016-1523 (bmo#1246093) Vulnerabilities in Graphite 2 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12416=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12416=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-MozillaFirefox-12416=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12416=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.6.1esr-34.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.6.1esr-34.1 MozillaFirefox-translations-38.6.1esr-34.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): MozillaFirefox-38.6.1esr-34.1 MozillaFirefox-translations-38.6.1esr-34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.6.1esr-34.1 MozillaFirefox-debugsource-38.6.1esr-34.1 References: https://www.suse.com/security/cve/CVE-2016-1523.html https://bugzilla.suse.com/967087 From sle-updates at lists.suse.com Wed Feb 24 13:11:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 21:11:25 +0100 (CET) Subject: SUSE-RU-2016:0571-1: moderate: Recommended update for yast2-packager, yast2-update Message-ID: <20160224201125.0BD0D32148@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager, yast2-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0571-1 Rating: moderate References: #952112 #956597 #960460 #963036 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-packager and yast2-update provides the following fixes: - Fix selection of additional products during system installation: do not select previously unselected products after adding repositories from the registration server. (bsc#963036) - Do not crash when attempting to add repository of unknown type. (bsc#960460) - Do not remove the system repository when adding an add-on fails. Handle errors properly. (bsc#956597) - Do not check the free space on a CD/DVD mounted medium during online migration. (bsc#952112) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-318=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-318=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-318=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): yast2-packager-devel-doc-3.1.84.1-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): yast2-packager-3.1.84.1-5.1 yast2-update-3.1.34.1-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): yast2-packager-3.1.84.1-5.1 yast2-update-3.1.34.1-3.1 References: https://bugzilla.suse.com/952112 https://bugzilla.suse.com/956597 https://bugzilla.suse.com/960460 https://bugzilla.suse.com/963036 From sle-updates at lists.suse.com Wed Feb 24 13:12:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Feb 2016 21:12:24 +0100 (CET) Subject: SUSE-RU-2016:0572-1: Recommended update for crmsh Message-ID: <20160224201224.51E3F3214D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0572-1 Rating: low References: #931837 #959895 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - cibconfig: Fix XML import bug for cloned groups. (bsc#959895) - crm_gv: Wrap non-identifier names in quotes. (bsc#931837) - crm_gv: Improved quoting of non-identifier node names. (bsc#931837) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-crmsh-12417=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): crmsh-2.1.2+git49.g2e3fa0e-3.5 References: https://bugzilla.suse.com/931837 https://bugzilla.suse.com/959895 From sle-updates at lists.suse.com Thu Feb 25 11:11:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Feb 2016 19:11:46 +0100 (CET) Subject: SUSE-OU-2016:0580-1: Initial release of supportutils-plugin-suse-public-cloud Message-ID: <20160225181146.F06FF3214D@maintenance.suse.de> SUSE Optional Update: Initial release of supportutils-plugin-suse-public-cloud ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:0580-1 Rating: low References: #963690 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This patch adds supportutils-plugin-suse-public-cloud to the Public Cloud 12 Module. This plug-in extends supportconfig functionality to collect information specific to systems running on Public Cloud environments. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-324=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): supportutils-plugin-suse-public-cloud-1.0.0-2.1 References: https://bugzilla.suse.com/963690 From sle-updates at lists.suse.com Thu Feb 25 11:12:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Feb 2016 19:12:07 +0100 (CET) Subject: SUSE-OU-2016:0581-1: Initial release of supportutils-plugin-suse-public-cloud Message-ID: <20160225181207.C81343214D@maintenance.suse.de> SUSE Optional Update: Initial release of supportutils-plugin-suse-public-cloud ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:0581-1 Rating: low References: #963688 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This patch adds supportutils-plugin-suse-public-cloud to the Public Cloud 11 Module. This plug-in extends supportconfig functionality to collect information specific to systems running on Public Cloud environments. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-supportutils-plugin-suse-public-cloud-12418=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (noarch): supportutils-plugin-suse-public-cloud-1.0.0-2.1 References: https://bugzilla.suse.com/963688 From sle-updates at lists.suse.com Thu Feb 25 11:12:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Feb 2016 19:12:28 +0100 (CET) Subject: SUSE-RU-2016:0582-1: moderate: Recommended update for openvswitch Message-ID: <20160225181228.1CC263214D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0582-1 Rating: moderate References: #941466 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch ensures bridges are not created with IFF_UP and IFF_LOWER_UP flags set. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-326=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openvswitch-2.1.2-29.1 openvswitch-debuginfo-2.1.2-29.1 openvswitch-debugsource-2.1.2-29.1 openvswitch-kmp-default-2.1.2_k3.12.51_60.25-29.1 openvswitch-kmp-default-debuginfo-2.1.2_k3.12.51_60.25-29.1 openvswitch-switch-2.1.2-29.1 openvswitch-switch-debuginfo-2.1.2-29.