From sle-updates at lists.suse.com Tue Oct 4 05:09:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2016 13:09:20 +0200 (CEST) Subject: SUSE-SU-2016:2430-1: moderate: Security update for java-1_6_0-ibm Message-ID: <20161004110920.B74E9FF05@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2430-1 Rating: moderate References: #992537 Cross-References: CVE-2016-3485 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: IBM Java 6 was updated to version 6.0-16.30. Following security issue was fixed: CVE-2016-3485 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1423=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.30-40.1 java-1_6_0-ibm-fonts-1.6.0_sr16.30-40.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.30-40.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.30-40.1 References: https://www.suse.com/security/cve/CVE-2016-3485.html https://bugzilla.suse.com/992537 From sle-updates at lists.suse.com Tue Oct 4 05:09:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2016 13:09:45 +0200 (CEST) Subject: SUSE-SU-2016:2431-1: important: Security update for MozillaFirefox Message-ID: <20161004110945.97E8DFEB8@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2431-1 Rating: important References: #999701 Cross-References: CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: MozillaFirefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed: * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList * MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame * MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-MozillaFirefox-12771=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-MozillaFirefox-12771=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-45.4.0esr-52.1 MozillaFirefox-translations-45.4.0esr-52.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.4.0esr-52.1 MozillaFirefox-debugsource-45.4.0esr-52.1 References: https://www.suse.com/security/cve/CVE-2016-5250.html https://www.suse.com/security/cve/CVE-2016-5257.html https://www.suse.com/security/cve/CVE-2016-5261.html https://www.suse.com/security/cve/CVE-2016-5270.html https://www.suse.com/security/cve/CVE-2016-5272.html https://www.suse.com/security/cve/CVE-2016-5274.html https://www.suse.com/security/cve/CVE-2016-5276.html https://www.suse.com/security/cve/CVE-2016-5277.html https://www.suse.com/security/cve/CVE-2016-5278.html https://www.suse.com/security/cve/CVE-2016-5280.html https://www.suse.com/security/cve/CVE-2016-5281.html https://www.suse.com/security/cve/CVE-2016-5284.html https://bugzilla.suse.com/999701 From sle-updates at lists.suse.com Tue Oct 4 05:10:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2016 13:10:47 +0200 (CEST) Subject: SUSE-SU-2016:2434-1: important: Security update for MozillaFirefox Message-ID: <20161004111047.09877FF05@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2434-1 Rating: important References: #991344 #999701 Cross-References: CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: MozillaFirefox was updated to version 45.4.0 ESR to fix the following issues: Security issues fixed: (bsc#999701 MFSA 2016-86): * CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * CVE-2016-5272: Bad cast in nsImageGeometryMixin * CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList * CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState * CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick * CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame * CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap * CVE-2016-5281: use-after-free in DOMSVGLength * CVE-2016-5284: Add-on update site certificate pin expiration * CVE-2016-5250: Resource Timing API is storing resources sent by the previous page * CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel * CVE-2016-5257: Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Bug fixed: - Fix for aarch64 Firefox startup crash (bsc#991344) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1421=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1421=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1421=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1421=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1421=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.4.0esr-81.1 MozillaFirefox-debugsource-45.4.0esr-81.1 MozillaFirefox-devel-45.4.0esr-81.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.4.0esr-81.1 MozillaFirefox-debuginfo-45.4.0esr-81.1 MozillaFirefox-debugsource-45.4.0esr-81.1 MozillaFirefox-translations-45.4.0esr-81.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.4.0esr-81.1 MozillaFirefox-debuginfo-45.4.0esr-81.1 MozillaFirefox-debugsource-45.4.0esr-81.1 MozillaFirefox-translations-45.4.0esr-81.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.4.0esr-81.1 MozillaFirefox-debuginfo-45.4.0esr-81.1 MozillaFirefox-debugsource-45.4.0esr-81.1 MozillaFirefox-translations-45.4.0esr-81.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.4.0esr-81.1 MozillaFirefox-debuginfo-45.4.0esr-81.1 MozillaFirefox-debugsource-45.4.0esr-81.1 MozillaFirefox-translations-45.4.0esr-81.1 References: https://www.suse.com/security/cve/CVE-2016-5250.html https://www.suse.com/security/cve/CVE-2016-5257.html https://www.suse.com/security/cve/CVE-2016-5261.html https://www.suse.com/security/cve/CVE-2016-5270.html https://www.suse.com/security/cve/CVE-2016-5272.html https://www.suse.com/security/cve/CVE-2016-5274.html https://www.suse.com/security/cve/CVE-2016-5276.html https://www.suse.com/security/cve/CVE-2016-5277.html https://www.suse.com/security/cve/CVE-2016-5278.html https://www.suse.com/security/cve/CVE-2016-5280.html https://www.suse.com/security/cve/CVE-2016-5281.html https://www.suse.com/security/cve/CVE-2016-5284.html https://bugzilla.suse.com/991344 https://bugzilla.suse.com/999701 From sle-updates at lists.suse.com Tue Oct 4 08:09:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2016 16:09:18 +0200 (CEST) Subject: SUSE-RU-2016:2441-1: Recommended update for Amazon's EC2 utilities Message-ID: <20161004140918.3CF34FEB5@maintenance.suse.de> SUSE Recommended Update: Recommended update for Amazon's EC2 utilities ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2441-1 Rating: low References: #999019 #999299 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides fixes and enhancements for Amazon's EC2 utilities. python-ec2utilsbase (update to version 2.0.2): - Fix install from source by properly setting up a namespace. python-ec2deprecateimg (update to version 3.0.2): - Fix install from source by properly setting up a namespace. python-ec2publishimg (update to version 1.1.3): - When attempting to set an image private that is already private or that has a snapshot where sharing permission were not set an error message was produced. We now provide an info message and move on. (bsc#999299) - Fix install from source by properly setting up a namespace. python-ec2uploadimg (update to version 1.1.3): - Support use of uploading without --verbose option. (bsc#999019) - Fix install from source by properly setting up a namespace. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1425=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-ec2deprecateimg-3.0.2-13.1 python-ec2publishimg-1.1.3-13.1 python-ec2uploadimg-1.1.3-21.1 python-ec2utilsbase-2.0.2-16.1 References: https://bugzilla.suse.com/999019 https://bugzilla.suse.com/999299 From sle-updates at lists.suse.com Tue Oct 4 08:09:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2016 16:09:50 +0200 (CEST) Subject: SUSE-RU-2016:2442-1: Recommended update for rsync Message-ID: <20161004140950.E7990FEB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2442-1 Rating: low References: #999847 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsync provides the following fixes: - Don't depend on insserv(8) and fillup(8) as they're not needed or used under systemd. (bsc#999847) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1424=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1424=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): rsync-3.1.0-12.1 rsync-debuginfo-3.1.0-12.1 rsync-debugsource-3.1.0-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): rsync-3.1.0-12.1 rsync-debuginfo-3.1.0-12.1 rsync-debugsource-3.1.0-12.1 References: https://bugzilla.suse.com/999847 From sle-updates at lists.suse.com Tue Oct 4 09:10:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2016 17:10:01 +0200 (CEST) Subject: SUSE-SU-2016:2449-1: moderate: Security update for curl Message-ID: <20161004151001.A8850FF05@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2449-1 Rating: moderate References: #991389 #991390 #997420 Cross-References: CVE-2016-5419 CVE-2016-5420 CVE-2016-7141 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) - CVE-2016-7141: Fixed incorrect reuse of client certificates (bsc#997420). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-curl-12772=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-curl-12772=1 - SUSE Manager 2.1: zypper in -t patch sleman21-curl-12772=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-curl-12772=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-curl-12772=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-curl-12772=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-12772=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-curl-12772=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-curl-12772=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-curl-12772=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): curl-7.19.7-1.61.1 libcurl4-32bit-7.19.7-1.61.1 libcurl4-7.19.7-1.61.1 - SUSE Manager Proxy 2.1 (x86_64): curl-7.19.7-1.61.1 libcurl4-32bit-7.19.7-1.61.1 libcurl4-7.19.7-1.61.1 - SUSE Manager 2.1 (s390x x86_64): curl-7.19.7-1.61.1 libcurl4-32bit-7.19.7-1.61.1 libcurl4-7.19.7-1.61.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcurl-devel-7.19.7-1.61.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-7.19.7-1.61.1 libcurl4-7.19.7-1.61.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libcurl4-32bit-7.19.7-1.61.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libcurl4-x86-7.19.7-1.61.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): curl-7.19.7-1.61.1 libcurl4-7.19.7-1.61.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libcurl4-32bit-7.19.7-1.61.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.19.7-1.61.1 libcurl4-openssl1-7.19.7-1.61.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.19.7-1.61.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.19.7-1.61.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): curl-7.19.7-1.61.1 libcurl4-7.19.7-1.61.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): curl-debuginfo-7.19.7-1.61.1 curl-debugsource-7.19.7-1.61.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): curl-debuginfo-7.19.7-1.61.1 curl-debugsource-7.19.7-1.61.1 References: https://www.suse.com/security/cve/CVE-2016-5419.html https://www.suse.com/security/cve/CVE-2016-5420.html https://www.suse.com/security/cve/CVE-2016-7141.html https://bugzilla.suse.com/991389 https://bugzilla.suse.com/991390 https://bugzilla.suse.com/997420 From sle-updates at lists.suse.com Tue Oct 4 12:08:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2016 20:08:52 +0200 (CEST) Subject: SUSE-RU-2016:2452-1: Recommended update for dom4j Message-ID: <20161004180852.A24E2FEB5@maintenance.suse.de> SUSE Recommended Update: Recommended update for dom4j ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2452-1 Rating: low References: #998531 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dom4j fixes the following issues: - Include the STAXEventReader and STAXEventWriter classes (bsc#998531) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1428=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): dom4j-1.6.1-26.1 References: https://bugzilla.suse.com/998531 From sle-updates at lists.suse.com Tue Oct 4 13:08:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2016 21:08:47 +0200 (CEST) Subject: SUSE-SU-2016:2453-1: moderate: Security update for wireshark Message-ID: <20161004190848.03F45FEB5@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2453-1 Rating: moderate References: #983671 #991012 #991013 #991015 #991016 #991017 #991018 #991019 #991020 Cross-References: CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: wireshark was updated to version 1.12.13 to fix the following issues: - CVE-2016-6504: wireshark: NDS dissector crash (bnc#991012) - CVE-2016-6505: wireshark: PacketBB dissector could divide by zero (bnc#991013) - CVE-2016-6506: wireshark: WSP infinite loop (bnc#991015) - CVE-2016-6507: wireshark: MMSE infinite loop (bnc#991016) - CVE-2016-6508: wireshark: RLC long loop (bnc#991017) - CVE-2016-6509: wireshark: LDSS dissector crash (bnc#991018) - CVE-2016-6510: wireshark: RLC dissector crash (bnc#991019) - CVE-2016-6511: wireshark: OpenFlow long loop (bnc991020) - CVE-2016-5350: SPOOLS infinite loop (bsc#983671). - CVE-2016-5351: IEEE 802.11 dissector crash (bsc#983671). - CVE-2016-5352: IEEE 802.11 dissector crash, different from wpna-sec-2016-30 (bsc#983671). - CVE-2016-5353: UMTS FP crash (bsc#983671). - CVE-2016-5354: USB dissector crash (bsc#983671). - CVE-2016-5355: Toshiba file parser crash (bsc#983671). - CVE-2016-5356: CoSine file parser crash (bsc#983671). - CVE-2016-5357: NetScreen file parser crash (bsc#983671). - CVE-2016-5358: Ethernet dissector crash (bsc#983671). - CVE-2016-5359: WBXML infinite loop (bsc#983671). For more details please see: https://www.wireshark.org/docs/relnotes/wireshark-1.12.12.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1429=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1429=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1429=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): wireshark-debuginfo-1.12.13-31.1 wireshark-debugsource-1.12.13-31.1 wireshark-devel-1.12.13-31.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): wireshark-1.12.13-31.1 wireshark-debuginfo-1.12.13-31.1 wireshark-debugsource-1.12.13-31.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): wireshark-1.12.13-31.1 wireshark-debuginfo-1.12.13-31.1 wireshark-debugsource-1.12.13-31.1 References: https://www.suse.com/security/cve/CVE-2016-5350.html https://www.suse.com/security/cve/CVE-2016-5351.html https://www.suse.com/security/cve/CVE-2016-5352.html https://www.suse.com/security/cve/CVE-2016-5353.html https://www.suse.com/security/cve/CVE-2016-5354.html https://www.suse.com/security/cve/CVE-2016-5355.html https://www.suse.com/security/cve/CVE-2016-5356.html https://www.suse.com/security/cve/CVE-2016-5357.html https://www.suse.com/security/cve/CVE-2016-5358.html https://www.suse.com/security/cve/CVE-2016-5359.html https://www.suse.com/security/cve/CVE-2016-6504.html https://www.suse.com/security/cve/CVE-2016-6505.html https://www.suse.com/security/cve/CVE-2016-6506.html https://www.suse.com/security/cve/CVE-2016-6507.html https://www.suse.com/security/cve/CVE-2016-6508.html https://www.suse.com/security/cve/CVE-2016-6509.html https://www.suse.com/security/cve/CVE-2016-6510.html https://www.suse.com/security/cve/CVE-2016-6511.html https://bugzilla.suse.com/983671 https://bugzilla.suse.com/991012 https://bugzilla.suse.com/991013 https://bugzilla.suse.com/991015 https://bugzilla.suse.com/991016 https://bugzilla.suse.com/991017 https://bugzilla.suse.com/991018 https://bugzilla.suse.com/991019 https://bugzilla.suse.com/991020 From sle-updates at lists.suse.com Tue Oct 4 15:09:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2016 23:09:13 +0200 (CEST) Subject: SUSE-RU-2016:2454-1: moderate: Recommended update for gnome-shell Message-ID: <20161004210913.31763FEB5@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2454-1 Rating: moderate References: #929122 #963664 #970480 #972515 #981116 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for gnome-shell provides the following fixes: - Add various fixes to mitigate general GNOME memory leaks. (bsc#972515) - Various background code changes to mitigate memory leaks. (bsc#963664) - Limit the height instead to get the desired scrolling behavior when necessary. (bsc#981116) - Fix the wrapping error message issue when user password change operation fails in gdm greeter. (bsc#970480) - Don't use atlas textures for potentially large bitmaps. (bsc#929122) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1430=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1430=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1430=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1430=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gnome-shell-calendar-3.10.4-67.1 gnome-shell-calendar-debuginfo-3.10.4-67.1 gnome-shell-debuginfo-3.10.4-67.1 gnome-shell-debugsource-3.10.4-67.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gnome-shell-debuginfo-3.10.4-67.1 gnome-shell-debugsource-3.10.4-67.1 gnome-shell-devel-3.10.4-67.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gnome-shell-3.10.4-67.1 gnome-shell-browser-plugin-3.10.4-67.1 gnome-shell-browser-plugin-debuginfo-3.10.4-67.1 gnome-shell-debuginfo-3.10.4-67.1 gnome-shell-debugsource-3.10.4-67.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gnome-shell-lang-3.10.4-67.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gnome-shell-lang-3.10.4-67.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gnome-shell-3.10.4-67.1 gnome-shell-browser-plugin-3.10.4-67.1 gnome-shell-browser-plugin-debuginfo-3.10.4-67.1 gnome-shell-calendar-3.10.4-67.1 gnome-shell-calendar-debuginfo-3.10.4-67.1 gnome-shell-debuginfo-3.10.4-67.1 gnome-shell-debugsource-3.10.4-67.1 References: https://bugzilla.suse.com/929122 https://bugzilla.suse.com/963664 https://bugzilla.suse.com/970480 https://bugzilla.suse.com/972515 https://bugzilla.suse.com/981116 From sle-updates at lists.suse.com Wed Oct 5 05:09:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2016 13:09:12 +0200 (CEST) Subject: SUSE-SU-2016:2457-1: moderate: Security update for openstack-horizon-plugin-manila-ui Message-ID: <20161005110912.63BA7FEB5@maintenance.suse.de> SUSE Security Update: Security update for openstack-horizon-plugin-manila-ui ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2457-1 Rating: moderate References: #988935 Cross-References: CVE-2016-6519 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openstack-horizon-plugin-manila-ui fixes the metadata_to_str function code injection vulnerability. (bsc#988935, CVE-2016-6519) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1431=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-horizon-plugin-manila-ui-1.2.1~a0~dev2-3.1 python-horizon-plugin-manila-ui-1.2.1~a0~dev2-3.1 References: https://www.suse.com/security/cve/CVE-2016-6519.html https://bugzilla.suse.com/988935 From sle-updates at lists.suse.com Wed Oct 5 10:09:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2016 18:09:39 +0200 (CEST) Subject: SUSE-SU-2016:2458-1: important: Security update for openssl Message-ID: <20161005160939.890AEFEB5@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2458-1 Rating: important References: #979475 #982575 #983249 #993819 #994749 #994844 #995075 #995324 #995359 #995377 #998190 #999665 #999666 #999668 Cross-References: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 Affected Products: SUSE Studio Onsite 1.3 SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has four fixes is now available. Description: This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behavior (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Bugs fixed: * Update expired S/MIME certs (bsc#979475) * Fix crash in print_notice (bsc#998190) * Resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-openssl-12774=1 - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openssl-12774=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-openssl-12774=1 - SUSE Manager 2.1: zypper in -t patch sleman21-openssl-12774=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-openssl-12774=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssl-12774=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openssl-12774=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-openssl-12774=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-12774=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-12774=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-12774=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-openssl-12774=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): libopenssl-devel-0.9.8j-0.102.2 - SUSE OpenStack Cloud 5 (x86_64): libopenssl-devel-0.9.8j-0.102.2 libopenssl0_9_8-0.9.8j-0.102.2 libopenssl0_9_8-32bit-0.9.8j-0.102.2 libopenssl0_9_8-hmac-0.9.8j-0.102.2 libopenssl0_9_8-hmac-32bit-0.9.8j-0.102.2 openssl-0.9.8j-0.102.2 openssl-doc-0.9.8j-0.102.2 - SUSE Manager Proxy 2.1 (x86_64): libopenssl-devel-0.9.8j-0.102.2 libopenssl0_9_8-0.9.8j-0.102.2 libopenssl0_9_8-32bit-0.9.8j-0.102.2 libopenssl0_9_8-hmac-0.9.8j-0.102.2 libopenssl0_9_8-hmac-32bit-0.9.8j-0.102.2 openssl-0.9.8j-0.102.2 openssl-doc-0.9.8j-0.102.2 - SUSE Manager 2.1 (s390x x86_64): libopenssl-devel-0.9.8j-0.102.2 libopenssl0_9_8-0.9.8j-0.102.2 libopenssl0_9_8-32bit-0.9.8j-0.102.2 libopenssl0_9_8-hmac-0.9.8j-0.102.2 libopenssl0_9_8-hmac-32bit-0.9.8j-0.102.2 openssl-0.9.8j-0.102.2 openssl-doc-0.9.8j-0.102.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.102.2 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libopenssl-devel-32bit-0.9.8j-0.102.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.102.2 libopenssl0_9_8-hmac-0.9.8j-0.102.2 openssl-0.9.8j-0.102.2 openssl-doc-0.9.8j-0.102.2 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.102.2 libopenssl0_9_8-hmac-32bit-0.9.8j-0.102.2 - SUSE Linux Enterprise Server 11-SP4 (ia64): libopenssl0_9_8-x86-0.9.8j-0.102.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.102.2 libopenssl0_9_8-0.9.8j-0.102.2 libopenssl0_9_8-hmac-0.9.8j-0.102.2 openssl-0.9.8j-0.102.2 openssl-doc-0.9.8j-0.102.2 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.102.2 libopenssl0_9_8-hmac-32bit-0.9.8j-0.102.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): libopenssl-devel-0.9.8j-0.102.2 libopenssl0_9_8-0.9.8j-0.102.2 libopenssl0_9_8-hmac-0.9.8j-0.102.2 openssl-0.9.8j-0.102.2 openssl-doc-0.9.8j-0.102.2 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.102.2 libopenssl0_9_8-hmac-32bit-0.9.8j-0.102.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libopenssl-devel-0.9.8j-0.102.2 libopenssl0_9_8-0.9.8j-0.102.2 libopenssl0_9_8-hmac-0.9.8j-0.102.2 openssl-0.9.8j-0.102.2 openssl-doc-0.9.8j-0.102.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.102.2 openssl-debugsource-0.9.8j-0.102.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.102.2 openssl-debugsource-0.9.8j-0.102.2 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.102.2 openssl-debugsource-0.9.8j-0.102.2 References: https://www.suse.com/security/cve/CVE-2016-2177.html https://www.suse.com/security/cve/CVE-2016-2178.html https://www.suse.com/security/cve/CVE-2016-2179.html https://www.suse.com/security/cve/CVE-2016-2181.html https://www.suse.com/security/cve/CVE-2016-2182.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-6302.html https://www.suse.com/security/cve/CVE-2016-6303.