From sle-updates at lists.suse.com Wed Jun 1 04:07:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 12:07:50 +0200 (CEST) Subject: SUSE-SU-2016:1459-1: important: Security update for cyrus-imapd Message-ID: <20160601100750.D3297FF4F@maintenance.suse.de> SUSE Security Update: Security update for cyrus-imapd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1459-1 Rating: important References: #860611 #901748 #954200 #954201 #981670 Cross-References: CVE-2014-3566 CVE-2015-8076 CVE-2015-8077 CVE-2015-8078 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for cyrus-imapd fixes the following issues: - Previous versions of cyrus-imapd would not allow its users to disable old SSL variants that are vulnerable to attacks like BEAST and POODLE. This patch adds the configuration option 'tls_versions' to remedy that issue. Note that users who upgrade an existing installation will *not* have their imapd.conf file overwritten, i.e. their IMAP server will continue to support SSLv2 and SSLv3 like before. To disable support for those protocols, edit imapd.conf manually to include "tls_versions: tls1_0 tls1_1 tls1_2". New installations, however, will have an imapd.conf file that contains these settings already, i.e. newly installed IMAP servers do *not* support unsafe versions of SSL unless that support is explicitly enabled by the user. (bsc#901748) - An integer overflow vulnerability in cyrus-imapd's urlfetch range checking code was fixed. (CVE-2015-8076, CVE-2015-8077, CVE-2015-8078, bsc#981670, bsc#954200, bsc#954201) - Support for Elliptic Curve Diffie???Hellman (ECDH) has been added to cyrus-imapd. (bsc#860611) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-cyrus-imapd-12589=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-cyrus-imapd-12589=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cyrus-imapd-12589=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): cyrus-imapd-devel-2.3.11-60.65.67.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): perl-Cyrus-IMAP-2.3.11-60.65.67.1 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): cyrus-imapd-2.3.11-60.65.67.1 perl-Cyrus-IMAP-2.3.11-60.65.67.1 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): cyrus-imapd-debuginfo-2.3.11-60.65.67.1 cyrus-imapd-debugsource-2.3.11-60.65.67.1 References: https://www.suse.com/security/cve/CVE-2014-3566.html https://www.suse.com/security/cve/CVE-2015-8076.html https://www.suse.com/security/cve/CVE-2015-8077.html https://www.suse.com/security/cve/CVE-2015-8078.html https://bugzilla.suse.com/860611 https://bugzilla.suse.com/901748 https://bugzilla.suse.com/954200 https://bugzilla.suse.com/954201 https://bugzilla.suse.com/981670 From sle-updates at lists.suse.com Wed Jun 1 07:10:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 15:10:18 +0200 (CEST) Subject: SUSE-SU-2016:1465-1: moderate: Recommended update for NetworkManager-kde4 Message-ID: <20160601131018.89EA5FF50@maintenance.suse.de> SUSE Security Update: Recommended update for NetworkManager-kde4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1465-1 Rating: moderate References: #663413 #726349 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This NetworkManager-kde4 update fixes the following security and non security issues: - Fixed a long standing security issue. This makes knetworkmanager probe the RADIUS server for a CA certificate subject and hash if no CA certificate is specified. knetworkmanager then stores this data and send it to NetworkManager for it to do a network validation in the absence of a real certificate (bsc#726349) - Disabled the loading by default of the NetworkManager plasma applet since it doesn't work. - Fixed a crash due to the use of an uninitialized variable in the plasma applet in case someone runs it manually (bsc#663413) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-NetworkManager-kde4-12590=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-NetworkManager-kde4-12590=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): NetworkManager-kde4-0.9.svn1043876-1.3.15 NetworkManager-kde4-lang-0.9.svn1043876-1.3.15 NetworkManager-kde4-libs-0.9.svn1043876-1.3.15 NetworkManager-openvpn-kde4-0.9.svn1043876-1.3.15 NetworkManager-pptp-kde4-0.9.svn1043876-1.3.15 plasmoid-networkmanagement-0.9.svn1043876-1.3.15 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 x86_64): NetworkManager-kde4-debuginfo-0.9.svn1043876-1.3.15 NetworkManager-kde4-debugsource-0.9.svn1043876-1.3.15 References: https://bugzilla.suse.com/663413 https://bugzilla.suse.com/726349 From sle-updates at lists.suse.com Wed Jun 1 09:08:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 17:08:16 +0200 (CEST) Subject: SUSE-RU-2016:1468-1: moderate: Recommended update for systemd Message-ID: <20160601150816.E4E69FF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1468-1 Rating: moderate References: #964934 #980303 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Re-add NVMe entries to udev's 60-persistent-storage.rules. (bsc#980303) - Always create dependencies for bind mounts and loop devices. (bsc#964934) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-870=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-870=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-870=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libgudev-1_0-devel-210-70.51.1 libudev-devel-210-70.51.1 systemd-debuginfo-210-70.51.1 systemd-debugsource-210-70.51.1 systemd-devel-210-70.51.1 typelib-1_0-GUdev-1_0-210-70.51.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libgudev-1_0-0-210-70.51.1 libgudev-1_0-0-debuginfo-210-70.51.1 libudev1-210-70.51.1 libudev1-debuginfo-210-70.51.1 systemd-210-70.51.1 systemd-debuginfo-210-70.51.1 systemd-debugsource-210-70.51.1 systemd-sysvinit-210-70.51.1 udev-210-70.51.1 udev-debuginfo-210-70.51.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgudev-1_0-0-32bit-210-70.51.1 libgudev-1_0-0-debuginfo-32bit-210-70.51.1 libudev1-32bit-210-70.51.1 libudev1-debuginfo-32bit-210-70.51.1 systemd-32bit-210-70.51.1 systemd-debuginfo-32bit-210-70.51.1 - SUSE Linux Enterprise Server 12 (noarch): systemd-bash-completion-210-70.51.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libgudev-1_0-0-210-70.51.1 libgudev-1_0-0-32bit-210-70.51.1 libgudev-1_0-0-debuginfo-210-70.51.1 libgudev-1_0-0-debuginfo-32bit-210-70.51.1 libudev1-210-70.51.1 libudev1-32bit-210-70.51.1 libudev1-debuginfo-210-70.51.1 libudev1-debuginfo-32bit-210-70.51.1 systemd-210-70.51.1 systemd-32bit-210-70.51.1 systemd-debuginfo-210-70.51.1 systemd-debuginfo-32bit-210-70.51.1 systemd-debugsource-210-70.51.1 systemd-sysvinit-210-70.51.1 udev-210-70.51.1 udev-debuginfo-210-70.51.1 - SUSE Linux Enterprise Desktop 12 (noarch): systemd-bash-completion-210-70.51.1 References: https://bugzilla.suse.com/964934 https://bugzilla.suse.com/980303 From sle-updates at lists.suse.com Wed Jun 1 09:08:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 17:08:48 +0200 (CEST) Subject: SUSE-RU-2016:1469-1: moderate: Recommended update for susestudio Message-ID: <20160601150848.B5374FF50@maintenance.suse.de> SUSE Recommended Update: Recommended update for susestudio ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1469-1 Rating: moderate References: #947233 #955230 #962466 #963028 #963035 #963861 #977677 Affected Products: SUSE Studio Onsite 1.3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update provides SUSE Studio 1.3.13, which brings templates for SLES 12 SP1. Additionally, the following issues have been fixed: - No SLES 11 SP4 upgrade option for SLES 11 SP3 based appliance when SLES 11 SP4 template is released to Studio Onsite. (bsc#963861) - Overlay files have several highlighted in green. (bsc#947233) - Diary does not provide appliance detail. (bsc#955230) - "View Files" button missing from PXE builds. (bsc#963028) - Cannot configure SLES 11 SP4 appliances after update. (bsc#963035) - Boot script fails to run with SLES 12 appliance. (bsc#962466) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-susestudio-12591=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): Containment-Studio-SLE12_SP1-7.02.75-20160511172436 susestudio-1.3.13-42.1 susestudio-bundled-packages-1.3.13-42.1 susestudio-common-1.3.13-42.1 susestudio-runner-1.3.13-42.1 susestudio-sid-1.3.13-42.1 susestudio-ui-server-1.3.13-42.1 References: https://bugzilla.suse.com/947233 https://bugzilla.suse.com/955230 https://bugzilla.suse.com/962466 https://bugzilla.suse.com/963028 https://bugzilla.suse.com/963035 https://bugzilla.suse.com/963861 https://bugzilla.suse.com/977677 From sle-updates at lists.suse.com Wed Jun 1 09:10:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 17:10:03 +0200 (CEST) Subject: SUSE-RU-2016:1470-1: moderate: Recommended update for systemd Message-ID: <20160601151003.19520FF50@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1470-1 Rating: moderate References: #964934 #980303 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Re-add NVMe entries to udev's 60-persistent-storage.rules. (bsc#980303) - Always create dependencies for bind mounts and loop devices. (bsc#964934) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-869=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-869=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-869=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-devel-210-107.1 libudev-devel-210-107.1 systemd-debuginfo-210-107.1 systemd-debugsource-210-107.1 systemd-devel-210-107.1 typelib-1_0-GUdev-1_0-210-107.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-0-210-107.1 libgudev-1_0-0-debuginfo-210-107.1 libudev1-210-107.1 libudev1-debuginfo-210-107.1 systemd-210-107.1 systemd-debuginfo-210-107.1 systemd-debugsource-210-107.1 systemd-sysvinit-210-107.1 udev-210-107.1 udev-debuginfo-210-107.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgudev-1_0-0-32bit-210-107.1 libgudev-1_0-0-debuginfo-32bit-210-107.1 libudev1-32bit-210-107.1 libudev1-debuginfo-32bit-210-107.1 systemd-32bit-210-107.1 systemd-debuginfo-32bit-210-107.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): systemd-bash-completion-210-107.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libgudev-1_0-0-210-107.1 libgudev-1_0-0-32bit-210-107.1 libgudev-1_0-0-debuginfo-210-107.1 libgudev-1_0-0-debuginfo-32bit-210-107.1 libudev1-210-107.1 libudev1-32bit-210-107.1 libudev1-debuginfo-210-107.1 libudev1-debuginfo-32bit-210-107.1 systemd-210-107.1 systemd-32bit-210-107.1 systemd-debuginfo-210-107.1 systemd-debuginfo-32bit-210-107.1 systemd-debugsource-210-107.1 systemd-sysvinit-210-107.1 udev-210-107.1 udev-debuginfo-210-107.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): systemd-bash-completion-210-107.1 References: https://bugzilla.suse.com/964934 https://bugzilla.suse.com/980303 From sle-updates at lists.suse.com Wed Jun 1 10:08:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 18:08:18 +0200 (CEST) Subject: SUSE-SU-2016:1471-1: important: Security update for ntp Message-ID: <20160601160818.1B5B8FF51@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1471-1 Rating: important References: #957226 #977446 #977450 #977451 #977452 #977455 #977457 #977458 #977459 #977461 #977464 Cross-References: CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for ntp fixes the following issues: - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". - Update to 4.2.8p7 (bsc#977446): * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * integrate ntp-fork.patch * Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (bsc#957226). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ntp-12592=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-ntp-12592=1 - SUSE Manager 2.1: zypper in -t patch sleman21-ntp-12592=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ntp-12592=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ntp-12592=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ntp-12592=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-ntp-12592=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ntp-4.2.8p7-44.1 ntp-doc-4.2.8p7-44.1 - SUSE Manager Proxy 2.1 (x86_64): ntp-4.2.8p7-44.1 ntp-doc-4.2.8p7-44.1 - SUSE Manager 2.1 (s390x x86_64): ntp-4.2.8p7-44.1 ntp-doc-4.2.8p7-44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ntp-4.2.8p7-44.1 ntp-doc-4.2.8p7-44.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): ntp-4.2.8p7-44.1 ntp-doc-4.2.8p7-44.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ntp-debuginfo-4.2.8p7-44.1 ntp-debugsource-4.2.8p7-44.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): ntp-debuginfo-4.2.8p7-44.1 ntp-debugsource-4.2.8p7-44.1 References: https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2016-1547.html https://www.suse.com/security/cve/CVE-2016-1548.html https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2016-1550.html https://www.suse.com/security/cve/CVE-2016-1551.html https://www.suse.com/security/cve/CVE-2016-2516.html https://www.suse.com/security/cve/CVE-2016-2517.html https://www.suse.com/security/cve/CVE-2016-2518.html https://www.suse.com/security/cve/CVE-2016-2519.html https://bugzilla.suse.com/957226 https://bugzilla.suse.com/977446 https://bugzilla.suse.com/977450 https://bugzilla.suse.com/977451 https://bugzilla.suse.com/977452 https://bugzilla.suse.com/977455 https://bugzilla.suse.com/977457 https://bugzilla.suse.com/977458 https://bugzilla.suse.com/977459 https://bugzilla.suse.com/977461 https://bugzilla.suse.com/977464 From sle-updates at lists.suse.com Wed Jun 1 13:07:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 21:07:58 +0200 (CEST) Subject: SUSE-RU-2016:1472-1: important: Recommended update for multipath-tools Message-ID: <20160601190758.7EC84FF51@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1472-1 Rating: important References: #980933 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for multipath-tools fixes a regression introduced with the previous update. After a single path loss, multipath could loose the complete map. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-multipath-tools-12593=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-multipath-tools-12593=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kpartx-0.4.9-115.1 multipath-tools-0.4.9-115.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): multipath-tools-debuginfo-0.4.9-115.1 multipath-tools-debugsource-0.4.9-115.1 References: https://bugzilla.suse.com/980933 From sle-updates at lists.suse.com Wed Jun 1 15:08:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Jun 2016 23:08:41 +0200 (CEST) Subject: SUSE-RU-2016:1473-1: important: Recommended update for java-1_6_0-ibm Message-ID: <20160601210841.2EF9FFF51@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1473-1 Rating: important References: #981087 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-1_6_0-ibm fixes the following issues: - Update to sr16 fp26 to fix a regression in TLS handling. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_6_0-ibm-12594=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_6_0-ibm-12594=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_6_0-ibm-12594=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_6_0-ibm-12594=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-12594=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_6_0-ibm-1.6.0_sr16.26-72.1 java-1_6_0-ibm-devel-1.6.0_sr16.26-72.1 java-1_6_0-ibm-fonts-1.6.0_sr16.26-72.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.26-72.1 java-1_6_0-ibm-plugin-1.6.0_sr16.26-72.1 - SUSE Manager Proxy 2.1 (x86_64): java-1_6_0-ibm-1.6.0_sr16.26-72.1 java-1_6_0-ibm-devel-1.6.0_sr16.26-72.1 java-1_6_0-ibm-fonts-1.6.0_sr16.26-72.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.26-72.1 java-1_6_0-ibm-plugin-1.6.0_sr16.26-72.1 - SUSE Manager 2.1 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.26-72.1 java-1_6_0-ibm-devel-1.6.0_sr16.26-72.1 java-1_6_0-ibm-fonts-1.6.0_sr16.26-72.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.26-72.1 - SUSE Manager 2.1 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.26-72.1 java-1_6_0-ibm-devel-1.6.0_sr16.26-72.1 java-1_6_0-ibm-fonts-1.6.0_sr16.26-72.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.26-72.1 java-1_6_0-ibm-devel-1.6.0_sr16.26-72.1 java-1_6_0-ibm-fonts-1.6.0_sr16.26-72.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.26-72.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.26-72.1 References: https://bugzilla.suse.com/981087 From sle-updates at lists.suse.com Wed Jun 1 17:07:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 01:07:41 +0200 (CEST) Subject: SUSE-RU-2016:1474-1: moderate: Recommended update for rubygem-chef Message-ID: <20160601230741.CB3F1FF51@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1474-1 Rating: moderate References: #960012 #967792 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Enterprise Storage 2 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-chef fixes the following issues: - Handle zypper exit code 106 (failure to refresh one or more repositories) as not fatal. (bsc#967792) - Use /usr/bin/chef-client instead of startproc in init file. (bsc#960012) - Update the public key of an existing client. This is needed to be able to restore the webui and validation keys, which are usually already existing when restoring a backup. - Allow (re-)creating clients with public_key. E.g. when restoring from JSON. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-875=1 - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2016-875=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2016-875=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (x86_64): ruby2.1-rubygem-chef-10.32.2-15.2 rubygem-chef-10.32.2-15.2 - SUSE Enterprise Storage 2 (x86_64): ruby2.1-rubygem-chef-10.32.2-15.2 rubygem-chef-10.32.2-15.2 - SUSE Enterprise Storage 1.0 (x86_64): ruby2.1-rubygem-chef-10.32.2-15.2 rubygem-chef-10.32.2-15.2 References: https://bugzilla.suse.com/960012 https://bugzilla.suse.com/967792 From sle-updates at lists.suse.com Thu Jun 2 03:08:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 11:08:10 +0200 (CEST) Subject: SUSE-SU-2016:1475-1: important: Security update for java-1_8_0-ibm Message-ID: <20160602090810.D461CFF51@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1475-1 Rating: important References: #965665 #977646 #977648 #977650 #979252 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - IBM Java 80-3.0 released: (bsc#977646 bsc#977648 bsc#977650 bsc#979252) CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426 - There is no HtmlConverter and apt provided by jdk8 bsc#965665 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-876=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-876=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr3.0-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr3.0-10.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr3.0-10.1 java-1_8_0-ibm-plugin-1.8.0_sr3.0-10.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/965665 https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 From sle-updates at lists.suse.com Thu Jun 2 07:08:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 15:08:56 +0200 (CEST) Subject: SUSE-RU-2016:1477-1: moderate: Recommended update for clamav Message-ID: <20160602130856.F002DFF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamav ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1477-1 Rating: moderate References: #978459 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: ClamAV was updated to version 0.99.2, which brings fixes and enhancements: - Fix 7z's FolderStartPackStreamIndex array index check. - Print all CDBNAME entries for a zip file when using the -z flag. - clamunrar: Notice if unpacking comment failed. - Use temporary variable for realloc to prevent pointer loss. - freshclam: Avoid random data in mirrors.dat. - libclamav: Print raw certificate metadata. - Fix download and verification of *.cld through PrivateMirrors. - Suppress IP notification when using proxy. - Remove redundant mempool assignment. - Divide out dumpcerts output for better readability. - Fix dconf and option handling for nocert and dumpcert. - Increase clamd's soft file descriptor to its potential maximum on 64-bit systems. - Move libfreshclam config to m4/reorganization. - Add 'cdb' datafile to sigtools list of datafile types. - Prevent memory allocations on used pointers. - Check packSizes prior to dereference - Fix inconsistent folder state on failure. - Add sanity checks to 7z header parsing. For a comprehensive list of fixes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-877=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-877=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-877=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-877=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): clamav-0.99.2-25.1 clamav-debuginfo-0.99.2-25.1 clamav-debugsource-0.99.2-25.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): clamav-0.99.2-25.1 clamav-debuginfo-0.99.2-25.1 clamav-debugsource-0.99.2-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): clamav-0.99.2-25.1 clamav-debuginfo-0.99.2-25.1 clamav-debugsource-0.99.2-25.1 - SUSE Linux Enterprise Desktop 12 (x86_64): clamav-0.99.2-25.1 clamav-debuginfo-0.99.2-25.1 clamav-debugsource-0.99.2-25.1 References: https://bugzilla.suse.com/978459 From sle-updates at lists.suse.com Thu Jun 2 10:08:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 18:08:33 +0200 (CEST) Subject: SUSE-RU-2016:1478-1: important: Recommended update for samba Message-ID: <20160602160833.E67EFFF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1478-1 Rating: important References: #977669 #979268 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Samba provides the following fixes: - Fix libads' record session expiry for spnego sasl binds. (bsc#979268) - Fix NT_STATUS_ACCESS_DENIED when accessing windows public share. - Only validate MIC if "map to guest" is not being used. - NetAPP SMB servers don't negotiate NTLMSSP_SIGN. (bsc#977669) - Fix non-working anonymous smb connections. - Handle broken mechListMIC response from Windows 2000. - wbinfo -u or net ads search doesn't work anymore. - Fix regressions regarding the NTLMSSP hardening of CVE-2016-2110. - Allow Domain member resolve trusted domains' users. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-878=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-878=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-878=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-878=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ctdb-debuginfo-4.2.4-18.20.1 ctdb-devel-4.2.4-18.20.1 libdcerpc-atsvc-devel-4.2.4-18.20.1 libdcerpc-atsvc0-4.2.4-18.20.1 libdcerpc-atsvc0-debuginfo-4.2.4-18.20.1 libdcerpc-devel-4.2.4-18.20.1 libdcerpc-samr-devel-4.2.4-18.20.1 libdcerpc-samr0-4.2.4-18.20.1 libdcerpc-samr0-debuginfo-4.2.4-18.20.1 libgensec-devel-4.2.4-18.20.1 libndr-devel-4.2.4-18.20.1 libndr-krb5pac-devel-4.2.4-18.20.1 libndr-nbt-devel-4.2.4-18.20.1 libndr-standard-devel-4.2.4-18.20.1 libnetapi-devel-4.2.4-18.20.1 libregistry-devel-4.2.4-18.20.1 libsamba-credentials-devel-4.2.4-18.20.1 libsamba-hostconfig-devel-4.2.4-18.20.1 libsamba-passdb-devel-4.2.4-18.20.1 libsamba-policy-devel-4.2.4-18.20.1 libsamba-policy0-4.2.4-18.20.1 libsamba-policy0-debuginfo-4.2.4-18.20.1 libsamba-util-devel-4.2.4-18.20.1 libsamdb-devel-4.2.4-18.20.1 libsmbclient-devel-4.2.4-18.20.1 libsmbclient-raw-devel-4.2.4-18.20.1 libsmbconf-devel-4.2.4-18.20.1 libsmbldap-devel-4.2.4-18.20.1 libtevent-util-devel-4.2.4-18.20.1 libwbclient-devel-4.2.4-18.20.1 samba-core-devel-4.2.4-18.20.1 samba-debuginfo-4.2.4-18.20.1 samba-debugsource-4.2.4-18.20.1 samba-test-devel-4.2.4-18.20.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libdcerpc-binding0-4.2.4-18.20.1 libdcerpc-binding0-debuginfo-4.2.4-18.20.1 libdcerpc0-4.2.4-18.20.1 libdcerpc0-debuginfo-4.2.4-18.20.1 libgensec0-4.2.4-18.20.1 libgensec0-debuginfo-4.2.4-18.20.1 libndr-krb5pac0-4.2.4-18.20.1 libndr-krb5pac0-debuginfo-4.2.4-18.20.1 libndr-nbt0-4.2.4-18.20.1 libndr-nbt0-debuginfo-4.2.4-18.20.1 libndr-standard0-4.2.4-18.20.1 libndr-standard0-debuginfo-4.2.4-18.20.1 libndr0-4.2.4-18.20.1 libndr0-debuginfo-4.2.4-18.20.1 libnetapi0-4.2.4-18.20.1 libnetapi0-debuginfo-4.2.4-18.20.1 libregistry0-4.2.4-18.20.1 libregistry0-debuginfo-4.2.4-18.20.1 libsamba-credentials0-4.2.4-18.20.1 libsamba-credentials0-debuginfo-4.2.4-18.20.1 libsamba-hostconfig0-4.2.4-18.20.1 libsamba-hostconfig0-debuginfo-4.2.4-18.20.1 libsamba-passdb0-4.2.4-18.20.1 libsamba-passdb0-debuginfo-4.2.4-18.20.1 libsamba-util0-4.2.4-18.20.1 libsamba-util0-debuginfo-4.2.4-18.20.1 libsamdb0-4.2.4-18.20.1 libsamdb0-debuginfo-4.2.4-18.20.1 libsmbclient-raw0-4.2.4-18.20.1 libsmbclient-raw0-debuginfo-4.2.4-18.20.1 libsmbclient0-4.2.4-18.20.1 libsmbclient0-debuginfo-4.2.4-18.20.1 libsmbconf0-4.2.4-18.20.1 libsmbconf0-debuginfo-4.2.4-18.20.1 libsmbldap0-4.2.4-18.20.1 libsmbldap0-debuginfo-4.2.4-18.20.1 libtevent-util0-4.2.4-18.20.1 libtevent-util0-debuginfo-4.2.4-18.20.1 libwbclient0-4.2.4-18.20.1 libwbclient0-debuginfo-4.2.4-18.20.1 samba-4.2.4-18.20.1 samba-client-4.2.4-18.20.1 samba-client-debuginfo-4.2.4-18.20.1 samba-debuginfo-4.2.4-18.20.1 samba-debugsource-4.2.4-18.20.1 samba-libs-4.2.4-18.20.1 samba-libs-debuginfo-4.2.4-18.20.1 samba-winbind-4.2.4-18.20.1 samba-winbind-debuginfo-4.2.4-18.20.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-18.20.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.20.1 libdcerpc0-32bit-4.2.4-18.20.1 libdcerpc0-debuginfo-32bit-4.2.4-18.20.1 libgensec0-32bit-4.2.4-18.20.1 libgensec0-debuginfo-32bit-4.2.4-18.20.1 libndr-krb5pac0-32bit-4.2.4-18.20.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.20.1 libndr-nbt0-32bit-4.2.4-18.20.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.20.1 libndr-standard0-32bit-4.2.4-18.20.1 libndr-standard0-debuginfo-32bit-4.2.4-18.20.1 libndr0-32bit-4.2.4-18.20.1 libndr0-debuginfo-32bit-4.2.4-18.20.1 libnetapi0-32bit-4.2.4-18.20.1 libnetapi0-debuginfo-32bit-4.2.4-18.20.1 libsamba-credentials0-32bit-4.2.4-18.20.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.20.1 libsamba-hostconfig0-32bit-4.2.4-18.20.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.20.1 libsamba-passdb0-32bit-4.2.4-18.20.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.20.1 libsamba-util0-32bit-4.2.4-18.20.1 libsamba-util0-debuginfo-32bit-4.2.4-18.20.1 libsamdb0-32bit-4.2.4-18.20.1 libsamdb0-debuginfo-32bit-4.2.4-18.20.1 libsmbclient-raw0-32bit-4.2.4-18.20.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.20.1 libsmbclient0-32bit-4.2.4-18.20.1 libsmbclient0-debuginfo-32bit-4.2.4-18.20.1 libsmbconf0-32bit-4.2.4-18.20.1 libsmbconf0-debuginfo-32bit-4.2.4-18.20.1 libsmbldap0-32bit-4.2.4-18.20.1 libsmbldap0-debuginfo-32bit-4.2.4-18.20.1 libtevent-util0-32bit-4.2.4-18.20.1 libtevent-util0-debuginfo-32bit-4.2.4-18.20.1 libwbclient0-32bit-4.2.4-18.20.1 libwbclient0-debuginfo-32bit-4.2.4-18.20.1 samba-32bit-4.2.4-18.20.1 samba-client-32bit-4.2.4-18.20.1 samba-client-debuginfo-32bit-4.2.4-18.20.1 samba-debuginfo-32bit-4.2.4-18.20.1 samba-libs-32bit-4.2.4-18.20.1 samba-libs-debuginfo-32bit-4.2.4-18.20.1 samba-winbind-32bit-4.2.4-18.20.1 samba-winbind-debuginfo-32bit-4.2.4-18.20.1 - SUSE Linux Enterprise Server 12 (noarch): samba-doc-4.2.4-18.20.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): ctdb-4.2.4-18.20.1 ctdb-debuginfo-4.2.4-18.20.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libdcerpc-binding0-32bit-4.2.4-18.20.1 libdcerpc-binding0-4.2.4-18.20.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.20.1 libdcerpc-binding0-debuginfo-4.2.4-18.20.1 libdcerpc0-32bit-4.2.4-18.20.1 libdcerpc0-4.2.4-18.20.1 libdcerpc0-debuginfo-32bit-4.2.4-18.20.1 libdcerpc0-debuginfo-4.2.4-18.20.1 libgensec0-32bit-4.2.4-18.20.1 libgensec0-4.2.4-18.20.1 libgensec0-debuginfo-32bit-4.2.4-18.20.1 libgensec0-debuginfo-4.2.4-18.20.1 libndr-krb5pac0-32bit-4.2.4-18.20.1 libndr-krb5pac0-4.2.4-18.20.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.20.1 libndr-krb5pac0-debuginfo-4.2.4-18.20.1 libndr-nbt0-32bit-4.2.4-18.20.1 libndr-nbt0-4.2.4-18.20.1 libndr-nbt0-debuginfo-32bit-4.2.4-18.20.1 libndr-nbt0-debuginfo-4.2.4-18.20.1 libndr-standard0-32bit-4.2.4-18.20.1 libndr-standard0-4.2.4-18.20.1 libndr-standard0-debuginfo-32bit-4.2.4-18.20.1 libndr-standard0-debuginfo-4.2.4-18.20.1 libndr0-32bit-4.2.4-18.20.1 libndr0-4.2.4-18.20.1 libndr0-debuginfo-32bit-4.2.4-18.20.1 libndr0-debuginfo-4.2.4-18.20.1 libnetapi0-32bit-4.2.4-18.20.1 libnetapi0-4.2.4-18.20.1 libnetapi0-debuginfo-32bit-4.2.4-18.20.1 libnetapi0-debuginfo-4.2.4-18.20.1 libregistry0-4.2.4-18.20.1 libregistry0-debuginfo-4.2.4-18.20.1 libsamba-credentials0-32bit-4.2.4-18.20.1 libsamba-credentials0-4.2.4-18.20.1 libsamba-credentials0-debuginfo-32bit-4.2.4-18.20.1 libsamba-credentials0-debuginfo-4.2.4-18.20.1 libsamba-hostconfig0-32bit-4.2.4-18.20.1 libsamba-hostconfig0-4.2.4-18.20.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.20.1 libsamba-hostconfig0-debuginfo-4.2.4-18.20.1 libsamba-passdb0-32bit-4.2.4-18.20.1 libsamba-passdb0-4.2.4-18.20.1 libsamba-passdb0-debuginfo-32bit-4.2.4-18.20.1 libsamba-passdb0-debuginfo-4.2.4-18.20.1 libsamba-util0-32bit-4.2.4-18.20.1 libsamba-util0-4.2.4-18.20.1 libsamba-util0-debuginfo-32bit-4.2.4-18.20.1 libsamba-util0-debuginfo-4.2.4-18.20.1 libsamdb0-32bit-4.2.4-18.20.1 libsamdb0-4.2.4-18.20.1 libsamdb0-debuginfo-32bit-4.2.4-18.20.1 libsamdb0-debuginfo-4.2.4-18.20.1 libsmbclient-raw0-32bit-4.2.4-18.20.1 libsmbclient-raw0-4.2.4-18.20.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.20.1 libsmbclient-raw0-debuginfo-4.2.4-18.20.1 libsmbclient0-32bit-4.2.4-18.20.1 libsmbclient0-4.2.4-18.20.1 libsmbclient0-debuginfo-32bit-4.2.4-18.20.1 libsmbclient0-debuginfo-4.2.4-18.20.1 libsmbconf0-32bit-4.2.4-18.20.1 libsmbconf0-4.2.4-18.20.1 libsmbconf0-debuginfo-32bit-4.2.4-18.20.1 libsmbconf0-debuginfo-4.2.4-18.20.1 libsmbldap0-32bit-4.2.4-18.20.1 libsmbldap0-4.2.4-18.20.1 libsmbldap0-debuginfo-32bit-4.2.4-18.20.1 libsmbldap0-debuginfo-4.2.4-18.20.1 libtevent-util0-32bit-4.2.4-18.20.1 libtevent-util0-4.2.4-18.20.1 libtevent-util0-debuginfo-32bit-4.2.4-18.20.1 libtevent-util0-debuginfo-4.2.4-18.20.1 libwbclient0-32bit-4.2.4-18.20.1 libwbclient0-4.2.4-18.20.1 libwbclient0-debuginfo-32bit-4.2.4-18.20.1 libwbclient0-debuginfo-4.2.4-18.20.1 samba-32bit-4.2.4-18.20.1 samba-4.2.4-18.20.1 samba-client-32bit-4.2.4-18.20.1 samba-client-4.2.4-18.20.1 samba-client-debuginfo-32bit-4.2.4-18.20.1 samba-client-debuginfo-4.2.4-18.20.1 samba-debuginfo-32bit-4.2.4-18.20.1 samba-debuginfo-4.2.4-18.20.1 samba-debugsource-4.2.4-18.20.1 samba-libs-32bit-4.2.4-18.20.1 samba-libs-4.2.4-18.20.1 samba-libs-debuginfo-32bit-4.2.4-18.20.1 samba-libs-debuginfo-4.2.4-18.20.1 samba-winbind-32bit-4.2.4-18.20.1 samba-winbind-4.2.4-18.20.1 samba-winbind-debuginfo-32bit-4.2.4-18.20.1 samba-winbind-debuginfo-4.2.4-18.20.1 - SUSE Linux Enterprise Desktop 12 (noarch): samba-doc-4.2.4-18.20.1 References: https://bugzilla.suse.com/977669 https://bugzilla.suse.com/979268 From sle-updates at lists.suse.com Thu Jun 2 10:09:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 18:09:04 +0200 (CEST) Subject: SUSE-RU-2016:1479-1: important: Recommended update for samba Message-ID: <20160602160904.B00BCFF72@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1479-1 Rating: important References: #977669 #979268 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Samba provides the following fixes: - Fix libads' record session expiry for spnego sasl binds. (bsc#979268) - Fix NT_STATUS_ACCESS_DENIED when accessing windows public share. - Only validate MIC if "map to guest" is not being used. - NetAPP SMB servers don't negotiate NTLMSSP_SIGN. (bsc#977669) - Fix non-working anonymous smb connections. - Handle broken mechListMIC response from Windows 2000. - wbinfo -u or net ads search doesn't work anymore. - Fix regressions regarding the NTLMSSP hardening of CVE-2016-2110. - Allow Domain member resolve trusted domains' users. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-879=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-879=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-879=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-879=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ctdb-debuginfo-4.2.4-19.1 ctdb-devel-4.2.4-19.1 libdcerpc-atsvc-devel-4.2.4-19.1 libdcerpc-atsvc0-4.2.4-19.1 libdcerpc-atsvc0-debuginfo-4.2.4-19.1 libdcerpc-devel-4.2.4-19.1 libdcerpc-samr-devel-4.2.4-19.1 libdcerpc-samr0-4.2.4-19.1 libdcerpc-samr0-debuginfo-4.2.4-19.1 libgensec-devel-4.2.4-19.1 libndr-devel-4.2.4-19.1 libndr-krb5pac-devel-4.2.4-19.1 libndr-nbt-devel-4.2.4-19.1 libndr-standard-devel-4.2.4-19.1 libnetapi-devel-4.2.4-19.1 libregistry-devel-4.2.4-19.1 libsamba-credentials-devel-4.2.4-19.1 libsamba-hostconfig-devel-4.2.4-19.1 libsamba-passdb-devel-4.2.4-19.1 libsamba-policy-devel-4.2.4-19.1 libsamba-policy0-4.2.4-19.1 libsamba-policy0-debuginfo-4.2.4-19.1 libsamba-util-devel-4.2.4-19.1 libsamdb-devel-4.2.4-19.1 libsmbclient-devel-4.2.4-19.1 libsmbclient-raw-devel-4.2.4-19.1 libsmbconf-devel-4.2.4-19.1 libsmbldap-devel-4.2.4-19.1 libtevent-util-devel-4.2.4-19.1 libwbclient-devel-4.2.4-19.1 samba-core-devel-4.2.4-19.1 samba-debuginfo-4.2.4-19.1 samba-debugsource-4.2.4-19.1 samba-test-devel-4.2.4-19.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libdcerpc-binding0-4.2.4-19.1 libdcerpc-binding0-debuginfo-4.2.4-19.1 libdcerpc0-4.2.4-19.1 libdcerpc0-debuginfo-4.2.4-19.1 libgensec0-4.2.4-19.1 libgensec0-debuginfo-4.2.4-19.1 libndr-krb5pac0-4.2.4-19.1 libndr-krb5pac0-debuginfo-4.2.4-19.1 libndr-nbt0-4.2.4-19.1 libndr-nbt0-debuginfo-4.2.4-19.1 libndr-standard0-4.2.4-19.1 libndr-standard0-debuginfo-4.2.4-19.1 libndr0-4.2.4-19.1 libndr0-debuginfo-4.2.4-19.1 libnetapi0-4.2.4-19.1 libnetapi0-debuginfo-4.2.4-19.1 libregistry0-4.2.4-19.1 libregistry0-debuginfo-4.2.4-19.1 libsamba-credentials0-4.2.4-19.1 libsamba-credentials0-debuginfo-4.2.4-19.1 libsamba-hostconfig0-4.2.4-19.1 libsamba-hostconfig0-debuginfo-4.2.4-19.1 libsamba-passdb0-4.2.4-19.1 libsamba-passdb0-debuginfo-4.2.4-19.1 libsamba-util0-4.2.4-19.1 libsamba-util0-debuginfo-4.2.4-19.1 libsamdb0-4.2.4-19.1 libsamdb0-debuginfo-4.2.4-19.1 libsmbclient-raw0-4.2.4-19.1 libsmbclient-raw0-debuginfo-4.2.4-19.1 libsmbclient0-4.2.4-19.1 libsmbclient0-debuginfo-4.2.4-19.1 libsmbconf0-4.2.4-19.1 libsmbconf0-debuginfo-4.2.4-19.1 libsmbldap0-4.2.4-19.1 libsmbldap0-debuginfo-4.2.4-19.1 libtevent-util0-4.2.4-19.1 libtevent-util0-debuginfo-4.2.4-19.1 libwbclient0-4.2.4-19.1 libwbclient0-debuginfo-4.2.4-19.1 samba-4.2.4-19.1 samba-client-4.2.4-19.1 samba-client-debuginfo-4.2.4-19.1 samba-debuginfo-4.2.4-19.1 samba-debugsource-4.2.4-19.1 samba-libs-4.2.4-19.1 samba-libs-debuginfo-4.2.4-19.1 samba-winbind-4.2.4-19.1 samba-winbind-debuginfo-4.2.4-19.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-19.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-19.1 libdcerpc0-32bit-4.2.4-19.1 libdcerpc0-debuginfo-32bit-4.2.4-19.1 libgensec0-32bit-4.2.4-19.1 libgensec0-debuginfo-32bit-4.2.4-19.1 libndr-krb5pac0-32bit-4.2.4-19.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-19.1 libndr-nbt0-32bit-4.2.4-19.1 libndr-nbt0-debuginfo-32bit-4.2.4-19.1 libndr-standard0-32bit-4.2.4-19.1 libndr-standard0-debuginfo-32bit-4.2.4-19.1 libndr0-32bit-4.2.4-19.1 libndr0-debuginfo-32bit-4.2.4-19.1 libnetapi0-32bit-4.2.4-19.1 libnetapi0-debuginfo-32bit-4.2.4-19.1 libsamba-credentials0-32bit-4.2.4-19.1 libsamba-credentials0-debuginfo-32bit-4.2.4-19.1 libsamba-hostconfig0-32bit-4.2.4-19.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-19.1 libsamba-passdb0-32bit-4.2.4-19.1 libsamba-passdb0-debuginfo-32bit-4.2.4-19.1 libsamba-util0-32bit-4.2.4-19.1 libsamba-util0-debuginfo-32bit-4.2.4-19.1 libsamdb0-32bit-4.2.4-19.1 libsamdb0-debuginfo-32bit-4.2.4-19.1 libsmbclient-raw0-32bit-4.2.4-19.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-19.1 libsmbclient0-32bit-4.2.4-19.1 libsmbclient0-debuginfo-32bit-4.2.4-19.1 libsmbconf0-32bit-4.2.4-19.1 libsmbconf0-debuginfo-32bit-4.2.4-19.1 libsmbldap0-32bit-4.2.4-19.1 libsmbldap0-debuginfo-32bit-4.2.4-19.1 libtevent-util0-32bit-4.2.4-19.1 libtevent-util0-debuginfo-32bit-4.2.4-19.1 libwbclient0-32bit-4.2.4-19.1 libwbclient0-debuginfo-32bit-4.2.4-19.1 samba-32bit-4.2.4-19.1 samba-client-32bit-4.2.4-19.1 samba-client-debuginfo-32bit-4.2.4-19.1 samba-debuginfo-32bit-4.2.4-19.1 samba-libs-32bit-4.2.4-19.1 samba-libs-debuginfo-32bit-4.2.4-19.1 samba-winbind-32bit-4.2.4-19.1 samba-winbind-debuginfo-32bit-4.2.4-19.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): samba-doc-4.2.4-19.1 - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): ctdb-4.2.4-19.1 ctdb-debuginfo-4.2.4-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libdcerpc-binding0-32bit-4.2.4-19.1 libdcerpc-binding0-4.2.4-19.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-19.1 libdcerpc-binding0-debuginfo-4.2.4-19.1 libdcerpc0-32bit-4.2.4-19.1 libdcerpc0-4.2.4-19.1 libdcerpc0-debuginfo-32bit-4.2.4-19.1 libdcerpc0-debuginfo-4.2.4-19.1 libgensec0-32bit-4.2.4-19.1 libgensec0-4.2.4-19.1 libgensec0-debuginfo-32bit-4.2.4-19.1 libgensec0-debuginfo-4.2.4-19.1 libndr-krb5pac0-32bit-4.2.4-19.1 libndr-krb5pac0-4.2.4-19.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-19.1 libndr-krb5pac0-debuginfo-4.2.4-19.1 libndr-nbt0-32bit-4.2.4-19.1 libndr-nbt0-4.2.4-19.1 libndr-nbt0-debuginfo-32bit-4.2.4-19.1 libndr-nbt0-debuginfo-4.2.4-19.1 libndr-standard0-32bit-4.2.4-19.1 libndr-standard0-4.2.4-19.1 libndr-standard0-debuginfo-32bit-4.2.4-19.1 libndr-standard0-debuginfo-4.2.4-19.1 libndr0-32bit-4.2.4-19.1 libndr0-4.2.4-19.1 libndr0-debuginfo-32bit-4.2.4-19.1 libndr0-debuginfo-4.2.4-19.1 libnetapi0-32bit-4.2.4-19.1 libnetapi0-4.2.4-19.1 libnetapi0-debuginfo-32bit-4.2.4-19.1 libnetapi0-debuginfo-4.2.4-19.1 libregistry0-4.2.4-19.1 libregistry0-debuginfo-4.2.4-19.1 libsamba-credentials0-32bit-4.2.4-19.1 libsamba-credentials0-4.2.4-19.1 libsamba-credentials0-debuginfo-32bit-4.2.4-19.1 libsamba-credentials0-debuginfo-4.2.4-19.1 libsamba-hostconfig0-32bit-4.2.4-19.1 libsamba-hostconfig0-4.2.4-19.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-19.1 libsamba-hostconfig0-debuginfo-4.2.4-19.1 libsamba-passdb0-32bit-4.2.4-19.1 libsamba-passdb0-4.2.4-19.1 libsamba-passdb0-debuginfo-32bit-4.2.4-19.1 libsamba-passdb0-debuginfo-4.2.4-19.1 libsamba-util0-32bit-4.2.4-19.1 libsamba-util0-4.2.4-19.1 libsamba-util0-debuginfo-32bit-4.2.4-19.1 libsamba-util0-debuginfo-4.2.4-19.1 libsamdb0-32bit-4.2.4-19.1 libsamdb0-4.2.4-19.1 libsamdb0-debuginfo-32bit-4.2.4-19.1 libsamdb0-debuginfo-4.2.4-19.1 libsmbclient-raw0-32bit-4.2.4-19.1 libsmbclient-raw0-4.2.4-19.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-19.1 libsmbclient-raw0-debuginfo-4.2.4-19.1 libsmbclient0-32bit-4.2.4-19.1 libsmbclient0-4.2.4-19.1 libsmbclient0-debuginfo-32bit-4.2.4-19.1 libsmbclient0-debuginfo-4.2.4-19.1 libsmbconf0-32bit-4.2.4-19.1 libsmbconf0-4.2.4-19.1 libsmbconf0-debuginfo-32bit-4.2.4-19.1 libsmbconf0-debuginfo-4.2.4-19.1 libsmbldap0-32bit-4.2.4-19.1 libsmbldap0-4.2.4-19.1 libsmbldap0-debuginfo-32bit-4.2.4-19.1 libsmbldap0-debuginfo-4.2.4-19.1 libtevent-util0-32bit-4.2.4-19.1 libtevent-util0-4.2.4-19.1 libtevent-util0-debuginfo-32bit-4.2.4-19.1 libtevent-util0-debuginfo-4.2.4-19.1 libwbclient0-32bit-4.2.4-19.1 libwbclient0-4.2.4-19.1 libwbclient0-debuginfo-32bit-4.2.4-19.1 libwbclient0-debuginfo-4.2.4-19.1 samba-32bit-4.2.4-19.1 samba-4.2.4-19.1 samba-client-32bit-4.2.4-19.1 samba-client-4.2.4-19.1 samba-client-debuginfo-32bit-4.2.4-19.1 samba-client-debuginfo-4.2.4-19.1 samba-debuginfo-32bit-4.2.4-19.1 samba-debuginfo-4.2.4-19.1 samba-debugsource-4.2.4-19.1 samba-libs-32bit-4.2.4-19.1 samba-libs-4.2.4-19.1 samba-libs-debuginfo-32bit-4.2.4-19.1 samba-libs-debuginfo-4.2.4-19.1 samba-winbind-32bit-4.2.4-19.1 samba-winbind-4.2.4-19.1 samba-winbind-debuginfo-32bit-4.2.4-19.1 samba-winbind-debuginfo-4.2.4-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): samba-doc-4.2.4-19.1 References: https://bugzilla.suse.com/977669 https://bugzilla.suse.com/979268 From sle-updates at lists.suse.com Thu Jun 2 15:08:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Jun 2016 23:08:38 +0200 (CEST) Subject: SUSE-RU-2016:1480-1: Recommended update for supportutils Message-ID: <20160602210838.D5292FF72@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1480-1 Rating: low References: #976358 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils provides the following fixes: - Added new SLE12 SP2 kernel taint flags. (bsc#976358) - Fixed NFS service detection. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-880=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-880=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-880=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-880=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): supportutils-3.0-77.1 - SUSE Linux Enterprise Server 12 (noarch): supportutils-3.0-77.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): supportutils-3.0-77.1 - SUSE Linux Enterprise Desktop 12 (noarch): supportutils-3.0-77.1 References: https://bugzilla.suse.com/976358 From sle-updates at lists.suse.com Fri Jun 3 05:08:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 13:08:22 +0200 (CEST) Subject: SUSE-SU-2016:1481-1: moderate: Security update for imlib2 Message-ID: <20160603110822.F199DFFA6@maintenance.suse.de> SUSE Security Update: Security update for imlib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1481-1 Rating: moderate References: #963797 #963800 #973759 #973761 #974202 #977538 Cross-References: CVE-2011-5326 CVE-2014-9763 CVE-2014-9764 CVE-2016-3993 CVE-2016-3994 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for imlib2 fixes the following issues: Security issues fixed: - CVE-2016-3994: Potential DOS in giflib loader (bsc#973759) - CVE-2016-3993: Off buy 1 in merge update (bsc#973761) - CVE-2014-9764: fix segmentation fault when opening specifically crafted input (bsc#963797) - CVE-2014-9763: Prevent division-by-zero crashes (bsc#963800) - CVE-2011-5326: Ellipse of width 1 triggers crashes (bsc#974202) Bugs fixed: - bsc#977538: Fix various potential crashes Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-imlib2-12595=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-imlib2-12595=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): imlib2-1.4.2-2.20.1 imlib2-devel-1.4.2-2.20.1 imlib2-filters-1.4.2-2.20.1 imlib2-loaders-1.4.2-2.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): imlib2-debuginfo-1.4.2-2.20.1 imlib2-debugsource-1.4.2-2.20.1 References: https://www.suse.com/security/cve/CVE-2011-5326.html https://www.suse.com/security/cve/CVE-2014-9763.html https://www.suse.com/security/cve/CVE-2014-9764.html https://www.suse.com/security/cve/CVE-2016-3993.html https://www.suse.com/security/cve/CVE-2016-3994.html https://bugzilla.suse.com/963797 https://bugzilla.suse.com/963800 https://bugzilla.suse.com/973759 https://bugzilla.suse.com/973761 https://bugzilla.suse.com/974202 https://bugzilla.suse.com/977538 From sle-updates at lists.suse.com Fri Jun 3 09:08:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 17:08:06 +0200 (CEST) Subject: SUSE-SU-2016:1482-1: moderate: Security update for quagga Message-ID: <20160603150806.96709FFA7@maintenance.suse.de> SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1482-1 Rating: moderate References: #977012 Cross-References: CVE-2016-4049 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for quagga fixes the following issue: Security issue fixed: - CVE-2016-4049: Fix for a buffer overflow error in bgp_dump_routes_func. (bsc#977012) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-882=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-882=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-882=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-882=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): quagga-debuginfo-0.99.22.1-12.1 quagga-debugsource-0.99.22.1-12.1 quagga-devel-0.99.22.1-12.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): quagga-debuginfo-0.99.22.1-12.1 quagga-debugsource-0.99.22.1-12.1 quagga-devel-0.99.22.1-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): quagga-0.99.22.1-12.1 quagga-debuginfo-0.99.22.1-12.1 quagga-debugsource-0.99.22.1-12.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): quagga-0.99.22.1-12.1 quagga-debuginfo-0.99.22.1-12.1 quagga-debugsource-0.99.22.1-12.1 References: https://www.suse.com/security/cve/CVE-2016-4049.html https://bugzilla.suse.com/977012 From sle-updates at lists.suse.com Fri Jun 3 09:08:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 17:08:23 +0200 (CEST) Subject: SUSE-SU-2016:1483-1: moderate: Security update for quagga Message-ID: <20160603150823.20D0BFFA6@maintenance.suse.de> SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1483-1 Rating: moderate References: #977012 Cross-References: CVE-2016-4049 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for quagga fixes the following issue: Security issue fixed: - CVE-2016-4049: Fix for a buffer overflow error in bgp_dump_routes_func. (bsc#977012) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-quagga-12596=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-quagga-12596=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-quagga-12596=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-devel-0.99.15-0.24.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): quagga-0.99.15-0.24.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-0.99.15-0.24.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-debuginfo-0.99.15-0.24.2 quagga-debugsource-0.99.15-0.24.2 References: https://www.suse.com/security/cve/CVE-2016-4049.html https://bugzilla.suse.com/977012 From sle-updates at lists.suse.com Fri Jun 3 10:07:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 18:07:49 +0200 (CEST) Subject: SUSE-RU-2016:1484-1: Recommended update for SUSEConnect and zypper-migration-plugin Message-ID: <20160603160749.55510FF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect and zypper-migration-plugin ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1484-1 Rating: low References: #972688 #973315 #973851 #973886 #975485 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for SUSEConnect and zypper-migration-plugin provides fixes and enhancements. SUSEConnect: - Implement more flexible exit codes handling in internal zypper calls. (bsc#973851) - Direct update from versions older than 0.2.27 does not remove /usr/bin symlink. (bsc#973315) zypper-migration-plugin: - Improve help text for --download-only option. (bsc#973886) - Call rollback only if release package can't be installed. - Improve error messages. (bsc#975485) - Add zypper-migration.8 man page. (bsc#972688) - Install release packages and call SUSEConnect rollback before getting migration target. (fate#320533) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-884=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-884=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): SUSEConnect-0.2.36-9.19.1 - SUSE Linux Enterprise Server 12 (noarch): zypper-migration-plugin-0.9-13.1 - SUSE Linux Enterprise Desktop 12 (noarch): zypper-migration-plugin-0.9-13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): SUSEConnect-0.2.36-9.19.1 References: https://bugzilla.suse.com/972688 https://bugzilla.suse.com/973315 https://bugzilla.suse.com/973851 https://bugzilla.suse.com/973886 https://bugzilla.suse.com/975485 From sle-updates at lists.suse.com Fri Jun 3 10:08:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 18:08:34 +0200 (CEST) Subject: SUSE-RU-2016:1485-1: Recommended update for SUSEConnect and zypper-migration-plugin Message-ID: <20160603160835.01036FF71@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect and zypper-migration-plugin ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1485-1 Rating: low References: #972688 #973315 #973851 #973886 #975485 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for SUSEConnect and zypper-migration-plugin provides fixes and enhancements. SUSEConnect: - Implement more flexible exit codes handling in internal zypper calls. (bsc#973851) - Direct update from versions older than 0.2.27 does not remove /usr/bin symlink. (bsc#973315) zypper-migration-plugin: - Improve help text for --download-only option. (bsc#973886) - Call rollback only if release package can't be installed. - Improve error messages. (bsc#975485) - Add zypper-migration.8 man page. (bsc#972688) - Install release packages and call SUSEConnect rollback before getting migration target. (fate#320533) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-885=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-885=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): SUSEConnect-0.2.36-15.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): zypper-migration-plugin-0.9-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): SUSEConnect-0.2.36-15.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): zypper-migration-plugin-0.9-6.1 References: https://bugzilla.suse.com/972688 https://bugzilla.suse.com/973315 https://bugzilla.suse.com/973851 https://bugzilla.suse.com/973886 https://bugzilla.suse.com/975485 From sle-updates at lists.suse.com Fri Jun 3 13:07:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 21:07:52 +0200 (CEST) Subject: SUSE-RU-2016:1486-1: moderate: Recommended update for yast2-cluster Message-ID: <20160603190752.25756FF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1486-1 Rating: moderate References: #971961 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issue: - Fix error when using ipv6 (bsc#971961) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-886=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (noarch): yast2-cluster-3.1.19-8.6 References: https://bugzilla.suse.com/971961 From sle-updates at lists.suse.com Fri Jun 3 13:08:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 21:08:07 +0200 (CEST) Subject: SUSE-RU-2016:1487-1: moderate: Recommended update for the SUSE Linux Enterprise Containers module Message-ID: <20160603190807.02B16FF63@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Linux Enterprise Containers module ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1487-1 Rating: moderate References: #939702 #980707 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update adjusts the product definitions of the Containers module on ppc64le, allowing it's installation on top of the upcoming Service Packs for SLE 12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-888=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le): sle-module-containers-release-12-5.1 References: https://bugzilla.suse.com/939702 https://bugzilla.suse.com/980707 From sle-updates at lists.suse.com Fri Jun 3 13:08:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Jun 2016 21:08:32 +0200 (CEST) Subject: SUSE-RU-2016:1488-1: moderate: Recommended update for yast2-cluster Message-ID: <20160603190832.58C52FF63@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1488-1 Rating: moderate References: #971961 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issue: - Fix error when using ipv6 (bsc#971961) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-887=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (noarch): yast2-cluster-3.1.23-9.1 References: https://bugzilla.suse.com/971961 From sle-updates at lists.suse.com Sat Jun 4 04:07:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Jun 2016 12:07:56 +0200 (CEST) Subject: SUSE-SU-2016:1490-1: important: Security update for Chromium Message-ID: <20160604100756.91CFCFF6C@maintenance.suse.de> SUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1490-1 Rating: important References: #982719 Cross-References: CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 CVE-2016-1703 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: Chromium was updated to 51.0.2704.79 to fix a number of security issues. [boo#982719] - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools - CVE-2016-1700: Use-after-free in Extensions - CVE-2016-1701: Use-after-free in Autofill - CVE-2016-1702: Out-of-bounds read in Skia - CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch 5171=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-51.0.2704.79-81.1 chromedriver-debuginfo-51.0.2704.79-81.1 chromium-51.0.2704.79-81.1 chromium-debuginfo-51.0.2704.79-81.1 chromium-debugsource-51.0.2704.79-81.1 chromium-desktop-gnome-51.0.2704.79-81.1 chromium-desktop-kde-51.0.2704.79-81.1 chromium-ffmpegsumo-51.0.2704.79-81.1 chromium-ffmpegsumo-debuginfo-51.0.2704.79-81.1 References: https://www.suse.com/security/cve/CVE-2016-1696.html https://www.suse.com/security/cve/CVE-2016-1697.html https://www.suse.com/security/cve/CVE-2016-1698.html https://www.suse.com/security/cve/CVE-2016-1699.html https://www.suse.com/security/cve/CVE-2016-1700.html https://www.suse.com/security/cve/CVE-2016-1701.html https://www.suse.com/security/cve/CVE-2016-1702.html https://www.suse.com/security/cve/CVE-2016-1703.html https://bugzilla.suse.com/982719 From sle-updates at lists.suse.com Mon Jun 6 04:07:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2016 12:07:59 +0200 (CEST) Subject: SUSE-RU-2016:1498-1: important: Recommended update for crowbar-barclamp-provisioner Message-ID: <20160606100759.3A9A4FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-provisioner ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1498-1 Rating: important References: #962397 #968251 #980569 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes a regression introduced with the latest ntp update. (bsc#980569) Additionally the following issues have been fixed: - Use ntpdate on systems with newer ntpd. (bsc#980569) - Add common glance user+group. (bsc#968251) - Workaround random mksquashfs race. (bsc#962397) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-provisioner-12597=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-provisioner-1.9+git.1464107184.da59cc1-12.1 References: https://bugzilla.suse.com/962397 https://bugzilla.suse.com/968251 https://bugzilla.suse.com/980569 From sle-updates at lists.suse.com Mon Jun 6 04:09:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2016 12:09:05 +0200 (CEST) Subject: SUSE-RU-2016:1501-1: Recommended update for mailx Message-ID: <20160606100905.6414AFF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for mailx ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1501-1 Rating: low References: #974561 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mailx fixes the following issues: - Correct parenthese expansion to fulfill natural order (bsc#974561) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-890=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-890=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-890=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-890=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): mailx-12.5-28.1 mailx-debuginfo-12.5-28.1 mailx-debugsource-12.5-28.