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): openvswitch-kmp-xen-2.1.2_k3.12.51_60.25-29.1 openvswitch-kmp-xen-debuginfo-2.1.2_k3.12.51_60.25-29.1 References: https://bugzilla.suse.com/941466 From sle-updates at lists.suse.com Thu Feb 25 12:11:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Feb 2016 20:11:35 +0100 (CET) Subject: SUSE-RU-2016:0583-1: moderate: Recommended update for openwsman, wsmancli, sblim-sfc Message-ID: <20160225191135.4B9FB32148@maintenance.suse.de> SUSE Recommended Update: Recommended update for openwsman, wsmancli, sblim-sfc ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0583-1 Rating: moderate References: #911088 #929021 #929023 #950466 #954780 #966081 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Software Development Kit 11-SP3 SUSE Linux Enterprise Server for VMWare 11-SP3 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Desktop 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for openwsman, wsmancli, and sblim-sfc adds support for a new option in the client configuration: curlopt_nosignal. If this option is enabled in openwsman_client.conf, openwsman will set the CURLOPT_NOSIGNAL flag in libcurl. It's recommended to enable this option when running multi-threaded applications linked against libwsman. Additionally, this update fixes various memory leaks, ensures client option properties are kept in order and removes static arrays from functions strlwc and strcrop to make them thread-safe. Moreover, the wsmancli client has been updated to fix a segmentation fault when querying newer versions of the openwsman server. Finally, this update fixes a bug which prevented openwsman to connect to cfcb via 'XML' (bsc#966081). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openwsman-12420=1 - SUSE Linux Enterprise Software Development Kit 11-SP3: zypper in -t patch sdksp3-openwsman-12420=1 - SUSE Linux Enterprise Server for VMWare 11-SP3: zypper in -t patch slessp3-openwsman-12420=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openwsman-12420=1 - SUSE Linux Enterprise Server 11-SP3: zypper in -t patch slessp3-openwsman-12420=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-openwsman-12420=1 - SUSE Linux Enterprise Desktop 11-SP3: zypper in -t patch sledsp3-openwsman-12420=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openwsman-12420=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openwsman-12420=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwsman-devel-2.2.3-0.15.3 openwsman-python-2.2.3-0.15.3 sblim-sfcc-devel-2.2.1-0.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 ia64 ppc64 s390x x86_64): libwsman-devel-2.2.3-0.15.3 openwsman-python-2.2.3-0.15.3 sblim-sfcc-devel-2.2.1-0.6.1 - SUSE Linux Enterprise Server for VMWare 11-SP3 (i586 x86_64): libwsman1-2.2.3-0.15.3 openwsman-client-2.2.3-0.15.3 openwsman-server-2.2.3-0.15.3 sblim-sfcc-2.2.1-0.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libwsman1-2.2.3-0.15.3 openwsman-client-2.2.3-0.15.3 openwsman-server-2.2.3-0.15.3 sblim-sfcc-2.2.1-0.6.1 - SUSE Linux Enterprise Server 11-SP3 (i586 ia64 ppc64 s390x x86_64): libwsman1-2.2.3-0.15.3 openwsman-client-2.2.3-0.15.3 openwsman-server-2.2.3-0.15.3 sblim-sfcc-2.2.1-0.6.1 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): libwsman1-2.2.3-0.15.3 openwsman-client-2.2.3-0.15.3 openwsman-server-2.2.3-0.15.3 sblim-sfcc-2.2.1-0.6.1 wsmancli-2.2.3-0.4.4 - SUSE Linux Enterprise Desktop 11-SP3 (i586 x86_64): libwsman1-2.2.3-0.15.3 openwsman-client-2.2.3-0.15.3 openwsman-server-2.2.3-0.15.3 sblim-sfcc-2.2.1-0.6.1 wsmancli-2.2.3-0.4.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openwsman-debuginfo-2.2.3-0.15.3 openwsman-debugsource-2.2.3-0.15.3 sblim-sfcc-debuginfo-2.2.1-0.6.1 sblim-sfcc-debugsource-2.2.1-0.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): wsmancli-debuginfo-2.2.3-0.4.4 wsmancli-debugsource-2.2.3-0.4.4 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 ia64 ppc64 s390x x86_64): openwsman-debuginfo-2.2.3-0.15.3 openwsman-debugsource-2.2.3-0.15.3 sblim-sfcc-debuginfo-2.2.1-0.6.1 sblim-sfcc-debugsource-2.2.1-0.6.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): wsmancli-debuginfo-2.2.3-0.4.4 wsmancli-debugsource-2.2.3-0.4.4 References: https://bugzilla.suse.com/911088 https://bugzilla.suse.com/929021 https://bugzilla.suse.com/929023 https://bugzilla.suse.com/950466 https://bugzilla.suse.com/954780 https://bugzilla.suse.com/966081 From sle-updates at lists.suse.com Thu Feb 25 12:13:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Feb 2016 20:13:07 +0100 (CET) Subject: SUSE-SU-2016:0584-1: moderate: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss Message-ID: <20160225191307.187593214D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0584-1 Rating: moderate References: #954447 #959888 #963520 #963632 #963635 #963731 #967087 Cross-References: CVE-2015-7575 CVE-2016-1523 CVE-2016-1930 CVE-2016-1935 CVE-2016-1938 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: Firefox 38.6.1 ESR (bsc#967087) The following vulnerabilities were fixed: - CVE-2016-1523: Fixed denial of service in Graphite 2 library (MFSA 2016-14/bmo#1246093) Firefox 38.6.0 ESR + Mozilla NSS 3.20.2. (bsc#963520) The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632) - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635) - CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731) - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888) The following improvements were added: - bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites - Tracking protection is now enabled by default Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-mozilla-12419=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-mozilla-12419=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-38.6.1esr-33.1 MozillaFirefox-branding-SLED-38-15.58 MozillaFirefox-translations-38.6.1esr-33.1 libfreebl3-3.20.2-17.5 mozilla-nss-3.20.2-17.5 mozilla-nss-devel-3.20.2-17.5 mozilla-nss-tools-3.20.2-17.5 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.20.2-17.5 mozilla-nss-32bit-3.20.2-17.5 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-38.6.1esr-33.1 MozillaFirefox-debugsource-38.6.1esr-33.1 mozilla-nss-debuginfo-3.20.2-17.5 mozilla-nss-debugsource-3.20.2-17.5 - SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64): mozilla-nss-debuginfo-32bit-3.20.2-17.5 References: https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2016-1523.html https://www.suse.com/security/cve/CVE-2016-1930.html https://www.suse.com/security/cve/CVE-2016-1935.html https://www.suse.com/security/cve/CVE-2016-1938.html https://bugzilla.suse.com/954447 https://bugzilla.suse.com/959888 https://bugzilla.suse.com/963520 https://bugzilla.suse.com/963632 https://bugzilla.suse.com/963635 https://bugzilla.suse.com/963731 https://bugzilla.suse.com/967087 From sle-updates at lists.suse.com Thu Feb 25 13:11:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Feb 2016 21:11:26 +0100 (CET) Subject: SUSE-SU-2016:0585-1: important: Security update for the Linux Kernel Message-ID: <20160225201126.366273214D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0585-1 Rating: important References: #812259 #855062 #867583 #899908 #902606 #924919 #935087 #937261 #937444 #938577 #940338 #940946 #941363 #942476 #943989 #944749 #945649 #947953 #949440 #949936 #950292 #951199 #951392 #951615 #952579 #952976 #954992 #955118 #955354 #955654 #956514 #956708 #957525 #957988 #957990 #958463 #958886 #958951 #959090 #959146 #959190 #959257 #959364 #959399 #959436 #959463 #959629 #960221 #960227 #960281 #960300 #961202 #961257 #961500 #961509 #961516 #961588 #961971 #962336 #962356 #962788 #962965 #963449 #963572 #963765 #963767 #963825 #964230 #964821 #965344 #965840 Cross-References: CVE-2013-7446 CVE-2015-0272 CVE-2015-5707 CVE-2015-7550 CVE-2015-7799 CVE-2015-8215 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8569 CVE-2015-8575 CVE-2015-8660 CVE-2015-8767 CVE-2015-8785 CVE-2016-0723 CVE-2016-2069 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 54 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that was (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). - CVE-2015-8551: Xen PCI backend driver did not perform proper sanity checks on the device's state, allowing for DoS (bsc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel attempted to merge distinct setattr operations, which allowed local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application (bnc#960281). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution (bnc#963767). The following non-security bugs were fixed: - ACPI: Introduce apic_id in struct processor to save parsed APIC id (bsc#959463). - ACPI: Make it possible to get local x2apic id via _MAT (bsc#959463). - ACPI: use apic_id and remove duplicated _MAT evaluation (bsc#959463). - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261). - Add sd_mod to initrd modules. For some reason PowerVM backend can't work without sd_mod - Do not modify perf bias performance setting by default at boot (bnc#812259, bsc#959629). - Documentation: Document kernel.panic_on_io_nmi sysctl (bsc#940946, bsc#937444). - Driver for IBM System i/p VNIC protocol - Drop blktap patches from SLE12, since the driver is unsupported - Improve fairness when locking the per-superblock s_anon list (bsc#957525, bsc#941363). - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708). - NFSD: Do not start lockd when only NFSv4 is running - NFSv4: Recovery of recalled read delegations is broken (bsc#956514). - Replace with 176bed1d vmstat: explicitly schedule per-cpu work on the CPU we need it to run on - Revert "ipv6: add complete rcu protection around np->opt" (bnc#961257). - Revert 874bbfe60 workqueue: make sure delayed work run in local cpu 1. Without 22b886dd, 874bbfe60 leads to timer corruption. 2. With 22b886dd applied, victim of 1 reports performance regression (1,2 https://lkml.org/lkml/2016/2/4/618) 3. Leads to scheduling work to offlined CPU (bnc#959463). SLERT: 4. NO_HZ_FULL regressession, unbound delayed work timer is no longer deflected to a housekeeper CPU. - be2net: fix some log messages (bnc#855062, bnc#867583). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - block: Always check queue limits for cloned requests (bsc#902606). - block: Always check queue limits for cloned requests (bsc#902606). - bnx2x: Add new device ids under the Qlogic vendor (bnc#964821). - btrfs: Add qgroup tracing (bnc#935087, bnc#945649). - btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300). - btrfs: backref: Add special time_seq == (u64)-1 case for btrfs_find_all_roots() (bnc#935087, bnc#945649). - btrfs: backref: Do not merge refs which are not for same block (bnc#935087, bnc#945649). - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087, bnc#945649). - btrfs: delayed-ref: Use list to replace the ref_root in ref_head (bnc#935087, bnc#945649). - btrfs: extent-tree: Use ref_node to replace unneeded parameters in __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649). - btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649). - btrfs: fix deadlock between direct IO write and defrag/readpages (bnc#965344). - btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087, bnc#945649). - btrfs: fix order by which delayed references are run (bnc#949440). - btrfs: fix qgroup sanity tests (bnc#951615). - btrfs: fix race waiting for qgroup rescan worker (bnc#960300). - btrfs: fix regression running delayed references when using qgroups (bnc#951615). - btrfs: fix regression when running delayed references (bnc#951615). - btrfs: fix sleeping inside atomic context in qgroup rescan worker (bnc#960300). - btrfs: keep dropped roots in cache until transaction commit (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087, bnc#945649). - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087, bnc#945649). - btrfs: qgroup: Add new function to record old_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Add new qgroup calculation function btrfs_qgroup_account_extents() (bnc#935087, bnc#945649). - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read (bnc#935087, bnc#945649). - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan (bnc#960300). - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087, bnc#945649). - btrfs: qgroup: Make snapshot accounting work with new extent-oriented qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Record possible quota-related extent for qgroup (bnc#935087, bnc#945649). - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism (bnc#935087, bnc#945649). - btrfs: qgroup: account shared subtree during snapshot delete (bnc#935087, bnc#945649). - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300). - btrfs: qgroup: exit the rescan worker during umount (bnc#960300). - btrfs: qgroup: fix quota disable during rescan (bnc#960300). - btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087, bnc#945649). - btrfs: remove transaction from send (bnc#935087, bnc#945649). - btrfs: skip locking when searching commit root (bnc#963825). - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649). - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087, bnc#945649). - crypto: nx - use common code for both NX decompress success cases (bsc#942476). - crypto: nx-842 - Mask XERS0 bit in return value (bsc#960221). - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965). - drivers/firmware/memmap.c: do not allocate firmware_map_entry of same memory range (bsc#959463). - drivers/firmware/memmap.c: do not create memmap sysfs of same firmware_map_entry (bsc#959463). - drivers/firmware/memmap.c: pass the correct argument to firmware_map_find_entry_bootmem() (bsc#959463). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - fuse: break infinite loop in fuse_fill_write_pages() (bsc#963765). - group-source-files: mark module.lds as devel file ld: cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory - ipv6: fix tunnel error handling (bsc#952579). - jbd2: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516). - kABI: reintroduce blk_rq_check_limits. - kabi: protect struct acpi_processor signature (bsc#959463). - kernel/watchdog.c: perform all-CPU backtrace in case of hard lockup (bsc#940946, bsc#937444). - kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val) (bsc#940946, bsc#937444). - kernel: Provide READ_ONCE and ASSIGN_ONCE (bsc#940946, bsc#937444). - kernel: inadvertent free of the vector register save area (bnc#961202). - kexec: Fix race between panic() and crash_kexec() (bsc#940946, bsc#937444). - kgr: Remove the confusing search for fentry - kgr: Safe way to avoid an infinite redirection - kgr: do not print error for !abort_if_missing symbols (bnc#943989). - kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572). - kgr: log when modifying kernel - kgr: mark some more missed kthreads (bnc#962336). - kgr: usb/storage: do not emit thread awakened (bnc#899908). - kvm: Add arch specific mmu notifier for page invalidation (bsc#959463). - kvm: Make init_rmode_identity_map() return 0 on success (bsc#959463). - kvm: Remove ept_identity_pagetable from struct kvm_arch (bsc#959463). - kvm: Rename make_all_cpus_request() to kvm_make_all_cpus_request() and make it non-static (bsc#959463). - kvm: Use APIC_DEFAULT_PHYS_BASE macro as the apic access page address (bsc#959463). - kvm: vmx: Implement set_apic_access_page_addr (bsc#959463). - kvm: x86: Add request bit to reload APIC access page address (bsc#959463). - kvm: x86: Unpin and remove kvm_arch->apic_access_page (bsc#959463). - libiscsi: Fix host busy blocking during connection teardown. - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - md/bitmap: do not pass -1 to bitmap_storage_alloc (bsc#955118). - md/bitmap: remove confusing code from filemap_get_page. - md/bitmap: remove rcu annotation from pointer arithmetic. - mem-hotplug: reset node managed pages when hot-adding a new pgdat (bsc#959463). - mem-hotplug: reset node present pages when hot-adding a new pgdat (bsc#959463). - memory-hotplug: clear pgdat which is allocated by bootmem in try_offline_node() (bsc#959463). - mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone() (VM Functionality, bnc#961588). - mm/mempolicy.c: convert the shared_policy lock to a rwlock (VM Performance, bnc#959436). - module: keep percpu symbols in module's symtab (bsc#962788). - nmi: provide the option to issue an NMI back trace to every cpu but current (bsc#940946, bsc#937444). - nmi: provide the option to issue an NMI back trace to every cpu but current (bsc#940946, bsc#937444). - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992). - panic, x86: Allow CPUs to save registers even if looping in NMI context (bsc#940946, bsc#937444). - panic, x86: Fix re-entrance problem due to panic on NMI (bsc#940946, bsc#937444). - pci: Check for valid tags when calculating the VPD size (bsc#959146). - qeth: initialize net_device with carrier off (bnc#964230). - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB on s390x, 20GB elsewhere. - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed - rpm/kernel-binary.spec.in: Fix kernel-vanilla-devel dependency (bsc#959090) - rpm/kernel-binary.spec.in: Fix paths in kernel-vanilla-devel (bsc#959090). - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file - rpm/kernel-binary.spec.in: Use bzip compression to speed up build (bsc#962356) - rpm/kernel-source.spec.in: Install kernel-macros for kernel-source-vanilla (bsc#959090) - rpm/kernel-spec-macros: Do not modify the release string in PTFs (bsc#963449) - rpm/package-descriptions: Add kernel-zfcpdump and drop -desktop - s390/cio: ensure consistent measurement state (bnc#964230). - s390/cio: fix measurement characteristics memleak (bnc#964230). - s390/cio: update measurement characteristics (bnc#964230). - s390/dasd: fix failfast for disconnected devices (bnc#961202). - s390/vtime: correct scaled cputime for SMT (bnc#964230). - s390/vtime: correct scaled cputime of partially idle CPUs (bnc#964230). - s390/vtime: limit MT scaling value updates (bnc#964230). - sched,numa: cap pte scanning overhead to 3% of run time (Automatic NUMA Balancing). - sched/fair: Care divide error in update_task_scan_period() (bsc#959463). - sched/fair: Disable tg load_avg/runnable_avg update for root_task_group (bnc#960227). - sched/fair: Move cache hot load_avg/runnable_avg into separate cacheline (bnc#960227). - sched/numa: Cap PTE scanning overhead to 3% of run time (Automatic NUMA Balancing). - sched: Fix race between task_group and sched_task_group (Automatic NUMA Balancing). - scsi: restart list search after unlock in scsi_remove_target (bsc#944749, bsc#959257). - supported.conf: Add more QEMU and VMware drivers to -base (bsc#965840). - supported.conf: Add netfilter modules to base (bsc#950292) - supported.conf: Add nls_iso8859-1 and nls_cp437 to -base (bsc#950292) - supported.conf: Add vfat to -base to be able to mount the ESP (bsc#950292). - supported.conf: Add virtio_{blk,net,scsi} to kernel-default-base (bsc#950292) - supported.conf: Also add virtio_pci to kernel-default-base (bsc#950292). - supported.conf: drop +external from ghash-clmulni-intel It was agreed that it does not make sense to maintain "external" for this specific module. Furthermore it causes problems in rather ordinary VMware environments. (bsc#961971) - udp: properly support MSG_PEEK with truncated buffers (bsc#951199 bsc#959364). - x86, xsave: Support eager-only xsave features, add MPX support (bsc#938577). - x86/apic: Introduce apic_extnmi command line parameter (bsc#940946, bsc#937444). - x86/fpu/xstate: Do not assume the first zero xfeatures zero bit means the end (bsc#938577). - x86/fpu: Fix double-increment in setup_xstate_features() (bsc#938577). - x86/fpu: Remove xsave_init() bootmem allocations (bsc#938577). - x86/nmi: Save regs in crash dump on external NMI (bsc#940946, bsc#937444). - x86/nmi: Save regs in crash dump on external NMI (bsc#940946, bsc#937444). - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157). - xfs: add a few more verifier tests (bsc#947953). - xfs: fix double free in xlog_recover_commit_trans (bsc#947953). - xfs: recovery of XLOG_UNMOUNT_TRANS leaks memory (bsc#947953). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-329=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-329=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-329=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-329=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-329=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-329=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.53-60.30.1 kernel-default-debugsource-3.12.53-60.30.1 kernel-default-extra-3.12.53-60.30.1 kernel-default-extra-debuginfo-3.12.53-60.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.53-60.30.2 kernel-obs-build-debugsource-3.12.53-60.30.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.53-60.30.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.53-60.30.1 kernel-default-base-3.12.53-60.30.1 kernel-default-base-debuginfo-3.12.53-60.30.1 kernel-default-debuginfo-3.12.53-60.30.1 kernel-default-debugsource-3.12.53-60.30.1 kernel-default-devel-3.12.53-60.30.1 kernel-syms-3.12.53-60.30.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.53-60.30.1 kernel-xen-base-3.12.53-60.30.1 kernel-xen-base-debuginfo-3.12.53-60.30.1 kernel-xen-debuginfo-3.12.53-60.30.1 kernel-xen-debugsource-3.12.53-60.30.1 kernel-xen-devel-3.12.53-60.30.1 lttng-modules-2.7.0-3.1 lttng-modules-debugsource-2.7.0-3.1 lttng-modules-kmp-default-2.7.0_k3.12.53_60.30-3.1 lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.53_60.30-3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.53-60.30.1 kernel-macros-3.12.53-60.30.1 kernel-source-3.12.53-60.30.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.53-60.30.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.53-60.30.1 kernel-ec2-debuginfo-3.12.53-60.30.1 kernel-ec2-debugsource-3.12.53-60.30.1 kernel-ec2-devel-3.12.53-60.30.1 kernel-ec2-extra-3.12.53-60.30.1 kernel-ec2-extra-debuginfo-3.12.53-60.30.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-1-2.1 kgraft-patch-3_12_53-60_30-xen-1-2.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.53-60.30.1 kernel-default-debuginfo-3.12.53-60.30.1 kernel-default-debugsource-3.12.53-60.30.1 kernel-default-devel-3.12.53-60.30.1 kernel-default-extra-3.12.53-60.30.1 kernel-default-extra-debuginfo-3.12.53-60.30.1 kernel-syms-3.12.53-60.30.1 kernel-xen-3.12.53-60.30.1 kernel-xen-debuginfo-3.12.53-60.30.1 kernel-xen-debugsource-3.12.53-60.30.1 kernel-xen-devel-3.12.53-60.30.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.53-60.30.1 kernel-macros-3.12.53-60.30.1 kernel-source-3.12.53-60.30.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-0272.html https://www.suse.com/security/cve/CVE-2015-5707.html https://www.suse.com/security/cve/CVE-2015-7550.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-8215.html https://www.suse.com/security/cve/CVE-2015-8539.html https://www.suse.com/security/cve/CVE-2015-8543.html https://www.suse.com/security/cve/CVE-2015-8550.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8569.html https://www.suse.com/security/cve/CVE-2015-8575.html https://www.suse.com/security/cve/CVE-2015-8660.html https://www.suse.com/security/cve/CVE-2015-8767.html https://www.suse.com/security/cve/CVE-2015-8785.html https://www.suse.com/security/cve/CVE-2016-0723.html https://www.suse.com/security/cve/CVE-2016-2069.html https://bugzilla.suse.com/812259 https://bugzilla.suse.com/855062 https://bugzilla.suse.com/867583 https://bugzilla.suse.com/899908 https://bugzilla.suse.com/902606 https://bugzilla.suse.com/924919 https://bugzilla.suse.com/935087 https://bugzilla.suse.com/937261 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/938577 https://bugzilla.suse.com/940338 https://bugzilla.suse.com/940946 https://bugzilla.suse.com/941363 https://bugzilla.suse.com/942476 https://bugzilla.suse.com/943989 https://bugzilla.suse.com/944749 https://bugzilla.suse.com/945649 https://bugzilla.suse.com/947953 https://bugzilla.suse.com/949440 https://bugzilla.suse.com/949936 https://bugzilla.suse.com/950292 https://bugzilla.suse.com/951199 https://bugzilla.suse.com/951392 https://bugzilla.suse.com/951615 https://bugzilla.suse.com/952579 https://bugzilla.suse.com/952976 https://bugzilla.suse.com/954992 https://bugzilla.suse.com/955118 https://bugzilla.suse.com/955354 https://bugzilla.suse.com/955654 https://bugzilla.suse.com/956514 https://bugzilla.suse.com/956708 https://bugzilla.suse.com/957525 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/958463 https://bugzilla.suse.com/958886 https://bugzilla.suse.com/958951 https://bugzilla.suse.com/959090 https://bugzilla.suse.com/959146 https://bugzilla.suse.com/959190 https://bugzilla.suse.com/959257 https://bugzilla.suse.com/959364 https://bugzilla.suse.com/959399 https://bugzilla.suse.com/959436 https://bugzilla.suse.com/959463 https://bugzilla.suse.com/959629 https://bugzilla.suse.com/960221 https://bugzilla.suse.com/960227 https://bugzilla.suse.com/960281 https://bugzilla.suse.com/960300 https://bugzilla.suse.com/961202 https://bugzilla.suse.com/961257 https://bugzilla.suse.com/961500 https://bugzilla.suse.com/961509 https://bugzilla.suse.com/961516 https://bugzilla.suse.com/961588 https://bugzilla.suse.com/961971 https://bugzilla.suse.com/962336 https://bugzilla.suse.com/962356 https://bugzilla.suse.com/962788 https://bugzilla.suse.com/962965 https://bugzilla.suse.com/963449 https://bugzilla.suse.com/963572 https://bugzilla.suse.com/963765 https://bugzilla.suse.com/963767 https://bugzilla.suse.com/963825 https://bugzilla.suse.com/964230 https://bugzilla.suse.com/964821 https://bugzilla.suse.com/965344 https://bugzilla.suse.com/965840 From sle-updates at lists.suse.com Thu Feb 25 13:25:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Feb 2016 21:25:49 +0100 (CET) Subject: SUSE-RU-2016:0586-1: moderate: Recommended update for systemd Message-ID: <20160225202549.6BA2E3214D@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0586-1 Rating: moderate References: #927250 #942946 #948458 #948555 #949574 #954336 #954781 #955469 #955770 #958295 #958935 #958937 #961226 #961576 #962080 #964355 #965475 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 17 recommended fixes can now be installed. Description: This update for systemd provides the following fixes: - Set "maximum number of udev children reached" message's log level to