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6306.html https://bugzilla.suse.com/979475 https://bugzilla.suse.com/982575 https://bugzilla.suse.com/983249 https://bugzilla.suse.com/993819 https://bugzilla.suse.com/994749 https://bugzilla.suse.com/994844 https://bugzilla.suse.com/995075 https://bugzilla.suse.com/995324 https://bugzilla.suse.com/995359 https://bugzilla.suse.com/995377 https://bugzilla.suse.com/998190 https://bugzilla.suse.com/999665 https://bugzilla.suse.com/999666 https://bugzilla.suse.com/999668 From sle-updates at lists.suse.com Wed Oct 5 10:12:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2016 18:12:19 +0200 (CEST) Subject: SUSE-SU-2016:2459-1: important: Security update for php53 Message-ID: <20161005161219.882E1FEB5@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2459-1 Rating: important References: #997206 #997207 #997208 #997210 #997211 #997220 #997225 #997230 #997257 #999679 #999680 #999682 #999684 #999685 #999819 #999820 Cross-References: CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for php53 fixes the following security issues: * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allows illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-php53-12775=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-php53-12775=1 - SUSE Manager 2.1: zypper in -t patch sleman21-php53-12775=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12775=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12775=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-php53-12775=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-php53-12775=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12775=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-php53-12775=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): apache2-mod_php53-5.3.17-84.1 php53-5.3.17-84.1 php53-bcmath-5.3.17-84.1 php53-bz2-5.3.17-84.1 php53-calendar-5.3.17-84.1 php53-ctype-5.3.17-84.1 php53-curl-5.3.17-84.1 php53-dba-5.3.17-84.1 php53-dom-5.3.17-84.1 php53-exif-5.3.17-84.1 php53-fastcgi-5.3.17-84.1 php53-fileinfo-5.3.17-84.1 php53-ftp-5.3.17-84.1 php53-gd-5.3.17-84.1 php53-gettext-5.3.17-84.1 php53-gmp-5.3.17-84.1 php53-iconv-5.3.17-84.1 php53-intl-5.3.17-84.1 php53-json-5.3.17-84.1 php53-ldap-5.3.17-84.1 php53-mbstring-5.3.17-84.1 php53-mcrypt-5.3.17-84.1 php53-mysql-5.3.17-84.1 php53-odbc-5.3.17-84.1 php53-openssl-5.3.17-84.1 php53-pcntl-5.3.17-84.1 php53-pdo-5.3.17-84.1 php53-pear-5.3.17-84.1 php53-pgsql-5.3.17-84.1 php53-pspell-5.3.17-84.1 php53-shmop-5.3.17-84.1 php53-snmp-5.3.17-84.1 php53-soap-5.3.17-84.1 php53-suhosin-5.3.17-84.1 php53-sysvmsg-5.3.17-84.1 php53-sysvsem-5.3.17-84.1 php53-sysvshm-5.3.17-84.1 php53-tokenizer-5.3.17-84.1 php53-wddx-5.3.17-84.1 php53-xmlreader-5.3.17-84.1 php53-xmlrpc-5.3.17-84.1 php53-xmlwriter-5.3.17-84.1 php53-xsl-5.3.17-84.1 php53-zip-5.3.17-84.1 php53-zlib-5.3.17-84.1 - SUSE Manager Proxy 2.1 (x86_64): apache2-mod_php53-5.3.17-84.1 php53-5.3.17-84.1 php53-bcmath-5.3.17-84.1 php53-bz2-5.3.17-84.1 php53-calendar-5.3.17-84.1 php53-ctype-5.3.17-84.1 php53-curl-5.3.17-84.1 php53-dba-5.3.17-84.1 php53-dom-5.3.17-84.1 php53-exif-5.3.17-84.1 php53-fastcgi-5.3.17-84.1 php53-fileinfo-5.3.17-84.1 php53-ftp-5.3.17-84.1 php53-gd-5.3.17-84.1 php53-gettext-5.3.17-84.1 php53-gmp-5.3.17-84.1 php53-iconv-5.3.17-84.1 php53-intl-5.3.17-84.1 php53-json-5.3.17-84.1 php53-ldap-5.3.17-84.1 php53-mbstring-5.3.17-84.1 php53-mcrypt-5.3.17-84.1 php53-mysql-5.3.17-84.1 php53-odbc-5.3.17-84.1 php53-openssl-5.3.17-84.1 php53-pcntl-5.3.17-84.1 php53-pdo-5.3.17-84.1 php53-pear-5.3.17-84.1 php53-pgsql-5.3.17-84.1 php53-pspell-5.3.17-84.1 php53-shmop-5.3.17-84.1 php53-snmp-5.3.17-84.1 php53-soap-5.3.17-84.1 php53-suhosin-5.3.17-84.1 php53-sysvmsg-5.3.17-84.1 php53-sysvsem-5.3.17-84.1 php53-sysvshm-5.3.17-84.1 php53-tokenizer-5.3.17-84.1 php53-wddx-5.3.17-84.1 php53-xmlreader-5.3.17-84.1 php53-xmlrpc-5.3.17-84.1 php53-xmlwriter-5.3.17-84.1 php53-xsl-5.3.17-84.1 php53-zip-5.3.17-84.1 php53-zlib-5.3.17-84.1 - SUSE Manager 2.1 (s390x x86_64): apache2-mod_php53-5.3.17-84.1 php53-5.3.17-84.1 php53-bcmath-5.3.17-84.1 php53-bz2-5.3.17-84.1 php53-calendar-5.3.17-84.1 php53-ctype-5.3.17-84.1 php53-curl-5.3.17-84.1 php53-dba-5.3.17-84.1 php53-dom-5.3.17-84.1 php53-exif-5.3.17-84.1 php53-fastcgi-5.3.17-84.1 php53-fileinfo-5.3.17-84.1 php53-ftp-5.3.17-84.1 php53-gd-5.3.17-84.1 php53-gettext-5.3.17-84.1 php53-gmp-5.3.17-84.1 php53-iconv-5.3.17-84.1 php53-intl-5.3.17-84.1 php53-json-5.3.17-84.1 php53-ldap-5.3.17-84.1 php53-mbstring-5.3.17-84.1 php53-mcrypt-5.3.17-84.1 php53-mysql-5.3.17-84.1 php53-odbc-5.3.17-84.1 php53-openssl-5.3.17-84.1 php53-pcntl-5.3.17-84.1 php53-pdo-5.3.17-84.1 php53-pear-5.3.17-84.1 php53-pgsql-5.3.17-84.1 php53-pspell-5.3.17-84.1 php53-shmop-5.3.17-84.1 php53-snmp-5.3.17-84.1 php53-soap-5.3.17-84.1 php53-suhosin-5.3.17-84.1 php53-sysvmsg-5.3.17-84.1 php53-sysvsem-5.3.17-84.1 php53-sysvshm-5.3.17-84.1 php53-tokenizer-5.3.17-84.1 php53-wddx-5.3.17-84.1 php53-xmlreader-5.3.17-84.1 php53-xmlrpc-5.3.17-84.1 php53-xmlwriter-5.3.17-84.1 php53-xsl-5.3.17-84.1 php53-zip-5.3.17-84.1 php53-zlib-5.3.17-84.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-84.1 php53-imap-5.3.17-84.1 php53-posix-5.3.17-84.1 php53-readline-5.3.17-84.1 php53-sockets-5.3.17-84.1 php53-sqlite-5.3.17-84.1 php53-tidy-5.3.17-84.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-84.1 php53-5.3.17-84.1 php53-bcmath-5.3.17-84.1 php53-bz2-5.3.17-84.1 php53-calendar-5.3.17-84.1 php53-ctype-5.3.17-84.1 php53-curl-5.3.17-84.1 php53-dba-5.3.17-84.1 php53-dom-5.3.17-84.1 php53-exif-5.3.17-84.1 php53-fastcgi-5.3.17-84.1 php53-fileinfo-5.3.17-84.1 php53-ftp-5.3.17-84.1 php53-gd-5.3.17-84.1 php53-gettext-5.3.17-84.1 php53-gmp-5.3.17-84.1 php53-iconv-5.3.17-84.1 php53-intl-5.3.17-84.1 php53-json-5.3.17-84.1 php53-ldap-5.3.17-84.1 php53-mbstring-5.3.17-84.1 php53-mcrypt-5.3.17-84.1 php53-mysql-5.3.17-84.1 php53-odbc-5.3.17-84.1 php53-openssl-5.3.17-84.1 php53-pcntl-5.3.17-84.1 php53-pdo-5.3.17-84.1 php53-pear-5.3.17-84.1 php53-pgsql-5.3.17-84.1 php53-pspell-5.3.17-84.1 php53-shmop-5.3.17-84.1 php53-snmp-5.3.17-84.1 php53-soap-5.3.17-84.1 php53-suhosin-5.3.17-84.1 php53-sysvmsg-5.3.17-84.1 php53-sysvsem-5.3.17-84.1 php53-sysvshm-5.3.17-84.1 php53-tokenizer-5.3.17-84.1 php53-wddx-5.3.17-84.1 php53-xmlreader-5.3.17-84.1 php53-xmlrpc-5.3.17-84.1 php53-xmlwriter-5.3.17-84.1 php53-xsl-5.3.17-84.1 php53-zip-5.3.17-84.1 php53-zlib-5.3.17-84.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): apache2-mod_php53-5.3.17-84.1 php53-5.3.17-84.1 php53-bcmath-5.3.17-84.1 php53-bz2-5.3.17-84.1 php53-calendar-5.3.17-84.1 php53-ctype-5.3.17-84.1 php53-curl-5.3.17-84.1 php53-dba-5.3.17-84.1 php53-dom-5.3.17-84.1 php53-exif-5.3.17-84.1 php53-fastcgi-5.3.17-84.1 php53-fileinfo-5.3.17-84.1 php53-ftp-5.3.17-84.1 php53-gd-5.3.17-84.1 php53-gettext-5.3.17-84.1 php53-gmp-5.3.17-84.1 php53-iconv-5.3.17-84.1 php53-intl-5.3.17-84.1 php53-json-5.3.17-84.1 php53-ldap-5.3.17-84.1 php53-mbstring-5.3.17-84.1 php53-mcrypt-5.3.17-84.1 php53-mysql-5.3.17-84.1 php53-odbc-5.3.17-84.1 php53-openssl-5.3.17-84.1 php53-pcntl-5.3.17-84.1 php53-pdo-5.3.17-84.1 php53-pear-5.3.17-84.1 php53-pgsql-5.3.17-84.1 php53-pspell-5.3.17-84.1 php53-shmop-5.3.17-84.1 php53-snmp-5.3.17-84.1 php53-soap-5.3.17-84.1 php53-suhosin-5.3.17-84.1 php53-sysvmsg-5.3.17-84.1 php53-sysvsem-5.3.17-84.1 php53-sysvshm-5.3.17-84.1 php53-tokenizer-5.3.17-84.1 php53-wddx-5.3.17-84.1 php53-xmlreader-5.3.17-84.1 php53-xmlrpc-5.3.17-84.1 php53-xmlwriter-5.3.17-84.1 php53-xsl-5.3.17-84.1 php53-zip-5.3.17-84.1 php53-zlib-5.3.17-84.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): apache2-mod_php53-5.3.17-84.1 php53-5.3.17-84.1 php53-bcmath-5.3.17-84.1 php53-bz2-5.3.17-84.1 php53-calendar-5.3.17-84.1 php53-ctype-5.3.17-84.1 php53-curl-5.3.17-84.1 php53-dba-5.3.17-84.1 php53-dom-5.3.17-84.1 php53-exif-5.3.17-84.1 php53-fastcgi-5.3.17-84.1 php53-fileinfo-5.3.17-84.1 php53-ftp-5.3.17-84.1 php53-gd-5.3.17-84.1 php53-gettext-5.3.17-84.1 php53-gmp-5.3.17-84.1 php53-iconv-5.3.17-84.1 php53-intl-5.3.17-84.1 php53-json-5.3.17-84.1 php53-ldap-5.3.17-84.1 php53-mbstring-5.3.17-84.1 php53-mcrypt-5.3.17-84.1 php53-mysql-5.3.17-84.1 php53-odbc-5.3.17-84.1 php53-openssl-5.3.17-84.1 php53-pcntl-5.3.17-84.1 php53-pdo-5.3.17-84.1 php53-pear-5.3.17-84.1 php53-pgsql-5.3.17-84.1 php53-pspell-5.3.17-84.1 php53-shmop-5.3.17-84.1 php53-snmp-5.3.17-84.1 php53-soap-5.3.17-84.1 php53-suhosin-5.3.17-84.1 php53-sysvmsg-5.3.17-84.1 php53-sysvsem-5.3.17-84.1 php53-sysvshm-5.3.17-84.1 php53-tokenizer-5.3.17-84.1 php53-wddx-5.3.17-84.1 php53-xmlreader-5.3.17-84.1 php53-xmlrpc-5.3.17-84.1 php53-xmlwriter-5.3.17-84.1 php53-xsl-5.3.17-84.1 php53-zip-5.3.17-84.1 php53-zlib-5.3.17-84.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-84.1 php53-debugsource-5.3.17-84.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): php53-debuginfo-5.3.17-84.1 php53-debugsource-5.3.17-84.1 References: https://www.suse.com/security/cve/CVE-2016-7124.html https://www.suse.com/security/cve/CVE-2016-7125.html https://www.suse.com/security/cve/CVE-2016-7126.html https://www.suse.com/security/cve/CVE-2016-7127.html https://www.suse.com/security/cve/CVE-2016-7128.html https://www.suse.com/security/cve/CVE-2016-7129.html https://www.suse.com/security/cve/CVE-2016-7130.html https://www.suse.com/security/cve/CVE-2016-7131.html https://www.suse.com/security/cve/CVE-2016-7132.html https://www.suse.com/security/cve/CVE-2016-7411.html https://www.suse.com/security/cve/CVE-2016-7412.html https://www.suse.com/security/cve/CVE-2016-7413.html https://www.suse.com/security/cve/CVE-2016-7414.html https://www.suse.com/security/cve/CVE-2016-7416.html https://www.suse.com/security/cve/CVE-2016-7417.html https://www.suse.com/security/cve/CVE-2016-7418.html https://bugzilla.suse.com/997206 https://bugzilla.suse.com/997207 https://bugzilla.suse.com/997208 https://bugzilla.suse.com/997210 https://bugzilla.suse.com/997211 https://bugzilla.suse.com/997220 https://bugzilla.suse.com/997225 https://bugzilla.suse.com/997230 https://bugzilla.suse.com/997257 https://bugzilla.suse.com/999679 https://bugzilla.suse.com/999680 https://bugzilla.suse.com/999682 https://bugzilla.suse.com/999684 https://bugzilla.suse.com/999685 https://bugzilla.suse.com/999819 https://bugzilla.suse.com/999820 From sle-updates at lists.suse.com Wed Oct 5 13:08:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2016 21:08:44 +0200 (CEST) Subject: SUSE-SU-2016:2460-1: important: Security update for php7 Message-ID: <20161005190844.995EDFEB5@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2460-1 Rating: important References: #1001950 #987580 #988032 #991422 #991424 #991426 #991427 #991428 #991429 #991430 #991434 #991437 #995512 #997206 #997207 #997208 #997210 #997211 #997220 #997225 #997230 #997247 #997248 #997257 #999313 #999679 #999680 #999684 #999685 #999819 #999820 Cross-References: CVE-2016-4473 CVE-2016-5399 CVE-2016-6128 CVE-2016-6161 CVE-2016-6207 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7133 CVE-2016-7134 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that solves 29 vulnerabilities and has two fixes is now available. Description: This update for php7 fixes the following security issues: * CVE-2016-6128: Invalid color index not properly handled [bsc#987580] * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] * CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422] * CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434] * CVE-2016-4473: Invalid free() instead of efree() in phar_extract_file() * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allowed illegal memory access * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7133: memory allocator fails to realloc small block to large one * CVE-2016-7134: Heap overflow in the function curl_escape * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7418: Null pointer dereference in php_wddx_push_element * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1434=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1434=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php7-debuginfo-7.0.7-15.1 php7-debugsource-7.0.7-15.1 php7-devel-7.0.7-15.1 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php7-7.0.7-15.1 apache2-mod_php7-debuginfo-7.0.7-15.1 php7-7.0.7-15.1 php7-bcmath-7.0.7-15.1 php7-bcmath-debuginfo-7.0.7-15.1 php7-bz2-7.0.7-15.1 php7-bz2-debuginfo-7.0.7-15.1 php7-calendar-7.0.7-15.1 php7-calendar-debuginfo-7.0.7-15.1 php7-ctype-7.0.7-15.1 php7-ctype-debuginfo-7.0.7-15.1 php7-curl-7.0.7-15.1 php7-curl-debuginfo-7.0.7-15.1 php7-dba-7.0.7-15.1 php7-dba-debuginfo-7.0.7-15.1 php7-debuginfo-7.0.7-15.1 php7-debugsource-7.0.7-15.1 php7-dom-7.0.7-15.1 php7-dom-debuginfo-7.0.7-15.1 php7-enchant-7.0.7-15.1 php7-enchant-debuginfo-7.0.7-15.1 php7-exif-7.0.7-15.1 php7-exif-debuginfo-7.0.7-15.1 php7-fastcgi-7.0.7-15.1 php7-fastcgi-debuginfo-7.0.7-15.1 php7-fileinfo-7.0.7-15.1 php7-fileinfo-debuginfo-7.0.7-15.1 php7-fpm-7.0.7-15.1 php7-fpm-debuginfo-7.0.7-15.1 php7-ftp-7.0.7-15.1 php7-ftp-debuginfo-7.0.7-15.1 php7-gd-7.0.7-15.1 php7-gd-debuginfo-7.0.7-15.1 php7-gettext-7.0.7-15.1 php7-gettext-debuginfo-7.0.7-15.1 php7-gmp-7.0.7-15.1 php7-gmp-debuginfo-7.0.7-15.1 php7-iconv-7.0.7-15.1 php7-iconv-debuginfo-7.0.7-15.1 php7-imap-7.0.7-15.1 php7-imap-debuginfo-7.0.7-15.1 php7-intl-7.0.7-15.1 php7-intl-debuginfo-7.0.7-15.1 php7-json-7.0.7-15.1 php7-json-debuginfo-7.0.7-15.1 php7-ldap-7.0.7-15.1 php7-ldap-debuginfo-7.0.7-15.1 php7-mbstring-7.0.7-15.1 php7-mbstring-debuginfo-7.0.7-15.1 php7-mcrypt-7.0.7-15.1 php7-mcrypt-debuginfo-7.0.7-15.1 php7-mysql-7.0.7-15.1 php7-mysql-debuginfo-7.0.7-15.1 php7-odbc-7.0.7-15.1 php7-odbc-debuginfo-7.0.7-15.1 php7-opcache-7.0.7-15.1 php7-opcache-debuginfo-7.0.7-15.1 php7-openssl-7.0.7-15.1 php7-openssl-debuginfo-7.0.7-15.1 php7-pcntl-7.0.7-15.1 php7-pcntl-debuginfo-7.0.7-15.1 php7-pdo-7.0.7-15.1 php7-pdo-debuginfo-7.0.7-15.1 php7-pgsql-7.0.7-15.1 php7-pgsql-debuginfo-7.0.7-15.1 php7-phar-7.0.7-15.1 php7-phar-debuginfo-7.0.7-15.1 php7-posix-7.0.7-15.1 php7-posix-debuginfo-7.0.7-15.1 php7-pspell-7.0.7-15.1 php7-pspell-debuginfo-7.0.7-15.1 php7-shmop-7.0.7-15.1 php7-shmop-debuginfo-7.0.7-15.1 php7-snmp-7.0.7-15.1 php7-snmp-debuginfo-7.0.7-15.1 php7-soap-7.0.7-15.1 php7-soap-debuginfo-7.0.7-15.1 php7-sockets-7.0.7-15.1 php7-sockets-debuginfo-7.0.7-15.1 php7-sqlite-7.0.7-15.1 php7-sqlite-debuginfo-7.0.7-15.1 php7-sysvmsg-7.0.7-15.1 php7-sysvmsg-debuginfo-7.0.7-15.1 php7-sysvsem-7.0.7-15.1 php7-sysvsem-debuginfo-7.0.7-15.1 php7-sysvshm-7.0.7-15.1 php7-sysvshm-debuginfo-7.0.7-15.1 php7-tokenizer-7.0.7-15.1 php7-tokenizer-debuginfo-7.0.7-15.1 php7-wddx-7.0.7-15.1 php7-wddx-debuginfo-7.0.7-15.1 php7-xmlreader-7.0.7-15.1 php7-xmlreader-debuginfo-7.0.7-15.1 php7-xmlrpc-7.0.7-15.1 php7-xmlrpc-debuginfo-7.0.7-15.1 php7-xmlwriter-7.0.7-15.1 php7-xmlwriter-debuginfo-7.0.7-15.1 php7-xsl-7.0.7-15.1 php7-xsl-debuginfo-7.0.7-15.1 php7-zip-7.0.7-15.1 php7-zip-debuginfo-7.0.7-15.1 php7-zlib-7.0.7-15.1 php7-zlib-debuginfo-7.0.7-15.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-15.1 php7-pear-Archive_Tar-7.0.7-15.1 References: https://www.suse.com/security/cve/CVE-2016-4473.html https://www.suse.com/security/cve/CVE-2016-5399.html https://www.suse.com/security/cve/CVE-2016-6128.html https://www.suse.com/security/cve/CVE-2016-6161.html https://www.suse.com/security/cve/CVE-2016-6207.html https://www.suse.com/security/cve/CVE-2016-6289.html https://www.suse.com/security/cve/CVE-2016-6290.html https://www.suse.com/security/cve/CVE-2016-6291.html https://www.suse.com/security/cve/CVE-2016-6292.html https://www.suse.com/security/cve/CVE-2016-6295.html https://www.suse.com/security/cve/CVE-2016-6296.html https://www.suse.com/security/cve/CVE-2016-6297.html https://www.suse.com/security/cve/CVE-2016-7124.html https://www.suse.com/security/cve/CVE-2016-7125.html https://www.suse.com/security/cve/CVE-2016-7126.html https://www.suse.com/security/cve/CVE-2016-7127.html https://www.suse.com/security/cve/CVE-2016-7128.html https://www.suse.com/security/cve/CVE-2016-7129.html https://www.suse.com/security/cve/CVE-2016-7130.html https://www.suse.com/security/cve/CVE-2016-7131.html https://www.suse.com/security/cve/CVE-2016-7132.html https://www.suse.com/security/cve/CVE-2016-7133.html https://www.suse.com/security/cve/CVE-2016-7134.html https://www.suse.com/security/cve/CVE-2016-7412.html https://www.suse.com/security/cve/CVE-2016-7413.html https://www.suse.com/security/cve/CVE-2016-7414.html https://www.suse.com/security/cve/CVE-2016-7416.html https://www.suse.com/security/cve/CVE-2016-7417.html https://www.suse.com/security/cve/CVE-2016-7418.html https://bugzilla.suse.com/1001950 https://bugzilla.suse.com/987580 https://bugzilla.suse.com/988032 https://bugzilla.suse.com/991422 https://bugzilla.suse.com/991424 https://bugzilla.suse.com/991426 https://bugzilla.suse.com/991427 https://bugzilla.suse.com/991428 https://bugzilla.suse.com/991429 https://bugzilla.suse.com/991430 https://bugzilla.suse.com/991434 https://bugzilla.suse.com/991437 https://bugzilla.suse.com/995512 https://bugzilla.suse.com/997206 https://bugzilla.suse.com/997207 https://bugzilla.suse.com/997208 https://bugzilla.suse.com/997210 https://bugzilla.suse.com/997211 https://bugzilla.suse.com/997220 https://bugzilla.suse.com/997225 https://bugzilla.suse.com/997230 https://bugzilla.suse.com/997247 https://bugzilla.suse.com/997248 https://bugzilla.suse.com/997257 https://bugzilla.suse.com/999313 https://bugzilla.suse.com/999679 https://bugzilla.suse.com/999680 https://bugzilla.suse.com/999684 https://bugzilla.suse.com/999685 https://bugzilla.suse.com/999819 https://bugzilla.suse.com/999820 From sle-updates at lists.suse.com Wed Oct 5 17:08:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2016 01:08:30 +0200 (CEST) Subject: SUSE-SU-2016:2461-1: important: Security update for php53 Message-ID: <20161005230830.A4302FEB5@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2461-1 Rating: important References: #999679 #999680 #999682 #999684 #999685 #999819 #999820 Cross-References: CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for php53 fixes the following issues: * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-php53-12776=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-php53-12776=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): apache2-mod_php53-5.3.17-58.1 php53-5.3.17-58.1 php53-bcmath-5.3.17-58.1 php53-bz2-5.3.17-58.1 php53-calendar-5.3.17-58.1 php53-ctype-5.3.17-58.1 php53-curl-5.3.17-58.1 php53-dba-5.3.17-58.1 php53-dom-5.3.17-58.1 php53-exif-5.3.17-58.1 php53-fastcgi-5.3.17-58.1 php53-fileinfo-5.3.17-58.1 php53-ftp-5.3.17-58.1 php53-gd-5.3.17-58.1 php53-gettext-5.3.17-58.1 php53-gmp-5.3.17-58.1 php53-iconv-5.3.17-58.1 php53-intl-5.3.17-58.1 php53-json-5.3.17-58.1 php53-ldap-5.3.17-58.1 php53-mbstring-5.3.17-58.1 php53-mcrypt-5.3.17-58.1 php53-mysql-5.3.17-58.1 php53-odbc-5.3.17-58.1 php53-openssl-5.3.17-58.1 php53-pcntl-5.3.17-58.1 php53-pdo-5.3.17-58.1 php53-pear-5.3.17-58.1 php53-pgsql-5.3.17-58.1 php53-pspell-5.3.17-58.1 php53-shmop-5.3.17-58.1 php53-snmp-5.3.17-58.1 php53-soap-5.3.17-58.1 php53-suhosin-5.3.17-58.1 php53-sysvmsg-5.3.17-58.1 php53-sysvsem-5.3.17-58.1 php53-sysvshm-5.3.17-58.1 php53-tokenizer-5.3.17-58.1 php53-wddx-5.3.17-58.1 php53-xmlreader-5.3.17-58.1 php53-xmlrpc-5.3.17-58.1 php53-xmlwriter-5.3.17-58.1 php53-xsl-5.3.17-58.1 php53-zip-5.3.17-58.1 php53-zlib-5.3.17-58.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): php53-debuginfo-5.3.17-58.1 php53-debugsource-5.3.17-58.1 References: https://www.suse.com/security/cve/CVE-2016-7411.html https://www.suse.com/security/cve/CVE-2016-7412.html https://www.suse.com/security/cve/CVE-2016-7413.html https://www.suse.com/security/cve/CVE-2016-7414.html https://www.suse.com/security/cve/CVE-2016-7416.html https://www.suse.com/security/cve/CVE-2016-7417.html https://www.suse.com/security/cve/CVE-2016-7418.html https://bugzilla.suse.com/999679 https://bugzilla.suse.com/999680 https://bugzilla.suse.com/999682 https://bugzilla.suse.com/999684 https://bugzilla.suse.com/999685 https://bugzilla.suse.com/999819 https://bugzilla.suse.com/999820 From sle-updates at lists.suse.com Wed Oct 5 17:09:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2016 01:09:41 +0200 (CEST) Subject: SUSE-RU-2016:2462-1: Recommended update for python-rtslib Message-ID: <20161005230941.A7C74FF05@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-rtslib ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2462-1 Rating: low References: #968745 #975051 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-rtslib provides the following fixes: - Allow WWN validation for fc_wwn transport. (bsc#975051) - Disallow upper-case IQN names. (bsc#968745) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1435=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): python-rtslib-2.2-30.2 References: https://bugzilla.suse.com/968745 https://bugzilla.suse.com/975051 From sle-updates at lists.suse.com Thu Oct 6 10:10:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2016 18:10:42 +0200 (CEST) Subject: SUSE-RU-2016:2466-1: moderate: Recommended update for lrbd Message-ID: <20161006161042.78600FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for lrbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2466-1 Rating: moderate References: #982788 #987997 #987999 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for lrbd provides version 1.1 and fixes the following issues: - Always unmap with -Cu. (bsc#982788) - Adds various features. (bsc#987999, bsc#987997) - Add -n/-p options. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1438=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): lrbd-1.1-8.1 References: https://bugzilla.suse.com/982788 https://bugzilla.suse.com/987997 https://bugzilla.suse.com/987999 From sle-updates at lists.suse.com Thu Oct 6 12:09:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2016 20:09:27 +0200 (CEST) Subject: SUSE-SU-2016:2468-1: important: Security update for compat-openssl098 Message-ID: <20161006180927.AC880FF5D@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2468-1 Rating: important References: #979475 #982575 #983249 #993819 #994749 #994844 #995075 #995324 #995359 #995377 #998190 #999665 #999666 #999668 Cross-References: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has four fixes is now available. Description: This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Bugs fixed: * update expired S/MIME certs (bsc#979475) * fix crash in print_notice (bsc#998190) * resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-1441=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1441=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1441=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): compat-openssl098-debugsource-0.9.8j-102.1 libopenssl0_9_8-0.9.8j-102.1 libopenssl0_9_8-debuginfo-0.9.8j-102.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-102.1 libopenssl0_9_8-0.9.8j-102.1 libopenssl0_9_8-32bit-0.9.8j-102.1 libopenssl0_9_8-debuginfo-0.9.8j-102.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-102.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): compat-openssl098-debugsource-0.9.8j-102.1 libopenssl0_9_8-0.9.8j-102.1 libopenssl0_9_8-32bit-0.9.8j-102.1 libopenssl0_9_8-debuginfo-0.9.8j-102.