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): mailx-12.5-28.1 mailx-debuginfo-12.5-28.1 mailx-debugsource-12.5-28.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): mailx-12.5-28.1 mailx-debuginfo-12.5-28.1 mailx-debugsource-12.5-28.1 - SUSE Linux Enterprise Desktop 12 (x86_64): mailx-12.5-28.1 mailx-debuginfo-12.5-28.1 mailx-debugsource-12.5-28.1 References: https://bugzilla.suse.com/974561 From sle-updates at lists.suse.com Mon Jun 6 07:07:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2016 15:07:41 +0200 (CEST) Subject: SUSE-RU-2016:1502-1: Recommended update for openCryptoki Message-ID: <20160606130741.606EAFF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1502-1 Rating: low References: #963612 #982287 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openCryptoki fixes the following issues: - C_SignInit fails with CKR_MECHANISM_INVALID when CKM_DSA_SHA1 or CKM_ECDSA_SHA1 are used. (bsc#963612) - Wrapped "Requires: libica2-devel" in %ifarch for s390 and s390x. (bsc#982287) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-892=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-892=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): openCryptoki-debuginfo-3.2-8.1 openCryptoki-debugsource-3.2-8.1 openCryptoki-devel-3.2-8.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390 s390x x86_64): openCryptoki-3.2-8.1 openCryptoki-debuginfo-3.2-8.1 openCryptoki-debugsource-3.2-8.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openCryptoki-64bit-3.2-8.1 - SUSE Linux Enterprise Server 12-SP1 (s390): openCryptoki-32bit-3.2-8.1 References: https://bugzilla.suse.com/963612 https://bugzilla.suse.com/982287 From sle-updates at lists.suse.com Mon Jun 6 09:07:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2016 17:07:49 +0200 (CEST) Subject: SUSE-OU-2016:1503-1: Optional update for wayland Message-ID: <20160606150749.5AC52FF5F@maintenance.suse.de> SUSE Optional Update: Optional update for wayland ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:1503-1 Rating: low References: #960181 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds Wayland libraries to SUSE Linux Software Development Kit 12 SP1. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-894=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-894=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-894=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-894=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-894=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-894=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-894=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-894=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libwayland-client0-1.2.1-10.1 libwayland-client0-debuginfo-1.2.1-10.1 libwayland-cursor0-1.2.1-10.1 libwayland-cursor0-debuginfo-1.2.1-10.1 libwayland-server0-1.2.1-10.1 libwayland-server0-debuginfo-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libwayland-client0-1.2.1-10.1 libwayland-client0-debuginfo-1.2.1-10.1 libwayland-cursor0-1.2.1-10.1 libwayland-cursor0-debuginfo-1.2.1-10.1 libwayland-server0-1.2.1-10.1 libwayland-server0-debuginfo-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libwayland-client0-1.2.1-10.1 libwayland-client0-debuginfo-1.2.1-10.1 libwayland-cursor0-1.2.1-10.1 libwayland-cursor0-debuginfo-1.2.1-10.1 libwayland-server0-1.2.1-10.1 libwayland-server0-debuginfo-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 wayland-devel-1.2.1-10.1 wayland-devel-debuginfo-1.2.1-10.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): libwayland-client0-32bit-1.2.1-10.1 libwayland-client0-debuginfo-32bit-1.2.1-10.1 libwayland-cursor0-32bit-1.2.1-10.1 libwayland-cursor0-debuginfo-32bit-1.2.1-10.1 libwayland-server0-32bit-1.2.1-10.1 libwayland-server0-debuginfo-32bit-1.2.1-10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): wayland-debugsource-1.2.1-10.1 wayland-devel-1.2.1-10.1 wayland-devel-debuginfo-1.2.1-10.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libwayland-client0-32bit-1.2.1-10.1 libwayland-client0-debuginfo-32bit-1.2.1-10.1 libwayland-cursor0-32bit-1.2.1-10.1 libwayland-cursor0-debuginfo-32bit-1.2.1-10.1 libwayland-server0-32bit-1.2.1-10.1 libwayland-server0-debuginfo-32bit-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libwayland-client0-32bit-1.2.1-10.1 libwayland-client0-debuginfo-32bit-1.2.1-10.1 libwayland-cursor0-32bit-1.2.1-10.1 libwayland-cursor0-debuginfo-32bit-1.2.1-10.1 libwayland-server0-32bit-1.2.1-10.1 libwayland-server0-debuginfo-32bit-1.2.1-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libwayland-client0-1.2.1-10.1 libwayland-client0-32bit-1.2.1-10.1 libwayland-client0-debuginfo-1.2.1-10.1 libwayland-client0-debuginfo-32bit-1.2.1-10.1 libwayland-cursor0-1.2.1-10.1 libwayland-cursor0-32bit-1.2.1-10.1 libwayland-cursor0-debuginfo-1.2.1-10.1 libwayland-cursor0-debuginfo-32bit-1.2.1-10.1 libwayland-server0-1.2.1-10.1 libwayland-server0-32bit-1.2.1-10.1 libwayland-server0-debuginfo-1.2.1-10.1 libwayland-server0-debuginfo-32bit-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libwayland-client0-1.2.1-10.1 libwayland-client0-32bit-1.2.1-10.1 libwayland-client0-debuginfo-1.2.1-10.1 libwayland-client0-debuginfo-32bit-1.2.1-10.1 libwayland-cursor0-1.2.1-10.1 libwayland-cursor0-32bit-1.2.1-10.1 libwayland-cursor0-debuginfo-1.2.1-10.1 libwayland-cursor0-debuginfo-32bit-1.2.1-10.1 libwayland-server0-1.2.1-10.1 libwayland-server0-32bit-1.2.1-10.1 libwayland-server0-debuginfo-1.2.1-10.1 libwayland-server0-debuginfo-32bit-1.2.1-10.1 wayland-debugsource-1.2.1-10.1 References: https://bugzilla.suse.com/960181 From sle-updates at lists.suse.com Mon Jun 6 13:07:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Jun 2016 21:07:42 +0200 (CEST) Subject: SUSE-SU-2016:1504-1: moderate: Security update for php5 Message-ID: <20160606190742.A2BE1FF5D@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1504-1 Rating: moderate References: #977991 #977994 #978827 #978828 #978829 #978830 #980366 #980373 #980375 Cross-References: CVE-2015-4116 CVE-2015-8873 CVE-2015-8874 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for php5 fixes the following issues: Security issues fixed: - CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994) - CVE-2016-4342: heap corruption in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-895=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-895=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-895=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-59.2 php5-debugsource-5.5.14-59.2 php5-devel-5.5.14-59.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-59.2 php5-debugsource-5.5.14-59.2 php5-devel-5.5.14-59.2 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-59.2 apache2-mod_php5-debuginfo-5.5.14-59.2 php5-5.5.14-59.2 php5-bcmath-5.5.14-59.2 php5-bcmath-debuginfo-5.5.14-59.2 php5-bz2-5.5.14-59.2 php5-bz2-debuginfo-5.5.14-59.2 php5-calendar-5.5.14-59.2 php5-calendar-debuginfo-5.5.14-59.2 php5-ctype-5.5.14-59.2 php5-ctype-debuginfo-5.5.14-59.2 php5-curl-5.5.14-59.2 php5-curl-debuginfo-5.5.14-59.2 php5-dba-5.5.14-59.2 php5-dba-debuginfo-5.5.14-59.2 php5-debuginfo-5.5.14-59.2 php5-debugsource-5.5.14-59.2 php5-dom-5.5.14-59.2 php5-dom-debuginfo-5.5.14-59.2 php5-enchant-5.5.14-59.2 php5-enchant-debuginfo-5.5.14-59.2 php5-exif-5.5.14-59.2 php5-exif-debuginfo-5.5.14-59.2 php5-fastcgi-5.5.14-59.2 php5-fastcgi-debuginfo-5.5.14-59.2 php5-fileinfo-5.5.14-59.2 php5-fileinfo-debuginfo-5.5.14-59.2 php5-fpm-5.5.14-59.2 php5-fpm-debuginfo-5.5.14-59.2 php5-ftp-5.5.14-59.2 php5-ftp-debuginfo-5.5.14-59.2 php5-gd-5.5.14-59.2 php5-gd-debuginfo-5.5.14-59.2 php5-gettext-5.5.14-59.2 php5-gettext-debuginfo-5.5.14-59.2 php5-gmp-5.5.14-59.2 php5-gmp-debuginfo-5.5.14-59.2 php5-iconv-5.5.14-59.2 php5-iconv-debuginfo-5.5.14-59.2 php5-intl-5.5.14-59.2 php5-intl-debuginfo-5.5.14-59.2 php5-json-5.5.14-59.2 php5-json-debuginfo-5.5.14-59.2 php5-ldap-5.5.14-59.2 php5-ldap-debuginfo-5.5.14-59.2 php5-mbstring-5.5.14-59.2 php5-mbstring-debuginfo-5.5.14-59.2 php5-mcrypt-5.5.14-59.2 php5-mcrypt-debuginfo-5.5.14-59.2 php5-mysql-5.5.14-59.2 php5-mysql-debuginfo-5.5.14-59.2 php5-odbc-5.5.14-59.2 php5-odbc-debuginfo-5.5.14-59.2 php5-opcache-5.5.14-59.2 php5-opcache-debuginfo-5.5.14-59.2 php5-openssl-5.5.14-59.2 php5-openssl-debuginfo-5.5.14-59.2 php5-pcntl-5.5.14-59.2 php5-pcntl-debuginfo-5.5.14-59.2 php5-pdo-5.5.14-59.2 php5-pdo-debuginfo-5.5.14-59.2 php5-pgsql-5.5.14-59.2 php5-pgsql-debuginfo-5.5.14-59.2 php5-phar-5.5.14-59.2 php5-phar-debuginfo-5.5.14-59.2 php5-posix-5.5.14-59.2 php5-posix-debuginfo-5.5.14-59.2 php5-pspell-5.5.14-59.2 php5-pspell-debuginfo-5.5.14-59.2 php5-shmop-5.5.14-59.2 php5-shmop-debuginfo-5.5.14-59.2 php5-snmp-5.5.14-59.2 php5-snmp-debuginfo-5.5.14-59.2 php5-soap-5.5.14-59.2 php5-soap-debuginfo-5.5.14-59.2 php5-sockets-5.5.14-59.2 php5-sockets-debuginfo-5.5.14-59.2 php5-sqlite-5.5.14-59.2 php5-sqlite-debuginfo-5.5.14-59.2 php5-suhosin-5.5.14-59.2 php5-suhosin-debuginfo-5.5.14-59.2 php5-sysvmsg-5.5.14-59.2 php5-sysvmsg-debuginfo-5.5.14-59.2 php5-sysvsem-5.5.14-59.2 php5-sysvsem-debuginfo-5.5.14-59.2 php5-sysvshm-5.5.14-59.2 php5-sysvshm-debuginfo-5.5.14-59.2 php5-tokenizer-5.5.14-59.2 php5-tokenizer-debuginfo-5.5.14-59.2 php5-wddx-5.5.14-59.2 php5-wddx-debuginfo-5.5.14-59.2 php5-xmlreader-5.5.14-59.2 php5-xmlreader-debuginfo-5.5.14-59.2 php5-xmlrpc-5.5.14-59.2 php5-xmlrpc-debuginfo-5.5.14-59.2 php5-xmlwriter-5.5.14-59.2 php5-xmlwriter-debuginfo-5.5.14-59.2 php5-xsl-5.5.14-59.2 php5-xsl-debuginfo-5.5.14-59.2 php5-zip-5.5.14-59.2 php5-zip-debuginfo-5.5.14-59.2 php5-zlib-5.5.14-59.2 php5-zlib-debuginfo-5.5.14-59.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-59.2 References: https://www.suse.com/security/cve/CVE-2015-4116.html https://www.suse.com/security/cve/CVE-2015-8873.html https://www.suse.com/security/cve/CVE-2015-8874.html https://www.suse.com/security/cve/CVE-2016-4342.html https://www.suse.com/security/cve/CVE-2016-4346.html https://www.suse.com/security/cve/CVE-2016-4537.html https://www.suse.com/security/cve/CVE-2016-4538.html https://www.suse.com/security/cve/CVE-2016-4539.html https://www.suse.com/security/cve/CVE-2016-4540.html https://www.suse.com/security/cve/CVE-2016-4541.html https://www.suse.com/security/cve/CVE-2016-4542.html https://www.suse.com/security/cve/CVE-2016-4543.html https://www.suse.com/security/cve/CVE-2016-4544.html https://bugzilla.suse.com/977991 https://bugzilla.suse.com/977994 https://bugzilla.suse.com/978827 https://bugzilla.suse.com/978828 https://bugzilla.suse.com/978829 https://bugzilla.suse.com/978830 https://bugzilla.suse.com/980366 https://bugzilla.suse.com/980373 https://bugzilla.suse.com/980375 From sle-updates at lists.suse.com Mon Jun 6 23:07:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 07:07:37 +0200 (CEST) Subject: SUSE-RU-2016:1505-1: moderate: Recommended update for tboot Message-ID: <20160607050737.DA33CFF5D@maintenance.suse.de> SUSE Recommended Update: Recommended update for tboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1505-1 Rating: moderate References: #967441 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tboot fixes an excessive stack usage pattern that could lead to resets or crashes. (bsc#967441) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-896=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (x86_64): tboot-20140728_1.8.3-3.1 tboot-debuginfo-20140728_1.8.3-3.1 tboot-debugsource-20140728_1.8.3-3.1 References: https://bugzilla.suse.com/967441 From sle-updates at lists.suse.com Tue Jun 7 05:07:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 13:07:43 +0200 (CEST) Subject: SUSE-SU-2016:1507-1: moderate: Security update for supportutils Message-ID: <20160607110744.022B5FF72@maintenance.suse.de> SUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1507-1 Rating: moderate References: #980670 Cross-References: CVE-2016-1602 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: supportutils was updated to fix one security issue. This security issue was fixed: - CVE-2016-1602: Code injection and privilege escalation via unescaped filenames (bsc#980670). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-897=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-897=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-897=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-897=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): supportutils-3.0-82.1 - SUSE Linux Enterprise Server 12 (noarch): supportutils-3.0-82.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): supportutils-3.0-82.1 - SUSE Linux Enterprise Desktop 12 (noarch): supportutils-3.0-82.1 References: https://www.suse.com/security/cve/CVE-2016-1602.html https://bugzilla.suse.com/980670 From sle-updates at lists.suse.com Tue Jun 7 05:08:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 13:08:01 +0200 (CEST) Subject: SUSE-SU-2016:1508-1: important: Security update for expat Message-ID: <20160607110801.81BACFFA7@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1508-1 Rating: important References: #979441 #980391 Cross-References: CVE-2015-1283 CVE-2016-0718 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441) - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-898=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-898=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-898=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-898=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-898=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-898=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): expat-debuginfo-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat-devel-2.1.0-17.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): expat-debuginfo-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat-devel-2.1.0-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): expat-2.1.0-17.1 expat-debuginfo-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat1-2.1.0-17.1 libexpat1-debuginfo-2.1.0-17.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): expat-debuginfo-32bit-2.1.0-17.1 libexpat1-32bit-2.1.0-17.1 libexpat1-debuginfo-32bit-2.1.0-17.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): expat-2.1.0-17.1 expat-debuginfo-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat1-2.1.0-17.1 libexpat1-debuginfo-2.1.0-17.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): expat-debuginfo-32bit-2.1.0-17.1 libexpat1-32bit-2.1.0-17.1 libexpat1-debuginfo-32bit-2.1.0-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): expat-2.1.0-17.1 expat-debuginfo-2.1.0-17.1 expat-debuginfo-32bit-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat1-2.1.0-17.1 libexpat1-32bit-2.1.0-17.1 libexpat1-debuginfo-2.1.0-17.1 libexpat1-debuginfo-32bit-2.1.0-17.1 - SUSE Linux Enterprise Desktop 12 (x86_64): expat-2.1.0-17.1 expat-debuginfo-2.1.0-17.1 expat-debuginfo-32bit-2.1.0-17.1 expat-debugsource-2.1.0-17.1 libexpat1-2.1.0-17.1 libexpat1-32bit-2.1.0-17.1 libexpat1-debuginfo-2.1.0-17.1 libexpat1-debuginfo-32bit-2.1.0-17.1 References: https://www.suse.com/security/cve/CVE-2015-1283.html https://www.suse.com/security/cve/CVE-2016-0718.html https://bugzilla.suse.com/979441 https://bugzilla.suse.com/980391 From sle-updates at lists.suse.com Tue Jun 7 06:08:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 14:08:01 +0200 (CEST) Subject: SUSE-SU-2016:1509-1: moderate: Security update for libksba Message-ID: <20160607120801.87327FF72@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1509-1 Rating: moderate References: #979261 #979906 Cross-References: CVE-2016-4574 CVE-2016-4579 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libksba fixes the following issues: - CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl() - CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261) Also adding reliability fixes from v1.3.4. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libksba-12598=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libksba-12598=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libksba-12598=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libksba-devel-1.0.4-1.25.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libksba-1.0.4-1.25.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libksba-debuginfo-1.0.4-1.25.1 libksba-debugsource-1.0.4-1.25.1 References: https://www.suse.com/security/cve/CVE-2016-4574.html https://www.suse.com/security/cve/CVE-2016-4579.html https://bugzilla.suse.com/979261 https://bugzilla.suse.com/979906 From sle-updates at lists.suse.com Tue Jun 7 06:08:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 14:08:28 +0200 (CEST) Subject: SUSE-SU-2016:1510-1: moderate: Security update for libksba Message-ID: <20160607120828.9A84DFFA6@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1510-1 Rating: moderate References: #979261 #979906 Cross-References: CVE-2016-4574 CVE-2016-4579 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libksba fixes the following issues: - CVE-2016-4579: Out-of-bounds read in _ksba_ber_parse_tl() - CVE-2016-4574: two OOB read access bugs (remote DoS) (bsc#979261) Also adding reliability fixes from v1.3.4. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-900=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-900=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-900=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-900=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-900=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-900=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-23.1 libksba-devel-1.3.0-23.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-23.1 libksba-devel-1.3.0-23.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-23.1 libksba8-1.3.0-23.1 libksba8-debuginfo-1.3.0-23.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libksba-debugsource-1.3.0-23.1 libksba8-1.3.0-23.1 libksba8-debuginfo-1.3.0-23.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libksba-debugsource-1.3.0-23.1 libksba8-1.3.0-23.1 libksba8-debuginfo-1.3.0-23.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libksba-debugsource-1.3.0-23.1 libksba8-1.3.0-23.1 libksba8-debuginfo-1.3.0-23.1 References: https://www.suse.com/security/cve/CVE-2016-4574.html https://www.suse.com/security/cve/CVE-2016-4579.html https://bugzilla.suse.com/979261 https://bugzilla.suse.com/979906 From sle-updates at lists.suse.com Tue Jun 7 09:08:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 17:08:14 +0200 (CEST) Subject: SUSE-SU-2016:1511-1: moderate: Security update for subversion Message-ID: <20160607150814.0E2A2FF72@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1511-1 Rating: moderate References: #939517 #976849 #976850 Cross-References: CVE-2015-3187 CVE-2016-2167 CVE-2016-2168 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for subversion fixes the following issues: - CVE-2015-3187: svn_repos_trace_node_locations() reveals paths hidden by authz (bsc#939517) - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY authorization check (bsc#976849) - CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm (bsc#976850) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-subversion-12599=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-subversion-12599=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-subversion-12599=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): subversion-1.6.17-1.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): subversion-1.6.17-1.35.1 subversion-devel-1.6.17-1.35.1 subversion-perl-1.6.17-1.35.1 subversion-python-1.6.17-1.35.1 subversion-server-1.6.17-1.35.1 subversion-tools-1.6.17-1.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): subversion-debuginfo-1.6.17-1.35.1 subversion-debugsource-1.6.17-1.35.1 References: https://www.suse.com/security/cve/CVE-2015-3187.html https://www.suse.com/security/cve/CVE-2016-2167.html https://www.suse.com/security/cve/CVE-2016-2168.html https://bugzilla.suse.com/939517 https://bugzilla.suse.com/976849 https://bugzilla.suse.com/976850 From sle-updates at lists.suse.com Tue Jun 7 09:08:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 17:08:51 +0200 (CEST) Subject: SUSE-SU-2016:1512-1: important: Security update for expat Message-ID: <20160607150851.65084FFA6@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1512-1 Rating: important References: #979441 #980391 Cross-References: CVE-2015-1283 CVE-2016-0718 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. (bsc#979441) - CVE-2015-1283: Fix multiple integer overflows. (bnc#980391) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-expat-12600=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-expat-12600=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-expat-12600=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-expat-12600=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libexpat-devel-2.0.1-88.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libexpat-devel-2.0.1-88.38.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): expat-2.0.1-88.38.1 libexpat1-2.0.1-88.38.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libexpat1-32bit-2.0.1-88.38.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libexpat1-x86-2.0.1-88.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): expat-debuginfo-2.0.1-88.38.1 expat-debugsource-2.0.1-88.38.1 References: https://www.suse.com/security/cve/CVE-2015-1283.html https://www.suse.com/security/cve/CVE-2016-0718.html https://bugzilla.suse.com/979441 https://bugzilla.suse.com/980391 From sle-updates at lists.suse.com Tue Jun 7 09:09:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 17:09:18 +0200 (CEST) Subject: SUSE-RU-2016:1513-1: moderate: Recommended update for vsftpd Message-ID: <20160607150918.33866FFA7@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1513-1 Rating: moderate References: #935279 #941395 #968138 #969411 #970982 #972169 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for vsftpd fixes the following issues: - User creation to not report errors when user already exists (bnc#972169). - Hang on pam_exec in pam.d (bnc#970982). - Memory leaks in ls.c (bnc#968138). - ? wildcard matching broken (bnc#969411). - Don't sent data after client disconnect (bnc#941395). - Fix logrotate script to not fail when vsftpd is not running (bnc#935279). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-vsftpd-12601=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-vsftpd-12601=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): vsftpd-2.0.7-4.39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): vsftpd-debuginfo-2.0.7-4.39.1 vsftpd-debugsource-2.0.7-4.39.1 References: https://bugzilla.suse.com/935279 https://bugzilla.suse.com/941395 https://bugzilla.suse.com/968138 https://bugzilla.suse.com/969411 https://bugzilla.suse.com/970982 https://bugzilla.suse.com/972169 From sle-updates at lists.suse.com Tue Jun 7 11:07:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 19:07:56 +0200 (CEST) Subject: SUSE-SU-2016:1514-1: moderate: Security update for supportutils Message-ID: <20160607170756.11BEDFF72@maintenance.suse.de> SUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1514-1 Rating: moderate References: #980670 Cross-References: CVE-2016-1602 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: supportutils was updated to fix one security issue. This security issue was fixed: - CVE-2016-1602: Code injection and privilege escalation via unescaped filenames (bsc#980670). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-supportutils-12602=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): supportutils-1.20-121.1 References: https://www.suse.com/security/cve/CVE-2016-1602.html https://bugzilla.suse.com/980670 From sle-updates at lists.suse.com Tue Jun 7 12:07:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Jun 2016 20:07:45 +0200 (CEST) Subject: SUSE-RU-2016:1515-1: moderate: Recommended update for bash-completion, util-linux Message-ID: <20160607180746.00CAEFF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash-completion, util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1515-1 Rating: moderate References: #880468 #889319 #903362 #903440 #903738 #905348 #922758 #923777 #924994 #931955 #940835 #940837 #943415 #946875 #947494 #949754 #950778 #953691 #954482 #956540 #958462 #959299 #963140 #963399 #970404 #972684 #975082 #976141 #977259 #977336 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has 29 fixes is now available. Description: This update provides fixes and enhancements to bash-completion and util-linux. bash-completion: - Improve completion of LVM commands. (bsc#946875) - Fix completion with backticks. (bsc#940835) - Make ls completion smarter. (bsc#889319) - Avoid negative cword position counter. (bsc#922758) - Avoid trouble if restricted characters of the shell (e.g. exclamation mark) are used in PS1. (bsc#903362) - Expand variables whose value is a directory to avoid escaped dollar sign. (bsc#905348) - Remove completions conflicting with util-linux. (bsc#977259) - Improve handling of sub commands which will be expanded by backticks. (bsc#963140) - Fix completion within a directory even if local sub directories exist. (bsc#977336) - Allow completions list. (bsc#958462) - Improve handling of completions of which result in variables. (bsc#940837, bsc#959299) util-linux: - Reuse existing loop device to prevent possible data corruption when multiple -o loop are used to mount a single file. (bsc#947494) - Remove incorrect --with-bashcompletiondir that breaks bash-completion, use path in bash-completion.pc instead. (bsc#977259) - Fix blkid to wipe correct area for probes with offset. (bsc#976141) - Fix and improve function of lscpu on Power Systems. (bsc#975082) - Fix crash while evaluating root of btrfs. (bsc#972684) - Make sulogin call tcfinal unconditionally. (bsc#970404) - Fixing "mount -a" for loop devices. (bsc#947494) - Prevent "mount -a" from mounting btrfs volumes multiple times. (bsc#947494) - Add support for locked root accounts in sulogin. (bsc#963399) - Remove Persistent= directive from fstrim for systemd versions older than 212. (bsc#956540, bsc#953691, bsc#954482) - Prevent colcrt buffer overflow. (bsc#949754, CVE-2015-5218) - Do not segfault when TERM is not defined or wrong. (bsc#903440) - Fix fsck -C {fd} parsing. (bsc#923777, bsc#903738) - Add patches to fix lsblk output in some situations. (bsc#943415, bsc#950778) - Fix mount point lookup (and mount -a) if the path contains //. (bsc#931955) - Follow multipath-tools partition names configuration. (bsc#880468) - Fix recognition of /dev/dm-N partitions names. (bsc#880468) - Fix lsblk -f and fdisk -l on devices with nodes in /dev subdirectory. (bsc#924994) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-905=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-905=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-905=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-905=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-905=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-905=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libuuid-devel-2.25-24.3.2 util-linux-debuginfo-2.25-24.3.2 util-linux-debugsource-2.25-24.3.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libblkid-devel-2.25-24.3.2 libmount-devel-2.25-24.3.2 libsmartcols-devel-2.25-24.3.2 libuuid-devel-2.25-24.3.2 util-linux-debuginfo-2.25-24.3.2 util-linux-debugsource-2.25-24.3.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): bash-completion-2.1-8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libblkid1-2.25-24.3.2 libblkid1-debuginfo-2.25-24.3.2 libmount1-2.25-24.3.2 libmount1-debuginfo-2.25-24.3.2 libsmartcols1-2.25-24.3.2 libsmartcols1-debuginfo-2.25-24.3.2 libuuid1-2.25-24.3.2 libuuid1-debuginfo-2.25-24.3.2 python-libmount-2.25-24.3.3 python-libmount-debuginfo-2.25-24.3.3 python-libmount-debugsource-2.25-24.3.3 util-linux-2.25-24.3.2 util-linux-debuginfo-2.25-24.3.2 util-linux-debugsource-2.25-24.3.2 util-linux-systemd-2.25-24.3.1 util-linux-systemd-debuginfo-2.25-24.3.1 util-linux-systemd-debugsource-2.25-24.3.1 uuidd-2.25-24.3.1 uuidd-debuginfo-2.25-24.3.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libblkid1-32bit-2.25-24.3.2 libblkid1-debuginfo-32bit-2.25-24.3.2 libmount1-32bit-2.25-24.3.2 libmount1-debuginfo-32bit-2.25-24.3.2 libuuid1-32bit-2.25-24.3.2 libuuid1-debuginfo-32bit-2.25-24.3.2 - SUSE Linux Enterprise Server 12 (noarch): bash-completion-2.1-8.1 util-linux-lang-2.25-24.3.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): bash-completion-2.1-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libblkid1-2.25-24.3.2 libblkid1-32bit-2.25-24.3.2 libblkid1-debuginfo-2.25-24.3.2 libblkid1-debuginfo-32bit-2.25-24.3.2 libmount1-2.25-24.3.2 libmount1-32bit-2.25-24.3.2 libmount1-debuginfo-2.25-24.3.2 libmount1-debuginfo-32bit-2.25-24.3.2 libsmartcols1-2.25-24.3.2 libsmartcols1-debuginfo-2.25-24.3.2 libuuid-devel-2.25-24.3.2 libuuid1-2.25-24.3.2 libuuid1-32bit-2.25-24.3.2 libuuid1-debuginfo-2.25-24.3.2 libuuid1-debuginfo-32bit-2.25-24.3.2 python-libmount-2.25-24.3.3 python-libmount-debuginfo-2.25-24.3.3 python-libmount-debugsource-2.25-24.3.3 util-linux-2.25-24.3.2 util-linux-debuginfo-2.25-24.3.2 util-linux-debugsource-2.25-24.3.2 util-linux-systemd-2.25-24.3.1 util-linux-systemd-debuginfo-2.25-24.3.1 util-linux-systemd-debugsource-2.25-24.3.1 uuidd-2.25-24.3.1 uuidd-debuginfo-2.25-24.3.1 - SUSE Linux Enterprise Desktop 12 (noarch): bash-completion-2.1-8.1 util-linux-lang-2.25-24.3.2 References: https://www.suse.com/security/cve/CVE-2015-5218.html https://bugzilla.suse.com/880468 https://bugzilla.suse.com/889319 https://bugzilla.suse.com/903362 https://bugzilla.suse.com/903440 https://bugzilla.suse.com/903738 https://bugzilla.suse.com/905348 https://bugzilla.suse.com/922758 https://bugzilla.suse.com/923777 https://bugzilla.suse.com/924994 https://bugzilla.suse.com/931955 https://bugzilla.suse.com/940835 https://bugzilla.suse.com/940837 https://bugzilla.suse.com/943415 https://bugzilla.suse.com/946875 https://bugzilla.suse.com/947494 https://bugzilla.suse.com/949754 https://bugzilla.suse.com/950778 https://bugzilla.suse.com/953691 https://bugzilla.suse.com/954482 https://bugzilla.suse.com/956540 https://bugzilla.suse.com/958462 https://bugzilla.suse.com/959299 https://bugzilla.suse.com/963140 https://bugzilla.suse.com/963399 https://bugzilla.suse.com/970404 https://bugzilla.suse.com/972684 https://bugzilla.suse.com/975082 https://bugzilla.suse.com/976141 https://bugzilla.suse.com/977259 https://bugzilla.suse.com/977336 From sle-updates at lists.suse.com Wed Jun 8 08:08:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 16:08:56 +0200 (CEST) Subject: SUSE-SU-2016:1528-1: moderate: Security update for openssh Message-ID: <20160608140856.26381FF6E@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1528-1 Rating: moderate References: #729190 #932483 #948902 #960414 #961368 #961494 #962313 #965576 #970632 #975865 Cross-References: CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: openssh was updated to fix three security issues. These security issues were fixed: - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions (bsc#970632). - CVE-2016-1908: Possible fallback from untrusted to trusted X11 forwarding (bsc#962313). - CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes (bsc#975865). These non-security issues were fixed: - Correctly parse GSSAPI KEX algorithms (bsc#961368) - More verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414) - Fix PRNG re-seeding (bsc#960414, bsc#729190) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) - Allow empty Match blocks (bsc#961494) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssh-12603=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-12603=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-6.6p1-21.1 openssh-askpass-gnome-6.6p1-21.3 openssh-fips-6.6p1-21.1 openssh-helpers-6.6p1-21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-21.3 openssh-debuginfo-6.6p1-21.1 openssh-debugsource-6.6p1-21.1 References: https://www.suse.com/security/cve/CVE-2015-8325.html https://www.suse.com/security/cve/CVE-2016-1908.html https://www.suse.com/security/cve/CVE-2016-3115.html https://bugzilla.suse.com/729190 https://bugzilla.suse.com/932483 https://bugzilla.suse.com/948902 https://bugzilla.suse.com/960414 https://bugzilla.suse.com/961368 https://bugzilla.suse.com/961494 https://bugzilla.suse.com/962313 https://bugzilla.suse.com/965576 https://bugzilla.suse.com/970632 https://bugzilla.suse.com/975865 From sle-updates at lists.suse.com Wed Jun 8 09:07:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 17:07:53 +0200 (CEST) Subject: SUSE-RU-2016:1529-1: Recommended update for glib2, pango Message-ID: <20160608150754.0AC94FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib2, pango ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1529-1 Rating: low References: #978972 #981957 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for glib2 and pango provides the following fixes: - Ignore postun/postin errors in 32bit case too. (bsc#978972) - Add missing pcre-devel dependency to glib2-devel. (bsc#981957) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glib2-pango-12605=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glib2-pango-12605=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glib2-pango-12605=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-devel-2.22.5-0.8.26.1 libgio-fam-2.22.5-0.8.26.1 pango-devel-1.26.2-1.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): glib2-devel-32bit-2.22.5-0.8.26.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glib2-doc-2.22.5-0.8.26.1 pango-doc-1.26.2-1.5.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): pango-devel-32bit-1.26.2-1.5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-2.22.5-0.8.26.1 glib2-doc-2.22.5-0.8.26.1 glib2-lang-2.22.5-0.8.26.1 libgio-2_0-0-2.22.5-0.8.26.1 libglib-2_0-0-2.22.5-0.8.26.1 libgmodule-2_0-0-2.22.5-0.8.26.1 libgobject-2_0-0-2.22.5-0.8.26.1 libgthread-2_0-0-2.22.5-0.8.26.1 pango-1.26.2-1.5.1 pango-doc-1.26.2-1.5.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libgio-2_0-0-32bit-2.22.5-0.8.26.1 libglib-2_0-0-32bit-2.22.5-0.8.26.1 libgmodule-2_0-0-32bit-2.22.5-0.8.26.1 libgobject-2_0-0-32bit-2.22.5-0.8.26.1 libgthread-2_0-0-32bit-2.22.5-0.8.26.1 pango-32bit-1.26.2-1.5.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libgio-2_0-0-x86-2.22.5-0.8.26.1 libglib-2_0-0-x86-2.22.5-0.8.26.1 libgmodule-2_0-0-x86-2.22.5-0.8.26.1 libgobject-2_0-0-x86-2.22.5-0.8.26.1 libgthread-2_0-0-x86-2.22.5-0.8.26.1 pango-x86-1.26.2-1.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-debuginfo-2.22.5-0.8.26.1 glib2-debugsource-2.22.5-0.8.26.1 pango-debuginfo-1.26.2-1.5.1 pango-debugsource-1.26.2-1.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): pango-debuginfo-32bit-1.26.2-1.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): pango-debuginfo-x86-1.26.2-1.5.1 References: https://bugzilla.suse.com/978972 https://bugzilla.suse.com/981957 From sle-updates at lists.suse.com Wed Jun 8 09:08:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 17:08:22 +0200 (CEST) Subject: SUSE-RU-2016:1530-1: moderate: Recommended update for Mesa Message-ID: <20160608150822.48142FF6E@maintenance.suse.de> SUSE Recommended Update: Recommended update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1530-1 Rating: moderate References: #980382 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Mesa fixes the following issues: - Potential crash due to out of bounds ScreenCount check. (bsc#980382). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-907=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-907=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-907=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-907=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-907=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-907=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-907=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-907=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-libGLESv2-2-32bit-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-libGLESv2-2-32bit-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): Mesa-debuginfo-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-devel-10.0.2-100.1 Mesa-libEGL-devel-10.0.2-100.1 Mesa-libGL-devel-10.0.2-100.1 Mesa-libGLESv1_CM-devel-10.0.2-100.1 Mesa-libGLESv1_CM1-10.0.2-100.1 Mesa-libGLESv1_CM1-debuginfo-10.0.2-100.1 Mesa-libGLESv2-devel-10.0.2-100.1 Mesa-libGLESv3-devel-10.0.2-100.1 Mesa-libglapi-devel-10.0.2-100.1 libOSMesa-devel-10.0.2-100.1 libOSMesa9-10.0.2-100.1 libOSMesa9-debuginfo-10.0.2-100.1 libgbm-devel-10.0.2-100.1 libxatracker-devel-1.0.0-100.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): Mesa-debuginfo-32bit-10.0.2-100.1 libOSMesa9-32bit-10.0.2-100.1 libOSMesa9-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): Mesa-debuginfo-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-devel-10.0.2-100.1 Mesa-libEGL-devel-10.0.2-100.1 Mesa-libGL-devel-10.0.2-100.1 Mesa-libGLESv1_CM-devel-10.0.2-100.1 Mesa-libGLESv1_CM1-10.0.2-100.1 Mesa-libGLESv1_CM1-debuginfo-10.0.2-100.1 Mesa-libGLESv2-devel-10.0.2-100.1 Mesa-libGLESv3-devel-10.0.2-100.1 Mesa-libglapi-devel-10.0.2-100.1 libOSMesa-devel-10.0.2-100.1 libOSMesa9-10.0.2-100.1 libOSMesa9-debuginfo-10.0.2-100.1 libgbm-devel-10.0.2-100.1 libxatracker-devel-1.0.0-100.1 - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): libOSMesa9-32bit-10.0.2-100.1 libOSMesa9-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): Mesa-10.0.2-100.1 Mesa-debuginfo-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-libEGL1-10.0.2-100.1 Mesa-libEGL1-debuginfo-10.0.2-100.1 Mesa-libGL1-10.0.2-100.1 Mesa-libGL1-debuginfo-10.0.2-100.1 Mesa-libGLESv2-2-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-10.0.2-100.1 Mesa-libglapi0-10.0.2-100.1 Mesa-libglapi0-debuginfo-10.0.2-100.1 libgbm1-10.0.2-100.1 libgbm1-debuginfo-10.0.2-100.1 libxatracker2-1.0.0-100.1 libxatracker2-debuginfo-1.0.0-100.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): Mesa-32bit-10.0.2-100.1 Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-libEGL1-32bit-10.0.2-100.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGL1-32bit-10.0.2-100.1 Mesa-libGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libglapi0-32bit-10.0.2-100.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-100.1 libgbm1-32bit-10.0.2-100.1 libgbm1-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): Mesa-10.0.2-100.1 Mesa-debuginfo-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-libEGL1-10.0.2-100.1 Mesa-libEGL1-debuginfo-10.0.2-100.1 Mesa-libGL1-10.0.2-100.1 Mesa-libGL1-debuginfo-10.0.2-100.1 Mesa-libGLESv2-2-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-10.0.2-100.1 Mesa-libglapi0-10.0.2-100.1 Mesa-libglapi0-debuginfo-10.0.2-100.1 libgbm1-10.0.2-100.1 libgbm1-debuginfo-10.0.2-100.1 libxatracker2-1.0.0-100.1 libxatracker2-debuginfo-1.0.0-100.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): Mesa-32bit-10.0.2-100.1 Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-libEGL1-32bit-10.0.2-100.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGL1-32bit-10.0.2-100.1 Mesa-libGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libglapi0-32bit-10.0.2-100.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-100.1 libgbm1-32bit-10.0.2-100.1 libgbm1-debuginfo-32bit-10.0.2-100.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): Mesa-10.0.2-100.1 Mesa-32bit-10.0.2-100.1 Mesa-debuginfo-10.0.2-100.1 Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-libEGL1-10.0.2-100.1 Mesa-libEGL1-32bit-10.0.2-100.1 Mesa-libEGL1-debuginfo-10.0.2-100.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGL1-10.0.2-100.1 Mesa-libGL1-32bit-10.0.2-100.1 Mesa-libGL1-debuginfo-10.0.2-100.1 Mesa-libGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGLESv2-2-10.0.2-100.1 Mesa-libGLESv2-2-32bit-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-100.1 Mesa-libglapi0-10.0.2-100.1 Mesa-libglapi0-32bit-10.0.2-100.1 Mesa-libglapi0-debuginfo-10.0.2-100.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-100.1 libgbm1-10.0.2-100.1 libgbm1-32bit-10.0.2-100.1 libgbm1-debuginfo-10.0.2-100.1 libgbm1-debuginfo-32bit-10.0.2-100.1 libxatracker2-1.0.0-100.1 libxatracker2-debuginfo-1.0.0-100.1 - SUSE Linux Enterprise Desktop 12 (x86_64): Mesa-10.0.2-100.1 Mesa-32bit-10.0.2-100.1 Mesa-debuginfo-10.0.2-100.1 Mesa-debuginfo-32bit-10.0.2-100.1 Mesa-debugsource-10.0.2-100.1 Mesa-libEGL1-10.0.2-100.1 Mesa-libEGL1-32bit-10.0.2-100.1 Mesa-libEGL1-debuginfo-10.0.2-100.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGL1-10.0.2-100.1 Mesa-libGL1-32bit-10.0.2-100.1 Mesa-libGL1-debuginfo-10.0.2-100.1 Mesa-libGL1-debuginfo-32bit-10.0.2-100.1 Mesa-libGLESv2-2-10.0.2-100.1 Mesa-libGLESv2-2-32bit-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-10.0.2-100.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-100.1 Mesa-libglapi0-10.0.2-100.1 Mesa-libglapi0-32bit-10.0.2-100.1 Mesa-libglapi0-debuginfo-10.0.2-100.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-100.1 libgbm1-10.0.2-100.1 libgbm1-32bit-10.0.2-100.1 libgbm1-debuginfo-10.0.2-100.1 libgbm1-debuginfo-32bit-10.0.2-100.1 libxatracker2-1.0.0-100.1 libxatracker2-debuginfo-1.0.0-100.1 References: https://bugzilla.suse.com/980382 From sle-updates at lists.suse.com Wed Jun 8 09:08:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 17:08:39 +0200 (CEST) Subject: SUSE-RU-2016:1531-1: moderate: Recommended update for irqbalance Message-ID: <20160608150839.68177FF6E@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1531-1 Rating: moderate References: #949276 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for irqbalance fixes the following issues: - Add parameter IRQBALANCE_ARGS to sysconfig file, allowing users to pass arbitrary parameters to the daemon. (bsc#949276) - Balance correctly IRQs reappearing. (bsc#949276) - Classify PCI Sub-Class for better performance. (bsc#949276) - Continuously balance single socket systems. (bsc#949276) - Fix CPU hotplug segmentation fault. (bsc#949276) - NUMA is not available fix. (bsc#949276) - Follow latest PCI class code spec. (bsc#949276) - Make irqbalance work with Xen PV guest. (bsc#949276) - Re-calibrate some IRQ classes and levels. (bsc#949276) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-irqbalance-12604=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-irqbalance-12604=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): irqbalance-1.0.4-0.15.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): irqbalance-debuginfo-1.0.4-0.15.2 irqbalance-debugsource-1.0.4-0.15.2 References: https://bugzilla.suse.com/949276 From sle-updates at lists.suse.com Wed Jun 8 09:09:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 17:09:01 +0200 (CEST) Subject: SUSE-RU-2016:1532-1: moderate: Recommended update for irqbalance Message-ID: <20160608150901.8D48EFF6E@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1532-1 Rating: moderate References: #949276 #968711 #968870 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for irqbalance fixes the following issues: - Fix banned IRQ balance list. (bsc#968711) - Remove unused sysconfig variable IRQBALANCE_BANNED_INTERRUPTS. (bsc#968870) - Balance correctly IRQs reappearing. (bsc#949276) - Classify PCI Sub-Class for better performance. (bsc#949276) - Follow latest PCI class code spec. (bsc#949276) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-909=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-909=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-909=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-909=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64): irqbalance-1.0.7-7.1 irqbalance-debuginfo-1.0.7-7.1 irqbalance-debugsource-1.0.7-7.1 - SUSE Linux Enterprise Server 12 (ppc64le x86_64): irqbalance-1.0.7-7.1 irqbalance-debuginfo-1.0.7-7.1 irqbalance-debugsource-1.0.7-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): irqbalance-1.0.7-7.1 irqbalance-debuginfo-1.0.7-7.1 irqbalance-debugsource-1.0.7-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): irqbalance-1.0.7-7.1 irqbalance-debuginfo-1.0.7-7.1 irqbalance-debugsource-1.0.7-7.1 References: https://bugzilla.suse.com/949276 https://bugzilla.suse.com/968711 https://bugzilla.suse.com/968870 From sle-updates at lists.suse.com Wed Jun 8 12:07:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Jun 2016 20:07:56 +0200 (CEST) Subject: SUSE-RU-2016:1533-1: moderate: Recommended update for gnome-packagekit Message-ID: <20160608180756.679D1FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-packagekit ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1533-1 Rating: moderate References: #939278 #946886 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for Gnome PackageKit enhances handling of GPG signatures in package repositories. Users will now be asked if signatures should be installed when necessary. Additionally, it prevents the applet from asking the administrator password to early when an update requires a system reboot. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-911=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-911=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-911=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-911=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gnome-packagekit-3.10.1-13.50 gnome-packagekit-debuginfo-3.10.1-13.50 gnome-packagekit-debugsource-3.10.1-13.50 - SUSE Linux Enterprise Server 12-SP1 (noarch): gnome-packagekit-lang-3.10.1-13.50 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnome-packagekit-3.10.1-13.50 gnome-packagekit-debuginfo-3.10.1-13.50 gnome-packagekit-debugsource-3.10.1-13.50 - SUSE Linux Enterprise Server 12 (noarch): gnome-packagekit-lang-3.10.1-13.50 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gnome-packagekit-3.10.1-13.50 gnome-packagekit-debuginfo-3.10.1-13.50 gnome-packagekit-debugsource-3.10.1-13.50 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gnome-packagekit-lang-3.10.1-13.50 - SUSE Linux Enterprise Desktop 12 (noarch): gnome-packagekit-lang-3.10.1-13.50 - SUSE Linux Enterprise Desktop 12 (x86_64): gnome-packagekit-3.10.1-13.50 gnome-packagekit-debuginfo-3.10.1-13.50 gnome-packagekit-debugsource-3.10.1-13.50 References: https://bugzilla.suse.com/939278 https://bugzilla.suse.com/946886 From sle-updates at lists.suse.com Thu Jun 9 05:08:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2016 13:08:18 +0200 (CEST) Subject: SUSE-RU-2016:1535-1: moderate: Recommended update for vsftpd Message-ID: <20160609110818.31EA9FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1535-1 Rating: moderate References: #786024 #935279 #968138 #969411 #970982 #971784 #972169 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for vsftpd fixes the following issues: - ? wildcard matching broken (bsc#969411). - Hang when using seccomp and syslog (bsc#971784). - User creation to not report errors when user already exists (bsc#972169). - Hang on pam_exec in pam.d (bsc#970982). - Memory leaks in ls.c (bsc#968138). - Logrotate script fails when vsftpd is not running. (bsc#935279) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-912=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-912=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): vsftpd-3.0.2-31.1 vsftpd-debuginfo-3.0.2-31.1 vsftpd-debugsource-3.0.2-31.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): vsftpd-3.0.2-31.1 vsftpd-debuginfo-3.0.2-31.1 vsftpd-debugsource-3.0.2-31.1 References: https://bugzilla.suse.com/786024 https://bugzilla.suse.com/935279 https://bugzilla.suse.com/968138 https://bugzilla.suse.com/969411 https://bugzilla.suse.com/970982 https://bugzilla.suse.com/971784 https://bugzilla.suse.com/972169 From sle-updates at lists.suse.com Thu Jun 9 08:11:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2016 16:11:15 +0200 (CEST) Subject: SUSE-RU-2016:1536-1: Recommended update for xorg-x11-driver-input Message-ID: <20160609141115.2B664FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-driver-input ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1536-1 Rating: low References: #967836 #979895 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xorg-x11-driver-input provides the following enhancements: - Add Kiosk mode: Implement a filter for the evdev driver which provides click-on-touch and click-on-release. (fate#319647, bsc#967836) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-driver-input-12606=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-driver-input-12606=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): xorg-x11-driver-input-7.4-13.70.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 x86_64): xorg-x11-driver-input-7.4-13.70.1 References: https://bugzilla.suse.com/967836 https://bugzilla.suse.com/979895 From sle-updates at lists.suse.com Thu Jun 9 09:08:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2016 17:08:11 +0200 (CEST) Subject: SUSE-RU-2016:1537-1: Recommended update for xrdp Message-ID: <20160609150811.4385DFF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1537-1 Rating: low References: #965647 #973130 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xrdp enhances the startwm.sh script, allowing the administrator to easily configure which desktop session should be started on xrdp displays. Additionally, it fixes a logic error in the package's post installation script when checking if the rsakeys.ini file was correctly generated. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-914=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-914=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-914=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-914=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): xrdp-0.6.1-11.1 xrdp-debuginfo-0.6.1-11.1 xrdp-debugsource-0.6.1-11.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): xrdp-0.6.1-11.1 xrdp-debuginfo-0.6.1-11.1 xrdp-debugsource-0.6.1-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xrdp-0.6.1-11.1 xrdp-debuginfo-0.6.1-11.1 xrdp-debugsource-0.6.1-11.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xrdp-0.6.1-11.1 xrdp-debuginfo-0.6.1-11.1 xrdp-debugsource-0.6.1-11.1 References: https://bugzilla.suse.com/965647 https://bugzilla.suse.com/973130 From sle-updates at lists.suse.com Thu Jun 9 10:07:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2016 18:07:55 +0200 (CEST) Subject: SUSE-SU-2016:1538-1: important: Security update for libxml2 Message-ID: <20160609160755.74BBCFF6C@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1538-1 Rating: important References: #963963 #965283 #978395 #981040 #981041 #981108 #981109 #981111 #981112 #981114 #981115 #981548 #981549 #981550 Cross-References: CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-915=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-915=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-915=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-915=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-915=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-915=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-24.1 libxml2-devel-2.9.1-24.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-24.1 libxml2-devel-2.9.1-24.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libxml2-2-2.9.1-24.1 libxml2-2-debuginfo-2.9.1-24.1 libxml2-debugsource-2.9.1-24.1 libxml2-tools-2.9.1-24.1 libxml2-tools-debuginfo-2.9.1-24.1 python-libxml2-2.9.1-24.1 python-libxml2-debuginfo-2.9.1-24.1 python-libxml2-debugsource-2.9.1-24.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libxml2-2-32bit-2.9.1-24.1 libxml2-2-debuginfo-32bit-2.9.1-24.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): libxml2-doc-2.9.1-24.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libxml2-2-2.9.1-24.1 libxml2-2-debuginfo-2.9.1-24.1 libxml2-debugsource-2.9.1-24.1 libxml2-tools-2.9.1-24.1 libxml2-tools-debuginfo-2.9.1-24.1 python-libxml2-2.9.1-24.1 python-libxml2-debuginfo-2.9.1-24.1 python-libxml2-debugsource-2.9.1-24.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libxml2-2-32bit-2.9.1-24.1 libxml2-2-debuginfo-32bit-2.9.1-24.1 - SUSE Linux Enterprise Server 12 (noarch): libxml2-doc-2.9.1-24.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libxml2-2-2.9.1-24.1 libxml2-2-32bit-2.9.1-24.1 libxml2-2-debuginfo-2.9.1-24.1 libxml2-2-debuginfo-32bit-2.9.1-24.1 libxml2-debugsource-2.9.1-24.1 libxml2-tools-2.9.1-24.1 libxml2-tools-debuginfo-2.9.1-24.1 python-libxml2-2.9.1-24.1 python-libxml2-debuginfo-2.9.1-24.1 python-libxml2-debugsource-2.9.1-24.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libxml2-2-2.9.1-24.1 libxml2-2-32bit-2.9.1-24.1 libxml2-2-debuginfo-2.9.1-24.1 libxml2-2-debuginfo-32bit-2.9.1-24.1 libxml2-debugsource-2.9.1-24.1 libxml2-tools-2.9.1-24.1 libxml2-tools-debuginfo-2.9.1-24.1 python-libxml2-2.9.1-24.1 python-libxml2-debuginfo-2.9.1-24.1 python-libxml2-debugsource-2.9.1-24.1 References: https://www.suse.com/security/cve/CVE-2015-8806.html https://www.suse.com/security/cve/CVE-2016-1762.html https://www.suse.com/security/cve/CVE-2016-1833.html https://www.suse.com/security/cve/CVE-2016-1834.html https://www.suse.com/security/cve/CVE-2016-1835.html https://www.suse.com/security/cve/CVE-2016-1837.html https://www.suse.com/security/cve/CVE-2016-1838.html https://www.suse.com/security/cve/CVE-2016-1839.html https://www.suse.com/security/cve/CVE-2016-1840.html https://www.suse.com/security/cve/CVE-2016-2073.html https://www.suse.com/security/cve/CVE-2016-3705.html https://www.suse.com/security/cve/CVE-2016-4447.html https://www.suse.com/security/cve/CVE-2016-4448.html https://www.suse.com/security/cve/CVE-2016-4449.html https://www.suse.com/security/cve/CVE-2016-4483.html https://bugzilla.suse.com/963963 https://bugzilla.suse.com/965283 https://bugzilla.suse.com/978395 https://bugzilla.suse.com/981040 https://bugzilla.suse.com/981041 https://bugzilla.suse.com/981108 https://bugzilla.suse.com/981109 https://bugzilla.suse.com/981111 https://bugzilla.suse.com/981112 https://bugzilla.suse.com/981114 https://bugzilla.suse.com/981115 https://bugzilla.suse.com/981548 https://bugzilla.suse.com/981549 https://bugzilla.suse.com/981550 From sle-updates at lists.suse.com Thu Jun 9 11:07:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Jun 2016 19:07:35 +0200 (CEST) Subject: SUSE-RU-2016:1539-1: moderate: Recommended update for util-linux Message-ID: <20160609170735.0DDE3FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1539-1 Rating: moderate References: #947494 #953691 #954482 #956540 #963399 #968733 #970404 #972684 #975082 #976141 #977259 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for util-linux provides the following fixes: - Reuse existing loop device to prevent possible data corruption when multiple -o loop are used to mount a single file. (bsc#947494) - Remove incorrect --with-bashcompletiondir that breaks bash-completion, use path in bash-completion.pc instead. (bsc#977259) - Fix blkid to wipe correct area for probes with offset. (bsc#976141) - Fix and improve function of lscpu on Power Systems. (bsc#975082) - Fix crash while evaluating root of btrfs. (bsc#972684) - Make sulogin call tcfinal unconditionally. (bsc#970404) - Fix "mount -a" for loopdev (bsc#947494) - Prevent "mount -a" from mounting btrfs volumes multiple times. (bsc#947494) - Add support for locked root accounts in sulogin. (bsc#963399, bsc#968733) - Remove Persistent= directive from fstrim for systemd versions older than 212. (bsc#956540, bsc#953691, bsc#954482) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-916=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-916=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-916=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-916=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libuuid-devel-2.25-32.4 util-linux-debuginfo-2.25-32.4 util-linux-debugsource-2.25-32.4 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libblkid-devel-2.25-32.4 libmount-devel-2.25-32.4 libsmartcols-devel-2.25-32.4 libuuid-devel-2.25-32.4 util-linux-debuginfo-2.25-32.4 util-linux-debugsource-2.25-32.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libblkid1-2.25-32.4 libblkid1-debuginfo-2.25-32.4 libmount1-2.25-32.4 libmount1-debuginfo-2.25-32.4 libsmartcols1-2.25-32.4 libsmartcols1-debuginfo-2.25-32.4 libuuid1-2.25-32.4 libuuid1-debuginfo-2.25-32.4 python-libmount-2.25-32.8 python-libmount-debuginfo-2.25-32.8 python-libmount-debugsource-2.25-32.8 util-linux-2.25-32.4 util-linux-debuginfo-2.25-32.4 util-linux-debugsource-2.25-32.4 util-linux-systemd-2.25-32.2 util-linux-systemd-debuginfo-2.25-32.2 util-linux-systemd-debugsource-2.25-32.2 uuidd-2.25-32.2 uuidd-debuginfo-2.25-32.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libblkid1-32bit-2.25-32.4 libblkid1-debuginfo-32bit-2.25-32.4 libmount1-32bit-2.25-32.4 libmount1-debuginfo-32bit-2.25-32.4 libuuid1-32bit-2.25-32.4 libuuid1-debuginfo-32bit-2.25-32.4 - SUSE Linux Enterprise Server 12-SP1 (noarch): util-linux-lang-2.25-32.4 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): util-linux-lang-2.25-32.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libblkid1-2.25-32.4 libblkid1-32bit-2.25-32.4 libblkid1-debuginfo-2.25-32.4 libblkid1-debuginfo-32bit-2.25-32.4 libmount1-2.25-32.4 libmount1-32bit-2.25-32.4 libmount1-debuginfo-2.25-32.4 libmount1-debuginfo-32bit-2.25-32.4 libsmartcols1-2.25-32.4 libsmartcols1-debuginfo-2.25-32.4 libuuid-devel-2.25-32.4 libuuid1-2.25-32.4 libuuid1-32bit-2.25-32.4 libuuid1-debuginfo-2.25-32.4 libuuid1-debuginfo-32bit-2.25-32.4 python-libmount-2.25-32.8 python-libmount-debuginfo-2.25-32.8 python-libmount-debugsource-2.25-32.8 util-linux-2.25-32.4 util-linux-debuginfo-2.25-32.4 util-linux-debugsource-2.25-32.4 util-linux-systemd-2.25-32.2 util-linux-systemd-debuginfo-2.25-32.2 util-linux-systemd-debugsource-2.25-32.2 uuidd-2.25-32.2 uuidd-debuginfo-2.25-32.2 References: https://bugzilla.suse.com/947494 https://bugzilla.suse.com/953691 https://bugzilla.suse.com/954482 https://bugzilla.suse.com/956540 https://bugzilla.suse.com/963399 https://bugzilla.suse.com/968733 https://bugzilla.suse.com/970404 https://bugzilla.suse.com/972684 https://bugzilla.suse.com/975082 https://bugzilla.suse.com/976141 https://bugzilla.suse.com/977259 From sle-updates at lists.suse.com Thu Jun 9 16:07:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2016 00:07:50 +0200 (CEST) Subject: SUSE-RU-2016:1540-1: Recommended update for release-notes-slepos Message-ID: <20160609220750.9C5F1F402@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-slepos ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1540-1 Rating: low References: #979892 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest version of the release notes for SUSE Linux Enterprise Server Point of Service 11 SP3. - Add notes about running SLEPOS11-SP3 on top of SLES11-SP4 (bsc#979892) - Fix a wording issue with the HA functionality description - Various minor fixes Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-release-notes-slepos-12607=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 x86_64): release-notes-slepos-11-1.26.3 References: https://bugzilla.suse.com/979892 From sle-updates at lists.suse.com Fri Jun 10 07:08:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2016 15:08:01 +0200 (CEST) Subject: SUSE-SU-2016:1541-1: important: Security update for bind Message-ID: <20160610130801.5B5ECF39D@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1541-1 Rating: important References: #970072 #970073 Cross-References: CVE-2016-1285 CVE-2016-1286 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes two assertion failures that could lead to a remote denial of service attack: - CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. (bsc#970072) - CVE-2016-1286: An error when parsing signature records for DNAME records having specific properties can lead to named exiting due to an assertion failure in resolver.c or db.c. (bsc#970073) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bind-12608=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bind-12608=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bind-12608=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): bind-9.9.6P1-0.27.1 bind-chrootenv-9.9.6P1-0.27.1 bind-doc-9.9.6P1-0.27.1 bind-libs-32bit-9.9.6P1-0.27.1 bind-libs-9.9.6P1-0.27.1 bind-utils-9.9.6P1-0.27.1 - SUSE Manager Proxy 2.1 (x86_64): bind-9.9.6P1-0.27.1 bind-chrootenv-9.9.6P1-0.27.1 bind-doc-9.9.6P1-0.27.1 bind-libs-32bit-9.9.6P1-0.27.1 bind-libs-9.9.6P1-0.27.1 bind-utils-9.9.6P1-0.27.1 - SUSE Manager 2.1 (s390x x86_64): bind-9.9.6P1-0.27.1 bind-chrootenv-9.9.6P1-0.27.1 bind-doc-9.9.6P1-0.27.1 bind-libs-32bit-9.9.6P1-0.27.1 bind-libs-9.9.6P1-0.27.1 bind-utils-9.9.6P1-0.27.1 References: https://www.suse.com/security/cve/CVE-2016-1285.html https://www.suse.com/security/cve/CVE-2016-1286.html https://bugzilla.suse.com/970072 https://bugzilla.suse.com/970073 From sle-updates at lists.suse.com Fri Jun 10 08:08:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2016 16:08:05 +0200 (CEST) Subject: SUSE-RU-2016:1542-1: moderate: Recommended update for sysconfig Message-ID: <20160610140805.0B492F39D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1542-1 Rating: moderate References: #865573 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysconfig fixes the following issue: - ppp: install refactored ip-up and related scripts (bsc#865573) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-920=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-920=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-920=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-920=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): sysconfig-0.83.9-10.1 sysconfig-debuginfo-0.83.9-10.1 sysconfig-debugsource-0.83.9-10.1 sysconfig-netconfig-0.83.9-10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): sysconfig-0.83.9-10.1 sysconfig-debuginfo-0.83.9-10.1 sysconfig-debugsource-0.83.9-10.1 sysconfig-netconfig-0.83.9-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): sysconfig-0.83.9-10.1 sysconfig-debuginfo-0.83.9-10.1 sysconfig-debugsource-0.83.9-10.1 sysconfig-netconfig-0.83.9-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): sysconfig-0.83.9-10.1 sysconfig-debuginfo-0.83.9-10.1 sysconfig-debugsource-0.83.9-10.1 sysconfig-netconfig-0.83.9-10.1 References: https://bugzilla.suse.com/865573 From sle-updates at lists.suse.com Fri Jun 10 12:07:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2016 20:07:50 +0200 (CEST) Subject: SUSE-SU-2016:1543-1: moderate: Security update for poppler Message-ID: <20160610180750.9F168F39D@maintenance.suse.de> SUSE Security Update: Security update for poppler ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1543-1 Rating: moderate References: #976844 Cross-References: CVE-2015-8868 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for poppler fixes the following issues: Security issues fixed: - CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS (bsc#976844) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-922=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-922=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-922=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-922=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-922=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-922=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpoppler-devel-0.24.4-12.1 libpoppler-glib-devel-0.24.4-12.1 libpoppler-qt4-devel-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 typelib-1_0-Poppler-0_18-0.24.4-12.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libpoppler-devel-0.24.4-12.1 libpoppler-glib-devel-0.24.4-12.1 libpoppler-qt4-devel-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 typelib-1_0-Poppler-0_18-0.24.4-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpoppler-glib8-0.24.4-12.1 libpoppler-glib8-debuginfo-0.24.4-12.1 libpoppler-qt4-4-0.24.4-12.1 libpoppler-qt4-4-debuginfo-0.24.4-12.1 libpoppler44-0.24.4-12.1 libpoppler44-debuginfo-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 poppler-tools-0.24.4-12.1 poppler-tools-debuginfo-0.24.4-12.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libpoppler-glib8-0.24.4-12.1 libpoppler-glib8-debuginfo-0.24.4-12.1 libpoppler-qt4-4-0.24.4-12.1 libpoppler-qt4-4-debuginfo-0.24.4-12.1 libpoppler44-0.24.4-12.1 libpoppler44-debuginfo-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 poppler-tools-0.24.4-12.1 poppler-tools-debuginfo-0.24.4-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpoppler-glib8-0.24.4-12.1 libpoppler-glib8-debuginfo-0.24.4-12.1 libpoppler-qt4-4-0.24.4-12.1 libpoppler-qt4-4-debuginfo-0.24.4-12.1 libpoppler44-0.24.4-12.1 libpoppler44-debuginfo-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 poppler-tools-0.24.4-12.1 poppler-tools-debuginfo-0.24.4-12.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libpoppler-glib8-0.24.4-12.1 libpoppler-glib8-debuginfo-0.24.4-12.1 libpoppler-qt4-4-0.24.4-12.1 libpoppler-qt4-4-debuginfo-0.24.4-12.1 libpoppler44-0.24.4-12.1 libpoppler44-debuginfo-0.24.4-12.1 poppler-debugsource-0.24.4-12.1 poppler-qt-debugsource-0.24.4-12.1 poppler-tools-0.24.4-12.1 poppler-tools-debuginfo-0.24.4-12.1 References: https://www.suse.com/security/cve/CVE-2015-8868.html https://bugzilla.suse.com/976844 From sle-updates at lists.suse.com Fri Jun 10 12:08:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Jun 2016 20:08:10 +0200 (CEST) Subject: SUSE-SU-2016:1544-1: moderate: Security update for poppler Message-ID: <20160610180810.1A88EF3F9@maintenance.suse.de> SUSE Security Update: Security update for poppler ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1544-1 Rating: moderate References: #976844 Cross-References: CVE-2015-8868 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for poppler fixes the following issues: Security issues fixed: - CVE-2015-8868: Corrupted PDF file can corrupt heap, causing DoS (bsc#976844) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-poppler-12609=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-poppler-12609=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-poppler-12609=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpoppler-devel-0.12.3-1.12.1 libpoppler-glib-devel-0.12.3-1.12.1 libpoppler-qt2-0.12.3-1.12.1 libpoppler-qt3-devel-0.12.3-1.12.1 libpoppler-qt4-devel-0.12.3-1.12.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): poppler-tools-0.12.3-1.12.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpoppler-glib4-0.12.3-1.12.1 libpoppler-qt4-3-0.12.3-1.12.1 libpoppler5-0.12.3-1.12.1 poppler-tools-0.12.3-1.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): poppler-debuginfo-0.12.3-1.12.1 poppler-debugsource-0.12.3-1.12.1 References: https://www.suse.com/security/cve/CVE-2015-8868.html https://bugzilla.suse.com/976844 From sle-updates at lists.suse.com Mon Jun 13 05:07:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 13:07:34 +0200 (CEST) Subject: SUSE-SU-2016:1559-1: moderate: Security update for spice Message-ID: <20160613110734.78ED5FFB8@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1559-1 Rating: moderate References: #944787 #948976 #982385 #982386 Cross-References: CVE-2015-5260 CVE-2015-5261 CVE-2016-0749 CVE-2016-2150 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: spice was updated to fix four security issues. These security issues were fixed: - CVE-2016-2150: Guest escape using crafted primary surface parameters (bsc#982386). - CVE-2016-0749: Heap-based buffer overflow in smartcard interaction (bsc#982385). - CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944787). - CVE-2015-5261: Host memory access from guest using crafted images (bsc#948976). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-925=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-925=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-925=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): libspice-server-devel-0.12.5-4.1 spice-debugsource-0.12.5-4.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libspice-server1-0.12.5-4.1 libspice-server1-debuginfo-0.12.5-4.1 spice-debugsource-0.12.5-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libspice-server1-0.12.5-4.1 libspice-server1-debuginfo-0.12.5-4.1 spice-debugsource-0.12.5-4.1 References: https://www.suse.com/security/cve/CVE-2015-5260.html https://www.suse.com/security/cve/CVE-2015-5261.html https://www.suse.com/security/cve/CVE-2016-0749.html https://www.suse.com/security/cve/CVE-2016-2150.html https://bugzilla.suse.com/944787 https://bugzilla.suse.com/948976 https://bugzilla.suse.com/982385 https://bugzilla.suse.com/982386 From sle-updates at lists.suse.com Mon Jun 13 05:08:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 13:08:26 +0200 (CEST) Subject: SUSE-SU-2016:1560-1: important: Security update for qemu Message-ID: <20160613110826.64260FFBA@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1560-1 Rating: important References: #886378 #895528 #901508 #928393 #934069 #940929 #944463 #947159 #958491 #958917 #959005 #959386 #960334 #960708 #960725 #960835 #961332 #961333 #961358 #961556 #961691 #962320 #963782 #964413 #967969 #969121 #969122 #969350 #970036 #970037 #975128 #975136 #975700 #976109 #978158 #978160 #980711 #980723 #981266 Cross-References: CVE-2014-3615 CVE-2014-3689 CVE-2014-9718 CVE-2015-3214 CVE-2015-5239 CVE-2015-5745 CVE-2015-7295 CVE-2015-7549 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4952 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 37 vulnerabilities and has two fixes is now available. Description: qemu was updated to fix 37 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266) - CVE-2015-8817: Avoid OOB access in PCI DMA I/O (bsc#969121) - CVE-2015-8818: Avoid OOB access in PCI DMA I/O (bsc#969122) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069) - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393) - CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508) - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed - bsc#886378: qemu truncates vhd images in virt-rescue Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-924=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-924=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): qemu-2.0.2-48.19.1 qemu-block-curl-2.0.2-48.19.1 qemu-block-curl-debuginfo-2.0.2-48.19.1 qemu-debugsource-2.0.2-48.19.1 qemu-guest-agent-2.0.2-48.19.1 qemu-guest-agent-debuginfo-2.0.2-48.19.1 qemu-lang-2.0.2-48.19.1 qemu-tools-2.0.2-48.19.1 qemu-tools-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): qemu-kvm-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (ppc64le): qemu-ppc-2.0.2-48.19.1 qemu-ppc-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (x86_64): qemu-block-rbd-2.0.2-48.19.1 qemu-block-rbd-debuginfo-2.0.2-48.19.1 qemu-x86-2.0.2-48.19.1 qemu-x86-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (noarch): qemu-ipxe-1.0.0-48.19.1 qemu-seabios-1.7.4-48.19.1 qemu-sgabios-8-48.19.1 qemu-vgabios-1.7.4-48.19.1 - SUSE Linux Enterprise Server 12 (s390x): qemu-s390-2.0.2-48.19.1 qemu-s390-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Desktop 12 (x86_64): qemu-2.0.2-48.19.1 qemu-block-curl-2.0.2-48.19.1 qemu-block-curl-debuginfo-2.0.2-48.19.1 qemu-debugsource-2.0.2-48.19.1 qemu-kvm-2.0.2-48.19.1 qemu-tools-2.0.2-48.19.1 qemu-tools-debuginfo-2.0.2-48.19.1 qemu-x86-2.0.2-48.19.1 qemu-x86-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Desktop 12 (noarch): qemu-ipxe-1.0.0-48.19.1 qemu-seabios-1.7.4-48.19.1 qemu-sgabios-8-48.19.1 qemu-vgabios-1.7.4-48.19.1 References: https://www.suse.com/security/cve/CVE-2014-3615.html https://www.suse.com/security/cve/CVE-2014-3689.html https://www.suse.com/security/cve/CVE-2014-9718.html https://www.suse.com/security/cve/CVE-2015-3214.html https://www.suse.com/security/cve/CVE-2015-5239.html https://www.suse.com/security/cve/CVE-2015-5745.html https://www.suse.com/security/cve/CVE-2015-7295.html https://www.suse.com/security/cve/CVE-2015-7549.html https://www.suse.com/security/cve/CVE-2015-8504.html https://www.suse.com/security/cve/CVE-2015-8558.html https://www.suse.com/security/cve/CVE-2015-8567.html https://www.suse.com/security/cve/CVE-2015-8568.html https://www.suse.com/security/cve/CVE-2015-8613.html https://www.suse.com/security/cve/CVE-2015-8619.html https://www.suse.com/security/cve/CVE-2015-8743.html https://www.suse.com/security/cve/CVE-2015-8744.html https://www.suse.com/security/cve/CVE-2015-8745.html https://www.suse.com/security/cve/CVE-2015-8817.html https://www.suse.com/security/cve/CVE-2015-8818.html https://www.suse.com/security/cve/CVE-2016-1568.html https://www.suse.com/security/cve/CVE-2016-1714.html https://www.suse.com/security/cve/CVE-2016-1922.html https://www.suse.com/security/cve/CVE-2016-1981.html https://www.suse.com/security/cve/CVE-2016-2198.html https://www.suse.com/security/cve/CVE-2016-2538.html https://www.suse.com/security/cve/CVE-2016-2841.html https://www.suse.com/security/cve/CVE-2016-2857.html https://www.suse.com/security/cve/CVE-2016-2858.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3712.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4952.html https://bugzilla.suse.com/886378 https://bugzilla.suse.com/895528 https://bugzilla.suse.com/901508 https://bugzilla.suse.com/928393 https://bugzilla.suse.com/934069 https://bugzilla.suse.com/940929 https://bugzilla.suse.com/944463 https://bugzilla.suse.com/947159 https://bugzilla.suse.com/958491 https://bugzilla.suse.com/958917 https://bugzilla.suse.com/959005 https://bugzilla.suse.com/959386 https://bugzilla.suse.com/960334 https://bugzilla.suse.com/960708 https://bugzilla.suse.com/960725 https://bugzilla.suse.com/960835 https://bugzilla.suse.com/961332 https://bugzilla.suse.com/961333 https://bugzilla.suse.com/961358 https://bugzilla.suse.com/961556 https://bugzilla.suse.com/961691 https://bugzilla.suse.com/962320 https://bugzilla.suse.com/963782 https://bugzilla.suse.com/964413 https://bugzilla.suse.com/967969 https://bugzilla.suse.com/969121 https://bugzilla.suse.com/969122 https://bugzilla.suse.com/969350 https://bugzilla.suse.com/970036 https://bugzilla.suse.com/970037 https://bugzilla.suse.com/975128 https://bugzilla.suse.com/975136 https://bugzilla.suse.com/975700 https://bugzilla.suse.com/976109 https://bugzilla.suse.com/978158 https://bugzilla.suse.com/978160 https://bugzilla.suse.com/980711 https://bugzilla.suse.com/980723 https://bugzilla.suse.com/981266 From sle-updates at lists.suse.com Mon Jun 13 09:08:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 17:08:29 +0200 (CEST) Subject: SUSE-SU-2016:1561-1: moderate: Security update for spice Message-ID: <20160613150829.59BFCFFAA@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1561-1 Rating: moderate References: #982385 #982386 Cross-References: CVE-2016-0749 CVE-2016-2150 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: spice was updated to fix two security issues. These security issues were fixed: - CVE-2016-2150: Guest escape using crafted primary surface parameters (bsc#982386). - CVE-2016-0749: Heap-based buffer overflow in smartcard interaction (bsc#982385). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-928=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-928=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-928=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): libspice-server-devel-0.12.4-8.9.1 spice-debugsource-0.12.4-8.9.1 - SUSE Linux Enterprise Server 12 (x86_64): libspice-server1-0.12.4-8.9.1 libspice-server1-debuginfo-0.12.4-8.9.1 spice-debugsource-0.12.4-8.9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libspice-server1-0.12.4-8.9.1 libspice-server1-debuginfo-0.12.4-8.9.1 spice-debugsource-0.12.4-8.9.1 References: https://www.suse.com/security/cve/CVE-2016-0749.html https://www.suse.com/security/cve/CVE-2016-2150.html https://bugzilla.suse.com/982385 https://bugzilla.suse.com/982386 From sle-updates at lists.suse.com Mon Jun 13 09:08:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 17:08:53 +0200 (CEST) Subject: SUSE-RU-2016:1562-1: Recommended update for mtools Message-ID: <20160613150853.1AB85FFB9@maintenance.suse.de> SUSE Recommended Update: Recommended update for mtools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1562-1 Rating: low References: #957007 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mtools provides the following fixes: - Add glibc-locale as a runtime dependency. Tools like mcopy(1) use it. (bsc#957007) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-929=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-929=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-929=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-929=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): mtools-4.0.18-6.15 mtools-debuginfo-4.0.18-6.15 mtools-debugsource-4.0.18-6.15 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): mtools-4.0.18-6.15 mtools-debuginfo-4.0.18-6.15 mtools-debugsource-4.0.18-6.15 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): mtools-4.0.18-6.15 mtools-debuginfo-4.0.18-6.15 mtools-debugsource-4.0.18-6.15 - SUSE Linux Enterprise Desktop 12 (x86_64): mtools-4.0.18-6.15 mtools-debuginfo-4.0.18-6.15 mtools-debugsource-4.0.18-6.15 References: https://bugzilla.suse.com/957007 From sle-updates at lists.suse.com Mon Jun 13 10:37:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 18:37:43 +0200 (CEST) Subject: SUSE-SU-2016:1563-1: important: Security update for ntp Message-ID: <20160613163743.C4059FFB9@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1563-1 Rating: important References: #979302 #979981 #981422 #982056 #982064 #982065 #982066 #982067 #982068 Cross-References: CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-930=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-930=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ntp-4.2.8p8-14.1 ntp-debuginfo-4.2.8p8-14.1 ntp-debugsource-4.2.8p8-14.1 ntp-doc-4.2.8p8-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ntp-4.2.8p8-14.1 ntp-debuginfo-4.2.8p8-14.1 ntp-debugsource-4.2.8p8-14.1 ntp-doc-4.2.8p8-14.1 References: https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/979302 https://bugzilla.suse.com/979981 https://bugzilla.suse.com/981422 https://bugzilla.suse.com/982056 https://bugzilla.suse.com/982064 https://bugzilla.suse.com/982065 https://bugzilla.suse.com/982066 https://bugzilla.suse.com/982067 https://bugzilla.suse.com/982068 From sle-updates at lists.suse.com Mon Jun 13 12:07:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 20:07:58 +0200 (CEST) Subject: SUSE-RU-2016:1564-1: Recommended update for yasm Message-ID: <20160613180758.848ECFFB9@maintenance.suse.de> SUSE Recommended Update: Recommended update for yasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1564-1 Rating: low References: #959429 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yasm increases the symbol hash table size from 31 to 4k entries. This has a significant effect on performance when building some applications. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-931=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-931=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): yasm-1.2.0-10.1 yasm-debuginfo-1.2.0-10.1 yasm-debugsource-1.2.0-10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): yasm-1.2.0-10.1 yasm-debuginfo-1.2.0-10.1 yasm-debugsource-1.2.0-10.1 References: https://bugzilla.suse.com/959429 From sle-updates at lists.suse.com Mon Jun 13 12:08:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Jun 2016 20:08:17 +0200 (CEST) Subject: SUSE-RU-2016:1565-1: Recommended update for nautilus Message-ID: <20160613180817.87768FFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1565-1 Rating: low References: #948796 #963724 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nautilus fixes the following issues: - Nautilus could terminate when inspecting properties of files owned by users that have just been created. (bsc#963724) - Make the path bar at the top of Nautilus windows size itself correctly, instead of only allocating space for a single button. (bsc#948796) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-932=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-932=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-932=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-932=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-932=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-932=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-932=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-932=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libnautilus-extension1-32bit-3.10.1-15.5 libnautilus-extension1-debuginfo-32bit-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libnautilus-extension1-32bit-3.10.1-15.5 libnautilus-extension1-debuginfo-32bit-3.10.1-15.5 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 nautilus-devel-3.10.1-15.5 typelib-1_0-Nautilus-3_0-3.10.1-15.5 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 nautilus-devel-3.10.1-15.5 typelib-1_0-Nautilus-3_0-3.10.1-15.5 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.10.1-15.5 libnautilus-extension1-3.10.1-15.5 libnautilus-extension1-debuginfo-3.10.1-15.5 nautilus-3.10.1-15.5 nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 - SUSE Linux Enterprise Server 12-SP1 (noarch): nautilus-lang-3.10.1-15.5 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.10.1-15.5 libnautilus-extension1-3.10.1-15.5 libnautilus-extension1-debuginfo-3.10.1-15.5 nautilus-3.10.1-15.5 nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 - SUSE Linux Enterprise Server 12 (noarch): nautilus-lang-3.10.1-15.5 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): nautilus-lang-3.10.1-15.5 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gnome-shell-search-provider-nautilus-3.10.1-15.5 libnautilus-extension1-3.10.1-15.5 libnautilus-extension1-32bit-3.10.1-15.5 libnautilus-extension1-debuginfo-3.10.1-15.5 libnautilus-extension1-debuginfo-32bit-3.10.1-15.5 nautilus-3.10.1-15.5 nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 - SUSE Linux Enterprise Desktop 12 (noarch): nautilus-lang-3.10.1-15.5 - SUSE Linux Enterprise Desktop 12 (x86_64): gnome-shell-search-provider-nautilus-3.10.1-15.5 libnautilus-extension1-3.10.1-15.5 libnautilus-extension1-32bit-3.10.1-15.5 libnautilus-extension1-debuginfo-3.10.1-15.5 libnautilus-extension1-debuginfo-32bit-3.10.1-15.5 nautilus-3.10.1-15.5 nautilus-debuginfo-3.10.1-15.5 nautilus-debugsource-3.10.1-15.5 References: https://bugzilla.suse.com/948796 https://bugzilla.suse.com/963724 From sle-updates at lists.suse.com Tue Jun 14 04:08:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2016 12:08:32 +0200 (CEST) Subject: SUSE-SU-2016:1568-1: important: Security update for ntp Message-ID: <20160614100832.66023FFA8@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1568-1 Rating: important References: #957226 #962960 #977450 #977451 #977452 #977455 #977457 #977458 #977459 #977461 #977464 #979302 #979981 #981422 #982064 #982065 #982066 #982067 #982068 Cross-References: CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has two fixes is now available. Description: ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed: - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC (bsc#977457). - CVE-2016-2519: ctl_getitem() return value not always checked (bsc#977458). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2015-7974: NTP did not verify peer associations of symmetric keys when authenticating packets, which might allowed remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key (bsc#962960). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). - CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch (bsc#977452). - CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated (bsc#977455). - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-1547: CRYPTO-NAK DoS (bsc#977459). - CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering (bsc#977450). - CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing (bsc#977464). - CVE-2016-1548: Interleave-pivot - MITIGATION ONLY (bsc#977461). - CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY (bsc#977451). This release also contained improved patches for CVE-2015-7704, CVE-2015-7705, CVE-2015-7974. These non-security issues were fixed: - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". - bsc#957226: Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-933=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-933=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ntp-4.2.8p8-46.8.1 ntp-debuginfo-4.2.8p8-46.8.1 ntp-debugsource-4.2.8p8-46.8.1 ntp-doc-4.2.8p8-46.8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ntp-4.2.8p8-46.8.1 ntp-debuginfo-4.2.8p8-46.8.1 ntp-debugsource-4.2.8p8-46.8.1 ntp-doc-4.2.8p8-46.8.1 References: https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2016-1547.html https://www.suse.com/security/cve/CVE-2016-1548.html https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2016-1550.html https://www.suse.com/security/cve/CVE-2016-1551.html https://www.suse.com/security/cve/CVE-2016-2516.html https://www.suse.com/security/cve/CVE-2016-2517.html https://www.suse.com/security/cve/CVE-2016-2518.html https://www.suse.com/security/cve/CVE-2016-2519.html https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/957226 https://bugzilla.suse.com/962960 https://bugzilla.suse.com/977450 https://bugzilla.suse.com/977451 https://bugzilla.suse.com/977452 https://bugzilla.suse.com/977455 https://bugzilla.suse.com/977457 https://bugzilla.suse.com/977458 https://bugzilla.suse.com/977459 https://bugzilla.suse.com/977461 https://bugzilla.suse.com/977464 https://bugzilla.suse.com/979302 https://bugzilla.suse.com/979981 https://bugzilla.suse.com/981422 https://bugzilla.suse.com/982064 https://bugzilla.suse.com/982065 https://bugzilla.suse.com/982066 https://bugzilla.suse.com/982067 https://bugzilla.suse.com/982068 From sle-updates at lists.suse.com Tue Jun 14 07:08:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2016 15:08:04 +0200 (CEST) Subject: SUSE-SU-2016:1569-1: moderate: Security update for python-Pillow Message-ID: <20160614130804.44951FFA8@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1569-1 Rating: moderate References: #965579 #965582 Cross-References: CVE-2016-0740 CVE-2016-0775 Affected Products: SUSE Enterprise Storage 2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Pillow fixes the following security issues: * CVE-2016-0775: Fixed a buffer overflow in FliDecode.c causing a segfault when opening FLI files. (bsc#965582) * CVE-2016-0740: Fixed a buffer overflow in TiffDecode.c causing an arbitrary amount of memory to be overwritten when opening a specially crafted invalid TIFF file. (bsc#965579) * Fixed an integer overflow in Resample.c causing writes in the Python heap. * Fixed a buffer overflow in PcdDecode.c causing a segfault when opening PhotoCD files. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2016-934=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2 (x86_64): python-Pillow-2.7.0-3.2 python-Pillow-debuginfo-2.7.0-3.2 python-Pillow-debugsource-2.7.0-3.2 References: https://www.suse.com/security/cve/CVE-2016-0740.html https://www.suse.com/security/cve/CVE-2016-0775.html https://bugzilla.suse.com/965579 https://bugzilla.suse.com/965582 From sle-updates at lists.suse.com Tue Jun 14 08:09:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2016 16:09:15 +0200 (CEST) Subject: SUSE-SU-2016:1570-1: important: Security update for ImageMagick Message-ID: <20160614140915.5EB12FFA8@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1570-1 Rating: important References: #867943 #982178 Cross-References: CVE-2016-5118 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2016-5118: Prevent code execution via popen() (bsc#982178) This non-security issue was fixed: - Fix encoding of /Title in generated PDFs. (bsc#867943) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-935=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-935=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-935=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-935=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-935=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-935=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-935=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-935=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-25.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-25.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 ImageMagick-devel-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagick++-devel-6.8.8.1-25.1 perl-PerlMagick-6.8.8.1-25.1 perl-PerlMagick-debuginfo-6.8.8.1-25.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 ImageMagick-devel-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagick++-devel-6.8.8.1-25.1 perl-PerlMagick-6.8.8.1-25.1 perl-PerlMagick-debuginfo-6.8.8.1-25.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagickCore-6_Q16-1-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-25.1 libMagickWand-6_Q16-1-6.8.8.1-25.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-25.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagickCore-6_Q16-1-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-25.1 libMagickWand-6_Q16-1-6.8.8.1-25.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-25.1 libMagickWand-6_Q16-1-6.8.8.1-25.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-25.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ImageMagick-6.8.8.1-25.1 ImageMagick-debuginfo-6.8.8.1-25.1 ImageMagick-debugsource-6.8.8.1-25.1 libMagick++-6_Q16-3-6.8.8.1-25.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-25.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-25.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-25.1 libMagickWand-6_Q16-1-6.8.8.1-25.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-25.1 References: https://www.suse.com/security/cve/CVE-2016-5118.html https://bugzilla.suse.com/867943 https://bugzilla.suse.com/982178 From sle-updates at lists.suse.com Tue Jun 14 10:14:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2016 18:14:48 +0200 (CEST) Subject: SUSE-RU-2016:1577-1: moderate: Recommended update for lio-utils Message-ID: <20160614161448.8FF1FFFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for lio-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1577-1 Rating: moderate References: #972717 #972720 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lio-utils fixes the following issues: - Provide target status by adding a helper script (bsc#972717) - Update HOWTO to talk about systemd instead of init (bsc#972720) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-937=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-937=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): lio-mibs-4.1-15.11.1 lio-mibs-debuginfo-4.1-15.11.1 lio-utils-4.1-15.11.1 lio-utils-debuginfo-4.1-15.11.1 lio-utils-debugsource-4.1-15.11.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): lio-mibs-4.1-15.11.1 lio-mibs-debuginfo-4.1-15.11.1 lio-utils-4.1-15.11.1 lio-utils-debuginfo-4.1-15.11.1 lio-utils-debugsource-4.1-15.11.1 References: https://bugzilla.suse.com/972717 https://bugzilla.suse.com/972720 From sle-updates at lists.suse.com Tue Jun 14 12:07:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Jun 2016 20:07:57 +0200 (CEST) Subject: SUSE-SU-2016:1581-1: important: Security update for php53 Message-ID: <20160614180757.AE574FFB9@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1581-1 Rating: important References: #949961 #968284 #969821 #971611 #971612 #971912 #973351 #973792 #976996 #976997 #977003 #977005 #977991 #977994 #978827 #978828 #978829 #978830 #980366 #980373 #980375 #981050 #982010 #982011 #982012 #982013 #982162 Cross-References: CVE-2014-9767 CVE-2015-4116 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8879 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 CVE-2016-4070 CVE-2016-4073 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: This update for php53 fixes the following issues: - CVE-2016-5093: A get_icu_value_internal out-of-bounds read could crash the php interpreter (bsc#982010) - CVE-2016-5094,CVE-2016-5095: Don't allow creating strings with lengths outside int range, avoids overflows (bsc#982011,bsc#982012) - CVE-2016-5096: A int/size_t confusion in fread could corrupt memory (bsc#982013) - CVE-2016-5114: A fpm_log.c memory leak and buffer overflow could leak information out of the php process or overwrite a buffer by 1 byte (bsc#982162) - CVE-2016-4346: A heap overflow was fixed in ext/standard/string.c (bsc#977994) - CVE-2016-4342: A heap corruption was fixed in tar/zip/phar parser (bsc#977991) - CVE-2016-4537, CVE-2016-4538: bcpowmod accepted negative scale causing heap buffer overflow corrupting _one_ definition (bsc#978827) - CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828) - CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829) - CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830) - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366) - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373) - CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375) - CVE-2015-8879: odbc_bindcols function in ext/odbc/php_odbc.c mishandles driver behavior for SQL_WVARCHAR (bsc#981050) Also fixed previously on SUSE Linux Enterprise 11 SP4, but not yet shipped to SUSE Linux Enterprise Server 11 SP3 LTSS: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792). - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could lead to crashes. [bsc#968284] - CVE-2015-7803: A Stack overflow vulnerability when decompressing tar phar archives could potentially lead to code execution. [bsc#949961] - CVE-2016-3141: A use-after-free / double-free in the WDDX deserialization could lead to crashes or potential code execution. [bsc#969821] - CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912] - CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to overwritten files. [bsc#971612] - CVE-2016-3185: A type confusion vulnerability in make_http_soap_request() could lead to crashes or potentially code execution. [bsc#971611] - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-php53-12611=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-php53-12611=1 - SUSE Manager 2.1: zypper in -t patch sleman21-php53-12611=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12611=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12611=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-php53-12611=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12611=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-php53-12611=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): apache2-mod_php53-5.3.17-71.1 php53-5.3.17-71.1 php53-bcmath-5.3.17-71.1 php53-bz2-5.3.17-71.1 php53-calendar-5.3.17-71.1 php53-ctype-5.3.17-71.1 php53-curl-5.3.17-71.1 php53-dba-5.3.17-71.1 php53-dom-5.3.17-71.1 php53-exif-5.3.17-71.1 php53-fastcgi-5.3.17-71.1 php53-fileinfo-5.3.17-71.1 php53-ftp-5.3.17-71.1 php53-gd-5.3.17-71.1 php53-gettext-5.3.17-71.1 php53-gmp-5.3.17-71.1 php53-iconv-5.3.17-71.1 php53-intl-5.3.17-71.1 php53-json-5.3.17-71.1 php53-ldap-5.3.17-71.1 php53-mbstring-5.3.17-71.1 php53-mcrypt-5.3.17-71.1 php53-mysql-5.3.17-71.1 php53-odbc-5.3.17-71.1 php53-openssl-5.3.17-71.1 php53-pcntl-5.3.17-71.1 php53-pdo-5.3.17-71.1 php53-pear-5.3.17-71.1 php53-pgsql-5.3.17-71.1 php53-pspell-5.3.17-71.1 php53-shmop-5.3.17-71.1 php53-snmp-5.3.17-71.1 php53-soap-5.3.17-71.1 php53-suhosin-5.3.17-71.1 php53-sysvmsg-5.3.17-71.1 php53-sysvsem-5.3.17-71.1 php53-sysvshm-5.3.17-71.1 php53-tokenizer-5.3.17-71.1 php53-wddx-5.3.17-71.1 php53-xmlreader-5.3.17-71.1 php53-xmlrpc-5.3.17-71.1 php53-xmlwriter-5.3.17-71.1 php53-xsl-5.3.17-71.1 php53-zip-5.3.17-71.1 php53-zlib-5.3.17-71.1 - SUSE Manager Proxy 2.1 (x86_64): apache2-mod_php53-5.3.17-71.1 php53-5.3.17-71.1 php53-bcmath-5.3.17-71.1 php53-bz2-5.3.17-71.1 php53-calendar-5.3.17-71.1 php53-ctype-5.3.17-71.1 php53-curl-5.3.17-71.1 php53-dba-5.3.17-71.1 php53-dom-5.3.17-71.1 php53-exif-5.3.17-71.1 php53-fastcgi-5.3.17-71.1 php53-fileinfo-5.3.17-71.1 php53-ftp-5.3.17-71.1 php53-gd-5.3.17-71.1 php53-gettext-5.3.17-71.1 php53-gmp-5.3.17-71.1 php53-iconv-5.3.17-71.1 php53-intl-5.3.17-71.1 php53-json-5.3.17-71.1 php53-ldap-5.3.17-71.1 php53-mbstring-5.3.17-71.1 php53-mcrypt-5.3.17-71.1 php53-mysql-5.3.17-71.1 php53-odbc-5.3.17-71.1 php53-openssl-5.3.17-71.1 php53-pcntl-5.3.17-71.1 php53-pdo-5.3.17-71.1 php53-pear-5.3.17-71.1 php53-pgsql-5.3.17-71.1 php53-pspell-5.3.17-71.1 php53-shmop-5.3.17-71.1 php53-snmp-5.3.17-71.1 php53-soap-5.3.17-71.1 php53-suhosin-5.3.17-71.1 php53-sysvmsg-5.3.17-71.1 php53-sysvsem-5.3.17-71.1 php53-sysvshm-5.3.17-71.1 php53-tokenizer-5.3.17-71.1 php53-wddx-5.3.17-71.1 php53-xmlreader-5.3.17-71.1 php53-xmlrpc-5.3.17-71.1 php53-xmlwriter-5.3.17-71.1 php53-xsl-5.3.17-71.1 php53-zip-5.3.17-71.1 php53-zlib-5.3.17-71.1 - SUSE Manager 2.1 (s390x x86_64): apache2-mod_php53-5.3.17-71.1 php53-5.3.17-71.1 php53-bcmath-5.3.17-71.1 php53-bz2-5.3.17-71.1 php53-calendar-5.3.17-71.1 php53-ctype-5.3.17-71.1 php53-curl-5.3.17-71.1 php53-dba-5.3.17-71.1 php53-dom-5.3.17-71.1 php53-exif-5.3.17-71.1 php53-fastcgi-5.3.17-71.1 php53-fileinfo-5.3.17-71.1 php53-ftp-5.3.17-71.1 php53-gd-5.3.17-71.1 php53-gettext-5.3.17-71.1 php53-gmp-5.3.17-71.1 php53-iconv-5.3.17-71.1 php53-intl-5.3.17-71.1 php53-json-5.3.17-71.1 php53-ldap-5.3.17-71.1 php53-mbstring-5.3.17-71.1 php53-mcrypt-5.3.17-71.1 php53-mysql-5.3.17-71.1 php53-odbc-5.3.17-71.1 php53-openssl-5.3.17-71.1 php53-pcntl-5.3.17-71.1 php53-pdo-5.3.17-71.1 php53-pear-5.3.17-71.1 php53-pgsql-5.3.17-71.1 php53-pspell-5.3.17-71.1 php53-shmop-5.3.17-71.1 php53-snmp-5.3.17-71.1 php53-soap-5.3.17-71.1 php53-suhosin-5.3.17-71.1 php53-sysvmsg-5.3.17-71.1 php53-sysvsem-5.3.17-71.1 php53-sysvshm-5.3.17-71.1 php53-tokenizer-5.3.17-71.1 php53-wddx-5.3.17-71.1 php53-xmlreader-5.3.17-71.1 php53-xmlrpc-5.3.17-71.1 php53-xmlwriter-5.3.17-71.1 php53-xsl-5.3.17-71.1 php53-zip-5.3.17-71.1 php53-zlib-5.3.17-71.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-71.1 php53-imap-5.3.17-71.1 php53-posix-5.3.17-71.1 php53-readline-5.3.17-71.1 php53-sockets-5.3.17-71.1 php53-sqlite-5.3.17-71.1 php53-tidy-5.3.17-71.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-71.1 php53-5.3.17-71.1 php53-bcmath-5.3.17-71.1 php53-bz2-5.3.17-71.1 php53-calendar-5.3.17-71.1 php53-ctype-5.3.17-71.1 php53-curl-5.3.17-71.1 php53-dba-5.3.17-71.1 php53-dom-5.3.17-71.1 php53-exif-5.3.17-71.1 php53-fastcgi-5.3.17-71.1 php53-fileinfo-5.3.17-71.1 php53-ftp-5.3.17-71.1 php53-gd-5.3.17-71.1 php53-gettext-5.3.17-71.1 php53-gmp-5.3.17-71.1 php53-iconv-5.3.17-71.1 php53-intl-5.3.17-71.1 php53-json-5.3.17-71.1 php53-ldap-5.3.17-71.1 php53-mbstring-5.3.17-71.1 php53-mcrypt-5.3.17-71.1 php53-mysql-5.3.17-71.1 php53-odbc-5.3.17-71.1 php53-openssl-5.3.17-71.1 php53-pcntl-5.3.17-71.1 php53-pdo-5.3.17-71.1 php53-pear-5.3.17-71.1 php53-pgsql-5.3.17-71.1 php53-pspell-5.3.17-71.1 php53-shmop-5.3.17-71.1 php53-snmp-5.3.17-71.1 php53-soap-5.3.17-71.1 php53-suhosin-5.3.17-71.1 php53-sysvmsg-5.3.17-71.1 php53-sysvsem-5.3.17-71.1 php53-sysvshm-5.3.17-71.1 php53-tokenizer-5.3.17-71.1 php53-wddx-5.3.17-71.1 php53-xmlreader-5.3.17-71.1 php53-xmlrpc-5.3.17-71.1 php53-xmlwriter-5.3.17-71.1 php53-xsl-5.3.17-71.1 php53-zip-5.3.17-71.1 php53-zlib-5.3.17-71.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): apache2-mod_php53-5.3.17-71.1 php53-5.3.17-71.1 php53-bcmath-5.3.17-71.1 php53-bz2-5.3.17-71.1 php53-calendar-5.3.17-71.1 php53-ctype-5.3.17-71.1 php53-curl-5.3.17-71.1 php53-dba-5.3.17-71.1 php53-dom-5.3.17-71.1 php53-exif-5.3.17-71.1 php53-fastcgi-5.3.17-71.1 php53-fileinfo-5.3.17-71.1 php53-ftp-5.3.17-71.1 php53-gd-5.3.17-71.1 php53-gettext-5.3.17-71.1 php53-gmp-5.3.17-71.1 php53-iconv-5.3.17-71.1 php53-intl-5.3.17-71.1 php53-json-5.3.17-71.1 php53-ldap-5.3.17-71.1 php53-mbstring-5.3.17-71.1 php53-mcrypt-5.3.17-71.1 php53-mysql-5.3.17-71.1 php53-odbc-5.3.17-71.1 php53-openssl-5.3.17-71.1 php53-pcntl-5.3.17-71.1 php53-pdo-5.3.17-71.1 php53-pear-5.3.17-71.1 php53-pgsql-5.3.17-71.1 php53-pspell-5.3.17-71.1 php53-shmop-5.3.17-71.1 php53-snmp-5.3.17-71.1 php53-soap-5.3.17-71.1 php53-suhosin-5.3.17-71.1 php53-sysvmsg-5.3.17-71.1 php53-sysvsem-5.3.17-71.1 php53-sysvshm-5.3.17-71.1 php53-tokenizer-5.3.17-71.1 php53-wddx-5.3.17-71.1 php53-xmlreader-5.3.17-71.1 php53-xmlrpc-5.3.17-71.1 php53-xmlwriter-5.3.17-71.1 php53-xsl-5.3.17-71.1 php53-zip-5.3.17-71.1 php53-zlib-5.3.17-71.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-71.1 php53-debugsource-5.3.17-71.