From sle-updates at lists.suse.com Mon May 2 10:07:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 May 2016 18:07:54 +0200 (CEST) Subject: SUSE-SU-2016:1195-1: moderate: Security update for python-tornado Message-ID: <20160502160754.DAD5CFF63@maintenance.suse.de> SUSE Security Update: Security update for python-tornado ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1195-1 Rating: moderate References: #930361 #930362 #974657 Cross-References: CVE-2014-9720 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: The python-tornado module was updated to version 4.2.1, which brings several fixes, enhancements and new features. The following security issues have been fixed: - A path traversal vulnerability in StaticFileHandler, in which files whose names started with the static_path directory but were not actually in that directory could be accessed. - The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrf_cookies and gzip options (or have gzip applied by a proxy). (bsc#930362, CVE-2014-9720) - The signed-value format used by RequestHandler.{g,s}et_secure_cookie changed to be more secure. (bsc#930361) The following enhancements have been implemented: - SSLIOStream.connect and IOStream.start_tls now validate certificates by default. - Certificate validation will now use the system CA root certificates. - The default SSL configuration has become stricter, using ssl.create_default_context where available on the client side. - The deprecated classes in the tornado.auth module, GoogleMixin, FacebookMixin and FriendFeedMixin have been removed. - New modules have been added: tornado.locks and tornado.queues. - The tornado.websocket module now supports compression via the "permessage-deflate" extension. - Tornado now depends on the backports.ssl_match_hostname when running on Python 2. For a comprehensive list of changes, please refer to the release notes: - http://www.tornadoweb.org/en/stable/releases/v4.2.0.html - http://www.tornadoweb.org/en/stable/releases/v4.1.0.html - http://www.tornadoweb.org/en/stable/releases/v4.0.0.html - http://www.tornadoweb.org/en/stable/releases/v3.2.0.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-589=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-589=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-589=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-589=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): python-backports.ssl_match_hostname-3.4.0.2-15.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): python-tornado-4.2.1-11.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): python-tornado-4.2.1-11.1 - SUSE Linux Enterprise Workstation Extension 12 (noarch): python-backports.ssl_match_hostname-3.4.0.2-15.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): python-tornado-4.2.1-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): python-backports.ssl_match_hostname-3.4.0.2-15.1 - SUSE Linux Enterprise Desktop 12 (noarch): python-backports.ssl_match_hostname-3.4.0.2-15.1 - SUSE Linux Enterprise Desktop 12 (x86_64): python-tornado-4.2.1-11.1 References: https://www.suse.com/security/cve/CVE-2014-9720.html https://bugzilla.suse.com/930361 https://bugzilla.suse.com/930362 https://bugzilla.suse.com/974657 From sle-updates at lists.suse.com Tue May 3 11:07:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2016 19:07:56 +0200 (CEST) Subject: SUSE-SU-2016:1203-1: important: Security update for the Linux Kernel Message-ID: <20160503170756.2A17CFF63@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1203-1 Rating: important References: #758040 #781018 #879378 #879381 #904035 #924919 #934787 #935123 #937444 #939955 #940017 #940413 #940913 #940946 #941514 #942082 #946122 #947128 #948330 #949298 #949752 #949936 #950750 #950998 #951392 #952976 #954628 #955308 #955354 #955654 #955673 #956375 #956514 #956707 #956708 #956709 #956852 #956949 #957988 #957990 #958463 #958886 #958906 #958912 #958951 #959190 #959312 #959399 #959705 #960857 #961500 #961509 #961512 #961516 #961518 #963276 #963765 #963767 #963998 #964201 #965319 #965923 #966437 #966693 #967863 #967972 #967973 #967974 #967975 #968010 #968011 #968012 #968013 #968141 #968670 #969307 #970504 #970892 #970909 #970911 #970948 #970956 #970958 #970970 #971124 #971125 #971360 #973570 #974646 #975945 Cross-References: CVE-2013-7446 CVE-2015-7509 CVE-2015-7515 CVE-2015-7550 CVE-2015-7566 CVE-2015-7799 CVE-2015-8215 CVE-2015-8539 CVE-2015-8543 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575 CVE-2015-8767 CVE-2015-8785 CVE-2015-8812 CVE-2015-8816 CVE-2016-0723 CVE-2016-2069 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2546 CVE-2016-2547 CVE-2016-2548 CVE-2016-2549 CVE-2016-2782 CVE-2016-2847 CVE-2016-3137 CVE-2016-3138 CVE-2016-3139 CVE-2016-3140 CVE-2016-3156 CVE-2016-3955 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 41 vulnerabilities and has 49 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956707). - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-7566: A malicious USB device could cause kernel crashes in the visor device driver (bnc#961512). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). (bsc#957988 XSA-155). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks (bnc#957990). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel do not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399). - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509). - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765). - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario.(bsc#966437). - CVE-2015-8816: A malicious USB device could cause kernel crashes in the in hub_activate() function (bnc#968010). - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500). - CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution (bnc#963767). - CVE-2016-2143: On zSeries a fork of a large process could have caused memory corruption due to incorrect page table handling. (bnc#970504, LTC#138810). - CVE-2016-2184: A malicious USB device could cause kernel crashes in the alsa usb-audio device driver (bsc#971125). - CVE-2016-2185: A malicious USB device could cause kernel crashes in the usb_driver_claim_interface function (bnc#971124). - CVE-2016-2186: A malicious USB device could cause kernel crashes in the powermate device driver (bnc#970958). - CVE-2016-2384: A double free on the ALSA umidi object was fixed. (bsc#966693). - CVE-2016-2543: A missing NULL check at remove_events ioctl in the ALSA seq driver was fixed. (bsc#967972). - CVE-2016-2544: Fix race at timer setup and close in the ALSA seq driver was fixed. (bsc#967973). - CVE-2016-2545: A double unlink of active_list in the ALSA timer driver was fixed. (bsc#967974). - CVE-2016-2546: A race among ALSA timer ioctls was fixed (bsc#967975). - CVE-2016-2547,CVE-2016-2548: The ALSA slave timer list handling was hardened against hangs and races. (CVE-2016-2547,CVE-2016-2548,bsc#968011,bsc#968012). - CVE-2016-2549: A stall in ALSA hrtimer handling was fixed (bsc#968013). - CVE-2016-2782: A malicious USB device could cause kernel crashes in the visor device driver (bnc#968670). - CVE-2016-3137: A malicious USB device could cause kernel crashes in the cypress_m8 device driver (bnc#970970). - CVE-2016-3139: A malicious USB device could cause kernel crashes in the wacom device driver (bnc#970909). - CVE-2016-3140: A malicious USB device could cause kernel crashes in the digi_acceleport device driver (bnc#970892). - CVE-2016-3156: A quadratic algorithm could lead to long kernel ipv4 hangs when removing a device with a large number of addresses. (bsc#971360). - CVE-2016-3955: A remote buffer overflow in the usbip driver could be used by authenticated attackers to crash the kernel. (bsc#975945) - CVE-2016-2847: A local user could exhaust kernel memory by pushing lots of data into pipes. (bsc#970948). - CVE-2016-2188: A malicious USB device could cause kernel crashes in the iowarrior device driver (bnc#970956). - CVE-2016-3138: A malicious USB device could cause kernel crashes in the cdc-acm device driver (bnc#970911). The following non-security bugs were fixed: - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570). - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976). - blktap: refine mm tracking (bsc#952976). - cachefiles: Avoid deadlocks with fs freezing (bsc#935123). - cifs: Schedule on hard mount retry (bsc#941514). - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646). - dcache: use IS_ROOT to decide where dentry is hashed (bsc#949752). - driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276). - drm/i915: Evict CS TLBs between batches (bsc#758040). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - e1000e: Do not read ICR in Other interrupt (bsc#924919). - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919). - e1000e: Fix msi-x interrupt automask (bsc#924919). - e1000e: Remove unreachable code (bsc#924919). - ext3: fix data=journal fast mount/umount hang (bsc#942082). - ext3: NULL dereference in ext3_evict_inode() (bsc#942082). - firmware: Create directories for external firmware (bsc#959312). - firmware: Simplify directory creation (bsc#959312). - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123). - fs: Fix deadlocks between sync and fs freezing (bsc#935123). - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375). - ipr: Fix incorrect trace indexing (bsc#940913). - ipr: Fix invalid array indexing for HRRQ (bsc#940913). - ipv6: make fib6 serial number per namespace (bsc#965319). - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs (bsc#956852). - ipv6: per netns fib6 walkers (bsc#965319). - ipv6: per netns FIB garbage collection (bsc#965319). - ipv6: replace global gc_args with local variable (bsc#965319). - jbd: Fix unreclaimed pages after truncate in data=journal mode (bsc#961516). - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319). - kbuild: create directory for dir/file.o (bsc#959312). - kexec: Fix race between panic() and crash_kexec() called directly (bnc#937444). - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392). - mld, igmp: Fix reserved tailroom calculation (bsc#956852). - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307). - netfilter: xt_recent: fix namespace destroy path (bsc#879378). - nfs4: treat lock owners as opaque values (bnc#968141). - nfs: Fix handling of re-write-before-commit for mmapped NFS pages (bsc#964201). - nfs: use smaller allocations for 'struct id_map' (bsc#965923). - nfsv4: Fix two infinite loops in the mount code (bsc#954628). - nfsv4: Recovery of recalled read delegations is broken (bsc#956514). - panic/x86: Allow cpus to save registers even if they (bnc#940946). - panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - pciback: do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set. - pciback: for XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled. - pciback: return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled. - pciback: return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled. - pci: Update VPD size with correct length (bsc#958906). - quota: Fix deadlock with suspend and quotas (bsc#935123). - rdma/ucma: Fix AB-BA deadlock (bsc#963998). - README.BRANCH: Switch to LTSS mode - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch (bsc#959705). - Restore kabi after lock-owner change (bnc#968141). - s390/pageattr: Do a single TLB flush for change_page_attr (bsc#940413). - scsi_dh_rdac: always retry MODE SELECT on command lock violation (bsc#956949). - scsi: mpt2sas: Rearrange the the code so that the completion queues are initialized prior to sending the request to controller firmware (bsc#967863). - skb: Add inline helper for getting the skb end offset from head (bsc#956852). - sunrcp: restore fair scheduling to priority queues (bsc#955308). - sunrpc: refactor rpcauth_checkverf error returns (bsc#955673). - tcp: avoid order-1 allocations on wifi and tx path (bsc#956852). - tcp: fix skb_availroom() (bsc#956852). - tg3: 5715 does not link up when autoneg off (bsc#904035). - Update patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch (bnc#940017, bnc#949298, bnc#947128). - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT when the device is removed (bnc#956375). - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and TIOCGICOUNT (bnc#956375). - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375). - usb: ftdi_sio: fix tiocmget indentation (bnc#956375). - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375). - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375). - usb: ftdi_sio: remove unnecessary memset (bnc#956375). - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375). - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375). - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375). - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375). - usbvision fix overflow of interfaces array (bnc#950998). - veth: extend device features (bsc#879381). - vfs: Provide function to get superblock and wait for it to thaw (bsc#935123). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912). - vmxnet3: fix ethtool ring buffer size setting (bsc#950750). - vmxnet3: fix netpoll race condition (bsc#958912). - writeback: Skip writeback for frozen filesystem (bsc#935123). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518). - x86, kvm: fix maintenance of guest/host xcr0 state (bsc#961518). - x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518). - x86/mce: Fix return value of mce_chrdev_read() when erst is disabled (bsc#934787). - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946). - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444). - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330). - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330). - xfrm: do not segment UFO packets (bsc#946122). - xhci: silence TD warning (bnc#939955). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-kernel-20160414-12537=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-kernel-20160414-12537=1 - SUSE Manager 2.1: zypper in -t patch sleman21-kernel-20160414-12537=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-20160414-12537=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20160414-12537=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-20160414-12537=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): kernel-bigsmp-3.0.101-0.47.79.1 kernel-bigsmp-base-3.0.101-0.47.79.1 kernel-bigsmp-devel-3.0.101-0.47.79.1 kernel-default-3.0.101-0.47.79.1 kernel-default-base-3.0.101-0.47.79.1 kernel-default-devel-3.0.101-0.47.79.1 kernel-ec2-3.0.101-0.47.79.1 kernel-ec2-base-3.0.101-0.47.79.1 kernel-ec2-devel-3.0.101-0.47.79.1 kernel-source-3.0.101-0.47.79.1 kernel-syms-3.0.101-0.47.79.1 kernel-trace-3.0.101-0.47.79.1 kernel-trace-base-3.0.101-0.47.79.1 kernel-trace-devel-3.0.101-0.47.79.1 kernel-xen-3.0.101-0.47.79.1 kernel-xen-base-3.0.101-0.47.79.1 kernel-xen-devel-3.0.101-0.47.79.1 - SUSE Manager Proxy 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.79.1 kernel-bigsmp-base-3.0.101-0.47.79.1 kernel-bigsmp-devel-3.0.101-0.47.79.1 kernel-default-3.0.101-0.47.79.1 kernel-default-base-3.0.101-0.47.79.1 kernel-default-devel-3.0.101-0.47.79.1 kernel-ec2-3.0.101-0.47.79.1 kernel-ec2-base-3.0.101-0.47.79.1 kernel-ec2-devel-3.0.101-0.47.79.1 kernel-source-3.0.101-0.47.79.1 kernel-syms-3.0.101-0.47.79.1 kernel-trace-3.0.101-0.47.79.1 kernel-trace-base-3.0.101-0.47.79.1 kernel-trace-devel-3.0.101-0.47.79.1 kernel-xen-3.0.101-0.47.79.1 kernel-xen-base-3.0.101-0.47.79.1 kernel-xen-devel-3.0.101-0.47.79.1 - SUSE Manager 2.1 (s390x x86_64): kernel-default-3.0.101-0.47.79.1 kernel-default-base-3.0.101-0.47.79.1 kernel-default-devel-3.0.101-0.47.79.1 kernel-source-3.0.101-0.47.79.1 kernel-syms-3.0.101-0.47.79.1 kernel-trace-3.0.101-0.47.79.1 kernel-trace-base-3.0.101-0.47.79.1 kernel-trace-devel-3.0.101-0.47.79.1 - SUSE Manager 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.79.1 kernel-bigsmp-base-3.0.101-0.47.79.1 kernel-bigsmp-devel-3.0.101-0.47.79.1 kernel-ec2-3.0.101-0.47.79.1 kernel-ec2-base-3.0.101-0.47.79.1 kernel-ec2-devel-3.0.101-0.47.79.1 kernel-xen-3.0.101-0.47.79.1 kernel-xen-base-3.0.101-0.47.79.1 kernel-xen-devel-3.0.101-0.47.79.1 - SUSE Manager 2.1 (s390x): kernel-default-man-3.0.101-0.47.79.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.79.1 kernel-default-base-3.0.101-0.47.79.1 kernel-default-devel-3.0.101-0.47.79.1 kernel-source-3.0.101-0.47.79.1 kernel-syms-3.0.101-0.47.79.1 kernel-trace-3.0.101-0.47.79.1 kernel-trace-base-3.0.101-0.47.79.1 kernel-trace-devel-3.0.101-0.47.79.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.79.1 kernel-ec2-base-3.0.101-0.47.79.1 kernel-ec2-devel-3.0.101-0.47.79.1 kernel-xen-3.0.101-0.47.79.1 kernel-xen-base-3.0.101-0.47.79.1 kernel-xen-devel-3.0.101-0.47.79.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.79.1 kernel-bigsmp-base-3.0.101-0.47.79.1 kernel-bigsmp-devel-3.0.101-0.47.79.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.79.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.79.1 kernel-pae-base-3.0.101-0.47.79.1 kernel-pae-devel-3.0.101-0.47.79.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.79.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.79.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.79.1 kernel-trace-extra-3.0.101-0.47.79.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.79.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.79.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.79.1 kernel-default-debugsource-3.0.101-0.47.79.1 kernel-trace-debuginfo-3.0.101-0.47.79.1 kernel-trace-debugsource-3.0.101-0.47.79.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.79.1 kernel-ec2-debugsource-3.0.101-0.47.79.1 kernel-xen-debuginfo-3.0.101-0.47.79.1 kernel-xen-debugsource-3.0.101-0.47.79.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.79.1 kernel-bigsmp-debugsource-3.0.101-0.47.79.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.79.1 kernel-pae-debugsource-3.0.101-0.47.79.1 References: https://www.suse.com/security/cve/CVE-2013-7446.html https://www.suse.com/security/cve/CVE-2015-7509.html https://www.suse.com/security/cve/CVE-2015-7515.html https://www.suse.com/security/cve/CVE-2015-7550.html https://www.suse.com/security/cve/CVE-2015-7566.html https://www.suse.com/security/cve/CVE-2015-7799.html https://www.suse.com/security/cve/CVE-2015-8215.html https://www.suse.com/security/cve/CVE-2015-8539.html https://www.suse.com/security/cve/CVE-2015-8543.html https://www.suse.com/security/cve/CVE-2015-8550.html https://www.suse.com/security/cve/CVE-2015-8551.html https://www.suse.com/security/cve/CVE-2015-8552.html https://www.suse.com/security/cve/CVE-2015-8569.html https://www.suse.com/security/cve/CVE-2015-8575.html https://www.suse.com/security/cve/CVE-2015-8767.html https://www.suse.com/security/cve/CVE-2015-8785.html https://www.suse.com/security/cve/CVE-2015-8812.html https://www.suse.com/security/cve/CVE-2015-8816.html https://www.suse.com/security/cve/CVE-2016-0723.html https://www.suse.com/security/cve/CVE-2016-2069.html https://www.suse.com/security/cve/CVE-2016-2143.html https://www.suse.com/security/cve/CVE-2016-2184.html https://www.suse.com/security/cve/CVE-2016-2185.html https://www.suse.com/security/cve/CVE-2016-2186.html https://www.suse.com/security/cve/CVE-2016-2188.html https://www.suse.com/security/cve/CVE-2016-2384.html https://www.suse.com/security/cve/CVE-2016-2543.html https://www.suse.com/security/cve/CVE-2016-2544.html https://www.suse.com/security/cve/CVE-2016-2545.html https://www.suse.com/security/cve/CVE-2016-2546.html https://www.suse.com/security/cve/CVE-2016-2547.html https://www.suse.com/security/cve/CVE-2016-2548.html https://www.suse.com/security/cve/CVE-2016-2549.html https://www.suse.com/security/cve/CVE-2016-2782.html https://www.suse.com/security/cve/CVE-2016-2847.html https://www.suse.com/security/cve/CVE-2016-3137.html https://www.suse.com/security/cve/CVE-2016-3138.html https://www.suse.com/security/cve/CVE-2016-3139.html https://www.suse.com/security/cve/CVE-2016-3140.html https://www.suse.com/security/cve/CVE-2016-3156.html https://www.suse.com/security/cve/CVE-2016-3955.html https://bugzilla.suse.com/758040 https://bugzilla.suse.com/781018 https://bugzilla.suse.com/879378 https://bugzilla.suse.com/879381 https://bugzilla.suse.com/904035 https://bugzilla.suse.com/924919 https://bugzilla.suse.com/934787 https://bugzilla.suse.com/935123 https://bugzilla.suse.com/937444 https://bugzilla.suse.com/939955 https://bugzilla.suse.com/940017 https://bugzilla.suse.com/940413 https://bugzilla.suse.com/940913 https://bugzilla.suse.com/940946 https://bugzilla.suse.com/941514 https://bugzilla.suse.com/942082 https://bugzilla.suse.com/946122 https://bugzilla.suse.com/947128 https://bugzilla.suse.com/948330 https://bugzilla.suse.com/949298 https://bugzilla.suse.com/949752 https://bugzilla.suse.com/949936 https://bugzilla.suse.com/950750 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/951392 https://bugzilla.suse.com/952976 https://bugzilla.suse.com/954628 https://bugzilla.suse.com/955308 https://bugzilla.suse.com/955354 https://bugzilla.suse.com/955654 https://bugzilla.suse.com/955673 https://bugzilla.suse.com/956375 https://bugzilla.suse.com/956514 https://bugzilla.suse.com/956707 https://bugzilla.suse.com/956708 https://bugzilla.suse.com/956709 https://bugzilla.suse.com/956852 https://bugzilla.suse.com/956949 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/957990 https://bugzilla.suse.com/958463 https://bugzilla.suse.com/958886 https://bugzilla.suse.com/958906 https://bugzilla.suse.com/958912 https://bugzilla.suse.com/958951 https://bugzilla.suse.com/959190 https://bugzilla.suse.com/959312 https://bugzilla.suse.com/959399 https://bugzilla.suse.com/959705 https://bugzilla.suse.com/960857 https://bugzilla.suse.com/961500 https://bugzilla.suse.com/961509 https://bugzilla.suse.com/961512 https://bugzilla.suse.com/961516 https://bugzilla.suse.com/961518 https://bugzilla.suse.com/963276 https://bugzilla.suse.com/963765 https://bugzilla.suse.com/963767 https://bugzilla.suse.com/963998 https://bugzilla.suse.com/964201 https://bugzilla.suse.com/965319 https://bugzilla.suse.com/965923 https://bugzilla.suse.com/966437 https://bugzilla.suse.com/966693 https://bugzilla.suse.com/967863 https://bugzilla.suse.com/967972 https://bugzilla.suse.com/967973 https://bugzilla.suse.com/967974 https://bugzilla.suse.com/967975 https://bugzilla.suse.com/968010 https://bugzilla.suse.com/968011 https://bugzilla.suse.com/968012 https://bugzilla.suse.com/968013 https://bugzilla.suse.com/968141 https://bugzilla.suse.com/968670 https://bugzilla.suse.com/969307 https://bugzilla.suse.com/970504 https://bugzilla.suse.com/970892 https://bugzilla.suse.com/970909 https://bugzilla.suse.com/970911 https://bugzilla.suse.com/970948 https://bugzilla.suse.com/970956 https://bugzilla.suse.com/970958 https://bugzilla.suse.com/970970 https://bugzilla.suse.com/971124 https://bugzilla.suse.com/971125 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/973570 https://bugzilla.suse.com/974646 https://bugzilla.suse.com/975945 From sle-updates at lists.suse.com Tue May 3 11:23:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2016 19:23:30 +0200 (CEST) Subject: SUSE-SU-2016:1204-1: moderate: Security update for libxml2 Message-ID: <20160503172330.244C3FF63@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1204-1 Rating: moderate References: #972335 #975947 Cross-References: CVE-2016-3627 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the "Billion Laughs" denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore, specially crafted XML documents could exhaust all available stack space and crash the XML parser without running into the recursion limit. This vulnerability has been fixed. (bsc#975947) - When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack. (CVE-2016-3627, bsc#972335) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-709=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-709=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-709=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-709=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-709=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-709=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-20.1 libxml2-devel-2.9.1-20.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-20.1 libxml2-devel-2.9.1-20.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libxml2-2-2.9.1-20.1 libxml2-2-debuginfo-2.9.1-20.1 libxml2-debugsource-2.9.1-20.1 libxml2-tools-2.9.1-20.1 libxml2-tools-debuginfo-2.9.1-20.1 python-libxml2-2.9.1-20.1 python-libxml2-debuginfo-2.9.1-20.1 python-libxml2-debugsource-2.9.1-20.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libxml2-2-32bit-2.9.1-20.1 libxml2-2-debuginfo-32bit-2.9.1-20.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): libxml2-doc-2.9.1-20.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libxml2-2-2.9.1-20.1 libxml2-2-debuginfo-2.9.1-20.1 libxml2-debugsource-2.9.1-20.1 libxml2-tools-2.9.1-20.1 libxml2-tools-debuginfo-2.9.1-20.1 python-libxml2-2.9.1-20.1 python-libxml2-debuginfo-2.9.1-20.1 python-libxml2-debugsource-2.9.1-20.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libxml2-2-32bit-2.9.1-20.1 libxml2-2-debuginfo-32bit-2.9.1-20.1 - SUSE Linux Enterprise Server 12 (noarch): libxml2-doc-2.9.1-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libxml2-2-2.9.1-20.1 libxml2-2-32bit-2.9.1-20.1 libxml2-2-debuginfo-2.9.1-20.1 libxml2-2-debuginfo-32bit-2.9.1-20.1 libxml2-debugsource-2.9.1-20.1 libxml2-tools-2.9.1-20.1 libxml2-tools-debuginfo-2.9.1-20.1 python-libxml2-2.9.1-20.1 python-libxml2-debuginfo-2.9.1-20.1 python-libxml2-debugsource-2.9.1-20.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libxml2-2-2.9.1-20.1 libxml2-2-32bit-2.9.1-20.1 libxml2-2-debuginfo-2.9.1-20.1 libxml2-2-debuginfo-32bit-2.9.1-20.1 libxml2-debugsource-2.9.1-20.1 libxml2-tools-2.9.1-20.1 libxml2-tools-debuginfo-2.9.1-20.1 python-libxml2-2.9.1-20.1 python-libxml2-debuginfo-2.9.1-20.1 python-libxml2-debugsource-2.9.1-20.1 References: https://www.suse.com/security/cve/CVE-2016-3627.html https://bugzilla.suse.com/972335 https://bugzilla.suse.com/975947 From sle-updates at lists.suse.com Tue May 3 11:23:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2016 19:23:59 +0200 (CEST) Subject: SUSE-SU-2016:1205-1: moderate: Security update for libxml2 Message-ID: <20160503172359.A5D9FFF6C@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1205-1 Rating: moderate References: #972335 #975947 Cross-References: CVE-2016-3627 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the "Billion Laughs" denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore, specially crafted XML documents could exhaust all available stack space and crash the XML parser without running into the recursion limit. This vulnerability has been fixed. (bsc#975947) - When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack. (CVE-2016-3627, bsc#972335) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-12538=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-12538=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-12538=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.40.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.40.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.40.1 libxml2-doc-2.7.6-0.40.1 libxml2-python-2.7.6-0.40.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.40.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.40.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.40.1 libxml2-debugsource-2.7.6-0.40.1 libxml2-python-debuginfo-2.7.6-0.40.3 libxml2-python-debugsource-2.7.6-0.40.3 References: https://www.suse.com/security/cve/CVE-2016-3627.html https://bugzilla.suse.com/972335 https://bugzilla.suse.com/975947 From sle-updates at lists.suse.com Tue May 3 14:08:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 May 2016 22:08:21 +0200 (CEST) Subject: SUSE-SU-2016:1206-1: important: Security update for openssl1 Message-ID: <20160503200821.C7535FF4D@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1206-1 Rating: important References: #889013 #971354 #976942 #976943 #977614 #977615 #977616 #977617 #977621 Cross-References: CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) Bugs fixed: - bsc#971354: libopenssl1_0_0 now Recommends: openssl1 to get correct SSL Root Certificate hashes - bsc#889013: Rename README.SuSE to the new spelling README.SUSE - bsc#976943: Fixed a buffer overrun in ASN1_parse. - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-12539=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.47.1 libopenssl1_0_0-1.0.1g-0.47.1 openssl1-1.0.1g-0.47.1 openssl1-doc-1.0.1g-0.47.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.47.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.47.1 References: https://www.suse.com/security/cve/CVE-2016-2105.html https://www.suse.com/security/cve/CVE-2016-2106.html https://www.suse.com/security/cve/CVE-2016-2107.html https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-2109.html https://bugzilla.suse.com/889013 https://bugzilla.suse.com/971354 https://bugzilla.suse.com/976942 https://bugzilla.suse.com/976943 https://bugzilla.suse.com/977614 https://bugzilla.suse.com/977615 https://bugzilla.suse.com/977616 https://bugzilla.suse.com/977617 https://bugzilla.suse.com/977621 From sle-updates at lists.suse.com Tue May 3 17:07:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2016 01:07:54 +0200 (CEST) Subject: SUSE-RU-2016:1210-1: Recommended update for Mesa, libGLw Message-ID: <20160503230754.C28C5FF4D@maintenance.suse.de> SUSE Recommended Update: Recommended update for Mesa, libGLw ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1210-1 Rating: low References: #945444 #962609 #970725 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for Mesa and libGLw provides fixes and enhancements. Mesa: - Add separate definition of GLAPIVAR as GLAPI doesn't have the an 'extern' for some compiler versions. This is needed for GLw. (bsc#970725) - Check for dummyContext to see if the glx_context is valid. (bsc#962609) - Fix crash due to early miptree release. (bsc#945444) libGLw: - Use newly introduced GLAPIVAR instead of GLAPI for variable declarations. This adds an 'extern' in cases where GLAPI doesn't have one and avoids a variable declaration to become a definition. (bsc#970725) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-713=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-713=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-713=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-713=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-713=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-713=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-713=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-713=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): Mesa-debuginfo-32bit-10.0.2-97.1 Mesa-debugsource-10.0.2-97.1 Mesa-libGLESv2-2-32bit-10.0.2-97.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-97.1 libGLw-debugsource-7.11.2-14.1 libGLw1-32bit-7.11.2-14.1 libGLw1-7.11.2-14.1 libGLw1-debuginfo-32bit-7.11.2-14.1 libGLw1-debuginfo-7.11.2-14.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): Mesa-debuginfo-32bit-10.0.2-97.1 Mesa-libGLESv2-2-32bit-10.0.2-97.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-97.1 libGLw-debugsource-7.11.2-14.1 libGLw1-32bit-7.11.2-14.1 libGLw1-7.11.2-14.1 libGLw1-debuginfo-32bit-7.11.2-14.1 libGLw1-debuginfo-7.11.2-14.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): Mesa-debuginfo-10.0.2-97.1 Mesa-debugsource-10.0.2-97.1 Mesa-devel-10.0.2-97.1 Mesa-libEGL-devel-10.0.2-97.1 Mesa-libGL-devel-10.0.2-97.1 Mesa-libGLESv1_CM-devel-10.0.2-97.1 Mesa-libGLESv1_CM1-10.0.2-97.1 Mesa-libGLESv1_CM1-debuginfo-10.0.2-97.1 Mesa-libGLESv2-devel-10.0.2-97.1 Mesa-libGLESv3-devel-10.0.2-97.1 Mesa-libglapi-devel-10.0.2-97.1 libGLw-debugsource-7.11.2-14.1 libGLw-devel-7.11.2-14.1 libGLw1-7.11.2-14.1 libGLw1-debuginfo-7.11.2-14.1 libOSMesa-devel-10.0.2-97.1 libOSMesa9-10.0.2-97.1 libOSMesa9-debuginfo-10.0.2-97.1 libgbm-devel-10.0.2-97.1 libxatracker-devel-1.0.0-97.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): Mesa-debuginfo-32bit-10.0.2-97.1 libOSMesa9-32bit-10.0.2-97.1 libOSMesa9-debuginfo-32bit-10.0.2-97.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): Mesa-debuginfo-10.0.2-97.1 Mesa-debugsource-10.0.2-97.1 Mesa-devel-10.0.2-97.1 Mesa-libEGL-devel-10.0.2-97.1 Mesa-libGL-devel-10.0.2-97.1 Mesa-libGLESv1_CM-devel-10.0.2-97.1 Mesa-libGLESv1_CM1-10.0.2-97.1 Mesa-libGLESv1_CM1-debuginfo-10.0.2-97.1 Mesa-libGLESv2-devel-10.0.2-97.1 Mesa-libGLESv3-devel-10.0.2-97.1 Mesa-libglapi-devel-10.0.2-97.1 libGLw-debugsource-7.11.2-14.1 libGLw-devel-7.11.2-14.1 libGLw1-7.11.2-14.1 libGLw1-debuginfo-7.11.2-14.1 libOSMesa-devel-10.0.2-97.1 libOSMesa9-10.0.2-97.1 libOSMesa9-debuginfo-10.0.2-97.1 libgbm-devel-10.0.2-97.1 libxatracker-devel-1.0.0-97.1 - SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64): libOSMesa9-32bit-10.0.2-97.1 libOSMesa9-debuginfo-32bit-10.0.2-97.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): Mesa-10.0.2-97.1 Mesa-debuginfo-10.0.2-97.1 Mesa-debugsource-10.0.2-97.1 Mesa-libEGL1-10.0.2-97.1 Mesa-libEGL1-debuginfo-10.0.2-97.1 Mesa-libGL1-10.0.2-97.1 Mesa-libGL1-debuginfo-10.0.2-97.1 Mesa-libGLESv2-2-10.0.2-97.1 Mesa-libGLESv2-2-debuginfo-10.0.2-97.1 Mesa-libglapi0-10.0.2-97.1 Mesa-libglapi0-debuginfo-10.0.2-97.1 libgbm1-10.0.2-97.1 libgbm1-debuginfo-10.0.2-97.1 libxatracker2-1.0.0-97.1 libxatracker2-debuginfo-1.0.0-97.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): Mesa-32bit-10.0.2-97.1 Mesa-debuginfo-32bit-10.0.2-97.1 Mesa-libEGL1-32bit-10.0.2-97.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-97.1 Mesa-libGL1-32bit-10.0.2-97.1 Mesa-libGL1-debuginfo-32bit-10.0.2-97.1 Mesa-libglapi0-32bit-10.0.2-97.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-97.1 libgbm1-32bit-10.0.2-97.1 libgbm1-debuginfo-32bit-10.0.2-97.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): Mesa-10.0.2-97.1 Mesa-debuginfo-10.0.2-97.1 Mesa-debugsource-10.0.2-97.1 Mesa-libEGL1-10.0.2-97.1 Mesa-libEGL1-debuginfo-10.0.2-97.1 Mesa-libGL1-10.0.2-97.1 Mesa-libGL1-debuginfo-10.0.2-97.1 Mesa-libGLESv2-2-10.0.2-97.1 Mesa-libGLESv2-2-debuginfo-10.0.2-97.1 Mesa-libglapi0-10.0.2-97.1 Mesa-libglapi0-debuginfo-10.0.2-97.1 libgbm1-10.0.2-97.1 libgbm1-debuginfo-10.0.2-97.1 libxatracker2-1.0.0-97.1 libxatracker2-debuginfo-1.0.0-97.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): Mesa-32bit-10.0.2-97.1 Mesa-debuginfo-32bit-10.0.2-97.1 Mesa-libEGL1-32bit-10.0.2-97.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-97.1 Mesa-libGL1-32bit-10.0.2-97.1 Mesa-libGL1-debuginfo-32bit-10.0.2-97.1 Mesa-libglapi0-32bit-10.0.2-97.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-97.1 libgbm1-32bit-10.0.2-97.1 libgbm1-debuginfo-32bit-10.0.2-97.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): Mesa-10.0.2-97.1 Mesa-32bit-10.0.2-97.1 Mesa-debuginfo-10.0.2-97.1 Mesa-debuginfo-32bit-10.0.2-97.1 Mesa-debugsource-10.0.2-97.1 Mesa-libEGL1-10.0.2-97.1 Mesa-libEGL1-32bit-10.0.2-97.1 Mesa-libEGL1-debuginfo-10.0.2-97.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-97.1 Mesa-libGL1-10.0.2-97.1 Mesa-libGL1-32bit-10.0.2-97.1 Mesa-libGL1-debuginfo-10.0.2-97.1 Mesa-libGL1-debuginfo-32bit-10.0.2-97.1 Mesa-libGLESv2-2-10.0.2-97.1 Mesa-libGLESv2-2-32bit-10.0.2-97.1 Mesa-libGLESv2-2-debuginfo-10.0.2-97.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-97.1 Mesa-libglapi0-10.0.2-97.1 Mesa-libglapi0-32bit-10.0.2-97.1 Mesa-libglapi0-debuginfo-10.0.2-97.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-97.1 libGLw-debugsource-7.11.2-14.1 libGLw1-32bit-7.11.2-14.1 libGLw1-7.11.2-14.1 libGLw1-debuginfo-32bit-7.11.2-14.1 libGLw1-debuginfo-7.11.2-14.1 libgbm1-10.0.2-97.1 libgbm1-32bit-10.0.2-97.1 libgbm1-debuginfo-10.0.2-97.1 libgbm1-debuginfo-32bit-10.0.2-97.1 libxatracker2-1.0.0-97.1 libxatracker2-debuginfo-1.0.0-97.1 - SUSE Linux Enterprise Desktop 12 (x86_64): Mesa-10.0.2-97.1 Mesa-32bit-10.0.2-97.1 Mesa-debuginfo-10.0.2-97.1 Mesa-debuginfo-32bit-10.0.2-97.1 Mesa-debugsource-10.0.2-97.1 Mesa-libEGL1-10.0.2-97.1 Mesa-libEGL1-32bit-10.0.2-97.1 Mesa-libEGL1-debuginfo-10.0.2-97.1 Mesa-libEGL1-debuginfo-32bit-10.0.2-97.1 Mesa-libGL1-10.0.2-97.1 Mesa-libGL1-32bit-10.0.2-97.1 Mesa-libGL1-debuginfo-10.0.2-97.1 Mesa-libGL1-debuginfo-32bit-10.0.2-97.1 Mesa-libGLESv2-2-10.0.2-97.1 Mesa-libGLESv2-2-32bit-10.0.2-97.1 Mesa-libGLESv2-2-debuginfo-10.0.2-97.1 Mesa-libGLESv2-2-debuginfo-32bit-10.0.2-97.1 Mesa-libglapi0-10.0.2-97.1 Mesa-libglapi0-32bit-10.0.2-97.1 Mesa-libglapi0-debuginfo-10.0.2-97.1 Mesa-libglapi0-debuginfo-32bit-10.0.2-97.1 libGLw-debugsource-7.11.2-14.1 libGLw1-32bit-7.11.2-14.1 libGLw1-7.11.2-14.1 libGLw1-debuginfo-32bit-7.11.2-14.1 libGLw1-debuginfo-7.11.2-14.1 libgbm1-10.0.2-97.1 libgbm1-32bit-10.0.2-97.1 libgbm1-debuginfo-10.0.2-97.1 libgbm1-debuginfo-32bit-10.0.2-97.1 libxatracker2-1.0.0-97.1 libxatracker2-debuginfo-1.0.0-97.1 References: https://bugzilla.suse.com/945444 https://bugzilla.suse.com/962609 https://bugzilla.suse.com/970725 From sle-updates at lists.suse.com Wed May 4 08:14:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2016 16:14:11 +0200 (CEST) Subject: SUSE-SU-2016:1228-1: important: Security update for openssl Message-ID: <20160504141411.C128EF432@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1228-1 Rating: important References: #958501 #976942 #976943 #977614 #977615 #977616 #977617 #977621 Cross-References: CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - bsc#976943: Buffer overrun in ASN1_parse - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-715=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-715=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-715=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libopenssl-devel-1.0.1i-27.16.1 openssl-debuginfo-1.0.1i-27.16.1 openssl-debugsource-1.0.1i-27.16.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-27.16.1 libopenssl1_0_0-debuginfo-1.0.1i-27.16.1 libopenssl1_0_0-hmac-1.0.1i-27.16.1 openssl-1.0.1i-27.16.1 openssl-debuginfo-1.0.1i-27.16.1 openssl-debugsource-1.0.1i-27.16.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-27.16.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.16.1 libopenssl1_0_0-hmac-32bit-1.0.1i-27.16.1 - SUSE Linux Enterprise Server 12 (noarch): openssl-doc-1.0.1i-27.16.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libopenssl1_0_0-1.0.1i-27.16.1 libopenssl1_0_0-32bit-1.0.1i-27.16.1 libopenssl1_0_0-debuginfo-1.0.1i-27.16.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.16.1 openssl-1.0.1i-27.16.1 openssl-debuginfo-1.0.1i-27.16.1 openssl-debugsource-1.0.1i-27.16.1 References: https://www.suse.com/security/cve/CVE-2016-2105.html https://www.suse.com/security/cve/CVE-2016-2106.html https://www.suse.com/security/cve/CVE-2016-2107.html https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-2109.html https://bugzilla.suse.com/958501 https://bugzilla.suse.com/976942 https://bugzilla.suse.com/976943 https://bugzilla.suse.com/977614 https://bugzilla.suse.com/977615 https://bugzilla.suse.com/977616 https://bugzilla.suse.com/977617 https://bugzilla.suse.com/977621 From sle-updates at lists.suse.com Wed May 4 10:08:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2016 18:08:17 +0200 (CEST) Subject: SUSE-SU-2016:1231-1: important: Security update for compat-openssl097g Message-ID: <20160504160817.E9DBAF3FD@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1231-1 Rating: important References: #976942 #976943 #977615 #977617 Cross-References: CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 SUSE Linux Enterprise Server for SAP 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for compat-openssl097g fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) Bugs fixed: - bsc#976943: Fix buffer overrun in ASN1_parse Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-compat-openssl097g-12541=1 - SUSE Linux Enterprise Server for SAP 11-SP3: zypper in -t patch slesappsp3-compat-openssl097g-12541=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-compat-openssl097g-12541=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (ppc64 x86_64): compat-openssl097g-0.9.7g-146.22.44.1 compat-openssl097g-32bit-0.9.7g-146.22.44.1 - SUSE Linux Enterprise Server for SAP 11-SP3 (x86_64): compat-openssl097g-0.9.7g-146.22.44.1 compat-openssl097g-32bit-0.9.7g-146.22.