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-102.1 References: https://www.suse.com/security/cve/CVE-2016-2177.html https://www.suse.com/security/cve/CVE-2016-2178.html https://www.suse.com/security/cve/CVE-2016-2179.html https://www.suse.com/security/cve/CVE-2016-2181.html https://www.suse.com/security/cve/CVE-2016-2182.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-6302.html https://www.suse.com/security/cve/CVE-2016-6303.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6306.html https://bugzilla.suse.com/979475 https://bugzilla.suse.com/982575 https://bugzilla.suse.com/983249 https://bugzilla.suse.com/993819 https://bugzilla.suse.com/994749 https://bugzilla.suse.com/994844 https://bugzilla.suse.com/995075 https://bugzilla.suse.com/995324 https://bugzilla.suse.com/995359 https://bugzilla.suse.com/995377 https://bugzilla.suse.com/998190 https://bugzilla.suse.com/999665 https://bugzilla.suse.com/999666 https://bugzilla.suse.com/999668 From sle-updates at lists.suse.com Thu Oct 6 12:11:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2016 20:11:43 +0200 (CEST) Subject: SUSE-SU-2016:2469-1: important: Security update for openssl1 Message-ID: <20161006181143.12C27FF57@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2469-1 Rating: important References: #979475 #982575 #982745 #983249 #990419 #993819 #994749 #994844 #995075 #995324 #995359 #995377 #998190 #999665 #999666 #999668 Cross-References: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 5 fixes is now available. Description: This update for openssl1 fixes the following issues: penSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Also following bugs were fixed: * update expired S/MIME certs (bsc#979475) * improve s390x performance (bsc#982745) * fix crash in print_notice (bsc#998190) * resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-12777=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.52.1 libopenssl1_0_0-1.0.1g-0.52.1 openssl1-1.0.1g-0.52.1 openssl1-doc-1.0.1g-0.52.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.52.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.52.1 References: https://www.suse.com/security/cve/CVE-2016-2177.html https://www.suse.com/security/cve/CVE-2016-2178.html https://www.suse.com/security/cve/CVE-2016-2179.html https://www.suse.com/security/cve/CVE-2016-2180.html https://www.suse.com/security/cve/CVE-2016-2181.html https://www.suse.com/security/cve/CVE-2016-2182.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-6302.html https://www.suse.com/security/cve/CVE-2016-6303.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6306.html https://bugzilla.suse.com/979475 https://bugzilla.suse.com/982575 https://bugzilla.suse.com/982745 https://bugzilla.suse.com/983249 https://bugzilla.suse.com/990419 https://bugzilla.suse.com/993819 https://bugzilla.suse.com/994749 https://bugzilla.suse.com/994844 https://bugzilla.suse.com/995075 https://bugzilla.suse.com/995324 https://bugzilla.suse.com/995359 https://bugzilla.suse.com/995377 https://bugzilla.suse.com/998190 https://bugzilla.suse.com/999665 https://bugzilla.suse.com/999666 https://bugzilla.suse.com/999668 From sle-updates at lists.suse.com Thu Oct 6 12:14:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2016 20:14:20 +0200 (CEST) Subject: SUSE-SU-2016:2470-1: important: Security update for nodejs4 Message-ID: <20161006181420.0D34FFF0F@maintenance.suse.de> SUSE Security Update: Security update for nodejs4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2470-1 Rating: important References: #1001652 #985201 Cross-References: CVE-2016-2178 CVE-2016-2183 CVE-2016-5325 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7099 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: * Nodejs embedded openssl version update + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules * http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bsc#985201) * tls: properly validate wildcard certificates (CVE-2016-7099, bsc#1001652) * buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat() Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1439=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le x86_64): nodejs4-4.6.0-8.1 nodejs4-debuginfo-4.6.0-8.1 nodejs4-debugsource-4.6.0-8.1 nodejs4-devel-4.6.0-8.1 npm4-4.6.0-8.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs4-docs-4.6.0-8.1 References: https://www.suse.com/security/cve/CVE-2016-2178.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-5325.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6306.html https://www.suse.com/security/cve/CVE-2016-7052.html https://www.suse.com/security/cve/CVE-2016-7099.html https://bugzilla.suse.com/1001652 https://bugzilla.suse.com/985201 From sle-updates at lists.suse.com Thu Oct 6 14:08:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2016 22:08:53 +0200 (CEST) Subject: SUSE-RU-2016:2471-1: Recommended update for iprutils Message-ID: <20161006200854.04856F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for iprutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2471-1 Rating: low References: #931413 #974199 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for iprutils provides the following fixes: - Don't show RAID migration level for secondary devices. (bsc#974199) - Add maximum queue depth in GUI when creating an array. (bsc#931413) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-iprutils-12778=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-iprutils-12778=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-iprutils-12778=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): iprutils-2.4.1-9.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): iprutils-2.4.1-9.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 x86_64): iprutils-debuginfo-2.4.1-9.2 iprutils-debugsource-2.4.1-9.2 References: https://bugzilla.suse.com/931413 https://bugzilla.suse.com/974199 From sle-updates at lists.suse.com Thu Oct 6 14:09:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2016 22:09:30 +0200 (CEST) Subject: SUSE-SU-2016:2472-1: Security update for libreoffice Message-ID: <20161006200930.570DFF7BC@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2472-1 Rating: low References: #1000102 #987553 Cross-References: CVE-2016-4324 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: LibreOffice was updated to version 5.1.5.2, bringing enhancements and bug fixes. - CVE-2016-4324: Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents could be constructed which dereference an iterator to the first entry of an empty STL container. (bsc#987553) - Don't use "nullable" for introspection, as it isn't available on SLE 12's version of gobject-introspection. This prevents a segmentation fault in gnome-documents. (bsc#1000102) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1442=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1442=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): libreoffice-icon-theme-galaxy-5.1.5.2-29.4 libreoffice-icon-theme-tango-5.1.5.2-29.4 libreoffice-l10n-af-5.1.5.2-29.4 libreoffice-l10n-ar-5.1.5.2-29.4 libreoffice-l10n-ca-5.1.5.2-29.4 libreoffice-l10n-cs-5.1.5.2-29.4 libreoffice-l10n-da-5.1.5.2-29.4 libreoffice-l10n-de-5.1.5.2-29.4 libreoffice-l10n-en-5.1.5.2-29.4 libreoffice-l10n-es-5.1.5.2-29.4 libreoffice-l10n-fi-5.1.5.2-29.4 libreoffice-l10n-fr-5.1.5.2-29.4 libreoffice-l10n-gu-5.1.5.2-29.4 libreoffice-l10n-hi-5.1.5.2-29.4 libreoffice-l10n-hu-5.1.5.2-29.4 libreoffice-l10n-it-5.1.5.2-29.4 libreoffice-l10n-ja-5.1.5.2-29.4 libreoffice-l10n-ko-5.1.5.2-29.4 libreoffice-l10n-nb-5.1.5.2-29.4 libreoffice-l10n-nl-5.1.5.2-29.4 libreoffice-l10n-nn-5.1.5.2-29.4 libreoffice-l10n-pl-5.1.5.2-29.4 libreoffice-l10n-pt-BR-5.1.5.2-29.4 libreoffice-l10n-pt-PT-5.1.5.2-29.4 libreoffice-l10n-ru-5.1.5.2-29.4 libreoffice-l10n-sk-5.1.5.2-29.4 libreoffice-l10n-sv-5.1.5.2-29.4 libreoffice-l10n-xh-5.1.5.2-29.4 libreoffice-l10n-zh-Hans-5.1.5.2-29.4 libreoffice-l10n-zh-Hant-5.1.5.2-29.4 libreoffice-l10n-zu-5.1.5.2-29.4 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libreoffice-5.1.5.2-29.4 libreoffice-base-5.1.5.2-29.4 libreoffice-base-debuginfo-5.1.5.2-29.4 libreoffice-base-drivers-mysql-5.1.5.2-29.4 libreoffice-base-drivers-mysql-debuginfo-5.1.5.2-29.4 libreoffice-base-drivers-postgresql-5.1.5.2-29.4 libreoffice-base-drivers-postgresql-debuginfo-5.1.5.2-29.4 libreoffice-calc-5.1.5.2-29.4 libreoffice-calc-debuginfo-5.1.5.2-29.4 libreoffice-calc-extensions-5.1.5.2-29.4 libreoffice-debuginfo-5.1.5.2-29.4 libreoffice-debugsource-5.1.5.2-29.4 libreoffice-draw-5.1.5.2-29.4 libreoffice-draw-debuginfo-5.1.5.2-29.4 libreoffice-filters-optional-5.1.5.2-29.4 libreoffice-gnome-5.1.5.2-29.4 libreoffice-gnome-debuginfo-5.1.5.2-29.4 libreoffice-impress-5.1.5.2-29.4 libreoffice-impress-debuginfo-5.1.5.2-29.4 libreoffice-mailmerge-5.1.5.2-29.4 libreoffice-math-5.1.5.2-29.4 libreoffice-math-debuginfo-5.1.5.2-29.4 libreoffice-officebean-5.1.5.2-29.4 libreoffice-officebean-debuginfo-5.1.5.2-29.4 libreoffice-pyuno-5.1.5.2-29.4 libreoffice-pyuno-debuginfo-5.1.5.2-29.4 libreoffice-writer-5.1.5.2-29.4 libreoffice-writer-debuginfo-5.1.5.2-29.4 libreoffice-writer-extensions-5.1.5.2-29.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libreoffice-5.1.5.2-29.4 libreoffice-base-5.1.5.2-29.4 libreoffice-base-debuginfo-5.1.5.2-29.4 libreoffice-base-drivers-mysql-5.1.5.2-29.4 libreoffice-base-drivers-mysql-debuginfo-5.1.5.2-29.4 libreoffice-base-drivers-postgresql-5.1.5.2-29.4 libreoffice-base-drivers-postgresql-debuginfo-5.1.5.2-29.4 libreoffice-calc-5.1.5.2-29.4 libreoffice-calc-debuginfo-5.1.5.2-29.4 libreoffice-calc-extensions-5.1.5.2-29.4 libreoffice-debuginfo-5.1.5.2-29.4 libreoffice-debugsource-5.1.5.2-29.4 libreoffice-draw-5.1.5.2-29.4 libreoffice-draw-debuginfo-5.1.5.2-29.4 libreoffice-filters-optional-5.1.5.2-29.4 libreoffice-gnome-5.1.5.2-29.4 libreoffice-gnome-debuginfo-5.1.5.2-29.4 libreoffice-impress-5.1.5.2-29.4 libreoffice-impress-debuginfo-5.1.5.2-29.4 libreoffice-mailmerge-5.1.5.2-29.4 libreoffice-math-5.1.5.2-29.4 libreoffice-math-debuginfo-5.1.5.2-29.4 libreoffice-officebean-5.1.5.2-29.4 libreoffice-officebean-debuginfo-5.1.5.2-29.4 libreoffice-pyuno-5.1.5.2-29.4 libreoffice-pyuno-debuginfo-5.1.5.2-29.4 libreoffice-writer-5.1.5.2-29.4 libreoffice-writer-debuginfo-5.1.5.2-29.4 libreoffice-writer-extensions-5.1.5.2-29.4 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): libreoffice-icon-theme-galaxy-5.1.5.2-29.4 libreoffice-icon-theme-tango-5.1.5.2-29.4 libreoffice-l10n-af-5.1.5.2-29.4 libreoffice-l10n-ar-5.1.5.2-29.4 libreoffice-l10n-ca-5.1.5.2-29.4 libreoffice-l10n-cs-5.1.5.2-29.4 libreoffice-l10n-da-5.1.5.2-29.4 libreoffice-l10n-de-5.1.5.2-29.4 libreoffice-l10n-en-5.1.5.2-29.4 libreoffice-l10n-es-5.1.5.2-29.4 libreoffice-l10n-fi-5.1.5.2-29.4 libreoffice-l10n-fr-5.1.5.2-29.4 libreoffice-l10n-gu-5.1.5.2-29.4 libreoffice-l10n-hi-5.1.5.2-29.4 libreoffice-l10n-hu-5.1.5.2-29.4 libreoffice-l10n-it-5.1.5.2-29.4 libreoffice-l10n-ja-5.1.5.2-29.4 libreoffice-l10n-ko-5.1.5.2-29.4 libreoffice-l10n-nb-5.1.5.2-29.4 libreoffice-l10n-nl-5.1.5.2-29.4 libreoffice-l10n-nn-5.1.5.2-29.4 libreoffice-l10n-pl-5.1.5.2-29.4 libreoffice-l10n-pt-BR-5.1.5.2-29.4 libreoffice-l10n-pt-PT-5.1.5.2-29.4 libreoffice-l10n-ru-5.1.5.2-29.4 libreoffice-l10n-sk-5.1.5.2-29.4 libreoffice-l10n-sv-5.1.5.2-29.4 libreoffice-l10n-xh-5.1.5.2-29.4 libreoffice-l10n-zh-Hans-5.1.5.2-29.4 libreoffice-l10n-zh-Hant-5.1.5.2-29.4 libreoffice-l10n-zu-5.1.5.2-29.4 References: https://www.suse.com/security/cve/CVE-2016-4324.html https://bugzilla.suse.com/1000102 https://bugzilla.suse.com/987553 From sle-updates at lists.suse.com Fri Oct 7 06:08:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2016 14:08:58 +0200 (CEST) Subject: SUSE-SU-2016:2473-1: important: Security update for xen Message-ID: <20161007120858.E78B8F7BB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2473-1 Rating: important References: #953518 #955104 #959330 #959552 #970135 #971949 #988675 #988676 #990500 #990970 #991934 #992224 #993665 #994421 #994625 #994761 #994772 #994775 #995785 #995789 #995792 Cross-References: CVE-2016-6258 CVE-2016-6259 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 11 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785). - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789). - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792). - CVE-2016-6836: Information leakage in vmxnet3_complete_packet (bsc#994761). - CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. Aprivileged user inside guest c... (bsc#994772). - CVE-2016-6833: Use after free while writing (bsc#994775). - CVE-2016-6835: Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 deviceemulation. (bsc#994625). - CVE-2016-6834: An infinite loop during packet fragmentation (bsc#994421). - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675). - CVE-2016-6259: Xen did not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allowed local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check (bsc#988676). These non-security issues were fixed: - bsc#991934: Hypervisor crash in csched_acct - bsc#992224: During boot of Xen Hypervisor, failed to get contiguous memory for DMA - bsc#955104: Virsh reports error "one or more references were leaked after disconnect from hypervisor" when "virsh save" failed due to "no response from client after 6 keepalive messages" - bsc#959552: Migration of HVM guest leads into libvirt segmentation fault - bsc#993665: Migration of xen guests finishes in: One or more references were leaked after disconnect from the hypervisor - bsc#959330: Guest migrations using virsh results in error "Internal error: received hangup / error event on socket" - bsc#990500: VM virsh migration fails with keepalive error: ":virKeepAliveTimerInternal:143 : No response from client" - bsc#953518: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol - bsc#953518: xen_platform: unplug also SCSI disks in qemu-xen - bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live - bsc#970135: New virtualization project clock test randomly fails on Xen - bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1444=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1444=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1444=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): xen-debugsource-4.5.3_10-20.1 xen-devel-4.5.3_10-20.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): xen-4.5.3_10-20.1 xen-debugsource-4.5.3_10-20.1 xen-doc-html-4.5.3_10-20.1 xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1 xen-kmp-default-debuginfo-4.5.3_10_k3.12.62_60.62-20.1 xen-libs-32bit-4.5.3_10-20.1 xen-libs-4.5.3_10-20.1 xen-libs-debuginfo-32bit-4.5.3_10-20.1 xen-libs-debuginfo-4.5.3_10-20.1 xen-tools-4.5.3_10-20.1 xen-tools-debuginfo-4.5.3_10-20.1 xen-tools-domU-4.5.3_10-20.1 xen-tools-domU-debuginfo-4.5.3_10-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): xen-4.5.3_10-20.1 xen-debugsource-4.5.3_10-20.1 xen-kmp-default-4.5.3_10_k3.12.62_60.62-20.1 xen-kmp-default-debuginfo-4.5.3_10_k3.12.62_60.62-20.1 xen-libs-32bit-4.5.3_10-20.1 xen-libs-4.5.3_10-20.1 xen-libs-debuginfo-32bit-4.5.3_10-20.1 xen-libs-debuginfo-4.5.3_10-20.1 References: https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6259.html https://www.suse.com/security/cve/CVE-2016-6833.html https://www.suse.com/security/cve/CVE-2016-6834.html https://www.suse.com/security/cve/CVE-2016-6835.html https://www.suse.com/security/cve/CVE-2016-6836.html https://www.suse.com/security/cve/CVE-2016-6888.html https://www.suse.com/security/cve/CVE-2016-7092.html https://www.suse.com/security/cve/CVE-2016-7093.html https://www.suse.com/security/cve/CVE-2016-7094.html https://bugzilla.suse.com/953518 https://bugzilla.suse.com/955104 https://bugzilla.suse.com/959330 https://bugzilla.suse.com/959552 https://bugzilla.suse.com/970135 https://bugzilla.suse.com/971949 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/988676 https://bugzilla.suse.com/990500 https://bugzilla.suse.com/990970 https://bugzilla.suse.com/991934 https://bugzilla.suse.com/992224 https://bugzilla.suse.com/993665 https://bugzilla.suse.com/994421 https://bugzilla.suse.com/994625 https://bugzilla.suse.com/994761 https://bugzilla.suse.com/994772 https://bugzilla.suse.com/994775 https://bugzilla.suse.com/995785 https://bugzilla.suse.com/995789 https://bugzilla.suse.com/995792 From sle-updates at lists.suse.com Fri Oct 7 12:08:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2016 20:08:48 +0200 (CEST) Subject: SUSE-RU-2016:2474-1: Recommended update for speech-dispatcher Message-ID: <20161007180848.501E6F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for speech-dispatcher ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2474-1 Rating: low References: #1001618 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for speech-dispatcher provides the following fixes: - Move logrotate options to local scope to not affect configuration of other services. (bsc#1001618) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1445=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1445=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1445=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libspeechd-devel-0.8-9.1 speech-dispatcher-debuginfo-0.8-9.1 speech-dispatcher-debugsource-0.8-9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libspeechd2-0.8-9.1 libspeechd2-debuginfo-0.8-9.1 python3-speechd-0.8-9.1 speech-dispatcher-0.8-9.1 speech-dispatcher-debuginfo-0.8-9.1 speech-dispatcher-debugsource-0.8-9.1 speech-dispatcher-module-espeak-0.8-9.1 speech-dispatcher-module-espeak-debuginfo-0.8-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libspeechd2-0.8-9.1 libspeechd2-debuginfo-0.8-9.1 python3-speechd-0.8-9.1 speech-dispatcher-0.8-9.1 speech-dispatcher-debuginfo-0.8-9.1 speech-dispatcher-debugsource-0.8-9.1 speech-dispatcher-module-espeak-0.8-9.1 speech-dispatcher-module-espeak-debuginfo-0.8-9.1 References: https://bugzilla.suse.com/1001618 From sle-updates at lists.suse.com Fri Oct 7 13:08:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2016 21:08:53 +0200 (CEST) Subject: SUSE-SU-2016:2475-1: important: Security update for systemd Message-ID: <20161007190853.4280AF7BB@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2475-1 Rating: important References: #1000435 #1001765 #954374 #970293 #982210 #982211 #982251 #987173 #987857 #990074 #996269 Cross-References: CVE-2016-7796 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for systemd fixes the following security issue: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make manager_dispatch_notify_fd() return an error and, as a side effect, disable the notification handler completely. As the notification socket is world-writable, this could have allowed a local user to perform a denial-of-service attack against systemd. (bsc#1001765) Additionally, the following non-security fixes are included: - Fix HMAC calculation when appending a data object to journal. (bsc#1000435) - Never accept file descriptors from file systems with mandatory locking enabled. (bsc#954374) - Do not warn about missing install info with "preset". (bsc#970293) - Save /run/systemd/users/UID before starting user at .service. (bsc#996269) - Make sure that /var/lib/systemd/sysv-convert/database is always initialized. (bsc#982211) - Remove daylight saving time handling and tzfile parser. (bsc#990074) - Make sure directory watch is started before cryptsetup. (bsc#987173) - Introduce sd_pid_notify() and sd_pid_notifyf() APIs. (bsc#987857) - Set KillMode=mixed for our daemons that fork worker processes. - Add nosuid and nodev options to tmp.mount. - Don't start console-getty.service when /dev/console is missing. (bsc#982251) - Correct segmentation fault in udev/path_id due to missing NULL check. (bsc#982210) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1447=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1447=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): systemd-bash-completion-210-70.58.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): libgudev-1_0-0-210-70.58.1 libgudev-1_0-0-32bit-210-70.58.1 libgudev-1_0-0-debuginfo-210-70.58.1 libgudev-1_0-0-debuginfo-32bit-210-70.58.1 libudev1-210-70.58.1 libudev1-32bit-210-70.58.1 libudev1-debuginfo-210-70.58.1 libudev1-debuginfo-32bit-210-70.58.1 systemd-210-70.58.1 systemd-32bit-210-70.58.1 systemd-debuginfo-210-70.58.1 systemd-debuginfo-32bit-210-70.58.1 systemd-debugsource-210-70.58.1 systemd-sysvinit-210-70.58.1 udev-210-70.58.1 udev-debuginfo-210-70.58.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libgudev-1_0-0-210-70.58.1 libgudev-1_0-0-debuginfo-210-70.58.1 libudev1-210-70.58.1 libudev1-debuginfo-210-70.58.1 systemd-210-70.58.1 systemd-debuginfo-210-70.58.1 systemd-debugsource-210-70.58.1 systemd-sysvinit-210-70.58.1 udev-210-70.58.1 udev-debuginfo-210-70.58.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libgudev-1_0-0-32bit-210-70.58.1 libgudev-1_0-0-debuginfo-32bit-210-70.58.1 libudev1-32bit-210-70.58.1 libudev1-debuginfo-32bit-210-70.58.1 systemd-32bit-210-70.58.1 systemd-debuginfo-32bit-210-70.58.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): systemd-bash-completion-210-70.58.1 References: https://www.suse.com/security/cve/CVE-2016-7796.html https://bugzilla.suse.com/1000435 https://bugzilla.suse.com/1001765 https://bugzilla.suse.com/954374 https://bugzilla.suse.com/970293 https://bugzilla.suse.com/982210 https://bugzilla.suse.com/982211 https://bugzilla.suse.com/982251 https://bugzilla.suse.com/987173 https://bugzilla.suse.com/987857 https://bugzilla.suse.com/990074 https://bugzilla.suse.com/996269 From sle-updates at lists.suse.com Fri Oct 7 13:11:02 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2016 21:11:02 +0200 (CEST) Subject: SUSE-SU-2016:2476-1: important: Security update for systemd Message-ID: <20161007191102.C6CC4F7BF@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2476-1 Rating: important References: #1000435 #1001765 #954374 #970293 #982210 #982211 #982251 #987173 #987857 #990074 #996269 Cross-References: CVE-2016-7796 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for systemd fixes the following security issue: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make manager_dispatch_notify_fd() return an error and, as a side effect, disable the notification handler completely. As the notification socket is world-writable, this could have allowed a local user to perform a denial-of-service attack against systemd. (bsc#1001765) Additionally, the following non-security fixes are included: - Fix HMAC calculation when appending a data object to journal. (bsc#1000435) - Never accept file descriptors from file systems with mandatory locking enabled. (bsc#954374) - Do not warn about missing install info with "preset". (bsc#970293) - Save /run/systemd/users/UID before starting user at .service. (bsc#996269) - Make sure that /var/lib/systemd/sysv-convert/database is always initialized. (bsc#982211) - Remove daylight saving time handling and tzfile parser. (bsc#990074) - Make sure directory watch is started before cryptsetup. (bsc#987173) - Introduce sd_pid_notify() and sd_pid_notifyf() APIs. (bsc#987857) - Set KillMode=mixed for our daemons that fork worker processes. - Add nosuid and nodev options to tmp.mount. - Don't start console-getty.service when /dev/console is missing. (bsc#982251) - Correct segmentation fault in udev/path_id due to missing NULL check. (bsc#982210) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1448=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1448=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1448=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-devel-210-114.1 libudev-devel-210-114.1 systemd-debuginfo-210-114.1 systemd-debugsource-210-114.1 systemd-devel-210-114.1 typelib-1_0-GUdev-1_0-210-114.