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): php53-debuginfo-5.3.17-71.1 php53-debugsource-5.3.17-71.1 References: https://www.suse.com/security/cve/CVE-2014-9767.html https://www.suse.com/security/cve/CVE-2015-4116.html https://www.suse.com/security/cve/CVE-2015-7803.html https://www.suse.com/security/cve/CVE-2015-8835.html https://www.suse.com/security/cve/CVE-2015-8838.html https://www.suse.com/security/cve/CVE-2015-8866.html https://www.suse.com/security/cve/CVE-2015-8867.html https://www.suse.com/security/cve/CVE-2015-8873.html https://www.suse.com/security/cve/CVE-2015-8874.html https://www.suse.com/security/cve/CVE-2015-8879.html https://www.suse.com/security/cve/CVE-2016-2554.html https://www.suse.com/security/cve/CVE-2016-3141.html https://www.suse.com/security/cve/CVE-2016-3142.html https://www.suse.com/security/cve/CVE-2016-3185.html https://www.suse.com/security/cve/CVE-2016-4070.html https://www.suse.com/security/cve/CVE-2016-4073.html https://www.suse.com/security/cve/CVE-2016-4342.html https://www.suse.com/security/cve/CVE-2016-4346.html https://www.suse.com/security/cve/CVE-2016-4537.html https://www.suse.com/security/cve/CVE-2016-4538.html https://www.suse.com/security/cve/CVE-2016-4539.html https://www.suse.com/security/cve/CVE-2016-4540.html https://www.suse.com/security/cve/CVE-2016-4541.html https://www.suse.com/security/cve/CVE-2016-4542.html https://www.suse.com/security/cve/CVE-2016-4543.html https://www.suse.com/security/cve/CVE-2016-4544.html https://www.suse.com/security/cve/CVE-2016-5093.html https://www.suse.com/security/cve/CVE-2016-5094.html https://www.suse.com/security/cve/CVE-2016-5095.html https://www.suse.com/security/cve/CVE-2016-5096.html https://www.suse.com/security/cve/CVE-2016-5114.html https://bugzilla.suse.com/949961 https://bugzilla.suse.com/968284 https://bugzilla.suse.com/969821 https://bugzilla.suse.com/971611 https://bugzilla.suse.com/971612 https://bugzilla.suse.com/971912 https://bugzilla.suse.com/973351 https://bugzilla.suse.com/973792 https://bugzilla.suse.com/976996 https://bugzilla.suse.com/976997 https://bugzilla.suse.com/977003 https://bugzilla.suse.com/977005 https://bugzilla.suse.com/977991 https://bugzilla.suse.com/977994 https://bugzilla.suse.com/978827 https://bugzilla.suse.com/978828 https://bugzilla.suse.com/978829 https://bugzilla.suse.com/978830 https://bugzilla.suse.com/980366 https://bugzilla.suse.com/980373 https://bugzilla.suse.com/980375 https://bugzilla.suse.com/981050 https://bugzilla.suse.com/982010 https://bugzilla.suse.com/982011 https://bugzilla.suse.com/982012 https://bugzilla.suse.com/982013 https://bugzilla.suse.com/982162 From sle-updates at lists.suse.com Wed Jun 15 06:08:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2016 14:08:22 +0200 (CEST) Subject: SUSE-SU-2016:1584-1: important: Security update for ntp Message-ID: <20160615120822.7BC30FFAB@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1584-1 Rating: important References: #979302 #981422 #982056 #982064 #982065 #982066 #982067 #982068 Cross-References: CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-12612=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-12612=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.8p8-14.1 ntp-doc-4.2.8p8-14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p8-14.1 ntp-debugsource-4.2.8p8-14.1 References: https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/979302 https://bugzilla.suse.com/981422 https://bugzilla.suse.com/982056 https://bugzilla.suse.com/982064 https://bugzilla.suse.com/982065 https://bugzilla.suse.com/982066 https://bugzilla.suse.com/982067 https://bugzilla.suse.com/982068 From sle-updates at lists.suse.com Wed Jun 15 07:09:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2016 15:09:12 +0200 (CEST) Subject: SUSE-SU-2016:1588-1: moderate: Security update for libarchive Message-ID: <20160615130912.5ECB1FFAA@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1588-1 Rating: moderate References: #979005 Cross-References: CVE-2016-1541 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libarchive fixes the following issue: - Fix a heap-based buffer overflow (CVE-2016-1541, bsc#979005) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-940=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-940=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-940=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-940=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-940=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-940=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libarchive-debugsource-3.1.2-12.1 libarchive-devel-3.1.2-12.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libarchive-debugsource-3.1.2-12.1 libarchive-devel-3.1.2-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libarchive-debugsource-3.1.2-12.1 libarchive13-3.1.2-12.1 libarchive13-debuginfo-3.1.2-12.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libarchive-debugsource-3.1.2-12.1 libarchive13-3.1.2-12.1 libarchive13-debuginfo-3.1.2-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libarchive-debugsource-3.1.2-12.1 libarchive13-3.1.2-12.1 libarchive13-debuginfo-3.1.2-12.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libarchive-debugsource-3.1.2-12.1 libarchive13-3.1.2-12.1 libarchive13-debuginfo-3.1.2-12.1 References: https://www.suse.com/security/cve/CVE-2016-1541.html https://bugzilla.suse.com/979005 From sle-updates at lists.suse.com Wed Jun 15 10:10:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2016 18:10:47 +0200 (CEST) Subject: SUSE-RU-2016:1591-1: Recommended update for dmidecode Message-ID: <20160615161047.C87B6FFAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for dmidecode ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1591-1 Rating: low References: #955705 #974862 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dmidecode fixes the following issues: - Skip the SMBIOS version comparison in quiet mode. (bsc#974862) - Add support for DDR4 memory type. (bsc#955705) - Decode the CPUID of recent AMD processors. - Fix memory voltage labels. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-942=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-942=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-942=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-942=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (x86_64): dmidecode-2.12-7.1 dmidecode-debuginfo-2.12-7.1 dmidecode-debugsource-2.12-7.1 - SUSE Linux Enterprise Server 12 (x86_64): dmidecode-2.12-7.1 dmidecode-debuginfo-2.12-7.1 dmidecode-debugsource-2.12-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dmidecode-2.12-7.1 dmidecode-debuginfo-2.12-7.1 dmidecode-debugsource-2.12-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): dmidecode-2.12-7.1 dmidecode-debuginfo-2.12-7.1 dmidecode-debugsource-2.12-7.1 References: https://bugzilla.suse.com/955705 https://bugzilla.suse.com/974862 From sle-updates at lists.suse.com Wed Jun 15 10:11:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Jun 2016 18:11:18 +0200 (CEST) Subject: SUSE-RU-2016:1592-1: moderate: Recommended update for gcc48 Message-ID: <20160615161118.E0763FFAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc48 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1592-1 Rating: moderate References: #955382 #970009 #976627 #977654 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for gcc48 fixes the following issues: - Fix internal compiler error specific to the ppc64le architecture. (bsc#976627) - Fix issue with using gcov and #pragma pack. (bsc#977654) - Fix internal compiler error when building samba on aarch64. (bsc#970009) - Fix HTM built-ins on PowerPC. (bsc#955382) - Build without GRAPHITE where cloog-isl is not available. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-941=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-941=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-941=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-941=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-941=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-941=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-941=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-941=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gcc48-gij-32bit-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-32bit-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 libgcj48-32bit-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-32bit-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): gcc48-gij-32bit-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-32bit-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 libgcj48-32bit-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-32bit-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-fortran-4.8.5-27.1 gcc48-fortran-debuginfo-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 gcc48-java-4.8.5-27.1 gcc48-java-debuginfo-4.8.5-27.1 gcc48-obj-c++-4.8.5-27.1 gcc48-obj-c++-debuginfo-4.8.5-27.1 gcc48-objc-4.8.5-27.1 gcc48-objc-debuginfo-4.8.5-27.1 libffi48-debugsource-4.8.5-27.1 libffi48-devel-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-devel-4.8.5-27.1 libgcj48-devel-debuginfo-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 libobjc4-4.8.5-27.1 libobjc4-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): gcc48-objc-32bit-4.8.5-27.1 libobjc4-32bit-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): gcc48-ada-4.8.5-27.1 gcc48-ada-debuginfo-4.8.5-27.1 libada48-4.8.5-27.1 libada48-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-fortran-4.8.5-27.1 gcc48-fortran-debuginfo-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 gcc48-java-4.8.5-27.1 gcc48-java-debuginfo-4.8.5-27.1 gcc48-obj-c++-4.8.5-27.1 gcc48-obj-c++-debuginfo-4.8.5-27.1 gcc48-objc-4.8.5-27.1 gcc48-objc-debuginfo-4.8.5-27.1 libffi48-debugsource-4.8.5-27.1 libffi48-devel-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-devel-4.8.5-27.1 libgcj48-devel-debuginfo-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 libobjc4-4.8.5-27.1 libobjc4-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): gcc48-objc-32bit-4.8.5-27.1 libobjc4-32bit-4.8.5-27.1 - SUSE Linux Enterprise Software Development Kit 12 (x86_64): gcc48-ada-4.8.5-27.1 gcc48-ada-debuginfo-4.8.5-27.1 libada48-4.8.5-27.1 libada48-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cpp48-4.8.5-27.1 cpp48-debuginfo-4.8.5-27.1 gcc48-4.8.5-27.1 gcc48-c++-4.8.5-27.1 gcc48-c++-debuginfo-4.8.5-27.1 gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-locale-4.8.5-27.1 libstdc++48-devel-4.8.5-27.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gcc48-32bit-4.8.5-27.1 libstdc++48-devel-32bit-4.8.5-27.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libasan0-32bit-4.8.5-27.1 libasan0-4.8.5-27.1 libasan0-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gcc48-info-4.8.5-27.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cpp48-4.8.5-27.1 cpp48-debuginfo-4.8.5-27.1 gcc48-4.8.5-27.1 gcc48-c++-4.8.5-27.1 gcc48-c++-debuginfo-4.8.5-27.1 gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-locale-4.8.5-27.1 libstdc++48-devel-4.8.5-27.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): gcc48-32bit-4.8.5-27.1 libstdc++48-devel-32bit-4.8.5-27.1 - SUSE Linux Enterprise Server 12 (x86_64): libasan0-32bit-4.8.5-27.1 libasan0-32bit-debuginfo-4.8.5-27.1 libasan0-4.8.5-27.1 libasan0-debuginfo-4.8.5-27.1 - SUSE Linux Enterprise Server 12 (noarch): gcc48-info-4.8.5-27.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gcc48-info-4.8.5-27.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): cpp48-4.8.5-27.1 cpp48-debuginfo-4.8.5-27.1 gcc48-32bit-4.8.5-27.1 gcc48-4.8.5-27.1 gcc48-c++-4.8.5-27.1 gcc48-c++-debuginfo-4.8.5-27.1 gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-gij-32bit-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-32bit-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 libasan0-32bit-4.8.5-27.1 libasan0-4.8.5-27.1 libasan0-debuginfo-4.8.5-27.1 libgcj48-32bit-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-32bit-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 libstdc++48-devel-32bit-4.8.5-27.1 libstdc++48-devel-4.8.5-27.1 - SUSE Linux Enterprise Desktop 12 (x86_64): cpp48-4.8.5-27.1 cpp48-debuginfo-4.8.5-27.1 gcc48-32bit-4.8.5-27.1 gcc48-4.8.5-27.1 gcc48-c++-4.8.5-27.1 gcc48-c++-debuginfo-4.8.5-27.1 gcc48-debuginfo-4.8.5-27.1 gcc48-debugsource-4.8.5-27.1 gcc48-gij-32bit-4.8.5-27.1 gcc48-gij-4.8.5-27.1 gcc48-gij-debuginfo-32bit-4.8.5-27.1 gcc48-gij-debuginfo-4.8.5-27.1 libasan0-32bit-4.8.5-27.1 libasan0-32bit-debuginfo-4.8.5-27.1 libasan0-4.8.5-27.1 libasan0-debuginfo-4.8.5-27.1 libgcj48-32bit-4.8.5-27.1 libgcj48-4.8.5-27.1 libgcj48-debuginfo-32bit-4.8.5-27.1 libgcj48-debuginfo-4.8.5-27.1 libgcj48-debugsource-4.8.5-27.1 libgcj48-jar-4.8.5-27.1 libgcj_bc1-4.8.5-27.1 libstdc++48-devel-32bit-4.8.5-27.1 libstdc++48-devel-4.8.5-27.1 - SUSE Linux Enterprise Desktop 12 (noarch): gcc48-info-4.8.5-27.1 References: https://bugzilla.suse.com/955382 https://bugzilla.suse.com/970009 https://bugzilla.suse.com/976627 https://bugzilla.suse.com/977654 From sle-updates at lists.suse.com Thu Jun 16 03:08:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 11:08:24 +0200 (CEST) Subject: SUSE-SU-2016:1593-1: moderate: Security update for p7zip Message-ID: <20160616090824.9BA9EFFA8@maintenance.suse.de> SUSE Security Update: Security update for p7zip ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1593-1 Rating: moderate References: #979823 Cross-References: CVE-2016-2335 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for p7zip fixes the following issues: - add p7zip-9.20.1-CVE-2016-2335.patch to fix 7zip UDF CInArchive::ReadFileItem code execution vulnerability [bsc#979823], [CVE-2016-2335] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-943=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-943=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-943=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-943=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): p7zip-9.20.1-6.1 p7zip-debuginfo-9.20.1-6.1 p7zip-debugsource-9.20.1-6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): p7zip-9.20.1-6.1 p7zip-debuginfo-9.20.1-6.1 p7zip-debugsource-9.20.1-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): p7zip-9.20.1-6.1 p7zip-debuginfo-9.20.1-6.1 p7zip-debugsource-9.20.1-6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): p7zip-9.20.1-6.1 p7zip-debuginfo-9.20.1-6.1 p7zip-debugsource-9.20.1-6.1 References: https://www.suse.com/security/cve/CVE-2016-2335.html https://bugzilla.suse.com/979823 From sle-updates at lists.suse.com Thu Jun 16 07:07:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 15:07:57 +0200 (CEST) Subject: SUSE-SU-2016:1596-1: important: Security update for the Linux Kernel Message-ID: <20160616130757.CBC25FFA8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1596-1 Rating: important References: #983143 Cross-References: CVE-2016-1583 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 12 GA kernel was updated to fix one security issue. The following security bug was fixed: - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-944=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-944=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-944=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-944=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-944=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-944=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.55-52.45.1 kernel-default-debugsource-3.12.55-52.45.1 kernel-default-extra-3.12.55-52.45.1 kernel-default-extra-debuginfo-3.12.55-52.45.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.55-52.45.1 kernel-obs-build-debugsource-3.12.55-52.45.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.55-52.45.4 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.55-52.45.1 kernel-default-base-3.12.55-52.45.1 kernel-default-base-debuginfo-3.12.55-52.45.1 kernel-default-debuginfo-3.12.55-52.45.1 kernel-default-debugsource-3.12.55-52.45.1 kernel-default-devel-3.12.55-52.45.1 kernel-syms-3.12.55-52.45.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.55-52.45.1 kernel-xen-base-3.12.55-52.45.1 kernel-xen-base-debuginfo-3.12.55-52.45.1 kernel-xen-debuginfo-3.12.55-52.45.1 kernel-xen-debugsource-3.12.55-52.45.1 kernel-xen-devel-3.12.55-52.45.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.55-52.45.1 kernel-macros-3.12.55-52.45.1 kernel-source-3.12.55-52.45.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.55-52.45.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.55-52.45.1 kernel-ec2-debuginfo-3.12.55-52.45.1 kernel-ec2-debugsource-3.12.55-52.45.1 kernel-ec2-devel-3.12.55-52.45.1 kernel-ec2-extra-3.12.55-52.45.1 kernel-ec2-extra-debuginfo-3.12.55-52.45.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_55-52_45-default-1-3.1 kgraft-patch-3_12_55-52_45-xen-1-3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.55-52.45.1 kernel-default-debuginfo-3.12.55-52.45.1 kernel-default-debugsource-3.12.55-52.45.1 kernel-default-devel-3.12.55-52.45.1 kernel-default-extra-3.12.55-52.45.1 kernel-default-extra-debuginfo-3.12.55-52.45.1 kernel-syms-3.12.55-52.45.1 kernel-xen-3.12.55-52.45.1 kernel-xen-debuginfo-3.12.55-52.45.1 kernel-xen-debugsource-3.12.55-52.45.1 kernel-xen-devel-3.12.55-52.45.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.55-52.45.1 kernel-macros-3.12.55-52.45.1 kernel-source-3.12.55-52.45.1 References: https://www.suse.com/security/cve/CVE-2016-1583.html https://bugzilla.suse.com/983143 From sle-updates at lists.suse.com Thu Jun 16 10:09:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 18:09:48 +0200 (CEST) Subject: SUSE-RU-2016:1597-1: Recommended update for man-pages Message-ID: <20160616160948.0D375FFA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for man-pages ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1597-1 Rating: low References: #967488 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for man-pages fixes the following issues: - Document in open(2) that O_TMPFILE support was added to btrfs only in kernel 3.16 and hence is not yet available on SUSE Linux Enterprise 12-SP1. (bsc#967488) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-946=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-946=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): man-pages-4.02-5.7 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): man-pages-4.02-5.7 References: https://bugzilla.suse.com/967488 From sle-updates at lists.suse.com Thu Jun 16 10:10:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 18:10:06 +0200 (CEST) Subject: SUSE-RU-2016:1598-1: Recommended update for indic-fonts Message-ID: <20160616161006.18094FFAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for indic-fonts ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1598-1 Rating: low References: #977195 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for indic-fonts fixes the following issue: - Fix distortions of Gujarati fonts (bsc#977195) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-945=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-945=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-945=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-945=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): indic-fonts-20130612-5.1 - SUSE Linux Enterprise Server 12 (noarch): indic-fonts-20130612-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): indic-fonts-20130612-5.1 - SUSE Linux Enterprise Desktop 12 (noarch): indic-fonts-20130612-5.1 References: https://bugzilla.suse.com/977195 From sle-updates at lists.suse.com Thu Jun 16 10:10:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 18:10:23 +0200 (CEST) Subject: SUSE-RU-2016:1599-1: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy Message-ID: <20160616161023.C4286FFAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1599-1 Rating: low References: #924298 #970425 #976194 Affected Products: SUSE Manager Proxy 2.1 SUSE Manager 2.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: SUSE Manager 2.1 Release Notes and SUSE Manager Proxy 2.1 Release Notes have been updated to document: - New channels available: + Support SLE-POS 11 SP3 as addon for SLES 11 SP4 + HAE-GEO is an addon product for SLES 4 SAP + SLE-Live-Patching12 - Bugs fixed by latest updates bsc#922740, bsc#924298, bsc#958923, bsc#961002, bsc#961565 bsc#962253, bsc#966622, bsc#966737, bsc#966890, bsc#968257 bsc#968406, bsc#970223, bsc#970425, bsc#970550, bsc#970672 bsc#970901, bsc#970989, bsc#971237, bsc#972341, bsc#973162 bsc#973432, bsc#976194, bsc#976826, bsc#978166 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-release-notes-susemanager-12613=1 - SUSE Manager 2.1: zypper in -t patch sleman21-release-notes-susemanager-12613=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 2.1 (x86_64): release-notes-susemanager-proxy-2.1.0-0.24.1 - SUSE Manager 2.1 (s390x x86_64): release-notes-susemanager-2.1.0-0.50.3 References: https://bugzilla.suse.com/924298 https://bugzilla.suse.com/970425 https://bugzilla.suse.com/976194 From sle-updates at lists.suse.com Thu Jun 16 11:08:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 19:08:10 +0200 (CEST) Subject: SUSE-SU-2016:1600-1: moderate: Security update for libtasn1 Message-ID: <20160616170810.2F05EFFA8@maintenance.suse.de> SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1600-1 Rating: moderate References: #929414 #961491 #982779 Cross-References: CVE-2015-3622 CVE-2016-4008 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ntp-12614=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-12614=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-12614=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtasn1-devel-1.5-1.34.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtasn1-1.5-1.34.1 libtasn1-3-1.5-1.34.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtasn1-3-32bit-1.5-1.34.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtasn1-3-x86-1.5-1.34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtasn1-debuginfo-1.5-1.34.1 libtasn1-debugsource-1.5-1.34.1 References: https://www.suse.com/security/cve/CVE-2015-3622.html https://www.suse.com/security/cve/CVE-2016-4008.html https://bugzilla.suse.com/929414 https://bugzilla.suse.com/961491 https://bugzilla.suse.com/982779 From sle-updates at lists.suse.com Thu Jun 16 11:08:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Jun 2016 19:08:46 +0200 (CEST) Subject: SUSE-SU-2016:1601-1: moderate: Security update for libtasn1 Message-ID: <20160616170846.C4869FFAB@maintenance.suse.de> SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1601-1 Rating: moderate References: #929414 #961491 #982779 Cross-References: CVE-2015-3622 CVE-2016-4008 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libtasn1 fixes the following issues: - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser (bsc#961491) - CVE-2015-3622: Fixed invalid read in octet string decoding (bsc#929414) - CVE-2016-4008: Fixed infinite loop while parsing DER certificates (bsc#982779) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-949=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-949=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-949=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-949=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-949=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-949=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 libtasn1-devel-3.7-11.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 libtasn1-devel-3.7-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtasn1-3.7-11.1 libtasn1-6-3.7-11.1 libtasn1-6-debuginfo-3.7-11.1 libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libtasn1-6-32bit-3.7-11.1 libtasn1-6-debuginfo-32bit-3.7-11.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libtasn1-3.7-11.1 libtasn1-6-3.7-11.1 libtasn1-6-debuginfo-3.7-11.1 libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libtasn1-6-32bit-3.7-11.1 libtasn1-6-debuginfo-32bit-3.7-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libtasn1-3.7-11.1 libtasn1-6-3.7-11.1 libtasn1-6-32bit-3.7-11.1 libtasn1-6-debuginfo-3.7-11.1 libtasn1-6-debuginfo-32bit-3.7-11.1 libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libtasn1-3.7-11.1 libtasn1-6-3.7-11.1 libtasn1-6-32bit-3.7-11.1 libtasn1-6-debuginfo-3.7-11.1 libtasn1-6-debuginfo-32bit-3.7-11.1 libtasn1-debuginfo-3.7-11.1 libtasn1-debugsource-3.7-11.1 References: https://www.suse.com/security/cve/CVE-2015-3622.html https://www.suse.com/security/cve/CVE-2016-4008.html https://bugzilla.suse.com/929414 https://bugzilla.suse.com/961491 https://bugzilla.suse.com/982779 From sle-updates at lists.suse.com Fri Jun 17 06:08:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 14:08:35 +0200 (CEST) Subject: SUSE-SU-2016:1602-1: important: Security update for ntp Message-ID: <20160617120835.729E2FFAC@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1602-1 Rating: important References: #979302 #981422 #982056 #982064 #982065 #982066 #982067 #982068 Cross-References: CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ntp-12615=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-ntp-12615=1 - SUSE Manager 2.1: zypper in -t patch sleman21-ntp-12615=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ntp-12615=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ntp-12615=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ntp-12615=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-ntp-12615=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ntp-4.2.8p8-47.3 ntp-doc-4.2.8p8-47.3 - SUSE Manager Proxy 2.1 (x86_64): ntp-4.2.8p8-47.3 ntp-doc-4.2.8p8-47.3 - SUSE Manager 2.1 (s390x x86_64): ntp-4.2.8p8-47.3 ntp-doc-4.2.8p8-47.3 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ntp-4.2.8p8-47.3 ntp-doc-4.2.8p8-47.3 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): ntp-4.2.8p8-47.3 ntp-doc-4.2.8p8-47.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ntp-debuginfo-4.2.8p8-47.3 ntp-debugsource-4.2.8p8-47.3 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): ntp-debuginfo-4.2.8p8-47.3 ntp-debugsource-4.2.8p8-47.3 References: https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/979302 https://bugzilla.suse.com/981422 https://bugzilla.suse.com/982056 https://bugzilla.suse.com/982064 https://bugzilla.suse.com/982065 https://bugzilla.suse.com/982066 https://bugzilla.suse.com/982067 https://bugzilla.suse.com/982068 From sle-updates at lists.suse.com Fri Jun 17 06:10:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 14:10:10 +0200 (CEST) Subject: SUSE-RU-2016:1603-1: moderate: Recommended update for docker Message-ID: <20160617121010.A01FEFFAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1603-1 Rating: moderate References: #964673 #977394 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for docker fixes the following issues: - Fix database soft corruption issues if the Docker daemon terminates in a bad state. (bsc#964673) - Fix go version to 1.5 (bsc#977394) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-951=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-951=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): docker-1.10.3-71.1 docker-debuginfo-1.10.3-71.1 docker-debugsource-1.10.3-71.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): docker-1.10.3-71.1 docker-debuginfo-1.10.3-71.1 docker-debugsource-1.10.3-71.1 References: https://bugzilla.suse.com/964673 https://bugzilla.suse.com/977394 From sle-updates at lists.suse.com Fri Jun 17 07:08:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 15:08:23 +0200 (CEST) Subject: SUSE-SU-2016:1604-1: important: Security update for libxml2 Message-ID: <20160617130823.D9B3EFFAC@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1604-1 Rating: important References: #963963 #965283 #978395 #981040 #981041 #981108 #981109 #981111 #981112 #981114 #981115 #981548 #981549 #981550 Cross-References: CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395]. - CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040]. - CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041]. - CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108]. - CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109]. - CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111]. - CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112]. - CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115]. - CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548]. - CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549], - CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550]. - CVE-2016-3705: Fixed missing increment of recursion counter. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-libxml2-12616=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-libxml2-12616=1 - SUSE Manager 2.1: zypper in -t patch sleman21-libxml2-12616=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-12616=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-12616=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-libxml2-12616=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-libxml2-12616=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-12616=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libxml2-12616=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-libxml2-12616=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): libxml2-2.7.6-0.44.1 libxml2-32bit-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Manager Proxy 2.1 (x86_64): libxml2-2.7.6-0.44.1 libxml2-32bit-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Manager 2.1 (s390x x86_64): libxml2-2.7.6-0.44.1 libxml2-32bit-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.44.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.44.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libxml2-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libxml2-32bit-2.7.6-0.44.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libxml2-2.7.6-0.44.1 libxml2-doc-2.7.6-0.44.1 libxml2-python-2.7.6-0.44.4 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libxml2-32bit-2.7.6-0.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.44.1 libxml2-debugsource-2.7.6-0.44.1 libxml2-python-debuginfo-2.7.6-0.44.4 libxml2-python-debugsource-2.7.6-0.44.4 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libxml2-debuginfo-2.7.6-0.44.1 libxml2-debugsource-2.7.6-0.44.1 libxml2-python-debuginfo-2.7.6-0.44.4 libxml2-python-debugsource-2.7.6-0.44.4 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): libxml2-debuginfo-2.7.6-0.44.1 libxml2-debugsource-2.7.6-0.44.1 libxml2-python-debuginfo-2.7.6-0.44.4 libxml2-python-debugsource-2.7.6-0.44.4 References: https://www.suse.com/security/cve/CVE-2015-8806.html https://www.suse.com/security/cve/CVE-2016-1762.html https://www.suse.com/security/cve/CVE-2016-1833.html https://www.suse.com/security/cve/CVE-2016-1834.html https://www.suse.com/security/cve/CVE-2016-1835.html https://www.suse.com/security/cve/CVE-2016-1837.html https://www.suse.com/security/cve/CVE-2016-1838.html https://www.suse.com/security/cve/CVE-2016-1839.html https://www.suse.com/security/cve/CVE-2016-1840.html https://www.suse.com/security/cve/CVE-2016-2073.html https://www.suse.com/security/cve/CVE-2016-3705.html https://www.suse.com/security/cve/CVE-2016-4447.html https://www.suse.com/security/cve/CVE-2016-4448.html https://www.suse.com/security/cve/CVE-2016-4449.html https://www.suse.com/security/cve/CVE-2016-4483.html https://bugzilla.suse.com/963963 https://bugzilla.suse.com/965283 https://bugzilla.suse.com/978395 https://bugzilla.suse.com/981040 https://bugzilla.suse.com/981041 https://bugzilla.suse.com/981108 https://bugzilla.suse.com/981109 https://bugzilla.suse.com/981111 https://bugzilla.suse.com/981112 https://bugzilla.suse.com/981114 https://bugzilla.suse.com/981115 https://bugzilla.suse.com/981548 https://bugzilla.suse.com/981549 https://bugzilla.suse.com/981550 From sle-updates at lists.suse.com Fri Jun 17 09:11:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 17:11:39 +0200 (CEST) Subject: SUSE-RU-2016:1606-1: Recommended update for nethogs Message-ID: <20160617151139.E0659FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for nethogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1606-1 Rating: low References: #970024 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nethogs fixes the following issues: - Fix buffer overflow for command line strings of length greater than 80. - Fix creating socket by using normal DGRAM sockets. (bsc#970024) - Correctly display PID's up to 7 characters. - Get all running non-loopback devices by default. - Consider the terminal height when printing the 'total' row. - Add new command line switches: -s, -c, -v. - Change needrefresh default value from true to false. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-956=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-956=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): nethogs-0.8.1-4.1 nethogs-debuginfo-0.8.1-4.1 nethogs-debugsource-0.8.1-4.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): nethogs-0.8.1-4.1 nethogs-debuginfo-0.8.1-4.1 nethogs-debugsource-0.8.1-4.1 References: https://bugzilla.suse.com/970024 From sle-updates at lists.suse.com Fri Jun 17 09:11:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 17:11:58 +0200 (CEST) Subject: SUSE-RU-2016:1607-1: Recommended update for python-dateutil Message-ID: <20160617151158.62C7BFFAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-dateutil ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1607-1 Rating: low References: #978730 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 SUSE Enterprise Storage 2.1 SUSE Enterprise Storage 2 SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-dateutil 2.4.2, which brings several fixes and enhancements: - Updated zoneinfo to 2015b. - Fixed issue with parsing of tzstr on Python 2.7.x; tzstr will now be decoded if not a unicode type. - Fix a parser issue where AM and PM tokens were showing up in fuzzy date stamps, triggering inappropriate errors. - Missing function 'setcachsize' removed from zoneinfo __all__ list, fixing an issue with wildcard imports of dateutil.zoneinfo. - Added explicit check for valid hours if AM/PM is specified in parser. - Fix error where parser allowed some invalid dates, overwriting existing hours with the last 2-digit number in the string. - Fix and add test for Python 2.x compatibility with boolean checking of relativedelta objects. - Replaced parse() calls with explicit datetime objects in unit tests unrelated to parser. - Changed private _byxxx from sets to sorted tuples and fixed one currently unreachable bug in _construct_byset. - Additional documentation for parser and rrule. - Formatting fixes to documentation of rrule and README.rst. - Fix an issue with relativedelta and freezegun. - Fix minimal version requirement for python-six. - Many rrule changes and fixes, including defusing some infinite loops. - Changed many aspects of dealing with the zone info file. Instead of a cache, all the zones are loaded to memory, but symbolic links are loaded only once, so not much memory is used. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-954=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-954=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-954=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-954=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-954=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-954=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-954=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-954=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-954=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-954=1 - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2016-954=1 - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2016-954=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-dateutil-2.4.2-14.2 - SUSE OpenStack Cloud 6 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise Server 12 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise High Availability 12-SP1 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise High Availability 12 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): python-dateutil-2.4.2-14.2 - SUSE Linux Enterprise Desktop 12 (noarch): python-dateutil-2.4.2-14.2 - SUSE Enterprise Storage 2.1 (noarch): python-dateutil-2.4.2-14.2 - SUSE Enterprise Storage 2 (noarch): python-dateutil-2.4.2-14.2 - SUSE Enterprise Storage 1.0 (noarch): python-dateutil-2.4.2-14.2 References: https://bugzilla.suse.com/978730 From sle-updates at lists.suse.com Fri Jun 17 09:12:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 17:12:14 +0200 (CEST) Subject: SUSE-RU-2016:1608-1: Recommended update for powerpc-utils Message-ID: <20160617151214.75F31FFAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1608-1 Rating: low References: #957445 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Correct drmgr's LMB counting when discovering LMBs. This fixes dynamic addition of memory. (bsc#957445) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-powerpc-utils-12617=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-powerpc-utils-12617=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (ppc64): powerpc-utils-1.2.22-4.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): powerpc-utils-debuginfo-1.2.22-4.3 powerpc-utils-debugsource-1.2.22-4.3 References: https://bugzilla.suse.com/957445 From sle-updates at lists.suse.com Fri Jun 17 09:12:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 17:12:32 +0200 (CEST) Subject: SUSE-RU-2016:1609-1: Recommended update for libcap1 Message-ID: <20160617151232.0EBEAFFAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcap1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1609-1 Rating: low References: #982232 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes building of libcap1 with newer versions of glibc. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-953=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-953=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libcap1-1.10-61.1 libcap1-debuginfo-1.10-61.1 libcap1-debugsource-1.10-61.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcap1-32bit-1.10-61.1 libcap1-debuginfo-32bit-1.10-61.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libcap1-1.10-61.1 libcap1-debuginfo-1.10-61.1 libcap1-debugsource-1.10-61.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libcap1-32bit-1.10-61.1 libcap1-debuginfo-32bit-1.10-61.1 References: https://bugzilla.suse.com/982232 From sle-updates at lists.suse.com Fri Jun 17 09:12:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 17:12:53 +0200 (CEST) Subject: SUSE-SU-2016:1610-1: important: Security update for ImageMagick Message-ID: <20160617151253.106BCFFAE@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1610-1 Rating: important References: #982178 Cross-References: CVE-2016-5118 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2016-5118: popen() shell vulnerability via filenames (bsc#982178) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ImageMagick-12618=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-ImageMagick-12618=1 - SUSE Manager 2.1: zypper in -t patch sleman21-ImageMagick-12618=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-12618=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-12618=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ImageMagick-12618=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ImageMagick-12618=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-12618=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 libMagickCore1-6.4.3.6-7.40.1 - SUSE Manager Proxy 2.1 (x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 libMagickCore1-6.4.3.6-7.40.1 - SUSE Manager 2.1 (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 libMagickCore1-6.4.3.6-7.40.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.40.1 ImageMagick-devel-6.4.3.6-7.40.1 libMagick++-devel-6.4.3.6-7.40.1 libMagick++1-6.4.3.6-7.40.1 libMagickWand1-6.4.3.6-7.40.1 perl-PerlMagick-6.4.3.6-7.40.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libMagickCore1-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libMagickCore1-6.4.3.6-7.40.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.40.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.40.1 ImageMagick-debugsource-6.4.3.6-7.40.1 References: https://www.suse.com/security/cve/CVE-2016-5118.html https://bugzilla.suse.com/982178 From sle-updates at lists.suse.com Fri Jun 17 10:07:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 18:07:59 +0200 (CEST) Subject: SUSE-SU-2016:1613-1: critical: Security update for flash-player Message-ID: <20160617160759.0F3CCFFB9@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1613-1 Rating: critical References: #984695 Cross-References: CVE-2016-4122 CVE-2016-4123 CVE-2016-4124 CVE-2016-4125 CVE-2016-4127 CVE-2016-4128 CVE-2016-4129 CVE-2016-4130 CVE-2016-4131 CVE-2016-4132 CVE-2016-4133 CVE-2016-4134 CVE-2016-4135 CVE-2016-4136 CVE-2016-4137 CVE-2016-4138 CVE-2016-4139 CVE-2016-4140 CVE-2016-4141 CVE-2016-4142 CVE-2016-4143 CVE-2016-4144 CVE-2016-4145 CVE-2016-4146 CVE-2016-4147 CVE-2016-4148 CVE-2016-4149 CVE-2016-4150 CVE-2016-4151 CVE-2016-4152 CVE-2016-4153 CVE-2016-4154 CVE-2016-4155 CVE-2016-4156 CVE-2016-4166 CVE-2016-4171 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 36 vulnerabilities is now available. Description: Adobe flash-player was updated to 11.2.202.626 to fix the following security issues: Security update to 11.2.202.626 (boo#984695): * APSB16-18, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171 Please see https://helpx.adobe.com/security/products/flash-player/apsb16-18.html for more information. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-960=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-960=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-960=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-960=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.626-133.1 flash-player-gnome-11.2.202.626-133.1 References: https://www.suse.com/security/cve/CVE-2016-4122.html https://www.suse.com/security/cve/CVE-2016-4123.html https://www.suse.com/security/cve/CVE-2016-4124.html https://www.suse.com/security/cve/CVE-2016-4125.html https://www.suse.com/security/cve/CVE-2016-4127.html https://www.suse.com/security/cve/CVE-2016-4128.html https://www.suse.com/security/cve/CVE-2016-4129.html https://www.suse.com/security/cve/CVE-2016-4130.html https://www.suse.com/security/cve/CVE-2016-4131.html https://www.suse.com/security/cve/CVE-2016-4132.html https://www.suse.com/security/cve/CVE-2016-4133.html https://www.suse.com/security/cve/CVE-2016-4134.html https://www.suse.com/security/cve/CVE-2016-4135.html https://www.suse.com/security/cve/CVE-2016-4136.html https://www.suse.com/security/cve/CVE-2016-4137.html https://www.suse.com/security/cve/CVE-2016-4138.html https://www.suse.com/security/cve/CVE-2016-4139.html https://www.suse.com/security/cve/CVE-2016-4140.html https://www.suse.com/security/cve/CVE-2016-4141.html https://www.suse.com/security/cve/CVE-2016-4142.html https://www.suse.com/security/cve/CVE-2016-4143.html https://www.suse.com/security/cve/CVE-2016-4144.html https://www.suse.com/security/cve/CVE-2016-4145.html https://www.suse.com/security/cve/CVE-2016-4146.html https://www.suse.com/security/cve/CVE-2016-4147.html https://www.suse.com/security/cve/CVE-2016-4148.html https://www.suse.com/security/cve/CVE-2016-4149.html https://www.suse.com/security/cve/CVE-2016-4150.html https://www.suse.com/security/cve/CVE-2016-4151.html https://www.suse.com/security/cve/CVE-2016-4152.html https://www.suse.com/security/cve/CVE-2016-4153.html https://www.suse.com/security/cve/CVE-2016-4154.html https://www.suse.com/security/cve/CVE-2016-4155.html https://www.suse.com/security/cve/CVE-2016-4156.html https://www.suse.com/security/cve/CVE-2016-4166.html https://www.suse.com/security/cve/CVE-2016-4171.html https://bugzilla.suse.com/984695 From sle-updates at lists.suse.com Fri Jun 17 10:08:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 18:08:17 +0200 (CEST) Subject: SUSE-SU-2016:1614-1: important: Security update for GraphicsMagick Message-ID: <20160617160817.445C7FFAE@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1614-1 Rating: important References: #851064 #965574 #982178 Cross-References: CVE-2013-4589 CVE-2015-8808 CVE-2016-5118 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: - CVE-2016-5118: popen() shell vulnerability via special filenames (bnc#982178). - CVE-2013-4589: The ExportAlphaQuantumType function in export.c in GraphicsMagick might have allowed remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image (bsc#851064). - CVE-2015-8808: Out-of-bound read in the parsing of GIF files (bnc#965574). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-12619=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-12619=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-12619=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.38.1 libGraphicsMagick2-1.2.5-4.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.38.1 libGraphicsMagick2-1.2.5-4.38.1 perl-GraphicsMagick-1.2.5-4.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.38.1 GraphicsMagick-debugsource-1.2.5-4.38.1 References: https://www.suse.com/security/cve/CVE-2013-4589.html https://www.suse.com/security/cve/CVE-2015-8808.html https://www.suse.com/security/cve/CVE-2016-5118.html https://bugzilla.suse.com/851064 https://bugzilla.suse.com/965574 https://bugzilla.suse.com/982178 From sle-updates at lists.suse.com Fri Jun 17 10:08:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 18:08:49 +0200 (CEST) Subject: SUSE-RU-2016:1615-1: Recommended update for release-notes-sled Message-ID: <20160617160849.1163BFFAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1615-1 Rating: low References: #951385 #979703 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Desktop 12 SP1 have been updated to document: - The pax(1) Tool Replaced by spax(1). (fate#318412) - Qt 5 Has Been Updated to 5.5.1. (fate#319961) - Dependency on libHBAAPI Removed from fcoe-utils. (fate#319021) Some entries have been fixed or improved: - Remove mention of non-existent parameter to btrfs tool. (fate#318805) - Remove empty list of deprecated packages. (bsc#951385) - Remove "Upgrading PostgreSQL Installations" section. (fate#319049) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-958=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-958=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): release-notes-sled-12.1.20160616-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): release-notes-sled-12.1.20160616-14.1 References: https://bugzilla.suse.com/951385 https://bugzilla.suse.com/979703 From sle-updates at lists.suse.com Fri Jun 17 11:07:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 19:07:57 +0200 (CEST) Subject: SUSE-RU-2016:1616-1: Recommended update for perl-Net-SSLeay Message-ID: <20160617170757.DB37AFFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Net-SSLeay ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1616-1 Rating: low References: #982234 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl-Net-SSLeay removes a test which is executed at build time and is now obsolete with newer (1.0.1n+) versions of OpenSSL. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-962=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-962=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-962=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-962=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): perl-Net-SSLeay-1.64-3.2 perl-Net-SSLeay-debuginfo-1.64-3.2 perl-Net-SSLeay-debugsource-1.64-3.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): perl-Net-SSLeay-1.64-3.2 perl-Net-SSLeay-debuginfo-1.64-3.2 perl-Net-SSLeay-debugsource-1.64-3.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): perl-Net-SSLeay-1.64-3.2 perl-Net-SSLeay-debuginfo-1.64-3.2 perl-Net-SSLeay-debugsource-1.64-3.2 - SUSE Linux Enterprise Desktop 12 (x86_64): perl-Net-SSLeay-1.64-3.2 perl-Net-SSLeay-debuginfo-1.64-3.2 perl-Net-SSLeay-debugsource-1.64-3.2 References: https://bugzilla.suse.com/982234 From sle-updates at lists.suse.com Fri Jun 17 11:08:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 19:08:15 +0200 (CEST) Subject: SUSE-RU-2016:1617-1: moderate: Recommended update for kiwi Message-ID: <20160617170815.49331FFAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1617-1 Rating: moderate References: #982092 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides KIWI v7.02.97, which brings several fixes and enhancements: - Delete vmxboot dracut optimization: For vmx type images, dracut was called in background to speedup the boot process. However this could cause a race condition together with grub2-mkconfig. If grub2-mkconfig is called but dracut has not yet created the initrd, grub2 creates a configuration file without an initrd. The result boot setup is not able to reboot the system because the initrd is not loaded. (bsc#982092) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-961=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-961=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-961=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kiwi-pxeboot-7.02.97-30.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kiwi-7.02.97-30.1 kiwi-debugsource-7.02.97-30.1 kiwi-desc-netboot-7.02.97-30.1 kiwi-desc-oemboot-7.02.97-30.1 kiwi-desc-vmxboot-7.02.97-30.1 kiwi-templates-7.02.97-30.1 kiwi-tools-7.02.97-30.1 kiwi-tools-debuginfo-7.02.97-30.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kiwi-desc-isoboot-7.02.97-30.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kiwi-doc-7.02.97-30.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kiwi-debugsource-7.02.97-30.1 kiwi-tools-7.02.97-30.1 kiwi-tools-debuginfo-7.02.97-30.1 References: https://bugzilla.suse.com/982092 From sle-updates at lists.suse.com Fri Jun 17 12:08:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 20:08:05 +0200 (CEST) Subject: SUSE-SU-2016:1618-1: moderate: Security update for mysql Message-ID: <20160617180805.AF0FEFF8F@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1618-1 Rating: moderate References: #934789 #959724 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mysql fixes the following issues: - bsc#959724: fix incorrect usage of sprintf/strcpy that caused possible buffer overflow issues at various places On SUSE Linux Enterprise 11 SP4 this fix was not yet shipped: - Increase the key length (to 2048 bits) used in vio/viosslfactories.c for creating Diffie-Hellman keys (Logjam Attack) [bnc#934789] [CVE-2015-4000] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-12620=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-12620=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysqlclient-devel-5.0.96-0.8.10.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysqlclient_r15-32bit-5.0.96-0.8.10.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysqlclient_r15-x86-5.0.96-0.8.10.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysqlclient15-5.0.96-0.8.10.3 libmysqlclient_r15-5.0.96-0.8.10.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysqlclient15-32bit-5.0.96-0.8.10.3 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysqlclient15-x86-5.0.96-0.8.10.3 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/934789 https://bugzilla.suse.com/959724 From sle-updates at lists.suse.com Fri Jun 17 12:08:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 20:08:36 +0200 (CEST) Subject: SUSE-SU-2016:1619-1: important: Security update for mariadb Message-ID: <20160617180836.B39B6FFAC@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1619-1 Rating: important References: #960961 #961935 #963806 #980904 Cross-References: CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options (bsc#980904). - CVE-2016-0546: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Client (bsc#980904). - CVE-2016-0596: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0597: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0598: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0600: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to InnoDB (bsc#980904). - CVE-2016-0606: Unspecified vulnerability allowed remote authenticated users to affect integrity via unknown vectors related to encryption (bsc#980904). - CVE-2016-0608: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to UDF (bsc#980904). - CVE-2016-0609: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to privileges (bsc#980904). - CVE-2016-0616: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0640: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to DML (bsc#980904). - CVE-2016-0641: Unspecified vulnerability allowed local users to affect confidentiality and availability via vectors related to MyISAM (bsc#980904). - CVE-2016-0642: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to Federated (bsc#980904). - CVE-2016-0643: Unspecified vulnerability allowed local users to affect confidentiality via vectors related to DML (bsc#980904). - CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL (bsc#980904). - CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0647: Unspecified vulnerability allowed local users to affect availability via vectors related to FTS (bsc#980904). - CVE-2016-0648: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0649: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0650: Unspecified vulnerability allowed local users to affect availability via vectors related to Replication (bsc#980904). - CVE-2016-0651: Unspecified vulnerability allowed local users to affect availability via vectors related to Optimizer (bsc#980904). - CVE-2016-0655: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-0666: Unspecified vulnerability allowed local users to affect availability via vectors related to Security: Privileges (bsc#980904). - CVE-2016-0668: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c did not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com (bsc#963806). These non-security issues were fixed: - bsc#960961: Use 'plugin-load-add' instead of 'plugin-load' in default_plugins.cnf. It contained 'plugin-load' options which caused that only last plugin was actually loaded ('plugin-load' overrides the previous 'plugin-load') - bsc#961935: Remove the leftovers of "openSUSE" string in the '-DWITH_COMMENT' and 'DCOMPILATION_COMMENT' options Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-964=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-964=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-964=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-964=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libmysqlclient_r18-10.0.25-20.6.1 libmysqlclient_r18-32bit-10.0.25-20.6.1 mariadb-debuginfo-10.0.25-20.6.1 mariadb-debugsource-10.0.25-20.6.