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): compat-openssl097g-debuginfo-0.9.7g-146.22.44.1 compat-openssl097g-debugsource-0.9.7g-146.22.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): compat-openssl097g-debuginfo-32bit-0.9.7g-146.22.44.1 References: https://www.suse.com/security/cve/CVE-2016-2105.html https://www.suse.com/security/cve/CVE-2016-2106.html https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-2109.html https://bugzilla.suse.com/976942 https://bugzilla.suse.com/976943 https://bugzilla.suse.com/977615 https://bugzilla.suse.com/977617 From sle-updates at lists.suse.com Wed May 4 10:09:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2016 18:09:05 +0200 (CEST) Subject: SUSE-SU-2016:1232-1: moderate: Security update for nginx-1.0 Message-ID: <20160504160905.76EFBF404@maintenance.suse.de> SUSE Security Update: Security update for nginx-1.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1232-1 Rating: moderate References: #963775 #963778 #963781 Cross-References: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 Affected Products: SUSE Webyast 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nginx-1.0 fixes the following issues: Security fixes: - CVE-2016-0742: Invalid pointer dereference during DNS server response processing - CVE-2016-0747: Resource exhaustion through unlimited CNAME resolution - CVE-2016-0746: Use-after-free condition during CNAME response processing Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-nginx-1.0-12540=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-nginx-1.0-12540=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-nginx-1.0-12540=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): GeoIP-1.4.7-2.10.1 libGeoIP1-1.4.7-2.10.1 nginx-1.0-1.0.15-0.29.2 - SUSE Studio Onsite 1.3 (x86_64): libGeoIP1-1.4.7-2.10.1 nginx-1.0-1.0.15-0.29.2 - SUSE Lifecycle Management Server 1.3 (x86_64): GeoIP-1.4.7-2.10.1 libGeoIP1-1.4.7-2.10.1 nginx-1.0-1.0.15-0.29.2 References: https://www.suse.com/security/cve/CVE-2016-0742.html https://www.suse.com/security/cve/CVE-2016-0746.html https://www.suse.com/security/cve/CVE-2016-0747.html https://bugzilla.suse.com/963775 https://bugzilla.suse.com/963778 https://bugzilla.suse.com/963781 From sle-updates at lists.suse.com Wed May 4 10:09:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2016 18:09:42 +0200 (CEST) Subject: SUSE-SU-2016:1233-1: important: Security update for openssl Message-ID: <20160504160942.6CAF7F42E@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1233-1 Rating: important References: #958501 #976942 #976943 #977614 #977615 #977616 #977617 #977621 Cross-References: CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - bsc#976943: Buffer overrun in ASN1_parse - bsc#977621: Preserve negotiated digests for SNI (bsc#977621) - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-717=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-717=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-717=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libopenssl-devel-1.0.1i-47.1 openssl-debuginfo-1.0.1i-47.1 openssl-debugsource-1.0.1i-47.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-47.1 libopenssl1_0_0-debuginfo-1.0.1i-47.1 libopenssl1_0_0-hmac-1.0.1i-47.1 openssl-1.0.1i-47.1 openssl-debuginfo-1.0.1i-47.1 openssl-debugsource-1.0.1i-47.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-47.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-47.1 libopenssl1_0_0-hmac-32bit-1.0.1i-47.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): openssl-doc-1.0.1i-47.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libopenssl1_0_0-1.0.1i-47.1 libopenssl1_0_0-32bit-1.0.1i-47.1 libopenssl1_0_0-debuginfo-1.0.1i-47.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-47.1 openssl-1.0.1i-47.1 openssl-debuginfo-1.0.1i-47.1 openssl-debugsource-1.0.1i-47.1 References: https://www.suse.com/security/cve/CVE-2016-2105.html https://www.suse.com/security/cve/CVE-2016-2106.html https://www.suse.com/security/cve/CVE-2016-2107.html https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-2109.html https://bugzilla.suse.com/958501 https://bugzilla.suse.com/976942 https://bugzilla.suse.com/976943 https://bugzilla.suse.com/977614 https://bugzilla.suse.com/977615 https://bugzilla.suse.com/977616 https://bugzilla.suse.com/977617 https://bugzilla.suse.com/977621 From sle-updates at lists.suse.com Wed May 4 13:07:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2016 21:07:45 +0200 (CEST) Subject: SUSE-RU-2016:1234-1: Recommended update for release-notes-ha Message-ID: <20160504190745.A7341F399@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1234-1 Rating: low References: #976431 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise High Availability Extension 12 SP1. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-719=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (noarch): release-notes-ha-12.1.20160420-3.1 References: https://bugzilla.suse.com/976431 From sle-updates at lists.suse.com Wed May 4 14:07:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 May 2016 22:07:40 +0200 (CEST) Subject: SUSE-RU-2016:1236-1: moderate: Recommended update for autoyast2 Message-ID: <20160504200740.45BD2F399@maintenance.suse.de> SUSE Recommended Update: Recommended update for autoyast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1236-1 Rating: moderate References: #908356 #916628 #928303 #956730 #959723 #963137 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for autoyast2 provides the following fixes: - Evaluate the correct domain, network, product and product version when applying rules. (bsc#963137) - Evaluate the correct host IP in order to read the proper autoyast.xml file. (bsc#928303, bsc#908356, bsc#916628) - Check uptime instead of system time while waiting for systemd services to be restarted. (bsc#956730) - Fix nil exception error when starting installation with "autoyast=default". (bsc#959723) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-720=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-720=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (noarch): autoyast2-3.1.69.13-15.6 autoyast2-installation-3.1.69.13-15.6 - SUSE Linux Enterprise Desktop 12 (noarch): autoyast2-3.1.69.13-15.6 autoyast2-installation-3.1.69.13-15.6 References: https://bugzilla.suse.com/908356 https://bugzilla.suse.com/916628 https://bugzilla.suse.com/928303 https://bugzilla.suse.com/956730 https://bugzilla.suse.com/959723 https://bugzilla.suse.com/963137 From sle-updates at lists.suse.com Thu May 5 12:08:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2016 20:08:00 +0200 (CEST) Subject: SUSE-RU-2016:1244-1: moderate: Recommended update for vm-install Message-ID: <20160505180800.7B47EF399@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1244-1 Rating: moderate References: #915102 #928448 #942409 #942763 #952235 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for vm-install provides the following fixes: - Fix error after closing VM window during installation. (bsc#952235) - Fix "List indices must be integers, not strings" error when deploying VM. (bsc#942763) - Fix "A parameter is invalid or missing (memoryMB)" error when loading on s390s system. (bsc#942409) - Fix "Attempt to unlock mutex that was not locked" error. (bsc#915102) - Use correct driver for booting existing disk when running in console mode. (bsc#928448) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-723=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-723=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): vm-install-0.8.42-6.3.1 - SUSE Linux Enterprise Desktop 12 (x86_64): vm-install-0.8.42-6.3.1 References: https://bugzilla.suse.com/915102 https://bugzilla.suse.com/928448 https://bugzilla.suse.com/942409 https://bugzilla.suse.com/942763 https://bugzilla.suse.com/952235 From sle-updates at lists.suse.com Thu May 5 12:09:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2016 20:09:00 +0200 (CEST) Subject: SUSE-RU-2016:1245-1: Recommended update for sle-module-toolchain-release Message-ID: <20160505180900.67E1CF404@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-toolchain-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1245-1 Rating: low References: #961219 Affected Products: SUSE Linux Enterprise Module for Toolchain 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sle-module-toolchain-release drops patterns-toolchain-gcc5 from the product definition metadata. As a result, installing the Toolchain Module 12 won't, by default, trigger the installation of GCC5. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2016-721=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Toolchain 12 (ppc64le s390x x86_64): sle-module-toolchain-release-12-2.5 sle-module-toolchain-release-cd-12-2.5 References: https://bugzilla.suse.com/961219 From sle-updates at lists.suse.com Thu May 5 12:09:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 May 2016 20:09:20 +0200 (CEST) Subject: SUSE-RU-2016:1246-1: moderate: Recommended update for tigervnc Message-ID: <20160505180920.25724F3FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1246-1 Rating: moderate References: #952057 #963417 #964352 #977019 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for tigervnc fixes the following issues: - Bind to all addresses on given interface. (bsc#952057) - Add dependency on xauth and xorg-x11-fonts-core. (bsc#977019) - Add dependency on xkbcomp. (bsc#964352) - Fix zlib stream reset in tight encoding. (bsc#963417) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-722=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-722=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): tigervnc-1.4.3-11.1 tigervnc-debuginfo-1.4.3-11.1 tigervnc-debugsource-1.4.3-11.1 xorg-x11-Xvnc-1.4.3-11.1 xorg-x11-Xvnc-debuginfo-1.4.3-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): tigervnc-1.4.3-11.1 tigervnc-debuginfo-1.4.3-11.1 tigervnc-debugsource-1.4.3-11.1 xorg-x11-Xvnc-1.4.3-11.1 xorg-x11-Xvnc-debuginfo-1.4.3-11.1 References: https://bugzilla.suse.com/952057 https://bugzilla.suse.com/963417 https://bugzilla.suse.com/964352 https://bugzilla.suse.com/977019 From sle-updates at lists.suse.com Fri May 6 05:07:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2016 13:07:49 +0200 (CEST) Subject: SUSE-SU-2016:1247-1: important: Security update for ntp Message-ID: <20160506110749.F1BF0F399@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1247-1 Rating: important References: #782060 #905885 #910063 #916617 #920238 #926510 #936327 #937837 #942587 #944300 #946386 #951559 #951608 #951629 #954982 #956773 #962318 #962784 #962802 #962960 #962966 #962970 #962988 #962994 #962995 #962997 #963000 #963002 #975496 #975981 Cross-References: CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 28 vulnerabilities and has two fixes is now available. Description: ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes: - The "sntp" commandline tool changed its option handling in a major way, some options have been renamed or dropped. - "controlkey 1" is added during update to ntp.conf to allow sntp to work. - The local clock is being disabled during update. - ntpd is no longer running chrooted. Other functional changes: - ntp-signd is installed. - "enable mode7" can be added to the configuration to allow ntdpc to work as compatibility mode option. - "kod" was removed from the default restrictions. - SHA1 keys are used by default instead of MD5 keys. Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837) These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608). - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608). - CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608). - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608). - CVE-2015-7850: remote config logfile-keyfile (bsc#951608). - CVE-2015-7849: trusted key use-after-free (bsc#951608). - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608). - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608). - CVE-2015-7703: configuration directives "pidfile" and "driftfile" should only be allowed locally (bsc#951608). - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608). - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608). These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. - bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution. - bsc#905885: Use SHA1 instead of MD5 for symmetric keys. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - bsc#944300: Remove "kod" from the restrict line in ntp.conf. - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd. - Add a controlkey to ntp.conf to make the above work. - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore. - Add "addserver" as a new legacy action. - bsc#910063: Fix the comment regarding addserver in ntp.conf. - bsc#926510: Disable chroot by default. - bsc#920238: Enable ntpdc for backwards compatibility. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-727=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-727=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-727=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (noarch): yast2-ntp-client-devel-doc-3.1.12.4-8.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ntp-4.2.8p6-46.5.2 ntp-debuginfo-4.2.8p6-46.5.2 ntp-debugsource-4.2.8p6-46.5.2 ntp-doc-4.2.8p6-46.5.2 - SUSE Linux Enterprise Server 12 (noarch): yast2-ntp-client-3.1.12.4-8.2 - SUSE Linux Enterprise Desktop 12 (noarch): yast2-ntp-client-3.1.12.4-8.2 - SUSE Linux Enterprise Desktop 12 (x86_64): ntp-4.2.8p6-46.5.2 ntp-debuginfo-4.2.8p6-46.5.2 ntp-debugsource-4.2.8p6-46.5.2 ntp-doc-4.2.8p6-46.5.2 References: https://www.suse.com/security/cve/CVE-2015-5300.html https://www.suse.com/security/cve/CVE-2015-7691.html https://www.suse.com/security/cve/CVE-2015-7692.html https://www.suse.com/security/cve/CVE-2015-7701.html https://www.suse.com/security/cve/CVE-2015-7702.html https://www.suse.com/security/cve/CVE-2015-7703.html https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7848.html https://www.suse.com/security/cve/CVE-2015-7849.html https://www.suse.com/security/cve/CVE-2015-7850.html https://www.suse.com/security/cve/CVE-2015-7851.html https://www.suse.com/security/cve/CVE-2015-7852.html https://www.suse.com/security/cve/CVE-2015-7853.html https://www.suse.com/security/cve/CVE-2015-7854.html https://www.suse.com/security/cve/CVE-2015-7855.html https://www.suse.com/security/cve/CVE-2015-7871.html https://www.suse.com/security/cve/CVE-2015-7973.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2015-7975.html https://www.suse.com/security/cve/CVE-2015-7976.html https://www.suse.com/security/cve/CVE-2015-7977.html https://www.suse.com/security/cve/CVE-2015-7978.html https://www.suse.com/security/cve/CVE-2015-7979.html https://www.suse.com/security/cve/CVE-2015-8138.html https://www.suse.com/security/cve/CVE-2015-8139.html https://www.suse.com/security/cve/CVE-2015-8140.html https://www.suse.com/security/cve/CVE-2015-8158.html https://bugzilla.suse.com/782060 https://bugzilla.suse.com/905885 https://bugzilla.suse.com/910063 https://bugzilla.suse.com/916617 https://bugzilla.suse.com/920238 https://bugzilla.suse.com/926510 https://bugzilla.suse.com/936327 https://bugzilla.suse.com/937837 https://bugzilla.suse.com/942587 https://bugzilla.suse.com/944300 https://bugzilla.suse.com/946386 https://bugzilla.suse.com/951559 https://bugzilla.suse.com/951608 https://bugzilla.suse.com/951629 https://bugzilla.suse.com/954982 https://bugzilla.suse.com/956773 https://bugzilla.suse.com/962318 https://bugzilla.suse.com/962784 https://bugzilla.suse.com/962802 https://bugzilla.suse.com/962960 https://bugzilla.suse.com/962966 https://bugzilla.suse.com/962970 https://bugzilla.suse.com/962988 https://bugzilla.suse.com/962994 https://bugzilla.suse.com/962995 https://bugzilla.suse.com/962997 https://bugzilla.suse.com/963000 https://bugzilla.suse.com/963002 https://bugzilla.suse.com/975496 https://bugzilla.suse.com/975981 From sle-updates at lists.suse.com Fri May 6 05:13:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2016 13:13:03 +0200 (CEST) Subject: SUSE-SU-2016:1248-1: important: Security update for java-1_8_0-openjdk Message-ID: <20160506111303.BD875F399@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1248-1 Rating: important References: #976340 Cross-References: CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following security issues - April 2016 Oracle CPU (bsc#976340): - CVE-2016-0686: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. - CVE-2016-0687: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component - CVE-2016-0695: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to the Security Component - CVE-2016-3425: Unspecified vulnerability allowed remote attackers to affect availability via vectors related to JAXP - CVE-2016-3426: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to JCE - CVE-2016-3427: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-724=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-724=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.91-11.1 java-1_8_0-openjdk-debuginfo-1.8.0.91-11.1 java-1_8_0-openjdk-debugsource-1.8.0.91-11.1 java-1_8_0-openjdk-demo-1.8.0.91-11.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.91-11.1 java-1_8_0-openjdk-devel-1.8.0.91-11.1 java-1_8_0-openjdk-headless-1.8.0.91-11.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.91-11.1 java-1_8_0-openjdk-debuginfo-1.8.0.91-11.1 java-1_8_0-openjdk-debugsource-1.8.0.91-11.1 java-1_8_0-openjdk-headless-1.8.0.91-11.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.91-11.1 References: https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-0695.html https://www.suse.com/security/cve/CVE-2016-3425.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://bugzilla.suse.com/976340 From sle-updates at lists.suse.com Fri May 6 05:13:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2016 13:13:21 +0200 (CEST) Subject: SUSE-SU-2016:1249-1: moderate: Security update for subversion Message-ID: <20160506111321.32341F404@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1249-1 Rating: moderate References: #911620 #969159 #976849 #976850 Cross-References: CVE-2016-2167 CVE-2016-2168 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for subversion fixes the following issues: - CVE-2016-2167: mod_authz_svn: DoS in MOVE/COPY authorization check (bsc#976849) - CVE-2016-2168: svnserve/sasl may authenticate users using the wrong realm (bsc#976850) The following non-security bugs were fixed: - bsc#969159: subversion dependencies did not enforce matching password store - bsc#911620: svnserve could not be started via YaST Service manager Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-726=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-726=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.8.10-21.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.10-21.1 libsvn_auth_kwallet-1-0-1.8.10-21.1 libsvn_auth_kwallet-1-0-debuginfo-1.8.10-21.1 subversion-1.8.10-21.1 subversion-debuginfo-1.8.10-21.1 subversion-debugsource-1.8.10-21.1 subversion-devel-1.8.10-21.1 subversion-perl-1.8.10-21.1 subversion-perl-debuginfo-1.8.10-21.1 subversion-python-1.8.10-21.1 subversion-python-debuginfo-1.8.10-21.1 subversion-server-1.8.10-21.1 subversion-server-debuginfo-1.8.10-21.1 subversion-tools-1.8.10-21.1 subversion-tools-debuginfo-1.8.10-21.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): subversion-bash-completion-1.8.10-21.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.8.10-21.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.8.10-21.1 libsvn_auth_kwallet-1-0-1.8.10-21.1 libsvn_auth_kwallet-1-0-debuginfo-1.8.10-21.1 subversion-1.8.10-21.1 subversion-debuginfo-1.8.10-21.1 subversion-debugsource-1.8.10-21.1 subversion-devel-1.8.10-21.1 subversion-perl-1.8.10-21.1 subversion-perl-debuginfo-1.8.10-21.1 subversion-python-1.8.10-21.1 subversion-python-debuginfo-1.8.10-21.1 subversion-server-1.8.10-21.1 subversion-server-debuginfo-1.8.10-21.1 subversion-tools-1.8.10-21.1 subversion-tools-debuginfo-1.8.10-21.1 - SUSE Linux Enterprise Software Development Kit 12 (noarch): subversion-bash-completion-1.8.10-21.1 References: https://www.suse.com/security/cve/CVE-2016-2167.html https://www.suse.com/security/cve/CVE-2016-2168.html https://bugzilla.suse.com/911620 https://bugzilla.suse.com/969159 https://bugzilla.suse.com/976849 https://bugzilla.suse.com/976850 From sle-updates at lists.suse.com Fri May 6 05:14:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2016 13:14:05 +0200 (CEST) Subject: SUSE-SU-2016:1250-1: important: Security update for java-1_7_0-openjdk Message-ID: <20160506111405.20101F3FD@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1250-1 Rating: important References: #976340 Cross-References: CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues. These security issues were fixed: - CVE-2016-0686: Ensure thread consistency (bsc#976340). - CVE-2016-0687: Better byte behavior (bsc#976340). - CVE-2016-0695: Make DSA more fair (bsc#976340). - CVE-2016-3425: Better buffering of XML strings (bsc#976340). - CVE-2016-3427: Improve JMX connections (bsc#976340). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-725=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-725=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-725=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-725=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.101-30.1 java-1_7_0-openjdk-debuginfo-1.7.0.101-30.1 java-1_7_0-openjdk-debugsource-1.7.0.101-30.1 java-1_7_0-openjdk-demo-1.7.0.101-30.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.101-30.1 java-1_7_0-openjdk-devel-1.7.0.101-30.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.101-30.1 java-1_7_0-openjdk-headless-1.7.0.101-30.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.101-30.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_0-openjdk-1.7.0.101-30.1 java-1_7_0-openjdk-debuginfo-1.7.0.101-30.1 java-1_7_0-openjdk-debugsource-1.7.0.101-30.1 java-1_7_0-openjdk-demo-1.7.0.101-30.1 java-1_7_0-openjdk-demo-debuginfo-1.7.0.101-30.1 java-1_7_0-openjdk-devel-1.7.0.101-30.1 java-1_7_0-openjdk-devel-debuginfo-1.7.0.101-30.1 java-1_7_0-openjdk-headless-1.7.0.101-30.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.101-30.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_7_0-openjdk-1.7.0.101-30.1 java-1_7_0-openjdk-debuginfo-1.7.0.101-30.1 java-1_7_0-openjdk-debugsource-1.7.0.101-30.1 java-1_7_0-openjdk-headless-1.7.0.101-30.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.101-30.1 - SUSE Linux Enterprise Desktop 12 (x86_64): java-1_7_0-openjdk-1.7.0.101-30.1 java-1_7_0-openjdk-debuginfo-1.7.0.101-30.1 java-1_7_0-openjdk-debugsource-1.7.0.101-30.1 java-1_7_0-openjdk-headless-1.7.0.101-30.1 java-1_7_0-openjdk-headless-debuginfo-1.7.0.101-30.1 References: https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-0695.html https://www.suse.com/security/cve/CVE-2016-3425.html https://www.suse.com/security/cve/CVE-2016-3427.html https://bugzilla.suse.com/976340 From sle-updates at lists.suse.com Fri May 6 11:07:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2016 19:07:58 +0200 (CEST) Subject: SUSE-RU-2016:1253-1: Recommended update for apache2-mod_nss Message-ID: <20160506170758.A2D58F3FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1253-1 Rating: low References: #952691 #954447 #961907 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for apache2-mod_nss fixes the following issues: - Add more ciphers to mod_nss.conf.in: (bsc#952691) * ecdhe_rsa_aes_128_sha256 * rsa_aes_128_sha256 * rsa_aes_256_sha256 - Add support for DHE ciphers: (bsc#954447) * dhe_rsa_3des_sha * dhe_rsa_aes_128_sha * dhe_rsa_aes_256_sha * dhe_rsa_camellia_128_sha * dhe_rsa_camellia_256_sha * dhe_rsa_aes_128_sha_256 * dhe_rsa_aes_256_sha_256 * dhe_rsa_aes_128_gcm_sha_256 - Use whitelist for keeping directives in migrate.pl. (bsc#961907) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-731=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): apache2-mod_nss-1.0.8-15.1 apache2-mod_nss-debuginfo-1.0.8-15.1 apache2-mod_nss-debugsource-1.0.8-15.1 References: https://bugzilla.suse.com/952691 https://bugzilla.suse.com/954447 https://bugzilla.suse.com/961907 From sle-updates at lists.suse.com Fri May 6 11:08:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2016 19:08:33 +0200 (CEST) Subject: SUSE-RU-2016:1254-1: Recommended update for rsyslog Message-ID: <20160506170833.A90EDF3FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1254-1 Rating: low References: #958728 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog provides the following fixes: - Allow rsyslog to bind to UDP sockets with an IP address that is not yet configured in any local network interface. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-728=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-728=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-728=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-728=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): rsyslog-8.4.0-11.1 rsyslog-debuginfo-8.4.0-11.1 rsyslog-debugsource-8.4.0-11.1 rsyslog-diag-tools-8.4.0-11.1 rsyslog-diag-tools-debuginfo-8.4.0-11.1 rsyslog-doc-8.4.0-11.1 rsyslog-module-gssapi-8.4.0-11.1 rsyslog-module-gssapi-debuginfo-8.4.0-11.1 rsyslog-module-gtls-8.4.0-11.1 rsyslog-module-gtls-debuginfo-8.4.0-11.1 rsyslog-module-mysql-8.4.0-11.1 rsyslog-module-mysql-debuginfo-8.4.0-11.1 rsyslog-module-pgsql-8.4.0-11.1 rsyslog-module-pgsql-debuginfo-8.4.0-11.1 rsyslog-module-relp-8.4.0-11.1 rsyslog-module-relp-debuginfo-8.4.0-11.1 rsyslog-module-snmp-8.4.0-11.1 rsyslog-module-snmp-debuginfo-8.4.0-11.1 rsyslog-module-udpspoof-8.4.0-11.1 rsyslog-module-udpspoof-debuginfo-8.4.0-11.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): rsyslog-8.4.0-11.1 rsyslog-debuginfo-8.4.0-11.1 rsyslog-debugsource-8.4.0-11.1 rsyslog-diag-tools-8.4.0-11.1 rsyslog-diag-tools-debuginfo-8.4.0-11.1 rsyslog-doc-8.4.0-11.1 rsyslog-module-gssapi-8.4.0-11.1 rsyslog-module-gssapi-debuginfo-8.4.0-11.1 rsyslog-module-gtls-8.4.0-11.1 rsyslog-module-gtls-debuginfo-8.4.0-11.1 rsyslog-module-mysql-8.4.0-11.1 rsyslog-module-mysql-debuginfo-8.4.0-11.1 rsyslog-module-pgsql-8.4.0-11.1 rsyslog-module-pgsql-debuginfo-8.4.0-11.1 rsyslog-module-relp-8.4.0-11.1 rsyslog-module-relp-debuginfo-8.4.0-11.1 rsyslog-module-snmp-8.4.0-11.1 rsyslog-module-snmp-debuginfo-8.4.0-11.1 rsyslog-module-udpspoof-8.4.0-11.1 rsyslog-module-udpspoof-debuginfo-8.4.0-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): rsyslog-8.4.0-11.1 rsyslog-debuginfo-8.4.0-11.1 rsyslog-debugsource-8.4.0-11.1 - SUSE Linux Enterprise Desktop 12 (x86_64): rsyslog-8.4.0-11.1 rsyslog-debuginfo-8.4.0-11.1 rsyslog-debugsource-8.4.0-11.1 References: https://bugzilla.suse.com/958728 From sle-updates at lists.suse.com Fri May 6 11:08:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2016 19:08:52 +0200 (CEST) Subject: SUSE-RU-2016:1255-1: Recommended update for pciutils-ids Message-ID: <20160506170852.96082F3FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils-ids ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1255-1 Rating: low References: #958712 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The system's PCI IDs database has been updated to version 2016.04.04. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-729=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-729=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-729=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-729=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): pciutils-ids-2016.04.04-11.1 - SUSE Linux Enterprise Server 12 (noarch): pciutils-ids-2016.04.04-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): pciutils-ids-2016.04.04-11.1 - SUSE Linux Enterprise Desktop 12 (noarch): pciutils-ids-2016.04.04-11.1 References: https://bugzilla.suse.com/958712 From sle-updates at lists.suse.com Fri May 6 11:09:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2016 19:09:21 +0200 (CEST) Subject: SUSE-RU-2016:1257-1: Recommended update for apache2-mod_nss Message-ID: <20160506170921.54780F3FD@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1257-1 Rating: low References: #952691 #954447 #961907 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for apache2-mod_nss fixes the following issues: - Add more ciphers to mod_nss.conf.in: (bsc#952691) * ecdhe_rsa_aes_128_sha256 * rsa_aes_128_sha256 * rsa_aes_256_sha256 - Add support for DHE ciphers: (bsc#954447) * dhe_rsa_3des_sha * dhe_rsa_aes_128_sha * dhe_rsa_aes_256_sha * dhe_rsa_camellia_128_sha * dhe_rsa_camellia_256_sha * dhe_rsa_aes_128_sha_256 * dhe_rsa_aes_256_sha_256 * dhe_rsa_aes_128_gcm_sha_256 - Use whitelist for keeping directives in migrate.pl. (bsc#961907) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-730=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): apache2-mod_nss-1.0.8-10.11.1 apache2-mod_nss-debuginfo-1.0.8-10.11.1 apache2-mod_nss-debugsource-1.0.8-10.11.1 References: https://bugzilla.suse.com/952691 https://bugzilla.suse.com/954447 https://bugzilla.suse.com/961907 From sle-updates at lists.suse.com Fri May 6 12:07:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 May 2016 20:07:50 +0200 (CEST) Subject: SUSE-SU-2016:1258-1: important: Security update for MozillaFirefox Message-ID: <20160506180750.82C38F357@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1258-1 Rating: important References: #977333 #977374 #977376 #977381 #977386 Cross-References: CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update to MozillaFirefox 38.8.0 ESR fixes the following issues (bsc#977333): - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977374) - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977376) - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (bsc#977381) - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (bsc#977386) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-732=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-732=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-732=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-732=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-732=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-732=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.8.0esr-66.2 MozillaFirefox-debugsource-38.8.0esr-66.2 MozillaFirefox-devel-38.8.0esr-66.2 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-38.8.0esr-66.2 MozillaFirefox-debugsource-38.8.0esr-66.2 MozillaFirefox-devel-38.8.0esr-66.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-38.8.0esr-66.2 MozillaFirefox-debuginfo-38.8.0esr-66.2 MozillaFirefox-debugsource-38.8.0esr-66.2 MozillaFirefox-translations-38.8.0esr-66.2 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): MozillaFirefox-38.8.0esr-66.2 MozillaFirefox-debuginfo-38.8.0esr-66.2 MozillaFirefox-debugsource-38.8.0esr-66.2 MozillaFirefox-translations-38.8.0esr-66.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-38.8.0esr-66.2 MozillaFirefox-debuginfo-38.8.0esr-66.2 MozillaFirefox-debugsource-38.8.0esr-66.2 MozillaFirefox-translations-38.8.0esr-66.2 - SUSE Linux Enterprise Desktop 12 (x86_64): MozillaFirefox-38.8.0esr-66.2 MozillaFirefox-debuginfo-38.8.0esr-66.2 MozillaFirefox-debugsource-38.8.0esr-66.2 MozillaFirefox-translations-38.8.0esr-66.2 References: https://www.suse.com/security/cve/CVE-2016-2805.html https://www.suse.com/security/cve/CVE-2016-2807.html https://www.suse.com/security/cve/CVE-2016-2808.html https://www.suse.com/security/cve/CVE-2016-2814.html https://bugzilla.suse.com/977333 https://bugzilla.suse.com/977374 https://bugzilla.suse.com/977376 https://bugzilla.suse.com/977381 https://bugzilla.suse.com/977386 From sle-updates at lists.suse.com Sat May 7 05:07:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 May 2016 13:07:53 +0200 (CEST) Subject: SUSE-SU-2016:1259-1: moderate: Security update for spice Message-ID: <20160507110753.1F5D5F357@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1259-1 Rating: moderate References: #944460 #944787 #948976 Cross-References: CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: Spice was updated to fix three security issues. The following vulnerabilities were fixed: * CVE-2015-3247: heap corruption in the spice server (bsc#944460) * CVE-2015-5261: Guest could have accessed host memory using crafted images (bsc#948976) * CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944787) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-spice-12542=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-spice-12542=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-spice-12542=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libspice-server-devel-0.12.4-5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): libspice-server1-0.12.4-5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): spice-debuginfo-0.12.4-5.1 spice-debugsource-0.12.4-5.1 References: https://www.suse.com/security/cve/CVE-2015-3247.html https://www.suse.com/security/cve/CVE-2015-5260.html https://www.suse.com/security/cve/CVE-2015-5261.html https://bugzilla.suse.com/944460 https://bugzilla.suse.com/944787 https://bugzilla.suse.com/948976 From sle-updates at lists.suse.com Sat May 7 05:08:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 May 2016 13:08:31 +0200 (CEST) Subject: SUSE-SU-2016:1260-1: important: Security update for ImageMagick Message-ID: <20160507110831.A95A0F399@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1260-1 Rating: important References: #978061 Cross-References: CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing "/etc/ImageMagick-*/policy.xml" (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader (rsvg) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-733=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-733=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-733=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-733=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-733=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-733=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-733=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-733=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ImageMagick-6.8.8.1-19.1 ImageMagick-debuginfo-6.8.8.1-19.1 ImageMagick-debugsource-6.8.8.1-19.1 libMagick++-6_Q16-3-6.8.8.1-19.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-19.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-19.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): ImageMagick-6.8.8.1-19.1 ImageMagick-debuginfo-6.8.8.1-19.1 ImageMagick-debugsource-6.8.8.1-19.1 libMagick++-6_Q16-3-6.8.8.1-19.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-19.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-19.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-19.1 ImageMagick-debuginfo-6.8.8.1-19.1 ImageMagick-debugsource-6.8.8.1-19.1 ImageMagick-devel-6.8.8.1-19.1 libMagick++-6_Q16-3-6.8.8.1-19.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1 libMagick++-devel-6.8.8.1-19.1 perl-PerlMagick-6.8.8.1-19.1 perl-PerlMagick-debuginfo-6.8.8.1-19.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-19.1 ImageMagick-debuginfo-6.8.8.1-19.1 ImageMagick-debugsource-6.8.8.1-19.1 ImageMagick-devel-6.8.8.1-19.1 libMagick++-6_Q16-3-6.8.8.1-19.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1 libMagick++-devel-6.8.8.1-19.1 perl-PerlMagick-6.8.8.1-19.1 perl-PerlMagick-debuginfo-6.8.8.1-19.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-19.1 ImageMagick-debugsource-6.8.8.1-19.1 libMagickCore-6_Q16-1-6.8.8.1-19.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-19.1 libMagickWand-6_Q16-1-6.8.8.1-19.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-19.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-19.1 ImageMagick-debugsource-6.8.8.1-19.1 libMagickCore-6_Q16-1-6.8.8.1-19.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-19.1 libMagickWand-6_Q16-1-6.8.8.1-19.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ImageMagick-6.8.8.1-19.1 ImageMagick-debuginfo-6.8.8.1-19.1 ImageMagick-debugsource-6.8.8.1-19.1 libMagick++-6_Q16-3-6.8.8.1-19.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-19.1 libMagickCore-6_Q16-1-6.8.8.1-19.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-19.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-19.1 libMagickWand-6_Q16-1-6.8.8.1-19.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-19.1 - SUSE Linux Enterprise Desktop 12 (x86_64): ImageMagick-6.8.8.1-19.1 ImageMagick-debuginfo-6.8.8.1-19.1 ImageMagick-debugsource-6.8.8.1-19.1 libMagick++-6_Q16-3-6.8.8.1-19.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-19.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-19.1 libMagickCore-6_Q16-1-6.8.8.1-19.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-19.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-19.1 libMagickWand-6_Q16-1-6.8.8.1-19.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-19.1 References: https://www.suse.com/security/cve/CVE-2016-3714.html https://www.suse.com/security/cve/CVE-2016-3715.html https://www.suse.com/security/cve/CVE-2016-3716.html https://www.suse.com/security/cve/CVE-2016-3717.html https://www.suse.com/security/cve/CVE-2016-3718.html https://bugzilla.suse.com/978061 From sle-updates at lists.suse.com Mon May 9 04:08:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2016 12:08:02 +0200 (CEST) Subject: SUSE-SU-2016:1267-1: important: Security update for compat-openssl098 Message-ID: <20160509100802.D2E8EF357@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1267-1 Rating: important References: #889013 #968050 #976942 #976943 #977614 #977615 #977617 Cross-References: CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for compat-openssl098 fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation "CacheBleed" (bsc#968050) - bsc#976943: Buffer overrun in ASN1_parse The following non-security bugs were fixed: - bsc#889013: Rename README.SuSE to the new spelling (bsc#889013) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-735=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-735=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-735=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-735=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): compat-openssl098-debugsource-0.9.8j-97.1 libopenssl0_9_8-0.9.8j-97.1 libopenssl0_9_8-debuginfo-0.9.8j-97.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-97.1 libopenssl0_9_8-0.9.8j-97.1 libopenssl0_9_8-32bit-0.9.8j-97.1 libopenssl0_9_8-debuginfo-0.9.8j-97.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-97.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): compat-openssl098-debugsource-0.9.8j-97.1 libopenssl0_9_8-0.9.8j-97.1 libopenssl0_9_8-32bit-0.9.8j-97.1 libopenssl0_9_8-debuginfo-0.9.8j-97.