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libgudev-1_0-0-210-114.1 libgudev-1_0-0-debuginfo-210-114.1 libudev1-210-114.1 libudev1-debuginfo-210-114.1 systemd-210-114.1 systemd-debuginfo-210-114.1 systemd-debugsource-210-114.1 systemd-sysvinit-210-114.1 udev-210-114.1 udev-debuginfo-210-114.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgudev-1_0-0-32bit-210-114.1 libgudev-1_0-0-debuginfo-32bit-210-114.1 libudev1-32bit-210-114.1 libudev1-debuginfo-32bit-210-114.1 systemd-32bit-210-114.1 systemd-debuginfo-32bit-210-114.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): systemd-bash-completion-210-114.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): systemd-bash-completion-210-114.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libgudev-1_0-0-210-114.1 libgudev-1_0-0-32bit-210-114.1 libgudev-1_0-0-debuginfo-210-114.1 libgudev-1_0-0-debuginfo-32bit-210-114.1 libudev1-210-114.1 libudev1-32bit-210-114.1 libudev1-debuginfo-210-114.1 libudev1-debuginfo-32bit-210-114.1 systemd-210-114.1 systemd-32bit-210-114.1 systemd-debuginfo-210-114.1 systemd-debuginfo-32bit-210-114.1 systemd-debugsource-210-114.1 systemd-sysvinit-210-114.1 udev-210-114.1 udev-debuginfo-210-114.1 References: https://www.suse.com/security/cve/CVE-2016-7796.html https://bugzilla.suse.com/1000435 https://bugzilla.suse.com/1001765 https://bugzilla.suse.com/954374 https://bugzilla.suse.com/970293 https://bugzilla.suse.com/982210 https://bugzilla.suse.com/982211 https://bugzilla.suse.com/982251 https://bugzilla.suse.com/987173 https://bugzilla.suse.com/987857 https://bugzilla.suse.com/990074 https://bugzilla.suse.com/996269 From sle-updates at lists.suse.com Fri Oct 7 13:12:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2016 21:12:50 +0200 (CEST) Subject: SUSE-SU-2016:2477-1: important: Security update for php5 Message-ID: <20161007191250.736C4F7BB@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2477-1 Rating: important References: #999679 #999680 #999682 #999684 #999685 #999819 #999820 Cross-References: CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for php5 fixes the following security issues: * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1446=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1446=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-78.1 php5-debugsource-5.5.14-78.1 php5-devel-5.5.14-78.1 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-78.1 apache2-mod_php5-debuginfo-5.5.14-78.1 php5-5.5.14-78.1 php5-bcmath-5.5.14-78.1 php5-bcmath-debuginfo-5.5.14-78.1 php5-bz2-5.5.14-78.1 php5-bz2-debuginfo-5.5.14-78.1 php5-calendar-5.5.14-78.1 php5-calendar-debuginfo-5.5.14-78.1 php5-ctype-5.5.14-78.1 php5-ctype-debuginfo-5.5.14-78.1 php5-curl-5.5.14-78.1 php5-curl-debuginfo-5.5.14-78.1 php5-dba-5.5.14-78.1 php5-dba-debuginfo-5.5.14-78.1 php5-debuginfo-5.5.14-78.1 php5-debugsource-5.5.14-78.1 php5-dom-5.5.14-78.1 php5-dom-debuginfo-5.5.14-78.1 php5-enchant-5.5.14-78.1 php5-enchant-debuginfo-5.5.14-78.1 php5-exif-5.5.14-78.1 php5-exif-debuginfo-5.5.14-78.1 php5-fastcgi-5.5.14-78.1 php5-fastcgi-debuginfo-5.5.14-78.1 php5-fileinfo-5.5.14-78.1 php5-fileinfo-debuginfo-5.5.14-78.1 php5-fpm-5.5.14-78.1 php5-fpm-debuginfo-5.5.14-78.1 php5-ftp-5.5.14-78.1 php5-ftp-debuginfo-5.5.14-78.1 php5-gd-5.5.14-78.1 php5-gd-debuginfo-5.5.14-78.1 php5-gettext-5.5.14-78.1 php5-gettext-debuginfo-5.5.14-78.1 php5-gmp-5.5.14-78.1 php5-gmp-debuginfo-5.5.14-78.1 php5-iconv-5.5.14-78.1 php5-iconv-debuginfo-5.5.14-78.1 php5-imap-5.5.14-78.1 php5-imap-debuginfo-5.5.14-78.1 php5-intl-5.5.14-78.1 php5-intl-debuginfo-5.5.14-78.1 php5-json-5.5.14-78.1 php5-json-debuginfo-5.5.14-78.1 php5-ldap-5.5.14-78.1 php5-ldap-debuginfo-5.5.14-78.1 php5-mbstring-5.5.14-78.1 php5-mbstring-debuginfo-5.5.14-78.1 php5-mcrypt-5.5.14-78.1 php5-mcrypt-debuginfo-5.5.14-78.1 php5-mysql-5.5.14-78.1 php5-mysql-debuginfo-5.5.14-78.1 php5-odbc-5.5.14-78.1 php5-odbc-debuginfo-5.5.14-78.1 php5-opcache-5.5.14-78.1 php5-opcache-debuginfo-5.5.14-78.1 php5-openssl-5.5.14-78.1 php5-openssl-debuginfo-5.5.14-78.1 php5-pcntl-5.5.14-78.1 php5-pcntl-debuginfo-5.5.14-78.1 php5-pdo-5.5.14-78.1 php5-pdo-debuginfo-5.5.14-78.1 php5-pgsql-5.5.14-78.1 php5-pgsql-debuginfo-5.5.14-78.1 php5-phar-5.5.14-78.1 php5-phar-debuginfo-5.5.14-78.1 php5-posix-5.5.14-78.1 php5-posix-debuginfo-5.5.14-78.1 php5-pspell-5.5.14-78.1 php5-pspell-debuginfo-5.5.14-78.1 php5-shmop-5.5.14-78.1 php5-shmop-debuginfo-5.5.14-78.1 php5-snmp-5.5.14-78.1 php5-snmp-debuginfo-5.5.14-78.1 php5-soap-5.5.14-78.1 php5-soap-debuginfo-5.5.14-78.1 php5-sockets-5.5.14-78.1 php5-sockets-debuginfo-5.5.14-78.1 php5-sqlite-5.5.14-78.1 php5-sqlite-debuginfo-5.5.14-78.1 php5-suhosin-5.5.14-78.1 php5-suhosin-debuginfo-5.5.14-78.1 php5-sysvmsg-5.5.14-78.1 php5-sysvmsg-debuginfo-5.5.14-78.1 php5-sysvsem-5.5.14-78.1 php5-sysvsem-debuginfo-5.5.14-78.1 php5-sysvshm-5.5.14-78.1 php5-sysvshm-debuginfo-5.5.14-78.1 php5-tokenizer-5.5.14-78.1 php5-tokenizer-debuginfo-5.5.14-78.1 php5-wddx-5.5.14-78.1 php5-wddx-debuginfo-5.5.14-78.1 php5-xmlreader-5.5.14-78.1 php5-xmlreader-debuginfo-5.5.14-78.1 php5-xmlrpc-5.5.14-78.1 php5-xmlrpc-debuginfo-5.5.14-78.1 php5-xmlwriter-5.5.14-78.1 php5-xmlwriter-debuginfo-5.5.14-78.1 php5-xsl-5.5.14-78.1 php5-xsl-debuginfo-5.5.14-78.1 php5-zip-5.5.14-78.1 php5-zip-debuginfo-5.5.14-78.1 php5-zlib-5.5.14-78.1 php5-zlib-debuginfo-5.5.14-78.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-78.1 References: https://www.suse.com/security/cve/CVE-2016-7411.html https://www.suse.com/security/cve/CVE-2016-7412.html https://www.suse.com/security/cve/CVE-2016-7413.html https://www.suse.com/security/cve/CVE-2016-7414.html https://www.suse.com/security/cve/CVE-2016-7416.html https://www.suse.com/security/cve/CVE-2016-7417.html https://www.suse.com/security/cve/CVE-2016-7418.html https://bugzilla.suse.com/999679 https://bugzilla.suse.com/999680 https://bugzilla.suse.com/999682 https://bugzilla.suse.com/999684 https://bugzilla.suse.com/999685 https://bugzilla.suse.com/999819 https://bugzilla.suse.com/999820 From sle-updates at lists.suse.com Fri Oct 7 15:08:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2016 23:08:33 +0200 (CEST) Subject: SUSE-RU-2016:2478-1: moderate: Recommended update for python-azure-agent Message-ID: <20161007210833.6C996F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2478-1 Rating: moderate References: #994592 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent provides the following fixes and enhancements: - Correctly assign IP address to the high speed network interface on Azure's A8 instances. (bsc#994592) - Improved RDMA support. - Extension state migration. - Disabled auto-update. - Enforce http proxy support for calls to storage. - Stop disabling SELinux during provisioning. - Fix partition table race condition. - Fix latest version selection. - Fix extension substatus structure. - Fix shlex related update bug in Python 2.6. - Correct behavior of register-service. - AzureStack fixes. - Support xfs filesystem. - Correct service start/restart behavior. - Support for disabling provisioning. - Stop spamming journal with pidof dhclient related messages. - Add goal state processor to the version output. - Fix walinuxagent.service's Want, After. - Ensure to load latest agents. - Correct proxy port type. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1449=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.2.0-21.1 References: https://bugzilla.suse.com/994592 From sle-updates at lists.suse.com Mon Oct 10 09:09:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Oct 2016 17:09:58 +0200 (CEST) Subject: SUSE-RU-2016:2482-1: moderate: Recommended update for python-azure-agent Message-ID: <20161010150958.4FD78F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2482-1 Rating: moderate References: #994592 Affected Products: SUSE Linux Enterprise Server 11-PUBCLOUD ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent provides the following fixes and enhancements: - Correctly assign IP address to the high speed network interface on Azure's A8 instances. (bsc#994592) - Improved RDMA support. - Extension state migration. - Disabled auto-update. - Enforce http proxy support for calls to storage. - Stop disabling SELinux during provisioning. - Fix partition table race condition. - Fix latest version selection. - Fix extension substatus structure. - Fix shlex related update bug in Python 2.6. - Correct behavior of register-service. - AzureStack fixes. - Support xfs filesystem. - Correct service start/restart behavior. - Support for disabling provisioning. - Stop spamming journal with pidof dhclient related messages. - Add goal state processor to the version output. - Fix walinuxagent.service's Want, After. - Ensure to load latest agents. - Correct proxy port type. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-PUBCLOUD: zypper in -t patch pubclsp3-python-azure-agent-12779=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-PUBCLOUD (x86_64): python-azure-agent-2.2.0-18.1 References: https://bugzilla.suse.com/994592 From sle-updates at lists.suse.com Mon Oct 10 09:10:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Oct 2016 17:10:23 +0200 (CEST) Subject: SUSE-RU-2016:2483-1: Recommended update for lsof Message-ID: <20161010151023.A05F3F7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for lsof ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2483-1 Rating: low References: #919358 #995061 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lsof provides the following fixes: - Fix printing of export entries by 'lsof -N' when two NFS volumes from the same server are mounted. (bsc#919358) - Prevent 'lsof -b' from hanging when NFS server is unavailable. (bsc#995061) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1452=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1452=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): lsof-4.84-22.1 lsof-debuginfo-4.84-22.1 lsof-debugsource-4.84-22.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): lsof-4.84-22.1 lsof-debuginfo-4.84-22.1 lsof-debugsource-4.84-22.1 References: https://bugzilla.suse.com/919358 https://bugzilla.suse.com/995061 From sle-updates at lists.suse.com Mon Oct 10 12:09:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Oct 2016 20:09:24 +0200 (CEST) Subject: SUSE-RU-2016:2487-1: Recommended update for timezone Message-ID: <20161010180924.17229F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2487-1 Rating: low References: #997830 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2016g) for your system, including the following changes: - Turkey will remain on UTC+03 after 2016-10-30. (bsc#997830) - Antarctica and nautical time zones now use numeric time zone abbreviations instead of obsolete alphanumeric ones. - Renamed Asia/Rangoon to Asia/Yangon. This release also includes changes affecting past time stamps and documentation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1454=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1454=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1454=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1454=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): timezone-java-2016g-0.60.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): timezone-2016g-0.60.1 timezone-debuginfo-2016g-0.60.1 timezone-debugsource-2016g-0.60.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): timezone-2016g-0.60.1 timezone-debuginfo-2016g-0.60.1 timezone-debugsource-2016g-0.60.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): timezone-java-2016g-0.60.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): timezone-2016g-0.60.1 timezone-debuginfo-2016g-0.60.1 timezone-debugsource-2016g-0.60.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): timezone-java-2016g-0.60.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): timezone-2016g-0.60.1 timezone-debuginfo-2016g-0.60.1 timezone-debugsource-2016g-0.60.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): timezone-java-2016g-0.60.1 References: https://bugzilla.suse.com/997830 From sle-updates at lists.suse.com Mon Oct 10 12:09:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Oct 2016 20:09:59 +0200 (CEST) Subject: SUSE-RU-2016:2488-1: Recommended update for timezone Message-ID: <20161010180959.59B65F7BD@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2488-1 Rating: low References: #997830 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information for your system, including the following changes: - Turkey will remain on UTC+03 after 2016-10-30. (bsc#997830) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-timezone-12780=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-timezone-12780=1 - SUSE Manager 2.1: zypper in -t patch sleman21-timezone-12780=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-timezone-12780=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-timezone-12780=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-timezone-12780=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-timezone-12780=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-timezone-12780=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-12780=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-timezone-12780=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-timezone-12780=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): timezone-2016f-0.39.1 - SUSE OpenStack Cloud 5 (noarch): timezone-java-2016f-0.39.1 - SUSE Manager Proxy 2.1 (x86_64): timezone-2016f-0.39.1 - SUSE Manager Proxy 2.1 (noarch): timezone-java-2016f-0.39.1 - SUSE Manager 2.1 (s390x x86_64): timezone-2016f-0.39.1 - SUSE Manager 2.1 (noarch): timezone-java-2016f-0.39.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): timezone-java-2016f-0.39.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-2016f-0.39.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): timezone-java-2016f-0.39.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): timezone-2016f-0.39.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): timezone-java-2016f-0.39.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): timezone-2016f-0.39.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (noarch): timezone-java-2016f-0.39.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): timezone-java-2016f-0.39.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): timezone-2016f-0.39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2016f-0.39.1 timezone-debugsource-2016f-0.39.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): timezone-debuginfo-2016f-0.39.1 timezone-debugsource-2016f-0.39.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): timezone-debuginfo-2016f-0.39.1 timezone-debugsource-2016f-0.39.1 References: https://bugzilla.suse.com/997830 From sle-updates at lists.suse.com Mon Oct 10 18:08:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2016 02:08:49 +0200 (CEST) Subject: SUSE-RU-2016:2489-1: Recommended update for gdm Message-ID: <20161011000849.EABF0F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2489-1 Rating: low References: #938874 #981261 #981976 #984103 #984620 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for gdm provides the following fixes: - Always claim session running when sending back keepalive packets. (bsc#984620) - Set XDG_CURRENT_DESKTOP environment variable correctly. (bsc#981261) - Exit gracefully if systemd is shutting down while the display manager is starting up. (bsc#938874) - Do not retry indefinitely when the display manager fails to start. (bsc#981976) - Do not log warnings about slave programs failing to access the display. (bsc#984103) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1456=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1456=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1456=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gdm-debuginfo-3.10.0.1-49.1 gdm-debugsource-3.10.0.1-49.1 gdm-devel-3.10.0.1-49.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gdm-3.10.0.1-49.1 gdm-debuginfo-3.10.0.1-49.1 gdm-debugsource-3.10.0.1-49.1 libgdm1-3.10.0.1-49.1 libgdm1-debuginfo-3.10.0.1-49.1 typelib-1_0-Gdm-1_0-3.10.0.1-49.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gdm-branding-upstream-3.10.0.1-49.1 gdm-lang-3.10.0.1-49.1 gdmflexiserver-3.10.0.1-49.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gdm-3.10.0.1-49.1 gdm-debuginfo-3.10.0.1-49.1 gdm-debugsource-3.10.0.1-49.1 libgdm1-3.10.0.1-49.1 libgdm1-debuginfo-3.10.0.1-49.1 typelib-1_0-Gdm-1_0-3.10.0.1-49.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gdm-branding-upstream-3.10.0.1-49.1 gdm-lang-3.10.0.1-49.1 gdmflexiserver-3.10.0.1-49.1 References: https://bugzilla.suse.com/938874 https://bugzilla.suse.com/981261 https://bugzilla.suse.com/981976 https://bugzilla.suse.com/984103 https://bugzilla.suse.com/984620 From sle-updates at lists.suse.com Tue Oct 11 08:09:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2016 16:09:03 +0200 (CEST) Subject: SUSE-RU-2016:2491-1: moderate: Recommended update for irqbalance Message-ID: <20161011140903.A6928F7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2491-1 Rating: moderate References: #1000291 #979303 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for irqbalance provides the following fixes: - Fix find_best_object() for the same d->load value. (bsc#979303) - Fix irq_info->load miscalculation for cache domain and others. (bsc#979303) - Fix a memory leak on systems without PCI devices like AWS EC2 PV VMs. (bsc#1000291) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1457=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1457=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64): irqbalance-1.0.7-12.1 irqbalance-debuginfo-1.0.7-12.1 irqbalance-debugsource-1.0.7-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): irqbalance-1.0.7-12.1 irqbalance-debuginfo-1.0.7-12.1 irqbalance-debugsource-1.0.7-12.1 References: https://bugzilla.suse.com/1000291 https://bugzilla.suse.com/979303 From sle-updates at lists.suse.com Tue Oct 11 10:09:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2016 18:09:14 +0200 (CEST) Subject: SUSE-SU-2016:2492-1: important: Security update for ghostscript-library Message-ID: <20161011160914.C8811F7BB@maintenance.suse.de> SUSE Security Update: Security update for ghostscript-library ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2492-1 Rating: important References: #1001951 Cross-References: CVE-2013-5653 CVE-2016-7978 CVE-2016-7979 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's "-dsafer" flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, bsc#1001951) - An incorrect reference count was found in .setdevice. This issue lead to a use-after-free scenario, which could have been exploited for denial-of-service or, possibly, arbitrary code execution attacks. (CVE-2016-7978, bsc#1001951) - Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1458=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1458=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1458=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1458=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1458=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ghostscript-debuginfo-9.15-11.1 ghostscript-debugsource-9.15-11.1 ghostscript-devel-9.15-11.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): ghostscript-9.15-11.1 ghostscript-debuginfo-9.15-11.1 ghostscript-debugsource-9.15-11.1 ghostscript-x11-9.15-11.1 ghostscript-x11-debuginfo-9.15-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ghostscript-9.15-11.1 ghostscript-debuginfo-9.15-11.1 ghostscript-debugsource-9.15-11.1 ghostscript-x11-9.15-11.1 ghostscript-x11-debuginfo-9.15-11.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ghostscript-9.15-11.1 ghostscript-debuginfo-9.15-11.1 ghostscript-debugsource-9.15-11.1 ghostscript-x11-9.15-11.1 ghostscript-x11-debuginfo-9.15-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ghostscript-9.15-11.1 ghostscript-debuginfo-9.15-11.1 ghostscript-debugsource-9.15-11.1 ghostscript-x11-9.15-11.1 ghostscript-x11-debuginfo-9.15-11.1 References: https://www.suse.com/security/cve/CVE-2013-5653.html https://www.suse.com/security/cve/CVE-2016-7978.html https://www.suse.com/security/cve/CVE-2016-7979.html https://bugzilla.suse.com/1001951 From sle-updates at lists.suse.com Tue Oct 11 10:09:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2016 18:09:47 +0200 (CEST) Subject: SUSE-SU-2016:2493-1: important: Security update for ghostscript-library Message-ID: <20161011160947.937E0F7BC@maintenance.suse.de> SUSE Security Update: Security update for ghostscript-library ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2493-1 Rating: important References: #1001951 #939342 Cross-References: CVE-2013-5653 CVE-2015-3228 CVE-2016-7977 CVE-2016-7979 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ghostscript-library fixes the following issues: - Multiple security vulnerabilities have been discovered where ghostscript's "-dsafer" flag did not provide sufficient protection against unintended access to the file system. Thus, a machine that would process a specially crafted Postscript file would potentially leak sensitive information to an attacker. (CVE-2013-5653, CVE-2016-7977, bsc#1001951) - Insufficient validation of the type of input in .initialize_dsc_parser used to allow remote code execution. (CVE-2016-7979, bsc#1001951) - An integer overflow in the gs_heap_alloc_bytes function used to allow remote attackers to cause a denial of service (crash) via specially crafted Postscript files. (CVE-2015-3228, boo#939342) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ghostscript-library-12781=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-ghostscript-library-12781=1 - SUSE Manager 2.1: zypper in -t patch sleman21-ghostscript-library-12781=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ghostscript-library-12781=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ghostscript-library-12781=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ghostscript-library-12781=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ghostscript-library-12781=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ghostscript-library-12781=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ghostscript-library-12781=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ghostscript-library-12781=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-ghostscript-library-12781=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ghostscript-fonts-other-8.62-32.38.1 ghostscript-fonts-rus-8.62-32.38.1 ghostscript-fonts-std-8.62-32.38.1 ghostscript-library-8.62-32.38.1 ghostscript-omni-8.62-32.38.1 ghostscript-x11-8.62-32.38.1 libgimpprint-4.2.7-32.38.1 - SUSE Manager Proxy 2.1 (x86_64): ghostscript-fonts-other-8.62-32.38.1 ghostscript-fonts-rus-8.62-32.38.1 ghostscript-fonts-std-8.62-32.38.1 ghostscript-library-8.62-32.38.1 ghostscript-omni-8.62-32.38.1 ghostscript-x11-8.62-32.38.1 libgimpprint-4.2.7-32.38.1 - SUSE Manager 2.1 (s390x x86_64): ghostscript-fonts-other-8.62-32.38.1 ghostscript-fonts-rus-8.62-32.38.1 ghostscript-fonts-std-8.62-32.38.1 ghostscript-library-8.62-32.38.1 ghostscript-omni-8.62-32.38.1 ghostscript-x11-8.62-32.38.1 libgimpprint-4.2.7-32.38.