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.25-20.6.1 libmysqlclient_r18-10.0.25-20.6.1 libmysqld-devel-10.0.25-20.6.1 libmysqld18-10.0.25-20.6.1 libmysqld18-debuginfo-10.0.25-20.6.1 mariadb-debuginfo-10.0.25-20.6.1 mariadb-debugsource-10.0.25-20.6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libmysqlclient18-10.0.25-20.6.1 libmysqlclient18-debuginfo-10.0.25-20.6.1 mariadb-10.0.25-20.6.1 mariadb-client-10.0.25-20.6.1 mariadb-client-debuginfo-10.0.25-20.6.1 mariadb-debuginfo-10.0.25-20.6.1 mariadb-debugsource-10.0.25-20.6.1 mariadb-errormessages-10.0.25-20.6.1 mariadb-tools-10.0.25-20.6.1 mariadb-tools-debuginfo-10.0.25-20.6.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libmysqlclient18-32bit-10.0.25-20.6.1 libmysqlclient18-debuginfo-32bit-10.0.25-20.6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libmysqlclient18-10.0.25-20.6.1 libmysqlclient18-32bit-10.0.25-20.6.1 libmysqlclient18-debuginfo-10.0.25-20.6.1 libmysqlclient18-debuginfo-32bit-10.0.25-20.6.1 libmysqlclient_r18-10.0.25-20.6.1 libmysqlclient_r18-32bit-10.0.25-20.6.1 mariadb-10.0.25-20.6.1 mariadb-client-10.0.25-20.6.1 mariadb-client-debuginfo-10.0.25-20.6.1 mariadb-debuginfo-10.0.25-20.6.1 mariadb-debugsource-10.0.25-20.6.1 mariadb-errormessages-10.0.25-20.6.1 References: https://www.suse.com/security/cve/CVE-2016-0505.html https://www.suse.com/security/cve/CVE-2016-0546.html https://www.suse.com/security/cve/CVE-2016-0596.html https://www.suse.com/security/cve/CVE-2016-0597.html https://www.suse.com/security/cve/CVE-2016-0598.html https://www.suse.com/security/cve/CVE-2016-0600.html https://www.suse.com/security/cve/CVE-2016-0606.html https://www.suse.com/security/cve/CVE-2016-0608.html https://www.suse.com/security/cve/CVE-2016-0609.html https://www.suse.com/security/cve/CVE-2016-0616.html https://www.suse.com/security/cve/CVE-2016-0640.html https://www.suse.com/security/cve/CVE-2016-0641.html https://www.suse.com/security/cve/CVE-2016-0642.html https://www.suse.com/security/cve/CVE-2016-0643.html https://www.suse.com/security/cve/CVE-2016-0644.html https://www.suse.com/security/cve/CVE-2016-0646.html https://www.suse.com/security/cve/CVE-2016-0647.html https://www.suse.com/security/cve/CVE-2016-0648.html https://www.suse.com/security/cve/CVE-2016-0649.html https://www.suse.com/security/cve/CVE-2016-0650.html https://www.suse.com/security/cve/CVE-2016-0651.html https://www.suse.com/security/cve/CVE-2016-0655.html https://www.suse.com/security/cve/CVE-2016-0666.html https://www.suse.com/security/cve/CVE-2016-0668.html https://www.suse.com/security/cve/CVE-2016-2047.html https://bugzilla.suse.com/960961 https://bugzilla.suse.com/961935 https://bugzilla.suse.com/963806 https://bugzilla.suse.com/980904 From sle-updates at lists.suse.com Fri Jun 17 12:09:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 20:09:20 +0200 (CEST) Subject: SUSE-SU-2016:1620-1: important: Security update for mariadb Message-ID: <20160617180920.9AC95FFAC@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1620-1 Rating: important References: #961935 #963806 #963810 #970287 #970295 #980904 Cross-References: CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options (bsc#980904). - CVE-2016-0546: Unspecified vulnerability allowed local users to affect confidentiality, integrity, and availability via unknown vectors related to Client (bsc#980904). - CVE-2016-0596: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0597: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0598: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0600: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to InnoDB (bsc#980904). - CVE-2016-0606: Unspecified vulnerability allowed remote authenticated users to affect integrity via unknown vectors related to encryption (bsc#980904). - CVE-2016-0608: Unspecified vulnerability allowed remote authenticated users to affect availability via vectors related to UDF (bsc#980904). - CVE-2016-0609: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to privileges (bsc#980904). - CVE-2016-0616: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Optimizer (bsc#980904). - CVE-2016-0640: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to DML (bsc#980904). - CVE-2016-0641: Unspecified vulnerability allowed local users to affect confidentiality and availability via vectors related to MyISAM (bsc#980904). - CVE-2016-0642: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to Federated (bsc#980904). - CVE-2016-0643: Unspecified vulnerability allowed local users to affect confidentiality via vectors related to DML (bsc#980904). - CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL (bsc#980904). - CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability via vectors related to DML (bsc#980904). - CVE-2016-0647: Unspecified vulnerability allowed local users to affect availability via vectors related to FTS (bsc#980904). - CVE-2016-0648: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0649: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#980904). - CVE-2016-0650: Unspecified vulnerability allowed local users to affect availability via vectors related to Replication (bsc#980904). - CVE-2016-0651: Unspecified vulnerability allowed local users to affect availability via vectors related to Optimizer (bsc#980904). - CVE-2016-0655: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-0666: Unspecified vulnerability allowed local users to affect availability via vectors related to Security: Privileges (bsc#980904). - CVE-2016-0668: Unspecified vulnerability allowed local users to affect availability via vectors related to InnoDB (bsc#980904). - CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c did not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com (bsc#963806). These non-security issues were fixed: - bsc#961935: Remove the leftovers of "openSUSE" string in the '-DWITH_COMMENT' and 'DCOMPILATION_COMMENT' options - bsc#970287: remove ha_tokudb.so plugin and tokuft_logprint and tokuftdump binaries as TokuDB storage engine requires the jemalloc library that isn't present in SLE-12-SP1 - bsc#970295: Fix the leftovers of "logrotate.d/mysql" string in the logrotate error message. Occurrences of this string were changed to "logrotate.d/mariadb" - bsc#963810: Add 'log-error' and 'secure-file-priv' configuration options * add '/etc/my.cnf.d/error_log.conf' that specifies 'log-error = /var/log/mysql/mysqld.log'. If no path is set, the error log is written to '/var/lib/mysql/$HOSTNAME.err', which is not picked up by logrotate. * add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with files in the directory specified by 'secure-file-priv' option (='/var/lib/mysql-files'). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-963=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-963=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-963=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-963=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libmysqlclient_r18-10.0.25-6.1 libmysqlclient_r18-32bit-10.0.25-6.1 mariadb-debuginfo-10.0.25-6.1 mariadb-debugsource-10.0.25-6.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.25-6.1 libmysqlclient_r18-10.0.25-6.1 libmysqld-devel-10.0.25-6.1 libmysqld18-10.0.25-6.1 libmysqld18-debuginfo-10.0.25-6.1 mariadb-debuginfo-10.0.25-6.1 mariadb-debugsource-10.0.25-6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmysqlclient18-10.0.25-6.1 libmysqlclient18-debuginfo-10.0.25-6.1 mariadb-10.0.25-6.1 mariadb-client-10.0.25-6.1 mariadb-client-debuginfo-10.0.25-6.1 mariadb-debuginfo-10.0.25-6.1 mariadb-debugsource-10.0.25-6.1 mariadb-errormessages-10.0.25-6.1 mariadb-tools-10.0.25-6.1 mariadb-tools-debuginfo-10.0.25-6.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libmysqlclient18-32bit-10.0.25-6.1 libmysqlclient18-debuginfo-32bit-10.0.25-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libmysqlclient18-10.0.25-6.1 libmysqlclient18-32bit-10.0.25-6.1 libmysqlclient18-debuginfo-10.0.25-6.1 libmysqlclient18-debuginfo-32bit-10.0.25-6.1 libmysqlclient_r18-10.0.25-6.1 libmysqlclient_r18-32bit-10.0.25-6.1 mariadb-10.0.25-6.1 mariadb-client-10.0.25-6.1 mariadb-client-debuginfo-10.0.25-6.1 mariadb-debuginfo-10.0.25-6.1 mariadb-debugsource-10.0.25-6.1 mariadb-errormessages-10.0.25-6.1 References: https://www.suse.com/security/cve/CVE-2016-0505.html https://www.suse.com/security/cve/CVE-2016-0546.html https://www.suse.com/security/cve/CVE-2016-0596.html https://www.suse.com/security/cve/CVE-2016-0597.html https://www.suse.com/security/cve/CVE-2016-0598.html https://www.suse.com/security/cve/CVE-2016-0600.html https://www.suse.com/security/cve/CVE-2016-0606.html https://www.suse.com/security/cve/CVE-2016-0608.html https://www.suse.com/security/cve/CVE-2016-0609.html https://www.suse.com/security/cve/CVE-2016-0616.html https://www.suse.com/security/cve/CVE-2016-0640.html https://www.suse.com/security/cve/CVE-2016-0641.html https://www.suse.com/security/cve/CVE-2016-0642.html https://www.suse.com/security/cve/CVE-2016-0643.html https://www.suse.com/security/cve/CVE-2016-0644.html https://www.suse.com/security/cve/CVE-2016-0646.html https://www.suse.com/security/cve/CVE-2016-0647.html https://www.suse.com/security/cve/CVE-2016-0648.html https://www.suse.com/security/cve/CVE-2016-0649.html https://www.suse.com/security/cve/CVE-2016-0650.html https://www.suse.com/security/cve/CVE-2016-0651.html https://www.suse.com/security/cve/CVE-2016-0655.html https://www.suse.com/security/cve/CVE-2016-0666.html https://www.suse.com/security/cve/CVE-2016-0668.html https://www.suse.com/security/cve/CVE-2016-2047.html https://bugzilla.suse.com/961935 https://bugzilla.suse.com/963806 https://bugzilla.suse.com/963810 https://bugzilla.suse.com/970287 https://bugzilla.suse.com/970295 https://bugzilla.suse.com/980904 From sle-updates at lists.suse.com Fri Jun 17 14:08:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Jun 2016 22:08:19 +0200 (CEST) Subject: SUSE-RU-2016:1622-1: Recommended update for ffado Message-ID: <20160617200819.8C46AFFAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for ffado ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1622-1 Rating: low References: #982957 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ffado fixes building of the package against newer versions of Gnome. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-966=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-966=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-966=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-966=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-966=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-966=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ffado-2.1.0-10.4 ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-32bit-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 libffado2-debuginfo-32bit-2.1.0-10.4 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): ffado-mixer-2.1.0-10.11 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): ffado-2.1.0-10.4 ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-32bit-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 libffado2-debuginfo-32bit-2.1.0-10.4 - SUSE Linux Enterprise Workstation Extension 12 (noarch): ffado-mixer-2.1.0-10.11 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado-devel-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado-devel-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ffado-2.1.0-10.4 ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-32bit-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 libffado2-debuginfo-32bit-2.1.0-10.4 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): ffado-mixer-2.1.0-10.11 - SUSE Linux Enterprise Desktop 12 (noarch): ffado-mixer-2.1.0-10.11 - SUSE Linux Enterprise Desktop 12 (x86_64): ffado-2.1.0-10.4 ffado-debuginfo-2.1.0-10.4 ffado-debugsource-2.1.0-10.4 libffado2-2.1.0-10.4 libffado2-32bit-2.1.0-10.4 libffado2-debuginfo-2.1.0-10.4 libffado2-debuginfo-32bit-2.1.0-10.4 References: https://bugzilla.suse.com/982957 From sle-updates at lists.suse.com Mon Jun 20 07:08:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2016 15:08:07 +0200 (CEST) Subject: SUSE-RU-2016:1632-1: Recommended update for timezone Message-ID: <20160620130807.66ACAFF8F@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1632-1 Rating: low References: #982833 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2016e) for your system, including the following changes: - Africa/Cairo observes DST in 2016 from July 7 to the end of October. This release also includes changes affecting past time stamps. For a comprehensive list, please refer to the release announcement from ICANN: http://mm.icann.org/pipermail/tz-announce/2016-June/000039.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-967=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-967=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-967=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-967=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): timezone-2016e-0.45.1 timezone-debuginfo-2016e-0.45.1 timezone-debugsource-2016e-0.45.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): timezone-java-2016e-0.45.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): timezone-2016e-0.45.1 timezone-debuginfo-2016e-0.45.1 timezone-debugsource-2016e-0.45.1 - SUSE Linux Enterprise Server 12 (noarch): timezone-java-2016e-0.45.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): timezone-2016e-0.45.1 timezone-debuginfo-2016e-0.45.1 timezone-debugsource-2016e-0.45.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): timezone-java-2016e-0.45.1 - SUSE Linux Enterprise Desktop 12 (x86_64): timezone-2016e-0.45.1 timezone-debuginfo-2016e-0.45.1 timezone-debugsource-2016e-0.45.1 - SUSE Linux Enterprise Desktop 12 (noarch): timezone-java-2016e-0.45.1 References: https://bugzilla.suse.com/982833 From sle-updates at lists.suse.com Mon Jun 20 08:08:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2016 16:08:41 +0200 (CEST) Subject: SUSE-SU-2016:1633-1: moderate: Security update for php5 Message-ID: <20160620140841.29146FF8F@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1633-1 Rating: moderate References: #981049 #981050 #981061 #982009 #982010 #982011 #982012 #982013 Cross-References: CVE-2013-7456 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for php5 fixes the following issues: - CVE-2013-7456: imagescale out-of-bounds read (bnc#982009). - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don't create strings with lengths outside of valid range (bnc#982011). - CVE-2016-5095: Don't create strings with lengths outside of valid range (bnc#982012). - CVE-2016-5096: int/size_t confusion in fread (bsc#982013). - CVE-2015-8877: The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) as used in PHP used inconsistent allocate and free approaches, which allowed remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function (bsc#981061). - CVE-2015-8876: Zend/zend_exceptions.c in PHP did not validate certain Exception objects, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data (bsc#981049). - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-968=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-968=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-968=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-968=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-968=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-968=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-968=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 imap-devel-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 php5-debuginfo-5.5.14-64.5 php5-debugsource-5.5.14-64.5 php5-devel-5.5.14-64.5 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 imap-devel-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 php5-debuginfo-5.5.14-64.5 php5-debugsource-5.5.14-64.5 php5-devel-5.5.14-64.5 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-64.5 apache2-mod_php5-debuginfo-5.5.14-64.5 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 php5-5.5.14-64.5 php5-bcmath-5.5.14-64.5 php5-bcmath-debuginfo-5.5.14-64.5 php5-bz2-5.5.14-64.5 php5-bz2-debuginfo-5.5.14-64.5 php5-calendar-5.5.14-64.5 php5-calendar-debuginfo-5.5.14-64.5 php5-ctype-5.5.14-64.5 php5-ctype-debuginfo-5.5.14-64.5 php5-curl-5.5.14-64.5 php5-curl-debuginfo-5.5.14-64.5 php5-dba-5.5.14-64.5 php5-dba-debuginfo-5.5.14-64.5 php5-debuginfo-5.5.14-64.5 php5-debugsource-5.5.14-64.5 php5-dom-5.5.14-64.5 php5-dom-debuginfo-5.5.14-64.5 php5-enchant-5.5.14-64.5 php5-enchant-debuginfo-5.5.14-64.5 php5-exif-5.5.14-64.5 php5-exif-debuginfo-5.5.14-64.5 php5-fastcgi-5.5.14-64.5 php5-fastcgi-debuginfo-5.5.14-64.5 php5-fileinfo-5.5.14-64.5 php5-fileinfo-debuginfo-5.5.14-64.5 php5-fpm-5.5.14-64.5 php5-fpm-debuginfo-5.5.14-64.5 php5-ftp-5.5.14-64.5 php5-ftp-debuginfo-5.5.14-64.5 php5-gd-5.5.14-64.5 php5-gd-debuginfo-5.5.14-64.5 php5-gettext-5.5.14-64.5 php5-gettext-debuginfo-5.5.14-64.5 php5-gmp-5.5.14-64.5 php5-gmp-debuginfo-5.5.14-64.5 php5-iconv-5.5.14-64.5 php5-iconv-debuginfo-5.5.14-64.5 php5-imap-5.5.14-64.5 php5-imap-debuginfo-5.5.14-64.5 php5-intl-5.5.14-64.5 php5-intl-debuginfo-5.5.14-64.5 php5-json-5.5.14-64.5 php5-json-debuginfo-5.5.14-64.5 php5-ldap-5.5.14-64.5 php5-ldap-debuginfo-5.5.14-64.5 php5-mbstring-5.5.14-64.5 php5-mbstring-debuginfo-5.5.14-64.5 php5-mcrypt-5.5.14-64.5 php5-mcrypt-debuginfo-5.5.14-64.5 php5-mysql-5.5.14-64.5 php5-mysql-debuginfo-5.5.14-64.5 php5-odbc-5.5.14-64.5 php5-odbc-debuginfo-5.5.14-64.5 php5-opcache-5.5.14-64.5 php5-opcache-debuginfo-5.5.14-64.5 php5-openssl-5.5.14-64.5 php5-openssl-debuginfo-5.5.14-64.5 php5-pcntl-5.5.14-64.5 php5-pcntl-debuginfo-5.5.14-64.5 php5-pdo-5.5.14-64.5 php5-pdo-debuginfo-5.5.14-64.5 php5-pgsql-5.5.14-64.5 php5-pgsql-debuginfo-5.5.14-64.5 php5-phar-5.5.14-64.5 php5-phar-debuginfo-5.5.14-64.5 php5-posix-5.5.14-64.5 php5-posix-debuginfo-5.5.14-64.5 php5-pspell-5.5.14-64.5 php5-pspell-debuginfo-5.5.14-64.5 php5-shmop-5.5.14-64.5 php5-shmop-debuginfo-5.5.14-64.5 php5-snmp-5.5.14-64.5 php5-snmp-debuginfo-5.5.14-64.5 php5-soap-5.5.14-64.5 php5-soap-debuginfo-5.5.14-64.5 php5-sockets-5.5.14-64.5 php5-sockets-debuginfo-5.5.14-64.5 php5-sqlite-5.5.14-64.5 php5-sqlite-debuginfo-5.5.14-64.5 php5-suhosin-5.5.14-64.5 php5-suhosin-debuginfo-5.5.14-64.5 php5-sysvmsg-5.5.14-64.5 php5-sysvmsg-debuginfo-5.5.14-64.5 php5-sysvsem-5.5.14-64.5 php5-sysvsem-debuginfo-5.5.14-64.5 php5-sysvshm-5.5.14-64.5 php5-sysvshm-debuginfo-5.5.14-64.5 php5-tokenizer-5.5.14-64.5 php5-tokenizer-debuginfo-5.5.14-64.5 php5-wddx-5.5.14-64.5 php5-wddx-debuginfo-5.5.14-64.5 php5-xmlreader-5.5.14-64.5 php5-xmlreader-debuginfo-5.5.14-64.5 php5-xmlrpc-5.5.14-64.5 php5-xmlrpc-debuginfo-5.5.14-64.5 php5-xmlwriter-5.5.14-64.5 php5-xmlwriter-debuginfo-5.5.14-64.5 php5-xsl-5.5.14-64.5 php5-xsl-debuginfo-5.5.14-64.5 php5-zip-5.5.14-64.5 php5-zip-debuginfo-5.5.14-64.5 php5-zlib-5.5.14-64.5 php5-zlib-debuginfo-5.5.14-64.5 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-64.5 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 - SUSE Linux Enterprise Desktop 12 (x86_64): imap-debuginfo-2007e_suse-19.1 imap-debugsource-2007e_suse-19.1 libc-client2007e_suse-2007e_suse-19.1 libc-client2007e_suse-debuginfo-2007e_suse-19.1 References: https://www.suse.com/security/cve/CVE-2013-7456.html https://www.suse.com/security/cve/CVE-2015-8876.html https://www.suse.com/security/cve/CVE-2015-8877.html https://www.suse.com/security/cve/CVE-2015-8879.html https://www.suse.com/security/cve/CVE-2016-5093.html https://www.suse.com/security/cve/CVE-2016-5094.html https://www.suse.com/security/cve/CVE-2016-5095.html https://www.suse.com/security/cve/CVE-2016-5096.html https://bugzilla.suse.com/981049 https://bugzilla.suse.com/981050 https://bugzilla.suse.com/981061 https://bugzilla.suse.com/982009 https://bugzilla.suse.com/982010 https://bugzilla.suse.com/982011 https://bugzilla.suse.com/982012 https://bugzilla.suse.com/982013 From sle-updates at lists.suse.com Mon Jun 20 09:08:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Jun 2016 17:08:18 +0200 (CEST) Subject: SUSE-RU-2016:1634-1: Recommended update for release-notes-sles Message-ID: <20160620150818.18E94FF8F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1634-1 Rating: low References: #955437 #979227 #979704 #984470 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP1 have been updated to document: - Memory Compression with zswap. (fate#318829) - Multitier Block I/O Caching. (fate#315210) Some entries have been fixed or improved: - Improve list of deployment targets. (bsc#984470) - Remove duplicated content from Enabling NFSv2 Support section. (fate#318496) - Remove mention of non-existent parameter to btrfs tool. (fate#318805, bsc#979227) - Add note to PostgreSQL upgrade from 9.1 to 9.4 section. (fate#319049, bsc#955437) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-969=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): release-notes-sles-12.1.20160616-20.1 References: https://bugzilla.suse.com/955437 https://bugzilla.suse.com/979227 https://bugzilla.suse.com/979704 https://bugzilla.suse.com/984470 From sle-updates at lists.suse.com Tue Jun 21 05:08:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 13:08:16 +0200 (CEST) Subject: SUSE-SU-2016:1638-1: important: Security update for php53 Message-ID: <20160621110816.941DEFF8F@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1638-1 Rating: important References: #884986 #884987 #884989 #884990 #884991 #884992 #885961 #886059 #886060 #893849 #893853 #902357 #902360 #902368 #910659 #914690 #917150 #918768 #919080 #921950 #922451 #922452 #923945 #924972 #925109 #928506 #928511 #931421 #931769 #931772 #931776 #933227 #935074 #935224 #935226 #935227 #935229 #935232 #935234 #935274 #935275 #938719 #938721 #942291 #942296 #945412 #945428 #949961 #968284 #969821 #971611 #971612 #971912 #973351 #973792 #976996 #976997 #977003 #977005 #977991 #977994 #978827 #978828 #978829 #978830 #980366 #980373 #980375 #981050 #982010 #982011 #982012 #982013 #982162 Cross-References: CVE-2004-1019 CVE-2006-7243 CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 CVE-2014-5459 CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2014-9767 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2783 CVE-2015-2787 CVE-2015-3152 CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4116 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 CVE-2015-5161 CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6833 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8879 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 CVE-2016-4070 CVE-2016-4073 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 85 vulnerabilities is now available. Description: This update for php53 to version 5.3.17 fixes the following issues: These security issues were fixed: - CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010). - CVE-2016-5094: Don't create strings with lengths outside int range (bnc#982011). - CVE-2016-5095: Don't create strings with lengths outside int range (bnc#982012). - CVE-2016-5096: int/size_t confusion in fread (bsc#982013). - CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162). - CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050). - CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP allowed remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation (bsc#980366). - CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call (bsc#980375). - CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (segmentation fault) via recursive method calls (bsc#980373). - CVE-2016-4540: The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829). - CVE-2016-4541: The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829. - CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in PHP did not properly construct spprintf arguments, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830). - CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP did not validate IFD sizes, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830. - CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP did not validate TIFF start data, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830. - CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP accepted a negative integer for the scale argument, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827). - CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP modified certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827). - CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in PHP allowed remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero (bsc#978828). - CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length uncompressed data, which allowed remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991). - CVE-2016-4346: Integer overflow in the str_pad function in ext/standard/string.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow (bsc#977994). - CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call (bsc#977003). - CVE-2015-8867: The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP incorrectly relied on the deprecated RAND_pseudo_bytes function, which made it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors (bsc#977005). - CVE-2016-4070: Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP allowed remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function (bsc#976997). - CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not isolate each thread from libxml_disable_entity_loader changes in other threads, which allowed remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161 (bsc#976996). - CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to mean that SSL is optional, which allowed man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152 (bsc#973792). - CVE-2015-8835: The make_http_soap_request function in ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c (bsc#973351). - CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX extension in PHP allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element (bsc#969821). - CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR extension in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location (bsc#971912). - CVE-2014-9767: Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary empty directories via a crafted ZIP archive (bsc#971612). - CVE-2016-3185: The make_http_soap_request function in ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611). - CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive (bsc#968284). - CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in PHP allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that did not exist (bsc#949961). - CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP allowed remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization (bsc#942291). - CVE-2015-6833: Directory traversal vulnerability in the PharData class in PHP allowed remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call (bsc#942296. - CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP did not properly manage headers, which allowed remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function (bsc#945428). - CVE-2015-6837: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation during initial error checking, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838 (bsc#945412). - CVE-2015-6838: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation after the principal argument loop, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837 (bsc#945412). - CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension (bsc#938719). - CVE-2015-5589: The phar_convert_to_other function in ext/phar/phar_object.c in PHP did not validate a file pointer a close operation, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call (bsc#938721). - CVE-2015-4602: The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue (bsc#935224). - CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in PHP allowed remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue (bsc#935226). - CVE-2015-4600: The SoapClient implementation in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods (bsc#935226). - CVE-2015-4601: PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226. - CVE-2015-4603: The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP allowed remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue (bsc#935234). - CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP did not validate token extraction for table names, which might allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352 (bsc#935274). - CVE-2015-4643: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022 (bsc#935275). - CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files (bsc#935227). - CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension (bsc#935229). - CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files (bsc#935232). - CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did not verify that the uri property is a string, which allowed remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue (bsc#933227). - CVE-2015-4024: Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP allowed remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome (bsc#931421). - CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname upon encountering a \x00 character, which might allowed remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243 (bsc#931776). - CVE-2015-4022: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow (bsc#931772). - CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP did not verify that the first character of a filename is different from the \0 character, which allowed remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive (bsc#931769). - CVE-2015-3329: Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP allowed remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive (bsc#928506). - CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511). - CVE-2015-2787: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231 (bsc#924972). - CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function (bsc#923945). - CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file (bsc#922452). - CVE-2015-2305: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might have allowed context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow (bsc#921950). - CVE-2014-9705: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP allowed remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries (bsc#922451). - CVE-2015-0273: Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function (bsc#918768). - CVE-2014-9652: The mconvert function in softmagic.c in file as used in the Fileinfo component in PHP did not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allowed remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file (bsc#917150). - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659). - CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bsc#910659). - CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659). - CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bsc#914690). - CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP operates on floating-point arrays incorrectly, which allowed remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function (bsc#902357). - CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value (bsc#902360). - CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP allowed remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation (bsc#902368). - CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions (bsc#893849). - CVE-2014-3597: Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (bsc#893853). - CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (bsc#886059). - CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (bsc#886060). - CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allowed context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php (bsc#885961). - CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file (bsc#884986). - CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion (bsc#884987). - CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as used in the Fileinfo component in PHP relies on incorrect sector-size data, which allowed remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file (bsc#884989). - CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in the Fileinfo component in PHP did not properly validate sector-count data, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884990). - CVE-2014-3487: The cdf_read_property_info function in file as used in the Fileinfo component in PHP did not properly validate a stream offset, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884991). - CVE-2014-3515: The SPL component in PHP incorrectly anticipates that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage (bsc#884992). These non-security issues were fixed: - bnc#935074: compare with SQL_NULL_DATA correctly - bnc#935074: fix segfault in odbc_fetch_array - bnc#919080: fix timezone map - bnc#925109: unserialize SoapClient type confusion Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-php53-12621=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): apache2-mod_php53-5.3.17-47.1 php53-5.3.17-47.1 php53-bcmath-5.3.17-47.1 php53-bz2-5.3.17-47.1 php53-calendar-5.3.17-47.1 php53-ctype-5.3.17-47.1 php53-curl-5.3.17-47.1 php53-dba-5.3.17-47.1 php53-dom-5.3.17-47.1 php53-exif-5.3.17-47.1 php53-fastcgi-5.3.17-47.1 php53-fileinfo-5.3.17-47.1 php53-ftp-5.3.17-47.1 php53-gd-5.3.17-47.1 php53-gettext-5.3.17-47.1 php53-gmp-5.3.17-47.1 php53-iconv-5.3.17-47.1 php53-intl-5.3.17-47.1 php53-json-5.3.17-47.1 php53-ldap-5.3.17-47.1 php53-mbstring-5.3.17-47.1 php53-mcrypt-5.3.17-47.1 php53-mysql-5.3.17-47.1 php53-odbc-5.3.17-47.1 php53-openssl-5.3.17-47.1 php53-pcntl-5.3.17-47.1 php53-pdo-5.3.17-47.1 php53-pear-5.3.17-47.1 php53-pgsql-5.3.17-47.1 php53-pspell-5.3.17-47.1 php53-shmop-5.3.17-47.1 php53-snmp-5.3.17-47.1 php53-soap-5.3.17-47.1 php53-suhosin-5.3.17-47.1 php53-sysvmsg-5.3.17-47.1 php53-sysvsem-5.3.17-47.1 php53-sysvshm-5.3.17-47.1 php53-tokenizer-5.3.17-47.1 php53-wddx-5.3.17-47.1 php53-xmlreader-5.3.17-47.1 php53-xmlrpc-5.3.17-47.1 php53-xmlwriter-5.3.17-47.1 php53-xsl-5.3.17-47.1 php53-zip-5.3.17-47.1 php53-zlib-5.3.17-47.1 References: https://www.suse.com/security/cve/CVE-2004-1019.html https://www.suse.com/security/cve/CVE-2006-7243.html https://www.suse.com/security/cve/CVE-2014-0207.html https://www.suse.com/security/cve/CVE-2014-3478.html https://www.suse.com/security/cve/CVE-2014-3479.html https://www.suse.com/security/cve/CVE-2014-3480.html https://www.suse.com/security/cve/CVE-2014-3487.html https://www.suse.com/security/cve/CVE-2014-3515.html https://www.suse.com/security/cve/CVE-2014-3597.html https://www.suse.com/security/cve/CVE-2014-3668.html https://www.suse.com/security/cve/CVE-2014-3669.html https://www.suse.com/security/cve/CVE-2014-3670.html https://www.suse.com/security/cve/CVE-2014-4049.html https://www.suse.com/security/cve/CVE-2014-4670.html https://www.suse.com/security/cve/CVE-2014-4698.html https://www.suse.com/security/cve/CVE-2014-4721.html https://www.suse.com/security/cve/CVE-2014-5459.html https://www.suse.com/security/cve/CVE-2014-8142.html https://www.suse.com/security/cve/CVE-2014-9652.html https://www.suse.com/security/cve/CVE-2014-9705.html https://www.suse.com/security/cve/CVE-2014-9709.html https://www.suse.com/security/cve/CVE-2014-9767.html https://www.suse.com/security/cve/CVE-2015-0231.html https://www.suse.com/security/cve/CVE-2015-0232.html https://www.suse.com/security/cve/CVE-2015-0273.html https://www.suse.com/security/cve/CVE-2015-1352.html https://www.suse.com/security/cve/CVE-2015-2301.html https://www.suse.com/security/cve/CVE-2015-2305.html https://www.suse.com/security/cve/CVE-2015-2783.html https://www.suse.com/security/cve/CVE-2015-2787.html https://www.suse.com/security/cve/CVE-2015-3152.html https://www.suse.com/security/cve/CVE-2015-3329.html https://www.suse.com/security/cve/CVE-2015-3411.html https://www.suse.com/security/cve/CVE-2015-3412.html https://www.suse.com/security/cve/CVE-2015-4021.html https://www.suse.com/security/cve/CVE-2015-4022.html https://www.suse.com/security/cve/CVE-2015-4024.html https://www.suse.com/security/cve/CVE-2015-4026.html https://www.suse.com/security/cve/CVE-2015-4116.html https://www.suse.com/security/cve/CVE-2015-4148.html https://www.suse.com/security/cve/CVE-2015-4598.html https://www.suse.com/security/cve/CVE-2015-4599.html https://www.suse.com/security/cve/CVE-2015-4600.html https://www.suse.com/security/cve/CVE-2015-4601.html https://www.suse.com/security/cve/CVE-2015-4602.html https://www.suse.com/security/cve/CVE-2015-4603.html https://www.suse.com/security/cve/CVE-2015-4643.html https://www.suse.com/security/cve/CVE-2015-4644.html https://www.suse.com/security/cve/CVE-2015-5161.html https://www.suse.com/security/cve/CVE-2015-5589.html https://www.suse.com/security/cve/CVE-2015-5590.html https://www.suse.com/security/cve/CVE-2015-6831.html https://www.suse.com/security/cve/CVE-2015-6833.html https://www.suse.com/security/cve/CVE-2015-6836.html https://www.suse.com/security/cve/CVE-2015-6837.html https://www.suse.com/security/cve/CVE-2015-6838.html https://www.suse.com/security/cve/CVE-2015-7803.html https://www.suse.com/security/cve/CVE-2015-8835.html https://www.suse.com/security/cve/CVE-2015-8838.html https://www.suse.com/security/cve/CVE-2015-8866.html https://www.suse.com/security/cve/CVE-2015-8867.html https://www.suse.com/security/cve/CVE-2015-8873.html https://www.suse.com/security/cve/CVE-2015-8874.html https://www.suse.com/security/cve/CVE-2015-8879.html https://www.suse.com/security/cve/CVE-2016-2554.html https://www.suse.com/security/cve/CVE-2016-3141.html https://www.suse.com/security/cve/CVE-2016-3142.html https://www.suse.com/security/cve/CVE-2016-3185.html https://www.suse.com/security/cve/CVE-2016-4070.html https://www.suse.com/security/cve/CVE-2016-4073.html https://www.suse.com/security/cve/CVE-2016-4342.html https://www.suse.com/security/cve/CVE-2016-4346.html https://www.suse.com/security/cve/CVE-2016-4537.html https://www.suse.com/security/cve/CVE-2016-4538.html https://www.suse.com/security/cve/CVE-2016-4539.html https://www.suse.com/security/cve/CVE-2016-4540.html https://www.suse.com/security/cve/CVE-2016-4541.html https://www.suse.com/security/cve/CVE-2016-4542.html https://www.suse.com/security/cve/CVE-2016-4543.html https://www.suse.com/security/cve/CVE-2016-4544.html https://www.suse.com/security/cve/CVE-2016-5093.html https://www.suse.com/security/cve/CVE-2016-5094.html https://www.suse.com/security/cve/CVE-2016-5095.html https://www.suse.com/security/cve/CVE-2016-5096.html https://www.suse.com/security/cve/CVE-2016-5114.html https://bugzilla.suse.com/884986 https://bugzilla.suse.com/884987 https://bugzilla.suse.com/884989 https://bugzilla.suse.com/884990 https://bugzilla.suse.com/884991 https://bugzilla.suse.com/884992 https://bugzilla.suse.com/885961 https://bugzilla.suse.com/886059 https://bugzilla.suse.com/886060 https://bugzilla.suse.com/893849 https://bugzilla.suse.com/893853 https://bugzilla.suse.com/902357 https://bugzilla.suse.com/902360 https://bugzilla.suse.com/902368 https://bugzilla.suse.com/910659 https://bugzilla.suse.com/914690 https://bugzilla.suse.com/917150 https://bugzilla.suse.com/918768 https://bugzilla.suse.com/919080 https://bugzilla.suse.com/921950 https://bugzilla.suse.com/922451 https://bugzilla.suse.com/922452 https://bugzilla.suse.com/923945 https://bugzilla.suse.com/924972 https://bugzilla.suse.com/925109 https://bugzilla.suse.com/928506 https://bugzilla.suse.com/928511 https://bugzilla.suse.com/931421 https://bugzilla.suse.com/931769 https://bugzilla.suse.com/931772 https://bugzilla.suse.com/931776 https://bugzilla.suse.com/933227 https://bugzilla.suse.com/935074 https://bugzilla.suse.com/935224 https://bugzilla.suse.com/935226 https://bugzilla.suse.com/935227 https://bugzilla.suse.com/935229 https://bugzilla.suse.com/935232 https://bugzilla.suse.com/935234 https://bugzilla.suse.com/935274 https://bugzilla.suse.com/935275 https://bugzilla.suse.com/938719 https://bugzilla.suse.com/938721 https://bugzilla.suse.com/942291 https://bugzilla.suse.com/942296 https://bugzilla.suse.com/945412 https://bugzilla.suse.com/945428 https://bugzilla.suse.com/949961 https://bugzilla.suse.com/968284 https://bugzilla.suse.com/969821 https://bugzilla.suse.com/971611 https://bugzilla.suse.com/971612 https://bugzilla.suse.com/971912 https://bugzilla.suse.com/973351 https://bugzilla.suse.com/973792 https://bugzilla.suse.com/976996 https://bugzilla.suse.com/976997 https://bugzilla.suse.com/977003 https://bugzilla.suse.com/977005 https://bugzilla.suse.com/977991 https://bugzilla.suse.com/977994 https://bugzilla.suse.com/978827 https://bugzilla.suse.com/978828 https://bugzilla.suse.com/978829 https://bugzilla.suse.com/978830 https://bugzilla.suse.com/980366 https://bugzilla.suse.com/980373 https://bugzilla.suse.com/980375 https://bugzilla.suse.com/981050 https://bugzilla.suse.com/982010 https://bugzilla.suse.com/982011 https://bugzilla.suse.com/982012 https://bugzilla.suse.com/982013 https://bugzilla.suse.com/982162 From sle-updates at lists.suse.com Tue Jun 21 05:21:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 13:21:27 +0200 (CEST) Subject: SUSE-SU-2016:1639-1: important: Security update for libimobiledevice, usbmuxd Message-ID: <20160621112127.BCB9EFF8F@maintenance.suse.de> SUSE Security Update: Security update for libimobiledevice, usbmuxd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1639-1 Rating: important References: #982014 Cross-References: CVE-2016-5104 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libimobiledevice, usbmuxd were updated to fix one security issue. This security issue was fixed: - CVE-2016-5104: Sockets listening on INADDR_ANY instead of only locally (982014). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-973=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-973=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-973=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-973=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-973=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-973=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-973=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-973=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-tools-1.1.5-6.1 libimobiledevice-tools-debuginfo-1.1.5-6.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-tools-1.1.5-6.1 libimobiledevice-tools-debuginfo-1.1.5-6.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-devel-1.1.5-6.1 libusbmuxd-devel-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-devel-1.1.5-6.1 libusbmuxd-devel-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice4-1.1.5-6.1 libimobiledevice4-debuginfo-1.1.5-6.1 libusbmuxd2-1.0.8-12.1 libusbmuxd2-debuginfo-1.0.8-12.1 usbmuxd-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice4-1.1.5-6.1 libimobiledevice4-debuginfo-1.1.5-6.1 libusbmuxd2-1.0.8-12.1 libusbmuxd2-debuginfo-1.0.8-12.1 usbmuxd-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-tools-1.1.5-6.1 libimobiledevice-tools-debuginfo-1.1.5-6.1 libimobiledevice4-1.1.5-6.1 libimobiledevice4-debuginfo-1.1.5-6.1 libusbmuxd2-1.0.8-12.1 libusbmuxd2-debuginfo-1.0.8-12.1 usbmuxd-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libimobiledevice-debugsource-1.1.5-6.1 libimobiledevice-tools-1.1.5-6.1 libimobiledevice-tools-debuginfo-1.1.5-6.1 libimobiledevice4-1.1.5-6.1 libimobiledevice4-debuginfo-1.1.5-6.1 libusbmuxd2-1.0.8-12.1 libusbmuxd2-debuginfo-1.0.8-12.1 usbmuxd-1.0.8-12.1 usbmuxd-debuginfo-1.0.8-12.1 usbmuxd-debugsource-1.0.8-12.1 References: https://www.suse.com/security/cve/CVE-2016-5104.html https://bugzilla.suse.com/982014 From sle-updates at lists.suse.com Tue Jun 21 05:21:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 13:21:50 +0200 (CEST) Subject: SUSE-SU-2016:1640-1: important: Security update for ctdb Message-ID: <20160621112150.6CF7CFFA3@maintenance.suse.de> SUSE Security Update: Security update for ctdb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1640-1 Rating: important References: #969522 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: ctdb was updated to fix one security issue. This security issue was fixed: - bsc#969522: ctdb opening sockets with htons(IPPROTO_RAW) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ctdb-12622=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-ctdb-12622=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ctdb-12622=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ctdb-devel-1.0.114.6-0.14.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): ctdb-1.0.114.6-0.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ctdb-debuginfo-1.0.114.6-0.14.1 ctdb-debugsource-1.0.114.6-0.14.1 References: https://bugzilla.suse.com/969522 From sle-updates at lists.suse.com Tue Jun 21 06:14:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 14:14:42 +0200 (CEST) Subject: SUSE-RU-2016:1642-1: moderate: Recommended update for crowbar-barclamp-ceilometer, crowbar-barclamp-glance, crowbar-barclamp-heat, crowbar-barclamp-keystone and crowbar-barclamp-swift Message-ID: <20160621121442.51723FFA3@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-ceilometer, crowbar-barclamp-glance, crowbar-barclamp-heat, crowbar-barclamp-keystone and crowbar-barclamp-swift ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1642-1 Rating: moderate References: #935462 #965886 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crowbar-barclamp-ceilometer, crowbar-barclamp-glance, crowbar-barclamp-heat, crowbar-barclamp-keystone, and crowbar-barclamp-swift fixes the following issues: - Minimize disruption of services with HA by using interleave for clones (bsc#965886) - Improve reliability of Ceilometer and Heat deployment with HA (bsc#935462) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-ceilometer-12623=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-ceilometer-1.9+git.1460064195.e4b231d-12.1 crowbar-barclamp-glance-1.9+git.1460064128.7bb2fea-16.1 crowbar-barclamp-heat-1.9+git.1460064150.a7e95c0-15.1 crowbar-barclamp-keystone-1.9+git.1460063691.f21a95b-19.1 crowbar-barclamp-swift-1.9+git.1460076316.f7c91cd-15.1 References: https://bugzilla.suse.com/935462 https://bugzilla.suse.com/965886 From sle-updates at lists.suse.com Tue Jun 21 06:15:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 14:15:26 +0200 (CEST) Subject: SUSE-RU-2016:1643-1: important: Recommended update for openstack-neutron Message-ID: <20160621121526.68B93FFA5@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1643-1 Rating: important References: #975582 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-neutron provides the latest code from OpenStack Liberty. - Fix neutron start when SSL is enabled (bsc#975582) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-975=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-neutron-7.1.2~a0~dev10-7.1 openstack-neutron-dhcp-agent-7.1.2~a0~dev10-7.1 openstack-neutron-doc-7.1.2~a0~dev10-7.1 openstack-neutron-ha-tool-7.1.2~a0~dev10-7.1 openstack-neutron-l3-agent-7.1.2~a0~dev10-7.1 openstack-neutron-linuxbridge-agent-7.1.2~a0~dev10-7.1 openstack-neutron-metadata-agent-7.1.2~a0~dev10-7.1 openstack-neutron-metering-agent-7.1.2~a0~dev10-7.1 openstack-neutron-mlnx-agent-7.1.2~a0~dev10-7.1 openstack-neutron-nvsd-agent-7.1.2~a0~dev10-7.1 openstack-neutron-openvswitch-agent-7.1.2~a0~dev10-7.1 openstack-neutron-restproxy-agent-7.1.2~a0~dev10-7.1 openstack-neutron-server-7.1.2~a0~dev10-7.1 python-neutron-7.1.2~a0~dev10-7.1 References: https://bugzilla.suse.com/975582 From sle-updates at lists.suse.com Tue Jun 21 07:08:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 15:08:16 +0200 (CEST) Subject: SUSE-RU-2016:1644-1: moderate: Recommended update for portus Message-ID: <20160621130816.CBFB0FF8F@maintenance.suse.de> SUSE Recommended Update: Recommended update for portus ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1644-1 Rating: moderate References: #967411 #976088 #976113 #976198 #978374 #978658 #978661 #979210 #981312 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for portus provides version 2.0.5 (bsc#981312, bsc#979210) and fixes the following issues: - Improvements * The FQDN can now be specified from the configuration too. This is meant to help users to transition from 2.0.x to 2.1. * Portus is now more explicit on the allowed name format. (bsc#978658) * Portus is now more friendly on errors based on the namespace name. (bsc#978661) * Better Sub-URI handling & configurable config-local.yml path. - portusctl * Disable automatic generation of certificates. For this, now there are two new flags: --ssl-gen-self-signed-certs and --ssl-certs-dir . (bsc#978374) * Wrap crono with the exec command. (bsc#976113) * Use the proper make_admin task. (bsc#976088) * Don't configure mysql in Docker. (bsc#976198) * Added the portus:info task. - Other fixes: * Logout button and search repository are now appearing in small devices. * Don't allow access to the hidden global team. * Require net-tools (bsc#967411) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-977=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): portus-2.0.5-7.1 portus-debuginfo-2.0.5-7.1 portus-debugsource-2.0.5-7.1 References: https://bugzilla.suse.com/967411 https://bugzilla.suse.com/976088 https://bugzilla.suse.com/976113 https://bugzilla.suse.com/976198 https://bugzilla.suse.com/978374 https://bugzilla.suse.com/978658 https://bugzilla.suse.com/978661 https://bugzilla.suse.com/979210 https://bugzilla.suse.com/981312 From sle-updates at lists.suse.com Tue Jun 21 08:08:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 16:08:14 +0200 (CEST) Subject: SUSE-SU-2016:1645-1: moderate: Security update for pam Message-ID: <20160621140814.1AA58FF6C@maintenance.suse.de> SUSE Security Update: Security update for pam ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1645-1 Rating: moderate References: #854480 #934920 #962220 Cross-References: CVE-2013-7041 CVE-2015-3238 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for pam fixes two security issues. These security issues were fixed: - CVE-2015-3238: pam_unix in conjunction with SELinux allowed for DoS attacks (bsc#934920). - CVE-2013-7041: Compare password hashes case-sensitively (bsc#854480). This non-security issue was fixed: - bsc#962220: Don't fail when /var/log/btmp is corrupted Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-pam-12624=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-pam-12624=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pam-12624=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): pam-devel-1.1.5-0.17.