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-97.1 - SUSE Linux Enterprise Desktop 12 (x86_64): compat-openssl098-debugsource-0.9.8j-97.1 libopenssl0_9_8-0.9.8j-97.1 libopenssl0_9_8-32bit-0.9.8j-97.1 libopenssl0_9_8-debuginfo-0.9.8j-97.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-97.1 References: https://www.suse.com/security/cve/CVE-2016-0702.html https://www.suse.com/security/cve/CVE-2016-2105.html https://www.suse.com/security/cve/CVE-2016-2106.html https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-2109.html https://bugzilla.suse.com/889013 https://bugzilla.suse.com/968050 https://bugzilla.suse.com/976942 https://bugzilla.suse.com/976943 https://bugzilla.suse.com/977614 https://bugzilla.suse.com/977615 https://bugzilla.suse.com/977617 From sle-updates at lists.suse.com Mon May 9 07:08:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2016 15:08:05 +0200 (CEST) Subject: SUSE-RU-2016:1268-1: moderate: Recommended update for pacemaker, sbd Message-ID: <20160509130805.9DBD4F432@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker, sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1268-1 Rating: moderate References: #905641 #929960 #934609 #936149 #938545 #940711 #940992 #942382 #942491 #946224 #946332 #947180 #947197 #949267 #949441 #950375 #950415 #950450 #950551 #951171 #953192 #956459 #961392 #962309 #964183 #967254 #967383 #967388 #967775 #967904 #971129 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 31 recommended fixes can now be installed. Description: This update for the High Availability Extension 11 SP4 provides many fixes and enhancements. sbd: - spec: Install sbd.sh (bsc#967904) - pacemaker: Prevent potential segfault caused by use-of-NULL on checking node state (bsc#950415) pacemaker: - pengine: Suppress assert if a stateful clone is not being demoted/stopped (bsc#971129) - PE: Correctly handle the ordering of demote actions for failed and moving containers - crmd,tools: Set attributes for remote nodes directly into cib if it's legacy attrd (bsc#967775) - libcib: Correctly determine the node type (bsc#967775) - resources: match agents' default for globally_unique to pacemaker's - crm_resource: Prevent segfault when --resource is not correctly supplied for --restart command - pacemaker_remote: Start and stop sbd in pacemaker_remote initscript (bsc#967904) - pacemaker_remote: Auto-export the init script variables read from the config file - remote: Simplify calls to accept() and inet_ntop() by using "struct sockaddr_storage" (bsc#964183) - remote: cl#5269 - Notify other clients of a new connection only if the handshake has completed (bsc#967388) - remote: Correctly display the IP address of the remote client (bsc#964183) - libservices: Add error handling for pipe() failed. - libservices: Check resource agent is executable or not before pipe open. - crmd: Prevent use-after-free when an unexpected remote client takes over (bsc#964183) - cib: Do not send notifications when the dryrun flag is present - crm_shadow: fix broken --display command - libcluster: crm_peer_uname() should return NULL if uuid is invalid - crmd: Disconnect the relevant remote proxies as well when disconnecting a remote node (bsc#964183) - crmd: Prevent potential use-after-free (bsc#964183) - liblrmd: Prevent potential use-after-free issues (bsc#964183) - PE: Fix conditions for internal sanity check - fencing: Correctly track active stonith actions (bsc#938545) - fencing: Functionize adding and removing active pids of device (bsc#938545) - crm_shadow: Do not invoke shells with --noprofile option other than bash (bsc#961392) - lib/common: check return value of dlsym() and not dlerror() - header == NULL when parsing compressed message - fencing: Support concurrent fencing actions on each device (bsc#938545) - pengine: Support concurrent fencing (bsc#938545) - crmd: 0 is a valid fd makes coverity happy - tools: crm_resource compile issue - crm_resource --list-agents: don't print uninitialized memory - fencing, libfencing: remap fence agent error codes before async callback (bsc#962309) - libcrmcommon: when caching attrd connection, cache connection flags as well - cts: Plugin-based cluster has its own PacemakerUp pattern - stonithd: Trigger cib_devices_update in case of deletion of just an attribute - stonithd: Do not intermingle stdout & stderr coming from stonith-RAs (bsc#962309) - resources: allow for top output with or without percent sign in HealthCPU - ping: Clarify the description of host_list parameter in ping metadata (bsc#956459) - cib: Do not terminate due to badly behaving clients - pengine: Support of multiple-active=block for resource groups (bsc#942491) - fencing: crm_resource --show-metadata drops documentation strings for fencing agents (bsc#950375) - CTS: add "try except" to deal with errors that raw_input gets EOFError and add "--yes" to skip interaction (bsc#953192) - lrmd: Finalize all pending and recurring operations when cleaning up a resource (bsc#950450) - cib: Increased paranoia when peer updates fail to apply in compatability mode (bsc#951171) - libcommon: Ignore CDATA of metadata of the resource. - cib: Downgrade the log message on forwarding CRM_OP_NOOP requests from INFO to DEBUG (bsc#949267) - fencing: Return a provider for the internal fencing agent "#watchdog" instead of logging an error (bsc#949441) - spec: Move the normal resource agents into pacemaker-cli package (bsc#947197) - spec: Move logrotate configuration file into pacemaker-cli package (bsc#947197) - spec: Move attrd_updater, crm_attribute and crm_master into pacemaker-cli package (bsc#947197) - spec: Move xml schema files and PCMK-MIB.txt into pacemaker-cli package (bsc#947197) - crmd: properly detect CIB update failures for remote nodes - cibadmin: Prevent potential use-of-NULL in print_xml_output() (bsc#947180) - cibadmin: Default once again to LOG_CRIT - Tools: Repair the logging of 'interesting' command-lines - tools: improve error handling when modifying configuration - tools: use floating-point division when converting ms to seconds - crmd,libcrmcommon,libservices,tools: potential memory leaks - crmd,fencing: avoid potential null dereference in string searches - cib: Check if the configuration changes with cib_config_changed() only for v1 diffs (bsc#946224) - libcib: properly handle temporary file - libcrmcommon: better validation of environment variable value - crmd: avoid potential null dereference - libcib: potential user input overflow - remote: Revise a misleading message in the ocf:pacemaker:remote resource agent (bsc#946332, bsc#967383) - remote: Correctly display the usage of the ocf:pacemaker:remote resource agent (bsc#946332, bsc#967383) - libcib: find_nvpair_attr_delegate: check alloc failure - pacemaker_remote: memory leak in ipc_proxy_dispatch() - crmd: don't add node ID to proxied remote node requests for attrd - Date: Correctly set time from seconds-since-epoch - PE: Bug cl#5247 - Imply resources running on a container are stopped when the container is stopped - xml: Mark xml nodes as dirty if any children move (bsc#942382) - pengine: The failed action of the resource that occurred in shutdown is not displayed. - crmd: Initialize an integer - crmd: Resolve memory leak in remote_proxy_cb() - ipc: Do not constantly increase suggested size for PCMK_ipc_buffer every time we find it's insufficient (bsc#940992) - log: Change the log of the noise to the trace log. - tools: Update regression tests - pengine: Ensure fencing of the DC precedes the STONITH_DONE operation (bsc#938545) - ipc: Fix output formats (bsc#940992) - fencing: Remove unnecessary casts (bsc#940711) - ipc: Correctly compare values for the size of ipc buffer and prevent suggesting a negative value when it's insufficient (bsc#940992) - xml: Reduce severity of noisy log message (bsc#950551) - crm_resource: Correctly clean up failcounts for inactive anonymous clones - crm: Set the attribute from remote node. - stonithd: potential device list corruption - xml: Prevent use-of-NULL in crm_xml_dump() - crm_mon: Memory leaks - pengine: properly handle blocked clone actions - pengine: Correctly bypass fencing for resources that do not require it - crmd: memory leaks in recurring operation history - libcib,libfencing,tools: memory leaks from xmlGetNodePath() - lrmd: memory leak when freeing command structure - cts: change the stack from openais (white-tank) to corosync (plugin v0) in set_stack of environment.py (bsc#936149) - PE: Ignore comment blocks when unpacking the cib - lrmd: prevent double free after unregistering stonith device for monitoring - pengine: allow guest remote nodes using containers/vms to be nested in a group resource - cib: Prevent use-after-free and return -EINVAL when attempting to delete the whole "/cib" (bsc#934609) - cib: Prevent use-after-free when invoking "cibadmin --delete-all --xpath" (bsc#934609) - fencing: properly decide whether a topology fencing device has been found - fencing: properly sort peers by number of fencing devices found - pengine: do not stop notify a fenced node that the rscs on the fenced node stopped - pengine: fixes segfault in pengine when fencing remote node - remote: do not fail operations because of a migration - pengine: cl#5235 - Prevent graph loops that can be introduced by "load_stopped -> migrate_to" ordering - PE: Exclude nodes which don't match any exclusive discovery rules - lrmd: cancel currently pending STONITH op if stonithd connection is lost - fencing: Correct the all_topology_devices_found() implementation - lrmd: set recv timeout upper bound for tls connections - crmd: handle resources named the same as cluster nodes - PE: Skip unrunnable actions when one-or-more is in effect - PE: Ensure recurring monitor operations are cancelled when clone instances are de-allocated - fencing: Allow semi-colon delimiter for pcmk_host_list - Fencing: Gracefully handle invalid metadata from agents (bsc#950375) - cts: Add back INITDIR variable - pengine: cl#5130 - Only check the capacities of the nodes that are allowed to run the resource (fate#313105) - Tools: Repair expected output for ACLs - Build: Prevent rpm packaging conflicts - pengine: cl#5130 - Choose nodes capable of running all the colocated utilization resources (fate#313105) - crmd: don't update fail count twice for same failure (bsc#950450) - crmd: report operation rc as advertised instead of status - xml: Do not dump deleted attributes (bsc#929960) - xml: cl#5231 - Unset the deleted attributes in the resulting diffs (bsc#905641, bsc#967254) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-pacemaker-12543=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pacemaker-12543=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpacemaker-devel-1.1.12-13.1 libpacemaker3-1.1.12-13.1 pacemaker-1.1.12-13.1 pacemaker-cli-1.1.12-13.1 pacemaker-remote-1.1.12-13.1 sbd-1.2.1-15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): pacemaker-debuginfo-1.1.12-13.1 pacemaker-debugsource-1.1.12-13.1 sbd-debuginfo-1.2.1-15.1 sbd-debugsource-1.2.1-15.1 References: https://bugzilla.suse.com/905641 https://bugzilla.suse.com/929960 https://bugzilla.suse.com/934609 https://bugzilla.suse.com/936149 https://bugzilla.suse.com/938545 https://bugzilla.suse.com/940711 https://bugzilla.suse.com/940992 https://bugzilla.suse.com/942382 https://bugzilla.suse.com/942491 https://bugzilla.suse.com/946224 https://bugzilla.suse.com/946332 https://bugzilla.suse.com/947180 https://bugzilla.suse.com/947197 https://bugzilla.suse.com/949267 https://bugzilla.suse.com/949441 https://bugzilla.suse.com/950375 https://bugzilla.suse.com/950415 https://bugzilla.suse.com/950450 https://bugzilla.suse.com/950551 https://bugzilla.suse.com/951171 https://bugzilla.suse.com/953192 https://bugzilla.suse.com/956459 https://bugzilla.suse.com/961392 https://bugzilla.suse.com/962309 https://bugzilla.suse.com/964183 https://bugzilla.suse.com/967254 https://bugzilla.suse.com/967383 https://bugzilla.suse.com/967388 https://bugzilla.suse.com/967775 https://bugzilla.suse.com/967904 https://bugzilla.suse.com/971129 From sle-updates at lists.suse.com Mon May 9 08:08:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2016 16:08:12 +0200 (CEST) Subject: SUSE-RU-2016:1269-1: Recommended update for apache2-mod_nss Message-ID: <20160509140812.57135F432@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1269-1 Rating: low References: #952691 #954447 #961907 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for apache2-mod_nss fixes the following issues: - Add more ciphers to mod_nss.conf.in: (bsc#952691) * ecdhe_rsa_aes_128_sha256 * rsa_aes_128_sha256 * rsa_aes_256_sha256 - Add support for DHE ciphers: (bsc#954447) * dhe_rsa_3des_sha * dhe_rsa_aes_128_sha * dhe_rsa_aes_256_sha * dhe_rsa_camellia_128_sha * dhe_rsa_camellia_256_sha * dhe_rsa_aes_128_sha_256 * dhe_rsa_aes_256_sha_256 * dhe_rsa_aes_128_gcm_sha_256 - Use whitelist for keeping directives in migrate.pl. (bsc#961907) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-apache2-mod_nss-12544=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-apache2-mod_nss-12544=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.8-0.4.22.4 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-debuginfo-1.0.8-0.4.22.4 apache2-mod_nss-debugsource-1.0.8-0.4.22.4 References: https://bugzilla.suse.com/952691 https://bugzilla.suse.com/954447 https://bugzilla.suse.com/961907 From sle-updates at lists.suse.com Mon May 9 08:08:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2016 16:08:47 +0200 (CEST) Subject: SUSE-RU-2016:1270-1: moderate: Recommended update for tigervnc Message-ID: <20160509140847.323B8FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1270-1 Rating: moderate References: #952057 #963417 #964352 #977019 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for tigervnc fixes the following issues: - Bind to all addresses on given interface. (bsc#952057) - Add dependency on xauth and xorg-x11-fonts-core. (bsc#977019) - Add dependency on xkbcomp. (bsc#964352) - Fix zlib stream reset in tight encoding. (bsc#963417) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-737=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-737=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tigervnc-1.4.1-34.12.1 tigervnc-debuginfo-1.4.1-34.12.1 tigervnc-debugsource-1.4.1-34.12.1 xorg-x11-Xvnc-1.4.1-34.12.1 xorg-x11-Xvnc-debuginfo-1.4.1-34.12.1 - SUSE Linux Enterprise Desktop 12 (x86_64): tigervnc-1.4.1-34.12.1 tigervnc-debuginfo-1.4.1-34.12.1 tigervnc-debugsource-1.4.1-34.12.1 xorg-x11-Xvnc-1.4.1-34.12.1 xorg-x11-Xvnc-debuginfo-1.4.1-34.12.1 References: https://bugzilla.suse.com/952057 https://bugzilla.suse.com/963417 https://bugzilla.suse.com/964352 https://bugzilla.suse.com/977019 From sle-updates at lists.suse.com Mon May 9 15:07:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 May 2016 23:07:53 +0200 (CEST) Subject: SUSE-RU-2016:1271-1: moderate: Recommended update for Software Update Stack Message-ID: <20160509210753.934BEF432@maintenance.suse.de> SUSE Recommended Update: Recommended update for Software Update Stack ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1271-1 Rating: moderate References: #933760 #956480 #964932 #967006 #967828 #971018 #971637 #972768 #974275 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for the Software Update Stack fixes the following issues: libsolv: - Simplify handling of pseudo package updates. (bsc#967006) - Improve speed of rpmmd metadata parsing. libzypp: - Fix credential file parser losing entries with known URL but different user name. (bsc#933760) - RepoManager: Allow extraction of multiple baseurls for service repositories. (bsc#964932) - Fix service metadata TTL default value. (bsc#967828) - DiskUsageCounter: Limit estimated waste per file. (bsc#974275) - Use PluginExecutor for commit- and system-hooks. (bnc#971637) - Set libsolv-devel >= 0.6.19 as BuildRequires. (bnc#971018) zypper: - Fix testing for '-- download*' options. (bsc#956480) - Update sle-zypper-po.tar.bz2. (bsc#972768) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-743=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-743=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-743=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libsolv-debugsource-0.6.20-2.24.1 libsolv-devel-0.6.20-2.24.1 libsolv-devel-debuginfo-0.6.20-2.24.1 libzypp-debuginfo-15.22.0-19.1 libzypp-debugsource-15.22.0-19.1 libzypp-devel-15.22.0-19.1 libzypp-devel-doc-15.22.0-19.1 perl-solv-0.6.20-2.24.1 perl-solv-debuginfo-0.6.20-2.24.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libsolv-debugsource-0.6.20-2.24.1 libsolv-tools-0.6.20-2.24.1 libsolv-tools-debuginfo-0.6.20-2.24.1 libzypp-15.22.0-19.1 libzypp-debuginfo-15.22.0-19.1 libzypp-debugsource-15.22.0-19.1 perl-solv-0.6.20-2.24.1 perl-solv-debuginfo-0.6.20-2.24.1 python-solv-0.6.20-2.24.1 python-solv-debuginfo-0.6.20-2.24.1 zypper-1.12.40-19.1 zypper-debuginfo-1.12.40-19.1 zypper-debugsource-1.12.40-19.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): zypper-log-1.12.40-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libsolv-debugsource-0.6.20-2.24.1 libsolv-tools-0.6.20-2.24.1 libsolv-tools-debuginfo-0.6.20-2.24.1 libzypp-15.22.0-19.1 libzypp-debuginfo-15.22.0-19.1 libzypp-debugsource-15.22.0-19.1 python-solv-0.6.20-2.24.1 python-solv-debuginfo-0.6.20-2.24.1 zypper-1.12.40-19.1 zypper-debuginfo-1.12.40-19.1 zypper-debugsource-1.12.40-19.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): zypper-log-1.12.40-19.1 References: https://bugzilla.suse.com/933760 https://bugzilla.suse.com/956480 https://bugzilla.suse.com/964932 https://bugzilla.suse.com/967006 https://bugzilla.suse.com/967828 https://bugzilla.suse.com/971018 https://bugzilla.suse.com/971637 https://bugzilla.suse.com/972768 https://bugzilla.suse.com/974275 From sle-updates at lists.suse.com Tue May 10 11:07:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 May 2016 19:07:53 +0200 (CEST) Subject: SUSE-RU-2016:1272-1: moderate: Recommended update for crmsh Message-ID: <20160510170753.0C918F432@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1272-1 Rating: moderate References: #967907 #974902 #975357 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - parse: Don't validate operation name in parser (bsc#975357) - ui_node: Fix "crm node fence" (bsc#974902) - ui_node: Use stonith_admin -F to fence remote nodes (bsc#967907) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-crmsh-12547=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): crmsh-2.1.2+git132.gbc9fde0-10.1 References: https://bugzilla.suse.com/967907 https://bugzilla.suse.com/974902 https://bugzilla.suse.com/975357 From sle-updates at lists.suse.com Wed May 11 09:08:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2016 17:08:08 +0200 (CEST) Subject: SUSE-SU-2016:1275-1: important: Security update for ImageMagick Message-ID: <20160511150808.AAB93FF4F@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1275-1 Rating: important References: #978061 Cross-References: CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled. They can be re-enabled by exporting the following environment variable MAGICK_CODER_MODULE_PATH=/usr/lib64/ImageMagick-6.4.3/modules-Q16/coders/vu lnerable/ (bsc#978061) - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. - CVE-2016-3716: Possible file moving by using ImageMagick's 'msl' pseudo protocol with any extension in any folder. - CVE-2016-3717: Possible local file read by using ImageMagick's 'label' pseudo protocol to get content of the files from the server. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Bugs fixed: - Use external svg loader (rsvg) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ImageMagick-12549=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-ImageMagick-12549=1 - SUSE Manager 2.1: zypper in -t patch sleman21-ImageMagick-12549=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-12549=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-12549=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ImageMagick-12549=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ImageMagick-12549=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-12549=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ImageMagick-12549=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-ImageMagick-12549=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): libMagickCore1-32bit-6.4.3.6-7.34.1 libMagickCore1-6.4.3.6-7.34.1 - SUSE Manager Proxy 2.1 (x86_64): libMagickCore1-32bit-6.4.3.6-7.34.1 libMagickCore1-6.4.3.6-7.34.1 - SUSE Manager 2.1 (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.34.1 libMagickCore1-6.4.3.6-7.34.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.34.1 ImageMagick-devel-6.4.3.6-7.34.1 libMagick++-devel-6.4.3.6-7.34.1 libMagick++1-6.4.3.6-7.34.1 libMagickWand1-6.4.3.6-7.34.1 perl-PerlMagick-6.4.3.6-7.34.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.34.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.34.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.34.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libMagickCore1-6.4.3.6-7.34.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.34.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libMagickCore1-6.4.3.6-7.34.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.34.1 ImageMagick-debugsource-6.4.3.6-7.34.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.34.1 ImageMagick-debugsource-6.4.3.6-7.34.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.34.1 ImageMagick-debugsource-6.4.3.6-7.34.1 References: https://www.suse.com/security/cve/CVE-2016-3714.html https://www.suse.com/security/cve/CVE-2016-3715.html https://www.suse.com/security/cve/CVE-2016-3716.html https://www.suse.com/security/cve/CVE-2016-3717.html https://www.suse.com/security/cve/CVE-2016-3718.html https://bugzilla.suse.com/978061 From sle-updates at lists.suse.com Wed May 11 09:08:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2016 17:08:31 +0200 (CEST) Subject: SUSE-SU-2016:1276-1: moderate: Security update for GraphicsMagick Message-ID: <20160511150831.0F699FF50@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1276-1 Rating: moderate References: #978061 Cross-References: CVE-2016-3714 CVE-2016-3715 CVE-2016-3717 CVE-2016-3718 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: - Security update Remote Code Execution / Local File read [bsc#978061] CVE-2016-3714, CVE-2016-3715, CVE-2016-3717, CVE-2016-3718 - CVE-2016-3714: Insufficient shell characters filtering leads to (potentially remote) code execution - CVE-2016-3715: Possible file deletion by using GraphicsMagick's 'tmp:' file specification syntax. - CVE-2016-3717: Possible local file read by using GraphicsMagick's 'txt:' file specification syntax. - CVE-2016-3718: Possible Server Side Request Forgery (SSRF) to make HTTP GET or FTP request. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-12548=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-12548=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-12548=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.35.1 libGraphicsMagick2-1.2.5-4.35.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.35.1 libGraphicsMagick2-1.2.5-4.35.1 perl-GraphicsMagick-1.2.5-4.35.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.35.1 GraphicsMagick-debugsource-1.2.5-4.35.1 References: https://www.suse.com/security/cve/CVE-2016-3714.html https://www.suse.com/security/cve/CVE-2016-3715.html https://www.suse.com/security/cve/CVE-2016-3717.html https://www.suse.com/security/cve/CVE-2016-3718.html https://bugzilla.suse.com/978061 From sle-updates at lists.suse.com Wed May 11 10:07:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2016 18:07:53 +0200 (CEST) Subject: SUSE-SU-2016:1277-1: important: Security update for php5 Message-ID: <20160511160753.99E22FF57@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1277-1 Rating: important References: #976996 #976997 #977000 #977003 #977005 Cross-References: CVE-2015-8866 CVE-2015-8867 CVE-2016-4070 CVE-2016-4071 CVE-2016-4073 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for php5 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) - CVE-2016-4071: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string formatting in php_snmp_error() (bsc#977000) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-752=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-752=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-752=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-56.1 php5-debugsource-5.5.14-56.1 php5-devel-5.5.14-56.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-56.1 php5-debugsource-5.5.14-56.1 php5-devel-5.5.14-56.1 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-56.1 apache2-mod_php5-debuginfo-5.5.14-56.1 php5-5.5.14-56.1 php5-bcmath-5.5.14-56.1 php5-bcmath-debuginfo-5.5.14-56.1 php5-bz2-5.5.14-56.1 php5-bz2-debuginfo-5.5.14-56.1 php5-calendar-5.5.14-56.1 php5-calendar-debuginfo-5.5.14-56.1 php5-ctype-5.5.14-56.1 php5-ctype-debuginfo-5.5.14-56.1 php5-curl-5.5.14-56.1 php5-curl-debuginfo-5.5.14-56.1 php5-dba-5.5.14-56.1 php5-dba-debuginfo-5.5.14-56.1 php5-debuginfo-5.5.14-56.1 php5-debugsource-5.5.14-56.1 php5-dom-5.5.14-56.1 php5-dom-debuginfo-5.5.14-56.1 php5-enchant-5.5.14-56.1 php5-enchant-debuginfo-5.5.14-56.1 php5-exif-5.5.14-56.1 php5-exif-debuginfo-5.5.14-56.1 php5-fastcgi-5.5.14-56.1 php5-fastcgi-debuginfo-5.5.14-56.1 php5-fileinfo-5.5.14-56.1 php5-fileinfo-debuginfo-5.5.14-56.1 php5-fpm-5.5.14-56.1 php5-fpm-debuginfo-5.5.14-56.1 php5-ftp-5.5.14-56.1 php5-ftp-debuginfo-5.5.14-56.1 php5-gd-5.5.14-56.1 php5-gd-debuginfo-5.5.14-56.1 php5-gettext-5.5.14-56.1 php5-gettext-debuginfo-5.5.14-56.1 php5-gmp-5.5.14-56.1 php5-gmp-debuginfo-5.5.14-56.1 php5-iconv-5.5.14-56.1 php5-iconv-debuginfo-5.5.14-56.1 php5-intl-5.5.14-56.1 php5-intl-debuginfo-5.5.14-56.1 php5-json-5.5.14-56.1 php5-json-debuginfo-5.5.14-56.1 php5-ldap-5.5.14-56.1 php5-ldap-debuginfo-5.5.14-56.1 php5-mbstring-5.5.14-56.1 php5-mbstring-debuginfo-5.5.14-56.1 php5-mcrypt-5.5.14-56.1 php5-mcrypt-debuginfo-5.5.14-56.1 php5-mysql-5.5.14-56.1 php5-mysql-debuginfo-5.5.14-56.1 php5-odbc-5.5.14-56.1 php5-odbc-debuginfo-5.5.14-56.1 php5-opcache-5.5.14-56.1 php5-opcache-debuginfo-5.5.14-56.1 php5-openssl-5.5.14-56.1 php5-openssl-debuginfo-5.5.14-56.1 php5-pcntl-5.5.14-56.1 php5-pcntl-debuginfo-5.5.14-56.1 php5-pdo-5.5.14-56.1 php5-pdo-debuginfo-5.5.14-56.1 php5-pgsql-5.5.14-56.1 php5-pgsql-debuginfo-5.5.14-56.1 php5-phar-5.5.14-56.1 php5-phar-debuginfo-5.5.14-56.1 php5-posix-5.5.14-56.1 php5-posix-debuginfo-5.5.14-56.1 php5-pspell-5.5.14-56.1 php5-pspell-debuginfo-5.5.14-56.1 php5-shmop-5.5.14-56.1 php5-shmop-debuginfo-5.5.14-56.1 php5-snmp-5.5.14-56.1 php5-snmp-debuginfo-5.5.14-56.1 php5-soap-5.5.14-56.1 php5-soap-debuginfo-5.5.14-56.1 php5-sockets-5.5.14-56.1 php5-sockets-debuginfo-5.5.14-56.1 php5-sqlite-5.5.14-56.1 php5-sqlite-debuginfo-5.5.14-56.1 php5-suhosin-5.5.14-56.1 php5-suhosin-debuginfo-5.5.14-56.1 php5-sysvmsg-5.5.14-56.1 php5-sysvmsg-debuginfo-5.5.14-56.1 php5-sysvsem-5.5.14-56.1 php5-sysvsem-debuginfo-5.5.14-56.1 php5-sysvshm-5.5.14-56.1 php5-sysvshm-debuginfo-5.5.14-56.1 php5-tokenizer-5.5.14-56.1 php5-tokenizer-debuginfo-5.5.14-56.1 php5-wddx-5.5.14-56.1 php5-wddx-debuginfo-5.5.14-56.1 php5-xmlreader-5.5.14-56.1 php5-xmlreader-debuginfo-5.5.14-56.1 php5-xmlrpc-5.5.14-56.1 php5-xmlrpc-debuginfo-5.5.14-56.1 php5-xmlwriter-5.5.14-56.1 php5-xmlwriter-debuginfo-5.5.14-56.1 php5-xsl-5.5.14-56.1 php5-xsl-debuginfo-5.5.14-56.1 php5-zip-5.5.14-56.1 php5-zip-debuginfo-5.5.14-56.1 php5-zlib-5.5.14-56.1 php5-zlib-debuginfo-5.5.14-56.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-56.1 References: https://www.suse.com/security/cve/CVE-2015-8866.html https://www.suse.com/security/cve/CVE-2015-8867.html https://www.suse.com/security/cve/CVE-2016-4070.html https://www.suse.com/security/cve/CVE-2016-4071.html https://www.suse.com/security/cve/CVE-2016-4073.html https://bugzilla.suse.com/976996 https://bugzilla.suse.com/976997 https://bugzilla.suse.com/977000 https://bugzilla.suse.com/977003 https://bugzilla.suse.com/977005 From sle-updates at lists.suse.com Wed May 11 10:08:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2016 18:08:42 +0200 (CEST) Subject: SUSE-SU-2016:1278-1: important: Security update for ntp Message-ID: <20160511160842.28E57FF51@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1278-1 Rating: important References: #957226 #977446 #977450 #977451 #977452 #977455 #977457 #977458 #977459 #977461 #977464 Cross-References: CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for ntp to 4.2.8p7 fixes the following issues: * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * This update also improves the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 Bugs fixed: - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (bsc#957226). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ntp-12553=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-12553=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-4.2.8p7-11.1 ntp-doc-4.2.8p7-11.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p7-11.1 ntp-debugsource-4.2.8p7-11.1 References: https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2016-1547.html https://www.suse.com/security/cve/CVE-2016-1548.html https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2016-1550.html https://www.suse.com/security/cve/CVE-2016-1551.html https://www.suse.com/security/cve/CVE-2016-2516.html https://www.suse.com/security/cve/CVE-2016-2517.html https://www.suse.com/security/cve/CVE-2016-2518.html https://www.suse.com/security/cve/CVE-2016-2519.html https://bugzilla.suse.com/957226 https://bugzilla.suse.com/977446 https://bugzilla.suse.com/977450 https://bugzilla.suse.com/977451 https://bugzilla.suse.com/977452 https://bugzilla.suse.com/977455 https://bugzilla.suse.com/977457 https://bugzilla.suse.com/977458 https://bugzilla.suse.com/977459 https://bugzilla.suse.com/977461 https://bugzilla.suse.com/977464 From sle-updates at lists.suse.com Wed May 11 10:10:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2016 18:10:17 +0200 (CEST) Subject: SUSE-SU-2016:1279-1: important: Security update for mysql Message-ID: <20160511161017.24C43FF50@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1279-1 Rating: important References: #963806 #976341 Cross-References: CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0666 CVE-2016-2047 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: mysql was updated to version 5.5.49 to fix 13 security issues. These security issues were fixed: - CVE-2016-0644: Unspecified vulnerability allowed local users to affect availability via vectors related to DDL (bsc#976341). - CVE-2016-0646: Unspecified vulnerability allowed local users to affect availability via vectors related to DML (bsc#976341). - CVE-2016-0647: Unspecified vulnerability allowed local users to affect availability via vectors related to FTS (bsc#976341). - CVE-2016-0640: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to DML (bsc#976341). - CVE-2016-0641: Unspecified vulnerability allowed local users to affect confidentiality and availability via vectors related to MyISAM (bsc#976341). - CVE-2016-0642: Unspecified vulnerability allowed local users to affect integrity and availability via vectors related to Federated (bsc#976341). - CVE-2016-0643: Unspecified vulnerability allowed local users to affect confidentiality via vectors related to DML (bsc#976341). - CVE-2016-0666: Unspecified vulnerability allowed local users to affect availability via vectors related to Security: Privileges (bsc#976341). - CVE-2016-0651: Unspecified vulnerability allowed local users to affect availability via vectors related to Optimizer (bsc#976341). - CVE-2016-0650: Unspecified vulnerability allowed local users to affect availability via vectors related to Replication (bsc#976341). - CVE-2016-0648: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#976341). - CVE-2016-0649: Unspecified vulnerability allowed local users to affect availability via vectors related to PS (bsc#976341). - CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c did not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com (bsc#963806). More details are available at - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-49.html - http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-48.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-12554=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-12554=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-12554=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.49-0.20.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.49-0.20.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.49-0.20.1 libmysql55client_r18-5.5.49-0.20.1 mysql-5.5.49-0.20.1 mysql-client-5.5.49-0.20.1 mysql-tools-5.5.49-0.20.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.49-0.20.1 libmysql55client_r18-32bit-5.5.49-0.20.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.49-0.20.1 libmysql55client_r18-x86-5.5.49-0.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.49-0.20.1 mysql-debugsource-5.5.49-0.20.1 References: https://www.suse.com/security/cve/CVE-2016-0640.html https://www.suse.com/security/cve/CVE-2016-0641.html https://www.suse.com/security/cve/CVE-2016-0642.html https://www.suse.com/security/cve/CVE-2016-0643.html https://www.suse.com/security/cve/CVE-2016-0644.html https://www.suse.com/security/cve/CVE-2016-0646.html https://www.suse.com/security/cve/CVE-2016-0647.html https://www.suse.com/security/cve/CVE-2016-0648.html https://www.suse.com/security/cve/CVE-2016-0649.html https://www.suse.com/security/cve/CVE-2016-0650.html https://www.suse.com/security/cve/CVE-2016-0651.html https://www.suse.com/security/cve/CVE-2016-0666.html https://www.suse.com/security/cve/CVE-2016-2047.html https://bugzilla.suse.com/963806 https://bugzilla.suse.com/976341 From sle-updates at lists.suse.com Wed May 11 10:10:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2016 18:10:45 +0200 (CEST) Subject: SUSE-RU-2016:1280-1: Recommended update for avahi Message-ID: <20160511161045.80E46FF50@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1280-1 Rating: low References: #941761 #947140 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for avahi fixes the following issues: - Do not log errors for every invalid packet received. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-avahi-12552=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-avahi-12552=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-avahi-12552=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): avahi-compat-howl-devel-0.6.23-11.34.3 avahi-compat-mDNSResponder-devel-0.6.23-11.34.3 libavahi-devel-0.6.23-11.34.3 libavahi-glib-devel-0.6.23-13.34.8 libavahi-gobject-devel-0.6.23-13.34.8 libavahi-gobject0-0.6.23-13.34.8 libavahi-ui0-0.6.23-13.34.8 libhowl0-0.6.23-11.34.3 python-avahi-0.6.23-11.34.3 python-avahi-gtk-0.6.23-13.34.8 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 s390x x86_64): avahi-mono-0.6.23-11.34.6 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): avahi-0.6.23-11.34.3 avahi-lang-0.6.23-11.34.3 avahi-utils-0.6.23-11.34.3 libavahi-client3-0.6.23-11.34.3 libavahi-common3-0.6.23-11.34.3 libavahi-core5-0.6.23-11.34.3 libavahi-glib1-0.6.23-13.34.8 libdns_sd-0.6.23-11.34.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libavahi-client3-32bit-0.6.23-11.34.3 libavahi-common3-32bit-0.6.23-11.34.3 libavahi-glib1-32bit-0.6.23-13.34.8 libdns_sd-32bit-0.6.23-11.34.3 - SUSE Linux Enterprise Server 11-SP4 (ia64): libavahi-client3-x86-0.6.23-11.34.3 libavahi-common3-x86-0.6.23-11.34.3 libavahi-glib1-x86-0.6.23-13.34.8 libdns_sd-x86-0.6.23-11.34.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): avahi-debuginfo-0.6.23-11.34.3 avahi-debugsource-0.6.23-11.34.3 avahi-glib2-debuginfo-0.6.23-13.34.8 avahi-glib2-debugsource-0.6.23-13.34.8 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): avahi-debuginfo-32bit-0.6.23-11.34.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): avahi-debuginfo-x86-0.6.23-11.34.3 References: https://bugzilla.suse.com/941761 https://bugzilla.suse.com/947140 From sle-updates at lists.suse.com Wed May 11 11:07:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2016 19:07:50 +0200 (CEST) Subject: SUSE-RU-2016:1281-1: moderate: Recommended update for perl-Bootloader Message-ID: <20160511170750.8BBA7FF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl-Bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1281-1 Rating: moderate References: #659905 #822774 #861633 #906352 #908413 #913218 #913631 #956885 #958608 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for perl-Bootloader fixes the following issues: - Strip superfluous "/boot" parts of path if there's a symbolic link 'boot' pointing to '.'. (bsc#956885) - Correctly handle quoting in /etc/fstab. (bsc#958608) - Treat dumptofs and mvdump sections similar to dumpto section. (bsc#913631) - Config file sections with no keys should not match. (bsc#913631) - Fix detection of extended partitions on virtual discs. (bsc#659905, bsc#913218) - zipl: Add target line to newly created section. (bsc#906352) - Multipath handling can lead to unexpected device mappings. (bsc#908413) - Add logrotate configuration file. (bsc#822774, bsc#861633) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-perl-Bootloader-12556=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): perl-Bootloader-0.4.89.72-9.1 References: https://bugzilla.suse.com/659905 https://bugzilla.suse.com/822774 https://bugzilla.suse.com/861633 https://bugzilla.suse.com/906352 https://bugzilla.suse.com/908413 https://bugzilla.suse.com/913218 https://bugzilla.suse.com/913631 https://bugzilla.suse.com/956885 https://bugzilla.suse.com/958608 From sle-updates at lists.suse.com Wed May 11 13:07:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2016 21:07:57 +0200 (CEST) Subject: SUSE-RU-2016:1283-1: moderate: Recommended update for augeas Message-ID: <20160511190757.25A1EFF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for augeas ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1283-1 Rating: moderate References: #933210 #975729 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for augeas fixes the following issues: - Improved inputrc, host.conf and shellvars lenses. (bsc#975729) - Temporarily rule out everything in if-up.d and if-down.d from the shellvars lens. (bsc#933210) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-756=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-756=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-756=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-756=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-756=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-756=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): augeas-debuginfo-1.2.0-10.1 augeas-debugsource-1.2.0-10.1 augeas-devel-1.2.0-10.