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-devel-8.62-32.38.1 ghostscript-ijs-devel-8.62-32.38.1 libgimpprint-devel-4.2.7-32.38.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-fonts-other-8.62-32.38.1 ghostscript-fonts-rus-8.62-32.38.1 ghostscript-fonts-std-8.62-32.38.1 ghostscript-library-8.62-32.38.1 ghostscript-omni-8.62-32.38.1 ghostscript-x11-8.62-32.38.1 libgimpprint-4.2.7-32.38.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ghostscript-fonts-other-8.62-32.38.1 ghostscript-fonts-rus-8.62-32.38.1 ghostscript-fonts-std-8.62-32.38.1 ghostscript-library-8.62-32.38.1 ghostscript-omni-8.62-32.38.1 ghostscript-x11-8.62-32.38.1 libgimpprint-4.2.7-32.38.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): ghostscript-fonts-other-8.62-32.38.1 ghostscript-fonts-rus-8.62-32.38.1 ghostscript-fonts-std-8.62-32.38.1 ghostscript-library-8.62-32.38.1 ghostscript-omni-8.62-32.38.1 ghostscript-x11-8.62-32.38.1 libgimpprint-4.2.7-32.38.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ghostscript-fonts-other-8.62-32.38.1 ghostscript-fonts-rus-8.62-32.38.1 ghostscript-fonts-std-8.62-32.38.1 ghostscript-library-8.62-32.38.1 ghostscript-omni-8.62-32.38.1 ghostscript-x11-8.62-32.38.1 libgimpprint-4.2.7-32.38.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ghostscript-library-debuginfo-8.62-32.38.1 ghostscript-library-debugsource-8.62-32.38.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ghostscript-library-debuginfo-8.62-32.38.1 ghostscript-library-debugsource-8.62-32.38.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): ghostscript-library-debuginfo-8.62-32.38.1 ghostscript-library-debugsource-8.62-32.38.1 References: https://www.suse.com/security/cve/CVE-2013-5653.html https://www.suse.com/security/cve/CVE-2015-3228.html https://www.suse.com/security/cve/CVE-2016-7977.html https://www.suse.com/security/cve/CVE-2016-7979.html https://bugzilla.suse.com/1001951 https://bugzilla.suse.com/939342 From sle-updates at lists.suse.com Tue Oct 11 14:08:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2016 22:08:08 +0200 (CEST) Subject: SUSE-RU-2016:2499-1: Recommended update for ipsec-tools Message-ID: <20161011200808.310A5F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipsec-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2499-1 Rating: low References: #1002216 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ipsec-tools fixes a segmentation fault when the path of the log file is passed to racoon(8) as a command line argument. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1460=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ipsec-tools-0.8.0-18.1 ipsec-tools-debuginfo-0.8.0-18.1 ipsec-tools-debugsource-0.8.0-18.1 References: https://bugzilla.suse.com/1002216 From sle-updates at lists.suse.com Wed Oct 12 07:08:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2016 15:08:29 +0200 (CEST) Subject: SUSE-SU-2016:2505-1: moderate: Security update for X Window System client libraries Message-ID: <20161012130829.5B457F7BB@maintenance.suse.de> SUSE Security Update: Security update for X Window System client libraries ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2505-1 Rating: moderate References: #1002991 #1002995 #1002998 #1003000 #1003002 #1003012 #1003017 #1003023 Cross-References: CVE-2016-5407 CVE-2016-7942 CVE-2016-7944 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7949 CVE-2016-7950 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically: libX11: - CVE-2016-7942: insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991) libXfixes: - CVE-2016-7944: insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995) libXi: - CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998) libXtst: - CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012) libXv: - CVE-2016-5407: insufficient validation of data from the X server can cause out of boundary memory and memory corruption (bsc#1003017) libXvMC: - CVE-2016-7953: insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023) libXrender: - CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002) libXrandr: - CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1464=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1464=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1464=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libX11-debugsource-1.6.2-6.2 libX11-devel-1.6.2-6.2 libXfixes-debugsource-5.0.1-5.2 libXfixes-devel-5.0.1-5.2 libXi-debugsource-1.7.4-12.2 libXi-devel-1.7.4-12.2 libXrandr-debugsource-1.4.2-5.2 libXrandr-devel-1.4.2-5.2 libXrender-debugsource-0.9.8-5.2 libXrender-devel-0.9.8-5.2 libXtst-debugsource-1.2.2-5.2 libXtst-devel-1.2.2-5.2 libXv-debugsource-1.0.10-5.2 libXv-devel-1.0.10-5.2 libXvMC-debugsource-1.0.8-5.2 libXvMC-devel-1.0.8-5.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libX11-6-1.6.2-6.2 libX11-6-debuginfo-1.6.2-6.2 libX11-debugsource-1.6.2-6.2 libX11-xcb1-1.6.2-6.2 libX11-xcb1-debuginfo-1.6.2-6.2 libXfixes-debugsource-5.0.1-5.2 libXfixes3-5.0.1-5.2 libXfixes3-debuginfo-5.0.1-5.2 libXi-debugsource-1.7.4-12.2 libXi6-1.7.4-12.2 libXi6-debuginfo-1.7.4-12.2 libXrandr-debugsource-1.4.2-5.2 libXrandr2-1.4.2-5.2 libXrandr2-debuginfo-1.4.2-5.2 libXrender-debugsource-0.9.8-5.2 libXrender1-0.9.8-5.2 libXrender1-debuginfo-0.9.8-5.2 libXtst-debugsource-1.2.2-5.2 libXtst6-1.2.2-5.2 libXtst6-debuginfo-1.2.2-5.2 libXv-debugsource-1.0.10-5.2 libXv1-1.0.10-5.2 libXv1-debuginfo-1.0.10-5.2 libXvMC-debugsource-1.0.8-5.2 libXvMC1-1.0.8-5.2 libXvMC1-debuginfo-1.0.8-5.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libX11-6-32bit-1.6.2-6.2 libX11-6-debuginfo-32bit-1.6.2-6.2 libX11-xcb1-32bit-1.6.2-6.2 libX11-xcb1-debuginfo-32bit-1.6.2-6.2 libXfixes3-32bit-5.0.1-5.2 libXfixes3-debuginfo-32bit-5.0.1-5.2 libXi6-32bit-1.7.4-12.2 libXi6-debuginfo-32bit-1.7.4-12.2 libXrandr2-32bit-1.4.2-5.2 libXrandr2-debuginfo-32bit-1.4.2-5.2 libXrender1-32bit-0.9.8-5.2 libXrender1-debuginfo-32bit-0.9.8-5.2 libXtst6-32bit-1.2.2-5.2 libXtst6-debuginfo-32bit-1.2.2-5.2 libXv1-32bit-1.0.10-5.2 libXv1-debuginfo-32bit-1.0.10-5.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): libX11-data-1.6.2-6.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libX11-6-1.6.2-6.2 libX11-6-32bit-1.6.2-6.2 libX11-6-debuginfo-1.6.2-6.2 libX11-6-debuginfo-32bit-1.6.2-6.2 libX11-debugsource-1.6.2-6.2 libX11-xcb1-1.6.2-6.2 libX11-xcb1-32bit-1.6.2-6.2 libX11-xcb1-debuginfo-1.6.2-6.2 libX11-xcb1-debuginfo-32bit-1.6.2-6.2 libXfixes-debugsource-5.0.1-5.2 libXfixes3-32bit-5.0.1-5.2 libXfixes3-5.0.1-5.2 libXfixes3-debuginfo-32bit-5.0.1-5.2 libXfixes3-debuginfo-5.0.1-5.2 libXi-debugsource-1.7.4-12.2 libXi6-1.7.4-12.2 libXi6-32bit-1.7.4-12.2 libXi6-debuginfo-1.7.4-12.2 libXi6-debuginfo-32bit-1.7.4-12.2 libXrandr-debugsource-1.4.2-5.2 libXrandr2-1.4.2-5.2 libXrandr2-32bit-1.4.2-5.2 libXrandr2-debuginfo-1.4.2-5.2 libXrandr2-debuginfo-32bit-1.4.2-5.2 libXrender-debugsource-0.9.8-5.2 libXrender1-0.9.8-5.2 libXrender1-32bit-0.9.8-5.2 libXrender1-debuginfo-0.9.8-5.2 libXrender1-debuginfo-32bit-0.9.8-5.2 libXtst-debugsource-1.2.2-5.2 libXtst6-1.2.2-5.2 libXtst6-32bit-1.2.2-5.2 libXtst6-debuginfo-1.2.2-5.2 libXtst6-debuginfo-32bit-1.2.2-5.2 libXv-debugsource-1.0.10-5.2 libXv1-1.0.10-5.2 libXv1-32bit-1.0.10-5.2 libXv1-debuginfo-1.0.10-5.2 libXv1-debuginfo-32bit-1.0.10-5.2 libXvMC-debugsource-1.0.8-5.2 libXvMC1-1.0.8-5.2 libXvMC1-debuginfo-1.0.8-5.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): libX11-data-1.6.2-6.2 References: https://www.suse.com/security/cve/CVE-2016-5407.html https://www.suse.com/security/cve/CVE-2016-7942.html https://www.suse.com/security/cve/CVE-2016-7944.html https://www.suse.com/security/cve/CVE-2016-7945.html https://www.suse.com/security/cve/CVE-2016-7946.html https://www.suse.com/security/cve/CVE-2016-7947.html https://www.suse.com/security/cve/CVE-2016-7948.html https://www.suse.com/security/cve/CVE-2016-7949.html https://www.suse.com/security/cve/CVE-2016-7950.html https://www.suse.com/security/cve/CVE-2016-7951.html https://www.suse.com/security/cve/CVE-2016-7952.html https://www.suse.com/security/cve/CVE-2016-7953.html https://bugzilla.suse.com/1002991 https://bugzilla.suse.com/1002995 https://bugzilla.suse.com/1002998 https://bugzilla.suse.com/1003000 https://bugzilla.suse.com/1003002 https://bugzilla.suse.com/1003012 https://bugzilla.suse.com/1003017 https://bugzilla.suse.com/1003023 From sle-updates at lists.suse.com Wed Oct 12 07:10:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2016 15:10:07 +0200 (CEST) Subject: SUSE-SU-2016:2506-1: moderate: Security update for freerdp Message-ID: <20161012131007.B04EAF7BB@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2506-1 Rating: moderate References: #829013 #857491 #880317 Cross-References: CVE-2013-4118 CVE-2014-0250 CVE-2014-0791 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2013-4118: Added a NULL pointer check to fix a server crash (bsc#829013). - CVE-2014-0791: Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP allowed remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet. (bsc#857491) - CVE-2014-0250: Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allowed remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. (bsc#880317) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1462=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1462=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1462=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): freerdp-1.0.2-9.1 freerdp-debuginfo-1.0.2-9.1 freerdp-debugsource-1.0.2-9.1 libfreerdp-1_0-1.0.2-9.1 libfreerdp-1_0-debuginfo-1.0.2-9.1 libfreerdp-1_0-plugins-1.0.2-9.1 libfreerdp-1_0-plugins-debuginfo-1.0.2-9.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): freerdp-debuginfo-1.0.2-9.1 freerdp-debugsource-1.0.2-9.1 freerdp-devel-1.0.2-9.1 libfreerdp-1_0-1.0.2-9.1 libfreerdp-1_0-debuginfo-1.0.2-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): freerdp-1.0.2-9.1 freerdp-debuginfo-1.0.2-9.1 freerdp-debugsource-1.0.2-9.1 libfreerdp-1_0-1.0.2-9.1 libfreerdp-1_0-debuginfo-1.0.2-9.1 libfreerdp-1_0-plugins-1.0.2-9.1 libfreerdp-1_0-plugins-debuginfo-1.0.2-9.1 References: https://www.suse.com/security/cve/CVE-2013-4118.html https://www.suse.com/security/cve/CVE-2014-0250.html https://www.suse.com/security/cve/CVE-2014-0791.html https://bugzilla.suse.com/829013 https://bugzilla.suse.com/857491 https://bugzilla.suse.com/880317 From sle-updates at lists.suse.com Wed Oct 12 07:11:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2016 15:11:00 +0200 (CEST) Subject: SUSE-SU-2016:2507-1: important: Security update for xen Message-ID: <20161012131100.E3B0FF7BC@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2507-1 Rating: important References: #966467 #970135 #971949 #988675 #990970 #991934 #992224 #993507 #994136 #994421 #994625 #994761 #994772 #994775 #995785 #995789 #995792 #997731 Cross-References: CVE-2016-6258 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7154 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 8 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789) - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel code in Xen allowed local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number (bsc#997731) - CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside the guest to leak information. It occured while processing transmit(tx) queue, when it reaches the end of packet (bsc#994761) - CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device support, during the initialisation of new packets in the device, could have allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994772) - CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994775) - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625) - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) These non-security issues were fixed: - bsc#993507: virsh detach-disk failing to detach disk - bsc#991934: Xen hypervisor crash in csched_acct - bsc#992224: During boot of Xen Hypervisor, Failed to get contiguous memory for DMA - bsc#970135: New virtualization project clock test randomly fails on Xen - bsc#994136: Unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol - bsc#994136: xen_platform: unplug also SCSI disks in qemu-xen - bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live - bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79) - bsc#966467: Live Migration SLES 11 SP3 to SP4 on AMD Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xen-12782=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xen-12782=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-12782=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): xen-devel-4.4.4_08-40.2 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): xen-kmp-default-4.4.4_08_3.0.101_80-40.2 xen-libs-4.4.4_08-40.2 xen-tools-domU-4.4.4_08-40.2 - SUSE Linux Enterprise Server 11-SP4 (x86_64): xen-4.4.4_08-40.2 xen-doc-html-4.4.4_08-40.2 xen-libs-32bit-4.4.4_08-40.2 xen-tools-4.4.4_08-40.2 - SUSE Linux Enterprise Server 11-SP4 (i586): xen-kmp-pae-4.4.4_08_3.0.101_80-40.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_08-40.2 xen-debugsource-4.4.4_08-40.2 References: https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6833.html https://www.suse.com/security/cve/CVE-2016-6834.html https://www.suse.com/security/cve/CVE-2016-6835.html https://www.suse.com/security/cve/CVE-2016-6836.html https://www.suse.com/security/cve/CVE-2016-6888.html https://www.suse.com/security/cve/CVE-2016-7092.html https://www.suse.com/security/cve/CVE-2016-7093.html https://www.suse.com/security/cve/CVE-2016-7094.html https://www.suse.com/security/cve/CVE-2016-7154.html https://bugzilla.suse.com/966467 https://bugzilla.suse.com/970135 https://bugzilla.suse.com/971949 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/990970 https://bugzilla.suse.com/991934 https://bugzilla.suse.com/992224 https://bugzilla.suse.com/993507 https://bugzilla.suse.com/994136 https://bugzilla.suse.com/994421 https://bugzilla.suse.com/994625 https://bugzilla.suse.com/994761 https://bugzilla.suse.com/994772 https://bugzilla.suse.com/994775 https://bugzilla.suse.com/995785 https://bugzilla.suse.com/995789 https://bugzilla.suse.com/995792 https://bugzilla.suse.com/997731 From sle-updates at lists.suse.com Wed Oct 12 07:14:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2016 15:14:44 +0200 (CEST) Subject: SUSE-SU-2016:2508-1: moderate: Security update for tiff Message-ID: <20161012131444.E54B1F7BB@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2508-1 Rating: moderate References: #974449 #974614 #974618 #975069 #975070 Cross-References: CVE-2016-3622 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for tiff fixes the following security issues: - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449) - Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098) - CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618) - CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614) - CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069) - CVE-2016-3991: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via the tiffcrop tool (bsc#975070) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1461=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1461=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1461=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtiff-devel-4.0.6-31.1 tiff-debuginfo-4.0.6-31.1 tiff-debugsource-4.0.6-31.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtiff5-4.0.6-31.1 libtiff5-debuginfo-4.0.6-31.1 tiff-4.0.6-31.1 tiff-debuginfo-4.0.6-31.1 tiff-debugsource-4.0.6-31.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libtiff5-32bit-4.0.6-31.1 libtiff5-debuginfo-32bit-4.0.6-31.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libtiff5-32bit-4.0.6-31.1 libtiff5-4.0.6-31.1 libtiff5-debuginfo-32bit-4.0.6-31.1 libtiff5-debuginfo-4.0.6-31.1 tiff-debuginfo-4.0.6-31.1 tiff-debugsource-4.0.6-31.1 References: https://www.suse.com/security/cve/CVE-2016-3622.html https://www.suse.com/security/cve/CVE-2016-3623.html https://www.suse.com/security/cve/CVE-2016-3945.html https://www.suse.com/security/cve/CVE-2016-3990.html https://www.suse.com/security/cve/CVE-2016-3991.html https://bugzilla.suse.com/974449 https://bugzilla.suse.com/974614 https://bugzilla.suse.com/974618 https://bugzilla.suse.com/975069 https://bugzilla.suse.com/975070 From sle-updates at lists.suse.com Wed Oct 12 08:08:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2016 16:08:37 +0200 (CEST) Subject: SUSE-RU-2016:2509-1: moderate: Recommended update for sleshammer Message-ID: <20161012140837.5E6D6F7BB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sleshammer ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2509-1 Rating: moderate References: #985556 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 3 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sleshammer fixes the following issues: - Wait for admin IP to be reachable (bsc#985556) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1467=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1467=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1467=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): sleshammer-debugsource-0.6.1-0.20.1 sleshammer-x86_64-0.6.1-0.20.1 - SUSE Enterprise Storage 3 (noarch): sleshammer-debugsource-0.6.1-0.20.1 sleshammer-x86_64-0.6.1-0.20.1 - SUSE Enterprise Storage 2.1 (noarch): sleshammer-debugsource-0.6.1-0.20.1 sleshammer-x86_64-0.6.1-0.20.1 References: https://bugzilla.suse.com/985556 From sle-updates at lists.suse.com Wed Oct 12 08:09:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2016 16:09:12 +0200 (CEST) Subject: SUSE-SU-2016:2510-1: moderate: Security update for squidGuard Message-ID: <20161012140912.683F5F7BC@maintenance.suse.de> SUSE Security Update: Security update for squidGuard ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2510-1 Rating: moderate References: #985612 Cross-References: CVE-2015-8936 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: squidGuard was updated to fix one security issue. This security issue was fixed: - CVE-2015-8936: Reflected cross site scripting vulnerability because of insufficient escaping (bsc#985612). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-squidGuard-12783=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squidGuard-12783=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): squidGuard-1.4-13.10.1 squidGuard-doc-1.4-13.10.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): squidGuard-debuginfo-1.4-13.10.1 squidGuard-debugsource-1.4-13.10.1 References: https://www.suse.com/security/cve/CVE-2015-8936.html https://bugzilla.suse.com/985612 From sle-updates at lists.suse.com Wed Oct 12 08:09:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2016 16:09:38 +0200 (CEST) Subject: SUSE-SU-2016:2511-1: moderate: Security update for squidGuard Message-ID: <20161012140938.A12C0F7BC@maintenance.suse.de> SUSE Security Update: Security update for squidGuard ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2511-1 Rating: moderate References: #985612 Cross-References: CVE-2015-8936 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: squidGuard was updated to fix one security issue. This security issue was fixed: - CVE-2015-8936: Reflected cross site scripting vulnerability because of insufficient escaping (bsc#985612). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1465=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): squidGuard-1.4-27.1 squidGuard-debuginfo-1.4-27.1 squidGuard-debugsource-1.4-27.1 squidGuard-doc-1.4-27.1 References: https://www.suse.com/security/cve/CVE-2015-8936.html https://bugzilla.suse.com/985612 From sle-updates at lists.suse.com Wed Oct 12 09:08:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2016 17:08:51 +0200 (CEST) Subject: SUSE-SU-2016:2512-1: important: Security update for flash-playerqemu Message-ID: <20161012150851.51032F7BF@maintenance.suse.de> SUSE Security Update: Security update for flash-playerqemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2512-1 Rating: important References: #1003993 #1004019 Cross-References: CVE-2016-4273 CVE-2016-4286 CVE-2016-6981 CVE-2016-6982 CVE-2016-6983 CVE-2016-6984 CVE-2016-6985 CVE-2016-6986 CVE-2016-6987 CVE-2016-6989 CVE-2016-6990 CVE-2016-6992 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: flash-player was updated to version 11.2.202.637 to fix the following issues (bsc#1004019): CVE-2016-6992: A type confusion vulnerability that could lead to code execution. CVE-2016-6981, CVE-2016-6987: use-after-free vulnerabilities that could lead to code execution CVE-2016-4286: Security bypass vulnerability CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, CVE-2016-6990: Memory corruption vulnerabilities that could lead to code execution Also the EULA was updated to version 23.0 (bsc#1003993). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1468=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1468=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.637-143.1 flash-player-gnome-11.2.202.637-143.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.637-143.1 flash-player-gnome-11.2.202.637-143.1 References: https://www.suse.com/security/cve/CVE-2016-4273.html https://www.suse.com/security/cve/CVE-2016-4286.html https://www.suse.com/security/cve/CVE-2016-6981.html https://www.suse.com/security/cve/CVE-2016-6982.html https://www.suse.com/security/cve/CVE-2016-6983.html https://www.suse.com/security/cve/CVE-2016-6984.html https://www.suse.com/security/cve/CVE-2016-6985.html https://www.suse.com/security/cve/CVE-2016-6986.html https://www.suse.com/security/cve/CVE-2016-6987.html https://www.suse.com/security/cve/CVE-2016-6989.html https://www.suse.com/security/cve/CVE-2016-6990.html https://www.suse.com/security/cve/CVE-2016-6992.html https://bugzilla.suse.com/1003993 https://bugzilla.suse.com/1004019 From sle-updates at lists.suse.com Wed Oct 12 12:08:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2016 20:08:53 +0200 (CEST) Subject: SUSE-SU-2016:2513-1: important: Security update for MozillaFirefox Message-ID: <20161012180853.25105F7BC@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2513-1 Rating: important References: #999701 Cross-References: CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: MozillaFirefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed: * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList * MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame * MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-MozillaFirefox-12784=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-MozillaFirefox-12784=1 - SUSE Manager 2.1: zypper in -t patch sleman21-MozillaFirefox-12784=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12784=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12784=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-12784=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-12784=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12784=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-12784=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): MozillaFirefox-45.4.0esr-53.1 MozillaFirefox-translations-45.4.0esr-53.1 - SUSE Manager Proxy 2.1 (x86_64): MozillaFirefox-45.4.0esr-53.1 MozillaFirefox-translations-45.4.0esr-53.1 - SUSE Manager 2.1 (s390x x86_64): MozillaFirefox-45.4.0esr-53.1 MozillaFirefox-translations-45.4.0esr-53.