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): pam-devel-32bit-1.1.5-0.17.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): pam-1.1.5-0.17.2 pam-doc-1.1.5-0.17.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): pam-32bit-1.1.5-0.17.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): pam-x86-1.1.5-0.17.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): pam-debuginfo-1.1.5-0.17.2 pam-debugsource-1.1.5-0.17.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): pam-debuginfo-32bit-1.1.5-0.17.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): pam-debuginfo-x86-1.1.5-0.17.2 References: https://www.suse.com/security/cve/CVE-2013-7041.html https://www.suse.com/security/cve/CVE-2015-3238.html https://bugzilla.suse.com/854480 https://bugzilla.suse.com/934920 https://bugzilla.suse.com/962220 From sle-updates at lists.suse.com Tue Jun 21 09:08:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 17:08:08 +0200 (CEST) Subject: SUSE-RU-2016:1646-1: Recommended update for postgresql-init Message-ID: <20160621150808.35954FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1646-1 Rating: low References: #964945 #966285 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql-init provides the following fixes: - Increase the default timeout for pg_ctl from 60 to 600 seconds and make it configurable. (bsc#966285) - Change the permissions and ownership of /var/run/postgresql to match those of /tmp (the traditional location of PostgreSQL's unix domain sockets and lock files), so that users other than "postgres" are able to start their own database instances. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-979=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-979=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): postgresql-init-9.4-17.11.1 - SUSE Linux Enterprise Server 12 (noarch): postgresql-init-9.4-17.11.1 References: https://bugzilla.suse.com/964945 https://bugzilla.suse.com/966285 From sle-updates at lists.suse.com Tue Jun 21 09:08:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 17:08:37 +0200 (CEST) Subject: SUSE-RU-2016:1647-1: Recommended update for postgresql-init Message-ID: <20160621150837.7AD75FFAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1647-1 Rating: low References: #964945 #966285 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql-init increases the default timeout for pg_ctl from 60 to 600 seconds and makes it configurable. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-postgresql-init-12625=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): postgresql-init-9.4-0.4.2 References: https://bugzilla.suse.com/964945 https://bugzilla.suse.com/966285 From sle-updates at lists.suse.com Tue Jun 21 12:08:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 20:08:16 +0200 (CEST) Subject: SUSE-RU-2016:1648-1: moderate: Recommended update for mdadm Message-ID: <20160621180816.DED43FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1648-1 Rating: moderate References: #853944 #939124 #953595 #954769 #956236 #957886 #958597 #966773 #974154 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - A segmentation fault when a disk is re-added to the system shortly after being removed. (bsc#974154) - A problem when adding a spare disk to a degraded array. (bsc#958597) - A misleading error code returned by mdadm --detail on inactive arrays. (bsc#966773) - "Insufficient head-space for reshape" error when attempting to expand array on s390x systems. (bsc#953595) - Message "Starting Activate md array even though degraded..." could be erroneously printed at boot time. (bsc#853944) - The mdcheck script could try to check a non-existent '/dev/md?*' device. (bsc#957886) - The mdcheck script could fail to parse the output of mdadm --detail. (bsc#957886) - Add sample crontab file to schedule mdcheck execution if enabled in sysconfig. (bsc#957886) - An issue when displaying detailed information on Number and RaidDevice fields. (bsc#954769) - A crash when running --detail on a dm device which contains an md device. (bsc#939124) - Ignore multipath devices when not yet ready. (bsc#956236) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-982=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-982=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): mdadm-3.3.1-25.1 mdadm-debuginfo-3.3.1-25.1 mdadm-debugsource-3.3.1-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): mdadm-3.3.1-25.1 mdadm-debuginfo-3.3.1-25.1 mdadm-debugsource-3.3.1-25.1 References: https://bugzilla.suse.com/853944 https://bugzilla.suse.com/939124 https://bugzilla.suse.com/953595 https://bugzilla.suse.com/954769 https://bugzilla.suse.com/956236 https://bugzilla.suse.com/957886 https://bugzilla.suse.com/958597 https://bugzilla.suse.com/966773 https://bugzilla.suse.com/974154 From sle-updates at lists.suse.com Tue Jun 21 12:10:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Jun 2016 20:10:08 +0200 (CEST) Subject: SUSE-RU-2016:1649-1: moderate: Recommended update for mdadm Message-ID: <20160621181008.7AA1DFF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1649-1 Rating: moderate References: #853944 #930417 #939124 #952644 #953380 #953595 #956236 #958597 #966773 #974154 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for mdadm fixes the following issues: - A segmentation fault when a disk is re-added to the system shortly after being removed. (bsc#974154) - A problem when adding a spare disk to a degraded array. (bsc#958597) - A misleading error code returned by mdadm --detail on inactive arrays. (bsc#966773) - "Insufficient head-space for reshape" error when attempting to expand array on s390x systems. (bsc#953595) - Message "Starting Activate md array even though degraded..." could be erroneously printed at boot time. (bsc#853944) - A regression in "mdadm /dev/mdXX --remove failed" handling. (bsc#952644) - A regression when attempting to remove failed devices from an array. (bsc#952644) - Potential corruption of DDF anchor. (bsc#930417) - A crash when running --detail on a dm device which contains an md device. (bsc#939124) - Ignore multipath devices when not yet ready. (bsc#956236) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-981=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-981=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): mdadm-3.3.1-6.15.1 mdadm-debuginfo-3.3.1-6.15.1 mdadm-debugsource-3.3.1-6.15.1 - SUSE Linux Enterprise Desktop 12 (x86_64): mdadm-3.3.1-6.15.1 mdadm-debuginfo-3.3.1-6.15.1 mdadm-debugsource-3.3.1-6.15.1 References: https://bugzilla.suse.com/853944 https://bugzilla.suse.com/930417 https://bugzilla.suse.com/939124 https://bugzilla.suse.com/952644 https://bugzilla.suse.com/953380 https://bugzilla.suse.com/953595 https://bugzilla.suse.com/956236 https://bugzilla.suse.com/958597 https://bugzilla.suse.com/966773 https://bugzilla.suse.com/974154 From sle-updates at lists.suse.com Wed Jun 22 06:09:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2016 14:09:17 +0200 (CEST) Subject: SUSE-RU-2016:1650-1: important: Recommended update for crowbar-openstack and openstack-ceilometer Message-ID: <20160622120917.31B22FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-openstack and openstack-ceilometer ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1650-1 Rating: important References: #955786 #977056 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crowbar-openstack and openstack-ceilometer provides the latest code from OpenStack Liberty. - Start openstack-ceilometer after openstack-keystone (bsc#955786) - Fix deployment of ceilometer polling agents - Fixes for zVM support - Fix volume migration when volume is attached (bsc#977056) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-983=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-openstack-3.0+git.1464941345.7a9a99b-11.1 openstack-ceilometer-5.0.3~a0~dev25-3.1 openstack-ceilometer-agent-central-5.0.3~a0~dev25-3.1 openstack-ceilometer-agent-compute-5.0.3~a0~dev25-3.1 openstack-ceilometer-agent-ipmi-5.0.3~a0~dev25-3.1 openstack-ceilometer-agent-notification-5.0.3~a0~dev25-3.1 openstack-ceilometer-alarm-evaluator-5.0.3~a0~dev25-3.1 openstack-ceilometer-alarm-notifier-5.0.3~a0~dev25-3.1 openstack-ceilometer-api-5.0.3~a0~dev25-3.1 openstack-ceilometer-collector-5.0.3~a0~dev25-3.1 openstack-ceilometer-doc-5.0.3~a0~dev25-3.2 openstack-ceilometer-polling-5.0.3~a0~dev25-3.1 python-ceilometer-5.0.3~a0~dev25-3.1 References: https://bugzilla.suse.com/955786 https://bugzilla.suse.com/977056 From sle-updates at lists.suse.com Wed Jun 22 07:08:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2016 15:08:35 +0200 (CEST) Subject: SUSE-RU-2016:1654-1: moderate: Recommended update for SUSE Manager Server 3.0 Message-ID: <20160622130835.DAB43FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1654-1 Rating: moderate References: #958923 #961002 #962253 #966441 #966890 #967865 #969320 #969529 #970223 #970951 #971237 #971372 #971606 #971622 #973365 #974119 #974288 #974302 #974891 #975120 #975135 #975161 #975303 #975306 #975354 #975424 #975733 #975746 #975757 #975889 #976148 #976194 #976203 #977264 #977280 #977465 #977579 #977781 #978050 #978166 #978182 #978253 #978788 #978833 #979313 #979491 #979686 #980313 #980556 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has 49 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Remove option -f from startproc. (bsc#975733) - Changed Zypper's plugin. Added Unit test and related to that data. (bsc#980313) - Zypper plugin: Alter the generated event name on package set change. - Salt-proxy .service file created. (bsc#975306) - Prevent salt-proxy test.ping crash. (bsc#975303) - Fix shared directories ownership issues. - Add Zypper plugin to generate an event, once Zypper is used outside the Salt infrastructure demand. (bsc#971372) - Restore boolean values from the repo configuration. - Fix priority attribute. (bsc#978833) - Unblock-Zypper. (bsc#976148) - Modify-environment. (bsc#971372) - Prevent crash if pygit2 package is requesting re-compilation. - Align OS grains from older SLES with current one. (bsc#975757) - Bugfix: salt-key crashes if tries to generate keys to the directory w/o write access. (bsc#969320) spacecmd: - Make spacecmd createRepo compatible with SUSE Manager 2.1 API. (bsc#977264) spacewalk-backend: - Spacewalk-repo-sync - Improved date handling. (bsc#975161) - Better error message for system that is already registered as minion. - Only trigger virtualization notification on server save when the virtualization data is not falsy. (bsc#975120) - Fix GPG bad signature detection and improve error messages. (bsc#979313) - Send and save machine_id on traditional registration. - Vendor channels may have no repo assigned. (bsc#977781) - Do not crash now that multiple urls are passed. (bsc#970951) - Add machine info capability. spacewalk-branding: - Add missing label definition for task.status.gatherer and task.status.matcher. spacewalk-client-tools: - Send and save machine_id on traditional registration. - Send machine info only if server has machine info capability. spacewalk-java: - Fix NoSuchFileException at setup time when there are no orgs yet. - Add details to history event. - Only require lifecycle entitlements for systems with a SUSE base product, adjust test. - mgr-sync: Use bulk channel reposync. - Enhance list of channel families for SUSE Manager Server. - Reactivate traditional server as minion on registration. - taskomaticApi: Schedule bulk reposyncs in bulk. - Show machine_id in the system->hardware tab. - Change missing machine_id UI warning message. - Make message handling thread pool size configurable. - Support for concurrent handling of checkin events. - Add variable to make cobbler sync optional. - Add Virtualization Groups to the input JSON data for the matcher. - Backward synchronization for cobbler kernel options during CobblerSyncTask. - Support for multithreaded message handling. - BugFix: Redirect migration with no Org to the first step. (bsc#969529) - Trigger errata cache job on changed channel assignments. - Under high load, the service wrapper may incorrectly interpret the inability to get a response in time from taskomatic and kill it. (bsc#962253) - Make cobbler commands work from taskomatik. - Don't modify request map when rendering alphabar, since it may fail depending on the implementation of ServletRequest. (bsc#978253) - Require refresh channels before pkg states. (bsc#975424) - Manager-3.0: Reschedule failed actions. (bsc#971622) - Exit if there are exceptions on startup to let tanuki restart taskomatic. - BugFix: Keep trace of the parent channel selected during 'Create Channel'. (bsc#967865) - Remote commands: Filter minions by permissions and not just by org. (bsc#978050) - ProductSyncManager: when scheduling reposyncs, use bulk mode through TaskomaticApi. (bsc961002) - Call cobbler sync after cobbler command is finished. (bsc#966890) - Use pillar and static states to install/remove packages. (bsc#975424) - Faster event processing. - Determine the action status more correctly. - Fix error msg if /srv/susemanager/salt/custom does not exist. (bsc#978182) - Recreate upgrade paths on every refresh. (bsc#978166) - Prevent non org-admin user accept/reject/delete a minion. (bsc#979686) - Regenerate salt files. (bsc#974302) - Log permissions problems on channel access while SP migration. (bsc#970223) - Support SLE-POS 11 SP3 as addon for SLES 11 SP4. (bsc#976194) - Delete salt key when system is deleted. (bsc#971606) - Improve the output of remote command actions. - No package list refresh after channel assignment change. - Force a package list refresh after the onboarding. - More "info" level logging about action executors. - Log out the duration of package profile updates. - Execute package profile update as a state.apply. (bsc#973365) - Adjust autoinst file error detecting heuristics to the newer format. (bsc#974119) - Use queue=true for all calls to state.apply. (bsc#980556) - Make postgresql a weak systemd dependency. - Filter osad from the activation key extra packages. (bsc#975135) - Ensure SCC data files are saved on disk as tomcat/root with 644 permissions. - Bugfix: Add management product ids to servers without products. - Double the backslashes when reading the config files from java. (bsc#958923) - Fix setting cpu flags on hw refresh. (bsc#975354) spacewalk-utils: - taskotop: A utility to monitor what Taskomatic is doing. spacewalk-web: - Disable action buttons to add/reject/delete minions if user is non org-admin. - Handle and show error message when session expires in remote-command page. (bsc#974891) - Enable Run button in remote-command page only if a preview exists. - Show both Preview and Run buttons to improve usability of remote command feature. (bsc#974288) susemanager: - Fix help output for mgr-setup; no longer migration from RHN. (bsc#975746) - For SLES11 SP2 and lower we do not support salt. (bsc#978788) - mgr-sync: Use bulk channel reposync. (bsc#961002) - Show optional channels in mgr-sync add channel and add an option to hide optional channels. (bsc#977579) - Add more packages to bootstrap repo. (bsc#971237) susemanager-docs_en: - Update text and image files: bsc#979491, bsc#977280, bsc#975889. susemanager-schema: - Move machine_id from suseMinionInfo to rhnServer table. - Fix removing nonlinux entitlement during migration. - Fix migrating and cleanup system types during migration. (bsc#977465) - Enable ftr_package_refresh for minions. susemanager-sls: - Require refresh channels before pkg states. (bsc#975424) - Use pillar and static states to install/remove packages. (bsc#975424) susemanager-sync-data: - Support SUSE Enterprise Storage 3. (bsc#966441) - Support SLE-Module-Certifications12. (bsc#976203) - Support SLE-POS 11 SP3 as addon for SLES 11 SP4. (bsc#976194) - Handle product class changes for SUSE Manager Server. susemanager-tftpsync: - Rename change_tftpd_proxies.py to sync_post_tftpd_proxies.py and change trigger type. (bsc#966890) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-986=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): salt-2015.8.7-11.2 salt-api-2015.8.7-11.2 salt-doc-2015.8.7-11.2 salt-master-2015.8.7-11.2 salt-minion-2015.8.7-11.2 salt-proxy-2015.8.7-11.2 salt-ssh-2015.8.7-11.2 salt-syndic-2015.8.7-11.2 spacewalk-branding-2.5.2.9-3.1 susemanager-3.0.15-3.1 susemanager-tftpsync-3.0.3-3.1 susemanager-tools-3.0.15-3.1 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2015.8.7-11.2 salt-zsh-completion-2015.8.7-11.2 spacecmd-2.5.5.2-3.1 spacewalk-backend-2.5.24.4-5.1 spacewalk-backend-app-2.5.24.4-5.1 spacewalk-backend-applet-2.5.24.4-5.1 spacewalk-backend-config-files-2.5.24.4-5.1 spacewalk-backend-config-files-common-2.5.24.4-5.1 spacewalk-backend-config-files-tool-2.5.24.4-5.1 spacewalk-backend-iss-2.5.24.4-5.1 spacewalk-backend-iss-export-2.5.24.4-5.1 spacewalk-backend-libs-2.5.24.4-5.1 spacewalk-backend-package-push-server-2.5.24.4-5.1 spacewalk-backend-server-2.5.24.4-5.1 spacewalk-backend-sql-2.5.24.4-5.1 spacewalk-backend-sql-postgresql-2.5.24.4-5.1 spacewalk-backend-tools-2.5.24.4-5.1 spacewalk-backend-xml-export-libs-2.5.24.4-5.1 spacewalk-backend-xmlrpc-2.5.24.4-5.1 spacewalk-base-2.5.7.8-3.1 spacewalk-base-minimal-2.5.7.8-3.1 spacewalk-base-minimal-config-2.5.7.8-3.1 spacewalk-client-tools-2.5.13.4-5.1 spacewalk-html-2.5.7.8-3.1 spacewalk-java-2.5.59.6-3.2 spacewalk-java-config-2.5.59.6-3.2 spacewalk-java-lib-2.5.59.6-3.2 spacewalk-java-postgresql-2.5.59.6-3.2 spacewalk-taskomatic-2.5.59.6-3.2 spacewalk-utils-2.5.6.4-3.1 susemanager-advanced-topics_en-pdf-3-9.2 susemanager-best-practices_en-pdf-3-9.2 susemanager-docs_en-3-9.2 susemanager-getting-started_en-pdf-3-9.2 susemanager-jsp_en-3-9.2 susemanager-reference_en-pdf-3-9.2 susemanager-schema-3.0.13-3.2 susemanager-sls-0.1.13-3.1 susemanager-sync-data-3.0.9-3.1 References: https://bugzilla.suse.com/958923 https://bugzilla.suse.com/961002 https://bugzilla.suse.com/962253 https://bugzilla.suse.com/966441 https://bugzilla.suse.com/966890 https://bugzilla.suse.com/967865 https://bugzilla.suse.com/969320 https://bugzilla.suse.com/969529 https://bugzilla.suse.com/970223 https://bugzilla.suse.com/970951 https://bugzilla.suse.com/971237 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/971606 https://bugzilla.suse.com/971622 https://bugzilla.suse.com/973365 https://bugzilla.suse.com/974119 https://bugzilla.suse.com/974288 https://bugzilla.suse.com/974302 https://bugzilla.suse.com/974891 https://bugzilla.suse.com/975120 https://bugzilla.suse.com/975135 https://bugzilla.suse.com/975161 https://bugzilla.suse.com/975303 https://bugzilla.suse.com/975306 https://bugzilla.suse.com/975354 https://bugzilla.suse.com/975424 https://bugzilla.suse.com/975733 https://bugzilla.suse.com/975746 https://bugzilla.suse.com/975757 https://bugzilla.suse.com/975889 https://bugzilla.suse.com/976148 https://bugzilla.suse.com/976194 https://bugzilla.suse.com/976203 https://bugzilla.suse.com/977264 https://bugzilla.suse.com/977280 https://bugzilla.suse.com/977465 https://bugzilla.suse.com/977579 https://bugzilla.suse.com/977781 https://bugzilla.suse.com/978050 https://bugzilla.suse.com/978166 https://bugzilla.suse.com/978182 https://bugzilla.suse.com/978253 https://bugzilla.suse.com/978788 https://bugzilla.suse.com/978833 https://bugzilla.suse.com/979313 https://bugzilla.suse.com/979491 https://bugzilla.suse.com/979686 https://bugzilla.suse.com/980313 https://bugzilla.suse.com/980556 From sle-updates at lists.suse.com Wed Jun 22 07:16:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2016 15:16:55 +0200 (CEST) Subject: SUSE-RU-2016:1656-1: moderate: Recommended update for SUSE Manager Server, Proxy and Client Tools Message-ID: <20160622131655.5A925FFAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server, Proxy and Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1656-1 Rating: moderate References: #964932 #969320 #971372 #973418 #975303 #975306 #975733 #975757 #976148 #976826 #977264 #978833 #979313 #979676 #980313 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has 15 recommended fixes can now be installed. Description: This update fixes the following issues for the SUSE Manager Server 3.0 and Client Tools: zypp-plugin-spacewalk: - Fix failover for multiple URLs per repo. (bsc#964932) The following issues for SUSE Manager Proxy 3.0 and Client Tools have been fixed: cobbler: - Remove grubby-compat because perl-Bootloader gets dropped. - Disabling 'get-loaders' command and 'check' fixed. (bsc#973418) - Add logrotate file for cobbler. (bsc#976826) Additionally the following issues for the SUSE Linux Enterprise 12 Clienttools have been fixed: salt: - Remove option -f from startproc. (bsc#975733) - Changed Zypper's plugin. Added Unit test and related to that data. (bsc#980313) - Zypper plugin: alter the generated event name on package set change. - Fix file ownership on master keys and cache directories during upgrade. (handles upgrading from salt 2014, where the daemon ran as root, to 2015 where it runs as the salt user, bsc#979676) - Salt-proxy .service file created. (bsc#975306) - Prevent salt-proxy test.ping crash. (bsc#975303) - Fix shared directories ownership issues. - Add Zypper plugin to generate an event, once Zypper is used outside the Salt infrastructure demand. (bsc#971372) - Restore boolean values from the repo configuration - Fix priority attribute (bsc#978833) - Unblock-Zypper. (bsc#976148) - Modify-environment. (bsc#971372) - Prevent crash if pygit2 package is requesting re-compilation. - Align OS grains from older SLES with current one. (bsc#975757) - Bugfix: salt-key crashes if tries to generate keys to the directory w/o write access. (bsc#969320) spacecmd: - Make spacecmd createRepo compatible with SUSE Manager 2.1 API. (bsc#977264) spacewalk-backend: - Better error message for system that is already registered as minion. - Fix GPG bad signature detection and improve error messages. (bsc#979313) - Send and save machine_id on traditional registration. - Add machine info capability spacewalk-client-tools: - Send and save machine_id on traditional registration. - Send machine info only if server has machine info capability. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2016-984=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-984=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2016-984=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (ppc64le s390x x86_64): salt-2015.8.7-7.2 salt-doc-2015.8.7-7.2 salt-minion-2015.8.7-7.2 zypp-plugin-spacewalk-0.9.14-26.1 - SUSE Manager Tools 12 (noarch): koan-2.6.6-33.2 spacecmd-2.5.5.2-20.1 spacewalk-backend-libs-2.5.24.4-34.1 spacewalk-check-2.5.13.4-36.1 spacewalk-client-setup-2.5.13.4-36.1 spacewalk-client-tools-2.5.13.4-36.1 - SUSE Manager Server 3.0 (noarch): cobbler-2.6.6-33.2 - SUSE Manager Proxy 3.0 (x86_64): zypp-plugin-spacewalk-0.9.14-26.1 References: https://bugzilla.suse.com/964932 https://bugzilla.suse.com/969320 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/973418 https://bugzilla.suse.com/975303 https://bugzilla.suse.com/975306 https://bugzilla.suse.com/975733 https://bugzilla.suse.com/975757 https://bugzilla.suse.com/976148 https://bugzilla.suse.com/976826 https://bugzilla.suse.com/977264 https://bugzilla.suse.com/978833 https://bugzilla.suse.com/979313 https://bugzilla.suse.com/979676 https://bugzilla.suse.com/980313 From sle-updates at lists.suse.com Wed Jun 22 07:19:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2016 15:19:16 +0200 (CEST) Subject: SUSE-RU-2016:1657-1: moderate: Recommended update for SUSE Manager Proxy 3.0 Message-ID: <20160622131916.6C2AFFF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1657-1 Rating: moderate References: #969320 #970951 #971372 #974288 #974891 #975120 #975161 #975303 #975306 #975424 #975733 #975757 #976148 #977781 #978833 #979313 #980313 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has 17 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Remove option -f from startproc. (bsc#975733) - Changed Zypper's plugin. Added Unit test and related to that data. (bsc#980313) - zypper plugin: Alter the generated event name on package set change. - Salt-proxy .service file created. (bsc#975306) - Prevent salt-proxy test.ping crash. (bsc#975303) - Fix shared directories ownership issues. - Add Zypper plugin to generate an event, once Zypper is used outside the Salt infrastructure demand. (bsc#971372) - Restore boolean values from the repo configuration. - Fix priority attribute. (bsc#978833) - Unblock-Zypper. (bsc#976148) - Modify-environment. (bsc#971372) - Prevent crash if pygit2 package is requesting re-compilation. - Align OS grains from older SLES with current one. (bsc#975757) - Bugfix: Salt-key crashes if tries to generate keys to the directory w/o write access. (bsc#969320) spacewalk-backend: - spacewalk-repo-sync: Improved date handling. (bsc#975161) - Better error message for system that is already registered as minion. - Only trigger virtualization notification on server save when the virtualization data is not falsy. (bsc#975120) - Fix GPG bad signature detection and improve error messages. (bsc#979313) - Send and save machine_id on traditional registration. - Vendor channels may have no repo assigned. (bsc#977781) - Do not crash now that multiple urls are passed. (bsc#970951) - Add machine info capability. spacewalk-client-tools: - Send and save machine_id on traditional registration. - Send machine info only if server has machine info capability. spacewalk-web: - Disable action buttons to add/reject/delete minions if user is non org-admin. - Handle and show error message when session expires in remote-command page. (bsc#974891) - Enable Run button in remote-command page only if a preview exists. - Show both Preview and Run buttons to improve usability of remote command feature. (bsc#974288) susemanager-sls: - Require refresh channels before pkg states. (bsc#975424) - Use pillar and static states to install/remove packages. (bsc#975424) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2016-986=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.0 (x86_64): salt-2015.8.7-11.2 salt-api-2015.8.7-11.2 salt-doc-2015.8.7-11.2 salt-master-2015.8.7-11.2 salt-minion-2015.8.7-11.2 salt-proxy-2015.8.7-11.2 salt-ssh-2015.8.7-11.2 salt-syndic-2015.8.7-11.2 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2015.8.7-11.2 salt-zsh-completion-2015.8.7-11.2 spacewalk-backend-2.5.24.4-5.1 spacewalk-backend-libs-2.5.24.4-5.1 spacewalk-base-minimal-2.5.7.8-3.1 spacewalk-base-minimal-config-2.5.7.8-3.1 spacewalk-check-2.5.13.4-5.1 spacewalk-client-setup-2.5.13.4-5.1 spacewalk-client-tools-2.5.13.4-5.1 susemanager-sls-0.1.13-3.1 References: https://bugzilla.suse.com/969320 https://bugzilla.suse.com/970951 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/974288 https://bugzilla.suse.com/974891 https://bugzilla.suse.com/975120 https://bugzilla.suse.com/975161 https://bugzilla.suse.com/975303 https://bugzilla.suse.com/975306 https://bugzilla.suse.com/975424 https://bugzilla.suse.com/975733 https://bugzilla.suse.com/975757 https://bugzilla.suse.com/976148 https://bugzilla.suse.com/977781 https://bugzilla.suse.com/978833 https://bugzilla.suse.com/979313 https://bugzilla.suse.com/980313 From sle-updates at lists.suse.com Wed Jun 22 07:21:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2016 15:21:51 +0200 (CEST) Subject: SUSE-RU-2016:1658-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20160622132151.72475FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1658-1 Rating: moderate References: #969320 #971372 #975303 #975306 #975733 #975757 #976148 #977264 #978833 #979313 #979676 #980313 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Remove option -f from startproc. (bsc#975733) - Changed Zypper's plugin. Added Unit test and related to that data. (bsc#980313) - Zypper plugin: alter the generated event name on package set change. - Fix file ownership on master keys and cache directories during upgrade. (handles upgrading from salt 2014, where the daemon ran as root, to 2015 where it runs as the salt user, bsc#979676) - Salt-proxy .service file created. (bsc#975306) - Prevent salt-proxy test.ping crash. (bsc#975303) - Fix shared directories ownership issues. - Add Zypper plugin to generate an event, once Zypper is used outside the Salt infrastructure demand. (bsc#971372) - Restore boolean values from the repo configuration. - Fix priority attribute. (bsc#978833) - Unblock-Zypper. (bsc#976148) - Modify-environment. (bsc#971372) - Prevent crash if pygit2 package is requesting re-compilation. - Align OS grains from older SLES with current one. (bsc#975757) - Bugfix: salt-key crashes if tries to generate keys to the directory w/o write access. (bsc#969320) spacecmd: - Make spacecmd createRepo compatible with SUSE Manager 2.1 API. (bsc#977264) spacewalk-backend: - Better error message for system that is already registered as minion. - Fix GPG bad signature detection and improve error messages. (bsc#979313) - Send and save machine_id on traditional registration. - Add machine info capability. spacewalk-client-tools: - Send and save machine_id on traditional registration. - Send machine info only if server has machine info capability. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201605-12626=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201605-12626=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2015.8.7-7.2 salt-doc-2015.8.7-7.2 salt-minion-2015.8.7-7.2 spacecmd-2.5.5.2-5.1 spacewalk-backend-libs-2.5.24.4-7.2 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): spacewalk-check-2.5.13.4-11.1 spacewalk-client-setup-2.5.13.4-11.1 spacewalk-client-tools-2.5.13.4-11.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2015.8.7-7.2 salt-doc-2015.8.7-7.2 salt-minion-2015.8.7-7.2 spacecmd-2.5.5.2-5.1 spacewalk-backend-libs-2.5.24.4-7.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): spacewalk-check-2.5.13.4-11.1 spacewalk-client-setup-2.5.13.4-11.1 spacewalk-client-tools-2.5.13.4-11.1 References: https://bugzilla.suse.com/969320 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/975303 https://bugzilla.suse.com/975306 https://bugzilla.suse.com/975733 https://bugzilla.suse.com/975757 https://bugzilla.suse.com/976148 https://bugzilla.suse.com/977264 https://bugzilla.suse.com/978833 https://bugzilla.suse.com/979313 https://bugzilla.suse.com/979676 https://bugzilla.suse.com/980313 From sle-updates at lists.suse.com Wed Jun 22 10:09:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Jun 2016 18:09:33 +0200 (CEST) Subject: SUSE-RU-2016:1661-1: Recommended update for procps Message-ID: <20160622160933.66B0BFFAB@maintenance.suse.de> SUSE Recommended Update: Recommended update for procps ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1661-1 Rating: low References: #981616 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for procps fixes the following issues: - Improve pmap(1) to be compatible with kernel 4.4. (bsc#981616) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-987=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-987=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-987=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-987=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-987=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-987=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): procps-debuginfo-3.3.9-7.1 procps-debugsource-3.3.9-7.1 procps-devel-3.3.9-7.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): procps-debuginfo-3.3.9-7.1 procps-debugsource-3.3.9-7.1 procps-devel-3.3.9-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libprocps3-3.3.9-7.1 libprocps3-debuginfo-3.3.9-7.1 procps-3.3.9-7.1 procps-debuginfo-3.3.9-7.1 procps-debugsource-3.3.9-7.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libprocps3-3.3.9-7.1 libprocps3-debuginfo-3.3.9-7.1 procps-3.3.9-7.1 procps-debuginfo-3.3.9-7.1 procps-debugsource-3.3.9-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libprocps3-3.3.9-7.1 libprocps3-debuginfo-3.3.9-7.1 procps-3.3.9-7.1 procps-debuginfo-3.3.9-7.1 procps-debugsource-3.3.9-7.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libprocps3-3.3.9-7.1 libprocps3-debuginfo-3.3.9-7.1 procps-3.3.9-7.1 procps-debuginfo-3.3.9-7.1 procps-debugsource-3.3.9-7.1 References: https://bugzilla.suse.com/981616 From sle-updates at lists.suse.com Thu Jun 23 09:08:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2016 17:08:40 +0200 (CEST) Subject: SUSE-RU-2016:1665-1: Recommended update for susemanager-sync-data Message-ID: <20160623150840.4AFC2FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1665-1 Rating: low References: #966441 #976203 Affected Products: SUSE Manager 2.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for susemanager-sync-data adds support for SUSE Enterprise Storage 3 and SLE Module Certifications. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-susemanager-sync-data-12630=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (noarch): susemanager-sync-data-2.1.16-33.1 References: https://bugzilla.suse.com/966441 https://bugzilla.suse.com/976203 From sle-updates at lists.suse.com Thu Jun 23 10:07:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2016 18:07:52 +0200 (CEST) Subject: SUSE-RU-2016:1667-1: moderate: Recommended update for yast2-dns-server Message-ID: <20160623160752.3200BFF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-dns-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1667-1 Rating: moderate References: #976286 #976643 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-dns-server fixes the following issues: - Keep non-ACL items in allow-transfer AKA Enable Zone Transport. (bsc#976643) - Fix parsing 'keyword{value;};' (no spaces) in named.conf. (bsc#976643) - Fix handling of trailing spaces in named.conf. (bsc#976643) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-992=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): yast2-dns-server-3.1.17.1-3.3 References: https://bugzilla.suse.com/976286 https://bugzilla.suse.com/976643 From sle-updates at lists.suse.com Thu Jun 23 11:07:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Jun 2016 19:07:53 +0200 (CEST) Subject: SUSE-RU-2016:1668-1: Recommended update for several openstack components Message-ID: <20160623170753.19C33FF6C@maintenance.suse.de> SUSE Recommended Update: Recommended update for several openstack components ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1668-1 Rating: low References: #955786 #974001 #979625 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides the latest code from OpenStack Liberty and ensures that cinder-, glance-, heat-, manila-, nova- and trove-services are started before openstack-keystone (bsc#955786). Additionally the following issues have been fixed. openstack-cinder: - Activate sparse copy for Netapp (bsc#974001) openstack-dashboard: - Removes instance ID from create volume snapshot (lp#1039080) - Changes volume id to name in volume snapshot (lp#1039082) - Update openrc.sh to work with latest novaclient (lp#951919) - Implementing instance count field in launch form (lp#905061) openstack-heat: - Remove containers on delete (lp#1364019) - Enable Ceilometer client to work with Keystone API v3 (bsc#979625) openstack-neutron-fwaas: - Make all tox targets constrained openstack-neutron-lbaas: - Update iniparser.py to accept empty value (lp#1025526) openstack-neutron-vpnaas: - Update iniparser.py to accept empty value (lp#1025526) openstack-neutron-zvm-agent: - Make enhancement for zvm-agent log for tracking issue more easily - Fix pep8 issue recently introduced by neutron - Add missing dependency on openstack-neutron openstack-nova: - Janitorial: Catch rpc up with a change in common (lp#999928) - Fix network manager init floating ip problem (lp#968019) - Smarter default scheduler (lp#821252) openstack-nova-virt-zvm: - Fix SLES11 image deployment python-networking-cisco: - Use public method execute() for client extension - Attribute nve_src_intf causing bad behavior python-networking-hyperv: - Switch to post-versioning Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-993=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-cinder-7.0.2~a0~dev58-4.3 openstack-cinder-api-7.0.2~a0~dev58-4.3 openstack-cinder-backup-7.0.2~a0~dev58-4.3 openstack-cinder-doc-7.0.2~a0~dev58-4.7 openstack-cinder-scheduler-7.0.2~a0~dev58-4.3 openstack-cinder-volume-7.0.2~a0~dev58-4.3 openstack-dashboard-8.0.2~a0~dev29-5.2 openstack-glance-11.0.2~a0~dev11-4.1 openstack-glance-doc-11.0.2~a0~dev11-4.1 openstack-heat-5.0.2~a0~dev77-6.3 openstack-heat-api-5.0.2~a0~dev77-6.3 openstack-heat-api-cfn-5.0.2~a0~dev77-6.3 openstack-heat-api-cloudwatch-5.0.2~a0~dev77-6.3 openstack-heat-doc-5.0.2~a0~dev77-6.7 openstack-heat-engine-5.0.2~a0~dev77-6.3 openstack-heat-plugin-heat_docker-5.0.2~a0~dev77-6.3 openstack-manila-1.0.2~a0~dev9-6.1 openstack-manila-api-1.0.2~a0~dev9-6.1 openstack-manila-doc-1.0.2~a0~dev9-6.3 openstack-manila-scheduler-1.0.2~a0~dev9-6.1 openstack-manila-share-1.0.2~a0~dev9-6.1 openstack-neutron-fwaas-7.0.3~a0~dev1-3.1 openstack-neutron-fwaas-doc-7.0.3~a0~dev1-3.1 openstack-neutron-lbaas-7.0.5~a0~dev6-3.1 openstack-neutron-lbaas-agent-7.0.5~a0~dev6-3.1 openstack-neutron-lbaas-doc-7.0.5~a0~dev6-3.1 openstack-neutron-vpn-agent-7.0.5~a0~dev1-3.1 openstack-neutron-vpnaas-7.0.5~a0~dev1-3.1 openstack-neutron-vpnaas-doc-7.0.5~a0~dev1-3.1 openstack-neutron-zvm-agent-5.0.1~a0~dev2-3.1 openstack-nova-12.0.4~a0~dev6-4.3 openstack-nova-api-12.0.4~a0~dev6-4.3 openstack-nova-cells-12.0.4~a0~dev6-4.3 openstack-nova-cert-12.0.4~a0~dev6-4.3 openstack-nova-compute-12.0.4~a0~dev6-4.3 openstack-nova-conductor-12.0.4~a0~dev6-4.3 openstack-nova-console-12.0.4~a0~dev6-4.3 openstack-nova-consoleauth-12.0.4~a0~dev6-4.3 openstack-nova-doc-12.0.4~a0~dev6-4.1 openstack-nova-novncproxy-12.0.4~a0~dev6-4.3 openstack-nova-objectstore-12.0.4~a0~dev6-4.3 openstack-nova-scheduler-12.0.4~a0~dev6-4.3 openstack-nova-serialproxy-12.0.4~a0~dev6-4.3 openstack-nova-virt-zvm-5.0.1~a0~dev2-4.1 openstack-nova-vncproxy-12.0.4~a0~dev6-4.3 openstack-trove-4.0.1~a0~dev17-5.1 openstack-trove-api-4.0.1~a0~dev17-5.1 openstack-trove-conductor-4.0.1~a0~dev17-5.1 openstack-trove-doc-4.0.1~a0~dev17-5.1 openstack-trove-guestagent-4.0.1~a0~dev17-5.1 openstack-trove-taskmanager-4.0.1~a0~dev17-5.1 python-cinder-7.0.2~a0~dev58-4.3 python-glance-11.0.2~a0~dev11-4.1 python-heat-5.0.2~a0~dev77-6.3 python-horizon-8.0.2~a0~dev29-5.2 python-manila-1.0.2~a0~dev9-6.1 python-networking-cisco-2.0.1~a0~dev13-3.1 python-networking-hyperv-2015.1.1~a0~dev40-3.1 python-neutron-fwaas-7.0.3~a0~dev1-3.1 python-neutron-lbaas-7.0.5~a0~dev6-3.1 python-neutron-vpnaas-7.0.5~a0~dev1-3.1 python-nova-12.0.4~a0~dev6-4.3 python-trove-4.0.1~a0~dev17-5.1 References: https://bugzilla.suse.com/955786 https://bugzilla.suse.com/974001 https://bugzilla.suse.com/979625 From sle-updates at lists.suse.com Fri Jun 24 08:09:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2016 16:09:52 +0200 (CEST) Subject: SUSE-SU-2016:1672-1: important: Security update for the Linux Kernel Message-ID: <20160624140952.933A2FF71@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1672-1 Rating: important References: #676471 #866130 #898592 #936530 #940413 #944309 #946122 #949752 #953369 #956491 #956852 #957986 #957988 #957990 #959381 #960458 #960857 #961512 #961518 #963762 #963998 #965319 #965860 #965923 #966245 #967863 #967914 #968010 #968018 #968141 #968500 #968566 #968670 #968687 #969149 #969391 #969571 #970114 #970504 #970892 #970909 #970911 #970948 #970956 #970958 #970970 #971124 #971125 #971126 #971360 #971433 #971446 #971729 #971944 #971947 #971989 #972363 #973237 #973378 #973556 #973570 #974646 #974787 #975358 #975772 #975945 #976739 #976868 #978401 #978821 #978822 #979213 #979274 #979347 #979419 #979548 #979595 #979867 #979879 #980371 #980725 #980788 #980931 #981231 #981267 #982532 #982691 #983143 #983213 #984107 Cross-References: CVE-2015-7566 CVE-2015-8816 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2187 CVE-2016-2188 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913 CVE-2016-5244 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 29 vulnerabilities and has 61 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Notable changes in this kernel: - It is now possible to mount a NFS export on the exporting host directly. The following security bugs were fixed: - CVE-2016-5244: A kernel information leak in rds_inc_info_copy was fixed that could leak kernel stack memory to userspace (bsc#983213). - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacked a bulk-out endpoint (bnc#961512). The following non-security bugs were fixed: - acpi / PCI: Account for ARI in _PRT lookups (bsc#968566). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - alsa: hrtimer: Handle start/stop more properly (bsc#973378). - alsa: oxygen: add Xonar DGX support (bsc#982691). - alsa: pcm: Fix potential deadlock in OSS emulation (bsc#968018). - alsa: rawmidi: Fix race at copying and updating the position (bsc#968018). - alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018). - alsa: seq: Fix double port list deletion (bsc#968018). - alsa: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018). - alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018). - alsa: seq: Fix lockdep warnings due to double mutex locks (bsc#968018). - alsa: seq: Fix race at closing in virmidi driver (bsc#968018). - alsa: seq: Fix yet another races among ALSA timer accesses (bsc#968018). - alsa: timer: Call notifier in the same spinlock (bsc#973378). - alsa: timer: Code cleanup (bsc#968018). - alsa: timer: Fix leftover link at closing (bsc#968018). - alsa: timer: Fix link corruption due to double start or stop (bsc#968018). - alsa: timer: Fix race between stop and interrupt (bsc#968018). - alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018). - alsa: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - alsa: timer: Sync timer deletion at closing the system timer (bsc#973378). - alsa: timer: Use mod_timer() for rearming the system timer (bsc#973378). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671). - dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752). - Delete patches.drivers/nvme-0165-Split-header-file-into-user-visible-and-kernel-.p atch. SLE11-SP4 does not have uapi headers so move everything back to the original header (bnc#981231) - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739). - enic: set netdev->vlan_features (bsc#966245). - fcoe: fix reset of fip selection time (bsc#974787). - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - fs, seqfile: always allow oom killer (bnc#968687). - fs/seq_file: fallback to vmalloc allocation (bnc#968687). - fs, seq_file: fallback to vmalloc instead of oom kill processes (bnc#968687). - hid-elo: kill not flush the work (bnc#982532). - hpsa: fix issues with multilun devices (bsc#959381). - hv: Assign correct ->can_queue value in hv_storvsc (bnc#969391) - ibmvscsi: Remove unsupported host config MAD (bsc#973556). - Import kabi files from kernel 3.0.101-71 - iommu/vt-d: Improve fault handler error messages (bsc#975772). - iommu/vt-d: Ratelimit fault handler (bsc#975772). - ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits (bsc#967914). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipv4: fix ineffective source address selection (bsc#980788). - ipv6: make fib6 serial number per namespace (bsc#965319). - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852). - ipv6: per netns fib6 walkers (bsc#965319). - ipv6: per netns FIB garbage collection (bsc#965319). - ipv6: replace global gc_args with local variable (bsc#965319). - ipvs: count pre-established TCP states as active (bsc#970114). - isofs: Revert "get_rock_ridge_filename(): handle malformed NM entries" This reverts commit cb6ce3ec7a964e56da9ba9cd3c9f0e708b5c3b2c. It should have never landed in the tree (we already have the patch via c63531c60ff that came through CVE branch), but I messed up the merge. - kabi, fs/seq_file: fallback to vmalloc allocation (bnc#968687). - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319). - KVM: x86: fix maintenance of guest/host xcr0 state (bsc#961518). - llist: Add llist_next(). - make vfree() safe to call from interrupt contexts . - memcg: do not hang on OOM when killed by userspace OOM access to memory reserves (bnc#969571). - mld, igmp: Fix reserved tailroom calculation (bsc#956852). - mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446). - mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - mm/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#956491). - net/core: dev_mc_sync_multiple calls wrong helper (bsc#971433). - net/core: __hw_addr_create_ex does not initialize sync_cnt (bsc#971433). - net/core: __hw_addr_sync_one / _multiple broken (bsc#971433). - net/core: __hw_addr_unsync_one "from" address not marked synced (bsc#971433). - NFS4: treat lock owners as opaque values (bnc#968141). - NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#956491). - NFS: avoid waiting at all in nfs_release_page when congested (bsc#956491). - NFSd4: return nfserr_symlink on v4 OPEN of non-regular file (bsc#973237). - NFSd: do not fail unchecked creates of non-special files (bsc#973237). - NFS: Do not attempt to decode missing directory entries (bsc#980931). - nfs: fix memory corruption rooted in get_ih_name pointer math (bsc#984107). - NFS: reduce access cache shrinker locking (bnc#866130). - NFS: use smaller allocations for 'struct idmap' (bsc#965923). - NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595). - nfsv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595). - nvme: fix max_segments integer truncation (bsc#676471). - NVMe: Unify controller probe and resume (bsc#979347). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990). - pciback: Save the number of MSI-X entries to be copied later (bsc#957988). - PCI: Move pci_ari_enabled() to global header (bsc#968566). - RDMA/ucma: Fix AB-BA deadlock (bsc#963998). - Restore kabi after lock-owner change (bnc#968141). - rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 855c7ce885fd412ce2a25ccc12a46e565c83f235. - s390/dasd: prevent incorrect length error under z/VM after PAV changes (bnc#968500, LTC#136670). - s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413). - s390/pci: add extra padding to function measurement block (bnc#968500, LTC#139445). - s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#968500, LTC#139401). - s390/pci_dma: handle dma table failures (bnc#968500, LTC#139442). - s390/pci_dma: improve debugging of errors during dma map (bnc#968500, LTC#139442). - s390/pci_dma: unify label of invalid translation table entries (bnc#968500, LTC#139442). - s390/pci: enforce fmb page boundary rule (bnc#968500, LTC#139445). - s390/pci: extract software counters from fmb (bnc#968500, LTC#139445). - s390/pci: remove pdev pointer from arch data (bnc#968500, LTC#139444). - s390/spinlock: avoid yield to non existent cpu (bnc#968500, LTC#141106). - scsi_dh_alua: Do not block request queue if workqueue is active (bsc#960458). - SCSI: Increase REPORT_LUNS timeout (bsc#971989). - SCSI mpt2sas: Rearrange the the code so that the completion queues are initialized prior to sending the request to controller firmware (bsc#967863). - skb: Add inline helper for getting the skb end offset from head (bsc#956852). - tcp: avoid order-1 allocations on wifi and tx path (bsc#956852). - tcp: fix skb_availroom() (bsc#956852). - Tidy series.conf, p5 Only one last patch which can be moved easily. There are some more x86-related things left at the end but moving them won't be that trivial. - Update patches.drivers/nvme-0265-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.fixes/bnx2x-Alloc-4k-fragment-for-each-rx-ring-buffer-elem.patch (bsc#953369 bsc#975358). - Update PCI VPD size patch to upstream: - PCI: Determine actual VPD size on first access (bsc#971729). - PCI: Update VPD definitions (bsc#971729). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - veth: do not modify ip_summed (bsc#969149). - vgaarb: Add more context to error messages (bsc#976868). - virtio_scsi: Implement eh_timed_out callback (bsc#936530). - vmxnet3: set carrier state properly on probe (bsc#972363). - vmxnet3: set netdev parant device before calling netdev_info (bsc#972363). - x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518). - x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518). - xfrm: do not segment UFO packets (bsc#946122). - xfs: fix sgid inheritance for subdirectories inheriting default acls [V3] (bsc#965860). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#898592). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-source-12631=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-source-12631=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-12631=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-12631=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-77.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-77.1 kernel-default-base-3.0.101-77.1 kernel-default-devel-3.0.101-77.1 kernel-source-3.0.101-77.1 kernel-syms-3.0.101-77.1 kernel-trace-3.0.101-77.1 kernel-trace-base-3.0.101-77.1 kernel-trace-devel-3.0.101-77.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-77.1 kernel-ec2-base-3.0.101-77.1 kernel-ec2-devel-3.0.101-77.1 kernel-xen-3.0.101-77.1 kernel-xen-base-3.0.101-77.1 kernel-xen-devel-3.0.101-77.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-ppc64-3.0.101-77.1 kernel-ppc64-base-3.0.101-77.1 kernel-ppc64-devel-3.0.101-77.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-77.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-77.1 kernel-pae-base-3.0.101-77.1 kernel-pae-devel-3.0.101-77.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-77.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-77.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-77.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-77.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-77.1 kernel-default-debugsource-3.0.101-77.1 kernel-trace-debuginfo-3.0.101-77.1 kernel-trace-debugsource-3.0.101-77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-77.1 kernel-trace-devel-debuginfo-3.0.101-77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-77.1 kernel-ec2-debugsource-3.0.101-77.1 kernel-xen-debuginfo-3.0.101-77.1 kernel-xen-debugsource-3.0.101-77.1 kernel-xen-devel-debuginfo-3.0.101-77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-ppc64-debuginfo-3.0.101-77.1 kernel-ppc64-debugsource-3.0.101-77.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-77.1 kernel-pae-debugsource-3.0.101-77.1 kernel-pae-devel-debuginfo-3.0.101-77.1 References: https://www.suse.com/security/cve/CVE-2015-7566.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-2143.html https://www.suse.com/security/cve/CVE-2016-2184.html https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2187.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2782.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3139.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4485.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4580.