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): augeas-debuginfo-1.2.0-10.1 augeas-debugsource-1.2.0-10.1 augeas-devel-1.2.0-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): augeas-1.2.0-10.1 augeas-debuginfo-1.2.0-10.1 augeas-debugsource-1.2.0-10.1 augeas-lenses-1.2.0-10.1 libaugeas0-1.2.0-10.1 libaugeas0-debuginfo-1.2.0-10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): augeas-1.2.0-10.1 augeas-debuginfo-1.2.0-10.1 augeas-debugsource-1.2.0-10.1 augeas-lenses-1.2.0-10.1 libaugeas0-1.2.0-10.1 libaugeas0-debuginfo-1.2.0-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): augeas-debuginfo-1.2.0-10.1 augeas-debugsource-1.2.0-10.1 libaugeas0-1.2.0-10.1 libaugeas0-debuginfo-1.2.0-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): augeas-debuginfo-1.2.0-10.1 augeas-debugsource-1.2.0-10.1 libaugeas0-1.2.0-10.1 libaugeas0-debuginfo-1.2.0-10.1 References: https://bugzilla.suse.com/933210 https://bugzilla.suse.com/975729 From sle-updates at lists.suse.com Wed May 11 15:07:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 May 2016 23:07:55 +0200 (CEST) Subject: SUSE-RU-2016:1284-1: Recommended update for fetchmail Message-ID: <20160511210755.81A00FF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for fetchmail ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1284-1 Rating: low References: #905673 #959682 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for fetchmail provides the following fixes: - Introduce a wrapper to start up fetchmail and properly convert settings from /etc/sysconfig/fetchmail to command line parameters. (bsc#905673) - Install fetchmail.service with mode 0644 instead of 0755. (bsc#959682) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-757=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-757=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-757=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-757=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): fetchmail-6.3.26-9.1 fetchmail-debuginfo-6.3.26-9.1 fetchmail-debugsource-6.3.26-9.1 fetchmailconf-6.3.26-9.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): fetchmail-6.3.26-9.1 fetchmail-debuginfo-6.3.26-9.1 fetchmail-debugsource-6.3.26-9.1 fetchmailconf-6.3.26-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): fetchmail-6.3.26-9.1 fetchmail-debuginfo-6.3.26-9.1 fetchmail-debugsource-6.3.26-9.1 - SUSE Linux Enterprise Desktop 12 (x86_64): fetchmail-6.3.26-9.1 fetchmail-debuginfo-6.3.26-9.1 fetchmail-debugsource-6.3.26-9.1 References: https://bugzilla.suse.com/905673 https://bugzilla.suse.com/959682 From sle-updates at lists.suse.com Thu May 12 09:08:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2016 17:08:44 +0200 (CEST) Subject: SUSE-RU-2016:1285-1: moderate: Recommended update for resource-agents Message-ID: <20160512150844.A19FFFF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1285-1 Rating: moderate References: #965872 #973054 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - symlink: Handle missing directories in target (bsc#973054) - SAPInstance: Update version support statement (bsc#965872) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-759=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (s390x x86_64): ldirectord-3.9.5+git633-8.13.1 monitoring-plugins-metadata-3.9.5+git633-8.13.1 resource-agents-3.9.5+git633-8.13.1 resource-agents-debuginfo-3.9.5+git633-8.13.1 resource-agents-debugsource-3.9.5+git633-8.13.1 References: https://bugzilla.suse.com/965872 https://bugzilla.suse.com/973054 From sle-updates at lists.suse.com Thu May 12 09:09:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2016 17:09:13 +0200 (CEST) Subject: SUSE-RU-2016:1286-1: moderate: Recommended update for resource-agents Message-ID: <20160512150913.D11FFFF50@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1286-1 Rating: moderate References: #965872 #973054 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - symlink: Handle missing directories in target (bsc#973054) - SAPInstance: Update version support statement (bsc#965872) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-758=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): ldirectord-3.9.6+git.1442374860.7f3628a-12.1 monitoring-plugins-metadata-3.9.6+git.1442374860.7f3628a-12.1 resource-agents-3.9.6+git.1442374860.7f3628a-12.1 resource-agents-debuginfo-3.9.6+git.1442374860.7f3628a-12.1 resource-agents-debugsource-3.9.6+git.1442374860.7f3628a-12.1 References: https://bugzilla.suse.com/965872 https://bugzilla.suse.com/973054 From sle-updates at lists.suse.com Thu May 12 10:08:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2016 18:08:10 +0200 (CEST) Subject: SUSE-RU-2016:1287-1: moderate: Recommended update for lvm2 Message-ID: <20160512160810.98B4EFF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1287-1 Rating: moderate References: #940298 #955529 #960044 #960744 #963427 #966183 #969310 #970439 #971334 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Fix clvmd.ocf and cmirrord to remove "-d" option for cmirrord. (bsc#971334) - Fix clvmd.ocf to add lvmconf --enable-cluster before starting daemon when locking_type is not 3 or use_lvmetad is 1. (bsc#970439) - Fix pvchange returning with exit code 5 if another volume group which is not related to the PVs is exported. (bsc#969310) - Omit some warning messages from pvcreate. (bsc#966183) - Change default locking_dir from "/var/lock/lvm" back to "/run/lvm/lock". (bsc#963427) - Improve pvcreate's error messages to be more informative. (bsc#960744) - Add 'Also=lvm2-lvmetad.socket' to '[Install]' section of lvm2-lvmetad.service to trigger removal of the former when the latter is disabled. (bsc#960044) - Remove verbose message when re-scanning devices. (bsc#955529) - Do not output error message inside retry loops to avoid noisy error message in case of remove failure because device is busy. (bsc#940298) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-761=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-761=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-761=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-761=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): device-mapper-devel-1.02.97-69.2 lvm2-debuginfo-2.02.120-69.2 lvm2-debugsource-2.02.120-69.2 lvm2-devel-2.02.120-69.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): device-mapper-1.02.97-69.2 device-mapper-debuginfo-1.02.97-69.2 lvm2-2.02.120-69.2 lvm2-debuginfo-2.02.120-69.2 lvm2-debugsource-2.02.120-69.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): device-mapper-32bit-1.02.97-69.2 device-mapper-debuginfo-32bit-1.02.97-69.2 - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): lvm2-clvm-2.02.120-69.2 lvm2-clvm-debuginfo-2.02.120-69.2 lvm2-cmirrord-2.02.120-69.2 lvm2-cmirrord-debuginfo-2.02.120-69.2 lvm2-debuginfo-2.02.120-69.2 lvm2-debugsource-2.02.120-69.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): device-mapper-1.02.97-69.2 device-mapper-32bit-1.02.97-69.2 device-mapper-debuginfo-1.02.97-69.2 device-mapper-debuginfo-32bit-1.02.97-69.2 lvm2-2.02.120-69.2 lvm2-debuginfo-2.02.120-69.2 lvm2-debugsource-2.02.120-69.2 References: https://bugzilla.suse.com/940298 https://bugzilla.suse.com/955529 https://bugzilla.suse.com/960044 https://bugzilla.suse.com/960744 https://bugzilla.suse.com/963427 https://bugzilla.suse.com/966183 https://bugzilla.suse.com/969310 https://bugzilla.suse.com/970439 https://bugzilla.suse.com/971334 From sle-updates at lists.suse.com Thu May 12 10:09:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2016 18:09:49 +0200 (CEST) Subject: SUSE-RU-2016:1288-1: Recommended update for hwinfo Message-ID: <20160512160949.07002FF50@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1288-1 Rating: low References: #908616 #913360 #941288 #943008 #949287 #974737 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for hwinfo provides the following fixes and enhancements: - Adjust DMI parser to read memory size according to latest SMBIOS spec. (bsc#974737) - SCSI serial id: Read VPD page 0x80 from sysfs, if possible. (bsc#949287) - Adjust disk device info gathering after NVMe driver change. (bsc#943008) - Read disk model info also via SCSI inquiry command. (bsc#943008) - Expose more properties to all devices in /proc/device-tree/vpd. (bsc#941288) - Add ARM platform devices. (bsc#908616) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-760=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-760=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-760=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): hwinfo-debuginfo-21.24-2.6.1 hwinfo-debugsource-21.24-2.6.1 hwinfo-devel-21.24-2.6.1 hwinfo-devel-debuginfo-21.24-2.6.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): hwinfo-21.24-2.6.1 hwinfo-debuginfo-21.24-2.6.1 hwinfo-debugsource-21.24-2.6.1 - SUSE Linux Enterprise Desktop 12 (x86_64): hwinfo-21.24-2.6.1 hwinfo-debuginfo-21.24-2.6.1 hwinfo-debugsource-21.24-2.6.1 References: https://bugzilla.suse.com/908616 https://bugzilla.suse.com/913360 https://bugzilla.suse.com/941288 https://bugzilla.suse.com/943008 https://bugzilla.suse.com/949287 https://bugzilla.suse.com/974737 From sle-updates at lists.suse.com Thu May 12 11:08:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2016 19:08:09 +0200 (CEST) Subject: SUSE-RU-2016:1289-1: moderate: Recommended update for s390-tools, qclib-devel Message-ID: <20160512170809.6E7D3FF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools, qclib-devel ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1289-1 Rating: moderate References: #937340 #957168 #957607 #961372 #961643 #965307 #966477 #973861 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for s390-tools and qclib-devel fixes the following issues: - Added 90-s390-tools.conf to help ensure DASD volumes in DIAG 250 mode get activated at boot time. (bsc#966477) - Avoid dasdfmt failures due to a busy device. (bsc#937340) - Fix zfcp_disk_configure script to use $_zfcp_scsi_id instead of the incorrect $_zfcp_target_id. (bsc#957168) - Rebuilt read_values to pick up fix in qclib-devel for registration failures. (bsc#957607) - Fix zfcp_san_disc so that breaking out of it won't leave "well known LUNs" in use preventing others from using them. (bsc#961372) - Replace plain text passwords collected by dbginfo.sh with asterisks. (bsc#965307) - Grant access to data collected by dbginfo.sh only to root user. (bsc#965307) - Enhance dbginfo.sh to collect data about Open vSwitch. (bsc#965307) - Enhance dbginfo.sh to collect domain XML files and extend data collection for network. (bsc#973861) - Fix chmem's memory block number calculation with memory holes. (bsc#965307) - Remove references to chzdev tool that was never implemented. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-762=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-762=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x): qclib-devel-1.0.0-4.2 qclib-devel-debuginfo-1.0.0-4.2 qclib-devel-debugsource-1.0.0-4.2 - SUSE Linux Enterprise Server 12-SP1 (s390x): osasnmpd-1.24.1-53.1 osasnmpd-debuginfo-1.24.1-53.1 s390-tools-1.24.1-53.1 s390-tools-debuginfo-1.24.1-53.1 s390-tools-debugsource-1.24.1-53.1 s390-tools-hmcdrvfs-1.24.1-53.1 s390-tools-hmcdrvfs-debuginfo-1.24.1-53.1 s390-tools-zdsfs-1.24.1-53.1 s390-tools-zdsfs-debuginfo-1.24.1-53.1 References: https://bugzilla.suse.com/937340 https://bugzilla.suse.com/957168 https://bugzilla.suse.com/957607 https://bugzilla.suse.com/961372 https://bugzilla.suse.com/961643 https://bugzilla.suse.com/965307 https://bugzilla.suse.com/966477 https://bugzilla.suse.com/973861 From sle-updates at lists.suse.com Thu May 12 12:08:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2016 20:08:01 +0200 (CEST) Subject: SUSE-SU-2016:1290-1: important: Security update for openssl Message-ID: <20160512180801.642D0FF4F@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1290-1 Rating: important References: #889013 #968050 #976942 #976943 #977614 #977615 #977617 Cross-References: CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 Affected Products: SUSE Studio Onsite 1.3 SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) - CVE-2016-0702: Side channel attack on modular exponentiation "CacheBleed" (bsc#968050) Bugs fixed: - fate#320304: build 32bit devel package - bsc#976943: Fix buffer overrun in ASN1_parse - bsc#973223: allow weak DH groups, vulnerable to the logjam attack, when environment variable OPENSSL_ALLOW_LOGJAM_ATTACK is set - bsc#889013: Rename README.SuSE to the new spelling Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-openssl-12557=1 - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openssl-12557=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-openssl-12557=1 - SUSE Manager 2.1: zypper in -t patch sleman21-openssl-12557=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openssl-12557=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssl-12557=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openssl-12557=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-openssl-12557=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-12557=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-12557=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-openssl-12557=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.97.1 - SUSE OpenStack Cloud 5 (x86_64): libopenssl-devel-0.9.8j-0.97.1 libopenssl0_9_8-0.9.8j-0.97.1 libopenssl0_9_8-32bit-0.9.8j-0.97.1 libopenssl0_9_8-hmac-0.9.8j-0.97.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1 openssl-0.9.8j-0.97.1 openssl-doc-0.9.8j-0.97.1 - SUSE Manager Proxy 2.1 (x86_64): libopenssl-devel-0.9.8j-0.97.1 libopenssl0_9_8-0.9.8j-0.97.1 libopenssl0_9_8-32bit-0.9.8j-0.97.1 libopenssl0_9_8-hmac-0.9.8j-0.97.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1 openssl-0.9.8j-0.97.1 openssl-doc-0.9.8j-0.97.1 - SUSE Manager 2.1 (s390x x86_64): libopenssl-devel-0.9.8j-0.97.1 libopenssl0_9_8-0.9.8j-0.97.1 libopenssl0_9_8-32bit-0.9.8j-0.97.1 libopenssl0_9_8-hmac-0.9.8j-0.97.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1 openssl-0.9.8j-0.97.1 openssl-doc-0.9.8j-0.97.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.97.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libopenssl-devel-32bit-0.9.8j-0.97.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.97.1 libopenssl0_9_8-hmac-0.9.8j-0.97.1 openssl-0.9.8j-0.97.1 openssl-doc-0.9.8j-0.97.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.97.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libopenssl0_9_8-x86-0.9.8j-0.97.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.97.1 libopenssl0_9_8-0.9.8j-0.97.1 libopenssl0_9_8-hmac-0.9.8j-0.97.1 openssl-0.9.8j-0.97.1 openssl-doc-0.9.8j-0.97.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.97.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.97.1 libopenssl0_9_8-0.9.8j-0.97.1 libopenssl0_9_8-hmac-0.9.8j-0.97.1 openssl-0.9.8j-0.97.1 openssl-doc-0.9.8j-0.97.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.97.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.97.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.97.1 openssl-debugsource-0.9.8j-0.97.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.97.1 openssl-debugsource-0.9.8j-0.97.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.97.1 openssl-debugsource-0.9.8j-0.97.1 References: https://www.suse.com/security/cve/CVE-2016-0702.html https://www.suse.com/security/cve/CVE-2016-2105.html https://www.suse.com/security/cve/CVE-2016-2106.html https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-2109.html https://bugzilla.suse.com/889013 https://bugzilla.suse.com/968050 https://bugzilla.suse.com/976942 https://bugzilla.suse.com/976943 https://bugzilla.suse.com/977614 https://bugzilla.suse.com/977615 https://bugzilla.suse.com/977617 From sle-updates at lists.suse.com Thu May 12 12:09:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2016 20:09:15 +0200 (CEST) Subject: SUSE-SU-2016:1291-1: important: Security update for ntp Message-ID: <20160512180915.539AAFF50@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1291-1 Rating: important References: #957226 #977446 #977450 #977451 #977452 #977455 #977457 #977458 #977459 #977461 #977464 Cross-References: CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for ntp to 4.2.8p7 fixes the following issues: * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * This update also improves the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 Bugs fixed: - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (bsc#957226). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-764=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-764=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ntp-4.2.8p7-11.1 ntp-debuginfo-4.2.8p7-11.1 ntp-debugsource-4.2.8p7-11.1 ntp-doc-4.2.8p7-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ntp-4.2.8p7-11.1 ntp-debuginfo-4.2.8p7-11.1 ntp-debugsource-4.2.8p7-11.1 ntp-doc-4.2.8p7-11.1 References: https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2016-1547.html https://www.suse.com/security/cve/CVE-2016-1548.html https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2016-1550.html https://www.suse.com/security/cve/CVE-2016-1551.html https://www.suse.com/security/cve/CVE-2016-2516.html https://www.suse.com/security/cve/CVE-2016-2517.html https://www.suse.com/security/cve/CVE-2016-2518.html https://www.suse.com/security/cve/CVE-2016-2519.html https://bugzilla.suse.com/957226 https://bugzilla.suse.com/977446 https://bugzilla.suse.com/977450 https://bugzilla.suse.com/977451 https://bugzilla.suse.com/977452 https://bugzilla.suse.com/977455 https://bugzilla.suse.com/977457 https://bugzilla.suse.com/977458 https://bugzilla.suse.com/977459 https://bugzilla.suse.com/977461 https://bugzilla.suse.com/977464 From sle-updates at lists.suse.com Thu May 12 14:07:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 May 2016 22:07:53 +0200 (CEST) Subject: SUSE-RU-2016:1293-1: moderate: Recommended update for s390-tools Message-ID: <20160512200753.87AB3FF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1293-1 Rating: moderate References: #937340 #957168 #961372 #965165 #966477 Affected Products: SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for s390-tools provides the following fixes: - Added 90-s390-tools.conf to help ensure DASD volumes in DIAG 250 mode get activated at boot time. (bsc#966477) - Avoid dasdfmt failures due to a busy device. (bsc#937340) - Remove references to chzdev tool that was never implemented. - Fix zfcp_disk_configure script to use $_zfcp_scsi_id instead of the incorrect $_zfcp_target_id. (bsc#957168) - Added 59-prng.rules so that /dev/prandom will have permissions of 0444. This will allow anyone to access the CPACF hardware pseudo-random number generator. (bsc#965165) - Fix zfcp_san_disc so that breaking out of it won't leave "well known LUNs" in use preventing others from using them. (bsc#961372) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-765=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (s390x): osasnmpd-1.24.1-39.16.1 osasnmpd-debuginfo-1.24.1-39.16.1 s390-tools-1.24.1-39.16.1 s390-tools-debuginfo-1.24.1-39.16.1 s390-tools-debugsource-1.24.1-39.16.1 s390-tools-zdsfs-1.24.1-39.16.1 s390-tools-zdsfs-debuginfo-1.24.1-39.16.1 References: https://bugzilla.suse.com/937340 https://bugzilla.suse.com/957168 https://bugzilla.suse.com/961372 https://bugzilla.suse.com/965165 https://bugzilla.suse.com/966477 From sle-updates at lists.suse.com Fri May 13 08:08:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 May 2016 16:08:15 +0200 (CEST) Subject: SUSE-SU-2016:1299-1: important: Security update for java-1_7_1-ibm Message-ID: <20160513140815.57BE6FF4F@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1299-1 Rating: important References: #977646 #977648 #977650 #979252 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This IBM Java 1.7.1 SR3 FP40 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-766=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-766=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-766=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-766=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.40-25.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.40-25.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.40-25.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.40-25.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.40-25.1 java-1_7_1-ibm-plugin-1.7.1_sr3.40-25.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.40-25.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.40-25.1 - SUSE Linux Enterprise Server 12 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.40-25.1 java-1_7_1-ibm-plugin-1.7.1_sr3.40-25.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 From sle-updates at lists.suse.com Fri May 13 08:09:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 May 2016 16:09:01 +0200 (CEST) Subject: SUSE-SU-2016:1300-1: important: Security update for java-1_7_1-ibm Message-ID: <20160513140901.3B73CFF50@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1300-1 Rating: important References: #977646 #977648 #977650 #979252 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This IBM Java 1.7.1 SR3 FP40 relese fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1-ibm-12558=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1-ibm-12558=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.40-13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.40-13.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.40-13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.40-13.1 java-1_7_1-ibm-plugin-1.7.1_sr3.40-13.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 From sle-updates at lists.suse.com Fri May 13 12:08:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 May 2016 20:08:06 +0200 (CEST) Subject: SUSE-SU-2016:1301-1: important: Security update for ImageMagick Message-ID: <20160513180806.C7EF7FF4F@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1301-1 Rating: important References: #978061 Cross-References: CVE-2016-3714 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ImageMagick fixes the following issues: - bsc#978061: A vulnerability in ImageMagick's "https" module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the vulnerability by disabling all access to the "https" module in the "delegates.xml" config file. (CVE-2016-3714) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ImageMagick-12560=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-ImageMagick-12560=1 - SUSE Manager 2.1: zypper in -t patch sleman21-ImageMagick-12560=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-12560=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-12560=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ImageMagick-12560=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ImageMagick-12560=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-12560=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ImageMagick-12560=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-ImageMagick-12560=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): libMagickCore1-32bit-6.4.3.6-7.37.1 libMagickCore1-6.4.3.6-7.37.1 - SUSE Manager Proxy 2.1 (x86_64): libMagickCore1-32bit-6.4.3.6-7.37.1 libMagickCore1-6.4.3.6-7.37.1 - SUSE Manager 2.1 (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.37.1 libMagickCore1-6.4.3.6-7.37.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.37.1 ImageMagick-devel-6.4.3.6-7.37.1 libMagick++-devel-6.4.3.6-7.37.1 libMagick++1-6.4.3.6-7.37.1 libMagickWand1-6.4.3.6-7.37.1 perl-PerlMagick-6.4.3.6-7.37.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.37.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.37.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.37.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libMagickCore1-6.4.3.6-7.37.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.37.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libMagickCore1-6.4.3.6-7.37.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.37.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.37.1 ImageMagick-debugsource-6.4.3.6-7.37.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.37.1 ImageMagick-debugsource-6.4.3.6-7.37.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.37.1 ImageMagick-debugsource-6.4.3.6-7.37.1 References: https://www.suse.com/security/cve/CVE-2016-3714.html https://bugzilla.suse.com/978061 From sle-updates at lists.suse.com Fri May 13 12:08:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 May 2016 20:08:33 +0200 (CEST) Subject: SUSE-OU-2016:1302-1: Initial release of SUSE Connect Program Message-ID: <20160513180833.467EAFF50@maintenance.suse.de> SUSE Optional Update: Initial release of SUSE Connect Program ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:1302-1 Rating: low References: #978846 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides a YaST2 module to assist system administrators with the installation of third-party partner products for SUSE Enterprise Linux for SAP Applications 12 SP1. Two new packages have been added to the product: yast2-sap-scp and yast2-sap-scp-prodlist. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-770=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): yast2-sap-scp-1.0.2-4.1 yast2-sap-scp-prodlist-1.0.2-2.2 References: https://bugzilla.suse.com/978846 From sle-updates at lists.suse.com Fri May 13 13:07:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 May 2016 21:07:54 +0200 (CEST) Subject: SUSE-SU-2016:1303-1: important: Security update for java-1_6_0-ibm Message-ID: <20160513190754.8E24FFF4F@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1303-1 Rating: important References: #977646 #977648 #977650 #979252 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This IBM Java 1.6.0 SR16 FP25 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-771=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.25-34.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-34.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-34.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.25-34.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 From sle-updates at lists.suse.com Mon May 16 10:08:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 May 2016 18:08:08 +0200 (CEST) Subject: SUSE-SU-2016:1305-1: important: Security update for flash-player Message-ID: <20160516160808.1707DFF5A@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1305-1 Rating: important References: #979422 Cross-References: CVE-2016-1006 CVE-2016-1011 CVE-2016-1012 CVE-2016-1013 CVE-2016-1014 CVE-2016-1015 CVE-2016-1016 CVE-2016-1017 CVE-2016-1018 CVE-2016-1019 CVE-2016-1020 CVE-2016-1021 CVE-2016-1022 CVE-2016-1023 CVE-2016-1024 CVE-2016-1025 CVE-2016-1026 CVE-2016-1027 CVE-2016-1028 CVE-2016-1029 CVE-2016-1030 CVE-2016-1031 CVE-2016-1032 CVE-2016-1033 CVE-2016-1096 CVE-2016-1097 CVE-2016-1098 CVE-2016-1099 CVE-2016-1100 CVE-2016-1101 CVE-2016-1102 CVE-2016-1103 CVE-2016-1104 CVE-2016-1105 CVE-2016-1106 CVE-2016-1107 CVE-2016-1108 CVE-2016-1109 CVE-2016-1110 CVE-2016-4108 CVE-2016-4109 CVE-2016-4110 CVE-2016-4111 CVE-2016-4112 CVE-2016-4113 CVE-2016-4114 CVE-2016-4115 CVE-2016-4116 CVE-2016-4117 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes 49 vulnerabilities is now available. Description: This update for flash-player fixes the following issues: - Security update to 11.2.202.621 (bsc#979422): * APSA16-02, APSB16-15, CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117 - The following CVEs got fixed during the previous release, but got published afterwards: * APSA16-01, APSB16-10, CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-772=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-772=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-772=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-772=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.621-130.1 flash-player-gnome-11.2.202.621-130.1 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): flash-player-11.2.202.621-130.1 flash-player-gnome-11.2.202.621-130.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.621-130.1 flash-player-gnome-11.2.202.621-130.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flash-player-11.2.202.621-130.1 flash-player-gnome-11.2.202.621-130.1 References: https://www.suse.com/security/cve/CVE-2016-1006.html https://www.suse.com/security/cve/CVE-2016-1011.html https://www.suse.com/security/cve/CVE-2016-1012.html https://www.suse.com/security/cve/CVE-2016-1013.html https://www.suse.com/security/cve/CVE-2016-1014.html https://www.suse.com/security/cve/CVE-2016-1015.html https://www.suse.com/security/cve/CVE-2016-1016.html https://www.suse.com/security/cve/CVE-2016-1017.html https://www.suse.com/security/cve/CVE-2016-1018.html https://www.suse.com/security/cve/CVE-2016-1019.html https://www.suse.com/security/cve/CVE-2016-1020.html https://www.suse.com/security/cve/CVE-2016-1021.html https://www.suse.com/security/cve/CVE-2016-1022.html https://www.suse.com/security/cve/CVE-2016-1023.html https://www.suse.com/security/cve/CVE-2016-1024.html https://www.suse.com/security/cve/CVE-2016-1025.html https://www.suse.com/security/cve/CVE-2016-1026.html https://www.suse.com/security/cve/CVE-2016-1027.html https://www.suse.com/security/cve/CVE-2016-1028.html https://www.suse.com/security/cve/CVE-2016-1029.html https://www.suse.com/security/cve/CVE-2016-1030.html https://www.suse.com/security/cve/CVE-2016-1031.html https://www.suse.com/security/cve/CVE-2016-1032.html https://www.suse.com/security/cve/CVE-2016-1033.html https://www.suse.com/security/cve/CVE-2016-1096.html https://www.suse.com/security/cve/CVE-2016-1097.html https://www.suse.com/security/cve/CVE-2016-1098.html https://www.suse.com/security/cve/CVE-2016-1099.html https://www.suse.com/security/cve/CVE-2016-1100.html https://www.suse.com/security/cve/CVE-2016-1101.html https://www.suse.com/security/cve/CVE-2016-1102.html https://www.suse.com/security/cve/CVE-2016-1103.html https://www.suse.com/security/cve/CVE-2016-1104.html https://www.suse.com/security/cve/CVE-2016-1105.html https://www.suse.com/security/cve/CVE-2016-1106.html https://www.suse.com/security/cve/CVE-2016-1107.html https://www.suse.com/security/cve/CVE-2016-1108.html https://www.suse.com/security/cve/CVE-2016-1109.html https://www.suse.com/security/cve/CVE-2016-1110.html https://www.suse.com/security/cve/CVE-2016-4108.html https://www.suse.com/security/cve/CVE-2016-4109.html https://www.suse.com/security/cve/CVE-2016-4110.html https://www.suse.com/security/cve/CVE-2016-4111.html https://www.suse.com/security/cve/CVE-2016-4112.html https://www.suse.com/security/cve/CVE-2016-4113.html https://www.suse.com/security/cve/CVE-2016-4114.html https://www.suse.com/security/cve/CVE-2016-4115.html https://www.suse.com/security/cve/CVE-2016-4116.html https://www.suse.com/security/cve/CVE-2016-4117.html https://bugzilla.suse.com/979422 From sle-updates at lists.suse.com Tue May 17 07:08:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 May 2016 15:08:22 +0200 (CEST) Subject: SUSE-SU-2016:1310-1: moderate: Security update for php53 Message-ID: <20160517130822.050D1FF5A@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1310-1 Rating: moderate References: #976996 #976997 #977003 #977005 Cross-References: CVE-2015-8866 CVE-2015-8867 CVE-2016-4070 CVE-2016-4073 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for php53 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut() (bsc#977003) - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes() did not return cryptographically secure random bytes (bsc#977005) - CVE-2016-4070: The libxml_disable_entity_loader() setting was shared between threads, which could have resulted in XML external entity injection and entity expansion issues (bsc#976997) - CVE-2015-8866: A remote attacker could have caused denial of service due to incorrect handling of large strings in php_raw_url_encode() (bsc#976996) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12563=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12563=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12563=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-62.1 php53-imap-5.3.17-62.1 php53-posix-5.3.17-62.1 php53-readline-5.3.17-62.1 php53-sockets-5.3.17-62.1 php53-sqlite-5.3.17-62.1 php53-tidy-5.3.17-62.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-62.1 php53-5.3.17-62.1 php53-bcmath-5.3.17-62.1 php53-bz2-5.3.17-62.1 php53-calendar-5.3.17-62.1 php53-ctype-5.3.17-62.1 php53-curl-5.3.17-62.1 php53-dba-5.3.17-62.1 php53-dom-5.3.17-62.1 php53-exif-5.3.17-62.1 php53-fastcgi-5.3.17-62.1 php53-fileinfo-5.3.17-62.1 php53-ftp-5.3.17-62.1 php53-gd-5.3.17-62.1 php53-gettext-5.3.17-62.1 php53-gmp-5.3.17-62.1 php53-iconv-5.3.17-62.1 php53-intl-5.3.17-62.1 php53-json-5.3.17-62.1 php53-ldap-5.3.17-62.1 php53-mbstring-5.3.17-62.1 php53-mcrypt-5.3.17-62.1 php53-mysql-5.3.17-62.1 php53-odbc-5.3.17-62.1 php53-openssl-5.3.17-62.1 php53-pcntl-5.3.17-62.1 php53-pdo-5.3.17-62.1 php53-pear-5.3.17-62.1 php53-pgsql-5.3.17-62.1 php53-pspell-5.3.17-62.1 php53-shmop-5.3.17-62.1 php53-snmp-5.3.17-62.1 php53-soap-5.3.17-62.1 php53-suhosin-5.3.17-62.1 php53-sysvmsg-5.3.17-62.1 php53-sysvsem-5.3.17-62.1 php53-sysvshm-5.3.17-62.1 php53-tokenizer-5.3.17-62.1 php53-wddx-5.3.17-62.1 php53-xmlreader-5.3.17-62.1 php53-xmlrpc-5.3.17-62.1 php53-xmlwriter-5.3.17-62.1 php53-xsl-5.3.17-62.1 php53-zip-5.3.17-62.1 php53-zlib-5.3.17-62.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-62.1 php53-debugsource-5.3.17-62.1 References: https://www.suse.com/security/cve/CVE-2015-8866.html https://www.suse.com/security/cve/CVE-2015-8867.html https://www.suse.com/security/cve/CVE-2016-4070.html https://www.suse.com/security/cve/CVE-2016-4073.html https://bugzilla.suse.com/976996 https://bugzilla.suse.com/976997 https://bugzilla.suse.com/977003 https://bugzilla.suse.com/977005 From sle-updates at lists.suse.com Tue May 17 07:09:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 May 2016 15:09:14 +0200 (CEST) Subject: SUSE-SU-2016:1311-1: important: Security update for ntp Message-ID: <20160517130914.5A1F2FF5C@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1311-1 Rating: important References: #782060 #784760 #905885 #910063 #916617 #920183 #920238 #926510 #936327 #937837 #942441 #942587 #943216 #943218 #944300 #946386 #951351 #951559 #951608 #951629 #954982 #956773 #962318 #962784 #962802 #962960 #962966 #962970 #962988 #962994 #962995 #962997 #963000 #963002 #975496 #975981 Cross-References: CVE-2015-5194 CVE-2015-5219 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 30 vulnerabilities and has 6 fixes is now available. Description: This network time protocol server ntp was updated to 4.2.8p6 to fix the following issues: Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837) Major functional changes: - The "sntp" commandline tool changed its option handling in a major way. - "controlkey 1" is added during update to ntp.conf to allow sntp to work. - The local clock is being disabled during update. - ntpd is no longer running chrooted. Other functional changes: - ntp-signd is installed. - "enable mode7" can be added to the configuration to allow ntdpc to work as compatibility mode option. - "kod" was removed from the default restrictions. - SHA1 keys are used by default instead of MD5 keys. These security issues were fixed: - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). - CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966). - CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002). - CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784). - CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000). - CVE-2015-7977: reslist NULL pointer dereference (bsc#962970). - CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802). - CVE-2015-7975: nextvar() missing length check (bsc#962988). - CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960). - CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995). - CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994). - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997). - CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629). - CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608). - CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608). - CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608). - CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608). - CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608). - CVE-2015-7850: remote config logfile-keyfile (bsc#951608). - CVE-2015-7849: trusted key use-after-free (bsc#951608). - CVE-2015-7848: mode 7 loop counter underrun (bsc#951608). - CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608). - CVE-2015-7703: configuration directives "pidfile" and "driftfile" should only be allowed locally (bsc#951608). - CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608). - CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608). These non-security issues were fixed: - fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd). This replaces the w32 patches in 4.2.4 that added the authreg directive. - bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. - bsc#782060: Speedup ntpq. - bsc#916617: Add /var/db/ntp-kod. - bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems. - bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST. - Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted. - Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq. - bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution. - bsc#905885: Use SHA1 instead of MD5 for symmetric keys. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - bsc#944300: Remove "kod" from the restrict line in ntp.conf. - bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd. - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore. - Add "addserver" as a new legacy action. - bsc#910063: Fix the comment regarding addserver in ntp.conf. - bsc#926510: Disable chroot by default. - bsc#920238: Enable ntpdc for backwards compatibility. - bsc#784760: Remove local clock from default configuration. - bsc#942441/fate#319496: Require perl-Socket6. - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - bsc#920183: Allow -4 and -6 address qualifiers in "server" directives. - Use upstream ntp-wait, because our version is incompatible with the new ntpq command line syntax. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ntp-12561=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-ntp-12561=1 - SUSE Manager 2.1: zypper in -t patch sleman21-ntp-12561=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ntp-12561=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ntp-12561=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ntp-12561=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-ntp-12561=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ntp-4.2.8p6-41.1 ntp-doc-4.2.8p6-41.1 - SUSE Manager Proxy 2.1 (x86_64): ntp-4.2.8p6-41.1 ntp-doc-4.2.8p6-41.1 - SUSE Manager 2.1 (s390x x86_64): ntp-4.2.8p6-41.1 ntp-doc-4.2.8p6-41.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ntp-4.2.8p6-41.1 ntp-doc-4.2.8p6-41.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): ntp-4.2.8p6-41.1 ntp-doc-4.2.8p6-41.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (noarch): yast2-ntp-client-2.17.14.1-1.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ntp-debuginfo-4.2.8p6-41.1 ntp-debugsource-4.2.8p6-41.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): ntp-debuginfo-4.2.8p6-41.1 ntp-debugsource-4.2.8p6-41.1 References: https://www.suse.com/security/cve/CVE-2015-5194.html https://www.suse.com/security/cve/CVE-2015-5219.html https://www.suse.com/security/cve/CVE-2015-5300.html https://www.suse.com/security/cve/CVE-2015-7691.html https://www.suse.com/security/cve/CVE-2015-7692.html https://www.suse.com/security/cve/CVE-2015-7701.html https://www.suse.com/security/cve/CVE-2015-7702.html https://www.suse.com/security/cve/CVE-2015-7703.html https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7848.html https://www.suse.com/security/cve/CVE-2015-7849.html https://www.suse.com/security/cve/CVE-2015-7850.html https://www.suse.com/security/cve/CVE-2015-7851.html https://www.suse.com/security/cve/CVE-2015-7852.html https://www.suse.com/security/cve/CVE-2015-7853.html https://www.suse.com/security/cve/CVE-2015-7854.html https://www.suse.com/security/cve/CVE-2015-7855.html https://www.suse.com/security/cve/CVE-2015-7871.html https://www.suse.com/security/cve/CVE-2015-7973.