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-45.4.0esr-53.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-45.4.0esr-53.1 MozillaFirefox-translations-45.4.0esr-53.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-45.4.0esr-53.1 MozillaFirefox-translations-45.4.0esr-53.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-45.4.0esr-53.1 MozillaFirefox-translations-45.4.0esr-53.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-45.4.0esr-53.1 MozillaFirefox-debugsource-45.4.0esr-53.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.4.0esr-53.1 MozillaFirefox-debugsource-45.4.0esr-53.1 References: https://www.suse.com/security/cve/CVE-2016-5250.html https://www.suse.com/security/cve/CVE-2016-5257.html https://www.suse.com/security/cve/CVE-2016-5261.html https://www.suse.com/security/cve/CVE-2016-5270.html https://www.suse.com/security/cve/CVE-2016-5272.html https://www.suse.com/security/cve/CVE-2016-5274.html https://www.suse.com/security/cve/CVE-2016-5276.html https://www.suse.com/security/cve/CVE-2016-5277.html https://www.suse.com/security/cve/CVE-2016-5278.html https://www.suse.com/security/cve/CVE-2016-5280.html https://www.suse.com/security/cve/CVE-2016-5281.html https://www.suse.com/security/cve/CVE-2016-5284.html https://bugzilla.suse.com/999701 From sle-updates at lists.suse.com Wed Oct 12 12:09:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2016 20:09:22 +0200 (CEST) Subject: SUSE-RU-2016:2514-1: Recommended update for tuned Message-ID: <20161012180922.876AAF7BD@maintenance.suse.de> SUSE Recommended Update: Recommended update for tuned ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2514-1 Rating: low References: #977575 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tuned provides the following fixes: - Adjust tuned.service to ensure the daemon is started after network initialization is done. (bsc#977575) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1470=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): tuned-2.3.0-5.1 References: https://bugzilla.suse.com/977575 From sle-updates at lists.suse.com Wed Oct 12 12:09:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2016 20:09:45 +0200 (CEST) Subject: SUSE-RU-2016:2515-1: moderate: Recommended update for openvswitch Message-ID: <20161012180945.8C448F7BD@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2515-1 Rating: moderate References: #966762 #968039 #970720 #993936 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Real Time Extension 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for openvswitch provides the following fixes: - Use the kernel's tunneling APIs instead of the OVS kernel datapath ones. (bsc#970720) - Prevent systemd from auto-generating a service file for openvswitch-switch which conflicts with the openvswitch one. (bsc#966762) - Fix possible infinite loop when starting up ovs-vswitchd. (bsc#993936) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1469=1 - SUSE Linux Enterprise Real Time Extension 12-SP1: zypper in -t patch SUSE-SLE-RT-12-SP1-2016-1469=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openvswitch-2.1.2-31.1 openvswitch-debuginfo-2.1.2-31.1 openvswitch-debugsource-2.1.2-31.1 openvswitch-kmp-default-2.1.2_k3.12.62_60.62-31.1 openvswitch-kmp-default-debuginfo-2.1.2_k3.12.62_60.62-31.1 openvswitch-switch-2.1.2-31.1 openvswitch-switch-debuginfo-2.1.2-31.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): openvswitch-kmp-xen-2.1.2_k3.12.62_60.62-31.1 openvswitch-kmp-xen-debuginfo-2.1.2_k3.12.62_60.62-31.1 - SUSE Linux Enterprise Real Time Extension 12-SP1 (x86_64): openvswitch-kmp-compute-2.1.2_k3.12.61_60.18-31.1 openvswitch-kmp-compute-debuginfo-2.1.2_k3.12.61_60.18-31.1 openvswitch-kmp-rt-2.1.2_k3.12.61_60.18-31.1 openvswitch-kmp-rt-debuginfo-2.1.2_k3.12.61_60.18-31.1 References: https://bugzilla.suse.com/966762 https://bugzilla.suse.com/968039 https://bugzilla.suse.com/970720 https://bugzilla.suse.com/993936 From sle-updates at lists.suse.com Thu Oct 13 09:10:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2016 17:10:47 +0200 (CEST) Subject: SUSE-SU-2016:2527-1: moderate: Security update for tiff Message-ID: <20161013151047.C22F4F7BE@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2527-1 Rating: moderate References: #973340 #974449 #974614 #974618 #975069 #984808 #984831 #984837 #984842 #987351 Cross-References: CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3945 CVE-2016-3990 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449) - Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098) - CVE-2016-5314: Specially crafted TIFF images could trigger a crash that could result in DoS (bsc#984831) - CVE-2016-5316: Specially crafted TIFF images could trigger a crash in the rgb2ycbcr tool, leading to Doa (bsc#984837) - CVE-2016-5317: Specially crafted TIFF images could trigger a crash through an out of bound write (bsc#984842) - CVE-2016-5320: Specially crafted TIFF images could trigger a crash or potentially allow remote code execution when using the rgb2ycbcr command (bsc#984808) - CVE-2016-5875: Specially crafted TIFF images could trigger could allow arbitrary code execution (bsc#987351) - CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618) - CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614) - CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069) - CVE-2016-3186: Specially crafted TIFF imaged could trigger a crash in the gif2tiff command via a buffer overflow (bsc#973340) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-tiff-12785=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tiff-12785=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tiff-12785=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff-devel-3.8.2-141.168.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libtiff-devel-32bit-3.8.2-141.168.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtiff3-3.8.2-141.168.1 tiff-3.8.2-141.168.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libtiff3-32bit-3.8.2-141.168.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libtiff3-x86-3.8.2-141.168.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): tiff-debuginfo-3.8.2-141.168.1 tiff-debugsource-3.8.2-141.168.1 References: https://www.suse.com/security/cve/CVE-2016-3186.html https://www.suse.com/security/cve/CVE-2016-3622.html https://www.suse.com/security/cve/CVE-2016-3623.html https://www.suse.com/security/cve/CVE-2016-3945.html https://www.suse.com/security/cve/CVE-2016-3990.html https://www.suse.com/security/cve/CVE-2016-5314.html https://www.suse.com/security/cve/CVE-2016-5316.html https://www.suse.com/security/cve/CVE-2016-5317.html https://www.suse.com/security/cve/CVE-2016-5320.html https://www.suse.com/security/cve/CVE-2016-5875.html https://bugzilla.suse.com/973340 https://bugzilla.suse.com/974449 https://bugzilla.suse.com/974614 https://bugzilla.suse.com/974618 https://bugzilla.suse.com/975069 https://bugzilla.suse.com/984808 https://bugzilla.suse.com/984831 https://bugzilla.suse.com/984837 https://bugzilla.suse.com/984842 https://bugzilla.suse.com/987351 From sle-updates at lists.suse.com Thu Oct 13 12:08:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2016 20:08:38 +0200 (CEST) Subject: SUSE-SU-2016:2528-1: important: Security update for xen Message-ID: <20161013180838.5B036F7BE@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2528-1 Rating: important References: #973188 #974038 #975130 #975138 #978164 #978295 #980716 #980724 #981264 #982960 #983984 #988675 #995785 #995792 Cross-References: CVE-2014-3615 CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4439 CVE-2016-4441 CVE-2016-4480 CVE-2016-5238 CVE-2016-5338 CVE-2016-6258 CVE-2016-7092 CVE-2016-7094 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960) - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264) - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724) - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716) - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue (bsc#978164) - CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen did not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might have allowed local guest OS users to gain privileges via a crafted mapping of memory (bsc#978295) - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038) - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188) - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130) - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-xen-12786=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): xen-devel-4.1.6_08-29.1 xen-kmp-default-4.1.6_08_3.0.101_0.7.40-29.1 xen-kmp-trace-4.1.6_08_3.0.101_0.7.40-29.1 xen-libs-4.1.6_08-29.1 xen-tools-domU-4.1.6_08-29.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (x86_64): xen-4.1.6_08-29.1 xen-doc-html-4.1.6_08-29.1 xen-doc-pdf-4.1.6_08-29.1 xen-libs-32bit-4.1.6_08-29.1 xen-tools-4.1.6_08-29.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): xen-kmp-pae-4.1.6_08_3.0.101_0.7.40-29.1 References: https://www.suse.com/security/cve/CVE-2014-3615.html https://www.suse.com/security/cve/CVE-2014-3672.html https://www.suse.com/security/cve/CVE-2016-3158.html https://www.suse.com/security/cve/CVE-2016-3159.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3960.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4480.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-7092.html https://www.suse.com/security/cve/CVE-2016-7094.html https://bugzilla.suse.com/973188 https://bugzilla.suse.com/974038 https://bugzilla.suse.com/975130 https://bugzilla.suse.com/975138 https://bugzilla.suse.com/978164 https://bugzilla.suse.com/978295 https://bugzilla.suse.com/980716 https://bugzilla.suse.com/980724 https://bugzilla.suse.com/981264 https://bugzilla.suse.com/982960 https://bugzilla.suse.com/983984 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/995785 https://bugzilla.suse.com/995792 From sle-updates at lists.suse.com Thu Oct 13 12:11:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2016 20:11:32 +0200 (CEST) Subject: SUSE-RU-2016:2530-1: Recommended update for python-azurectl Message-ID: <20161013181132.5B72BF7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azurectl ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2530-1 Rating: low References: #999200 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python-azurectl 2.1.1 which brings support for SMT server deployment. For a detailed description of all changes, please refer to the changelog. Additionally the new package python-future has been added. python-future provides easy and safe support for Python 2/3 compatibility. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1475=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azurectl-2.1.1-10.1 python-future-0.15.2-2.1 References: https://bugzilla.suse.com/999200 From sle-updates at lists.suse.com Thu Oct 13 12:11:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2016 20:11:54 +0200 (CEST) Subject: SUSE-RU-2016:2531-1: moderate: Recommended update for libcgroup Message-ID: <20161013181154.3284DF7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcgroup ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2531-1 Rating: moderate References: #987985 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libcgroup fixes the following issue: - Fix hang when system attempts to shut down after control group service restart cycle. (bsc#987985) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1474=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1474=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1474=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libcgroup-debugsource-0.41.rc1-7.3 libcgroup-devel-0.41.rc1-7.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libcgroup-debugsource-0.41.rc1-7.3 libcgroup-tools-0.41.rc1-7.3 libcgroup-tools-debuginfo-0.41.rc1-7.3 libcgroup1-0.41.rc1-7.3 libcgroup1-debuginfo-0.41.rc1-7.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libcgroup-debugsource-0.41.rc1-7.3 libcgroup1-0.41.rc1-7.3 libcgroup1-debuginfo-0.41.rc1-7.3 References: https://bugzilla.suse.com/987985 From sle-updates at lists.suse.com Thu Oct 13 13:08:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2016 21:08:44 +0200 (CEST) Subject: SUSE-SU-2016:2532-1: moderate: Security update for gtk2 Message-ID: <20161013190844.ECC0FF7BC@maintenance.suse.de> SUSE Security Update: Security update for gtk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2532-1 Rating: moderate References: #966682 #988745 #991450 Cross-References: CVE-2013-7447 CVE-2016-6352 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for gtk2 fixes the following security issues: - CVE-2016-6352: Some crashes were fixed, including a out of bounds write in the OneLine32() function that could be used by attackers to crash GTK/GDK programs. - CVE-2013-7447: Avoid overflow when allocating a cairo pixbuf (bsc#966682). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gtk2-12787=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gtk2-12787=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gtk2-12787=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-devel-2.18.9-0.44.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): gtk2-devel-32bit-2.18.9-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-2.18.9-0.44.1 gtk2-doc-2.18.9-0.44.1 gtk2-lang-2.18.9-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): gtk2-32bit-2.18.9-0.44.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): gtk2-x86-2.18.9-0.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-debuginfo-2.18.9-0.44.1 gtk2-debugsource-2.18.9-0.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): gtk2-debuginfo-32bit-2.18.9-0.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gtk2-debuginfo-x86-2.18.9-0.44.1 References: https://www.suse.com/security/cve/CVE-2013-7447.html https://www.suse.com/security/cve/CVE-2016-6352.html https://bugzilla.suse.com/966682 https://bugzilla.suse.com/988745 https://bugzilla.suse.com/991450 From sle-updates at lists.suse.com Thu Oct 13 13:09:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2016 21:09:32 +0200 (CEST) Subject: SUSE-SU-2016:2533-1: important: Security update for xen Message-ID: <20161013190932.DF12FF7BE@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2533-1 Rating: important References: #953339 #953362 #953518 #954872 #955399 #957986 #958848 #961600 #963161 #964427 #970135 #971949 #973188 #973631 #974038 #975130 #975138 #975907 #976058 #976111 #978164 #978295 #978413 #979035 #979620 #979670 #980716 #980724 #981264 #981276 #982024 #982025 #982026 #982224 #982225 #982286 #982695 #982960 #983973 #983984 #984981 #985503 #986586 #988675 #990843 #990923 #990970 #991934 #992224 #994421 #994625 #994761 #994772 #994775 #995785 #995789 #995792 #997731 Cross-References: CVE-2014-3615 CVE-2014-3672 CVE-2016-3158 CVE-2016-3159 CVE-2016-3710 CVE-2016-3712 CVE-2016-3960 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4480 CVE-2016-4952 CVE-2016-4962 CVE-2016-4963 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6258 CVE-2016-6351 CVE-2016-6833 CVE-2016-6834 CVE-2016-6835 CVE-2016-6836 CVE-2016-6888 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7154 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 38 vulnerabilities and has 20 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2014-3672: The qemu implementation in libvirt Xen allowed local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr (bsc#981264). - CVE-2016-3158: The xrstor function did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387.c did not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allowed local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits (bsc#973188). - CVE-2016-3710: The VGA module improperly performed bounds checking on banked access to video memory, which allowed local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue (bsc#978164) - CVE-2016-3960: Integer overflow in the x86 shadow pagetable code allowed local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping (bsc#974038). - CVE-2016-4001: Buffer overflow in the stellaris_enet_receive function, when the Stellaris ethernet controller is configured to accept large packets, allowed remote attackers to cause a denial of service (QEMU crash) via a large packet (bsc#975130). - CVE-2016-4002: Buffer overflow in the mipsnet_receive function, when the guest NIC is configured to accept large packets, allowed remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes (bsc#975138). - CVE-2016-4020: The patch_instruction function did not initialize the imm32 variable, which allowed local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR) (bsc#975907) - CVE-2016-4037: The ehci_advance_state function in hw/usb/hcd-ehci.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list (bsc#976111) - CVE-2016-4439: The esp_reg_write function in the 53C9X Fast SCSI Controller (FSC) support did not properly check command buffer length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the host via unspecified vectors (bsc#980716) - CVE-2016-4441: The get_cmd function in the 53C9X Fast SCSI Controller (FSC) support did not properly check DMA length, which allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command (bsc#980724) - CVE-2016-4453: The vmsvga_fifo_run function allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982225) - CVE-2016-4454: The vmsvga_fifo_read_raw function allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggered an out-of-bounds read (bsc#982224) - CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen did not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might have allowed local guest OS users to gain privileges via a crafted mapping of memory (bsc#978295). - CVE-2016-4952: Out-of-bounds access issue in pvsci_ring_init_msg/data routines (bsc#981276) - CVE-2016-4962: The libxl device-handling allowed local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore (bsc#979620) - CVE-2016-4963: The libxl device-handling allowed local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore (bsc#979670) - CVE-2016-5105: Stack information leakage while reading configuration (bsc#982024) - CVE-2016-5106: Out-of-bounds write while setting controller properties (bsc#982025) - CVE-2016-5107: Out-of-bounds read in megasas_lookup_frame() function (bsc#982026) - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982286) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c might have allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982960) - CVE-2016-5337: The megasas_ctrl_get_info function allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983973) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the host via vectors related to the information transfer buffer (bsc#983984) - CVE-2016-5403: virtio: unbounded memory allocation on host via guest leading to DoS (XSA-184) (bsc#990923) - CVE-2016-6258: The PV pagetable code in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries (bsc#988675) - CVE-2016-6351: The esp_do_dma function in hw/scsi/esp.c, when built with ESP/NCR53C9x controller emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the host via vectors involving DMA read into ESP command buffer (bsc#990843). - CVE-2016-6833: A use-after-free issue in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994775). - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994421). - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994625). - CVE-2016-6836: VMWARE VMXNET3 NIC device allowed privileged user inside the guest to leak information. It occured while processing transmit(tx) queue, when it reaches the end of packet (bsc#994761). - CVE-2016-6888: A integer overflow int the VMWARE VMXNET3 NIC device support, during the initialisation of new packets in the device, could have allowed a privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994772). - CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm.c in Xen allowed local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables (bsc#995785) - CVE-2016-7093: Xen allowed local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation (bsc#995789) - CVE-2016-7094: Buffer overflow in Xen allowed local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update (bsc#995792) - CVE-2016-7154: Use-after-free vulnerability in the FIFO event channel code in Xen allowed local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number (bsc#997731). These non-security issues were fixed: - bsc#991934: Hypervisor crash in csched_acct - bsc#992224: During boot of Xen Hypervisor, failed to get contiguous memory for DMA - bsc#970135: New virtualization project clock test randomly fails on Xen - bsc#971949: xl: Support (by ignoring) xl migrate --live. xl migrations are always live - bsc#990970: Add PMU support for Intel E7-8867 v4 (fam=6, model=79) - bsc#985503: vif-route broken - bsc#978413: PV guest upgrade from sles11sp4 to sles12sp2 alpha3 failed on sles11sp4 xen host. - bsc#986586: Out of memory (oom) during boot on "modprobe xenblk" (non xen kernel) - bsc#953339, bsc#953362, bsc#953518, bsc#984981: Implement SUSE specific unplug protocol for emulated PCI devices in PVonHVM guests to qemu-xen-upstream - bsc#958848: HVM guest crash at /usr/src/packages/BUILD/ xen-4.4.2-testing/obj/default/balloon/balloon.c:407 - bsc#982695: xen-4.5.2 qemu fails to boot HVM guest from xvda - bsc#954872: script block-dmmd not working as expected - bsc#961600: : poor performance when Xen HVM domU configured with max memory > current memory - bsc#979035: Restore xm migrate fixes for bsc#955399/ bsc#955399 - bsc#963161: Windows VM getting stuck during load while a VF is assigned to it - bsc#976058: Xen error running simple HVM guest (Post Alpha 2 xen+qemu) - bsc#957986: Indirect descriptors are not compatible with Amazon block backend - bsc#973631: AWS EC2 kdump issue - bsc#964427: Discarding device blocks failed with input/output error Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1476=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1476=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): xen-4.4.4_04-22.22.2 xen-debugsource-4.4.4_04-22.22.2 xen-doc-html-4.4.4_04-22.22.2 xen-kmp-default-4.4.4_04_k3.12.60_52.54-22.22.2 xen-kmp-default-debuginfo-4.4.4_04_k3.12.60_52.54-22.22.2 xen-libs-32bit-4.4.4_04-22.22.2 xen-libs-4.4.4_04-22.22.2 xen-libs-debuginfo-32bit-4.4.4_04-22.22.2 xen-libs-debuginfo-4.4.4_04-22.22.2 xen-tools-4.4.4_04-22.22.2 xen-tools-debuginfo-4.4.4_04-22.22.2 xen-tools-domU-4.4.4_04-22.22.2 xen-tools-domU-debuginfo-4.4.4_04-22.22.