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4913.html https://www.suse.com/security/cve/CVE-2016-5244.html https://bugzilla.suse.com/676471 https://bugzilla.suse.com/866130 https://bugzilla.suse.com/898592 https://bugzilla.suse.com/936530 https://bugzilla.suse.com/940413 https://bugzilla.suse.com/944309 https://bugzilla.suse.com/946122 https://bugzilla.suse.com/949752 https://bugzilla.suse.com/953369 https://bugzilla.suse.com/956491 https://bugzilla.suse.com/956852 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/959381 https://bugzilla.suse.com/960458 https://bugzilla.suse.com/960857 https://bugzilla.suse.com/961512 https://bugzilla.suse.com/961518 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/963998 https://bugzilla.suse.com/965319 https://bugzilla.suse.com/965860 https://bugzilla.suse.com/965923 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/967863 https://bugzilla.suse.com/967914 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/968018 https://bugzilla.suse.com/968141 https://bugzilla.suse.com/968500 https://bugzilla.suse.com/968566 https://bugzilla.suse.com/968670 https://bugzilla.suse.com/968687 https://bugzilla.suse.com/969149 https://bugzilla.suse.com/969391 https://bugzilla.suse.com/969571 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/970504 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970909 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971125 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971433 https://bugzilla.suse.com/971446 https://bugzilla.suse.com/971729 https://bugzilla.suse.com/971944 https://bugzilla.suse.com/971947 https://bugzilla.suse.com/971989 https://bugzilla.suse.com/972363 https://bugzilla.suse.com/973237 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973556 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/974646 https://bugzilla.suse.com/974787 https://bugzilla.suse.com/975358 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/975945 https://bugzilla.suse.com/976739 https://bugzilla.suse.com/976868 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978821 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979274 https://bugzilla.suse.com/979347 https://bugzilla.suse.com/979419 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979595 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980725 https://bugzilla.suse.com/980788 https://bugzilla.suse.com/980931 https://bugzilla.suse.com/981231 https://bugzilla.suse.com/981267 https://bugzilla.suse.com/982532 https://bugzilla.suse.com/982691 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/984107 From sle-updates at lists.suse.com Fri Jun 24 10:08:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2016 18:08:23 +0200 (CEST) Subject: SUSE-RU-2016:1680-1: moderate: Recommended update for bind Message-ID: <20160624160823.7B89FFF6E@maintenance.suse.de> SUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1680-1 Rating: moderate References: #908850 #977657 #983505 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The BIND DNS server was updated to version 9.9.9-P1, which brings fixes and enhancements. One new feature has been implemented: - Add quotas to be used in recursive resolvers that are under high query load for names in zones whose authoritative servers are non-responsive or are experiencing a denial of service attack. (fate#320694) The following fixes are also included in the update: - Make /var/lib/named owned by the named user. (bsc#908850) - Add systemd service macros. (bsc#977657) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-996=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-996=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-996=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-43.1 bind-debugsource-9.9.9P1-43.1 bind-devel-9.9.9P1-43.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): bind-9.9.9P1-43.1 bind-chrootenv-9.9.9P1-43.1 bind-debuginfo-9.9.9P1-43.1 bind-debugsource-9.9.9P1-43.1 bind-libs-9.9.9P1-43.1 bind-libs-debuginfo-9.9.9P1-43.1 bind-utils-9.9.9P1-43.1 bind-utils-debuginfo-9.9.9P1-43.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): bind-libs-32bit-9.9.9P1-43.1 bind-libs-debuginfo-32bit-9.9.9P1-43.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): bind-doc-9.9.9P1-43.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): bind-debuginfo-9.9.9P1-43.1 bind-debugsource-9.9.9P1-43.1 bind-libs-32bit-9.9.9P1-43.1 bind-libs-9.9.9P1-43.1 bind-libs-debuginfo-32bit-9.9.9P1-43.1 bind-libs-debuginfo-9.9.9P1-43.1 bind-utils-9.9.9P1-43.1 bind-utils-debuginfo-9.9.9P1-43.1 References: https://bugzilla.suse.com/908850 https://bugzilla.suse.com/977657 https://bugzilla.suse.com/983505 From sle-updates at lists.suse.com Fri Jun 24 10:09:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2016 18:09:05 +0200 (CEST) Subject: SUSE-RU-2016:1681-1: moderate: Recommended update for bind Message-ID: <20160624160905.6B11DFFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1681-1 Rating: moderate References: #908850 #977657 #983505 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The BIND DNS server was updated to version 9.9.9-P1, which brings fixes and enhancements. One new feature has been implemented: - Add quotas to be used in recursive resolvers that are under high query load for names in zones whose authoritative servers are non-responsive or are experiencing a denial of service attack. (fate#320694) The following fixes are also included in the update: - Make /var/lib/named owned by the named user. (bsc#908850) - Add systemd service macros. (bsc#977657) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-997=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-997=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-997=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-28.17.1 bind-debugsource-9.9.9P1-28.17.1 bind-devel-9.9.9P1-28.17.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bind-9.9.9P1-28.17.1 bind-chrootenv-9.9.9P1-28.17.1 bind-debuginfo-9.9.9P1-28.17.1 bind-debugsource-9.9.9P1-28.17.1 bind-libs-9.9.9P1-28.17.1 bind-libs-debuginfo-9.9.9P1-28.17.1 bind-utils-9.9.9P1-28.17.1 bind-utils-debuginfo-9.9.9P1-28.17.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): bind-libs-32bit-9.9.9P1-28.17.1 bind-libs-debuginfo-32bit-9.9.9P1-28.17.1 - SUSE Linux Enterprise Server 12 (noarch): bind-doc-9.9.9P1-28.17.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bind-debuginfo-9.9.9P1-28.17.1 bind-debugsource-9.9.9P1-28.17.1 bind-libs-32bit-9.9.9P1-28.17.1 bind-libs-9.9.9P1-28.17.1 bind-libs-debuginfo-32bit-9.9.9P1-28.17.1 bind-libs-debuginfo-9.9.9P1-28.17.1 bind-utils-9.9.9P1-28.17.1 bind-utils-debuginfo-9.9.9P1-28.17.1 References: https://bugzilla.suse.com/908850 https://bugzilla.suse.com/977657 https://bugzilla.suse.com/983505 From sle-updates at lists.suse.com Fri Jun 24 10:09:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Jun 2016 18:09:48 +0200 (CEST) Subject: SUSE-RU-2016:1682-1: moderate: Recommended update for xfsprogs Message-ID: <20160624160948.92063FFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1682-1 Rating: moderate References: #966084 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xfsprogs provides the following fixes: - Adjust superblock buffers to be sector sized. This fixes a potential crash in xfs_repair. (bsc#966084) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xfsprogs-12632=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xfsprogs-12632=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xfsprogs-12632=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xfsprogs-devel-3.1.8-0.10.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xfsprogs-3.1.8-0.10.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xfsprogs-debuginfo-3.1.8-0.10.2 xfsprogs-debugsource-3.1.8-0.10.2 References: https://bugzilla.suse.com/966084 From sle-updates at lists.suse.com Mon Jun 27 11:07:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jun 2016 19:07:55 +0200 (CEST) Subject: SUSE-SU-2016:1690-1: important: Security update for the Linux Kernel Message-ID: <20160627170755.2EEA3FF91@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1690-1 Rating: important References: #676471 #880007 #889207 #899908 #903279 #928547 #931448 #940413 #943989 #944309 #945345 #947337 #953233 #954847 #956491 #956852 #957805 #957986 #960857 #962336 #962846 #962872 #963193 #963572 #963762 #964461 #964727 #965319 #966054 #966245 #966573 #966831 #967251 #967292 #967299 #967903 #968010 #968141 #968448 #968512 #968667 #968670 #968687 #968812 #968813 #969439 #969571 #969655 #969690 #969735 #969992 #969993 #970062 #970114 #970504 #970506 #970604 #970892 #970909 #970911 #970948 #970955 #970956 #970958 #970970 #971049 #971124 #971125 #971126 #971159 #971170 #971360 #971600 #971628 #971947 #972003 #972174 #972844 #972891 #972933 #972951 #973378 #973556 #973570 #973855 #974165 #974308 #974406 #974418 #974646 #975371 #975488 #975533 #975945 #976739 #976868 #977582 #977685 #978401 #978822 #979169 #979213 #979419 #979485 #979548 #979867 #979879 #980348 #980371 #981143 #981344 #982354 #982698 #983213 #983318 #983394 #983904 #984456 Cross-References: CVE-2014-9717 CVE-2015-8816 CVE-2015-8845 CVE-2016-0758 CVE-2016-2053 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2782 CVE-2016-2847 CVE-2016-3134 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-3672 CVE-2016-3689 CVE-2016-3951 CVE-2016-4482 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4805 CVE-2016-5244 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 29 vulnerabilities and has 89 fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to 3.12.60 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system called without verifying that the MNT_LOCKED flag is unset, which allowed local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace (bnc#928547). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975533). - CVE-2016-0758: Fix ASN.1 indefinite length object parsing (bsc#979867). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. (bnc#970504) - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandled destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628). - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-5244: Fixed an infoleak in rds_inc_info_copy (bsc#983213). The following non-security bugs were fixed: - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - ALSA: timer: Call notifier in the same spinlock (bsc#973378). - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378). - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378). - Btrfs-8394-qgroup-Account-data-space-in-more-proper-timin.patch: (bsc#963193). - Btrfs: do not collect ordered extents when logging that inode exists (bsc#977685). - Btrfs: do not use src fd for printk (bsc#980348). - Btrfs: fix deadlock between direct IO reads and buffered writes (bsc#973855). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#977685). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#977685). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#977685). - Btrfs: fix for incorrect directory entries after fsync log replay (bsc#957805, bsc#977685). - Btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844). - Btrfs: fix race between fsync and lockless direct IO writes (bsc#977685). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#977685). - Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951). - Btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#969439). - Btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933). - Btrfs: qgroup: return EINVAL if level of parent is not higher than child's (bsc#972951). - Btrfs: teach backref walking about backrefs with underflowed offset values (bsc#975371). - CacheFiles: Fix incorrect test for in-memory object collision (bsc#971049). - CacheFiles: Handle object being killed before being set up (bsc#971049). - Ceph: Remove racey watch/notify event infrastructure (bsc#964727) - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739). - FS-Cache: Add missing initialization of ret in cachefiles_write_page() (bsc#971049). - FS-Cache: Count culled objects and objects rejected due to lack of space (bsc#971049). - FS-Cache: Fix cancellation of in-progress operation (bsc#971049). - FS-Cache: Handle a new operation submitted against a killed object (bsc#971049). - FS-Cache: Move fscache_report_unexpected_submission() to make it more available (bsc#971049). - FS-Cache: Out of line fscache_operation_init() (bsc#971049). - FS-Cache: Permit fscache_cancel_op() to cancel in-progress operations too (bsc#971049). - FS-Cache: Put an aborted initialised op so that it is accounted correctly (bsc#971049). - FS-Cache: Reduce cookie ref count if submit fails (bsc#971049). - FS-Cache: Synchronise object death state change vs operation submission (bsc#971049). - FS-Cache: The operation cancellation method needs calling in more places (bsc#971049). - FS-Cache: Timeout for releasepage() (bsc#971049). - FS-Cache: When submitting an op, cancel it if the target object is dying (bsc#971049). - FS-Cache: fscache_object_is_dead() has wrong logic, kill it (bsc#971049). - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - Fix kabi issue (bsc#971049). - Fix kmalloc overflow in LPFC driver at large core count (bsc#969690). - Fix problem with setting ACL on directories (bsc#967251). - Input: i8042 - lower log level for "no controller" message (bsc#945345). - KVM: SVM: add rdmsr support for AMD event registers (bsc#968448). - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491). - NFSv4.1: do not use machine credentials for CLOSE when using "sec=sys" (bsc#972003). - PCI/AER: Fix aer_inject error codes (bsc#931448). - PCI/AER: Log actual error causes in aer_inject (bsc#931448). - PCI/AER: Log aer_inject error injections (bsc#931448). - PCI/AER: Use dev_warn() in aer_inject (bsc#931448). - Revert "libata: Align ata_device's id on a cacheline". - Revert "net/ipv6: add sysctl option accept_ra_min_hop_limit". - USB: quirk to stop runtime PM for Intel 7260 (bnc#984456). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982698). - Update patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference. - Update patches.drivers/drm-ast-Initialize-data-needed-to-map-fbdev-memory.patch (bnc#880007). Fix refs and upstream status. - Update patches.kernel.org/patch-3.12.55-56 references (add bsc#973570). - Update patches.suse/kgr-0102-add-TAINT_KGRAFT.patch (bsc#974406). - acpi: Disable ACPI table override when UEFI Secure Boot is enabled (bsc#970604). - acpi: Disable APEI error injection if securelevel is set (bsc#972891). - cachefiles: perform test on s_blocksize when opening cache file (bsc#971049). - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - dmapi: fix dm_open_by_handle_rvp taking an extra ref to mnt (bsc#967292). - drm/core: Preserve the framebuffer after removing it (bsc#968812). - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904). - drm/mgag200: Add support for a new rev of G200e (bsc#983904). - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904). - drm/mgag200: remove unused variables (bsc#983904). - drm/radeon: fix-up some float to fixed conversion thinkos (bsc#968813). - drm/radeon: use HDP_MEM_COHERENCY_FLUSH_CNTL for sdma as well (bsc#968813). - drm: qxl: Workaround for buggy user-space (bsc#981344). - efifb: Fix 16 color palette entry calculation (bsc#983318). - ehci-pci: enable interrupt on BayTrail (bnc#947337). - enic: set netdev->vlan_features (bsc#966245). - ext4: fix races between page faults and hole punching (bsc#972174). - ext4: fix races of writeback with punch hole and zero range (bsc#972174). - fix: print ext4 mountopt data_err=abort correctly (bsc#969735). - fs, seq_file: fallback to vmalloc instead of oom kill processes (bnc#968687). - fs, seqfile: always allow oom killer (bnc#968687). - fs/pipe.c: skip file_update_time on frozen fs (bsc#975488). - hid-elo: kill not flush the work (bnc#982354). - ibmvscsi: Remove unsupported host config MAD (bsc#973556). - ipv6: make fib6 serial number per namespace (bsc#965319). - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852). - ipv6: per netns FIB garbage collection (bsc#965319). - ipv6: per netns fib6 walkers (bsc#965319). - ipv6: replace global gc_args with local variable (bsc#965319). - ipvs: count pre-established TCP states as active (bsc#970114). - kABI: kgr: fix subtle race with kgr_module_init(), going notifier and kgr_modify_kernel(). - kABI: protect enum enclosure_component_type. - kABI: protect function file_open_root. - kABI: protect include in evm. - kABI: protect struct dm_exception_store_type. - kABI: protect struct fib_nh_exception. - kABI: protect struct module. - kABI: protect struct rq. - kABI: protect struct sched_class. - kABI: protect struct scm_creds. - kABI: protect struct user_struct. - kABI: protect struct user_struct. - kabi fix for patches.fixes/reduce-m_start-cost (bsc#966573). - kabi/severities: Whitelist libceph and rbd (bsc#964727). - kabi: kgr, add reserved fields - kabi: protect struct fc_rport_priv (bsc#953233, bsc#962846). - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319). - kgr: add TAINT_KGRAFT - kgr: add kgraft annotation to hwrng kthread. - kgr: add kgraft annotations to kthreads' wait_event_freezable() API calls. - kgr: add objname to kgr_patch_fun struct. - kgr: add sympos and objname to error and debug messages. - kgr: add sympos as disambiguator field to kgr_patch_fun structure. - kgr: add sympos to sysfs. - kgr: call kgr_init_ftrace_ops() only for loaded objects. - kgr: change to kallsyms_on_each_symbol iterator. - kgr: define pr_fmt and modify all pr_* messages. - kgr: do not print error for !abort_if_missing symbols (bnc#943989). - kgr: do not return and print an error only if the object is not loaded. - kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572). - kgr: fix an asymmetric dealing with delayed module loading. - kgr: fix redirection on s390x arch (bsc#903279). - kgr: fix subtle race with kgr_module_init(), going notifier and kgr_modify_kernel(). - kgr: handle btrfs kthreads (bnc#889207). - kgr: kmemleak, really mark the kthread safe after an interrupt. - kgr: log when modifying kernel. - kgr: mark some more missed kthreads (bnc#962336). - kgr: remove abort_if_missing flag. - kgr: usb/storage: do not emit thread awakened (bnc#899908). - kgraft/gfs2: Do not block livepatching in the log daemon for too long. - kgraft/xen: Do not block livepatching in the XEN blkif kthread. - libfc: replace 'rp_mutex' with 'rp_lock' (bsc#953233, bsc#962846). - memcg: do not hang on OOM when killed by userspace OOM access to memory reserves (bnc#969571). - mld, igmp: Fix reserved tailroom calculation (bsc#956852). - mmc: Allow forward compatibility for eMMC (bnc#966054). - mmc: sdhci: Allow for irq being shared (bnc#977582). - net/qlge: Avoids recursive EEH error (bsc#954847). - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667). - net: Start with correct mac_len in skb_network_protocol (bsc#968667). - net: disable fragment reassembly if high_thresh is set to zero (bsc#970506). - net: fix wrong mac_len calculation for vlans (bsc#968667). - net: irda: Fix use-after-free in irtty_open() (bnc#967903). - nfs4: treat lock owners as opaque values (bnc#968141). - nfs: fix high load average due to callback thread sleeping (bsc#971170). - nfsd: fix nfsd_setattr return code for HSM (bsc#969992). - nvme: fix max_segments integer truncation (bsc#676471). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - perf, nmi: Fix unknown NMI warning (bsc#968512). - pipe: limit the per-user amount of pages allocated in pipes (bsc#970948). - rbd: do not log miscompare as an error (bsc#970062). - rbd: handle OBJ_REQUEST_SG types for copyup (bsc#983394). - rbd: report unsupported features to syslog (bsc#979169). - rbd: use GFP_NOIO consistently for request allocations (bsc#971159). - reduce m_start() cost.. (bsc#966573). - rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 6c6d86d3cdc26f7746fe4ba2bef8859b5aeb346c. - s390/pageattr: do a single TLB flush for change_page_attr (bsc#940413). - sched/x86: Fix up typo in topology detection (bsc#974165). - scsi: proper state checking and module refcount handling in scsi_device_get (boo#966831). - series.conf: move netfilter section at the end of core networking - supported.conf: Add bridge.ko for OpenStack (bsc#971600) - supported.conf: Add isofs to -base (bsc#969655). - supported.conf:Add drivers/infiniband/hw/ocrdma/ocrdma.ko to supported.conf (bsc#964461) - target/rbd: do not put snap_context twice (bsc#981143). - target/rbd: remove caw_mutex usage (bsc#981143). - target: Drop incorrect ABORT_TASK put for completed commands (bsc#962872). - target: Fix LUN_RESET active I/O handling for ACK_KREF (bsc#962872). - target: Fix LUN_RESET active TMR descriptor handling (bsc#962872). - target: Fix TAS handling for multi-session se_node_acls (bsc#962872). - target: Fix race with SCF_SEND_DELAYED_TAS handling (bsc#962872). - target: Fix remote-port TMR ABORT + se_cmd fabric stop (bsc#962872). - vgaarb: Add more context to error messages (bsc#976868). - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165). - x86/efi: parse_efi_setup() build fix (bsc#979485). - x86: standardize mmap_rnd() usage (bnc#974308). - xen/acpi: Disable ACPI table override when UEFI Secure Boot is enabled (bsc#970604). - xfs/dmapi: drop lock over synchronous XFS_SEND_DATA events (bsc#969993). - xfs/dmapi: propertly send postcreate event (bsc#967299). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-1001=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-1001=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-1001=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1001=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1001=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-1001=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.60-52.49.1 kernel-default-debugsource-3.12.60-52.49.1 kernel-default-extra-3.12.60-52.49.1 kernel-default-extra-debuginfo-3.12.60-52.49.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.60-52.49.1 kernel-obs-build-debugsource-3.12.60-52.49.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.60-52.49.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.60-52.49.1 kernel-default-base-3.12.60-52.49.1 kernel-default-base-debuginfo-3.12.60-52.49.1 kernel-default-debuginfo-3.12.60-52.49.1 kernel-default-debugsource-3.12.60-52.49.1 kernel-default-devel-3.12.60-52.49.1 kernel-syms-3.12.60-52.49.1 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.60-52.49.1 kernel-macros-3.12.60-52.49.1 kernel-source-3.12.60-52.49.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.60-52.49.1 kernel-xen-base-3.12.60-52.49.1 kernel-xen-base-debuginfo-3.12.60-52.49.1 kernel-xen-debuginfo-3.12.60-52.49.1 kernel-xen-debugsource-3.12.60-52.49.1 kernel-xen-devel-3.12.60-52.49.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.60-52.49.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.60-52.49.1 kernel-ec2-debuginfo-3.12.60-52.49.1 kernel-ec2-debugsource-3.12.60-52.49.1 kernel-ec2-devel-3.12.60-52.49.1 kernel-ec2-extra-3.12.60-52.49.1 kernel-ec2-extra-debuginfo-3.12.60-52.49.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_60-52_49-default-1-2.1 kgraft-patch-3_12_60-52_49-xen-1-2.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.60-52.49.1 kernel-default-debuginfo-3.12.60-52.49.1 kernel-default-debugsource-3.12.60-52.49.1 kernel-default-devel-3.12.60-52.49.1 kernel-default-extra-3.12.60-52.49.1 kernel-default-extra-debuginfo-3.12.60-52.49.1 kernel-syms-3.12.60-52.49.1 kernel-xen-3.12.60-52.49.1 kernel-xen-debuginfo-3.12.60-52.49.1 kernel-xen-debugsource-3.12.60-52.49.1 kernel-xen-devel-3.12.60-52.49.1 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.60-52.49.1 kernel-macros-3.12.60-52.49.1 kernel-source-3.12.60-52.49.1 References: https://www.suse.com/security/cve/CVE-2014-9717.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2015-8845.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-2143.html https://www.suse.com/security/cve/CVE-2016-2184.html https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2782.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3136.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3139.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-3672.html https://www.suse.com/security/cve/CVE-2016-3689.html https://www.suse.com/security/cve/CVE-2016-3951.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-5244.html https://bugzilla.suse.com/676471 https://bugzilla.suse.com/880007 https://bugzilla.suse.com/889207 https://bugzilla.suse.com/899908 https://bugzilla.suse.com/903279 https://bugzilla.suse.com/928547 https://bugzilla.suse.com/931448 https://bugzilla.suse.com/940413 https://bugzilla.suse.com/943989 https://bugzilla.suse.com/944309 https://bugzilla.suse.com/945345 https://bugzilla.suse.com/947337 https://bugzilla.suse.com/953233 https://bugzilla.suse.com/954847 https://bugzilla.suse.com/956491 https://bugzilla.suse.com/956852 https://bugzilla.suse.com/957805 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/960857 https://bugzilla.suse.com/962336 https://bugzilla.suse.com/962846 https://bugzilla.suse.com/962872 https://bugzilla.suse.com/963193 https://bugzilla.suse.com/963572 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/964461 https://bugzilla.suse.com/964727 https://bugzilla.suse.com/965319 https://bugzilla.suse.com/966054 https://bugzilla.suse.com/966245 https://bugzilla.suse.com/966573 https://bugzilla.suse.com/966831 https://bugzilla.suse.com/967251 https://bugzilla.suse.com/967292 https://bugzilla.suse.com/967299 https://bugzilla.suse.com/967903 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/968141 https://bugzilla.suse.com/968448 https://bugzilla.suse.com/968512 https://bugzilla.suse.com/968667 https://bugzilla.suse.com/968670 https://bugzilla.suse.com/968687 https://bugzilla.suse.com/968812 https://bugzilla.suse.com/968813 https://bugzilla.suse.com/969439 https://bugzilla.suse.com/969571 https://bugzilla.suse.com/969655 https://bugzilla.suse.com/969690 https://bugzilla.suse.com/969735 https://bugzilla.suse.com/969992 https://bugzilla.suse.com/969993 https://bugzilla.suse.com/970062 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/970504 https://bugzilla.suse.com/970506 https://bugzilla.suse.com/970604 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970909 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970955 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971049 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971125 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971159 https://bugzilla.suse.com/971170 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971600 https://bugzilla.suse.com/971628 https://bugzilla.suse.com/971947 https://bugzilla.suse.com/972003 https://bugzilla.suse.com/972174 https://bugzilla.suse.com/972844 https://bugzilla.suse.com/972891 https://bugzilla.suse.com/972933 https://bugzilla.suse.com/972951 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973556 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/973855 https://bugzilla.suse.com/974165 https://bugzilla.suse.com/974308 https://bugzilla.suse.com/974406 https://bugzilla.suse.com/974418 https://bugzilla.suse.com/974646 https://bugzilla.suse.com/975371 https://bugzilla.suse.com/975488 https://bugzilla.suse.com/975533 https://bugzilla.suse.com/975945 https://bugzilla.suse.com/976739 https://bugzilla.suse.com/976868 https://bugzilla.suse.com/977582 https://bugzilla.suse.com/977685 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979169 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979419 https://bugzilla.suse.com/979485 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/980348 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/981143 https://bugzilla.suse.com/981344 https://bugzilla.suse.com/982354 https://bugzilla.suse.com/982698 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/983318 https://bugzilla.suse.com/983394 https://bugzilla.suse.com/983904 https://bugzilla.suse.com/984456 From sle-updates at lists.suse.com Mon Jun 27 12:08:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jun 2016 20:08:28 +0200 (CEST) Subject: SUSE-SU-2016:1691-1: important: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr, mozilla-nss Message-ID: <20160627180828.B36E4FF91@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1691-1 Rating: important References: #982366 #983549 #983638 #983639 #983643 #983646 #983651 #983652 #983653 #983655 #984006 #984126 #985659 Cross-References: CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2831 CVE-2016-2834 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has four fixes is now available. Description: MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss and mozilla-nspr were updated to fix nine security issues. MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639). - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651). - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652). - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653). - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655). - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646). - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643). - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638) These non-security issues were fixed: - bsc#982366: Unknown SSL protocol error in connections - Fix crashes on aarch64 * Determine page size at runtime (bsc#984006) * Allow aarch64 to work in safe mode (bsc#985659) - Fix crashes on mainframes All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1003=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-1003=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1003=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-1003=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1003=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-1003=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.2.0esr-75.2 MozillaFirefox-debugsource-45.2.0esr-75.2 MozillaFirefox-devel-45.2.0esr-75.2 mozilla-nspr-debuginfo-4.12-15.2 mozilla-nspr-debugsource-4.12-15.2 mozilla-nspr-devel-4.12-15.2 mozilla-nss-debuginfo-3.21.1-46.2 mozilla-nss-debugsource-3.21.1-46.2 mozilla-nss-devel-3.21.1-46.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.2.0esr-75.2 MozillaFirefox-debugsource-45.2.0esr-75.2 MozillaFirefox-devel-45.2.0esr-75.2 mozilla-nspr-debuginfo-4.12-15.2 mozilla-nspr-debugsource-4.12-15.2 mozilla-nspr-devel-4.12-15.2 mozilla-nss-debuginfo-3.21.1-46.2 mozilla-nss-debugsource-3.21.1-46.2 mozilla-nss-devel-3.21.1-46.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.2.0esr-75.2 MozillaFirefox-branding-SLE-45.0-28.2 MozillaFirefox-debuginfo-45.2.0esr-75.2 MozillaFirefox-debugsource-45.2.0esr-75.2 MozillaFirefox-translations-45.2.0esr-75.2 libfreebl3-3.21.1-46.2 libfreebl3-debuginfo-3.21.1-46.2 libfreebl3-hmac-3.21.1-46.2 libsoftokn3-3.21.1-46.2 libsoftokn3-debuginfo-3.21.1-46.2 libsoftokn3-hmac-3.21.1-46.2 mozilla-nspr-4.12-15.2 mozilla-nspr-debuginfo-4.12-15.2 mozilla-nspr-debugsource-4.12-15.2 mozilla-nss-3.21.1-46.2 mozilla-nss-certs-3.21.1-46.2 mozilla-nss-certs-debuginfo-3.21.1-46.2 mozilla-nss-debuginfo-3.21.1-46.2 mozilla-nss-debugsource-3.21.1-46.2 mozilla-nss-sysinit-3.21.1-46.2 mozilla-nss-sysinit-debuginfo-3.21.1-46.2 mozilla-nss-tools-3.21.1-46.2 mozilla-nss-tools-debuginfo-3.21.1-46.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libfreebl3-32bit-3.21.1-46.2 libfreebl3-debuginfo-32bit-3.21.1-46.2 libfreebl3-hmac-32bit-3.21.1-46.2 libsoftokn3-32bit-3.21.1-46.2 libsoftokn3-debuginfo-32bit-3.21.1-46.2 libsoftokn3-hmac-32bit-3.21.1-46.2 mozilla-nspr-32bit-4.12-15.2 mozilla-nspr-debuginfo-32bit-4.12-15.2 mozilla-nss-32bit-3.21.1-46.2 mozilla-nss-certs-32bit-3.21.1-46.2 mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2 mozilla-nss-debuginfo-32bit-3.21.1-46.2 mozilla-nss-sysinit-32bit-3.21.1-46.2 mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-45.2.0esr-75.2 MozillaFirefox-branding-SLE-45.0-28.2 MozillaFirefox-debuginfo-45.2.0esr-75.2 MozillaFirefox-debugsource-45.2.0esr-75.2 MozillaFirefox-translations-45.2.0esr-75.2 libfreebl3-3.21.1-46.2 libfreebl3-debuginfo-3.21.1-46.2 libfreebl3-hmac-3.21.1-46.2 libsoftokn3-3.21.1-46.2 libsoftokn3-debuginfo-3.21.1-46.2 libsoftokn3-hmac-3.21.1-46.2 mozilla-nspr-4.12-15.2 mozilla-nspr-debuginfo-4.12-15.2 mozilla-nspr-debugsource-4.12-15.2 mozilla-nss-3.21.1-46.2 mozilla-nss-certs-3.21.1-46.2 mozilla-nss-certs-debuginfo-3.21.1-46.2 mozilla-nss-debuginfo-3.21.1-46.2 mozilla-nss-debugsource-3.21.1-46.2 mozilla-nss-sysinit-3.21.1-46.2 mozilla-nss-sysinit-debuginfo-3.21.1-46.2 mozilla-nss-tools-3.21.1-46.2 mozilla-nss-tools-debuginfo-3.21.1-46.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): libfreebl3-32bit-3.21.1-46.2 libfreebl3-debuginfo-32bit-3.21.1-46.2 libfreebl3-hmac-32bit-3.21.1-46.2 libsoftokn3-32bit-3.21.1-46.2 libsoftokn3-debuginfo-32bit-3.21.1-46.2 libsoftokn3-hmac-32bit-3.21.1-46.2 mozilla-nspr-32bit-4.12-15.2 mozilla-nspr-debuginfo-32bit-4.12-15.2 mozilla-nss-32bit-3.21.1-46.2 mozilla-nss-certs-32bit-3.21.1-46.2 mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2 mozilla-nss-debuginfo-32bit-3.21.1-46.2 mozilla-nss-sysinit-32bit-3.21.1-46.2 mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.2.0esr-75.2 MozillaFirefox-branding-SLE-45.0-28.2 MozillaFirefox-debuginfo-45.2.0esr-75.2 MozillaFirefox-debugsource-45.2.0esr-75.2 MozillaFirefox-translations-45.2.0esr-75.2 libfreebl3-3.21.1-46.2 libfreebl3-32bit-3.21.1-46.2 libfreebl3-debuginfo-3.21.1-46.2 libfreebl3-debuginfo-32bit-3.21.1-46.2 libsoftokn3-3.21.1-46.2 libsoftokn3-32bit-3.21.1-46.2 libsoftokn3-debuginfo-3.21.1-46.2 libsoftokn3-debuginfo-32bit-3.21.1-46.2 mozilla-nspr-32bit-4.12-15.2 mozilla-nspr-4.12-15.2 mozilla-nspr-debuginfo-32bit-4.12-15.2 mozilla-nspr-debuginfo-4.12-15.2 mozilla-nspr-debugsource-4.12-15.2 mozilla-nss-3.21.1-46.2 mozilla-nss-32bit-3.21.1-46.2 mozilla-nss-certs-3.21.1-46.2 mozilla-nss-certs-32bit-3.21.1-46.2 mozilla-nss-certs-debuginfo-3.21.1-46.2 mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2 mozilla-nss-debuginfo-3.21.1-46.2 mozilla-nss-debuginfo-32bit-3.21.1-46.2 mozilla-nss-debugsource-3.21.1-46.2 mozilla-nss-sysinit-3.21.1-46.2 mozilla-nss-sysinit-32bit-3.21.1-46.2 mozilla-nss-sysinit-debuginfo-3.21.1-46.2 mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2 mozilla-nss-tools-3.21.1-46.2 mozilla-nss-tools-debuginfo-3.21.1-46.2 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-45.2.0esr-75.2 MozillaFirefox-branding-SLE-45.0-28.2 MozillaFirefox-debuginfo-45.2.0esr-75.2 MozillaFirefox-debugsource-45.2.0esr-75.2 MozillaFirefox-translations-45.2.0esr-75.2 libfreebl3-3.21.1-46.2 libfreebl3-32bit-3.21.1-46.2 libfreebl3-debuginfo-3.21.1-46.2 libfreebl3-debuginfo-32bit-3.21.1-46.2 libsoftokn3-3.21.1-46.2 libsoftokn3-32bit-3.21.1-46.2 libsoftokn3-debuginfo-3.21.1-46.2 libsoftokn3-debuginfo-32bit-3.21.1-46.2 mozilla-nspr-32bit-4.12-15.2 mozilla-nspr-4.12-15.2 mozilla-nspr-debuginfo-32bit-4.12-15.2 mozilla-nspr-debuginfo-4.12-15.2 mozilla-nspr-debugsource-4.12-15.2 mozilla-nss-3.21.1-46.2 mozilla-nss-32bit-3.21.1-46.2 mozilla-nss-certs-3.21.1-46.2 mozilla-nss-certs-32bit-3.21.1-46.2 mozilla-nss-certs-debuginfo-3.21.1-46.2 mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2 mozilla-nss-debuginfo-3.21.1-46.2 mozilla-nss-debuginfo-32bit-3.21.1-46.2 mozilla-nss-debugsource-3.21.1-46.2 mozilla-nss-sysinit-3.21.1-46.2 mozilla-nss-sysinit-32bit-3.21.1-46.2 mozilla-nss-sysinit-debuginfo-3.21.1-46.2 mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2 mozilla-nss-tools-3.21.1-46.2 mozilla-nss-tools-debuginfo-3.21.1-46.2 References: https://www.suse.com/security/cve/CVE-2016-2815.html https://www.suse.com/security/cve/CVE-2016-2818.html https://www.suse.com/security/cve/CVE-2016-2819.html https://www.suse.com/security/cve/CVE-2016-2821.html https://www.suse.com/security/cve/CVE-2016-2822.html https://www.suse.com/security/cve/CVE-2016-2824.html https://www.suse.com/security/cve/CVE-2016-2828.html https://www.suse.com/security/cve/CVE-2016-2831.html https://www.suse.com/security/cve/CVE-2016-2834.html https://bugzilla.suse.com/982366 https://bugzilla.suse.com/983549 https://bugzilla.suse.com/983638 https://bugzilla.suse.com/983639 https://bugzilla.suse.com/983643 https://bugzilla.suse.com/983646 https://bugzilla.suse.com/983651 https://bugzilla.suse.com/983652 https://bugzilla.suse.com/983653 https://bugzilla.suse.com/983655 https://bugzilla.suse.com/984006 https://bugzilla.suse.com/984126 https://bugzilla.suse.com/985659 From sle-updates at lists.suse.com Mon Jun 27 12:10:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Jun 2016 20:10:54 +0200 (CEST) Subject: SUSE-SU-2016:1692-1: moderate: Security update for dhcp Message-ID: <20160627181054.A6909FFAD@maintenance.suse.de> SUSE Security Update: Security update for dhcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1692-1 Rating: moderate References: #969820 Cross-References: CVE-2016-2774 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dhcp fixes the following issues: - CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional (bsc#969820). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-1002=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-1002=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-1002=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): dhcp-debuginfo-4.2.6-14.6.1 dhcp-debugsource-4.2.6-14.6.1 dhcp-devel-4.2.6-14.6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): dhcp-4.2.6-14.6.1 dhcp-client-4.2.6-14.6.1 dhcp-client-debuginfo-4.2.6-14.6.1 dhcp-debuginfo-4.2.6-14.6.1 dhcp-debugsource-4.2.6-14.6.1 dhcp-relay-4.2.6-14.6.1 dhcp-relay-debuginfo-4.2.6-14.6.1 dhcp-server-4.2.6-14.6.1 dhcp-server-debuginfo-4.2.6-14.6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): dhcp-4.2.6-14.6.1 dhcp-client-4.2.6-14.6.1 dhcp-client-debuginfo-4.2.6-14.6.1 dhcp-debuginfo-4.2.6-14.6.1 dhcp-debugsource-4.2.6-14.6.1 References: https://www.suse.com/security/cve/CVE-2016-2774.html https://bugzilla.suse.com/969820 From sle-updates at lists.suse.com Tue Jun 28 08:08:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jun 2016 16:08:00 +0200 (CEST) Subject: SUSE-SU-2016:1696-1: important: Security update for the Linux Kernel Message-ID: <20160628140800.91DC6FFDE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1696-1 Rating: important References: #662458 #676471 #889207 #897662 #899908 #903279 #908151 #928547 #931448 #937086 #940413 #942262 #943989 #944309 #945345 #951844 #953233 #957805 #958390 #959514 #960857 #962336 #962846 #962872 #963572 #964461 #964727 #965319 #966054 #966573 #967640 #968497 #968687 #968812 #968813 #969016 #970604 #970609 #970892 #970911 #970948 #970955 #970956 #970958 #970970 #971049 #971124 #971126 #971159 #971170 #971600 #971628 #971793 #971947 #972003 #972068 #972174 #972780 #972844 #972891 #972951 #973378 #973556 #973855 #974418 #974646 #974692 #975371 #975488 #975772 #975945 #976739 #976821 #976868 #977582 #977685 #978401 #978527 #978822 #979213 #979347 #983143 Cross-References: CVE-2014-9717 CVE-2016-1583 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2847 CVE-2016-3134 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3689 CVE-2016-3951 CVE-2016-4482 CVE-2016-4486 CVE-2016-4569 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 66 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.59 to receive various security and bugfixes. Main feature additions: - Improved support for Clustered File System (CephFS, fate#318586). - Addition of kGraft patches now produces logging messages to simplify auditing (fate#317827). The following security bugs were fixed: - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allowed local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace (bnc#928547). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bsc#970948). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126 971793). - CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911 970970). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628). - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418). - CVE-2016-4482: Fixed information leak in devio (bnc#978401). - CVE-2016-4486: Fixed information leak in rtnetlink ( bsc#978822). - CVE-2016-4569: Fixed information leak in events via snd_timer_user_tinterrupt (bsc#979213). The following non-security bugs were fixed: - ALSA: timer: Call notifier in the same spinlock (bsc#973378). - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378). - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378). - Btrfs: do not collect ordered extents when logging that inode exists (bsc#977685). - Btrfs: do not return EBUSY on concurrent subvolume mounts (bsc#951844). - Btrfs: fix deadlock between direct IO reads and buffered writes (bsc#973855). - Btrfs: fix empty symlink after creating symlink and fsync parent dir (bsc#977685). - Btrfs: fix file loss on log replay after renaming a file and fsync (bsc#977685). - Btrfs: fix file/data loss caused by fsync after rename and new inode (bsc#977685). - Btrfs: fix for incorrect directory entries after fsync log replay (bsc#957805, bsc#977685). - Btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844). - Btrfs: fix race between fsync and lockless direct IO writes (bsc#977685). - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync (bsc#977685). - Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951). - Btrfs: qgroup: return EINVAL if level of parent is not higher than child's (bsc#972951). - Btrfs: teach backref walking about backrefs with underflowed offset values (bsc#975371). - CacheFiles: Fix incorrect test for in-memory object collision (bsc#971049). - CacheFiles: Handle object being killed before being set up (bsc#971049). - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739). - Drivers: hv: util: Pass the channel information during the init call (bnc#978527). - Drivers: hv: utils: Invoke the poll function after handshake (bnc#978527). - Drivers: hv: vmbus: Fix signaling logic in hv_need_to_signal_on_read(). - Export helper function to set irq affinity in pci-hyperv. - FS-Cache: Add missing initialization of ret in cachefiles_write_page() (bsc#971049). - FS-Cache: Count culled objects and objects rejected due to lack of space (bsc#971049). - FS-Cache: Fix cancellation of in-progress operation (bsc#971049). - FS-Cache: Handle a new operation submitted against a killed object (bsc#971049). - FS-Cache: Move fscache_report_unexpected_submission() to make it more available (bsc#971049). - FS-Cache: Out of line fscache_operation_init() (bsc#971049). - FS-Cache: Permit fscache_cancel_op() to cancel in-progress operations too (bsc#971049). - FS-Cache: Put an aborted initialised op so that it is accounted correctly (bsc#971049). - FS-Cache: Reduce cookie ref count if submit fails (bsc#971049). - FS-Cache: Synchronise object death state change vs operation submission (bsc#971049). - FS-Cache: The operation cancellation method needs calling in more places (bsc#971049). - FS-Cache: Timeout for releasepage() (bsc#971049). - FS-Cache: When submitting an op, cancel it if the target object is dying (bsc#971049). - FS-Cache: fscache_object_is_dead() has wrong logic, kill it (bsc#971049). - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - Fix kabi issue (bsc#971049). - Input: i8042 - lower log level for "no controller" message (bsc#945345). - NFSv4.1: do not use machine credentials for CLOSE when using 'sec=sys' (bsc#972003). - NVMe: Unify controller probe and resume (bsc#979347). - NVMe: init nvme queue before enabling irq (bsc#662458). - PCI/AER: Fix aer_inject error codes (bsc#931448). - PCI/AER: Log actual error causes in aer_inject (bsc#931448). - PCI/AER: Log aer_inject error injections (bsc#931448). - PCI/AER: Use dev_warn() in aer_inject (bsc#931448). - RDMA/ocrdma: Avoid reporting wrong completions in case of error CQEs (bsc#908151). - Revert "scsi: fix soft lockup in scsi_remove_target() on module removal" (bsc#970609). - SUNRPC: Fix large reads on NFS/RDMA (bsc#908151). - SUNRPC: remove KERN_INFO from dprintk() call sites (bsc#908151). - USB: usbip: fix potential out-of-bounds write (bnc#975945). - Use mainline variant of hyperv KVP IP failover patch (bnc#978527) - acpi: Disable ACPI table override when UEFI Secure Boot is enabled (bsc#970604). - acpi: Disable APEI error injection if securelevel is set (bsc#972891). - apparmor: Skip proc ns files (bsc#959514). - cachefiles: perform test on s_blocksize when opening cache file (bsc#971049). - ceph fscache: Introduce a routine for uncaching single no data page from fscache (). - ceph fscache: Uncaching no data page from fscache in readpage(). - ceph: Add fs/ceph as a supported module. - ceph: Asynchronous IO support. - ceph: Avoid to propagate the invalid page point. - ceph: Clean up if error occurred in finish_read(). - ceph: EIO all operations after forced umount. - ceph: Implement writev/pwritev for sync operation. - ceph: Remove racey watch/notify event infrastructure (bsc#964727) - ceph: Remove racey watch/notify event infrastructure (bsc#964727) - ceph: add acl for cephfs. - ceph: add acl, noacl options for cephfs mount. - ceph: add get_name() NFS export callback. - ceph: add get_parent() NFS export callback. - ceph: add imported caps when handling cap export message. - ceph: add inline data to pagecache. - ceph: add missing init_acl() for mkdir() and atomic_open(). - ceph: add open export target session helper. - ceph: add request to i_unsafe_dirops when getting unsafe reply. - ceph: additional debugfs output. - ceph: always re-send cap flushes when MDS recovers. - ceph: avoid block operation when !TASK_RUNNING (ceph_get_caps). - ceph: avoid block operation when !TASK_RUNNING (ceph_mdsc_close_sessions). - ceph: avoid block operation when !TASK_RUNNING (ceph_mdsc_sync). - ceph: avoid releasing caps that are being used. - ceph: avoid sending unnessesary FLUSHSNAP message. - ceph: avoid useless ceph_get_dentry_parent_inode() in ceph_rename(). - ceph: cast PAGE_SIZE to size_t in ceph_sync_write(). - ceph: ceph_frag_contains_value can be boolean. - ceph: ceph_get_parent() can be static. - ceph: check OSD caps before read/write. - ceph: check buffer size in ceph_vxattrcb_layout(). - ceph: check caps in filemap_fault and page_mkwrite. - ceph: check directory's completeness before emitting directory entry. - ceph: check inode caps in ceph_d_revalidate. - ceph: check unsupported fallocate mode. - ceph: check zero length in ceph_sync_read(). - ceph: checking for IS_ERR instead of NULL. - ceph: cleanup unsafe requests when reconnecting is denied. - ceph: cleanup use of ceph_msg_get. - ceph: clear directory's completeness when creating file. - ceph: convert inline data to normal data before data write. - ceph: do not assume r_old_dentry[_dir] always set together. - ceph: do not chain inode updates to parent fsync. - ceph: do not grabs open file reference for aborted request. - ceph: do not include ceph.