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2015-7975.html https://www.suse.com/security/cve/CVE-2015-7976.html https://www.suse.com/security/cve/CVE-2015-7977.html https://www.suse.com/security/cve/CVE-2015-7978.html https://www.suse.com/security/cve/CVE-2015-7979.html https://www.suse.com/security/cve/CVE-2015-8138.html https://www.suse.com/security/cve/CVE-2015-8139.html https://www.suse.com/security/cve/CVE-2015-8140.html https://www.suse.com/security/cve/CVE-2015-8158.html https://bugzilla.suse.com/782060 https://bugzilla.suse.com/784760 https://bugzilla.suse.com/905885 https://bugzilla.suse.com/910063 https://bugzilla.suse.com/916617 https://bugzilla.suse.com/920183 https://bugzilla.suse.com/920238 https://bugzilla.suse.com/926510 https://bugzilla.suse.com/936327 https://bugzilla.suse.com/937837 https://bugzilla.suse.com/942441 https://bugzilla.suse.com/942587 https://bugzilla.suse.com/943216 https://bugzilla.suse.com/943218 https://bugzilla.suse.com/944300 https://bugzilla.suse.com/946386 https://bugzilla.suse.com/951351 https://bugzilla.suse.com/951559 https://bugzilla.suse.com/951608 https://bugzilla.suse.com/951629 https://bugzilla.suse.com/954982 https://bugzilla.suse.com/956773 https://bugzilla.suse.com/962318 https://bugzilla.suse.com/962784 https://bugzilla.suse.com/962802 https://bugzilla.suse.com/962960 https://bugzilla.suse.com/962966 https://bugzilla.suse.com/962970 https://bugzilla.suse.com/962988 https://bugzilla.suse.com/962994 https://bugzilla.suse.com/962995 https://bugzilla.suse.com/962997 https://bugzilla.suse.com/963000 https://bugzilla.suse.com/963002 https://bugzilla.suse.com/975496 https://bugzilla.suse.com/975981 From sle-updates at lists.suse.com Tue May 17 07:16:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 May 2016 15:16:46 +0200 (CEST) Subject: SUSE-RU-2016:1315-1: moderate: Recommended update for yast2-ntp-client Message-ID: <20160517131646.351B6FF5C@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1315-1 Rating: moderate References: #916617 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-ntp-client fixes the following issues: - Calls to sntp adjusted to the syntax of ntp 4.2.8 (bsc#916617, FATE#320392) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-yast2-ntp-client-12562=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-yast2-ntp-client-12562=1 - SUSE Manager 2.1: zypper in -t patch sleman21-yast2-ntp-client-12562=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-yast2-ntp-client-12562=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): yast2-ntp-client-2.17.15.2-8.6.1 - SUSE Manager Proxy 2.1 (noarch): yast2-ntp-client-2.17.15.2-8.6.1 - SUSE Manager 2.1 (noarch): yast2-ntp-client-2.17.15.2-8.6.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): yast2-ntp-client-2.17.15.2-8.6.1 References: https://bugzilla.suse.com/916617 From sle-updates at lists.suse.com Tue May 17 09:08:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 May 2016 17:08:07 +0200 (CEST) Subject: SUSE-RU-2016:1317-1: Recommended update for zypper-docker Message-ID: <20160517150808.017A1FF5A@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper-docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1317-1 Rating: low References: #978467 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides zypper-docker 1.2.0, which brings the following enhancements: New Features: - The list-patches command has gained the --severity flag. Minor Improvements: - The --help flag is now more specific on commands arguments. - The cache file is now safe from concurrent accesses. - Clean zypper's cache after patch or update. - Display error message when image does not exist. - Run all zypper commands as root. Other: - Migrated client from samalba/dockerclient to docker/engine-api. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-778=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): zypper-docker-1.2.0-14.1 zypper-docker-debuginfo-1.2.0-14.1 zypper-docker-debugsource-1.2.0-14.1 References: https://bugzilla.suse.com/978467 From sle-updates at lists.suse.com Tue May 17 10:07:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 May 2016 18:07:36 +0200 (CEST) Subject: SUSE-SU-2016:1318-1: important: Security update for xen Message-ID: <20160517160736.037FCFF5A@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1318-1 Rating: important References: #954872 #956832 #957988 #958007 #958009 #958493 #958523 #958918 #959006 #959387 #959695 #960707 #960726 #960836 #960861 #960862 #961332 #961358 #961692 #962321 #962335 #962360 #962611 #962627 #962632 #962642 #962758 #963783 #963923 #964415 #964431 #964452 #964644 #964746 #964925 #964929 #964947 #964950 #965112 #965156 #965269 #965315 #965317 #967090 #967101 #968004 #969125 #969126 Cross-References: CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2014-0222 CVE-2014-3640 CVE-2014-3689 CVE-2014-7815 CVE-2014-9718 CVE-2015-1779 CVE-2015-5278 CVE-2015-6855 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 45 vulnerabilities and has three fixes is now available. Description: xen was updated to fix 46 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers (bsc#964746). - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image (bsc#964929). - CVE-2013-4530: Buffer overflow in hw/ssi/pl022.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image (bsc#964950). - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image (bsc#964644). - CVE-2013-4534: Buffer overflow in hw/intc/openpic.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements (bsc#964452). - CVE-2013-4537: The ssi_sd_transfer function in hw/sd/ssi-sd.c allowed remote attackers to execute arbitrary code via a crafted arglen value in a savevm image (bsc#962642). - CVE-2013-4538: Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c allowed remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image (bsc#962335). - CVE-2013-4539: Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c might have allowed remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image (bsc#962758). - CVE-2014-0222: Integer overflow in the qcow_open function in block/qcow.c allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#964925). - CVE-2014-3640: The sosendto function in slirp/udp.c allowed local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket (bsc#965112). - CVE-2014-3689: The vmware-vga driver (hw/display/vmware_vga.c) allowed local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling (bsc#962611). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#962627). - CVE-2014-9718: The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality had multiple interpretations of a function's return value, which allowed guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions (bsc#964431). - CVE-2015-1779: The VNC websocket frame decoder allowed remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section (bsc#962632). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#964947). - CVE-2015-6855: hw/ide/core.c did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#965156). - CVE-2015-7512: Buffer overflow in the pcnet_receive function in hw/net/pcnet.c, when a guest NIC has a larger MTU, allowed remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet (bsc#962360). - CVE-2015-7549: pci: NULL pointer dereference issue (bsc#958918). - CVE-2015-8345: eepro100: infinite loop in processing command block list (bsc#956832). - CVE-2015-8504: VNC: floating point exception (bsc#958493). - CVE-2015-8550: Paravirtualized drivers were incautious about shared memory contents (XSA-155) (bsc#957988). - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164) (bsc#958007). - CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization (XSA-165) (bsc#958009). - CVE-2015-8558: Infinite loop in ehci_advance_state resulted in DoS (bsc#959006). - CVE-2015-8567: vmxnet3: host memory leakage (bsc#959387). - CVE-2015-8568: vmxnet3: host memory leakage (bsc#959387). - CVE-2015-8613: SCSI: stack based buffer overflow in megasas_ctrl_get_info (bsc#961358). - CVE-2015-8619: Stack based OOB write in hmp_sendkey routine (bsc#965269). - CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960726). - CVE-2015-8744: vmxnet3: Incorrect l2 header validation lead to a crash via assert(2) call (bsc#960836). - CVE-2015-8745: Reading IMR registers lead to a crash via assert(2) call (bsc#960707). - CVE-2015-8817: OOB access in address_space_rw lead to segmentation fault (I) (bsc#969125). - CVE-2015-8818: OOB access in address_space_rw lead to segmentation fault (II) (bsc#969126). - CVE-2016-1568: AHCI use-after-free vulnerability in aio port commands (bsc#961332). - CVE-2016-1570: The PV superpage functionality in arch/x86/mm.c allowed local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates (bsc#960861). - CVE-2016-1571: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) (bsc#960862). - CVE-2016-1714: nvram: OOB r/w access in processing firmware configurations (bsc#961692). - CVE-2016-1922: NULL pointer dereference in vapic_write() (bsc#962321). - CVE-2016-1981: e1000 infinite loop in start_xmit and e1000_receive_iov routines (bsc#963783). - CVE-2016-2198: EHCI NULL pointer dereference in ehci_caps_write (bsc#964415). - CVE-2016-2270: Xen allowed local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings (bsc#965315). - CVE-2016-2271: VMX when using an Intel or Cyrix CPU, allowed local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP (bsc#965317). - CVE-2016-2391: usb: multiple eof_timers in ohci module lead to NULL pointer dereference (bsc#967101). - CVE-2016-2392: NULL pointer dereference in remote NDIS control message handling (bsc#967090). - CVE-2016-2538: Integer overflow in remote NDIS control message handling (bsc#968004). - XSA-166: ioreq handling possibly susceptible to multiple read issue (bsc#958523). These non-security issues were fixed: - bsc#954872: script block-dmmd not working as expected - bsc#963923: domain weights not honored when sched-credit tslice is reduced - bsc#959695: Missing docs for xen Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-779=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-779=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-779=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (x86_64): xen-debugsource-4.4.4_02-22.19.1 xen-devel-4.4.4_02-22.19.1 - SUSE Linux Enterprise Server 12 (x86_64): xen-4.4.4_02-22.19.1 xen-debugsource-4.4.4_02-22.19.1 xen-doc-html-4.4.4_02-22.19.1 xen-kmp-default-4.4.4_02_k3.12.55_52.42-22.19.1 xen-kmp-default-debuginfo-4.4.4_02_k3.12.55_52.42-22.19.1 xen-libs-32bit-4.4.4_02-22.19.1 xen-libs-4.4.4_02-22.19.1 xen-libs-debuginfo-32bit-4.4.4_02-22.19.1 xen-libs-debuginfo-4.4.4_02-22.19.1 xen-tools-4.4.4_02-22.19.1 xen-tools-debuginfo-4.4.4_02-22.19.1 xen-tools-domU-4.4.4_02-22.19.1 xen-tools-domU-debuginfo-4.4.4_02-22.19.1 - SUSE Linux Enterprise Desktop 12 (x86_64): xen-4.4.4_02-22.19.1 xen-debugsource-4.4.4_02-22.19.1 xen-kmp-default-4.4.4_02_k3.12.55_52.42-22.19.1 xen-kmp-default-debuginfo-4.4.4_02_k3.12.55_52.42-22.19.1 xen-libs-32bit-4.4.4_02-22.19.1 xen-libs-4.4.4_02-22.19.1 xen-libs-debuginfo-32bit-4.4.4_02-22.19.1 xen-libs-debuginfo-4.4.4_02-22.19.1 References: https://www.suse.com/security/cve/CVE-2013-4527.html https://www.suse.com/security/cve/CVE-2013-4529.html https://www.suse.com/security/cve/CVE-2013-4530.html https://www.suse.com/security/cve/CVE-2013-4533.html https://www.suse.com/security/cve/CVE-2013-4534.html https://www.suse.com/security/cve/CVE-2013-4537.html https://www.suse.com/security/cve/CVE-2013-4538.html https://www.suse.com/security/cve/CVE-2013-4539.html https://www.suse.com/security/cve/CVE-2014-0222.html https://www.suse.com/security/cve/CVE-2014-3640.html https://www.suse.com/security/cve/CVE-2014-3689.html https://www.suse.com/security/cve/CVE-2014-7815.html https://www.suse.com/security/cve/CVE-2014-9718.html https://www.suse.com/security/cve/CVE-2015-1779.html https://www.suse.com/security/cve/CVE-2015-5278.html https://www.suse.com/security/cve/CVE-2015-6855.html https://www.suse.com/security/cve/CVE-2015-7512.html https://www.suse.com/security/cve/CVE-2015-7549.html https://www.suse.com/security/cve/CVE-2015-8345.html https://www.suse.com/security/cve/CVE-2015-8504.html https://www.suse.com/security/cve/CVE-2015-8550.html https://www.suse.com/security/cve/CVE-2015-8554.html https://www.suse.com/security/cve/CVE-2015-8555.html https://www.suse.com/security/cve/CVE-2015-8558.html https://www.suse.com/security/cve/CVE-2015-8567.html https://www.suse.com/security/cve/CVE-2015-8568.html https://www.suse.com/security/cve/CVE-2015-8613.html https://www.suse.com/security/cve/CVE-2015-8619.html https://www.suse.com/security/cve/CVE-2015-8743.html https://www.suse.com/security/cve/CVE-2015-8744.html https://www.suse.com/security/cve/CVE-2015-8745.html https://www.suse.com/security/cve/CVE-2015-8817.html https://www.suse.com/security/cve/CVE-2015-8818.html https://www.suse.com/security/cve/CVE-2016-1568.html https://www.suse.com/security/cve/CVE-2016-1570.html https://www.suse.com/security/cve/CVE-2016-1571.html https://www.suse.com/security/cve/CVE-2016-1714.html https://www.suse.com/security/cve/CVE-2016-1922.html https://www.suse.com/security/cve/CVE-2016-1981.html https://www.suse.com/security/cve/CVE-2016-2198.html https://www.suse.com/security/cve/CVE-2016-2270.html https://www.suse.com/security/cve/CVE-2016-2271.html https://www.suse.com/security/cve/CVE-2016-2391.html https://www.suse.com/security/cve/CVE-2016-2392.html https://www.suse.com/security/cve/CVE-2016-2538.html https://bugzilla.suse.com/954872 https://bugzilla.suse.com/956832 https://bugzilla.suse.com/957988 https://bugzilla.suse.com/958007 https://bugzilla.suse.com/958009 https://bugzilla.suse.com/958493 https://bugzilla.suse.com/958523 https://bugzilla.suse.com/958918 https://bugzilla.suse.com/959006 https://bugzilla.suse.com/959387 https://bugzilla.suse.com/959695 https://bugzilla.suse.com/960707 https://bugzilla.suse.com/960726 https://bugzilla.suse.com/960836 https://bugzilla.suse.com/960861 https://bugzilla.suse.com/960862 https://bugzilla.suse.com/961332 https://bugzilla.suse.com/961358 https://bugzilla.suse.com/961692 https://bugzilla.suse.com/962321 https://bugzilla.suse.com/962335 https://bugzilla.suse.com/962360 https://bugzilla.suse.com/962611 https://bugzilla.suse.com/962627 https://bugzilla.suse.com/962632 https://bugzilla.suse.com/962642 https://bugzilla.suse.com/962758 https://bugzilla.suse.com/963783 https://bugzilla.suse.com/963923 https://bugzilla.suse.com/964415 https://bugzilla.suse.com/964431 https://bugzilla.suse.com/964452 https://bugzilla.suse.com/964644 https://bugzilla.suse.com/964746 https://bugzilla.suse.com/964925 https://bugzilla.suse.com/964929 https://bugzilla.suse.com/964947 https://bugzilla.suse.com/964950 https://bugzilla.suse.com/965112 https://bugzilla.suse.com/965156 https://bugzilla.suse.com/965269 https://bugzilla.suse.com/965315 https://bugzilla.suse.com/965317 https://bugzilla.suse.com/967090 https://bugzilla.suse.com/967101 https://bugzilla.suse.com/968004 https://bugzilla.suse.com/969125 https://bugzilla.suse.com/969126 From sle-updates at lists.suse.com Wed May 18 08:08:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 16:08:10 +0200 (CEST) Subject: SUSE-RU-2016:1337-1: moderate: Recommended update for Crowbar Stack Message-ID: <20160518140810.59B38FF5A@maintenance.suse.de> SUSE Recommended Update: Recommended update for Crowbar Stack ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1337-1 Rating: moderate References: #926328 #949273 #958766 #961464 #961761 #962397 #963738 #964250 #964327 #965610 #966051 #966283 #966356 #966419 #966461 #967100 #967236 #967255 #967489 #967509 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This collective update for SUSE Enterprise Storage 2.1 provides several fixes and enhancements. crowbar-ceph: - Workaround Ceph hanging QEMU on volume attach. (bsc#967509) - Fix usage of localization strings. (bsc#967255) crowbar-core-branding-SES: - Sync with latest SUSE OpenStack Cloud 6 branding. crowbar-core: - crowbar: Delete client for node when node is in discovering. (bsc#967100) - crowbar: Fix blockui appearing nearly all the time. (bsc#966356) - crowbar: Fix deployment queue to not use outdated information. (bsc#965610) - crowbar: Fix network switch view being broken. (bsc#966051) - crowbar: Retry transaction when sqlite is busy. (bsc#963738) - deployer: Fix wrong reference to variable. (bsc#964327) - dnsmasq: Only listen to localhost. (bsc#967236) - Fix translation missing: en.installer.upgrades.nodes.failed. (bsc#966461) - Package /etc/crowbar/cisco-ucs/ directory. (bsc#966283) - provisioner: Do not set product key for Hyper-V install. (bsc#964250) - provisioner: Force server-identifier option for dhcp subnet. (bsc#967489) - Raise redcarpet to 3.2.3. (bsc#926328) - Reject incoming DNS requests while restoring/upgrading. (bsc#966419) - Skip binary files from backup. (bsc#961464) - Stop green led when back in ready state. (bsc#949273) - Support HTTPS urls for Cisco UCS. (bsc#961761) - Workaround random mksquashfs race. (bsc#962397) Packages crowbar and crowbar-ses also received minor bug fixes. For a comprehensive list of changes please refer to the packages' change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-780=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (noarch): crowbar-3.0+git.1455178139.3adadde-2.1 crowbar-ceph-3.0+git.1456130691.179f08e-2.1 crowbar-core-3.0+git.1456257242.bd69f67-3.7 crowbar-core-branding-SES-3.0-6.16 crowbar-ses-3.0+git.1458736403.bb3514d-4.1 References: https://bugzilla.suse.com/926328 https://bugzilla.suse.com/949273 https://bugzilla.suse.com/958766 https://bugzilla.suse.com/961464 https://bugzilla.suse.com/961761 https://bugzilla.suse.com/962397 https://bugzilla.suse.com/963738 https://bugzilla.suse.com/964250 https://bugzilla.suse.com/964327 https://bugzilla.suse.com/965610 https://bugzilla.suse.com/966051 https://bugzilla.suse.com/966283 https://bugzilla.suse.com/966356 https://bugzilla.suse.com/966419 https://bugzilla.suse.com/966461 https://bugzilla.suse.com/967100 https://bugzilla.suse.com/967236 https://bugzilla.suse.com/967255 https://bugzilla.suse.com/967489 https://bugzilla.suse.com/967509 From sle-updates at lists.suse.com Wed May 18 09:08:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 17:08:22 +0200 (CEST) Subject: SUSE-OU-2016:1338-1: Optional update for Qt5 libraries Message-ID: <20160518150822.CE359FF5A@maintenance.suse.de> SUSE Optional Update: Optional update for Qt5 libraries ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:1338-1 Rating: low References: #974563 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds the following packages to the SUSE Linux Enterprise SDK 12 SP1: - libqt5-linguist - libQt5Location5 - libQt5Multimedia5 - libQt5Positioning5 - libqt5-qtgraphicaleffects - libqt5-qtlocation-devel - libqt5-qtmultimedia-devel - libqt5-qtquick1-devel - libqt5-qtquickcontrols - libqt5-qtscript-devel - libqt5-qtsensors-devel - libqt5-qtsvg-devel - libqt5-qttools - libQt5Sensors5 - libQt5Sensors5-imports - libQt5Svg5 - libQt5WebKit5 - libQt5WebKit5-devel - libQt5WebKit5-imports - libQt5WebKitWidgets5 - libQt5WebKitWidgets-devel Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-783=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libQt5CLucene5-5.5.1-5.4 libQt5CLucene5-debuginfo-5.5.1-5.4 libQt5Declarative5-5.5.1-5.2 libQt5Declarative5-debuginfo-5.5.1-5.2 libQt5Designer5-5.5.1-5.4 libQt5Designer5-debuginfo-5.5.1-5.4 libQt5DesignerComponents5-5.5.1-5.4 libQt5DesignerComponents5-debuginfo-5.5.1-5.4 libQt5Help5-5.5.1-5.4 libQt5Help5-debuginfo-5.5.1-5.4 libQt5Location5-5.5.1-5.1 libQt5Location5-debuginfo-5.5.1-5.1 libQt5Multimedia5-5.5.1-5.1 libQt5Multimedia5-debuginfo-5.5.1-5.1 libQt5Positioning5-5.5.1-5.1 libQt5Positioning5-debuginfo-5.5.1-5.1 libQt5Script5-5.5.1-5.1 libQt5Script5-debuginfo-5.5.1-5.1 libQt5Sensors5-5.5.1-5.1 libQt5Sensors5-debuginfo-5.5.1-5.1 libQt5Sensors5-imports-5.5.1-5.1 libQt5Sensors5-imports-debuginfo-5.5.1-5.1 libQt5Svg5-5.5.1-5.1 libQt5Svg5-debuginfo-5.5.1-5.1 libQt5WebKit5-5.5.1-6.1 libQt5WebKit5-debuginfo-5.5.1-6.1 libQt5WebKit5-devel-5.5.1-6.1 libQt5WebKit5-imports-5.5.1-6.1 libQt5WebKit5-imports-debuginfo-5.5.1-6.1 libQt5WebKitWidgets-devel-5.5.1-6.1 libQt5WebKitWidgets5-5.5.1-6.1 libQt5WebKitWidgets5-debuginfo-5.5.1-6.1 libqt5-linguist-5.5.1-5.4 libqt5-linguist-debuginfo-5.5.1-5.4 libqt5-qtgraphicaleffects-5.5.1-5.1 libqt5-qtlocation-debugsource-5.5.1-5.1 libqt5-qtlocation-devel-5.5.1-5.1 libqt5-qtmultimedia-debugsource-5.5.1-5.1 libqt5-qtmultimedia-devel-5.5.1-5.1 libqt5-qtquick1-debugsource-5.5.1-5.2 libqt5-qtquick1-devel-5.5.1-5.2 libqt5-qtquick1-devel-debuginfo-5.5.1-5.2 libqt5-qtquickcontrols-5.5.1-5.1 libqt5-qtquickcontrols-debuginfo-5.5.1-5.1 libqt5-qtquickcontrols-debugsource-5.5.1-5.1 libqt5-qtscript-debugsource-5.5.1-5.1 libqt5-qtscript-devel-5.5.1-5.1 libqt5-qtsensors-debugsource-5.5.1-5.1 libqt5-qtsensors-devel-5.5.1-5.1 libqt5-qtsvg-debugsource-5.5.1-5.1 libqt5-qtsvg-devel-5.5.1-5.1 libqt5-qttools-5.5.1-5.4 libqt5-qttools-debuginfo-5.5.1-5.4 libqt5-qttools-debugsource-5.5.1-5.4 libqt5-qtwebkit-debugsource-5.5.1-6.1 References: https://bugzilla.suse.com/974563 From sle-updates at lists.suse.com Wed May 18 09:08:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 17:08:42 +0200 (CEST) Subject: SUSE-OU-2016:1339-1: Optional update for flac Message-ID: <20160518150842.511D9FF5C@maintenance.suse.de> SUSE Optional Update: Optional update for flac ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:1339-1 Rating: low References: #975377 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds libFLAC++6 to SUSE Linux Enterprise Desktop 12 SP1. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-781=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-781=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-781=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-781=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-781=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-781=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): flac-debuginfo-1.3.0-8.1 flac-debugsource-1.3.0-8.1 flac-devel-1.3.0-8.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): flac-debuginfo-1.3.0-8.1 flac-debugsource-1.3.0-8.1 flac-devel-1.3.0-8.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): flac-debuginfo-1.3.0-8.1 flac-debugsource-1.3.0-8.1 libFLAC++6-1.3.0-8.1 libFLAC++6-debuginfo-1.3.0-8.1 libFLAC8-1.3.0-8.1 libFLAC8-debuginfo-1.3.0-8.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libFLAC8-32bit-1.3.0-8.1 libFLAC8-debuginfo-32bit-1.3.0-8.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): flac-debuginfo-1.3.0-8.1 flac-debugsource-1.3.0-8.1 libFLAC++6-1.3.0-8.1 libFLAC++6-debuginfo-1.3.0-8.1 libFLAC8-1.3.0-8.1 libFLAC8-debuginfo-1.3.0-8.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libFLAC8-32bit-1.3.0-8.1 libFLAC8-debuginfo-32bit-1.3.0-8.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flac-debuginfo-1.3.0-8.1 flac-debugsource-1.3.0-8.1 libFLAC++6-1.3.0-8.1 libFLAC++6-debuginfo-1.3.0-8.1 libFLAC8-1.3.0-8.1 libFLAC8-32bit-1.3.0-8.1 libFLAC8-debuginfo-1.3.0-8.1 libFLAC8-debuginfo-32bit-1.3.0-8.1 - SUSE Linux Enterprise Desktop 12 (x86_64): flac-debuginfo-1.3.0-8.1 flac-debugsource-1.3.0-8.1 libFLAC++6-1.3.0-8.1 libFLAC++6-debuginfo-1.3.0-8.1 libFLAC8-1.3.0-8.1 libFLAC8-32bit-1.3.0-8.1 libFLAC8-debuginfo-1.3.0-8.1 libFLAC8-debuginfo-32bit-1.3.0-8.1 References: https://bugzilla.suse.com/975377 From sle-updates at lists.suse.com Wed May 18 09:09:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 17:09:00 +0200 (CEST) Subject: SUSE-OU-2016:1340-1: Optional update for lmdb Message-ID: <20160518150900.675D8FF5B@maintenance.suse.de> SUSE Optional Update: Optional update for lmdb ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:1340-1 Rating: low References: #974563 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds liblmdb-0_9_11 to SUSE Linux Enterprise SDK 12 and 12 SP1. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-782=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-782=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2016-782=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): liblmdb-0_9_11-0.9.11-6.1 liblmdb-0_9_11-debuginfo-0.9.11-6.1 lmdb-debuginfo-0.9.11-6.1 lmdb-debugsource-0.9.11-6.1 lmdb-devel-0.9.11-6.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): liblmdb-0_9_11-0.9.11-6.1 liblmdb-0_9_11-debuginfo-0.9.11-6.1 lmdb-debuginfo-0.9.11-6.1 lmdb-debugsource-0.9.11-6.1 lmdb-devel-0.9.11-6.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): liblmdb-0_9_11-0.9.11-6.1 liblmdb-0_9_11-debuginfo-0.9.11-6.1 lmdb-debuginfo-0.9.11-6.1 lmdb-debugsource-0.9.11-6.1 References: https://bugzilla.suse.com/974563 From sle-updates at lists.suse.com Wed May 18 10:08:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 18:08:18 +0200 (CEST) Subject: SUSE-RU-2016:1341-1: moderate: Recommended update for crmsh Message-ID: <20160518160818.9BDF0FF5A@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1341-1 Rating: moderate References: #967907 #970819 #970823 #971690 #974902 #975357 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for crmsh provides the following fixes: - report: Handle multiple spaces in syslog timestamp - parse: Don't validate operation name in parser (bsc#975357) - ui_node: Fix "crm node fence" (bsc#974902) - report: Add information about booth - hb_report: Add timeout to SSH connection (bsc#971690) - hb_report: Suggest user checks timeframe on empty logs (bsc#970823) - hb_report: Use server attribute for remote nodes if set (bsc#970819) - hb_report: Warn if generated report is empty (bsc#970823) - hb_report: Print covered time span at exit (bsc#970823) - ui_node: Use stonith_admin -F to fence remote nodes (bsc#967907) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-785=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (s390x x86_64): crmsh-2.1.4-6.10.1 References: https://bugzilla.suse.com/967907 https://bugzilla.suse.com/970819 https://bugzilla.suse.com/970823 https://bugzilla.suse.com/971690 https://bugzilla.suse.com/974902 https://bugzilla.suse.com/975357 From sle-updates at lists.suse.com Wed May 18 10:09:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 18:09:27 +0200 (CEST) Subject: SUSE-SU-2016:1342-1: moderate: Security update for MozillaFirefox Message-ID: <20160518160927.4CDE2FF5B@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1342-1 Rating: moderate References: #977333 #977374 #977376 #977381 #977386 Cross-References: CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update to MozillaFirefox 38.8.0 ESR fixes the following security issues (bsc#977333): - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977374) - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977376) - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (bsc#977386) - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (bsc#977381) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-MozillaFirefox-12564=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-MozillaFirefox-12564=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-38.8.0esr-40.1 MozillaFirefox-translations-38.8.0esr-40.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-38.8.0esr-40.1 MozillaFirefox-debugsource-38.8.0esr-40.1 References: https://www.suse.com/security/cve/CVE-2016-2805.html https://www.suse.com/security/cve/CVE-2016-2807.html https://www.suse.com/security/cve/CVE-2016-2808.html https://www.suse.com/security/cve/CVE-2016-2814.html https://bugzilla.suse.com/977333 https://bugzilla.suse.com/977374 https://bugzilla.suse.com/977376 https://bugzilla.suse.com/977381 https://bugzilla.suse.com/977386 From sle-updates at lists.suse.com Wed May 18 10:10:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 18:10:27 +0200 (CEST) Subject: SUSE-SU-2016:1343-1: moderate: Security update for salt Message-ID: <20160518161027.7F134FF5B@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1343-1 Rating: moderate References: #972436 Cross-References: CVE-2016-3176 Affected Products: SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: salt was updated to fix one security issue. This security issue was fixed: - CVE-2016-3176: Insecure configuration of PAM external authentication service. Authenticating were able to specify the PAM service (bsc#972436). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2016-789=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 1.0 (noarch): salt-2014.1.10-5.6 salt-master-2014.1.10-5.6 salt-minion-2014.1.10-5.6 References: https://www.suse.com/security/cve/CVE-2016-3176.html https://bugzilla.suse.com/972436 From sle-updates at lists.suse.com Wed May 18 10:10:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 18:10:48 +0200 (CEST) Subject: SUSE-SU-2016:1344-1: moderate: Security update for wireshark Message-ID: <20160518161048.B8EB5FF5B@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1344-1 Rating: moderate References: #968565 #976944 Cross-References: CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update to Wireshark 1 12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - The PKTC dissector could crash (wnpa-sec-2016-22) - The PKTC dissector could crash (wnpa-sec-2016-23) - The IAX2 dissector could go into an infinite loop (wnpa-sec-2016-24) - Wireshark and TShark could exhaust the stack (wnpa-sec-2016-25) - The GSM CBCH dissector could crash (wnpa-sec-2016-26) - The NCP dissector could crash (wnpa-sec-2016-28) - CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03) - CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11) - GSM A-bis OML dissector crash (wnpa-sec-2016-14) - ASN.1 BER dissector crash (wnpa-sec-2016-15) - ASN.1 BER dissector crash (wnpa-sec-2016-18) Also containsfurther bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.11.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-788=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-788=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-788=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-788=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-788=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-788=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): wireshark-debuginfo-1.12.11-25.1 wireshark-debugsource-1.12.11-25.1 wireshark-devel-1.12.11-25.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): wireshark-debuginfo-1.12.11-25.1 wireshark-debugsource-1.12.11-25.1 wireshark-devel-1.12.11-25.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): wireshark-1.12.11-25.1 wireshark-debuginfo-1.12.11-25.1 wireshark-debugsource-1.12.11-25.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): wireshark-1.12.11-25.1 wireshark-debuginfo-1.12.11-25.1 wireshark-debugsource-1.12.11-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): wireshark-1.12.11-25.1 wireshark-debuginfo-1.12.11-25.1 wireshark-debugsource-1.12.11-25.1 - SUSE Linux Enterprise Desktop 12 (x86_64): wireshark-1.12.11-25.1 wireshark-debuginfo-1.12.11-25.1 wireshark-debugsource-1.12.11-25.1 References: https://www.suse.com/security/cve/CVE-2016-2523.html https://www.suse.com/security/cve/CVE-2016-2530.html https://www.suse.com/security/cve/CVE-2016-2531.html https://www.suse.com/security/cve/CVE-2016-2532.html https://bugzilla.suse.com/968565 https://bugzilla.suse.com/976944 From sle-updates at lists.suse.com Wed May 18 10:11:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 18:11:20 +0200 (CEST) Subject: SUSE-SU-2016:1345-1: moderate: Security update for wireshark Message-ID: <20160518161120.5FFE7FF5B@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1345-1 Rating: moderate References: #968565 #976944 Cross-References: CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update to Wireshark 1 12.11 fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. - The PKTC dissector could crash (wnpa-sec-2016-22) - The PKTC dissector could crash (wnpa-sec-2016-23) - The IAX2 dissector could go into an infinite loop (wnpa-sec-2016-24) - Wireshark and TShark could exhaust the stack (wnpa-sec-2016-25) - The GSM CBCH dissector could crash (wnpa-sec-2016-26) - The NCP dissector could crash (wnpa-sec-2016-28) - CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03) - CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10) - CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11) - GSM A-bis OML dissector crash (wnpa-sec-2016-14) - ASN.1 BER dissector crash (wnpa-sec-2016-15) - ASN.1 BER dissector crash (wnpa-sec-2016-18) Also containsfurther bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.11.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.10.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-12565=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-12565=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-12565=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-1.12.11-0.18.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): wireshark-1.12.11-0.18.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-1.12.11-0.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-1.12.11-0.18.1 wireshark-debugsource-1.12.11-0.18.1 References: https://www.suse.com/security/cve/CVE-2016-2523.html https://www.suse.com/security/cve/CVE-2016-2530.html https://www.suse.com/security/cve/CVE-2016-2531.html https://www.suse.com/security/cve/CVE-2016-2532.html https://bugzilla.suse.com/968565 https://bugzilla.suse.com/976944 From sle-updates at lists.suse.com Wed May 18 11:08:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 19:08:00 +0200 (CEST) Subject: SUSE-SU-2016:1346-1: moderate: Security update for systemd Message-ID: <20160518170800.C920AFF5A@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1346-1 Rating: moderate References: #959886 #960158 #963230 #965897 #967122 #970423 #970860 #972612 #972727 #973848 #976766 #978275 Cross-References: CVE-2014-9770 CVE-2015-8842 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has 10 fixes is now available. Description: This update for SystemD provides fixes and enhancements. The following security issue has been fixed: - Don't allow read access to journal files to users. (bsc#972612, CVE-2014-9770, CVE-2015-8842) The following non-security issues have been fixed: - Restore initrd-udevadm-cleanup-db.service. (bsc#978275, bsc#976766) - Incorrect permissions set after boot on journal files. (bsc#973848) - Exclude device-mapper from block device ownership event locking. (bsc#972727) - Explicitly set mode for /run/log. - Don't apply sgid and executable bit to journal files, only the directories they are contained in. - Add ability to mask access mode by pre-existing access mode on files/directories. - No need to pass --all if inactive is explicitly requested in list-units. (bsc#967122) - Fix automount option and don't start associated mount unit at boot. (bsc#970423) - Support more than just power-gpio-key. (fate#318444, bsc#970860) - Add standard gpio power button support. (fate#318444, bsc#970860) - Downgrade warnings about wanted unit which are not found. (bsc#960158) - Shorten hostname before checking for trailing dot. (bsc#965897) - Remove WorkingDirectory parameter from emergency, rescue and console-shell.service. (bsc#959886) - Don't ship boot.udev and systemd-journald.init anymore. - Revert "log: honour the kernel's quiet cmdline argument". (bsc#963230) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-790=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-790=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-790=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-devel-210-104.1 libudev-devel-210-104.1 systemd-debuginfo-210-104.1 systemd-debugsource-210-104.1 systemd-devel-210-104.1 typelib-1_0-GUdev-1_0-210-104.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-0-210-104.1 libgudev-1_0-0-debuginfo-210-104.1 libudev1-210-104.1 libudev1-debuginfo-210-104.1 systemd-210-104.1 systemd-debuginfo-210-104.1 systemd-debugsource-210-104.1 systemd-sysvinit-210-104.1 udev-210-104.1 udev-debuginfo-210-104.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgudev-1_0-0-32bit-210-104.1 libgudev-1_0-0-debuginfo-32bit-210-104.1 libudev1-32bit-210-104.1 libudev1-debuginfo-32bit-210-104.1 systemd-32bit-210-104.1 systemd-debuginfo-32bit-210-104.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): systemd-bash-completion-210-104.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): systemd-bash-completion-210-104.