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): xen-4.4.4_04-22.22.2 xen-debugsource-4.4.4_04-22.22.2 xen-doc-html-4.4.4_04-22.22.2 xen-kmp-default-4.4.4_04_k3.12.60_52.54-22.22.2 xen-kmp-default-debuginfo-4.4.4_04_k3.12.60_52.54-22.22.2 xen-libs-32bit-4.4.4_04-22.22.2 xen-libs-4.4.4_04-22.22.2 xen-libs-debuginfo-32bit-4.4.4_04-22.22.2 xen-libs-debuginfo-4.4.4_04-22.22.2 xen-tools-4.4.4_04-22.22.2 xen-tools-debuginfo-4.4.4_04-22.22.2 xen-tools-domU-4.4.4_04-22.22.2 xen-tools-domU-debuginfo-4.4.4_04-22.22.2 References: https://www.suse.com/security/cve/CVE-2014-3615.html https://www.suse.com/security/cve/CVE-2014-3672.html https://www.suse.com/security/cve/CVE-2016-3158.html https://www.suse.com/security/cve/CVE-2016-3159.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3712.html https://www.suse.com/security/cve/CVE-2016-3960.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-4480.html https://www.suse.com/security/cve/CVE-2016-4952.html https://www.suse.com/security/cve/CVE-2016-4962.html https://www.suse.com/security/cve/CVE-2016-4963.html https://www.suse.com/security/cve/CVE-2016-5105.html https://www.suse.com/security/cve/CVE-2016-5106.html https://www.suse.com/security/cve/CVE-2016-5107.html https://www.suse.com/security/cve/CVE-2016-5126.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5337.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6258.html https://www.suse.com/security/cve/CVE-2016-6351.html https://www.suse.com/security/cve/CVE-2016-6833.html https://www.suse.com/security/cve/CVE-2016-6834.html https://www.suse.com/security/cve/CVE-2016-6835.html https://www.suse.com/security/cve/CVE-2016-6836.html https://www.suse.com/security/cve/CVE-2016-6888.html https://www.suse.com/security/cve/CVE-2016-7092.html https://www.suse.com/security/cve/CVE-2016-7093.html https://www.suse.com/security/cve/CVE-2016-7094.html https://www.suse.com/security/cve/CVE-2016-7154.html https://bugzilla.suse.com/953339 https://bugzilla.suse.com/953362 https://bugzilla.suse.com/953518 https://bugzilla.suse.com/954872 https://bugzilla.suse.com/955399 https://bugzilla.suse.com/957986 https://bugzilla.suse.com/958848 https://bugzilla.suse.com/961600 https://bugzilla.suse.com/963161 https://bugzilla.suse.com/964427 https://bugzilla.suse.com/970135 https://bugzilla.suse.com/971949 https://bugzilla.suse.com/973188 https://bugzilla.suse.com/973631 https://bugzilla.suse.com/974038 https://bugzilla.suse.com/975130 https://bugzilla.suse.com/975138 https://bugzilla.suse.com/975907 https://bugzilla.suse.com/976058 https://bugzilla.suse.com/976111 https://bugzilla.suse.com/978164 https://bugzilla.suse.com/978295 https://bugzilla.suse.com/978413 https://bugzilla.suse.com/979035 https://bugzilla.suse.com/979620 https://bugzilla.suse.com/979670 https://bugzilla.suse.com/980716 https://bugzilla.suse.com/980724 https://bugzilla.suse.com/981264 https://bugzilla.suse.com/981276 https://bugzilla.suse.com/982024 https://bugzilla.suse.com/982025 https://bugzilla.suse.com/982026 https://bugzilla.suse.com/982224 https://bugzilla.suse.com/982225 https://bugzilla.suse.com/982286 https://bugzilla.suse.com/982695 https://bugzilla.suse.com/982960 https://bugzilla.suse.com/983973 https://bugzilla.suse.com/983984 https://bugzilla.suse.com/984981 https://bugzilla.suse.com/985503 https://bugzilla.suse.com/986586 https://bugzilla.suse.com/988675 https://bugzilla.suse.com/990843 https://bugzilla.suse.com/990923 https://bugzilla.suse.com/990970 https://bugzilla.suse.com/991934 https://bugzilla.suse.com/992224 https://bugzilla.suse.com/994421 https://bugzilla.suse.com/994625 https://bugzilla.suse.com/994761 https://bugzilla.suse.com/994772 https://bugzilla.suse.com/994775 https://bugzilla.suse.com/995785 https://bugzilla.suse.com/995789 https://bugzilla.suse.com/995792 https://bugzilla.suse.com/997731 From sle-updates at lists.suse.com Fri Oct 14 06:12:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2016 14:12:27 +0200 (CEST) Subject: SUSE-RU-2016:2534-1: Recommended update for ceph-deploy Message-ID: <20161014121227.C35D4F7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph-deploy ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2534-1 Rating: low References: #980708 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ceph-deploy provides version 1.5.34 and fixes the following issues: - Protect against two rgw using the same port. (bsc#980708) - Do not call partx/partprobe when zapping disks - No longer allow using ext4 - Changed default to systemd for SUSE - No longer depend on automatic ``ceph-create-keys``, use the monitors to fetch keys. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1478=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): ceph-deploy-1.5.34+git.1470736983.963ba71-3.1 References: https://bugzilla.suse.com/980708 From sle-updates at lists.suse.com Fri Oct 14 11:09:13 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2016 19:09:13 +0200 (CEST) Subject: SUSE-RU-2016:2541-1: Recommended update for sapconf Message-ID: <20161014170913.D88BAF7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2541-1 Rating: low References: #977575 #994306 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sapconf provides the following fixes: - Do not touch THP configuration in Netweaver profile. This avoids inheriting settings from high throughput profile. (bsc#994306) - Fix a race condition during start up. (bsc#977575) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1479=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): sapconf-4.1.3-16.1 References: https://bugzilla.suse.com/977575 https://bugzilla.suse.com/994306 From sle-updates at lists.suse.com Fri Oct 14 11:09:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2016 19:09:51 +0200 (CEST) Subject: SUSE-RU-2016:2542-1: moderate: Recommended update for yast2-sap-scp Message-ID: <20161014170951.29F54F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-sap-scp ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2542-1 Rating: moderate References: #999291 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This version update from 1.0.2 to 1.0.3 for yast2-sap-scp fixes an issue with not working HTTP redirections for the product metadata files (bsc#999291). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-1480=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): yast2-sap-scp-1.0.3-7.1 References: https://bugzilla.suse.com/999291 From sle-updates at lists.suse.com Fri Oct 14 12:08:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2016 20:08:38 +0200 (CEST) Subject: SUSE-SU-2016:2545-1: moderate: Security update for compat-openssl097g Message-ID: <20161014180838.BEAD0F7BC@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl097g ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2545-1 Rating: moderate References: #982575 #993819 #995359 #995377 #999665 #999668 Cross-References: CVE-2016-2177 CVE-2016-2182 CVE-2016-2183 CVE-2016-6303 CVE-2016-6306 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 SUSE Linux Enterprise Server for SAP 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for compat-openssl097g fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-compat-openssl097g-12788=1 - SUSE Linux Enterprise Server for SAP 11-SP3: zypper in -t patch slesappsp3-compat-openssl097g-12788=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-compat-openssl097g-12788=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (ppc64 x86_64): compat-openssl097g-0.9.7g-146.22.47.1 compat-openssl097g-32bit-0.9.7g-146.22.47.1 - SUSE Linux Enterprise Server for SAP 11-SP3 (x86_64): compat-openssl097g-0.9.7g-146.22.47.1 compat-openssl097g-32bit-0.9.7g-146.22.47.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): compat-openssl097g-debuginfo-0.9.7g-146.22.47.1 compat-openssl097g-debugsource-0.9.7g-146.22.47.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): compat-openssl097g-debuginfo-32bit-0.9.7g-146.22.47.1 References: https://www.suse.com/security/cve/CVE-2016-2177.html https://www.suse.com/security/cve/CVE-2016-2182.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-6303.html https://www.suse.com/security/cve/CVE-2016-6306.html https://bugzilla.suse.com/982575 https://bugzilla.suse.com/993819 https://bugzilla.suse.com/995359 https://bugzilla.suse.com/995377 https://bugzilla.suse.com/999665 https://bugzilla.suse.com/999668 From sle-updates at lists.suse.com Fri Oct 14 14:08:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2016 22:08:32 +0200 (CEST) Subject: SUSE-RU-2016:2546-1: Recommended update for libgnomesu Message-ID: <20161014200832.AB2B5F7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgnomesu ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2546-1 Rating: low References: #578284 #986236 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libgnomesu fixes the following issues: - Properly set XDG_RUNTIME_DIR (bsc#986236) - Make child process exit if parent does (bsc#578284) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1487=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1487=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1487=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libgnomesu-debuginfo-1.0.0-353.5.3 libgnomesu-debugsource-1.0.0-353.5.3 libgnomesu-devel-1.0.0-353.5.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libgnomesu-1.0.0-353.5.3 libgnomesu-debuginfo-1.0.0-353.5.3 libgnomesu-debugsource-1.0.0-353.5.3 libgnomesu0-1.0.0-353.5.3 libgnomesu0-debuginfo-1.0.0-353.5.3 - SUSE Linux Enterprise Server 12-SP1 (noarch): libgnomesu-lang-1.0.0-353.5.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): libgnomesu-lang-1.0.0-353.5.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libgnomesu-1.0.0-353.5.3 libgnomesu-debuginfo-1.0.0-353.5.3 libgnomesu-debugsource-1.0.0-353.5.3 libgnomesu0-1.0.0-353.5.3 libgnomesu0-debuginfo-1.0.0-353.5.3 References: https://bugzilla.suse.com/578284 https://bugzilla.suse.com/986236 From sle-updates at lists.suse.com Fri Oct 14 17:08:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Oct 2016 01:08:20 +0200 (CEST) Subject: SUSE-RU-2016:2547-1: moderate: Recommended update for smt Message-ID: <20161014230820.BCB14F7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2547-1 Rating: moderate References: #1004055 #970608 #987559 #992246 #996240 #996517 #996519 #998128 #999051 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for smt fixes the following issues: - Show correct Repository ID in smt-repos verbose output. (bsc#1004055) - Translate hardware data from NCC to SCC format. (bsc#998128) - Adapt EULA Url for products not hosted on SCC. (bsc#970608) - Fix and check product ids during setup custom repositories. (bsc#996517) - Fix removing custom repository. (bsc#996517) - Support adding products to existing custom repository. (bsc#996517, bsc#996519) - Improve no_proxy handling in SMT. (bsc#996240) - Log repositories missing for migration. (bsc#999051) - Renamed remote_ip to client_ip for apache 2.4. (bsc#992246) - Added missing reference for bsc#987559 to the changelog. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1488=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1488=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): res-signingkeys-3.0.20-31.1 smt-3.0.20-31.1 smt-debuginfo-3.0.20-31.1 smt-debugsource-3.0.20-31.1 smt-support-3.0.20-31.1 - SUSE Linux Enterprise Module for Public Cloud 12 (ppc64le s390x x86_64): smt-ha-3.0.20-31.1 References: https://bugzilla.suse.com/1004055 https://bugzilla.suse.com/970608 https://bugzilla.suse.com/987559 https://bugzilla.suse.com/992246 https://bugzilla.suse.com/996240 https://bugzilla.suse.com/996517 https://bugzilla.suse.com/996519 https://bugzilla.suse.com/998128 https://bugzilla.suse.com/999051 From sle-updates at lists.suse.com Mon Oct 17 08:09:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2016 16:09:12 +0200 (CEST) Subject: SUSE-SU-2016:2550-1: moderate: Security update for gtk2 Message-ID: <20161017140912.6A9BBF7BE@maintenance.suse.de> SUSE Security Update: Security update for gtk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2550-1 Rating: moderate References: #966682 Cross-References: CVE-2013-7447 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gtk2 fixes the following issues: - CVE-2013-7447: Avoid an overflow when allocating a cairo pixbuf (bsc#966682). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1490=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1490=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1490=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1490=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gtk2-debugsource-2.24.24-3.1 typelib-1_0-Gtk-2_0-2.24.24-3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gtk2-debugsource-2.24.24-3.1 gtk2-devel-2.24.24-3.1 gtk2-devel-debuginfo-2.24.24-3.1 typelib-1_0-Gtk-2_0-2.24.24-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gtk2-debugsource-2.24.24-3.1 gtk2-tools-2.24.24-3.1 gtk2-tools-debuginfo-2.24.24-3.1 libgtk-2_0-0-2.24.24-3.1 libgtk-2_0-0-debuginfo-2.24.24-3.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gtk2-tools-32bit-2.24.24-3.1 gtk2-tools-debuginfo-32bit-2.24.24-3.1 libgtk-2_0-0-32bit-2.24.24-3.1 libgtk-2_0-0-debuginfo-32bit-2.24.24-3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gtk2-lang-2.24.24-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gtk2-debugsource-2.24.24-3.1 gtk2-tools-2.24.24-3.1 gtk2-tools-32bit-2.24.24-3.1 gtk2-tools-debuginfo-2.24.24-3.1 gtk2-tools-debuginfo-32bit-2.24.24-3.1 libgtk-2_0-0-2.24.24-3.1 libgtk-2_0-0-32bit-2.24.24-3.1 libgtk-2_0-0-debuginfo-2.24.24-3.1 libgtk-2_0-0-debuginfo-32bit-2.24.24-3.1 typelib-1_0-Gtk-2_0-2.24.24-3.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gtk2-lang-2.24.24-3.1 References: https://www.suse.com/security/cve/CVE-2013-7447.html https://bugzilla.suse.com/966682 From sle-updates at lists.suse.com Mon Oct 17 09:10:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2016 17:10:12 +0200 (CEST) Subject: SUSE-RU-2016:2551-1: moderate: Recommended update for shim Message-ID: <20161017151012.15004F7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for shim ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2551-1 Rating: moderate References: #993764 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for shim fixes one issues. This issue was fixed: - bsc#993764: shim-install was fixed to prevent it from changing the password protection behavior of grub. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1491=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1491=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (x86_64): shim-0.9-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): shim-0.9-9.1 References: https://bugzilla.suse.com/993764 From sle-updates at lists.suse.com Mon Oct 17 11:09:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2016 19:09:24 +0200 (CEST) Subject: SUSE-SU-2016:2553-1: moderate: Security update for kdump Message-ID: <20161017170924.65058F7BC@maintenance.suse.de> SUSE Security Update: Security update for kdump ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2553-1 Rating: moderate References: #927451 #932339 #943214 #951844 #964206 #970708 #973213 #974270 #976864 #980328 #984799 #987862 #989972 #990200 Cross-References: CVE-2016-5759 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 13 fixes is now available. Description: This update for kdump provides several fixes and enhancements: - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. (bsc#943214) - Add a separate systemd service to rebuild kdumprd at boot. (bsc#943214) - Improve network setup in the kdump environment by reading configuration from wicked by default (system configuration files are used as a fallback). (bsc#980328) - Use the last mount entry in kdump_get_mountpoints(). (bsc#951844) - Remove 'notsc' from the kdump kernel command line. (bsc#973213) - Handle dump files with many program headers. (bsc#932339, bsc#970708) - Fall back to stat() if file type is DT_UNKNOWN. (bsc#964206) - Remove vm. sysctls from kdump initrd. (bsc#927451, bsc#987862) - Use the exit code of kexec, not that of "local". (bsc#984799) - Convert sysroot to a bind mount in kdump initrd. (bsc#976864) - Distinguish between Xenlinux (aka Xenified or SUSE) and pvops Xen kernels, as the latter can run on bare metal. (bsc#974270) - CVE-2016-5759: Use full path to dracut as argument to bash. (bsc#989972, bsc#990200) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1492=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1492=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kdump-0.8.15-29.1 kdump-debuginfo-0.8.15-29.1 kdump-debugsource-0.8.15-29.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kdump-0.8.15-29.1 kdump-debuginfo-0.8.15-29.1 kdump-debugsource-0.8.15-29.1 References: https://www.suse.com/security/cve/CVE-2016-5759.html https://bugzilla.suse.com/927451 https://bugzilla.suse.com/932339 https://bugzilla.suse.com/943214 https://bugzilla.suse.com/951844 https://bugzilla.suse.com/964206 https://bugzilla.suse.com/970708 https://bugzilla.suse.com/973213 https://bugzilla.suse.com/974270 https://bugzilla.suse.com/976864 https://bugzilla.suse.com/980328 https://bugzilla.suse.com/984799 https://bugzilla.suse.com/987862 https://bugzilla.suse.com/989972 https://bugzilla.suse.com/990200 From sle-updates at lists.suse.com Mon Oct 17 11:12:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2016 19:12:29 +0200 (CEST) Subject: SUSE-RU-2016:2554-1: Recommended update for release-notes-sles Message-ID: <20161017171229.296A7F7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2554-1 Rating: low References: #1004073 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Release Notes of SUSE Linux Enterprise Server 12 SP1 have been updated to document: - Docker Orchestration Technology Preview. (fate#321136) - Icinga Server Now Part of a SUSE Manager Subscription. (fate#316136) - SMT base support for Linux on z Systems. (fate#318041) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1493=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): release-notes-sles-12.1.20161011-26.1 References: https://bugzilla.suse.com/1004073 From sle-updates at lists.suse.com Mon Oct 17 12:09:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2016 20:09:16 +0200 (CEST) Subject: SUSE-SU-2016:2555-1: moderate: Security update for openssh-openssl1 Message-ID: <20161017180916.E779FF7BC@maintenance.suse.de> SUSE Security Update: Security update for openssh-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2555-1 Rating: moderate References: #729190 #932483 #948902 #960414 #961368 #961494 #962313 #965576 #970632 #975865 #981654 #989363 #992533 Cross-References: CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 8 fixes is now available. Description: This update for openssh-openssl1 fixes the following issues: Security issues fixed: - CVE-2016-6210: Prevent user enumeration through the timing of password processing (bsc#989363) - CVE-2016-6515: limit accepted password length (prevents possible DoS) (bsc#992533) - CVE-2016-3115: Sanitise input for xauth(1) (bsc#970632) - CVE-2016-1908: prevent X11 SECURITY circumvention when forwarding X11 connections (bsc#962313) - CVE-2015-8325: ignore PAM environment when using login (bsc#975865) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902) Bugs fixed: - avoid complaining about unset DISPLAY variable (bsc#981654) - Correctly parse GSSAPI KEX algorithms (bsc#961368) - more verbose FIPS mode/CC related documentation in README.FIPS (bsc#965576, bsc#960414) - fix PRNG re-seeding (bsc#960414, bsc#729190) - Allow empty Match blocks (bsc#961494) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssh-openssl1-12794=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): openssh-openssl1-6.6p1-15.1 openssh-openssl1-helpers-6.6p1-15.1 References: https://www.suse.com/security/cve/CVE-2015-8325.html https://www.suse.com/security/cve/CVE-2016-1908.html https://www.suse.com/security/cve/CVE-2016-3115.html https://www.suse.com/security/cve/CVE-2016-6210.html https://www.suse.com/security/cve/CVE-2016-6515.html https://bugzilla.suse.com/729190 https://bugzilla.suse.com/932483 https://bugzilla.suse.com/948902 https://bugzilla.suse.com/960414 https://bugzilla.suse.com/961368 https://bugzilla.suse.com/961494 https://bugzilla.suse.com/962313 https://bugzilla.suse.com/965576 https://bugzilla.suse.com/970632 https://bugzilla.suse.com/975865 https://bugzilla.suse.com/981654 https://bugzilla.suse.com/989363 https://bugzilla.suse.com/992533 From sle-updates at lists.suse.com Tue Oct 18 13:08:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2016 21:08:44 +0200 (CEST) Subject: SUSE-RU-2016:2562-1: moderate: Recommended update for openstack-neutron-lbaas Message-ID: <20161018190844.65229F7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-neutron-lbaas ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2562-1 Rating: moderate References: #990818 #990839 #991985 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openstack-neutron-lbaas fixes the following issues: - Add init script for neutron-lbaasv2-agent - Fix various postgresql database errors (bsc#990818, bsc#990839) - Improve OpenStack service start handling (bsc#991985) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1496=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-neutron-lbaas-7.1.2~a0~dev1-9.1 openstack-neutron-lbaas-agent-7.1.2~a0~dev1-9.1 openstack-neutron-lbaas-doc-7.1.2~a0~dev1-9.1 python-neutron-lbaas-7.1.2~a0~dev1-9.1 References: https://bugzilla.suse.com/990818 https://bugzilla.suse.com/990839 https://bugzilla.suse.com/991985 From sle-updates at lists.suse.com Wed Oct 19 06:11:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2016 14:11:56 +0200 (CEST) Subject: SUSE-OU-2016:2564-1: Optional update for Legacy Module Message-ID: <20161019121156.6D5A3F7BC@maintenance.suse.de> SUSE Optional Update: Optional update for Legacy Module ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2564-1 Rating: low References: #1002576 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: The following packages of the Legacy Module 12 have been rebuilt to enable support for the ARM64 architecture (aarch64): a2ps, cups154, libsasl2-2. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1497=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le s390x x86_64): a2ps-4.14-4.1 a2ps-debuginfo-4.14-4.1 a2ps-debugsource-4.14-4.1 cups154-1.5.4-11.1 cups154-client-1.5.4-11.1 cups154-client-debuginfo-1.5.4-11.1 cups154-debuginfo-1.5.4-11.1 cups154-debugsource-1.5.4-11.1 cups154-filters-1.5.4-11.1 cups154-filters-debuginfo-1.5.4-11.1 cups154-libs-1.5.4-11.1 cups154-libs-debuginfo-1.5.4-11.1 libsasl2-2-2.1.22-182.4.1 libsasl2-2-debuginfo-2.1.22-182.4.1 libsasl2-2-debugsource-2.1.22-182.4.