{file,dir}.layout vxattr in listxattr(). - ceph: do not include used caps in cap_wanted. - ceph: do not invalidate page cache when inode is no longer used. - ceph: do not mark dirty caps when there is no auth cap. - ceph: do not pre-allocate space for cap release messages. - ceph: do not set r_old_dentry_dir on link(). - ceph: do not trim auth cap when there are cap snaps. - ceph: do not zero i_wrbuffer_ref when reconnecting is denied. - ceph: drop cap releases in requests composed before cap reconnect. - ceph: drop extra open file reference in ceph_atomic_open(). - ceph: drop unconnected inodes. - ceph: exclude setfilelock requests when calculating oldest tid. - ceph: export ceph_session_state_name function. - ceph: fetch inline data when getting Fcr cap refs. - ceph: fix __dcache_readdir(). - ceph: fix a comment typo. - ceph: fix append mode write. - ceph: fix atomic_open snapdir. - ceph: fix bool assignments. - ceph: fix cache revoke race. - ceph: fix ceph_dir_llseek(). - ceph: fix ceph_fh_to_parent(). - ceph: fix ceph_removexattr(). - ceph: fix ceph_set_acl(). - ceph: fix ceph_writepages_start(). - ceph: fix dcache/nocache mount option. - ceph: fix dentry leaks. - ceph: fix directory fsync. - ceph: fix divide-by-zero in __validate_layout(). - ceph: fix double page_unlock() in page_mkwrite(). - ceph: fix dout() compile warnings in ceph_filemap_fault(). - ceph: fix file lock interruption. - ceph: fix flush tid comparision. - ceph: fix flushing caps. - ceph: fix llistxattr on symlink. - ceph: fix message length computation. - ceph: fix mksnap crash. - ceph: fix null pointer dereference in send_mds_reconnect(). - ceph: fix pr_fmt() redefinition. - ceph: fix queuing inode to mdsdir's snaprealm. - ceph: fix reading inline data when i_size > PAGE_SIZE. - ceph: fix request time stamp encoding. - ceph: fix reset_readdir(). - ceph: fix setting empty extended attribute. - ceph: fix sizeof(struct tYpO *) typo. - ceph: fix snap context leak in error path. - ceph: fix trim caps. - ceph: fix uninline data function. - ceph: flush cap release queue when trimming session caps. - ceph: flush inline version. - ceph: forbid mandatory file lock. - ceph: fscache: Update object store limit after file writing. - ceph: fscache: Wait for completion of object initialization. - ceph: fscache: add an interface to synchronize object store limit. - ceph: get inode size for each append write. - ceph: handle -ESTALE reply. - ceph: handle SESSION_FORCE_RO message. - ceph: handle cap export race in try_flush_caps(). - ceph: handle cap import atomically. - ceph: handle frag mismatch between readdir request and reply. - ceph: handle race between cap reconnect and cap release. - ceph: handle session flush message. - ceph: hold on to exclusive caps on complete directories. - ceph: implement readv/preadv for sync operation. - ceph: improve readahead for file holes. - ceph: improve reference tracking for snaprealm. - ceph: include time stamp in every MDS request. - ceph: include time stamp in replayed MDS requests. - ceph: initial CEPH_FEATURE_FS_FILE_LAYOUT_V2 support. - ceph: initialize inode before instantiating dentry. - ceph: introduce a new inode flag indicating if cached dentries are ordered. - ceph: introduce ceph_fill_fragtree(). - ceph: introduce global empty snap context. - ceph: invalidate dirty pages after forced umount. - ceph: keep i_snap_realm while there are writers. - ceph: kstrdup() memory handling. - ceph: let MDS adjust readdir 'frag'. - ceph: make ceph_forget_all_cached_acls() static inline. - ceph: make fsync() wait unsafe requests that created/modified inode. - ceph: make sure syncfs flushes all cap snaps. - ceph: make sure write caps are registered with auth MDS. - ceph: match wait_for_completion_timeout return type. - ceph: message versioning fixes. - ceph: move ceph_find_inode() outside the s_mutex. - ceph: move spinlocking into ceph_encode_locks_to_buffer and ceph_count_locks. - ceph: no need to get parent inode in ceph_open. - ceph: parse inline data in MClientReply and MClientCaps. - ceph: pre-allocate ceph_cap struct for ceph_add_cap(). - ceph: pre-allocate data structure that tracks caps flushing. - ceph: preallocate buffer for readdir reply. - ceph: print inode number for LOOKUPINO request. - ceph: properly apply umask when ACL is enabled. - ceph: properly handle XATTR_CREATE and XATTR_REPLACE. - ceph: properly mark empty directory as complete. - ceph: properly release page upon error. - ceph: properly zero data pages for file holes. - ceph: provide seperate {inode,file}_operations for snapdir. - ceph: queue cap release in __ceph_remove_cap(). - ceph: queue vmtruncate if necessary when handing cap grant/revoke. - ceph: ratelimit warn messages for MDS closes session. - ceph: re-send AIO write request when getting -EOLDSNAP error. - ceph: re-send flushing caps (which are revoked) in reconnect stage. - ceph: re-send requests when MDS enters reconnecting stage. - ceph: refactor readpage_nounlock() to make the logic clearer. - ceph: remember subtree root dirfrag's auth MDS. - ceph: remove exported caps when handling cap import message. - ceph: remove outdated frag information. - ceph: remove redundant code for max file size verification. - ceph: remove redundant declaration. - ceph: remove redundant memset(0). - ceph: remove redundant test of head->safe and silence static analysis warnings. - ceph: remove the useless judgement. - ceph: remove unused functions in ceph_frag.h. - ceph: remove unused stringification macros. - ceph: remove useless ACL check. - ceph: remove xattr when null value is given to setxattr(). - ceph: rename snapshot support. - ceph: replace comma with a semicolon. - ceph: request xattrs if xattr_version is zero. - ceph: reserve caps for file layout/lock MDS requests. - ceph: reset r_resend_mds after receiving -ESTALE. - ceph: return error for traceless reply race. - ceph: rework dcache readdir. - ceph: send TID of the oldest pending caps flush to MDS. - ceph: send client metadata to MDS. - ceph: set caps count after composing cap reconnect message. - ceph: set i_head_snapc when getting CEPH_CAP_FILE_WR reference. - ceph: set mds_wanted when MDS reply changes a cap to auth cap. - ceph: show nocephx_require_signatures and notcp_nodelay options. - ceph: show non-default options only. - ceph: simplify ceph_fh_to_dentry(). - ceph: simplify two mount_timeout sites. - ceph: skip invalid dentry during dcache readdir. - ceph: support inline data feature. - ceph: switch some GFP_NOFS memory allocation to GFP_KERNEL. - ceph: sync read inline data. - ceph: take snap_rwsem when accessing snap realm's cached_context. - ceph: track pending caps flushing accurately. - ceph: track pending caps flushing globally. - ceph: trim unused inodes before reconnecting to recovering MDS. - ceph: trivial comment fix. - ceph: update i_max_size even if inode version does not change. - ceph: update inode fields according to issued caps. - ceph: use %zu for len in ceph_fill_inline_data(). - ceph: use ceph_seq_cmp() to compare migrate_seq. - ceph: use empty snap context for uninline_data and get_pool_perm. - ceph: use fl->fl_file as owner identifier of flock and posix lock. - ceph: use fl->fl_type to decide flock operation. - ceph: use fpos_cmp() to compare dentry positions. - ceph: use getattr request to fetch inline data. - ceph: use i_size_{read,write} to get/set i_size. - ceph: use msecs_to_jiffies for time conversion. - ceph: use pagelist to present MDS request data. - ceph: use truncate_pagecache() instead of truncate_inode_pages(). - ceph_sync_{,direct_}write: fix an oops on ceph_osdc_new_request() failure. - client: include kernel version in client metadata. - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - crush: add chooseleaf_stable tunable. - crush: decode and initialize chooseleaf_stable. - crush: ensure bucket id is valid before indexing buckets array. - crush: ensure take bucket value is valid. - crush: fix crash from invalid 'take' argument. - crush: sync up with userspace. - crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode (bsc#958390). - crypto: testmgr - mark authenticated ctr(aes) also as FIPS able (bsc#958390). - dasd: fix hanging system after LCU changes (bnc#968497, LTC#136671). - drm/core: Preserve the framebuffer after removing it (bsc#968812). - drm/i915: do not warn if backlight unexpectedly enabled (boo#972068). - drm/i915: set backlight duty cycle after backlight enable for gen4 (boo#972780). - drm/radeon: fix-up some float to fixed conversion thinkos (bsc#968813). - drm/radeon: use HDP_MEM_COHERENCY_FLUSH_CNTL for sdma as well (bsc#968813). - ext4: Fix softlockups in SEEK_HOLE and SEEK_DATA implementations (bsc#942262). - ext4: fix races between page faults and hole punching (bsc#972174). - ext4: fix races of writeback with punch hole and zero range (bsc#972174). - fs, seq_file: fallback to vmalloc instead of oom kill processes (bnc#968687). - fs, seqfile: always allow oom killer (bnc#968687). - fs/ceph/debugfs.c: replace seq_printf by seq_puts. - fs/ceph: replace pr_warning by pr_warn. - fs/pipe.c: skip file_update_time on frozen fs (bsc#975488). - ibmvscsi: Remove unsupported host config MAD (bsc#973556). - iommu/vt-d: Improve fault handler error messages (bsc#975772). - iommu/vt-d: Ratelimit fault handler (bsc#975772). - ipv6: make fib6 serial number per namespace (bsc#965319). - ipv6: per netns FIB garbage collection (bsc#965319). - ipv6: per netns fib6 walkers (bsc#965319). - ipv6: replace global gc_args with local variable (bsc#965319). - kABI: kgr: fix subtle race with kgr_module_init(), going notifier and kgr_modify_kernel(). - kABI: protect function file_open_root. - kABI: protect include in evm. - kABI: protect struct user_struct. - kabi fix for patches.fixes/reduce-m_start-cost (bsc#966573). - kabi/severities: Allow changes in zpci_* symbols (bsc#974692) - kabi/severities: Whitelist libceph and rbd (bsc#964727). - kabi: kgr, add reserved fields. - kabi: protect struct fc_rport_priv (bsc#953233, bsc#962846). - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319). - kgr: add TAINT_KGRAFT. - kgr: add kgraft annotation to hwrng kthread. - kgr: add kgraft annotations to kthreads' wait_event_freezable() API calls. - kgr: add objname to kgr_patch_fun struct. - kgr: add sympos and objname to error and debug messages. - kgr: add sympos as disambiguator field to kgr_patch_fun structure. - kgr: add sympos to sysfs. - kgr: call kgr_init_ftrace_ops() only for loaded objects. - kgr: change to kallsyms_on_each_symbol iterator. - kgr: define pr_fmt and modify all pr_* messages. - kgr: do not print error for !abort_if_missing symbols (bnc#943989). - kgr: do not return and print an error only if the object is not loaded. - kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572). - kgr: fix an asymmetric dealing with delayed module loading. - kgr: fix redirection on s390x arch (bsc#903279). - kgr: fix subtle race with kgr_module_init(), going notifier and kgr_modify_kernel(). - kgr: handle btrfs kthreads (bnc#889207). - kgr: kmemleak, really mark the kthread safe after an interrupt. - kgr: kmemleak, really mark the kthread safe after an interrupt. - kgr: log when modifying kernel. - kgr: mark kernel unsupported upon patch revert. - kgr: mark some more missed kthreads (bnc#962336). - kgr: remove abort_if_missing flag. - kgr: usb/storage: do not emit thread awakened (bnc#899908). - kgraft/gfs2: Do not block livepatching in the log daemon for too long. - kgraft/xen: Do not block livepatching in the XEN blkif kthread. - libceph: Avoid holding the zero page on ceph_msgr_slab_init errors. - libceph: Fix ceph_tcp_sendpage()'s more boolean usage. - libceph: MOSDOpReply v7 encoding. - libceph: Remove spurious kunmap() of the zero page. - libceph: a couple tweaks for wait loops. - libceph: add nocephx_sign_messages option. - libceph: advertise support for TUNABLES5. - libceph: advertise support for keepalive2. - libceph: allow setting osd_req_op's flags. - libceph: check data_len in ->alloc_msg(). - libceph: clear messenger auth_retry flag if we fault. - libceph: clear msg->con in ceph_msg_release() only. - libceph: do not access invalid memory in keepalive2 path. - libceph: do not spam dmesg with stray reply warnings. - libceph: drop authorizer check from cephx msg signing routines. - libceph: evaluate osd_req_op_data() arguments only once. - libceph: fix authorizer invalidation, take 2. - libceph: fix ceph_msg_revoke(). - libceph: fix wrong name "Ceph filesystem for Linux". - libceph: introduce ceph_x_authorizer_cleanup(). - libceph: invalidate AUTH in addition to a service ticket. - libceph: kill off ceph_x_ticket_handler::validity. - libceph: move ceph_file_layout helpers to ceph_fs.h. - libceph: msg signing callouts do not need con argument. - libceph: nuke time_sub(). - libceph: properly release STAT request's raw_data_in. - libceph: remove con argument in handle_reply(). - libceph: remove outdated comment. - libceph: remove the unused macro AES_KEY_SIZE. - libceph: rename con_work() to ceph_con_workfn(). - libceph: set 'exists' flag for newly up osd. - libceph: stop duplicating client fields in messenger. - libceph: store timeouts in jiffies, verify user input. - libceph: treat sockaddr_storage with uninitialized family as blank. - libceph: use keepalive2 to verify the mon session is alive. - libceph: use list_for_each_entry_safe. - libceph: use list_next_entry instead of list_entry_next. - libceph: use local variable cursor instead of &msg->cursor. - libceph: use the right footer size when skipping a message. - libfc: replace 'rp_mutex' with 'rp_lock' (bsc#953233, bsc#962846). - mds: check cap ID when handling cap export message. - mmc: Allow forward compatibility for eMMC (bnc#966054). - mmc: sdhci: Allow for irq being shared (bnc#977582). - mpt3sas: Fix use sas_is_tlr_enabled API before enabling MPI2_SCSIIO_CONTROL_TLR_ON flag (bsc#967640). - nfs-rdma: Fix for FMR leaks (bsc#908151). - nfs: fix high load average due to callback thread sleeping (bsc#971170). - nvme: fix max_segments integer truncation (bsc#676471). - ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947). - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947). - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947). - pipe: limit the per-user amount of pages allocated in pipes (bsc#970948). - powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel (bsc at 976821). - powerpc/book3s64: Remove __end_handlers marker (bsc#976821). - rbd: bump queue_max_segments. - rbd: delete an unnecessary check before rbd_dev_destroy(). - rbd: do not free rbd_dev outside of the release callback. - rbd: do not put snap_context twice in rbd_queue_workfn(). - rbd: drop null test before destroy functions. - rbd: plug rbd_dev->header.object_prefix memory leak. - rbd: rbd_wq comment is obsolete. - rbd: remove duplicate calls to rbd_dev_mapping_clear(). - rbd: return -ENOMEM instead of pool id if rbd_dev_create() fails. - rbd: set device_type::release instead of device::release. - rbd: set max_sectors explicitly. - rbd: store rbd_options in rbd_device. - rbd: terminate rbd_opts_tokens with Opt_err. - rbd: timeout watch teardown on unmap with mount_timeout. - rbd: use GFP_NOIO consistently for request allocations (bsc#971159). - rbd: use writefull op for object size writes. - reduce m_start() cost.. (bsc#966573). - s390/compat: correct restore of high gprs on signal return (bnc#968497, LTC#137571). - s390/pageattr: do a single TLB flush for change_page_attr (bsc#940413). - s390/pci: add extra padding to function measurement block (bnc#974692, LTC#139445). - s390/pci: enforce fmb page boundary rule (bnc#974692, LTC#139445). - s390/pci: extract software counters from fmb (bnc#974692, LTC#139445). - s390/pci: remove pdev pointer from arch data (bnc#974692, LTC#139444). - s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#974692, LTC#139401). - s390/pci_dma: handle dma table failures (bnc#974692, LTC#139442). - s390/pci_dma: improve debugging of errors during dma map (bnc#974692, LTC#139442). - s390/pci_dma: unify label of invalid translation table entries (bnc#974692, LTC#139442). - s390/zcrypt: HWRNG registration cause kernel panic on CEX hotplug (bnc#968497, LTC#138409). - scsi-bnx2fc-handle_scsi_retry_delay - scsi-bnx2fc-soft_lockup_when_rmmod - scsi: Add intermediate STARGET_REMOVE state to scsi_target_state (bsc#970609). - scsi: Avoid crashing if device uses DIX but adapter does not support it (bsc#969016). - sd: get disk reference in sd_check_events() (bnc#897662). - supported.conf: Add bridge.ko for OpenStack (bsc#971600) - supported.conf: add pci-hyperv - supported.conf:Add drivers/infiniband/hw/ocrdma/ocrdma.ko to supported.conf (bsc#964461) - svcrdma: Fence LOCAL_INV work requests (bsc#908151). - svcrdma: advertise the correct max payload (bsc#908151). - svcrdma: fix offset calculation for non-page aligned sge entries (bsc#908151). - svcrdma: fix printk when memory allocation fails (bsc#908151). - svcrdma: refactor marshalling logic (bsc#908151). - svcrdma: send_write() must not overflow the device's max sge (bsc#908151). - target: Drop incorrect ABORT_TASK put for completed commands (bsc#962872). - target: Fix LUN_RESET active I/O handling for ACK_KREF (bsc#962872). - target: Fix LUN_RESET active TMR descriptor handling (bsc#962872). - target: Fix TAS handling for multi-session se_node_acls (bsc#962872). - target: Fix race with SCF_SEND_DELAYED_TAS handling (bsc#962872). - target: Fix remote-port TMR ABORT + se_cmd fabric stop (bsc#962872). - tcp: convert cached rtt from usec to jiffies when feeding initial rto (bsc#937086). - vgaarb: Add more context to error messages (bsc#976868). - xen/acpi: Disable ACPI table override when UEFI Secure Boot is enabled (bsc#970604). - xprtrdma: Allocate missing pagelist (bsc#908151). - xprtrdma: Avoid deadlock when credit window is reset (bsc#908151). - xprtrdma: Disconnect on registration failure (bsc#908151). - xprtrdma: Ensure ia->ri_id->qp is not NULL when reconnecting (bsc#908151). - xprtrdma: Fall back to MTHCAFMR when FRMR is not supported (bsc#908151). - xprtrdma: Limit work done by completion handler (bsc#908151). - xprtrdma: Make rpcrdma_ep_destroy() return void (bsc#908151). - xprtrdma: RPC/RDMA must invoke xprt_wake_pending_tasks() in process context (bsc#908151). - xprtrdma: Reduce the number of hardway buffer allocations (bsc#908151). - xprtrdma: Remove BOUNCEBUFFERS memory registration mode (bsc#908151). - xprtrdma: Remove BUG_ON() call sites (bsc#908151). - xprtrdma: Remove MEMWINDOWS registration modes (bsc#908151). - xprtrdma: Remove REGISTER memory registration mode (bsc#908151). - xprtrdma: Remove Tavor MTU setting (bsc#908151). - xprtrdma: Reset connection timeout after successful reconnect (bsc#908151). - xprtrdma: Simplify rpcrdma_deregister_external() synopsis (bsc#908151). - xprtrdma: Split the completion queue (bsc#908151). - xprtrdma: Use macros for reconnection timeout constants (bsc#908151). - xprtrdma: mind the device's max fast register page list depth (bsc#908151). - xprtrdma: mount reports "Invalid mount option" if memreg mode not supported (bsc#908151). - xprtrmda: Reduce calls to ib_poll_cq() in completion handlers (bsc#908151). - xprtrmda: Reduce lock contention in completion handlers (bsc#908151). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1004=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1004=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1004=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1004=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1004=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1004=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.59-60.41.2 kernel-default-debugsource-3.12.59-60.41.2 kernel-default-extra-3.12.59-60.41.2 kernel-default-extra-debuginfo-3.12.59-60.41.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.59-60.41.2 kernel-obs-build-debugsource-3.12.59-60.41.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.59-60.41.8 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.59-60.41.2 kernel-default-base-3.12.59-60.41.2 kernel-default-base-debuginfo-3.12.59-60.41.2 kernel-default-debuginfo-3.12.59-60.41.2 kernel-default-debugsource-3.12.59-60.41.2 kernel-default-devel-3.12.59-60.41.2 kernel-syms-3.12.59-60.41.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.59-60.41.2 kernel-macros-3.12.59-60.41.2 kernel-source-3.12.59-60.41.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.59-60.41.2 kernel-xen-base-3.12.59-60.41.2 kernel-xen-base-debuginfo-3.12.59-60.41.2 kernel-xen-debuginfo-3.12.59-60.41.2 kernel-xen-debugsource-3.12.59-60.41.2 kernel-xen-devel-3.12.59-60.41.2 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.59-60.41.2 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.59-60.41.2 kernel-ec2-debuginfo-3.12.59-60.41.2 kernel-ec2-debugsource-3.12.59-60.41.2 kernel-ec2-devel-3.12.59-60.41.2 kernel-ec2-extra-3.12.59-60.41.2 kernel-ec2-extra-debuginfo-3.12.59-60.41.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-1-2.1 kgraft-patch-3_12_59-60_41-xen-1-2.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.59-60.41.2 kernel-default-debuginfo-3.12.59-60.41.2 kernel-default-debugsource-3.12.59-60.41.2 kernel-default-devel-3.12.59-60.41.2 kernel-default-extra-3.12.59-60.41.2 kernel-default-extra-debuginfo-3.12.59-60.41.2 kernel-syms-3.12.59-60.41.1 kernel-xen-3.12.59-60.41.2 kernel-xen-debuginfo-3.12.59-60.41.2 kernel-xen-debugsource-3.12.59-60.41.2 kernel-xen-devel-3.12.59-60.41.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.59-60.41.2 kernel-macros-3.12.59-60.41.2 kernel-source-3.12.59-60.41.2 References: https://www.suse.com/security/cve/CVE-2014-9717.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3136.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3689.html https://www.suse.com/security/cve/CVE-2016-3951.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4569.html https://bugzilla.suse.com/662458 https://bugzilla.suse.com/676471 https://bugzilla.suse.com/889207 https://bugzilla.suse.com/897662 https://bugzilla.suse.com/899908 https://bugzilla.suse.com/903279 https://bugzilla.suse.com/908151 https://bugzilla.suse.com/928547 https://bugzilla.suse.com/931448 https://bugzilla.suse.com/937086 https://bugzilla.suse.com/940413 https://bugzilla.suse.com/942262 https://bugzilla.suse.com/943989 https://bugzilla.suse.com/944309 https://bugzilla.suse.com/945345 https://bugzilla.suse.com/951844 https://bugzilla.suse.com/953233 https://bugzilla.suse.com/957805 https://bugzilla.suse.com/958390 https://bugzilla.suse.com/959514 https://bugzilla.suse.com/960857 https://bugzilla.suse.com/962336 https://bugzilla.suse.com/962846 https://bugzilla.suse.com/962872 https://bugzilla.suse.com/963572 https://bugzilla.suse.com/964461 https://bugzilla.suse.com/964727 https://bugzilla.suse.com/965319 https://bugzilla.suse.com/966054 https://bugzilla.suse.com/966573 https://bugzilla.suse.com/967640 https://bugzilla.suse.com/968497 https://bugzilla.suse.com/968687 https://bugzilla.suse.com/968812 https://bugzilla.suse.com/968813 https://bugzilla.suse.com/969016 https://bugzilla.suse.com/970604 https://bugzilla.suse.com/970609 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970955 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971049 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971159 https://bugzilla.suse.com/971170 https://bugzilla.suse.com/971600 https://bugzilla.suse.com/971628 https://bugzilla.suse.com/971793 https://bugzilla.suse.com/971947 https://bugzilla.suse.com/972003 https://bugzilla.suse.com/972068 https://bugzilla.suse.com/972174 https://bugzilla.suse.com/972780 https://bugzilla.suse.com/972844 https://bugzilla.suse.com/972891 https://bugzilla.suse.com/972951 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973556 https://bugzilla.suse.com/973855 https://bugzilla.suse.com/974418 https://bugzilla.suse.com/974646 https://bugzilla.suse.com/974692 https://bugzilla.suse.com/975371 https://bugzilla.suse.com/975488 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/975945 https://bugzilla.suse.com/976739 https://bugzilla.suse.com/976821 https://bugzilla.suse.com/976868 https://bugzilla.suse.com/977582 https://bugzilla.suse.com/977685 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978527 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979347 https://bugzilla.suse.com/983143 From sle-updates at lists.suse.com Tue Jun 28 11:07:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jun 2016 19:07:42 +0200 (CEST) Subject: SUSE-RU-2016:1697-1: moderate: Recommended update for lttng-modules Message-ID: <20160628170742.D252BFFDE@maintenance.suse.de> SUSE Recommended Update: Recommended update for lttng-modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1697-1 Rating: moderate References: #936012 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update refreshes the lttng-modules for a changed kernel symbol in KVM. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-1005=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): lttng-modules-2.4.1-16.4.1 lttng-modules-debugsource-2.4.1-16.4.1 lttng-modules-kmp-default-2.4.1_k3.12.55_52.45-16.4.1 lttng-modules-kmp-default-debuginfo-2.4.1_k3.12.55_52.45-16.4.1 References: https://bugzilla.suse.com/936012 From sle-updates at lists.suse.com Tue Jun 28 12:07:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 28 Jun 2016 20:07:42 +0200 (CEST) Subject: SUSE-SU-2016:1698-1: important: Security update for kvm Message-ID: <20160628180742.75CD9FFDE@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1698-1 Rating: important References: #895528 #901508 #928393 #934069 #936132 #940929 #944463 #945404 #945987 #945989 #947159 #958491 #958917 #959005 #960334 #960725 #961332 #961333 #961358 #961556 #961691 #962320 #963782 #964413 #967969 #969350 #970036 #970037 #975128 #975136 #975700 #976109 #978158 #978160 #980711 #980723 Cross-References: CVE-2014-3615 CVE-2014-3689 CVE-2014-9718 CVE-2015-3214 CVE-2015-5239 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6855 CVE-2015-7295 CVE-2015-7549 CVE-2015-8504 CVE-2015-8558 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS ______________________________________________________________________________ An update that solves 33 vulnerabilities and has three fixes is now available. Description: kvm was updated to fix 33 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069) - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393) - CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508) - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets (bsc#945987). - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed: - Fix case of IDE interface needing busy status set before flush (bsc#936132) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kvm-12634=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kvm-1.4.2-46.1 References: https://www.suse.com/security/cve/CVE-2014-3615.html https://www.suse.com/security/cve/CVE-2014-3689.html https://www.suse.com/security/cve/CVE-2014-9718.html https://www.suse.com/security/cve/CVE-2015-3214.html https://www.suse.com/security/cve/CVE-2015-5239.html https://www.suse.com/security/cve/CVE-2015-5278.html https://www.suse.com/security/cve/CVE-2015-5279.html https://www.suse.com/security/cve/CVE-2015-5745.html https://www.suse.com/security/cve/CVE-2015-6855.html https://www.suse.com/security/cve/CVE-2015-7295.html https://www.suse.com/security/cve/CVE-2015-7549.html https://www.suse.com/security/cve/CVE-2015-8504.html https://www.suse.com/security/cve/CVE-2015-8558.html https://www.suse.com/security/cve/CVE-2015-8613.html https://www.suse.com/security/cve/CVE-2015-8619.html https://www.suse.com/security/cve/CVE-2015-8743.html https://www.suse.com/security/cve/CVE-2016-1568.html https://www.suse.com/security/cve/CVE-2016-1714.html https://www.suse.com/security/cve/CVE-2016-1922.html https://www.suse.com/security/cve/CVE-2016-1981.html https://www.suse.com/security/cve/CVE-2016-2198.html https://www.suse.com/security/cve/CVE-2016-2538.html https://www.suse.com/security/cve/CVE-2016-2841.html https://www.suse.com/security/cve/CVE-2016-2857.html https://www.suse.com/security/cve/CVE-2016-2858.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3712.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://bugzilla.suse.com/895528 https://bugzilla.suse.com/901508 https://bugzilla.suse.com/928393 https://bugzilla.suse.com/934069 https://bugzilla.suse.com/936132 https://bugzilla.suse.com/940929 https://bugzilla.suse.com/944463 https://bugzilla.suse.com/945404 https://bugzilla.suse.com/945987 https://bugzilla.suse.com/945989 https://bugzilla.suse.com/947159 https://bugzilla.suse.com/958491 https://bugzilla.suse.com/958917 https://bugzilla.suse.com/959005 https://bugzilla.suse.com/960334 https://bugzilla.suse.com/960725 https://bugzilla.suse.com/961332 https://bugzilla.suse.com/961333 https://bugzilla.suse.com/961358 https://bugzilla.suse.com/961556 https://bugzilla.suse.com/961691 https://bugzilla.suse.com/962320 https://bugzilla.suse.com/963782 https://bugzilla.suse.com/964413 https://bugzilla.suse.com/967969 https://bugzilla.suse.com/969350 https://bugzilla.suse.com/970036 https://bugzilla.suse.com/970037 https://bugzilla.suse.com/975128 https://bugzilla.suse.com/975136 https://bugzilla.suse.com/975700 https://bugzilla.suse.com/976109 https://bugzilla.suse.com/978158 https://bugzilla.suse.com/978160 https://bugzilla.suse.com/980711 https://bugzilla.suse.com/980723 From sle-updates at lists.suse.com Wed Jun 29 03:07:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Jun 2016 11:07:42 +0200 (CEST) Subject: SUSE-SU-2016:1703-1: important: Security update for qemu Message-ID: <20160629090742.3DA30FFDE@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1703-1 Rating: important References: #886378 #940929 #958491 #958917 #959005 #959386 #960334 #960708 #960725 #960835 #961332 #961333 #961358 #961556 #961691 #962320 #963782 #964411 #964413 #967969 #969121 #969122 #969350 #970036 #970037 #975128 #975136 #975700 #976109 #978158 #978160 #980711 #980723 #981266 Cross-References: CVE-2015-5745 CVE-2015-7549 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2197 CVE-2016-2198 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4952 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 32 vulnerabilities and has two fixes is now available. Description: qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266) - CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121) - CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine (bsc#964411) - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed - bsc#886378: qemu truncates vhd images in virt-rescue Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1007=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1007=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): qemu-2.3.1-14.1 qemu-block-curl-2.3.1-14.1 qemu-block-curl-debuginfo-2.3.1-14.1 qemu-debugsource-2.3.1-14.1 qemu-guest-agent-2.3.1-14.1 qemu-guest-agent-debuginfo-2.3.1-14.1 qemu-lang-2.3.1-14.1 qemu-tools-2.3.1-14.1 qemu-tools-debuginfo-2.3.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): qemu-kvm-2.3.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): qemu-ppc-2.3.1-14.1 qemu-ppc-debuginfo-2.3.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): qemu-ipxe-1.0.0-14.1 qemu-seabios-1.8.1-14.1 qemu-sgabios-8-14.1 qemu-vgabios-1.8.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): qemu-block-rbd-2.3.1-14.1 qemu-block-rbd-debuginfo-2.3.1-14.1 qemu-x86-2.3.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): qemu-s390-2.3.1-14.1 qemu-s390-debuginfo-2.3.1-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): qemu-2.3.1-14.1 qemu-block-curl-2.3.1-14.1 qemu-block-curl-debuginfo-2.3.1-14.1 qemu-debugsource-2.3.1-14.1 qemu-kvm-2.3.1-14.1 qemu-tools-2.3.1-14.1 qemu-tools-debuginfo-2.3.1-14.1 qemu-x86-2.3.1-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): qemu-ipxe-1.0.0-14.1 qemu-seabios-1.8.1-14.1 qemu-sgabios-8-14.1 qemu-vgabios-1.8.1-14.1 References: https://www.suse.com/security/cve/CVE-2015-5745.html https://www.suse.com/security/cve/CVE-2015-7549.html https://www.suse.com/security/cve/CVE-2015-8504.html https://www.suse.com/security/cve/CVE-2015-8558.html https://www.suse.com/security/cve/CVE-2015-8567.html https://www.suse.com/security/cve/CVE-2015-8568.html https://www.suse.com/security/cve/CVE-2015-8613.html https://www.suse.com/security/cve/CVE-2015-8619.html https://www.suse.com/security/cve/CVE-2015-8743.html https://www.suse.com/security/cve/CVE-2015-8744.html https://www.suse.com/security/cve/CVE-2015-8745.html https://www.suse.com/security/cve/CVE-2015-8817.html https://www.suse.com/security/cve/CVE-2015-8818.html https://www.suse.com/security/cve/CVE-2016-1568.html https://www.suse.com/security/cve/CVE-2016-1714.html https://www.suse.com/security/cve/CVE-2016-1922.html https://www.suse.com/security/cve/CVE-2016-1981.html https://www.suse.com/security/cve/CVE-2016-2197.html https://www.suse.com/security/cve/CVE-2016-2198.html https://www.suse.com/security/cve/CVE-2016-2538.html https://www.suse.com/security/cve/CVE-2016-2841.html https://www.suse.com/security/cve/CVE-2016-2857.html https://www.suse.com/security/cve/CVE-2016-2858.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3712.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4952.html https://bugzilla.suse.com/886378 https://bugzilla.suse.com/940929 https://bugzilla.suse.com/958491 https://bugzilla.suse.com/958917 https://bugzilla.suse.com/959005 https://bugzilla.suse.com/959386 https://bugzilla.suse.com/960334 https://bugzilla.suse.com/960708 https://bugzilla.suse.com/960725 https://bugzilla.suse.com/960835 https://bugzilla.suse.com/961332 https://bugzilla.suse.com/961333 https://bugzilla.suse.com/961358 https://bugzilla.suse.com/961556 https://bugzilla.suse.com/961691 https://bugzilla.suse.com/962320 https://bugzilla.suse.com/963782 https://bugzilla.suse.com/964411 https://bugzilla.suse.com/964413 https://bugzilla.suse.com/967969 https://bugzilla.suse.com/969121 https://bugzilla.suse.com/969122 https://bugzilla.suse.com/969350 https://bugzilla.suse.com/970036 https://bugzilla.suse.com/970037 https://bugzilla.suse.com/975128 https://bugzilla.suse.com/975136 https://bugzilla.suse.com/975700 https://bugzilla.suse.com/976109 https://bugzilla.suse.com/978158 https://bugzilla.suse.com/978160 https://bugzilla.suse.com/980711 https://bugzilla.suse.com/980723 https://bugzilla.suse.com/981266 From sle-updates at lists.suse.com Wed Jun 29 21:07:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jun 2016 05:07:35 +0200 (CEST) Subject: SUSE-OU-2016:1705-1: Initial release of sles-ltss-release Message-ID: <20160630030735.138ACFFAA@maintenance.suse.de> SUSE Optional Update: Initial release of sles-ltss-release ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:1705-1 Rating: low References: #986332 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides product definitions for SUSE Linux Enterprise Server 12 LTSS. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1008=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): sles-ltss-release-12-2.1 sles-ltss-release-POOL-12-2.1 References: https://bugzilla.suse.com/986332 From sle-updates at lists.suse.com Thu Jun 30 09:08:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jun 2016 17:08:02 +0200 (CEST) Subject: SUSE-RU-2016:1706-1: moderate: Recommended update for cyrus-imapd Message-ID: <20160630150802.52422FFAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for cyrus-imapd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1706-1 Rating: moderate References: #983339 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cyrus-imapd provides the following fixes: - Use the prime256v1 curve instead of the p224r1 curve, which caused interoperability issues with some versions of OpenSSL. (bsc#983339) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-cyrus-imapd-12635=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-cyrus-imapd-12635=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cyrus-imapd-12635=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): cyrus-imapd-devel-2.3.11-60.65.70.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): perl-Cyrus-IMAP-2.3.11-60.65.70.1 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.70.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): cyrus-imapd-2.3.11-60.65.70.1 perl-Cyrus-IMAP-2.3.11-60.65.70.1 perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.70.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): cyrus-imapd-debuginfo-2.3.11-60.65.70.1 cyrus-imapd-debugsource-2.3.11-60.65.70.1 References: https://bugzilla.suse.com/983339 From sle-updates at lists.suse.com Thu Jun 30 12:07:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jun 2016 20:07:50 +0200 (CEST) Subject: SUSE-SU-2016:1707-1: important: Security update for the Linux Kernel Message-ID: <20160630180750.38535FFAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1707-1 Rating: important References: #898592 #940413 #946122 #949752 #956852 #957988 #957990 #959381 #960458 #961512 #963998 #965319 #965860 #965923 #967863 #968010 #968018 #968141 #968566 #968670 #968687 #969356 #970504 #970892 #970909 #970911 #970948 #970956 #970958 #970970 #971124 #971125 #971360 #971433 #971729 #972363 #973237 #973378 #973556 #973570 #975772 #975945 Cross-References: CVE-2015-1339 CVE-2015-7566 CVE-2015-8551 CVE-2015-8552 CVE-2015-8816 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2782 CVE-2016-2847 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 25 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1339: Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times (bnc#969356). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). The following non-security bugs were fixed: - acpi / pci: Account for ARI in _PRT lookups (bsc#968566). - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - alsa: pcm: Fix potential deadlock in OSS emulation (bsc#968018). - alsa: rawmidi: Fix race at copying & updating the position (bsc#968018). - alsa: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018). - alsa: seq: Fix double port list deletion (bsc#968018). - alsa: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018). - alsa: seq: Fix leak of pool buffer at concurrent writes (bsc#968018). - alsa: seq: Fix lockdep warnings due to double mutex locks (bsc#968018). - alsa: seq: Fix race at closing in virmidi driver (bsc#968018). - alsa: seq: Fix yet another races among ALSA timer accesses (bsc#968018). - alsa: timer: Call notifier in the same spinlock (bsc#973378). - alsa: timer: Code cleanup (bsc#968018). - alsa: timer: Fix leftover link at closing (bsc#968018). - alsa: timer: Fix link corruption due to double start or stop (bsc#968018). - alsa: timer: Fix race between stop and interrupt (bsc#968018). - alsa: timer: Fix wrong instance passed to slave callbacks (bsc#968018). - alsa: timer: Protect the whole snd_timer_close() with open race (bsc#973378). - alsa: timer: Sync timer deletion at closing the system timer (bsc#973378). - alsa: timer: Use mod_timer() for rearming the system timer (bsc#973378). - dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752). - fs, seqfile: always allow oom killer (bnc#968687). - fs/seq_file: fallback to vmalloc allocation (bnc#968687). - fs, seq_file: fallback to vmalloc instead of oom kill processes (bnc#968687). - hpsa: fix issues with multilun devices (bsc#959381). - ibmvscsi: Remove unsupported host config MAD (bsc#973556). - iommu/vt-d: Improve fault handler error messages (bsc#975772). - iommu/vt-d: Ratelimit fault handler (bsc#975772). - ipv6: make fib6 serial number per namespace (bsc#965319). - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852). - ipv6: per netns fib6 walkers (bsc#965319). - ipv6: per netns FIB garbage collection (bsc#965319). - ipv6: replace global gc_args with local variable (bsc#965319). - kabi, fs/seq_file: fallback to vmalloc allocation (bnc#968687). - kabi: Import kabi files from kernel 3.0.101-71 - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319). - kabi: Restore kabi after lock-owner change (bnc#968141). - llist: Add llist_next() (fate#316876). - make vfree() safe to call from interrupt contexts (fate#316876). - mld, igmp: Fix reserved tailroom calculation (bsc#956852). - net/core: dev_mc_sync_multiple calls wrong helper (bsc#971433). - net/core: __hw_addr_create_ex does not initialize sync_cnt (bsc#971433). - net/core: __hw_addr_sync_one / _multiple broken (bsc#971433). - net/core: __hw_addr_unsync_one "from" address not marked synced (bsc#971433). - nfs4: treat lock owners as opaque values (bnc#968141). - nfsd4: return nfserr_symlink on v4 OPEN of non-regular file (bsc#973237). - nfsd: do not fail unchecked creates of non-special files (bsc#973237). - nfs: use smaller allocations for 'struct idmap' (bsc#965923). - pciback: check PF instead of VF for PCI_COMMAND_MEMORY (bsc#957990). - pciback: Save the number of MSI-X entries to be copied later (bsc#957988). - pci: Move pci_ari_enabled() to global header (bsc#968566). - pci: Update PCI VPD size patch to upstream: - PCI: Determine actual VPD size on first access (bsc#971729). - PCI: Update VPD definitions (bsc#971729). - rdma/ucma: Fix AB-BA deadlock (bsc#963998). - s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413). - scsi_dh_alua: Do not block request queue if workqueue is active (bsc#960458). - scsi: mpt2sas: Rearrange the the code so that the completion queues are initialized prior to sending the request to controller firmware (bsc#967863). - skb: Add inline helper for getting the skb end offset from head (bsc#956852). - tcp: avoid order-1 allocations on wifi and tx path (bsc#956852). - tcp: fix skb_availroom() (bsc#956852). - usb: usbip: fix potential out-of-bounds write (bnc#975945). - vmxnet3: set carrier state properly on probe (bsc#972363). - vmxnet3: set netdev parant device before calling netdev_info (bsc#972363). - xfrm: do not segment UFO packets (bsc#946122). - xfs: fix sgid inheritance for subdirectories inheriting default acls [V3] (bsc#965860). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#898592). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-rt-12636=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-rt-12636=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-54.1 kernel-rt-base-3.0.101.rt130-54.1 kernel-rt-devel-3.0.101.rt130-54.1 kernel-rt_trace-3.0.101.rt130-54.1 kernel-rt_trace-base-3.0.101.rt130-54.1 kernel-rt_trace-devel-3.0.101.rt130-54.1 kernel-source-rt-3.0.101.rt130-54.1 kernel-syms-rt-3.0.101.rt130-54.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-54.1 kernel-rt-debugsource-3.0.101.rt130-54.1 kernel-rt_debug-debuginfo-3.0.101.rt130-54.1 kernel-rt_debug-debugsource-3.0.101.rt130-54.1 kernel-rt_trace-debuginfo-3.0.101.rt130-54.1 kernel-rt_trace-debugsource-3.0.101.rt130-54.1 References: https://www.suse.com/security/cve/CVE-2015-1339.html https://www.suse.com/security/cve/CVE-2015-7566.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8552.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-2143.html https://www.suse.com/security/cve/CVE-2016-2184.html https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2782.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3139.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://bugzilla.suse.com/898592 https://bugzilla.suse.com/940413 https://bugzilla.suse.com/946122 https://bugzilla.suse.com/949752 https://bugzilla.suse.com/956852 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/959381 https://bugzilla.suse.com/960458 https://bugzilla.suse.com/961512 https://bugzilla.suse.com/963998 https://bugzilla.suse.com/965319 https://bugzilla.suse.com/965860 https://bugzilla.suse.com/965923 https://bugzilla.suse.com/967863 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/968018 https://bugzilla.suse.com/968141 https://bugzilla.suse.com/968566 https://bugzilla.suse.com/968670 https://bugzilla.suse.com/968687 https://bugzilla.suse.com/969356 https://bugzilla.suse.com/970504 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970909 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971125 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971433 https://bugzilla.suse.com/971729 https://bugzilla.suse.com/972363 https://bugzilla.suse.com/973237 https://bugzilla.suse.com/973378 https://bugzilla.suse.com/973556 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/975772 https://bugzilla.suse.com/975945 From sle-updates at lists.suse.com Thu Jun 30 12:16:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jun 2016 20:16:44 +0200 (CEST) Subject: SUSE-RU-2016:1708-1: moderate: Recommended update for libdlm Message-ID: <20160630181644.9A017FFAD@maintenance.suse.de> SUSE Recommended Update: Recommended update for libdlm ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1708-1 Rating: moderate References: #967332 #977201 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libdlm to version 4.0.4 includes the following changes: - Don't SIGKILL dlm_controld - Make systemd stop dlm on corosync restart - dlm_controld: don't log error from cpg_dispatch - Fix rejection of valid connections in dlm_controld - Make fail_time in dlm_stonith optional - Fix segmentation fault during status printing in libdlmcontrol - Add dlm_stonith man page - Output of dlm_tool ls should distinguish causes for wait fencing message. (bnc#977201) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1010=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-1010=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1010=1 - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-1010=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libdlm-debuginfo-4.0.4-12.1 libdlm-debugsource-4.0.4-12.1 libdlm-devel-4.0.4-12.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libdlm-debuginfo-4.0.4-12.1 libdlm-debugsource-4.0.4-12.1 libdlm-devel-4.0.4-12.1 - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): libdlm-4.0.4-12.1 libdlm-debuginfo-4.0.4-12.1 libdlm-debugsource-4.0.4-12.1 libdlm3-4.0.4-12.1 libdlm3-debuginfo-4.0.4-12.1 - SUSE Linux Enterprise High Availability 12 (s390x x86_64): libdlm-4.0.4-12.1 libdlm-debuginfo-4.0.4-12.1 libdlm-debugsource-4.0.4-12.1 libdlm3-4.0.4-12.1 libdlm3-debuginfo-4.0.4-12.1 References: https://bugzilla.suse.com/967332 https://bugzilla.suse.com/977201 From sle-updates at lists.suse.com Thu Jun 30 13:07:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jun 2016 21:07:43 +0200 (CEST) Subject: SUSE-SU-2016:1709-1: important: Security update for the Linux Kernel Message-ID: <20160630190743.2A046FFAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1709-1 Rating: important References: #971770 #972124 #981143 #983394 #986362 Cross-References: CVE-2016-4998 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive critical security and bugfixes. Security issue fixed: - CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables handling could lead to a local privilege escalation. (bsc#986362) The following non-security bugs were fixed: - KVM: x86: expose invariant tsc cpuid bit (v2) (bsc#971770). - block: do not check request size in blk_cloned_rq_check_limits() (bsc#972124). - rbd: handle OBJ_REQUEST_SG types for copyup (bsc#983394). - target/rbd: do not put snap_context twice (bsc#981143). - target/rbd: remove caw_mutex usage (bsc#981143). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1012=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1012=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1012=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1012=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1012=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1012=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.59-60.45.2 kernel-default-debugsource-3.12.59-60.45.2 kernel-default-extra-3.12.59-60.45.2 kernel-default-extra-debuginfo-3.12.59-60.45.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.59-60.45.3 kernel-obs-build-debugsource-3.12.59-60.45.3 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.59-60.45.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.59-60.45.2 kernel-default-base-3.12.59-60.45.2 kernel-default-base-debuginfo-3.12.59-60.45.2 kernel-default-debuginfo-3.12.59-60.45.2 kernel-default-debugsource-3.12.59-60.45.2 kernel-default-devel-3.12.59-60.45.2 kernel-syms-3.12.59-60.45.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.59-60.45.2 kernel-xen-base-3.12.59-60.45.2 kernel-xen-base-debuginfo-3.12.59-60.45.2 kernel-xen-debuginfo-3.12.59-60.45.2 kernel-xen-debugsource-3.12.59-60.45.2 kernel-xen-devel-3.12.59-60.45.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.59-60.45.1 kernel-macros-3.12.59-60.45.1 kernel-source-3.12.59-60.45.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.59-60.45.2 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.59-60.45.2 kernel-ec2-debuginfo-3.12.59-60.45.2 kernel-ec2-debugsource-3.12.59-60.45.2 kernel-ec2-devel-3.12.59-60.45.2 kernel-ec2-extra-3.12.59-60.45.2 kernel-ec2-extra-debuginfo-3.12.59-60.45.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-1-2.3 kgraft-patch-3_12_59-60_45-xen-1-2.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.59-60.45.1 kernel-macros-3.12.59-60.45.1 kernel-source-3.12.59-60.45.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.59-60.45.2 kernel-default-debuginfo-3.12.59-60.45.2 kernel-default-debugsource-3.12.59-60.45.2 kernel-default-devel-3.12.59-60.45.2 kernel-default-extra-3.12.59-60.45.2 kernel-default-extra-debuginfo-3.12.59-60.45.2 kernel-syms-3.12.59-60.45.1 kernel-xen-3.12.59-60.45.2 kernel-xen-debuginfo-3.12.59-60.45.2 kernel-xen-debugsource-3.12.59-60.45.2 kernel-xen-devel-3.12.59-60.45.2 References: https://www.suse.com/security/cve/CVE-2016-4998.html https://bugzilla.suse.com/971770 https://bugzilla.suse.com/972124 https://bugzilla.suse.com/981143 https://bugzilla.suse.com/983394 https://bugzilla.suse.com/986362 From sle-updates at lists.suse.com Thu Jun 30 13:09:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Jun 2016 21:09:06 +0200 (CEST) Subject: SUSE-SU-2016:1710-1: important: Security update for the Linux Kernel Message-ID: <20160630190906.97028FFAD@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1710-1 Rating: important References: #986362 Cross-References: CVE-2016-4998 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 12 GA kernel was updated to receive one critical security fix. Security issue fixed: - CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables handling could lead to a local privilege escalation. (bsc#986362) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-1013=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-1013=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-1013=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1013=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1013=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-1013=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): kernel-default-debuginfo-3.12.60-52.54.2 kernel-default-debugsource-3.12.60-52.54.2 kernel-default-extra-3.12.60-52.54.2 kernel-default-extra-debuginfo-3.12.60-52.54.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): kernel-obs-build-3.12.60-52.54.3 kernel-obs-build-debugsource-3.12.60-52.54.3 - SUSE Linux Enterprise Software Development Kit 12 (noarch): kernel-docs-3.12.60-52.54.3 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): kernel-default-3.12.60-52.54.2 kernel-default-base-3.12.60-52.54.2 kernel-default-base-debuginfo-3.12.60-52.54.2 kernel-default-debuginfo-3.12.60-52.54.2 kernel-default-debugsource-3.12.60-52.54.2 kernel-default-devel-3.12.60-52.54.2 kernel-syms-3.12.60-52.54.1 - SUSE Linux Enterprise Server 12 (x86_64): kernel-xen-3.12.60-52.54.2 kernel-xen-base-3.12.60-52.54.2 kernel-xen-base-debuginfo-3.12.60-52.54.2 kernel-xen-debuginfo-3.12.60-52.54.2 kernel-xen-debugsource-3.12.60-52.54.2 kernel-xen-devel-3.12.60-52.54.2 - SUSE Linux Enterprise Server 12 (noarch): kernel-devel-3.12.60-52.54.1 kernel-macros-3.12.60-52.54.1 kernel-source-3.12.60-52.54.1 - SUSE Linux Enterprise Server 12 (s390x): kernel-default-man-3.12.60-52.54.2 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.60-52.54.2 kernel-ec2-debuginfo-3.12.60-52.54.2 kernel-ec2-debugsource-3.12.60-52.54.2 kernel-ec2-devel-3.12.60-52.54.2 kernel-ec2-extra-3.12.60-52.54.2 kernel-ec2-extra-debuginfo-3.12.60-52.54.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_60-52_54-default-1-2.3 kgraft-patch-3_12_60-52_54-xen-1-2.3 - SUSE Linux Enterprise Desktop 12 (noarch): kernel-devel-3.12.60-52.54.1 kernel-macros-3.12.60-52.54.1 kernel-source-3.12.60-52.54.1 - SUSE Linux Enterprise Desktop 12 (x86_64): kernel-default-3.12.60-52.54.2 kernel-default-debuginfo-3.12.60-52.54.2 kernel-default-debugsource-3.12.60-52.54.2 kernel-default-devel-3.12.60-52.54.2 kernel-default-extra-3.12.60-52.54.2 kernel-default-extra-debuginfo-3.12.60-52.54.2 kernel-syms-3.12.60-52.54.1 kernel-xen-3.12.60-52.54.2 kernel-xen-debuginfo-3.12.60-52.54.2 kernel-xen-debugsource-3.12.60-52.54.2 kernel-xen-devel-3.12.60-52.54.2 References: https://www.suse.com/security/cve/CVE-2016-4998.html https://bugzilla.suse.com/986362 From sle-updates at lists.suse.com Thu Jun 30 17:07:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Jul 2016 01:07:36 +0200 (CEST) Subject: SUSE-RU-2016:1720-1: moderate: Recommended update for haveged Message-ID: <20160630230736.49FF0FFAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for haveged ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1720-1 Rating: moderate References: #958562 #959237 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for haveged fixes the following issues: - Remedy the potential for deadlocks when booting the system: journald reads from /dev/random, which receives entropy from haveged, which in turn logs to syslog before providing any. (bsc#959237) - Remove "After=systemd-random-seed.service" from systemd service file to avoid the potential for deadlocks when booting the system: systemd-random-seed needs /var to read its previous state; mounting /var needs journald; journald needs entropy; and entropy is provided by haveged, which needs systemd-random-seed. (bsc#959237) - Add missing dependency on coreutils for initrd macros. (bsc#958562) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1014=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1014=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1014=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): haveged-debuginfo-1.9.1-16.1 haveged-debugsource-1.9.1-16.1 haveged-devel-1.9.1-16.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): haveged-1.9.1-16.1 haveged-debuginfo-1.9.1-16.1 haveged-debugsource-1.9.1-16.1 libhavege1-1.9.1-16.1 libhavege1-debuginfo-1.9.1-16.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): haveged-1.9.1-16.1 haveged-debuginfo-1.9.1-16.1 haveged-debugsource-1.9.1-16.1 libhavege1-1.9.1-16.1 libhavege1-debuginfo-1.9.1-16.1 References: https://bugzilla.suse.com/958562 https://bugzilla.suse.com/959237 From sle-updates at lists.suse.com Thu Jun 30 17:08:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Jul 2016 01:08:17 +0200 (CEST) Subject: SUSE-SU-2016:1721-1: moderate: Security update for glibc Message-ID: <20160630230817.58896FFAB@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1721-1 Rating: moderate References: #968787 #969727 #973010 #973164 #975930 #980483 #980854 Cross-References: CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for glibc provides the following fixes: - Increase DTV_SURPLUS limit. (bsc#968787) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix malloc performance regression from SLE 11. (bsc#975930) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call (CVE-2016-4429, bsc#980854) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-1015=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-1015=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-1015=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): glibc-debuginfo-2.19-22.16.2 glibc-debugsource-2.19-22.16.2 glibc-devel-static-2.19-22.16.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): glibc-2.19-22.16.2 glibc-debuginfo-2.19-22.16.2 glibc-debugsource-2.19-22.16.2 glibc-devel-2.19-22.16.2 glibc-devel-debuginfo-2.19-22.16.2 glibc-locale-2.19-22.16.2 glibc-locale-debuginfo-2.19-22.16.2 glibc-profile-2.19-22.16.2 nscd-2.19-22.16.2 nscd-debuginfo-2.19-22.16.2 - SUSE Linux Enterprise Server 12 (s390x x86_64): glibc-32bit-2.19-22.16.2 glibc-debuginfo-32bit-2.19-22.16.2 glibc-devel-32bit-2.19-22.16.2 glibc-devel-debuginfo-32bit-2.19-22.16.2 glibc-locale-32bit-2.19-22.16.2 glibc-locale-debuginfo-32bit-2.19-22.16.2 glibc-profile-32bit-2.19-22.16.2 - SUSE Linux Enterprise Server 12 (noarch): glibc-html-2.19-22.16.2 glibc-i18ndata-2.19-22.16.2 glibc-info-2.19-22.16.2 - SUSE Linux Enterprise Desktop 12 (noarch): glibc-i18ndata-2.19-22.16.2 - SUSE Linux Enterprise Desktop 12 (x86_64): glibc-2.19-22.16.2 glibc-32bit-2.19-22.16.2 glibc-debuginfo-2.19-22.16.2 glibc-debuginfo-32bit-2.19-22.16.2 glibc-debugsource-2.19-22.16.2 glibc-devel-2.19-22.16.2 glibc-devel-32bit-2.19-22.16.2 glibc-devel-debuginfo-2.19-22.16.2 glibc-devel-debuginfo-32bit-2.19-22.16.2 glibc-locale-2.19-22.16.2 glibc-locale-32bit-2.19-22.16.2 glibc-locale-debuginfo-2.19-22.16.2 glibc-locale-debuginfo-32bit-2.19-22.16.2 nscd-2.19-22.16.2 nscd-debuginfo-2.19-22.16.2 References: https://www.suse.com/security/cve/CVE-2016-1234.html https://www.suse.com/security/cve/CVE-2016-3075.html https://www.suse.com/security/cve/CVE-2016-3706.html https://www.suse.com/security/cve/CVE-2016-4429.html https://bugzilla.suse.com/968787 https://bugzilla.suse.com/969727 https://bugzilla.suse.com/973010 https://bugzilla.suse.com/973164 https://bugzilla.suse.com/975930 https://bugzilla.suse.com/980483 https://bugzilla.suse.com/980854