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libgudev-1_0-0-210-104.1 libgudev-1_0-0-32bit-210-104.1 libgudev-1_0-0-debuginfo-210-104.1 libgudev-1_0-0-debuginfo-32bit-210-104.1 libudev1-210-104.1 libudev1-32bit-210-104.1 libudev1-debuginfo-210-104.1 libudev1-debuginfo-32bit-210-104.1 systemd-210-104.1 systemd-32bit-210-104.1 systemd-debuginfo-210-104.1 systemd-debuginfo-32bit-210-104.1 systemd-debugsource-210-104.1 systemd-sysvinit-210-104.1 udev-210-104.1 udev-debuginfo-210-104.1 References: https://www.suse.com/security/cve/CVE-2014-9770.html https://www.suse.com/security/cve/CVE-2015-8842.html https://bugzilla.suse.com/959886 https://bugzilla.suse.com/960158 https://bugzilla.suse.com/963230 https://bugzilla.suse.com/965897 https://bugzilla.suse.com/967122 https://bugzilla.suse.com/970423 https://bugzilla.suse.com/970860 https://bugzilla.suse.com/972612 https://bugzilla.suse.com/972727 https://bugzilla.suse.com/973848 https://bugzilla.suse.com/976766 https://bugzilla.suse.com/978275 From sle-updates at lists.suse.com Wed May 18 11:10:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 19:10:21 +0200 (CEST) Subject: SUSE-RU-2016:1347-1: moderate: Recommended update for lrbd Message-ID: <20160518171021.83552FF5A@maintenance.suse.de> SUSE Recommended Update: Recommended update for lrbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1347-1 Rating: moderate References: #968702 #970014 #970015 #970018 #971230 #971601 #973469 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for lrbd to version 1.1 contains the following changes: - Increment Luns (bnc#973469) - Add pool to backstore name (bnc#971601) - Map images uniquely (bnc#970018) - Allow hardcoding uuid (bnc#970015) - Allow hardcoding luns (bnc#970014) - Support kernel tuning attributes (bnc#968702) - Add retries (bnc#971230) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-792=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (noarch): lrbd-1.1-11.1 References: https://bugzilla.suse.com/968702 https://bugzilla.suse.com/970014 https://bugzilla.suse.com/970015 https://bugzilla.suse.com/970018 https://bugzilla.suse.com/971230 https://bugzilla.suse.com/971601 https://bugzilla.suse.com/973469 From sle-updates at lists.suse.com Wed May 18 11:11:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 19:11:45 +0200 (CEST) Subject: SUSE-RU-2016:1348-1: moderate: Recommended update for ceph Message-ID: <20160518171145.62B8BFF5B@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1348-1 Rating: moderate References: #966645 #971768 #977738 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ceph contains the following changes: - hammer: tools: fix race condition in seq/rand bench (bnc#977738) - osd/ReplicatedPG: do not proxy read *and* process op locally (bnc#971768) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-794=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (x86_64): ceph-0.94.6+git.1460559356.71009e5-23.1 ceph-common-0.94.6+git.1460559356.71009e5-23.1 ceph-common-debuginfo-0.94.6+git.1460559356.71009e5-23.1 ceph-debuginfo-0.94.6+git.1460559356.71009e5-23.1 ceph-debugsource-0.94.6+git.1460559356.71009e5-23.1 ceph-fuse-0.94.6+git.1460559356.71009e5-23.1 ceph-fuse-debuginfo-0.94.6+git.1460559356.71009e5-23.1 ceph-radosgw-0.94.6+git.1460559356.71009e5-23.1 ceph-radosgw-debuginfo-0.94.6+git.1460559356.71009e5-23.1 ceph-test-0.94.6+git.1460559356.71009e5-23.1 ceph-test-debuginfo-0.94.6+git.1460559356.71009e5-23.1 libcephfs1-0.94.6+git.1460559356.71009e5-23.1 libcephfs1-debuginfo-0.94.6+git.1460559356.71009e5-23.1 librados2-0.94.6+git.1460559356.71009e5-23.1 librados2-debuginfo-0.94.6+git.1460559356.71009e5-23.1 libradosstriper1-0.94.6+git.1460559356.71009e5-23.1 libradosstriper1-debuginfo-0.94.6+git.1460559356.71009e5-23.1 librbd1-0.94.6+git.1460559356.71009e5-23.1 librbd1-debuginfo-0.94.6+git.1460559356.71009e5-23.1 python-cephfs-0.94.6+git.1460559356.71009e5-23.1 python-rados-0.94.6+git.1460559356.71009e5-23.1 python-rbd-0.94.6+git.1460559356.71009e5-23.1 rbd-fuse-0.94.6+git.1460559356.71009e5-23.1 rbd-fuse-debuginfo-0.94.6+git.1460559356.71009e5-23.1 rest-bench-0.94.6+git.1460559356.71009e5-23.1 rest-bench-debuginfo-0.94.6+git.1460559356.71009e5-23.1 References: https://bugzilla.suse.com/966645 https://bugzilla.suse.com/971768 https://bugzilla.suse.com/977738 From sle-updates at lists.suse.com Wed May 18 11:12:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 19:12:23 +0200 (CEST) Subject: SUSE-RU-2016:1349-1: moderate: Recommended update for lrbd Message-ID: <20160518171223.62966FF5B@maintenance.suse.de> SUSE Recommended Update: Recommended update for lrbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1349-1 Rating: moderate References: #968702 #970014 #970015 #970018 #971230 #971601 #973469 Affected Products: SUSE Enterprise Storage 2 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for lrbd to version 1.1 contains the following changes: - Increment Luns (bnc#973469) - Add pool to backstore name (bnc#971601) - Map images uniquely (bnc#970018) - Allow hardcoding uuid (bnc#970015) - Allow hardcoding luns (bnc#970014) - Support kernel tuning attributes (bnc#968702) - Add retries (bnc#971230) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2016-793=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2 (noarch): lrbd-1.1-10.1 References: https://bugzilla.suse.com/968702 https://bugzilla.suse.com/970014 https://bugzilla.suse.com/970015 https://bugzilla.suse.com/970018 https://bugzilla.suse.com/971230 https://bugzilla.suse.com/971601 https://bugzilla.suse.com/973469 From sle-updates at lists.suse.com Wed May 18 11:13:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 19:13:37 +0200 (CEST) Subject: SUSE-RU-2016:1350-1: moderate: Recommended update for ceph Message-ID: <20160518171337.7A7ACFF5B@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1350-1 Rating: moderate References: #966645 #971768 #977738 Affected Products: SUSE Enterprise Storage 2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ceph contains the following changes: - hammer: tools: fix race condition in seq/rand bench (bnc#977738) - osd/ReplicatedPG: do not proxy read *and* process op locally (bnc#971768) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2: zypper in -t patch SUSE-Storage-2-2016-795=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2 (x86_64): ceph-0.94.6+git.1460559356.71009e5-15.1 ceph-common-0.94.6+git.1460559356.71009e5-15.1 ceph-common-debuginfo-0.94.6+git.1460559356.71009e5-15.1 ceph-debuginfo-0.94.6+git.1460559356.71009e5-15.1 ceph-debugsource-0.94.6+git.1460559356.71009e5-15.1 ceph-fuse-0.94.6+git.1460559356.71009e5-15.1 ceph-fuse-debuginfo-0.94.6+git.1460559356.71009e5-15.1 ceph-radosgw-0.94.6+git.1460559356.71009e5-15.1 ceph-radosgw-debuginfo-0.94.6+git.1460559356.71009e5-15.1 ceph-test-0.94.6+git.1460559356.71009e5-15.1 ceph-test-debuginfo-0.94.6+git.1460559356.71009e5-15.1 libcephfs1-0.94.6+git.1460559356.71009e5-15.1 libcephfs1-debuginfo-0.94.6+git.1460559356.71009e5-15.1 librados2-0.94.6+git.1460559356.71009e5-15.1 librados2-debuginfo-0.94.6+git.1460559356.71009e5-15.1 libradosstriper1-0.94.6+git.1460559356.71009e5-15.1 libradosstriper1-debuginfo-0.94.6+git.1460559356.71009e5-15.1 librbd1-0.94.6+git.1460559356.71009e5-15.1 librbd1-debuginfo-0.94.6+git.1460559356.71009e5-15.1 python-cephfs-0.94.6+git.1460559356.71009e5-15.1 python-rados-0.94.6+git.1460559356.71009e5-15.1 python-rbd-0.94.6+git.1460559356.71009e5-15.1 rbd-fuse-0.94.6+git.1460559356.71009e5-15.1 rbd-fuse-debuginfo-0.94.6+git.1460559356.71009e5-15.1 rest-bench-0.94.6+git.1460559356.71009e5-15.1 rest-bench-debuginfo-0.94.6+git.1460559356.71009e5-15.1 References: https://bugzilla.suse.com/966645 https://bugzilla.suse.com/971768 https://bugzilla.suse.com/977738 From sle-updates at lists.suse.com Wed May 18 11:14:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 19:14:14 +0200 (CEST) Subject: SUSE-SU-2016:1351-1: moderate: Security update for systemd Message-ID: <20160518171414.9FA52FF5B@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1351-1 Rating: moderate References: #959886 #960158 #963230 #965897 #967122 #970423 #970860 #972612 #972727 #973848 #976766 #978275 Cross-References: CVE-2014-9770 CVE-2015-8842 Affected Products: SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has 10 fixes is now available. Description: This update for SystemD provides fixes and enhancements. The following security issue has been fixed: - Don't allow read access to journal files to users. (bsc#972612, CVE-2014-9770, CVE-2015-8842) The following non-security issues have been fixed: - Restore initrd-udevadm-cleanup-db.service. (bsc#978275, bsc#976766) - Incorrect permissions set after boot on journal files. (bsc#973848) - Exclude device-mapper from block device ownership event locking. (bsc#972727) - Explicitly set mode for /run/log. - Don't apply sgid and executable bit to journal files, only the directories they are contained in. - Add ability to mask access mode by pre-existing access mode on files/directories. - No need to pass --all if inactive is explicitly requested in list-units. (bsc#967122) - Fix automount option and don't start associated mount unit at boot. (bsc#970423) - Support more than just power-gpio-key. (fate#318444, bsc#970860) - Add standard gpio power button support. (fate#318444, bsc#970860) - Downgrade warnings about wanted unit which are not found. (bsc#960158) - Shorten hostname before checking for trailing dot. (bsc#965897) - Remove WorkingDirectory parameter from emergency, rescue and console-shell.service. (bsc#959886) - Don't ship boot.udev and systemd-journald.init anymore. - Revert "log: honour the kernel's quiet cmdline argument". (bsc#963230) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-791=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-791=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-791=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libgudev-1_0-devel-210-70.48.1 libudev-devel-210-70.48.1 systemd-debuginfo-210-70.48.1 systemd-debugsource-210-70.48.1 systemd-devel-210-70.48.1 typelib-1_0-GUdev-1_0-210-70.48.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libgudev-1_0-0-210-70.48.1 libgudev-1_0-0-debuginfo-210-70.48.1 libudev1-210-70.48.1 libudev1-debuginfo-210-70.48.1 systemd-210-70.48.1 systemd-debuginfo-210-70.48.1 systemd-debugsource-210-70.48.1 systemd-sysvinit-210-70.48.1 udev-210-70.48.1 udev-debuginfo-210-70.48.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgudev-1_0-0-32bit-210-70.48.1 libgudev-1_0-0-debuginfo-32bit-210-70.48.1 libudev1-32bit-210-70.48.1 libudev1-debuginfo-32bit-210-70.48.1 systemd-32bit-210-70.48.1 systemd-debuginfo-32bit-210-70.48.1 - SUSE Linux Enterprise Server 12 (noarch): systemd-bash-completion-210-70.48.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libgudev-1_0-0-210-70.48.1 libgudev-1_0-0-32bit-210-70.48.1 libgudev-1_0-0-debuginfo-210-70.48.1 libgudev-1_0-0-debuginfo-32bit-210-70.48.1 libudev1-210-70.48.1 libudev1-32bit-210-70.48.1 libudev1-debuginfo-210-70.48.1 libudev1-debuginfo-32bit-210-70.48.1 systemd-210-70.48.1 systemd-32bit-210-70.48.1 systemd-debuginfo-210-70.48.1 systemd-debuginfo-32bit-210-70.48.1 systemd-debugsource-210-70.48.1 systemd-sysvinit-210-70.48.1 udev-210-70.48.1 udev-debuginfo-210-70.48.1 - SUSE Linux Enterprise Desktop 12 (noarch): systemd-bash-completion-210-70.48.1 References: https://www.suse.com/security/cve/CVE-2014-9770.html https://www.suse.com/security/cve/CVE-2015-8842.html https://bugzilla.suse.com/959886 https://bugzilla.suse.com/960158 https://bugzilla.suse.com/963230 https://bugzilla.suse.com/965897 https://bugzilla.suse.com/967122 https://bugzilla.suse.com/970423 https://bugzilla.suse.com/970860 https://bugzilla.suse.com/972612 https://bugzilla.suse.com/972727 https://bugzilla.suse.com/973848 https://bugzilla.suse.com/976766 https://bugzilla.suse.com/978275 From sle-updates at lists.suse.com Wed May 18 13:07:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 May 2016 21:07:41 +0200 (CEST) Subject: SUSE-SU-2016:1352-1: important: Security update for Mozilla Firefox Message-ID: <20160518190741.A8DB3FF5A@maintenance.suse.de> SUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1352-1 Rating: important References: #977333 #977374 #977376 #977381 #977386 Cross-References: CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: Mozilla Firefox was updated to fix the following vulnerabilities (bsc#977333): * CVE-2016-2805: Memory safety bug fixed in Firefox ESR 38.8 (MFSA 2016-39, bsc#977374) * CVE-2016-2807: Memory safety bugs fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46 (MFSA 2016-39, bsc#977376) * CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() (MFSA 2016-47, bsc#977386) * CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44, bsc#977381) Security Issues: * CVE-2016-2805 * CVE-2016-2807 * CVE-2016-2808 * CVE-2016-2814 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x): MozillaFirefox-38.8.0esr-0.5.1 MozillaFirefox-translations-38.8.0esr-0.5.1 References: https://www.suse.com/security/cve/CVE-2016-2805.html https://www.suse.com/security/cve/CVE-2016-2807.html https://www.suse.com/security/cve/CVE-2016-2808.html https://www.suse.com/security/cve/CVE-2016-2814.html https://bugzilla.suse.com/977333 https://bugzilla.suse.com/977374 https://bugzilla.suse.com/977376 https://bugzilla.suse.com/977381 https://bugzilla.suse.com/977386 https://download.suse.com/patch/finder/?keywords=c4a992c726ddbf623907944154d39624 From sle-updates at lists.suse.com Thu May 19 05:08:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 May 2016 13:08:09 +0200 (CEST) Subject: SUSE-SU-2016:1355-1: moderate: Security update for python-Pillow Message-ID: <20160519110809.64E49FF5A@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1355-1 Rating: moderate References: #965579 #965582 Cross-References: CVE-2016-0740 CVE-2016-0775 Affected Products: SUSE Enterprise Storage 1.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Pillow fixes the following security issues: * CVE-2016-0775: Fixed a buffer overflow in FliDecode.c causing a segfault when opening FLI files. (bsc#965582) * CVE-2016-0740: Fixed a buffer overflow in TiffDecode.c causing an arbitrary amount of memory to be overwritten when opening a specially crafted invalid TIFF file. (bsc#965579) * Fixed an integer overflow in Resample.c causing writes in the Python heap. * Fixed a buffer overflow in PcdDecode.c causing a segfault when opening PhotoCD files. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 1.0: zypper in -t patch SUSE-Storage-1.0-2016-796=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 1.0 (x86_64): python-Pillow-2.7.0-7.1 python-Pillow-debuginfo-2.7.0-7.1 python-Pillow-debugsource-2.7.0-7.1 References: https://www.suse.com/security/cve/CVE-2016-0740.html https://www.suse.com/security/cve/CVE-2016-0775.html https://bugzilla.suse.com/965579 https://bugzilla.suse.com/965582 From sle-updates at lists.suse.com Thu May 19 09:08:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 May 2016 17:08:40 +0200 (CEST) Subject: SUSE-RU-2016:1358-1: Recommended update for python-futures Message-ID: <20160519150840.CFBE1FF5C@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-futures ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1358-1 Rating: low References: #974993 Affected Products: SUSE Manager Tools 12 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-futures provides version 3.0.2 required from python-s3transfer (fate#320748) and fixes the following issues: - Made multiprocessing optional again on implementations other than just Jython - Made Executor.map() non-greedy - Dropped Python 2.5 and 3.1 support - Removed the deprecated "futures" top level package - Remove CFLAGS: this is a python only module - Remove futures from package files: not provided anymore - Added the set_exception_info() and exception_info() methods to Future to enable extraction of tracebacks on Python 2.x - Added support for Future.set_exception_info() to ThreadPoolExecutor Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2016-797=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-797=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (noarch): python-futures-3.0.2-7.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-futures-3.0.2-7.1 References: https://bugzilla.suse.com/974993 From sle-updates at lists.suse.com Thu May 19 11:08:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 May 2016 19:08:01 +0200 (CEST) Subject: SUSE-RU-2016:1359-1: moderate: Recommended update for crmsh Message-ID: <20160519170801.70C29FF5C@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1359-1 Rating: moderate References: #892108 #959031 #967907 #968076 #970278 #970819 #970823 #970931 #971690 #974902 #975357 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - history: Faster log parsing (bsc#970278) - hb_report: Don't collect logs on non-nodes (bsc#959031) - hb_report: Add timeout to SSH connection (bsc#971690) - ui_node: Fix crash in node fence command (bsc#974902) - ui_node: Use stonith_admin -F to fence remote nodes (bsc#967907) - hb_report: Use server attribute for remote nodes if set (bsc#970819) - scripts: Simplify SBD script (bsc#968076) (fate#318320) - crm_pssh: Fix live refresh of journalctl logs (bsc#970931) - ui_node: Fix "crm node fence" (bsc#974902) - hb_report: Suggest user checks timeframe on empty logs (bsc#970823) - parse: Don't validate operation name in parser (bsc#975357) - Fix title style vs. sentence style in cluster scripts (bsc#892108) - logtime: Improve performance of syslog_ts (bsc#970278) - hb_report: Print covered time span at exit (bsc#970823) - log_patterns_118: Add captures to log patterns for tagging (bsc#970278) - hb_report: Warn if generated report is empty (bsc#970823) - ui_configure: Fix commit force - command: Disable fuzzy matcher for completion - ui_configure: Only wait for DC if resources were stopped - scripts: Use os.uname() to find hostname - scripts: Don't require sudo for root - main: Add -o|--opt to pass extra options for crmsh - maintenance: Allow action to be forced - doc: Make history example consistent with timeframe deprecation - command: Handle stray regex characters in input - scripts: Need sudo if non-local call - report: Add information about booth - report: If present, use the subsecond part from syslog timestamps - parser: Ignore case for attr: prefix - cibconfig: Don't mix up CLI name with XML tag - scripts: Only print debug output locally unless there were remote actions - corosync: Recycle node IDs when possible Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-799=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (noarch): crmsh-2.2.1-12.1 crmsh-scripts-2.2.1-12.1 References: https://bugzilla.suse.com/892108 https://bugzilla.suse.com/959031 https://bugzilla.suse.com/967907 https://bugzilla.suse.com/968076 https://bugzilla.suse.com/970278 https://bugzilla.suse.com/970819 https://bugzilla.suse.com/970823 https://bugzilla.suse.com/970931 https://bugzilla.suse.com/971690 https://bugzilla.suse.com/974902 https://bugzilla.suse.com/975357 From sle-updates at lists.suse.com Thu May 19 11:09:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 May 2016 19:09:51 +0200 (CEST) Subject: SUSE-SU-2016:1360-1: important: Security update for openssl Message-ID: <20160519170951.0871FFF5C@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1360-1 Rating: important References: #968050 #973223 #976942 #976943 #977614 #977615 #977617 Cross-References: CVE-2016-0702 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for OpenSSL fixes the following security issues: * CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614) * CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615) * CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617) * CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942) * CVE-2016-0702: Side channel attack on modular exponentiation "CacheBleed" (bsc#968050) Additionally, the following non-security issues have been fixed: * Fix buffer overrun in ASN1_parse. (bsc#976943) * Allow weak DH groups. (bsc#973223) Security Issues: * CVE-2016-2105 * CVE-2016-2106 * CVE-2016-2108 * CVE-2016-2109 * CVE-2016-0702 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): openssl-0.9.8a-18.96.1 openssl-devel-0.9.8a-18.96.1 openssl-doc-0.9.8a-18.96.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): openssl-32bit-0.9.8a-18.96.1 openssl-devel-32bit-0.9.8a-18.96.1 References: https://www.suse.com/security/cve/CVE-2016-0702.html https://www.suse.com/security/cve/CVE-2016-2105.html https://www.suse.com/security/cve/CVE-2016-2106.html https://www.suse.com/security/cve/CVE-2016-2108.html https://www.suse.com/security/cve/CVE-2016-2109.html https://bugzilla.suse.com/968050 https://bugzilla.suse.com/973223 https://bugzilla.suse.com/976942 https://bugzilla.suse.com/976943 https://bugzilla.suse.com/977614 https://bugzilla.suse.com/977615 https://bugzilla.suse.com/977617 https://download.suse.com/patch/finder/?keywords=bfdaa5a35088a70db557cea0e263ef89 From sle-updates at lists.suse.com Thu May 19 11:11:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 May 2016 19:11:07 +0200 (CEST) Subject: SUSE-RU-2016:1361-1: moderate: Recommended update for vm-install Message-ID: <20160519171107.29B06FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for vm-install ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1361-1 Rating: moderate References: #826425 #942409 #942763 #952235 #974470 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for vm-install provides the following fixes: - Fix PV SLES 12-SP2 guest installation on SLES 11-SP4 Xen hosts. (bsc#974470) - Fix error after closing VM window during installation. (bsc#952235) - Fix "List indices must be integers, not strings" error when deploying VM. (bsc#942763) - Fix "A parameter is invalid or missing (memoryMB)" error when loading on s390s system. (bsc#942409) - Removed tap:cdrom as a supported protocol. (bsc#826425) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-vm-install-12566=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): vm-install-0.6.42-3.1 References: https://bugzilla.suse.com/826425 https://bugzilla.suse.com/942409 https://bugzilla.suse.com/942763 https://bugzilla.suse.com/952235 https://bugzilla.suse.com/974470 From sle-updates at lists.suse.com Thu May 19 18:08:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 May 2016 02:08:12 +0200 (CEST) Subject: SUSE-RU-2016:1362-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20160520000812.99226FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1362-1 Rating: moderate References: #966622 #968406 #976826 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSE Manager Client Tools fixes the following issues: cobbler: - Add logrotate file for cobbler (bsc#976826) - Fix cobbler yaboot handling (bsc#968406, bsc#966622) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201605-12567=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201605-12567=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.61.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.61.2 References: https://bugzilla.suse.com/966622 https://bugzilla.suse.com/968406 https://bugzilla.suse.com/976826 From sle-updates at lists.suse.com Thu May 19 18:08:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 May 2016 02:08:58 +0200 (CEST) Subject: SUSE-RU-2016:1363-1: important: Recommended update for open-iscsi Message-ID: <20160520000858.D800FFF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1363-1 Rating: important References: #974102 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi fixes the following issue: - Fix possible data corruption with iSCSI switch port flicker (bsc#974102) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-803=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-803=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): iscsiuio-0.7.8.2-37.1 iscsiuio-debuginfo-0.7.8.2-37.1 open-iscsi-2.0.873-37.1 open-iscsi-debuginfo-2.0.873-37.1 open-iscsi-debugsource-2.0.873-37.1 open-isns-0.90-37.1 open-isns-debuginfo-0.90-37.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): iscsiuio-0.7.8.2-37.1 iscsiuio-debuginfo-0.7.8.2-37.1 open-iscsi-2.0.873-37.1 open-iscsi-debuginfo-2.0.873-37.1 open-iscsi-debugsource-2.0.873-37.1 References: https://bugzilla.suse.com/974102 From sle-updates at lists.suse.com Thu May 19 18:09:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 May 2016 02:09:19 +0200 (CEST) Subject: SUSE-RU-2016:1364-1: moderate: Recommended update for curl Message-ID: <20160520000919.8C632FF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for curl ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1364-1 Rating: moderate References: #915846 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for curl fixes the following issue: - Fix "Network is unreachable" error when ipv6 is not available but ipv4. This fixes the same error in applications using libcurl4 (like zypper). (bsc#915846) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-801=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-801=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-801=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-801=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-801=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-801=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-21.1 curl-debugsource-7.37.0-21.1 libcurl-devel-7.37.0-21.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-21.1 curl-debugsource-7.37.0-21.1 libcurl-devel-7.37.0-21.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): curl-7.37.0-21.1 curl-debuginfo-7.37.0-21.1 curl-debugsource-7.37.0-21.1 libcurl4-7.37.0-21.1 libcurl4-debuginfo-7.37.0-21.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcurl4-32bit-7.37.0-21.1 libcurl4-debuginfo-32bit-7.37.0-21.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): curl-7.37.0-21.1 curl-debuginfo-7.37.0-21.1 curl-debugsource-7.37.0-21.1 libcurl4-7.37.0-21.1 libcurl4-debuginfo-7.37.0-21.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libcurl4-32bit-7.37.0-21.1 libcurl4-debuginfo-32bit-7.37.0-21.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): curl-7.37.0-21.1 curl-debuginfo-7.37.0-21.1 curl-debugsource-7.37.0-21.1 libcurl4-32bit-7.37.0-21.1 libcurl4-7.37.0-21.1 libcurl4-debuginfo-32bit-7.37.0-21.1 libcurl4-debuginfo-7.37.0-21.1 - SUSE Linux Enterprise Desktop 12 (x86_64): curl-7.37.0-21.1 curl-debuginfo-7.37.0-21.1 curl-debugsource-7.37.0-21.1 libcurl4-32bit-7.37.0-21.1 libcurl4-7.37.0-21.1 libcurl4-debuginfo-32bit-7.37.0-21.1 libcurl4-debuginfo-7.37.0-21.1 References: https://bugzilla.suse.com/915846 From sle-updates at lists.suse.com Thu May 19 18:09:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 May 2016 02:09:41 +0200 (CEST) Subject: SUSE-RU-2016:1365-1: Recommended update for nfs-utils Message-ID: <20160520000941.A8764FF63@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1365-1 Rating: low References: #931308 #945937 #947852 #948346 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - Improve gss correctness when client/server clocks are scewed (bsc#931308) - Fix NFS server problems when large numbers of netgroups are used (bsc#948346) - mount.nfs should fail if statd is being slow to start due to DNS issues (bsc#945937) - nfs.init: pass $RPC_PIPEFS_DIR to idmap when 'try-restart' or 'condrestart' called (bsc#947852) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-nfs-utils-12568=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): nfs-client-1.2.3-18.47.1 nfs-doc-1.2.3-18.47.1 nfs-kernel-server-1.2.3-18.47.1 References: https://bugzilla.suse.com/931308 https://bugzilla.suse.com/945937 https://bugzilla.suse.com/947852 https://bugzilla.suse.com/948346 From sle-updates at lists.suse.com Thu May 19 18:11:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 May 2016 02:11:10 +0200 (CEST) Subject: SUSE-SU-2016:1366-1: Recommended udpate for SUSE Manager Client Tools Message-ID: <20160520001110.31120FF5F@maintenance.suse.de> SUSE Security Update: Recommended udpate for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1366-1 Rating: low References: #970550 #970989 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for SUSE Manager Client Tools provides the following fixes and enhancements: rhnlib: - Use TLSv1_METHOD in SSL Context (bsc#970989) suseRegisterInfo: - Fix file permissions (bsc#970550) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-client-tools-21-201602-12567=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): rhnlib-2.5.69.8-11.2 suseRegisterInfo-2.1.12-14.2 References: https://bugzilla.suse.com/970550 https://bugzilla.suse.com/970989 From sle-updates at lists.suse.com Thu May 19 18:11:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 May 2016 02:11:40 +0200 (CEST) Subject: SUSE-SU-2016:1367-1: moderate: Security update for SUSE Manager Server 2.1 Message-ID: <20160520001140.52918FF5F@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 2.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1367-1 Rating: moderate References: #922740 #924298 #958923 #961002 #961565 #962253 #966622 #966737 #966890 #968257 #968406 #968851 #970223 #970425 #970550 #970672 #970901 #970989 #971237 #972341 #973162 #973432 #973550 #974010 #974011 #974315 #976194 #976826 #978166 Cross-References: CVE-2015-0284 CVE-2016-2103 CVE-2016-2104 CVE-2016-3079 CVE-2016-3097 Affected Products: SUSE Manager 2.1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 24 fixes is now available. Description: This update for SUSE Manager Server 2.1 fixes the following issues: cobbler: - Add logrotate file for cobbler (bsc#976826) - Fix cobbler yaboot handling (bsc#968406, bsc#966622) osad: - Fix file permissions (bsc#970550) rhnlib: - Use TLSv1_METHOD in SSL Context (bsc#970989) spacewalk-backend: - Mgr_ncc_sync: Adapt to bulk scheduling introduced in scheduleSingleSatRepoSync spacewalk-branding: - Fix link to "Schedule patch updates" (bsc#973432) - Fix link to scheduled action for SP migration (bsc#968257, bsc#974315) - Fix: 'Advanced Search' title consistency spacewalk-certs-tools: - Fix file permissions (bsc#970550) spacewalk-java: - Recreate upgrade paths on every refresh (bsc#978166) - Call cobbler sync after cobbler command is finished (bsc#966890) - Under high load, the service wrapper may incorrectly interpret the inability to get a response in time from taskomatic and kill it (bsc#962253) - Log permissions problems on channel access while SP migration (bsc#970223) - Unittests: support SLE-POS 11 SP3 as addon for SLES 11 SP4 (bsc#976194) - Mgr-sync: use bulk channel reposync (bsc#961002) - Double the backslashes when reading the config files from java (bsc#958923) - When generating repo metadata for a cloned channel, recursively fetch keywords from the original channel (bsc#970901) - Better logging for SP Migration feature (bsc#970223) - Fix: 'Advanced Search' title consistency - CVE-2015-0284: XSS when altering user details and going somewhere where you are choosing user (bsc#922740) - CVE-2016-3079, CVE-2016-2103, CVE-2016-2104, CVE-2016-3097: Fix multiple XSS vulnerabilities (bsc#973162, bsc#974011, bsc#974010, bsc#973550) - BugFix: 'Systems > Advanced Search' title and description consistency (bsc#966737) - Fix: correct behavior with visibility conditions of sub-tabs in Systems/Misc page - BugFix: add missing url mapping (bsc#961565) - Fix kernel and initrd pathes for creating autoinstallation tries (bsc#966622) - Fix tests for HAE-GEO on SLES 4 SAP (bsc#970425) - Add unit tests for SLE-Live-Patching12 (bsc#924298) spacewalk-utils: - Bugfix: don't repeat channel labels - Taskotop: a utility to monitor what Taskomatic is doing - Fix file permissions (bsc#970550) suseRegisterInfo: - Fix file permissions (bsc#970550) susemanager: - Add packages to bootstrap repo (bsc#971237) - Mgr-sync: use bulk channel reposync (bsc#961002) - Mgr_ncc_sync: adapt to bulk scheduling introduced in scheduleSingleSatRepoSync - Add SLES 4 SAP to mgr-create-bootstap-repo as an option (bsc#972341) - Put packages only available in SLE12 SP1 in a seperate list (bsc#970672) - Fix file permissions (bsc#970550) susemanager-sync-data: - Support SLE-POS 11 SP3 as addon for SLES 11 SP4 (bsc#976194) - HAE-GEO is an addon product for SLES 4 SAP (bsc#970425) - Add support for SLE-Live-Patching12 (bsc#924298, bsc#968851) susemanager-tftpsync: - Rename change_tftpd_proxies.py to sync_post_tftpd_proxies.py and change trigger type (bsc#966890) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-suse-manager-21-201605-12567=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (s390x x86_64): cobbler-2.2.2-0.61.2 rhnlib-2.5.69.8-11.2 spacewalk-backend-2.1.55.25-24.5 spacewalk-backend-app-2.1.55.25-24.5 spacewalk-backend-applet-2.1.55.25-24.5 spacewalk-backend-config-files-2.1.55.25-24.5 spacewalk-backend-config-files-common-2.1.55.25-24.5 spacewalk-backend-config-files-tool-2.1.55.25-24.5 spacewalk-backend-iss-2.1.55.25-24.5 spacewalk-backend-iss-export-2.1.55.25-24.5 spacewalk-backend-libs-2.1.55.25-24.5 spacewalk-backend-package-push-server-2.1.55.25-24.5 spacewalk-backend-server-2.1.55.25-24.5 spacewalk-backend-sql-2.1.55.25-24.5 spacewalk-backend-sql-oracle-2.1.55.25-24.5 spacewalk-backend-sql-postgresql-2.1.55.25-24.5 spacewalk-backend-tools-2.1.55.25-24.5 spacewalk-backend-xml-export-libs-2.1.55.25-24.5 spacewalk-backend-xmlrpc-2.1.55.25-24.5 spacewalk-branding-2.1.33.16-18.2 suseRegisterInfo-2.1.12-14.2 susemanager-2.1.24-23.1 susemanager-tftpsync-2.1.2-11.2 susemanager-tools-2.1.24-23.1 - SUSE Manager 2.1 (noarch): osa-dispatcher-5.11.33.11-15.2 spacewalk-certs-tools-2.1.6.10-18.3 spacewalk-java-2.1.165.23-20.1 spacewalk-java-config-2.1.165.23-20.1 spacewalk-java-lib-2.1.165.23-20.1 spacewalk-java-oracle-2.1.165.23-20.1 spacewalk-java-postgresql-2.1.165.23-20.1 spacewalk-taskomatic-2.1.165.23-20.1 spacewalk-utils-2.1.27.15-12.7 susemanager-sync-data-2.1.15-30.2 References: https://www.suse.com/security/cve/CVE-2015-0284.html https://www.suse.com/security/cve/CVE-2016-2103.html https://www.suse.com/security/cve/CVE-2016-2104.html https://www.suse.com/security/cve/CVE-2016-3079.html https://www.suse.com/security/cve/CVE-2016-3097.html https://bugzilla.suse.com/922740 https://bugzilla.suse.com/924298 https://bugzilla.suse.com/958923 https://bugzilla.suse.com/961002 https://bugzilla.suse.com/961565 https://bugzilla.suse.com/962253 https://bugzilla.suse.com/966622 https://bugzilla.suse.com/966737 https://bugzilla.suse.com/966890 https://bugzilla.suse.com/968257 https://bugzilla.suse.com/968406 https://bugzilla.suse.com/968851 https://bugzilla.suse.com/970223 https://bugzilla.suse.com/970425 https://bugzilla.suse.com/970550 https://bugzilla.suse.com/970672 https://bugzilla.suse.com/970901 https://bugzilla.suse.com/970989 https://bugzilla.suse.com/971237 https://bugzilla.suse.com/972341 https://bugzilla.suse.com/973162 https://bugzilla.suse.com/973432 https://bugzilla.suse.com/973550 https://bugzilla.suse.com/974010 https://bugzilla.suse.com/974011 https://bugzilla.suse.com/974315 https://bugzilla.suse.com/976194 https://bugzilla.suse.com/976826 https://bugzilla.suse.com/978166 From sle-updates at lists.suse.com Thu May 19 18:16:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 May 2016 02:16:44 +0200 (CEST) Subject: SUSE-RU-2016:1368-1: important: Recommended update for open-iscsi Message-ID: <20160520001644.3ABF7FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1368-1 Rating: important References: #974102 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi fixes the following issue: - Fix possible data corruption with iSCSI switch port flicker (bsc#974102) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-802=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-802=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): iscsiuio-0.7.8.2-30.13.1 iscsiuio-debuginfo-0.7.8.2-30.13.1 open-iscsi-2.0.873-30.13.1 open-iscsi-debuginfo-2.0.873-30.13.1 open-iscsi-debugsource-2.0.873-30.13.1 open-isns-0.90-30.13.1 open-isns-debuginfo-0.90-30.13.1 - SUSE Linux Enterprise Desktop 12 (x86_64): iscsiuio-0.7.8.2-30.13.1 iscsiuio-debuginfo-0.7.8.2-30.13.1 open-iscsi-2.0.873-30.13.1 open-iscsi-debuginfo-2.0.873-30.13.1 open-iscsi-debugsource-2.0.873-30.13.1 References: https://bugzilla.suse.com/974102 From sle-updates at lists.suse.com Thu May 19 18:17:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 May 2016 02:17:01 +0200 (CEST) Subject: SUSE-RU-2016:1369-1: moderate: Recommended update for SUSE Manager Proxy 2.1 Message-ID: <20160520001701.D6D80FF63@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1369-1 Rating: moderate References: #970550 #970989 Affected Products: SUSE Manager Proxy 2.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSE Manager Proxy 2.1 fixes the following issues: osad: - Fix file permissions (bsc#970550) rhncfg: - Fix file permissions (bsc#970550) rhnlib: - Use TLSv1_METHOD in SSL Context (bsc#970989) spacewalk-backend: - Mgr_ncc_sync: Adapt to bulk scheduling introduced in scheduleSingleSatRepoSync spacewalk-certs-tools: - Fix file permissions (bsc#970550) spacewalk-proxy: - Fix file permissions (bsc#970550) suseRegisterInfo: - Fix file permissions (bsc#970550) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-suse-manager-proxy-21-201605-12567=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 2.1 (x86_64): rhnlib-2.5.69.8-11.2 spacewalk-backend-2.1.55.25-24.5 spacewalk-backend-libs-2.1.55.25-24.5 suseRegisterInfo-2.1.12-14.2 - SUSE Manager Proxy 2.1 (noarch): osad-5.11.33.11-15.2 rhncfg-5.10.65.12-11.6 rhncfg-actions-5.10.65.12-11.6 rhncfg-client-5.10.65.12-11.6 rhncfg-management-5.10.65.12-11.6 spacewalk-certs-tools-2.1.6.10-18.3 spacewalk-proxy-broker-2.1.15.8-9.3 spacewalk-proxy-common-2.1.15.8-9.3 spacewalk-proxy-management-2.1.15.8-9.3 spacewalk-proxy-package-manager-2.1.15.8-9.3 spacewalk-proxy-redirect-2.1.15.8-9.3 References: https://bugzilla.suse.com/970550 https://bugzilla.suse.com/970989 From sle-updates at lists.suse.com Fri May 20 11:08:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 May 2016 19:08:11 +0200 (CEST) Subject: SUSE-SU-2016:1374-1: important: Security update for MozillaFirefox Message-ID: <20160520170811.84A54FF5E@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1374-1 Rating: important References: #977333 #977374 #977376 #977381 #977386 Cross-References: CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update to MozillaFirefox 38.8.0 ESR fixes the following security issues (bsc#977333): - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977374) - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977376) - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (bsc#977386) - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (bsc#977381) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-MozillaFirefox-12569=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-MozillaFirefox-12569=1 - SUSE Manager 2.1: zypper in -t patch sleman21-MozillaFirefox-12569=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12569=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12569=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-12569=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12569=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-12569=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): MozillaFirefox-38.8.0esr-40.5 MozillaFirefox-translations-38.8.0esr-40.5 libfreebl3-3.20.2-30.1 libfreebl3-32bit-3.20.2-30.1 libsoftokn3-3.20.2-30.1 libsoftokn3-32bit-3.20.2-30.1 mozilla-nspr-32bit-4.12-26.1 mozilla-nspr-4.12-26.1 mozilla-nss-3.20.2-30.1 mozilla-nss-32bit-3.20.2-30.1 mozilla-nss-tools-3.20.2-30.1 - SUSE Manager Proxy 2.1 (x86_64): MozillaFirefox-38.8.0esr-40.5 MozillaFirefox-translations-38.8.0esr-40.5 libfreebl3-3.20.2-30.1 libfreebl3-32bit-3.20.2-30.1 libsoftokn3-3.20.2-30.1 libsoftokn3-32bit-3.20.2-30.1 mozilla-nspr-32bit-4.12-26.1 mozilla-nspr-4.12-26.1 mozilla-nss-3.20.2-30.1 mozilla-nss-32bit-3.20.2-30.1 mozilla-nss-tools-3.20.2-30.1 - SUSE Manager 2.1 (s390x x86_64): MozillaFirefox-38.8.0esr-40.5 MozillaFirefox-translations-38.8.0esr-40.5 libfreebl3-3.20.2-30.1 libfreebl3-32bit-3.20.2-30.1 libsoftokn3-3.20.2-30.1 libsoftokn3-32bit-3.20.2-30.1 mozilla-nspr-32bit-4.12-26.1 mozilla-nspr-4.12-26.1 mozilla-nss-3.20.2-30.1 mozilla-nss-32bit-3.20.2-30.1 mozilla-nss-tools-3.20.2-30.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-38.8.0esr-40.5 mozilla-nspr-devel-4.12-26.1 mozilla-nss-devel-3.20.2-30.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-38.8.0esr-40.5 MozillaFirefox-translations-38.8.0esr-40.5 libfreebl3-3.20.2-30.1 libsoftokn3-3.20.2-30.1 mozilla-nspr-4.12-26.1 mozilla-nss-3.20.2-30.1 mozilla-nss-tools-3.20.2-30.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libfreebl3-32bit-3.20.2-30.1 libsoftokn3-32bit-3.20.2-30.1 mozilla-nspr-32bit-4.12-26.1 mozilla-nss-32bit-3.20.2-30.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libfreebl3-x86-3.20.2-30.1 libsoftokn3-x86-3.20.2-30.1 mozilla-nspr-x86-4.12-26.1 mozilla-nss-x86-3.20.2-30.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-38.8.0esr-40.5 MozillaFirefox-translations-38.8.0esr-40.5 libfreebl3-3.20.2-30.1 libsoftokn3-3.20.2-30.1 mozilla-nspr-4.12-26.1 mozilla-nss-3.20.2-30.1 mozilla-nss-tools-3.20.2-30.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.20.2-30.1 libsoftokn3-32bit-3.20.2-30.1 mozilla-nspr-32bit-4.12-26.1 mozilla-nss-32bit-3.20.2-30.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-38.8.0esr-40.5 MozillaFirefox-debugsource-38.8.0esr-40.5 mozilla-nspr-debuginfo-4.12-26.1 mozilla-nspr-debugsource-4.12-26.1 mozilla-nss-debuginfo-3.20.2-30.1 mozilla-nss-debugsource-3.20.2-30.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): mozilla-nspr-debuginfo-32bit-4.12-26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): mozilla-nspr-debuginfo-x86-4.12-26.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-38.8.0esr-40.5 MozillaFirefox-debugsource-38.8.0esr-40.5 mozilla-nspr-debuginfo-4.12-26.1 mozilla-nspr-debugsource-4.12-26.1 mozilla-nss-debuginfo-3.20.2-30.1 mozilla-nss-debugsource-3.20.2-30.