debug. (bsc#958295) - Properly sum up journald's entry size counter. This allows systemd services to generate a core dump when they crash. (bsc#961226) - Rework messages during shutdown. (bsc#955469) - Move net_persistent_rule generator to SCRIPTS. (bsc#958935) - Revert "Skip persistent device link creation on multipath device paths". (bsc#942946) - Make sure all swap units are ordered before the swap target. (bsc#955770) - Add minimal support for 'set-property' command to bash-completion. (bsc#948458) - Properly handle locale at boot time. (bsc#927250) - Allow systemd-sysv-convert to do its job even if one of the sysvinit scripts is not found. (bsc#954336) - Do not return error when paths in ReadOnlyDirectories= and InaccessibleDirectories= directives are prefixed with "-" and don't exist. (bsc#954781) - Ensure tmp.mount is started automatically at boot time. (bsc#949574) - Don't ship fix.service anymore on 13.1, not needed by v210 (boo#965475) - Fix wrong substitution variable name in systemd-udev-root-symlink.service.in (boo#964355) - udev firmware loading support has been removed from 13.1 - systemd-firstboot is also shipped by SLE12 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-330=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-330=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-330=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-devel-210-95.1 libudev-devel-210-95.1 systemd-debuginfo-210-95.1 systemd-debugsource-210-95.1 systemd-devel-210-95.1 typelib-1_0-GUdev-1_0-210-95.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-0-210-95.1 libgudev-1_0-0-debuginfo-210-95.1 libudev1-210-95.1 libudev1-debuginfo-210-95.1 systemd-210-95.1 systemd-debuginfo-210-95.1 systemd-debugsource-210-95.1 systemd-sysvinit-210-95.1 udev-210-95.1 udev-debuginfo-210-95.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgudev-1_0-0-32bit-210-95.1 libgudev-1_0-0-debuginfo-32bit-210-95.1 libudev1-32bit-210-95.1 libudev1-debuginfo-32bit-210-95.1 systemd-32bit-210-95.1 systemd-debuginfo-32bit-210-95.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): systemd-bash-completion-210-95.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libgudev-1_0-0-210-95.1 libgudev-1_0-0-32bit-210-95.1 libgudev-1_0-0-debuginfo-210-95.1 libgudev-1_0-0-debuginfo-32bit-210-95.1 libudev1-210-95.1 libudev1-32bit-210-95.1 libudev1-debuginfo-210-95.1 libudev1-debuginfo-32bit-210-95.1 systemd-210-95.1 systemd-32bit-210-95.1 systemd-debuginfo-210-95.1 systemd-debuginfo-32bit-210-95.1 systemd-debugsource-210-95.1 systemd-sysvinit-210-95.1 udev-210-95.1 udev-debuginfo-210-95.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): systemd-bash-completion-210-95.1 References: https://bugzilla.suse.com/927250 https://bugzilla.suse.com/942946 https://bugzilla.suse.com/948458 https://bugzilla.suse.com/948555 https://bugzilla.suse.com/949574 https://bugzilla.suse.com/954336 https://bugzilla.suse.com/954781 https://bugzilla.suse.com/955469 https://bugzilla.suse.com/955770 https://bugzilla.suse.com/958295 https://bugzilla.suse.com/958935 https://bugzilla.suse.com/958937 https://bugzilla.suse.com/961226 https://bugzilla.suse.com/961576 https://bugzilla.suse.com/962080 https://bugzilla.suse.com/964355 https://bugzilla.suse.com/965475 From sle-updates at lists.suse.com Thu Feb 25 13:29:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Feb 2016 21:29:13 +0100 (CET) Subject: SUSE-RU-2016:0587-1: moderate: Recommended update for systemd Message-ID: <20160225202914.017E43214D@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0587-1 Rating: moderate References: #927250 #942946 #948458 #948555 #949574 #955469 #955770 #958295 #958935 #958937 #961226 #961576 #962080 #964355 #965475 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 15 recommended fixes can now be installed. Description: This update for systemd provides the following fixes: - Set "maximum number of udev children reached" message's log level to debug. (bsc#958295) - Properly sum up journald's entry size counter. This allows systemd services to generate a core dump when they crash. (bsc#961226) - Rework messages during shutdown. (bsc#955469) - Move net_persistent_rule generator to SCRIPTS. (bsc#958935) - Revert "Skip persistent device link creation on multipath device paths". (bsc#942946) - Make sure all swap units are ordered before the swap target. (bsc#955770) - Add minimal support for 'set-property' command to bash-completion. (bsc#948458) - Properly handle locale at boot time. (bsc#927250) - Ensure tmp.mount is started automatically at boot time. (bsc#949574) - Don't ship fix.service anymore on 13.1, not needed by v210 (boo#965475) - Fix wrong substitution variable name in systemd-udev-root-symlink.service.in (boo#964355) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-331=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-331=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-331=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libgudev-1_0-devel-210-70.39.1 libudev-devel-210-70.39.1 systemd-debuginfo-210-70.39.1 systemd-debugsource-210-70.39.1 systemd-devel-210-70.39.1 typelib-1_0-GUdev-1_0-210-70.39.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libgudev-1_0-0-210-70.39.1 libgudev-1_0-0-debuginfo-210-70.39.1 libudev1-210-70.39.1 libudev1-debuginfo-210-70.39.1 systemd-210-70.39.1 systemd-debuginfo-210-70.39.1 systemd-debugsource-210-70.39.1 systemd-sysvinit-210-70.39.1 udev-210-70.39.1 udev-debuginfo-210-70.39.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgudev-1_0-0-32bit-210-70.39.1 libgudev-1_0-0-debuginfo-32bit-210-70.39.1 libudev1-32bit-210-70.39.1 libudev1-debuginfo-32bit-210-70.39.1 systemd-32bit-210-70.39.1 systemd-debuginfo-32bit-210-70.39.1 - SUSE Linux Enterprise Server 12 (noarch): systemd-bash-completion-210-70.39.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libgudev-1_0-0-210-70.39.1 libgudev-1_0-0-32bit-210-70.39.1 libgudev-1_0-0-debuginfo-210-70.39.1 libgudev-1_0-0-debuginfo-32bit-210-70.39.1 libudev1-210-70.39.1 libudev1-32bit-210-70.39.1 libudev1-debuginfo-210-70.39.1 libudev1-debuginfo-32bit-210-70.39.1 systemd-210-70.39.1 systemd-32bit-210-70.39.1 systemd-debuginfo-210-70.39.1 systemd-debuginfo-32bit-210-70.39.1 systemd-debugsource-210-70.39.1 systemd-sysvinit-210-70.39.1 udev-210-70.39.1 udev-debuginfo-210-70.39.1 - SUSE Linux Enterprise Desktop 12 (noarch): systemd-bash-completion-210-70.39.1 References: https://bugzilla.suse.com/927250 https://bugzilla.suse.com/942946 https://bugzilla.suse.com/948458 https://bugzilla.suse.com/948555 https://bugzilla.suse.com/949574 https://bugzilla.suse.com/955469 https://bugzilla.suse.com/955770 https://bugzilla.suse.com/958295 https://bugzilla.suse.com/958935 https://bugzilla.suse.com/958937 https://bugzilla.suse.com/961226 https://bugzilla.suse.com/961576 https://bugzilla.suse.com/962080 https://bugzilla.suse.com/964355 https://bugzilla.suse.com/965475 From sle-updates at lists.suse.com Fri Feb 26 08:11:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Feb 2016 16:11:29 +0100 (CET) Subject: SUSE-RU-2016:0594-1: Recommended update for cloud-regionsrv-client Message-ID: <20160226151129.4281B3214F@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0594-1 Rating: low References: #968128 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client provides the following fixes: - Do not attempt to generate the product list using remote repositories. (bsc#968128) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-332=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-6.4.5-34.1 cloud-regionsrv-client-generic-config-1.0.0-34.1 cloud-regionsrv-client-plugin-gce-1.0.0-34.1 References: https://bugzilla.suse.com/968128 From sle-updates at lists.suse.com Fri Feb 26 08:11:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Feb 2016 16:11:56 +0100 (CET) Subject: SUSE-RU-2016:0595-1: Recommended update for jack Message-ID: <20160226151157.58D4532154@maintenance.suse.de> SUSE Recommended Update: Recommended update for jack ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0595-1 Rating: low References: #951213 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Jack was updated to no longer rely on CPU cycles to measure time. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-333=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-333=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-333=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-333=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-333=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-333=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-333=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-333=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): jack-1.9.9.5-8.2 jack-32bit-1.9.9.5-8.2 jack-debuginfo-1.9.9.5-8.2 jack-debuginfo-32bit-1.9.9.5-8.2 jack-debugsource-1.9.9.5-8.2 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): jack-1.9.9.5-8.2 jack-32bit-1.9.9.5-8.2 jack-debuginfo-1.9.9.5-8.2 jack-debuginfo-32bit-1.9.9.5-8.2 jack-debugsource-1.9.9.5-8.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): jack-debuginfo-1.9.9.5-8.2 jack-debugsource-1.9.9.5-8.2 libjack-devel-1.9.9.5-8.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): jack-debuginfo-1.9.9.5-8.2 jack-debugsource-1.9.9.5-8.2 libjack-devel-1.9.9.5-8.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): jack-debuginfo-1.9.9.5-8.2 jack-debugsource-1.9.9.5-8.2 libjack0-1.9.9.5-8.2 libjack0-debuginfo-1.9.9.5-8.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): jack-debuginfo-32bit-1.9.9.5-8.2 libjack0-32bit-1.9.9.5-8.2 libjack0-debuginfo-32bit-1.9.9.5-8.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): jack-debuginfo-1.9.9.5-8.2 jack-debugsource-1.9.9.5-8.2 libjack0-1.9.9.5-8.2 libjack0-debuginfo-1.9.9.5-8.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): jack-debuginfo-32bit-1.9.9.5-8.2 libjack0-32bit-1.9.9.5-8.2 libjack0-debuginfo-32bit-1.9.9.5-8.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): jack-1.9.9.5-8.2 jack-32bit-1.9.9.5-8.2 jack-debuginfo-1.9.9.5-8.2 jack-debuginfo-32bit-1.9.9.5-8.2 jack-debugsource-1.9.9.5-8.2 libjack0-1.9.9.5-8.2 libjack0-32bit-1.9.9.5-8.2 libjack0-debuginfo-1.9.9.5-8.2 libjack0-debuginfo-32bit-1.9.9.5-8.2 - SUSE Linux Enterprise Desktop 12 (x86_64): jack-1.9.9.5-8.2 jack-32bit-1.9.9.5-8.2 jack-debuginfo-1.9.9.5-8.2 jack-debuginfo-32bit-1.9.9.5-8.2 jack-debugsource-1.9.9.5-8.2 libjack0-1.9.9.5-8.2 libjack0-32bit-1.9.9.5-8.2 libjack0-debuginfo-1.9.9.5-8.2 libjack0-debuginfo-32bit-1.9.9.5-8.2 References: https://bugzilla.suse.com/951213 From sle-updates at lists.suse.com Fri Feb 26 10:11:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Feb 2016 18:11:24 +0100 (CET) Subject: SUSE-RU-2016:0596-1: moderate: Recommended update for suse-module-tools Message-ID: <20160226171124.F3C5632154@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0596-1 Rating: moderate References: #965830 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-module-tools contains the following change: - Add missing RPM Requires for module-init-tools, findutils, gzip, and mkinitrd (bnc#965830). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-334=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-334=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): suse-module-tools-12.3-21.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): suse-module-tools-12.3-21.1 References: https://bugzilla.suse.com/965830 From sle-updates at lists.suse.com Fri Feb 26 11:11:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Feb 2016 19:11:19 +0100 (CET) Subject: SUSE-SU-2016:0597-1: moderate: Security update for rubygem-activemodel-4_1 Message-ID: <20160226181119.29E7C3214F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activemodel-4_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0597-1 Rating: moderate References: #963334 Cross-References: CVE-2016-0753 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activemodel-4_1 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention (bsc#963334) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-activemodel-4_1-12422=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-activemodel-4_1-4.1.9-9.1 References: https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963334 From sle-updates at lists.suse.com Fri Feb 26 11:11:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Feb 2016 19:11:39 +0100 (CET) Subject: SUSE-SU-2016:0598-1: moderate: Security update for rubygem-activerecord-4_1 Message-ID: <20160226181139.DB5B932154@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activerecord-4_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0598-1 Rating: moderate References: #963330 #963334 Cross-References: CVE-2015-7577 CVE-2016-0753 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-activerecord-4_1 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention (bsc#963334) - CVE-2015-7577: Nested attributes rejection proc bypass (bsc#963330) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-activerecord-4_1-12423=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-activerecord-4_1-4.1.9-9.1 References: https://www.suse.com/security/cve/CVE-2015-7577.html https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963330 https://bugzilla.suse.com/963334 From sle-updates at lists.suse.com Fri Feb 26 11:12:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Feb 2016 19:12:10 +0100 (CET) Subject: SUSE-SU-2016:0599-1: moderate: Security update for rubygem-actionview-4_1 Message-ID: <20160226181210.1BE3632154@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionview-4_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0599-1 Rating: moderate References: #963332 Cross-References: CVE-2016-0752 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionview-4_1 fixes the following issues: - CVE-2016-0752: directory traversal and information leak in Action View (bsc#963332) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-actionview-4_1-12421=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-actionview-4_1-4.1.9-9.1 References: https://www.suse.com/security/cve/CVE-2016-0752.html https://bugzilla.suse.com/963332 From sle-updates at lists.suse.com Fri Feb 26 11:12:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Feb 2016 19:12:28 +0100 (CET) Subject: SUSE-SU-2016:0600-1: moderate: Security update for rubygem-activesupport-4_1 Message-ID: <20160226181228.D431532154@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activesupport-4_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0600-1 Rating: moderate References: #963329 #963334 Cross-References: CVE-2015-7576 CVE-2016-0753 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-activesupport-4_1 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention (bsc#963334) - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (bsc#963329) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-activesupport-4_1-12424=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-activesupport-4_1-4.1.9-12.1 References: https://www.suse.com/security/cve/CVE-2015-7576.html https://www.suse.com/security/cve/CVE-2016-0753.html https://bugzilla.suse.com/963329 https://bugzilla.suse.com/963334 From sle-updates at lists.suse.com Mon Feb 29 07:12:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Feb 2016 15:12:02 +0100 (CET) Subject: SUSE-RU-2016:0606-1: Recommended update for sax2 Message-ID: <20160229141202.1B55E320A4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sax2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0606-1 Rating: low References: #952013 #961731 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Desktop 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sax2 provides the following fixes: - No longer use 'vesa' driver for a special combination of vendor/device/subvendor/ subdevice of i845 GPU used by IBM. This is no longer needed with the KMS driver meanwhile used on SLE 11. Use 'intel' driver for this hardware instead. (bsc#961731) - Check if the driver that's requested is really installed on the system. This is useful when starting SaX2 from a running X session. (bsc#952013) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-sax2-12428=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-sax2-12428=1 - SUSE Linux Enterprise Desktop 11-SP4: zypper in -t patch sledsp4-sax2-12428=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-sax2-12428=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 x86_64): sax2-libsax-devel-8.1-561.597.4 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): sax2-libsax-python-8.1-561.597.4 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): sax2-tools-8.1-561.597.4 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): sax2-8.1-561.597.4 sax2-gui-8.1-561.597.4 sax2-ident-8.1-561.597.4 sax2-libsax-8.1-561.597.4 sax2-libsax-perl-8.1-561.597.4 sax2-libsax-python-8.1-561.597.4 - SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64): sax2-8.1-561.597.4 sax2-gui-8.1-561.597.4 sax2-ident-8.1-561.597.4 sax2-libsax-8.1-561.597.4 sax2-libsax-perl-8.1-561.597.4 sax2-tools-8.1-561.597.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): sax2-debuginfo-8.1-561.597.4 sax2-debugsource-8.1-561.597.4 References: https://bugzilla.suse.com/952013 https://bugzilla.suse.com/961731 From sle-updates at lists.suse.com Mon Feb 29 13:11:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Feb 2016 21:11:27 +0100 (CET) Subject: SUSE-RU-2016:0607-1: Recommended update for fontforge Message-ID: <20160229201127.2EDC63214F@maintenance.suse.de> SUSE Recommended Update: Recommended update for fontforge ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0607-1 Rating: low References: #963023 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fontforge provides the following fixes: - Do not crash on invalid input data when EOF is reached. (bsc#963023) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-346=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-346=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): fontforge-20120731-10.6 fontforge-debuginfo-20120731-10.6 fontforge-debugsource-20120731-10.6 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): fontforge-20120731-10.6 fontforge-debuginfo-20120731-10.6 fontforge-debugsource-20120731-10.6 References: https://bugzilla.suse.com/963023 From sle-updates at lists.suse.com Mon Feb 29 13:11:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Feb 2016 21:11:50 +0100 (CET) Subject: SUSE-RU-2016:0608-1: Recommended update for biosdevname Message-ID: <20160229201150.6DC4132154@maintenance.suse.de> SUSE Recommended Update: Recommended update for biosdevname ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:0608-1 Rating: low References: #965581 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for biosdevname provides the following fixes: - In ConnectX-4 based devices, each physical port has a dedicated PCI function. Apply special handling for only ConnectX-3 based devices where single PCI function is shared by multiple physical ports. (bsc#965581) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-345=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-345=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (x86_64): biosdevname-0.6.2-3.1 biosdevname-debuginfo-0.6.2-3.1 biosdevname-debugsource-0.6.2-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): biosdevname-0.6.2-3.1 biosdevname-debuginfo-0.6.2-3.1 biosdevname-debugsource-0.6.2-3.1 References: https://bugzilla.suse.com/965581