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): mozilla-nspr-debuginfo-32bit-4.12-26.1 References: https://www.suse.com/security/cve/CVE-2016-2805.html https://www.suse.com/security/cve/CVE-2016-2807.html https://www.suse.com/security/cve/CVE-2016-2808.html https://www.suse.com/security/cve/CVE-2016-2814.html https://bugzilla.suse.com/977333 https://bugzilla.suse.com/977374 https://bugzilla.suse.com/977376 https://bugzilla.suse.com/977381 https://bugzilla.suse.com/977386 From sle-updates at lists.suse.com Fri May 20 11:09:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 May 2016 19:09:07 +0200 (CEST) Subject: SUSE-RU-2016:1375-1: Recommended update for cloud-regionsrv-client Message-ID: <20160520170907.C9939FF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1375-1 Rating: low References: #968128 #975209 #975815 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-regionsrv-client provides version 6.4.6 and fixes the following issues: - Try another SMT server if registration fails (bsc#975209,bsc#975815) - Do not attempt to generate the product list using remote repositories (bsc#968128) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-cloud-regionsrv-client-12570=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (i586 ia64 ppc64 s390x x86_64): cloud-regionsrv-client-6.4.6-18.1 References: https://bugzilla.suse.com/968128 https://bugzilla.suse.com/975209 https://bugzilla.suse.com/975815 From sle-updates at lists.suse.com Fri May 20 11:10:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 May 2016 19:10:06 +0200 (CEST) Subject: SUSE-RU-2016:1377-1: Recommended update for cloud-regionsrv-client Message-ID: <20160520171006.78676FF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1377-1 Rating: low References: #975209 #975815 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-regionsrv-client provides version 6.4.6 and fixes the following issue: - Try another SMT server if registration fails (bsc#975209,bsc#975815) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-806=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-6.4.6-37.1 cloud-regionsrv-client-generic-config-1.0.0-37.1 cloud-regionsrv-client-plugin-gce-1.0.0-37.1 References: https://bugzilla.suse.com/975209 https://bugzilla.suse.com/975815 From sle-updates at lists.suse.com Fri May 20 18:07:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 May 2016 02:07:49 +0200 (CEST) Subject: SUSE-SU-2016:1378-1: important: Security update for java-1_7_0-ibm Message-ID: <20160521000749.2DEDFFF5E@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1378-1 Rating: important References: #977646 #977648 #977650 #979252 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This IBM Java 1.7.0 SR9 FP40 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_7_0-ibm-12571=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_7_0-ibm-12571=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_7_0-ibm-12571=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_7_0-ibm-12571=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_7_0-ibm-12571=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_7_0-ibm-1.7.0_sr9.40-52.1 java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1 java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1 - SUSE Manager Proxy 2.1 (x86_64): java-1_7_0-ibm-1.7.0_sr9.40-52.1 java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1 java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1 - SUSE Manager 2.1 (s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.40-52.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1 - SUSE Manager 2.1 (x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1 java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.40-52.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1 java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.40-52.1 java-1_7_0-ibm-devel-1.7.0_sr9.40-52.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1 java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 From sle-updates at lists.suse.com Fri May 20 18:08:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 May 2016 02:08:31 +0200 (CEST) Subject: SUSE-SU-2016:1379-1: important: Security update for java-1_6_0-ibm Message-ID: <20160521000831.502ECFF63@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1379-1 Rating: important References: #977646 #977648 #977650 #979252 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This IBM Java 1.6.0 SR16 FP25 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_6_0-ibm-12572=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_6_0-ibm-12572=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_6_0-ibm-12572=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_6_0-ibm-12572=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-12572=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_6_0-ibm-1.6.0_sr16.25-69.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-69.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-69.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-69.1 java-1_6_0-ibm-plugin-1.6.0_sr16.25-69.1 - SUSE Manager Proxy 2.1 (x86_64): java-1_6_0-ibm-1.6.0_sr16.25-69.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-69.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-69.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-69.1 java-1_6_0-ibm-plugin-1.6.0_sr16.25-69.1 - SUSE Manager 2.1 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.25-69.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-69.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-69.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-69.1 - SUSE Manager 2.1 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.25-69.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-69.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-69.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.25-69.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-69.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-69.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.25-69.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.25-69.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 From sle-updates at lists.suse.com Mon May 23 05:08:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 May 2016 13:08:21 +0200 (CEST) Subject: SUSE-RU-2016:1380-1: moderate: Recommended update for rubygem-chef Message-ID: <20160523110822.05B20FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1380-1 Rating: moderate References: #967792 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef fixes the following issues: - Handle zypper exit code 106 (failure to refresh one or more repositories) as not fatal. (bsc#967792) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-810=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-810=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-chef-10.32.2-7.2 rubygem-chef-10.32.2-7.2 - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-chef-10.32.2-7.2 rubygem-chef-10.32.2-7.2 References: https://bugzilla.suse.com/967792 From sle-updates at lists.suse.com Mon May 23 10:08:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 May 2016 18:08:34 +0200 (CEST) Subject: SUSE-RU-2016:1384-1: Recommended update for tcpdump Message-ID: <20160523160834.8AC5DFF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcpdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1384-1 Rating: low References: #944294 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tcpdump removes a duplicated binary (/usr/sbin/tcpdump.4.5.1) from the package. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-812=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-812=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-812=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-812=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): tcpdump-4.5.1-10.1 tcpdump-debuginfo-4.5.1-10.1 tcpdump-debugsource-4.5.1-10.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): tcpdump-4.5.1-10.1 tcpdump-debuginfo-4.5.1-10.1 tcpdump-debugsource-4.5.1-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): tcpdump-4.5.1-10.1 tcpdump-debuginfo-4.5.1-10.1 tcpdump-debugsource-4.5.1-10.1 - SUSE Linux Enterprise Desktop 12 (x86_64): tcpdump-4.5.1-10.1 tcpdump-debuginfo-4.5.1-10.1 tcpdump-debugsource-4.5.1-10.1 References: https://bugzilla.suse.com/944294 From sle-updates at lists.suse.com Mon May 23 11:08:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 May 2016 19:08:02 +0200 (CEST) Subject: SUSE-RU-2016:1385-1: moderate: Recommended update for rubygem-chef Message-ID: <20160523170802.71141FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1385-1 Rating: moderate References: #967792 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef fixes the following issues: - Handle zypper exit code 106 (failure to refresh one or more repositories) as not fatal. (bsc#967792) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-rubygem-chef-12574=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ruby2.1-rubygem-chef-10.32.2-30.1 rubygem-chef-10.32.2-30.1 References: https://bugzilla.suse.com/967792 From sle-updates at lists.suse.com Mon May 23 12:07:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 May 2016 20:07:57 +0200 (CEST) Subject: SUSE-SU-2016:1386-1: moderate: Security update for openssh Message-ID: <20160523180757.51FCFFF6C@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1386-1 Rating: moderate References: #729190 #932483 #945484 #945493 #947458 #948902 #960414 #961368 #962313 #965576 #970632 #975865 Cross-References: CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has 9 fixes is now available. Description: This update for OpenSSH fixes three security issues. These security issues were fixed: - CVE-2016-3115: Sanitise input for xauth(1) (bsc#970632) - CVE-2016-1908: Prevent X11 SECURITY circumvention when forwarding X11 connections (bsc#962313) - CVE-2015-8325: Ignore PAM environment when using login (bsc#975865) These non-security issues were fixed: - Fix help output of sftp (bsc#945493) - Restarting openssh with openssh-fips installed was not working correctly (bsc#945484) - Fix crashes when /proc is not available in the chroot (bsc#947458) - Correctly parse GSSAPI KEX algorithms (bsc#961368) - More verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414) - Fix PRNG re-seeding (bsc#960414, bsc#729190) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-818=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-818=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-818=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-818=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openssh-6.6p1-42.1 openssh-askpass-gnome-6.6p1-42.1 openssh-askpass-gnome-debuginfo-6.6p1-42.1 openssh-debuginfo-6.6p1-42.1 openssh-debugsource-6.6p1-42.1 openssh-fips-6.6p1-42.1 openssh-helpers-6.6p1-42.1 openssh-helpers-debuginfo-6.6p1-42.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): openssh-6.6p1-42.1 openssh-askpass-gnome-6.6p1-42.1 openssh-askpass-gnome-debuginfo-6.6p1-42.1 openssh-debuginfo-6.6p1-42.1 openssh-debugsource-6.6p1-42.1 openssh-fips-6.6p1-42.1 openssh-helpers-6.6p1-42.1 openssh-helpers-debuginfo-6.6p1-42.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): openssh-6.6p1-42.1 openssh-askpass-gnome-6.6p1-42.1 openssh-askpass-gnome-debuginfo-6.6p1-42.1 openssh-debuginfo-6.6p1-42.1 openssh-debugsource-6.6p1-42.1 openssh-helpers-6.6p1-42.1 openssh-helpers-debuginfo-6.6p1-42.1 - SUSE Linux Enterprise Desktop 12 (x86_64): openssh-6.6p1-42.1 openssh-askpass-gnome-6.6p1-42.1 openssh-askpass-gnome-debuginfo-6.6p1-42.1 openssh-debuginfo-6.6p1-42.1 openssh-debugsource-6.6p1-42.1 openssh-helpers-6.6p1-42.1 openssh-helpers-debuginfo-6.6p1-42.1 References: https://www.suse.com/security/cve/CVE-2015-8325.html https://www.suse.com/security/cve/CVE-2016-1908.html https://www.suse.com/security/cve/CVE-2016-3115.html https://bugzilla.suse.com/729190 https://bugzilla.suse.com/932483 https://bugzilla.suse.com/945484 https://bugzilla.suse.com/945493 https://bugzilla.suse.com/947458 https://bugzilla.suse.com/948902 https://bugzilla.suse.com/960414 https://bugzilla.suse.com/961368 https://bugzilla.suse.com/962313 https://bugzilla.suse.com/965576 https://bugzilla.suse.com/970632 https://bugzilla.suse.com/975865 From sle-updates at lists.suse.com Tue May 24 06:08:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 May 2016 14:08:00 +0200 (CEST) Subject: SUSE-SU-2016:1388-1: important: Security update for IBM Java 1.6.0 Message-ID: <20160524120800.BA406FF5E@maintenance.suse.de> SUSE Security Update: Security update for IBM Java 1.6.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1388-1 Rating: important References: #977646 #977648 #977650 #979252 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This IBM Java 1.6.0 SR16 FP25 release fixes the following issues: Security issues fixed: * CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) * CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) * CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) * The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Security Issues: * CVE-2016-0376 * CVE-2016-0363 * CVE-2016-0264 * CVE-2016-3443 * CVE-2016-0687 * CVE-2016-0686 * CVE-2016-3427 * CVE-2016-3449 * CVE-2016-3422 * CVE-2016-3426 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.25-0.11.1 java-1_6_0-ibm-devel-1.6.0_sr16.25-0.11.1 java-1_6_0-ibm-fonts-1.6.0_sr16.25-0.11.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.25-0.11.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64): java-1_6_0-ibm-32bit-1.6.0_sr16.25-0.11.1 java-1_6_0-ibm-devel-32bit-1.6.0_sr16.25-0.11.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.25-0.11.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): java-1_6_0-ibm-alsa-32bit-1.6.0_sr16.25-0.11.1 java-1_6_0-ibm-plugin-32bit-1.6.0_sr16.25-0.11.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.25-0.11.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 https://download.suse.com/patch/finder/?keywords=133b4d37ec640a121ad2dbcba2704f70 From sle-updates at lists.suse.com Tue May 24 11:08:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 May 2016 19:08:05 +0200 (CEST) Subject: SUSE-RU-2016:1389-1: moderate: Recommended update for salt Message-ID: <20160524170805.7DBDBFF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1389-1 Rating: moderate References: #979676 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for salt contains the following: - Fix file ownership on master keys and cache directories during upgrade (handles upgrading from salt 2014, where the daemon ran as root, to 2015 where it runs as the salt user, bsc#979676). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-822=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2016-822=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): salt-2015.8.7-8.2 salt-api-2015.8.7-8.2 salt-doc-2015.8.7-8.2 salt-master-2015.8.7-8.2 salt-minion-2015.8.7-8.2 salt-proxy-2015.8.7-8.2 salt-ssh-2015.8.7-8.2 salt-syndic-2015.8.7-8.2 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2015.8.7-8.2 salt-zsh-completion-2015.8.7-8.2 - SUSE Manager Proxy 3.0 (x86_64): salt-2015.8.7-8.2 salt-api-2015.8.7-8.2 salt-doc-2015.8.7-8.2 salt-master-2015.8.7-8.2 salt-minion-2015.8.7-8.2 salt-proxy-2015.8.7-8.2 salt-ssh-2015.8.7-8.2 salt-syndic-2015.8.7-8.2 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2015.8.7-8.2 salt-zsh-completion-2015.8.7-8.2 References: https://bugzilla.suse.com/979676 From sle-updates at lists.suse.com Wed May 25 05:08:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 May 2016 13:08:30 +0200 (CEST) Subject: SUSE-RU-2016:1390-1: important: Recommended update for crowbar-openstack, crowbar-ha, openstack-neutron and openstack-resource-agents Message-ID: <20160525110831.02BD2FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-openstack, crowbar-ha, openstack-neutron and openstack-resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1390-1 Rating: important References: #953786 #955786 #963938 #965886 #968656 #968969 #969877 #971546 #974411 #974420 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update fixes the following issues: crowbar-openstack: - Increase neutron-ha-tool start timeout to 120s. (bsc#965886) - Interleave Pacemaker clones to minimise disruption (bsc#965886) - Nova: Do not setup NFS mount when shared storage is manual. (bsc#971546) - Fix quoting of validator help text. (bsc#953786) - Fix physnet mapping for non-vlan setups. (bsc#969877) - Do not set unsupported virt_type values. (bsc#968656) - Ceilometer: Fix RA for mongodb when using HA. (bsc#968969) crowbar-ha: - Interleave Apache clones to minimise disruption (bsc#965886) openstack-neutron: - Add missing requirement on crudini (bsc#974411) - Fix help message for --l3-agent-evacuate option (bsc#974420) - Retry on errors, not just NeutronExceptions (bsc#965886) - Make neutron server startup synchronous i.e. blocking until neutron really is ready, otherwise services which depend on it (e.g. neutron-ha-tool) could fail unexpectedly. (bsc#965886) - Make neutron-ha-tool recovery operations retry (bsc#965886) - Set umask to 0022 in the plugin init script (bsc#963938) - Ensure neutron services are started after openstack-keystone (bsc#955786) openstack-resource-agents: - neutron-ha-tool: Fix monitor return code - neutron-ha-tool: Make start action retry - neutron-ha-tool: Fix active/passive usage - neutron-ha-tool: Fix 'defaut' typo - neutron-ha-tool: Add os_region_name parameter Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-830=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-ha-3.0+git.1459949350.7746d41-4.1 crowbar-openstack-3.0+git.1460026998.56264a5-8.1 openstack-neutron-7.0.5~a0~dev80-4.1 openstack-neutron-dhcp-agent-7.0.5~a0~dev80-4.1 openstack-neutron-doc-7.0.5~a0~dev80-4.1 openstack-neutron-ha-tool-7.0.5~a0~dev80-4.1 openstack-neutron-l3-agent-7.0.5~a0~dev80-4.1 openstack-neutron-linuxbridge-agent-7.0.5~a0~dev80-4.1 openstack-neutron-metadata-agent-7.0.5~a0~dev80-4.1 openstack-neutron-metering-agent-7.0.5~a0~dev80-4.1 openstack-neutron-mlnx-agent-7.0.5~a0~dev80-4.1 openstack-neutron-nvsd-agent-7.0.5~a0~dev80-4.1 openstack-neutron-openvswitch-agent-7.0.5~a0~dev80-4.1 openstack-neutron-restproxy-agent-7.0.5~a0~dev80-4.1 openstack-neutron-server-7.0.5~a0~dev80-4.1 openstack-resource-agents-1.0+git.1459538831.fff75c5-4.1 python-neutron-7.0.5~a0~dev80-4.1 References: https://bugzilla.suse.com/953786 https://bugzilla.suse.com/955786 https://bugzilla.suse.com/963938 https://bugzilla.suse.com/965886 https://bugzilla.suse.com/968656 https://bugzilla.suse.com/968969 https://bugzilla.suse.com/969877 https://bugzilla.suse.com/971546 https://bugzilla.suse.com/974411 https://bugzilla.suse.com/974420 From sle-updates at lists.suse.com Wed May 25 05:10:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 May 2016 13:10:32 +0200 (CEST) Subject: SUSE-RU-2016:1391-1: moderate: Recommended update for python-glanceclient Message-ID: <20160525111032.1C906FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-glanceclient ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1391-1 Rating: moderate References: #975302 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-glanceclient fixes an exception when running the command 'glance image-show "image_id"'. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-829=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-829=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-glanceclient-0.15.0-15.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-glanceclient-0.15.0-15.1 References: https://bugzilla.suse.com/975302 From sle-updates at lists.suse.com Wed May 25 09:08:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 May 2016 17:08:03 +0200 (CEST) Subject: SUSE-RU-2016:1392-1: moderate: Recommended update for kiwi Message-ID: <20160525150803.BC3B1FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1392-1 Rating: moderate References: #946648 #956484 #961334 #963276 #964204 #964472 #964474 #965830 #965831 #966293 #968270 #968475 #968601 #971621 #975898 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 15 recommended fixes can now be installed. Description: This update provides KIWI v7.02.96, which brings several fixes and enhancements: - Add part_msdos module for self build EFI image: On ARM we have a few hooks in kiwi that allow us to adapt the resulting image to target boards. On some systems, we need to install the firmware to hardware specified sector offsets on the image target (sd card). Unfortunately some systems demand firmware at sector 1 which is where the GPT would usually reside. So we need to use an MBR partition layout. We can convert the GPT into an MBR using gdisk in our ARM scripts, but at that point grub2 would have to be able to interpret the MBR as well. So we need the "msdos_part" module included. (bnc#975898) - Don't copy initial ram disk content to /run/initramfs: We should avoid copying the initial ram disk content to a tmpfs filesystem, especially on low memory systems. (bsc#963276) - Execute haveged in udevStart: This ensure there is at least a source of entropy for /dev/random when FIPS mode is enabled. Without it, VMware virtual machines hang at boot. (bsc#964204) - Run dracut as background process for vmx images: The dracut process takes quite some time and blocks the boot process. In cloud frameworks instance boot time matters and with this patch the dracut process runs in parallel with the rest of the boot process. (bsc#971621) - Use shim-install to setup EFI secure boot. (bsc#968475) - Don't write grub.cfg to EFI directory: Originally the file was written there as reference, but nothing will ever update that file if the real grub configuration changes. Thus it doesn't make sense to provide this information. (bsc#968270) - Avoid lvcreate to ask for wiping swap signature: When kiwi creates the logical volume for the swap space and there is already a swap signature at the place on disk, lvm stops and asks what to do with it. This should be generally avoided at that stage in the boot process. (bsc#968601) - Enable pvops builds for EC2: The pvops kernel comes first with SLES12 SP2 and provides Xen HVM and Xen paravirtual operations. The paravirtual block drivers are new to this kernel and must be addressed in kiwi. In addition the setup of the root device in the kernel commandline cannot be a fixed device name anymore since the device node names are different depending which virtualization mode is used. Therefore the root device setup for ec2 builds is now based on the rootfs label. (bsc#966293) - Fix shell syntax in grub2 template. (bsc#961334) - Support by-label mount entries for btrfs subvolumes. (bsc#964474) - Don't add kernel file systems to fstab: Systems with systemd which this kiwi version aims for, don't need proc, sysfs, debugfs and friends to be part of the fstab. (bsc#964472) - Allow system to be installed on btrfs snapshot. (bsc#946648) - Evaluate kiwi_btrfs_root_is_snapshot in boot code: If set it's required to mount the subvolumes like it is done with lvm volumes. In addition this patch fixes the update of the fstab file which has to contain an entry for each subvolume excluding snapshots and the toplevel. (bsc#946648) - Add btrfs_root_is_snapshot attribute and its get/set(er) methods. (bsc#946648) - Improve validation of targetDevice: If called with --targetdevice the target must be a device block special and nothing else, no symlink, no other node type. (bsc#956484) - Fixed creation of /var/run vs. /run: It should not be kiwi's task to handle that but it seems we will not be able to fix this in a clean way on the package level. Thus, KIWI now checks for the desired distro from the value of the boot attribute and create either /run with a symlink /var/run or /var/run. - Fixed spec file requirements: for older systems (SLE11), the pidof program as used by kiwi is provided with the sysvinit package not with sysvinit-tools. - Prevent prefix setup in grub.cfg for Xen: Xen PV guests boot via a first stage loader pygrub/pvgrub and interpret the grub config file differently. One inconsistency is that pvgrub searches for the grub modules at a different place. Setting up the prefix will point pvgrub to the wrong place and the system fail to boot. (bsc#965831) - Prevent command variables for Xen domU grub2 setup: Xen PV images which boot via pvgrub have the problem that pvgrub is not able to correctly read in the grub.cfg file written by kiwi. This is because kiwi uses a variable which contains the loader command (e.g $linux) instead of the loader command directly. grub2 supports this but pvgrub is not able to interpret this information. This patch prevents the use of the variable if the target image is Xen, domU and the firmware type is set to bios. (bsc#965831) - Refactor suseStripKernel: The way the method downsizes the kernel tree is wrong in several places and very hard to read. Therefore the code has been refactored and splitted into task methods which can run independently from each other. As one result the kernel tree is not missing any metadata and/or update weak-updates paths anymore. (bsc#965830) - Fixed validation of updates/weak-updates modules: suseStripKernel took the update and weak-update modules only into account if they are mentioned in the drivers list. But these modules are considered p1 and should always be included and also checked against its dependencies. (bsc#965830) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-831=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-831=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-831=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kiwi-pxeboot-7.02.96-27.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kiwi-7.02.96-27.1 kiwi-debugsource-7.02.96-27.1 kiwi-desc-netboot-7.02.96-27.1 kiwi-desc-oemboot-7.02.96-27.1 kiwi-desc-vmxboot-7.02.96-27.1 kiwi-templates-7.02.96-27.1 kiwi-tools-7.02.96-27.1 kiwi-tools-debuginfo-7.02.96-27.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kiwi-desc-isoboot-7.02.96-27.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kiwi-doc-7.02.96-27.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kiwi-debugsource-7.02.96-27.1 kiwi-tools-7.02.96-27.1 kiwi-tools-debuginfo-7.02.96-27.1 References: https://bugzilla.suse.com/946648 https://bugzilla.suse.com/956484 https://bugzilla.suse.com/961334 https://bugzilla.suse.com/963276 https://bugzilla.suse.com/964204 https://bugzilla.suse.com/964472 https://bugzilla.suse.com/964474 https://bugzilla.suse.com/965830 https://bugzilla.suse.com/965831 https://bugzilla.suse.com/966293 https://bugzilla.suse.com/968270 https://bugzilla.suse.com/968475 https://bugzilla.suse.com/968601 https://bugzilla.suse.com/971621 https://bugzilla.suse.com/975898 From sle-updates at lists.suse.com Wed May 25 12:07:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 May 2016 20:07:57 +0200 (CEST) Subject: SUSE-RU-2016:1402-1: moderate: Recommended update for gdb Message-ID: <20160525180757.9AE70FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1402-1 Rating: moderate References: #970589 #971556 #976404 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for gdb fixes the following issues: - GDB fails to attach to multi-threaded processes on the s390x architecture. (bsc#976404, bsc#970589) - GDB could terminate with a segmentation fault when printing values from binaries built with some non-standard build options. (bsc#971556) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gdb-12577=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gdb-12577=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gdb-12577=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gdbserver-7.9.1-8.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x): gdb-32bit-7.9.1-8.2 gdbserver-32bit-7.9.1-8.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): gdbserver-x86-7.9.1-8.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gdb-7.9.1-8.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): gdb-x86-7.9.1-8.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gdb-debuginfo-7.9.1-8.2 gdb-debugsource-7.9.1-8.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x): gdb-debuginfo-32bit-7.9.1-8.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gdb-debuginfo-x86-7.9.1-8.2 References: https://bugzilla.suse.com/970589 https://bugzilla.suse.com/971556 https://bugzilla.suse.com/976404 From sle-updates at lists.suse.com Wed May 25 12:08:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 May 2016 20:08:36 +0200 (CEST) Subject: SUSE-RU-2016:1403-1: moderate: Recommended update for gdb Message-ID: <20160525180836.3A959FF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1403-1 Rating: moderate References: #970589 #971556 #976404 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for gdb fixes the following issues: - GDB fails to attach to multi-threaded processes on the s390x architecture. (bsc#976404, bsc#970589) - GDB could terminate with a segmentation fault when printing values from binaries built with some non-standard build options. (bsc#971556) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-834=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-834=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-834=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-834=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-834=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-834=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gdb-debuginfo-7.9.1-14.1 gdb-debugsource-7.9.1-14.1 gdbserver-7.9.1-14.1 gdbserver-debuginfo-7.9.1-14.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x): gdb-debuginfo-32bit-7.9.1-14.1 gdbserver-32bit-7.9.1-14.1 gdbserver-debuginfo-32bit-7.9.1-14.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): gdb-debuginfo-7.9.1-14.1 gdb-debugsource-7.9.1-14.1 gdbserver-7.9.1-14.1 gdbserver-debuginfo-7.9.1-14.1 - SUSE Linux Enterprise Software Development Kit 12 (s390x): gdb-debuginfo-32bit-7.9.1-14.1 gdbserver-32bit-7.9.1-14.1 gdbserver-debuginfo-32bit-7.9.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gdb-7.9.1-14.1 gdb-debuginfo-7.9.1-14.1 gdb-debugsource-7.9.1-14.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): gdb-7.9.1-14.1 gdb-debuginfo-7.9.1-14.1 gdb-debugsource-7.9.1-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gdb-7.9.1-14.1 gdb-debuginfo-7.9.1-14.1 gdb-debugsource-7.9.1-14.1 - SUSE Linux Enterprise Desktop 12 (x86_64): gdb-7.9.1-14.1 gdb-debuginfo-7.9.1-14.1 gdb-debugsource-7.9.1-14.1 References: https://bugzilla.suse.com/970589 https://bugzilla.suse.com/971556 https://bugzilla.suse.com/976404 From sle-updates at lists.suse.com Wed May 25 14:08:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 May 2016 22:08:02 +0200 (CEST) Subject: SUSE-RU-2016:1404-1: moderate: Recommended update for libgcrypt Message-ID: <20160525200802.3E18BFF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1404-1 Rating: moderate References: #979629 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgcrypt fixes the following issue: - Fix failing reboot after installing fips pattern (bsc#979629) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-835=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-835=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-835=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-835=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-835=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-835=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.30.1 libgcrypt-devel-1.6.1-16.30.1 libgcrypt-devel-debuginfo-1.6.1-16.30.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.30.1 libgcrypt-devel-1.6.1-16.30.1 libgcrypt-devel-debuginfo-1.6.1-16.30.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.30.1 libgcrypt20-1.6.1-16.30.1 libgcrypt20-debuginfo-1.6.1-16.30.1 libgcrypt20-hmac-1.6.1-16.30.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgcrypt20-32bit-1.6.1-16.30.1 libgcrypt20-debuginfo-32bit-1.6.1-16.30.1 libgcrypt20-hmac-32bit-1.6.1-16.30.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.30.1 libgcrypt20-1.6.1-16.30.1 libgcrypt20-debuginfo-1.6.1-16.30.1 libgcrypt20-hmac-1.6.1-16.30.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libgcrypt20-32bit-1.6.1-16.30.1 libgcrypt20-debuginfo-32bit-1.6.1-16.30.1 libgcrypt20-hmac-32bit-1.6.1-16.30.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libgcrypt-debugsource-1.6.1-16.30.1 libgcrypt20-1.6.1-16.30.1 libgcrypt20-32bit-1.6.1-16.30.1 libgcrypt20-debuginfo-1.6.1-16.30.1 libgcrypt20-debuginfo-32bit-1.6.1-16.30.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libgcrypt-debugsource-1.6.1-16.30.1 libgcrypt20-1.6.1-16.30.1 libgcrypt20-32bit-1.6.1-16.30.1 libgcrypt20-debuginfo-1.6.1-16.30.1 libgcrypt20-debuginfo-32bit-1.6.1-16.30.1 References: https://bugzilla.suse.com/979629 From sle-updates at lists.suse.com Thu May 26 12:07:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 May 2016 20:07:34 +0200 (CEST) Subject: SUSE-RU-2016:1405-1: Recommended update for xemacs, xemacs-packages Message-ID: <20160526180735.02140FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for xemacs, xemacs-packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1405-1 Rating: low References: #952361 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for emacs and xemacs-packages changes the encoding order in application defaults to avoid breakdown of FontSet scheme of libX11 at start-up. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-836=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-836=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-836=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-836=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): xemacs-info-21.5.34-14.23 xemacs-packages-20130822-9.51 xemacs-packages-info-20130822-9.51 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): xemacs-21.5.34-14.23 xemacs-debuginfo-21.5.34-14.23 xemacs-debugsource-21.5.34-14.23 - SUSE Linux Enterprise Workstation Extension 12 (x86_64): xemacs-21.5.34-14.23 xemacs-debuginfo-21.5.34-14.23 xemacs-debugsource-21.5.34-14.23 - SUSE Linux Enterprise Workstation Extension 12 (noarch): xemacs-info-21.5.34-14.23 xemacs-packages-20130822-9.51 xemacs-packages-info-20130822-9.51 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xemacs-21.5.34-14.23 xemacs-debuginfo-21.5.34-14.23 xemacs-debugsource-21.5.34-14.23 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): xemacs-info-21.5.34-14.23 xemacs-packages-20130822-9.51 xemacs-packages-info-20130822-9.51 - SUSE Linux Enterprise Desktop 12 (noarch): xemacs-info-21.5.34-14.23 xemacs-packages-20130822-9.51 xemacs-packages-info-20130822-9.51 - SUSE Linux Enterprise Desktop 12 (x86_64): xemacs-21.5.34-14.23 xemacs-debuginfo-21.5.34-14.23 xemacs-debugsource-21.5.34-14.23 References: https://bugzilla.suse.com/952361 From sle-updates at lists.suse.com Fri May 27 06:08:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 14:08:49 +0200 (CEST) Subject: SUSE-RU-2016:1406-1: Recommended update for python-azure-agent Message-ID: <20160527120849.0B8B8FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1406-1 Rating: low References: #974899 #980789 #980790 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for python-azure-agent provides version 2.0.14 and fixes the following issues: - Fix a bug for internal extension version resolving - Removed tests from /usr/lib/python2.7/site-packages/tests (bsc#974899) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-839=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.1.4-7.1 References: https://bugzilla.suse.com/974899 https://bugzilla.suse.com/980789 https://bugzilla.suse.com/980790 From sle-updates at lists.suse.com Fri May 27 06:09:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 14:09:24 +0200 (CEST) Subject: SUSE-OU-2016:1407-1: Initial release of python-s3transfer Message-ID: <20160527120924.1692DFF63@maintenance.suse.de> SUSE Optional Update: Initial release of python-s3transfer ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:1407-1 Rating: low References: #974993 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds the new package python-s3transfer to the Public Cloud 12 Module. s3transfer is a transfer manager for Amazon Web Services S3 Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-840=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-s3transfer-0.0.1-2.1 References: https://bugzilla.suse.com/974993 From sle-updates at lists.suse.com Fri May 27 07:08:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 15:08:10 +0200 (CEST) Subject: SUSE-RU-2016:1408-1: Recommended update for open-vm-tools Message-ID: <20160527130810.8D82FFF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1408-1 Rating: low References: #921618 #943236 #944615 #974504 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update provides open-vm-tools 10.0.5, which brings several fixes and enhancements: - Fuse-based hgfs client, a user space way to share folder between host and guest without any kernel modification - Quiesced snapshots enhancements for Linux guests running IO workload - Shared Folders - ESXi Serviceability - GuestInfo Enhancements - Internationalization, with support for English, French, German, Spanish, Italian, Japanese, Korean, Simplified Chinese and Traditional Chinese - Compatibility with all supported versions of VMware vSphere, VMware Workstation 12.0 and VMware Fusion 8.0 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-844=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-844=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (x86_64): libvmtools0-10.0.5-2.1.1 libvmtools0-debuginfo-10.0.5-2.1.1 open-vm-tools-10.0.5-2.1.1 open-vm-tools-debuginfo-10.0.5-2.1.1 open-vm-tools-debugsource-10.0.5-2.1.1 open-vm-tools-desktop-10.0.5-2.1.1 open-vm-tools-desktop-debuginfo-10.0.5-2.1.1 - SUSE Linux Enterprise Desktop 12 (x86_64): libvmtools0-10.0.5-2.1.1 libvmtools0-debuginfo-10.0.5-2.1.1 open-vm-tools-10.0.5-2.1.1 open-vm-tools-debuginfo-10.0.5-2.1.1 open-vm-tools-debugsource-10.0.5-2.1.1 open-vm-tools-desktop-10.0.5-2.1.1 open-vm-tools-desktop-debuginfo-10.0.5-2.1.1 References: https://bugzilla.suse.com/921618 https://bugzilla.suse.com/943236 https://bugzilla.suse.com/944615 https://bugzilla.suse.com/974504 From sle-updates at lists.suse.com Fri May 27 07:10:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 15:10:08 +0200 (CEST) Subject: SUSE-RU-2016:1413-1: Recommended update for yast2-trans Message-ID: <20160527131008.53CAAFF63@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-trans ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1413-1 Rating: low References: #957051 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-trans fixes the following issues: - Updated language: ru; fix translation of cancel vs. abandon button (bsc#957051) - Updated language: de Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-845=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-845=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): yast2-trans-af-3.0.0-38.1 yast2-trans-ar-3.0.0-38.1 yast2-trans-bg-3.0.0-38.1 yast2-trans-bn-3.0.0-38.1 yast2-trans-bs-3.0.0-38.1 yast2-trans-ca-3.0.0-38.1 yast2-trans-cs-3.0.0-38.1 yast2-trans-cy-3.0.0-38.1 yast2-trans-da-3.0.0-38.1 yast2-trans-de-3.0.0-38.1 yast2-trans-el-3.0.0-38.1 yast2-trans-en_GB-3.0.0-38.1 yast2-trans-en_US-3.0.0-38.1 yast2-trans-es-3.0.0-38.1 yast2-trans-et-3.0.0-38.1 yast2-trans-fa-3.0.0-38.1 yast2-trans-fi-3.0.0-38.1 yast2-trans-fr-3.0.0-38.1 yast2-trans-gl-3.0.0-38.1 yast2-trans-gu-3.0.0-38.1 yast2-trans-hi-3.0.0-38.1 yast2-trans-hr-3.0.0-38.1 yast2-trans-hu-3.0.0-38.1 yast2-trans-id-3.0.0-38.1 yast2-trans-it-3.0.0-38.1 yast2-trans-ja-3.0.0-38.1 yast2-trans-jv-3.0.0-38.1 yast2-trans-ka-3.0.0-38.1 yast2-trans-km-3.0.0-38.1 yast2-trans-ko-3.0.0-38.1 yast2-trans-lo-3.0.0-38.1 yast2-trans-lt-3.0.0-38.1 yast2-trans-mk-3.0.0-38.1 yast2-trans-mr-3.0.0-38.1 yast2-trans-nb-3.0.0-38.1 yast2-trans-nl-3.0.0-38.1 yast2-trans-pa-3.0.0-38.1 yast2-trans-pl-3.0.0-38.1 yast2-trans-pt-3.0.0-38.1 yast2-trans-pt_BR-3.0.0-38.1 yast2-trans-ro-3.0.0-38.1 yast2-trans-ru-3.0.0-38.1 yast2-trans-si-3.0.0-38.1 yast2-trans-sk-3.0.0-38.1 yast2-trans-sl-3.0.0-38.1 yast2-trans-sr-3.0.0-38.1 yast2-trans-sv-3.0.0-38.1 yast2-trans-ta-3.0.0-38.1 yast2-trans-th-3.0.0-38.1 yast2-trans-tr-3.0.0-38.1 yast2-trans-uk-3.0.0-38.1 yast2-trans-vi-3.0.0-38.1 yast2-trans-wa-3.0.0-38.1 yast2-trans-xh-3.0.0-38.1 yast2-trans-zh_CN-3.0.0-38.1 yast2-trans-zh_TW-3.0.0-38.1 yast2-trans-zu-3.0.0-38.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): yast2-trans-af-3.0.0-38.1 yast2-trans-ar-3.0.0-38.1 yast2-trans-bg-3.0.0-38.1 yast2-trans-bn-3.0.0-38.1 yast2-trans-bs-3.0.0-38.1 yast2-trans-ca-3.0.0-38.1 yast2-trans-cs-3.0.0-38.1 yast2-trans-cy-3.0.0-38.1 yast2-trans-da-3.0.0-38.1 yast2-trans-de-3.0.0-38.1 yast2-trans-el-3.0.0-38.1 yast2-trans-en_GB-3.0.0-38.1 yast2-trans-en_US-3.0.0-38.1 yast2-trans-es-3.0.0-38.1 yast2-trans-et-3.0.0-38.1 yast2-trans-fa-3.0.0-38.1 yast2-trans-fi-3.0.0-38.1 yast2-trans-fr-3.0.0-38.1 yast2-trans-gl-3.0.0-38.1 yast2-trans-gu-3.0.0-38.1 yast2-trans-hi-3.0.0-38.1 yast2-trans-hr-3.0.0-38.1 yast2-trans-hu-3.0.0-38.1 yast2-trans-id-3.0.0-38.1 yast2-trans-it-3.0.0-38.1 yast2-trans-ja-3.0.0-38.1 yast2-trans-jv-3.0.0-38.1 yast2-trans-ka-3.0.0-38.1 yast2-trans-km-3.0.0-38.1 yast2-trans-ko-3.0.0-38.1 yast2-trans-lo-3.0.0-38.1 yast2-trans-lt-3.0.0-38.1 yast2-trans-mk-3.0.0-38.1 yast2-trans-mr-3.0.0-38.1 yast2-trans-nb-3.0.0-38.1 yast2-trans-nl-3.0.0-38.1 yast2-trans-pa-3.0.0-38.1 yast2-trans-pl-3.0.0-38.1 yast2-trans-pt-3.0.0-38.1 yast2-trans-pt_BR-3.0.0-38.1 yast2-trans-ro-3.0.0-38.1 yast2-trans-ru-3.0.0-38.1 yast2-trans-si-3.0.0-38.1 yast2-trans-sk-3.0.0-38.1 yast2-trans-sl-3.0.0-38.1 yast2-trans-sr-3.0.0-38.1 yast2-trans-sv-3.0.0-38.1 yast2-trans-ta-3.0.0-38.1 yast2-trans-th-3.0.0-38.1 yast2-trans-tr-3.0.0-38.1 yast2-trans-uk-3.0.0-38.1 yast2-trans-vi-3.0.0-38.1 yast2-trans-wa-3.0.0-38.1 yast2-trans-xh-3.0.0-38.1 yast2-trans-zh_CN-3.0.0-38.1 yast2-trans-zh_TW-3.0.0-38.1 yast2-trans-zu-3.0.0-38.1 References: https://bugzilla.suse.com/957051 From sle-updates at lists.suse.com Fri May 27 07:13:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 15:13:02 +0200 (CEST) Subject: SUSE-RU-2016:1416-1: Recommended update for open-vm-tools Message-ID: <20160527131302.72A1AFF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1416-1 Rating: low References: #952645 #974504 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides open-vm-tools 10.0.5, which brings a fuse-based hgfs client, a user space way to share folder between host and guest without any kernel modification. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-843=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-843=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (x86_64): libvmtools0-10.0.5-3.1 libvmtools0-debuginfo-10.0.5-3.1 open-vm-tools-10.0.5-3.1 open-vm-tools-debuginfo-10.0.5-3.1 open-vm-tools-debugsource-10.0.5-3.1 open-vm-tools-desktop-10.0.5-3.1 open-vm-tools-desktop-debuginfo-10.0.5-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libvmtools0-10.0.5-3.1 libvmtools0-debuginfo-10.0.5-3.1 open-vm-tools-10.0.5-3.1 open-vm-tools-debuginfo-10.0.5-3.1 open-vm-tools-debugsource-10.0.5-3.1 open-vm-tools-desktop-10.0.5-3.1 open-vm-tools-desktop-debuginfo-10.0.5-3.1 References: https://bugzilla.suse.com/952645 https://bugzilla.suse.com/974504 From sle-updates at lists.suse.com Fri May 27 07:13:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 15:13:54 +0200 (CEST) Subject: SUSE-RU-2016:1419-1: moderate: Recommended update for bash Message-ID: <20160527131354.631C2FF63@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1419-1 Rating: moderate References: #976776 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bash fixes the following issue: - Fix crash if ~/.bash_history is empty (bsc#976776) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-841=1 - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-841=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-841=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-841=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-841=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-841=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-841=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-841=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): bash-lang-4.2-77.1 - SUSE Linux Enterprise Workstation Extension 12 (noarch): bash-lang-4.2-77.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): bash-debuginfo-4.2-77.1 bash-debugsource-4.2-77.1 bash-devel-4.2-77.1 readline-devel-6.2-77.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): bash-debuginfo-4.2-77.1 bash-debugsource-4.2-77.1 bash-devel-4.2-77.1 readline-devel-6.2-77.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): bash-4.2-77.1 bash-debuginfo-4.2-77.1 bash-debugsource-4.2-77.1 libreadline6-6.2-77.1 libreadline6-debuginfo-6.2-77.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libreadline6-32bit-6.2-77.1 libreadline6-debuginfo-32bit-6.2-77.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): bash-doc-4.2-77.1 readline-doc-6.2-77.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): bash-4.2-77.1 bash-debuginfo-4.2-77.1 bash-debugsource-4.2-77.1 libreadline6-6.2-77.1 libreadline6-debuginfo-6.2-77.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): libreadline6-32bit-6.2-77.1 libreadline6-debuginfo-32bit-6.2-77.1 - SUSE Linux Enterprise Server 12 (noarch): bash-doc-4.2-77.1 readline-doc-6.2-77.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): bash-doc-4.2-77.1 bash-lang-4.2-77.1 readline-doc-6.2-77.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): bash-4.2-77.1 bash-debuginfo-4.2-77.1 bash-debugsource-4.2-77.1 libreadline6-32bit-6.2-77.1 libreadline6-6.2-77.1 libreadline6-debuginfo-32bit-6.2-77.1 libreadline6-debuginfo-6.2-77.1 - SUSE Linux Enterprise Desktop 12 (noarch): bash-doc-4.2-77.1 bash-lang-4.2-77.1 readline-doc-6.2-77.1 - SUSE Linux Enterprise Desktop 12 (x86_64): bash-4.2-77.1 bash-debuginfo-4.2-77.1 bash-debugsource-4.2-77.1 libreadline6-32bit-6.2-77.1 libreadline6-6.2-77.1 libreadline6-debuginfo-32bit-6.2-77.1 libreadline6-debuginfo-6.2-77.1 References: https://bugzilla.suse.com/976776 From sle-updates at lists.suse.com Fri May 27 07:14:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 15:14:14 +0200 (CEST) Subject: SUSE-RU-2016:1420-1: moderate: Recommended update for glib2 Message-ID: <20160527131414.3DF39FF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1420-1 Rating: moderate References: #846912 #929542 #931445 #956599 #970694 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for glib2 provides the following fixes: - Fix file descriptor leak when GSocketClient fails to connect asynchronously. (bsc#956599) - Add -lrt and PCRE libraries to link flags in glib-2.0.pc.in. (bsc#929542) - Add glibconfig.h to the -devel-32bit packages and ship them for x86_64 and s390x. (bsc#970694) - Relax g_thread_init() requirements so it can be called multiple times. (bsc#931445, bsc#846912) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-glib2-12581=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-glib2-12581=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-glib2-12581=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-devel-2.22.5-0.8.23.1 libgio-fam-2.22.5-0.8.23.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): glib2-devel-32bit-2.22.5-0.8.23.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): glib2-doc-2.22.5-0.8.23.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-2.22.5-0.8.23.1 glib2-doc-2.22.5-0.8.23.1 glib2-lang-2.22.5-0.8.23.1 libgio-2_0-0-2.22.5-0.8.23.1 libglib-2_0-0-2.22.5-0.8.23.1 libgmodule-2_0-0-2.22.5-0.8.23.1 libgobject-2_0-0-2.22.5-0.8.23.1 libgthread-2_0-0-2.22.5-0.8.23.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libgio-2_0-0-32bit-2.22.5-0.8.23.1 libglib-2_0-0-32bit-2.22.5-0.8.23.1 libgmodule-2_0-0-32bit-2.22.5-0.8.23.1 libgobject-2_0-0-32bit-2.22.5-0.8.23.1 libgthread-2_0-0-32bit-2.22.5-0.8.23.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libgio-2_0-0-x86-2.22.5-0.8.23.1 libglib-2_0-0-x86-2.22.5-0.8.23.1 libgmodule-2_0-0-x86-2.22.5-0.8.23.1 libgobject-2_0-0-x86-2.22.5-0.8.23.1 libgthread-2_0-0-x86-2.22.5-0.8.23.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): glib2-debuginfo-2.22.5-0.8.23.1 glib2-debugsource-2.22.5-0.8.23.1 References: https://bugzilla.suse.com/846912 https://bugzilla.suse.com/929542 https://bugzilla.suse.com/931445 https://bugzilla.suse.com/956599 https://bugzilla.suse.com/970694 From sle-updates at lists.suse.com Fri May 27 07:15:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 15:15:28 +0200 (CEST) Subject: SUSE-RU-2016:1422-1: moderate: Recommended update for clamav Message-ID: <20160527131528.73077FF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamav ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1422-1 Rating: moderate References: #978459 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: ClamAV was updated to version 0.99.2, which brings fixes and enhancements: - Fix 7z's FolderStartPackStreamIndex array index check. - Print all CDBNAME entries for a zip file when using the -z flag. - clamunrar: Notice if unpacking comment failed. - Use temporary variable for realloc to prevent pointer loss. - freshclam: Avoid random data in mirrors.dat. - libclamav: Print raw certificate metadata. - Fix download and verification of *.cld through PrivateMirrors. - Suppress IP notification when using proxy. - Remove redundant mempool assignment. - Divide out dumpcerts output for better readability. - Fix dconf and option handling for nocert and dumpcert. - Increase clamd's soft file descriptor to its potential maximum on 64-bit systems. - Move libfreshclam config to m4/reorganization. - Add 'cdb' datafile to sigtools list of datafile types. - Prevent memory allocations on used pointers. - Check packSizes prior to dereference - Fix inconsistent folder state on failure. - Add sanity checks to 7z header parsing. For a comprehensive list of fixes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-clamav-12580=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-12580=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-0.99.2-0.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): clamav-debuginfo-0.99.2-0.14.1 clamav-debugsource-0.99.2-0.14.1 References: https://bugzilla.suse.com/978459 From sle-updates at lists.suse.com Fri May 27 10:07:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 18:07:48 +0200 (CEST) Subject: SUSE-RU-2016:1424-1: moderate: Recommended update for cloud-init Message-ID: <20160527160748.3CFB8FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1424-1 Rating: moderate References: #978048 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-init fixes the following issues: - Avoid login prompt before cloud-init is finished (bsc#978048) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-848=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (ppc64le s390x x86_64): cloud-init-0.7.6-23.1 References: https://bugzilla.suse.com/978048 From sle-updates at lists.suse.com Fri May 27 10:08:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 18:08:03 +0200 (CEST) Subject: SUSE-RU-2016:1425-1: moderate: Recommended update for several openstack components Message-ID: <20160527160803.9764FFF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for several openstack components ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1425-1 Rating: moderate References: #978090 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest code from OpenStack Liberty and fixes the following issues: openstack-sahara: - Use the integrated tempest.lib module - Do not use explict keyword arguments in image resource - Fix E005 bashate error openstack-ironic: - Fixes automated cleaning failure in iLO drivers - Disable clean step 'reset_ilo' for iLO drivers by default - Fix next cleaning hangs if the previous cleaning was aborted - Fix iPXE template for whole disk image openstack-designate: - DevStack: Explicitly install libcap2-bin and don't fail without AA - Fix for TCP connections not sending full content - Ensure the zone records quota is enforced Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-847=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-designate-1.0.3~a0~dev3-3.1 openstack-designate-agent-1.0.3~a0~dev3-3.1 openstack-designate-api-1.0.3~a0~dev3-3.1 openstack-designate-central-1.0.3~a0~dev3-3.1 openstack-designate-doc-1.0.3~a0~dev3-3.6 openstack-designate-sink-1.0.3~a0~dev3-3.1 openstack-ironic-4.2.3~a0~dev25-3.1 openstack-ironic-api-4.2.3~a0~dev25-3.1 openstack-ironic-conductor-4.2.3~a0~dev25-3.1 openstack-ironic-doc-4.2.3~a0~dev25-3.5 openstack-sahara-3.0.2~a0~dev4-3.1 openstack-sahara-api-3.0.2~a0~dev4-3.1 openstack-sahara-doc-3.0.2~a0~dev4-3.1 openstack-sahara-engine-3.0.2~a0~dev4-3.1 python-designate-1.0.3~a0~dev3-3.1 python-ironic-4.2.3~a0~dev25-3.1 python-sahara-3.0.2~a0~dev4-3.1 References: https://bugzilla.suse.com/978090 From sle-updates at lists.suse.com Fri May 27 11:08:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 19:08:04 +0200 (CEST) Subject: SUSE-RU-2016:1426-1: moderate: Recommended update for resource-agents Message-ID: <20160527170804.557CBFF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1426-1 Rating: moderate References: #961380 #965872 #967380 #973054 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - symlink: Handle missing directories in target (bsc#973054) - SAPInstance: Update version support statement (bsc#965872) - SAPDatabase: Add support for Oracle 12c (bsc#967380) - exportfs: Don't increment fsid for single directory (bsc#961380) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-resource-agents-12582=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-resource-agents-12582=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): ldirectord-3.9.5-49.2 nagios-plugins-metadata-3.9.5-49.2 resource-agents-3.9.5-49.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): resource-agents-debuginfo-3.9.5-49.2 resource-agents-debugsource-3.9.5-49.2 References: https://bugzilla.suse.com/961380 https://bugzilla.suse.com/965872 https://bugzilla.suse.com/967380 https://bugzilla.suse.com/973054 From sle-updates at lists.suse.com Fri May 27 11:08:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 19:08:52 +0200 (CEST) Subject: SUSE-RU-2016:1427-1: Recommended update for release-notes-ha Message-ID: <20160527170852.1C694FF5F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1427-1 Rating: low References: #955286 #979921 Affected Products: SUSE Linux Enterprise High Availability 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides the latest revision of the Release Notes for SUSE Linux Enterprise High Availability Extension 12. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12: zypper in -t patch SUSE-SLE-HA-12-2016-849=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12 (noarch): release-notes-ha-12.0.20160513-6.8.1 References: https://bugzilla.suse.com/955286 https://bugzilla.suse.com/979921 From sle-updates at lists.suse.com Fri May 27 14:07:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 22:07:56 +0200 (CEST) Subject: SUSE-RU-2016:1428-1: moderate: Recommended update for curl, curl-openssl1 Message-ID: <20160527200756.D5F39FF5E@maintenance.suse.de> SUSE Recommended Update: Recommended update for curl, curl-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1428-1 Rating: moderate References: #977409 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for curl fixes the following issues: - Report the correct TLS version in use when using verbose mode (-v). (bsc#977409) For the TLS 1.2 enabled version to be found in curl-openssl1 (in the SECURITY Module): - Allow enforcing TLS 1.1 or 1.2 on the curl commandline, using --tlsv1.1 or --tlsv1.2. (bsc#977409) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-curl-12584=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-curl-12584=1 - SUSE Manager 2.1: zypper in -t patch sleman21-curl-12584=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-curl-12584=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-curl-12584=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-curl-12584=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-12584=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-curl-12584=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-curl-12584=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): curl-7.19.7-1.55.1 libcurl4-32bit-7.19.7-1.55.1 libcurl4-7.19.7-1.55.1 - SUSE Manager Proxy 2.1 (x86_64): curl-7.19.7-1.55.1 libcurl4-32bit-7.19.7-1.55.1 libcurl4-7.19.7-1.55.1 - SUSE Manager 2.1 (s390x x86_64): curl-7.19.7-1.55.1 libcurl4-32bit-7.19.7-1.55.1 libcurl4-7.19.7-1.55.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.55.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.55.1 libcurl4-7.19.7-1.55.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.55.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libcurl4-x86-7.19.7-1.55.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): curl-7.19.7-1.55.1 libcurl4-7.19.7-1.55.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libcurl4-32bit-7.19.7-1.55.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.19.7-1.55.1 libcurl4-openssl1-7.19.7-1.55.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.19.7-1.55.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.19.7-1.55.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-debuginfo-7.19.7-1.55.1 curl-debugsource-7.19.7-1.55.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): curl-debuginfo-7.19.7-1.55.1 curl-debugsource-7.19.7-1.55.1 References: https://bugzilla.suse.com/977409 From sle-updates at lists.suse.com Fri May 27 14:08:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 May 2016 22:08:17 +0200 (CEST) Subject: SUSE-RU-2016:1429-1: moderate: Recommended update for wget Message-ID: <20160527200817.5B572FF63@maintenance.suse.de> SUSE Recommended Update: Recommended update for wget ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1429-1 Rating: moderate References: #935935 #977425 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for wget fixes the following issues: For wget-openssl1: - Allow enforcing tls 1.1 and 1.2 via commandline options. (bsc#977425) --secure-protocol=tlsv1_1 or --secure-protocol=tlsv1_2 - Make the wget-openssl1 a higher prioritized alternative than the wget-openssl0 build. This will enabled the TLS 1.2 wget as soon as the wget-openssl1 package is installed. (bsc#977425) For both wget and wget-openssl1: - Support the TLS SNI (Server Name Indication) extension (bsc#935935) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-wget-12583=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-wget-12583=1 - SUSE Manager 2.1: zypper in -t patch sleman21-wget-12583=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wget-12583=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-wget-12583=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-wget-12583=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wget-12583=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-wget-12583=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): wget-1.11.4-1.26.2 - SUSE Manager Proxy 2.1 (x86_64): wget-1.11.4-1.26.2 - SUSE Manager 2.1 (s390x x86_64): wget-1.11.4-1.26.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wget-1.11.4-1.26.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): wget-1.11.4-1.26.2 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): wget-openssl1-1.11.4-1.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wget-debuginfo-1.11.4-1.26.2 wget-debugsource-1.11.4-1.26.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): wget-debuginfo-1.11.4-1.26.2 wget-debugsource-1.11.4-1.26.2 References: https://bugzilla.suse.com/935935 https://bugzilla.suse.com/977425 From sle-updates at lists.suse.com Mon May 30 05:07:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 May 2016 13:07:38 +0200 (CEST) Subject: SUSE-RU-2016:1438-1: Recommended udpate for rubygem-rake Message-ID: <20160530110738.7AD1BFF5E@maintenance.suse.de> SUSE Recommended Update: Recommended udpate for rubygem-rake ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1438-1 Rating: low References: #956273 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-rake is just a rebuild of the already released sources to fix a dependency-issue. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-853=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): ruby2.1-rubygem-rake-10.3.2-8.1 References: https://bugzilla.suse.com/956273 From sle-updates at lists.suse.com Mon May 30 11:07:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 May 2016 19:07:54 +0200 (CEST) Subject: SUSE-SU-2016:1442-1: moderate: Security update for mercurial Message-ID: <20160530170754.94236FF4F@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1442-1 Rating: moderate References: #978391 Cross-References: CVE-2016-3105 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Software Development Kit 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: Security issues fixed: - CVE-2016-3105: Versionsprior to 3.8 allowed arbitrary code execution when using the convert extension on Git repo. (bsc#978391) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-857=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-857=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): mercurial-2.8.2-9.1 mercurial-debuginfo-2.8.2-9.1 mercurial-debugsource-2.8.2-9.1 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): mercurial-2.8.2-9.1 mercurial-debuginfo-2.8.2-9.1 mercurial-debugsource-2.8.2-9.1 References: https://www.suse.com/security/cve/CVE-2016-3105.html https://bugzilla.suse.com/978391 From sle-updates at lists.suse.com Mon May 30 11:08:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 May 2016 19:08:09 +0200 (CEST) Subject: SUSE-SU-2016:1443-1: moderate: Security update for mercurial Message-ID: <20160530170809.96AB9FF50@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1443-1 Rating: moderate References: #978391 Cross-References: CVE-2016-3105 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: Security issues fixed: - CVE-2016-3105: Versionsprior to 3.8 allowed arbitrary code execution when using the convert extension on Git repo. (bsc#978391) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mercurial-12585=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mercurial-12585=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-2.3.2-0.14.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mercurial-debuginfo-2.3.2-0.14.2 mercurial-debugsource-2.3.2-0.14.2 References: https://www.suse.com/security/cve/CVE-2016-3105.html https://bugzilla.suse.com/978391 From sle-updates at lists.suse.com Mon May 30 11:08:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 May 2016 19:08:35 +0200 (CEST) Subject: SUSE-SU-2016:1445-1: important: Security update for Xen Message-ID: <20160530170835.32632FF51@maintenance.suse.de> SUSE Security Update: Security update for Xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1445-1 Rating: important References: #960726 #962627 #964925 #964947 #965315 #965317 #967101 #969351 Cross-References: CVE-2014-0222 CVE-2014-7815 CVE-2015-5278 CVE-2015-8743 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2841 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: Xen was updated to fix the following security issues: * CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive (bsc#969351) * CVE-2016-2391: usb: multiple eof_timers in ohci module leads to null pointer dereference (bsc#967101) * CVE-2016-2270: x86: inconsistent cachability flags on guest mappings (XSA-154) (bsc#965315) * CVE-2016-2271: VMX: guest user mode may crash guest with non-canonical RIP (XSA-170) (bsc#965317) * CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#964947) * CVE-2014-0222: qcow1: validate L2 table size to avoid integer overflows (bsc#964925) * CVE-2014-7815: vnc: insufficient bits_per_pixel from the client sanitization (bsc#962627) * CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bsc#960726) Security Issues: * CVE-2016-2841 * CVE-2016-2391 * CVE-2016-2270 * CVE-2016-2271 * CVE-2015-5278 * CVE-2014-0222 * CVE-2014-7815 * CVE-2015-8743 Special Instructions and Notes: Please reboot the system after installing this update. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 x86_64): xen-3.2.3_17040_46-0.25.1 xen-devel-3.2.3_17040_46-0.25.1 xen-doc-html-3.2.3_17040_46-0.25.1 xen-doc-pdf-3.2.3_17040_46-0.25.1 xen-doc-ps-3.2.3_17040_46-0.25.1 xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-libs-3.2.3_17040_46-0.25.1 xen-tools-3.2.3_17040_46-0.25.1 xen-tools-domU-3.2.3_17040_46-0.25.1 xen-tools-ioemu-3.2.3_17040_46-0.25.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (x86_64): xen-libs-32bit-3.2.3_17040_46-0.25.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586): xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.132.8-0.25.1 References: https://www.suse.com/security/cve/CVE-2014-0222.html https://www.suse.com/security/cve/CVE-2014-7815.html https://www.suse.com/security/cve/CVE-2015-5278.html https://www.suse.com/security/cve/CVE-2015-8743.html https://www.suse.com/security/cve/CVE-2016-2270.html https://www.suse.com/security/cve/CVE-2016-2271.html https://www.suse.com/security/cve/CVE-2016-2391.html https://www.suse.com/security/cve/CVE-2016-2841.html https://bugzilla.suse.com/960726 https://bugzilla.suse.com/962627 https://bugzilla.suse.com/964925 https://bugzilla.suse.com/964947 https://bugzilla.suse.com/965315 https://bugzilla.suse.com/965317 https://bugzilla.suse.com/967101 https://bugzilla.suse.com/969351 https://download.suse.com/patch/finder/?keywords=5674a3bc2ab2548e9b2b0ec9973724d0 From sle-updates at lists.suse.com Tue May 31 08:07:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 May 2016 16:07:56 +0200 (CEST) Subject: SUSE-RU-2016:1449-1: moderate: Recommended update for Software Update Stack Message-ID: <20160531140756.78E64FF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Software Update Stack ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1449-1 Rating: moderate References: #933760 #949945 #951592 #956480 #964932 #967006 #971637 #974275 Affected Products: SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for the Software Update Stack provides the following fixes: PackageKit: - Raise priority of software stack updates (zypper, libzypp) if there are pending security patches shadowed by it. (bsc#951592) libsolv: - Simplify handling of pseudo package updates. (bsc#967006) - Improve speed of rpmmd metadata parsing. libzypp: - Fix credential file parser losing entries with known URL but different user name. (bsc#933760) - RepoManager: Allow extraction of multiple baseurls for service repositories. (bsc#964932) - DiskUsageCounter: Limit estimated waste per file. (bsc#974275) - Filter unwanted btrfs subvolumes. (bsc#949945) - Use PluginExecutor for commit- and system-hooks. (bsc#971637) zypper: - Fix testing for '-- download*' options. (bsc#956480) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12: zypper in -t patch SUSE-SLE-WE-12-2016-858=1 - SUSE Linux Enterprise Software Development Kit 12: zypper in -t patch SUSE-SLE-SDK-12-2016-858=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-858=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-858=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12 (x86_64): PackageKit-debuginfo-0.8.16-13.3.10 PackageKit-debugsource-0.8.16-13.3.10 PackageKit-gstreamer-plugin-0.8.16-13.3.10 PackageKit-gstreamer-plugin-debuginfo-0.8.16-13.3.10 - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64): PackageKit-debuginfo-0.8.16-13.3.10 PackageKit-debugsource-0.8.16-13.3.10 PackageKit-devel-0.8.16-13.3.10 PackageKit-devel-debuginfo-0.8.16-13.3.10 libpackagekit-glib2-devel-0.8.16-13.3.10 libsolv-debugsource-0.6.20-2.20.1 libsolv-devel-0.6.20-2.20.1 libsolv-devel-debuginfo-0.6.20-2.20.1 libzypp-debuginfo-14.43.0-2.43.1 libzypp-debugsource-14.43.0-2.43.1 libzypp-devel-14.43.0-2.43.1 perl-solv-0.6.20-2.20.1 perl-solv-debuginfo-0.6.20-2.20.1 typelib-1_0-PackageKitPlugin-1_0-0.8.16-13.3.10 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): PackageKit-0.8.16-13.3.10 PackageKit-backend-zypp-0.8.16-13.3.10 PackageKit-backend-zypp-debuginfo-0.8.16-13.3.10 PackageKit-debuginfo-0.8.16-13.3.10 PackageKit-debugsource-0.8.16-13.3.10 libpackagekit-glib2-16-0.8.16-13.3.10 libpackagekit-glib2-16-debuginfo-0.8.16-13.3.10 libsolv-debugsource-0.6.20-2.20.1 libsolv-tools-0.6.20-2.20.1 libsolv-tools-debuginfo-0.6.20-2.20.1 libzypp-14.43.0-2.43.1 libzypp-debuginfo-14.43.0-2.43.1 libzypp-debugsource-14.43.0-2.43.1 perl-solv-0.6.20-2.20.1 perl-solv-debuginfo-0.6.20-2.20.1 python-solv-0.6.20-2.20.1 python-solv-debuginfo-0.6.20-2.20.1 typelib-1_0-PackageKitGlib-1_0-0.8.16-13.3.10 zypper-1.11.54-2.38.3 zypper-debuginfo-1.11.54-2.38.3 zypper-debugsource-1.11.54-2.38.3 - SUSE Linux Enterprise Server 12 (noarch): PackageKit-lang-0.8.16-13.3.10 zypper-log-1.11.54-2.38.3 - SUSE Linux Enterprise Desktop 12 (noarch): PackageKit-lang-0.8.16-13.3.10 zypper-log-1.11.54-2.38.3 - SUSE Linux Enterprise Desktop 12 (x86_64): PackageKit-0.8.16-13.3.10 PackageKit-backend-zypp-0.8.16-13.3.10 PackageKit-backend-zypp-debuginfo-0.8.16-13.3.10 PackageKit-debuginfo-0.8.16-13.3.10 PackageKit-debugsource-0.8.16-13.3.10 PackageKit-gstreamer-plugin-0.8.16-13.3.10 PackageKit-gstreamer-plugin-debuginfo-0.8.16-13.3.10 libpackagekit-glib2-16-0.8.16-13.3.10 libpackagekit-glib2-16-debuginfo-0.8.16-13.3.10 libsolv-debugsource-0.6.20-2.20.1 libsolv-tools-0.6.20-2.20.1 libsolv-tools-debuginfo-0.6.20-2.20.1 libzypp-14.43.0-2.43.1 libzypp-debuginfo-14.43.0-2.43.1 libzypp-debugsource-14.43.0-2.43.1 python-solv-0.6.20-2.20.1 python-solv-debuginfo-0.6.20-2.20.1 typelib-1_0-PackageKitGlib-1_0-0.8.16-13.3.10 zypper-1.11.54-2.38.3 zypper-debuginfo-1.11.54-2.38.3 zypper-debugsource-1.11.54-2.38.3 References: https://bugzilla.suse.com/933760 https://bugzilla.suse.com/949945 https://bugzilla.suse.com/951592 https://bugzilla.suse.com/956480 https://bugzilla.suse.com/964932 https://bugzilla.suse.com/967006 https://bugzilla.suse.com/971637 https://bugzilla.suse.com/974275 From sle-updates at lists.suse.com Tue May 31 09:08:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 May 2016 17:08:20 +0200 (CEST) Subject: SUSE-RU-2016:1450-1: Recommended update for python-dnspython Message-ID: <20160531150820.B638EFF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-dnspython ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1450-1 Rating: low References: #979493 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-dnspython 1.12.0, which brings the following fixes and enhancements: - The test system can now run the tests without requiring dnspython to be installed. - When reading from a masterfile, if the first content line started with leading whitespace, we raised an exception instead of doing the right thing, namely using the zone origin as the name. - Added dns.zone.to_text() convenience method. - The /etc/resolv.conf setting "options rotate" is now understood by the resolver. If present, the resolver will shuffle the nameserver list each time dns.resolver.query() is called. - Escaping of Unicode has been corrected. Previously we escaped and then converted to Unicode, but the right thing to do is convert to Unicode, then escape. Also, characters > 0x7f should NOT be escaped in Unicode mode. - dns.rdtypes.ANY.DNSKEY now has helpers functions to convert between the numeric form of the flags and a set of human-friendly strings. - RRSIGs did not respect relativization settings in to_text(). - The APL from_wire() method did not accept an rdata length of 0 as valid. - Add is_mapped() to dns/ipv6.py. - Lookup IPv6 mapped IPv4 addresses in the v4 reverse namespace. - Do not put back an unescaped token. This was causing escape processing for domain names to break. - Making a response didn't work correctly if the query was signed with TSIG and we knew the key. - Fix problems with the IXFR state machine which caused long diffs to fail. - Add python-ecdsa and python-pycrypto to BuildRequires for the DNSSec tests. - Use /usr/bin/python instead of /usr/bin/env python for the example scripts to avoid additional dependencies. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-860=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-dnspython-1.12.0-6.1 References: https://bugzilla.suse.com/979493 From sle-updates at lists.suse.com Tue May 31 11:08:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 May 2016 19:08:31 +0200 (CEST) Subject: SUSE-OU-2016:1452-1: Initial release of python-dateutil Message-ID: <20160531170831.B3B63FF50@maintenance.suse.de> SUSE Optional Update: Initial release of python-dateutil ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:1452-1 Rating: low References: #978730 Affected Products: SUSE Manager 2.1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds the python-dateutil module to SUSE Manager Server 2.1. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-python-dateutil-12587=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (s390x x86_64): python-dateutil-1.4.1-2.2 References: https://bugzilla.suse.com/978730 From sle-updates at lists.suse.com Tue May 31 11:08:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 May 2016 19:08:56 +0200 (CEST) Subject: SUSE-RU-2016:1454-1: moderate: Recommended update for drbd Message-ID: <20160531170856.13910FF51@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1454-1 Rating: moderate References: #950477 #955968 #978399 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for drbd fixes the following issues: - fix feature number conflict (bsc#978399) - support GFP_RECLAIM in kernel4.4 (bsc#955968) - support new bio struct in kernel4.3 (bsc#950477) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-861=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): drbd-8.4.6-6.2 drbd-debugsource-8.4.6-6.2 drbd-kmp-default-8.4.6_k3.12.57_60.35-6.2 drbd-kmp-default-debuginfo-8.4.6_k3.12.57_60.35-6.2 - SUSE Linux Enterprise High Availability 12-SP1 (x86_64): drbd-kmp-xen-8.4.6_k3.12.57_60.35-6.2 drbd-kmp-xen-debuginfo-8.4.6_k3.12.57_60.35-6.2 References: https://bugzilla.suse.com/950477 https://bugzilla.suse.com/955968 https://bugzilla.suse.com/978399 From sle-updates at lists.suse.com Tue May 31 13:07:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 May 2016 21:07:41 +0200 (CEST) Subject: SUSE-RU-2016:1456-1: Recommended update for autofs Message-ID: <20160531190741.43B1DFF4F@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:1456-1 Rating: low References: #955477 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autofs fixes a build issue which prevented automount from being linked to the reentrant version of libldap. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-863=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-863=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-863=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-863=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): autofs-5.0.9-14.1 autofs-debuginfo-5.0.9-14.1 autofs-debugsource-5.0.9-14.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): autofs-5.0.9-14.1 autofs-debuginfo-5.0.9-14.1 autofs-debugsource-5.0.9-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): autofs-5.0.9-14.1 autofs-debuginfo-5.0.9-14.1 autofs-debugsource-5.0.9-14.1 - SUSE Linux Enterprise Desktop 12 (x86_64): autofs-5.0.9-14.1 autofs-debuginfo-5.0.9-14.1 autofs-debugsource-5.0.9-14.1 References: https://bugzilla.suse.com/955477 From sle-updates at lists.suse.com Tue May 31 14:07:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 May 2016 22:07:33 +0200 (CEST) Subject: SUSE-SU-2016:1457-1: important: Security update for cyrus-imapd Message-ID: <20160531200733.D3A4EFF4F@maintenance.suse.de> SUSE Security Update: Security update for cyrus-imapd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1457-1 Rating: important References: #860611 #901748 #954200 #954201 #981670 Cross-References: CVE-2014-3566 CVE-2015-8076 CVE-2015-8077 CVE-2015-8078 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: - Previous versions of cyrus-imapd would not allow its users to disable old protocols like SSLv1 and SSLv2 that are unsafe due to various known attacks like BEAST and POODLE. https://bugzilla.cyrusimap.org/show_bug.cgi?id=3867 remedies this issue by adding the configuration option 'tls_versions' to the imapd.conf file. Note that users who upgrade existing installation of this package will *not* have their imapd.conf file overwritten, i.e. their IMAP server will continue to support SSLv1 and SSLv2 like before. To disable support for those protocols, it's necessary to edit imapd.conf manually to state "tls_versions: tls1_0 tls1_1 tls1_2". New installations, however, will have an imapd.conf file that contains these settings already, i.e. newly installed IMAP servers do *not* support SSLv1 and SSLv2 unless that support is explicitly enabled by the user. (bsc#901748) - An integer overflow vulnerability in cyrus-imapd's urlfetch range checking code was fixed. (CVE-2015-8076, CVE-2015-8077, CVE-2015-8078, bsc#981670, bsc#954200, bsc#954201) - Support for Elliptic Curve Diffie???Hellman (ECDH) has been added to cyrus-imapd. (bsc#860611) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-864=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-864=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cyrus-imapd-debuginfo-2.3.18-37.1 cyrus-imapd-debugsource-2.3.18-37.1 perl-Cyrus-IMAP-2.3.18-37.1 perl-Cyrus-IMAP-debuginfo-2.3.18-37.1 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-37.1 - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): cyrus-imapd-debuginfo-2.3.18-37.1 cyrus-imapd-debugsource-2.3.18-37.1 perl-Cyrus-IMAP-2.3.18-37.1 perl-Cyrus-IMAP-debuginfo-2.3.18-37.1 perl-Cyrus-SIEVE-managesieve-2.3.18-37.1 perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-37.1 References: https://www.suse.com/security/cve/CVE-2014-3566.html https://www.suse.com/security/cve/CVE-2015-8076.html https://www.suse.com/security/cve/CVE-2015-8077.html https://www.suse.com/security/cve/CVE-2015-8078.html https://bugzilla.suse.com/860611 https://bugzilla.suse.com/901748 https://bugzilla.suse.com/954200 https://bugzilla.suse.com/954201 https://bugzilla.suse.com/981670 From sle-updates at lists.suse.com Tue May 31 14:08:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 May 2016 22:08:26 +0200 (CEST) Subject: SUSE-SU-2016:1458-1: important: Security update for java-1_6_0-ibm Message-ID: <20160531200826.BF826FF50@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1458-1 Rating: important References: #977646 #977648 #977650 #979252 #981087 Cross-References: CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues: - Update to sr16 fp26 to fix a regression in TLS connections. (bsc#981087) - IBM Java 1.6.0 SR16 FP25 released (bsc#977646 bsc#977648 bsc#977650 bsc#979252) CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-865=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.26-37.1 java-1_6_0-ibm-fonts-1.6.0_sr16.26-37.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.26-37.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.26-37.1 References: https://www.suse.com/security/cve/CVE-2016-0264.html https://www.suse.com/security/cve/CVE-2016-0363.html https://www.suse.com/security/cve/CVE-2016-0376.html https://www.suse.com/security/cve/CVE-2016-0686.html https://www.suse.com/security/cve/CVE-2016-0687.html https://www.suse.com/security/cve/CVE-2016-3422.html https://www.suse.com/security/cve/CVE-2016-3426.html https://www.suse.com/security/cve/CVE-2016-3427.html https://www.suse.com/security/cve/CVE-2016-3443.html https://www.suse.com/security/cve/CVE-2016-3449.html https://bugzilla.suse.com/977646 https://bugzilla.suse.com/977648 https://bugzilla.suse.com/977650 https://bugzilla.suse.com/979252 https://bugzilla.suse.com/981087