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): libsasl2-2-32bit-2.1.22-182.4.1 libsasl2-2-debuginfo-32bit-2.1.22-182.4.1 References: https://bugzilla.suse.com/1002576 From sle-updates at lists.suse.com Wed Oct 19 08:08:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2016 16:08:31 +0200 (CEST) Subject: SUSE-SU-2016:2565-1: moderate: Security update for dbus-1 Message-ID: <20161019140831.C22D0F7BC@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2565-1 Rating: moderate References: #1003898 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc#1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus. - Fix a memory leak when GetConnectionCredentials() succeeds (fdo#91008) - Ensure that dbus-monitor does not reply to messages intended for others (fdo#90952) - Add locking to DBusCounter's reference count and notify function (fdo#89297) - Ensure that DBusTransport's reference count is protected by the corresponding DBusConnection's lock (fdo#90312) - Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms (fdo#90021) - Correctly initialize all fields of DBusTypeReader (fdo#90021) - Fix some missing \n in verbose (debug log) messages (fdo#90004) - Clean up some memory leaks in test code (fdo#90021) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1502=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1502=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1502=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): dbus-1-debuginfo-1.8.22-22.2 dbus-1-debugsource-1.8.22-22.2 dbus-1-devel-1.8.22-22.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): dbus-1-devel-doc-1.8.22-22.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dbus-1-1.8.22-22.2 dbus-1-debuginfo-1.8.22-22.2 dbus-1-debugsource-1.8.22-22.2 dbus-1-x11-1.8.22-22.2 dbus-1-x11-debuginfo-1.8.22-22.2 dbus-1-x11-debugsource-1.8.22-22.2 libdbus-1-3-1.8.22-22.2 libdbus-1-3-debuginfo-1.8.22-22.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): dbus-1-debuginfo-32bit-1.8.22-22.2 libdbus-1-3-32bit-1.8.22-22.2 libdbus-1-3-debuginfo-32bit-1.8.22-22.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dbus-1-1.8.22-22.2 dbus-1-debuginfo-1.8.22-22.2 dbus-1-debuginfo-32bit-1.8.22-22.2 dbus-1-debugsource-1.8.22-22.2 dbus-1-x11-1.8.22-22.2 dbus-1-x11-debuginfo-1.8.22-22.2 dbus-1-x11-debugsource-1.8.22-22.2 libdbus-1-3-1.8.22-22.2 libdbus-1-3-32bit-1.8.22-22.2 libdbus-1-3-debuginfo-1.8.22-22.2 libdbus-1-3-debuginfo-32bit-1.8.22-22.2 References: https://bugzilla.suse.com/1003898 From sle-updates at lists.suse.com Wed Oct 19 08:08:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2016 16:08:54 +0200 (CEST) Subject: SUSE-RU-2016:2566-1: moderate: Recommended update for ksh Message-ID: <20161019140854.D8CFBF7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for ksh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2566-1 Rating: moderate References: #964966 #982423 #988213 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ksh provides the following fixes: - Fix locking error in spawn implementation. (bsc#988213) - Fix editor prediction code garbling input. (bsc#964966) - Fix leak in optimize processing. (bsc#982423) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ksh-12796=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ksh-12796=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ksh-12796=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ksh-devel-93u-0.37.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ksh-93u-0.37.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ksh-debuginfo-93u-0.37.1 ksh-debugsource-93u-0.37.1 References: https://bugzilla.suse.com/964966 https://bugzilla.suse.com/982423 https://bugzilla.suse.com/988213 From sle-updates at lists.suse.com Wed Oct 19 08:09:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2016 16:09:46 +0200 (CEST) Subject: SUSE-RU-2016:2567-1: Recommended update for ksh Message-ID: <20161019140946.E9B99F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for ksh ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2567-1 Rating: low References: #988213 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ksh fixes a locking error in spawn implementation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1503=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1503=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ksh-debuginfo-93vu-18.1 ksh-debugsource-93vu-18.1 ksh-devel-93vu-18.1 - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le s390x x86_64): ksh-93vu-18.1 ksh-debuginfo-93vu-18.1 ksh-debugsource-93vu-18.1 References: https://bugzilla.suse.com/988213 From sle-updates at lists.suse.com Wed Oct 19 09:08:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2016 17:08:42 +0200 (CEST) Subject: SUSE-RU-2016:2568-1: Recommended update for sle2docker Message-ID: <20161019150843.18C5EF7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle2docker ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2568-1 Rating: low References: #1003041 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update brings version 0.5.0 of sle2docker and provides the following features and fixes: New features: - Added the `--all` option to the `activate` command. With this options you can tell sle2docker to activate all the available images. - Added the `--tag_with_build` flag to include the obs build number of kiwi generated images in the docker tag. Fixes: - Clarified error message on missing Docker images. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-1504=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): ruby2.1-rubygem-sle2docker-0.5.0-17.1 sle2docker-0.5.0-17.1 References: https://bugzilla.suse.com/1003041 From sle-updates at lists.suse.com Wed Oct 19 14:08:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2016 22:08:31 +0200 (CEST) Subject: SUSE-SU-2016:2569-1: important: Security update for quagga Message-ID: <20161019200831.95FF3F534@maintenance.suse.de> SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2569-1 Rating: important References: #1005258 Cross-References: CVE-2016-1245 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for quagga fixes the following issues: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code (bsc#1005258). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-quagga-12800=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-quagga-12800=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-quagga-12800=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-devel-0.99.15-0.29.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): quagga-0.99.15-0.29.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-0.99.15-0.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): quagga-debuginfo-0.99.15-0.29.1 quagga-debugsource-0.99.15-0.29.1 References: https://www.suse.com/security/cve/CVE-2016-1245.html https://bugzilla.suse.com/1005258 From sle-updates at lists.suse.com Wed Oct 19 14:08:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2016 22:08:53 +0200 (CEST) Subject: SUSE-SU-2016:2570-1: moderate: Security update for samba Message-ID: <20161019200853.EC733F7BE@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2570-1 Rating: moderate References: #1005065 #969522 #975131 #981566 #986228 #986869 #991564 Cross-References: CVE-2016-2119 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for samba provides the following fix: Following security issue was fixed: - CVE-2016-2119: Prevent client-side SMB2 signing downgrade. (bsc#986869) Also the following bugs were fixed: - Fix possible ctdb crash when opening sockets with htons(IPPROTO_RAW). (bsc#969522) - Honor smb.conf socket options in winbind. (bsc#975131) - Fix ntlm-auth segmentation fault with squid. (bsc#986228) - Implement new "--no-dns-updates" option in "net ads" command. (bsc#991564) - Fix population of ctdb sysconfig after source merge. (bsc#981566) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1506=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-18.27.9 ctdb-debuginfo-4.2.4-18.27.9 libdcerpc-binding0-4.2.4-18.27.9 libdcerpc-binding0-debuginfo-4.2.4-18.27.9 libdcerpc0-4.2.4-18.27.9 libdcerpc0-debuginfo-4.2.4-18.27.9 libgensec0-4.2.4-18.27.9 libgensec0-debuginfo-4.2.4-18.27.9 libndr-krb5pac0-4.2.4-18.27.9 libndr-krb5pac0-debuginfo-4.2.4-18.27.9 libndr-nbt0-4.2.4-18.27.9 libndr-nbt0-debuginfo-4.2.4-18.27.9 libndr-standard0-4.2.4-18.27.9 libndr-standard0-debuginfo-4.2.4-18.27.9 libndr0-4.2.4-18.27.9 libndr0-debuginfo-4.2.4-18.27.9 libnetapi0-4.2.4-18.27.9 libnetapi0-debuginfo-4.2.4-18.27.9 libregistry0-4.2.4-18.27.9 libregistry0-debuginfo-4.2.4-18.27.9 libsamba-credentials0-4.2.4-18.27.9 libsamba-credentials0-debuginfo-4.2.4-18.27.9 libsamba-hostconfig0-4.2.4-18.27.9 libsamba-hostconfig0-debuginfo-4.2.4-18.27.9 libsamba-passdb0-4.2.4-18.27.9 libsamba-passdb0-debuginfo-4.2.4-18.27.9 libsamba-util0-4.2.4-18.27.9 libsamba-util0-debuginfo-4.2.4-18.27.9 libsamdb0-4.2.4-18.27.9 libsamdb0-debuginfo-4.2.4-18.27.9 libsmbclient-raw0-4.2.4-18.27.9 libsmbclient-raw0-debuginfo-4.2.4-18.27.9 libsmbclient0-4.2.4-18.27.9 libsmbclient0-debuginfo-4.2.4-18.27.9 libsmbconf0-4.2.4-18.27.9 libsmbconf0-debuginfo-4.2.4-18.27.9 libsmbldap0-4.2.4-18.27.9 libsmbldap0-debuginfo-4.2.4-18.27.9 libtevent-util0-4.2.4-18.27.9 libtevent-util0-debuginfo-4.2.4-18.27.9 libwbclient0-4.2.4-18.27.9 libwbclient0-debuginfo-4.2.4-18.27.9 samba-4.2.4-18.27.9 samba-client-4.2.4-18.27.9 samba-client-debuginfo-4.2.4-18.27.9 samba-debuginfo-4.2.4-18.27.9 samba-debugsource-4.2.4-18.27.9 samba-libs-4.2.4-18.27.9 samba-libs-debuginfo-4.2.4-18.27.9 samba-winbind-4.2.4-18.27.9 samba-winbind-debuginfo-4.2.4-18.27.9 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-18.27.9 libdcerpc-binding0-debuginfo-32bit-4.2.4-18.27.9 libdcerpc0-32bit-4.2.4-18.27.9 libdcerpc0-debuginfo-32bit-4.2.4-18.27.9 libgensec0-32bit-4.2.4-18.27.9 libgensec0-debuginfo-32bit-4.2.4-18.27.9 libndr-krb5pac0-32bit-4.2.4-18.27.9 libndr-krb5pac0-debuginfo-32bit-4.2.4-18.27.9 libndr-nbt0-32bit-4.2.4-18.27.9 libndr-nbt0-debuginfo-32bit-4.2.4-18.27.9 libndr-standard0-32bit-4.2.4-18.27.9 libndr-standard0-debuginfo-32bit-4.2.4-18.27.9 libndr0-32bit-4.2.4-18.27.9 libndr0-debuginfo-32bit-4.2.4-18.27.9 libnetapi0-32bit-4.2.4-18.27.9 libnetapi0-debuginfo-32bit-4.2.4-18.27.9 libsamba-credentials0-32bit-4.2.4-18.27.9 libsamba-credentials0-debuginfo-32bit-4.2.4-18.27.9 libsamba-hostconfig0-32bit-4.2.4-18.27.9 libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.27.9 libsamba-passdb0-32bit-4.2.4-18.27.9 libsamba-passdb0-debuginfo-32bit-4.2.4-18.27.9 libsamba-util0-32bit-4.2.4-18.27.9 libsamba-util0-debuginfo-32bit-4.2.4-18.27.9 libsamdb0-32bit-4.2.4-18.27.9 libsamdb0-debuginfo-32bit-4.2.4-18.27.9 libsmbclient-raw0-32bit-4.2.4-18.27.9 libsmbclient-raw0-debuginfo-32bit-4.2.4-18.27.9 libsmbclient0-32bit-4.2.4-18.27.9 libsmbclient0-debuginfo-32bit-4.2.4-18.27.9 libsmbconf0-32bit-4.2.4-18.27.9 libsmbconf0-debuginfo-32bit-4.2.4-18.27.9 libsmbldap0-32bit-4.2.4-18.27.9 libsmbldap0-debuginfo-32bit-4.2.4-18.27.9 libtevent-util0-32bit-4.2.4-18.27.9 libtevent-util0-debuginfo-32bit-4.2.4-18.27.9 libwbclient0-32bit-4.2.4-18.27.9 libwbclient0-debuginfo-32bit-4.2.4-18.27.9 samba-32bit-4.2.4-18.27.9 samba-client-32bit-4.2.4-18.27.9 samba-client-debuginfo-32bit-4.2.4-18.27.9 samba-debuginfo-32bit-4.2.4-18.27.9 samba-libs-32bit-4.2.4-18.27.9 samba-libs-debuginfo-32bit-4.2.4-18.27.9 samba-winbind-32bit-4.2.4-18.27.9 samba-winbind-debuginfo-32bit-4.2.4-18.27.9 - SUSE Linux Enterprise Server 12-LTSS (noarch): samba-doc-4.2.4-18.27.9 References: https://www.suse.com/security/cve/CVE-2016-2119.html https://bugzilla.suse.com/1005065 https://bugzilla.suse.com/969522 https://bugzilla.suse.com/975131 https://bugzilla.suse.com/981566 https://bugzilla.suse.com/986228 https://bugzilla.suse.com/986869 https://bugzilla.suse.com/991564 From sle-updates at lists.suse.com Wed Oct 19 16:08:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2016 00:08:40 +0200 (CEST) Subject: SUSE-RU-2016:2571-1: Recommended update for crash Message-ID: <20161019220840.493D7F534@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2571-1 Rating: low References: #1001596 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash provides the following fixes: - Fix backtrace command output on ppc64. On big-endian machines the output was just a one-line error. (bsc#1001596) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-crash-12801=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-crash-12801=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-crash-12801=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): crash-devel-7.0.9-26.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): crash-7.0.9-26.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): crash-7.0.9-26.1 crash-eppic-7.0.9-26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): crash-debuginfo-7.0.9-26.1 crash-debugsource-7.0.9-26.1 References: https://bugzilla.suse.com/1001596 From sle-updates at lists.suse.com Thu Oct 20 07:08:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2016 15:08:27 +0200 (CEST) Subject: SUSE-RU-2016:2572-1: Recommended update for gtkhtml Message-ID: <20161020130827.10C91F7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for gtkhtml ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2572-1 Rating: low References: #982399 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gtkhtml fixes handling of nested HTML elements in tables. The bug caused typed characters to appear backwards in some situations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1508=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1508=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1508=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1508=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gtkhtml-debugsource-4.6.6-6.1 libgtkhtml-4_0-0-32bit-4.6.6-6.1 libgtkhtml-4_0-0-debuginfo-32bit-4.6.6-6.1 libgtkhtml-editor-4_0-0-4.6.6-6.1 libgtkhtml-editor-4_0-0-debuginfo-4.6.6-6.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gtkhtml-debugsource-4.6.6-6.1 gtkhtml-devel-4.6.6-6.1 gtkhtml-devel-debuginfo-4.6.6-6.1 libgtkhtml-editor-4_0-0-4.6.6-6.1 libgtkhtml-editor-4_0-0-debuginfo-4.6.6-6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gtkhtml-debugsource-4.6.6-6.1 libgtkhtml-4_0-0-4.6.6-6.1 libgtkhtml-4_0-0-debuginfo-4.6.6-6.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gtkhtml-4_0-lang-4.6.6-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gtkhtml-4_0-lang-4.6.6-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gtkhtml-debugsource-4.6.6-6.1 libgtkhtml-4_0-0-32bit-4.6.6-6.1 libgtkhtml-4_0-0-4.6.6-6.1 libgtkhtml-4_0-0-debuginfo-32bit-4.6.6-6.1 libgtkhtml-4_0-0-debuginfo-4.6.6-6.1 libgtkhtml-editor-4_0-0-4.6.6-6.1 libgtkhtml-editor-4_0-0-debuginfo-4.6.6-6.1 References: https://bugzilla.suse.com/982399 From sle-updates at lists.suse.com Thu Oct 20 09:08:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2016 17:08:45 +0200 (CEST) Subject: SUSE-RU-2016:2573-1: Recommended update for python-cliff, python-setuptools, python-mock Message-ID: <20161020150845.20778F7BC@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-cliff, python-setuptools, python-mock ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2573-1 Rating: low References: #1001350 #979493 #993968 Affected Products: SUSE OpenStack Cloud Compute 5 SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Containers 12 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides newer versions of python-cliff, python-setuptools and python-mock, including several fixes and enhancements. python-cliff (updated from 1.7.0 to 1.14.0): - Fix encoding issue with the default python CSV output. - Add command fuzzy matching. - Allow subcommands to accept --help when using 'deferred_help'. For a comprehensive list of fixes please refer to the package's change log. python-mock (updated from 1.0.1 to 1.3.0): - mock_open.read_data can now be read from each instance. - Fix unittest.mock.mock_open().reset_mock to not recurse infinitely. - Support Python 2.6. - Allow unittest.mock side_effects to be exceptions again. - Abort installation if the installer is using setuptools older than 17.1. - Fix MagicMock's initializer to work with __methods__. - Add matmul, rdivmod support to MagicMock() objects. - Use set literals instead of creating a set from a list. - New method assert_not_called for Mock. - New keyword argument `unsafe` to Mock. - Four additional builtin types (PyTypeObject, PyMethodDescr_Type, _PyMethodWrapper_Type, and PyWrapperDescr_Type) have been modified to provide introspection information for builtins. For a comprehensive list of fixes please refer to the package's change log. python-setuptools (updated from 1.1.7 to 18.0.1): - Fix certificate handling with certifi and add support for SUSE's CA bundle. (bsc#993968) - Drop support for builds with Pyrex. Only Cython is supported. - Bootstrap script now accepts "--to-dir" to customize save directory or allow for re-use of existing repository of setuptools versions. - Removed built-in support for subversion. - Eggs that are downloaded for "setup_requires", "test_requires", etc. are now placed in a "./.eggs" directory instead of directly in the current directory. - Correct usage of host for validation when tunneling for HTTPS. - Improved handling of Unicode filenames when building manifests. - More robust handling of replaced zip files and stale caches. - Add parameter to the test command to support a custom test runner: --test-runner or -r. - Remove "setuptools.command.easy_install.HAS_USER_SITE". Users expecting this boolean variable should use "site.ENABLE_USER_SITE" instead. - Remove "pkg_resources.ImpWrapper". Users that expected this class should use "pkgutil.ImpImporter" instead. - Drop support for Python 2.4 and Python 2.5. - Establish a more robust technique for determining the terminal encoding. - "easy_install" will now use credentials from .pypirc if present for connecting to the package index. - Wheels are now distributed with every release. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Compute 5: zypper in -t patch SUSE-SLE12-CLOUD-5-2016-1509=1 - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1509=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1509=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1509=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1509=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2016-1509=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1509=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud Compute 5 (noarch): python-cliff-1.14.0-10.2 python-funcsigs-0.4-2.2 python-mock-1.3.0-2.2 python-setuptools-18.0.1-3.2 python-unicodecsv-0.9.4-2.2 - SUSE OpenStack Cloud 6 (noarch): python-funcsigs-0.4-2.2 python-mock-1.3.0-2.2 python-setuptools-18.0.1-3.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): python-setuptools-18.0.1-3.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): python-setuptools-18.0.1-3.2 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-cliff-1.14.0-10.2 python-funcsigs-0.4-2.2 python-mock-1.3.0-2.2 python-setuptools-18.0.1-3.2 python-unicodecsv-0.9.4-2.2 - SUSE Linux Enterprise Module for Containers 12 (noarch): python-setuptools-18.0.1-3.2 - SUSE Enterprise Storage 2.1 (noarch): python-funcsigs-0.4-2.2 python-mock-1.3.0-2.2 References: https://bugzilla.suse.com/1001350 https://bugzilla.suse.com/979493 https://bugzilla.suse.com/993968 From sle-updates at lists.suse.com Thu Oct 20 09:09:50 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2016 17:09:50 +0200 (CEST) Subject: SUSE-RU-2016:2575-1: Recommended update for boost Message-ID: <20161020150951.00168F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for boost ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2575-1 Rating: low References: #925309 #970706 #996917 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for boost adapts paths for our GCC versions: - Boost assumes /usr/include/c++/x.y.z/ existence for GCC 4.x onward while our version of GCC only has /usr/include/c++/x.y for 4.x GCC and /usr/include/c++/x/ for 5.x onward. (bsc#996917) - Fix regression in asio library. (bsc#925309) - Add libboost_context to the -devel dependencies when it is built. (bsc#970706) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1510=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1510=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1510=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1510=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1510=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libboost_filesystem1_54_0-1.54.0-20.1 libboost_filesystem1_54_0-debuginfo-1.54.0-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): boost-devel-1.54.0-20.1 libboost_atomic1_54_0-1.54.0-20.1 libboost_atomic1_54_0-debuginfo-1.54.0-20.1 libboost_chrono1_54_0-1.54.0-20.1 libboost_chrono1_54_0-debuginfo-1.54.0-20.1 libboost_date_time1_54_0-1.54.0-20.1 libboost_date_time1_54_0-debuginfo-1.54.0-20.1 libboost_filesystem1_54_0-1.54.0-20.1 libboost_filesystem1_54_0-debuginfo-1.54.0-20.1 libboost_graph1_54_0-1.54.0-20.1 libboost_graph1_54_0-debuginfo-1.54.0-20.1 libboost_graph_parallel1_54_0-1.54.0-20.1 libboost_graph_parallel1_54_0-debuginfo-1.54.0-20.1 libboost_iostreams1_54_0-1.54.0-20.1 libboost_iostreams1_54_0-debuginfo-1.54.0-20.1 libboost_locale1_54_0-1.54.0-20.1 libboost_locale1_54_0-debuginfo-1.54.0-20.1 libboost_log1_54_0-1.54.0-20.1 libboost_log1_54_0-debuginfo-1.54.0-20.1 libboost_math1_54_0-1.54.0-20.1 libboost_math1_54_0-debuginfo-1.54.0-20.1 libboost_mpi1_54_0-1.54.0-20.1 libboost_mpi1_54_0-debuginfo-1.54.0-20.1 libboost_python1_54_0-1.54.0-20.1 libboost_python1_54_0-debuginfo-1.54.0-20.1 libboost_random1_54_0-1.54.0-20.1 libboost_random1_54_0-debuginfo-1.54.0-20.1 libboost_serialization1_54_0-1.54.0-20.1 libboost_serialization1_54_0-debuginfo-1.54.0-20.1 libboost_test1_54_0-1.54.0-20.1 libboost_test1_54_0-debuginfo-1.54.0-20.1 libboost_timer1_54_0-1.54.0-20.1 libboost_timer1_54_0-debuginfo-1.54.0-20.1 libboost_wave1_54_0-1.54.0-20.1 libboost_wave1_54_0-debuginfo-1.54.0-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le x86_64): libboost_context1_54_0-1.54.0-20.1 libboost_context1_54_0-debuginfo-1.54.0-20.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libboost_atomic1_54_0-1.54.0-20.1 libboost_atomic1_54_0-debuginfo-1.54.0-20.1 libboost_date_time1_54_0-1.54.0-20.1 libboost_date_time1_54_0-debuginfo-1.54.0-20.1 libboost_iostreams1_54_0-1.54.0-20.1 libboost_iostreams1_54_0-debuginfo-1.54.0-20.1 libboost_program_options1_54_0-1.54.0-20.1 libboost_program_options1_54_0-debuginfo-1.54.0-20.1 libboost_regex1_54_0-1.54.0-20.1 libboost_regex1_54_0-debuginfo-1.54.0-20.1 libboost_signals1_54_0-1.54.0-20.1 libboost_signals1_54_0-debuginfo-1.54.0-20.1 libboost_system1_54_0-1.54.0-20.1 libboost_system1_54_0-debuginfo-1.54.0-20.1 libboost_thread1_54_0-1.54.0-20.1 libboost_thread1_54_0-debuginfo-1.54.0-20.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): boost-license1_54_0-1.54.0-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): boost-license1_54_0-1.54.0-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libboost_atomic1_54_0-1.54.0-20.1 libboost_atomic1_54_0-debuginfo-1.54.0-20.1 libboost_date_time1_54_0-1.54.0-20.1 libboost_date_time1_54_0-debuginfo-1.54.0-20.1 libboost_filesystem1_54_0-1.54.0-20.1 libboost_filesystem1_54_0-debuginfo-1.54.0-20.1 libboost_iostreams1_54_0-1.54.0-20.1 libboost_iostreams1_54_0-debuginfo-1.54.0-20.1 libboost_program_options1_54_0-1.54.0-20.1 libboost_program_options1_54_0-debuginfo-1.54.0-20.1 libboost_regex1_54_0-1.54.0-20.1 libboost_regex1_54_0-debuginfo-1.54.0-20.1 libboost_signals1_54_0-1.54.0-20.1 libboost_signals1_54_0-debuginfo-1.54.0-20.1 libboost_system1_54_0-1.54.0-20.1 libboost_system1_54_0-debuginfo-1.54.0-20.1 libboost_thread1_54_0-1.54.0-20.1 libboost_thread1_54_0-debuginfo-1.54.0-20.1 - SUSE Enterprise Storage 3 (x86_64): libboost_random1_54_0-1.54.0-20.1 libboost_random1_54_0-debuginfo-1.54.0-20.1 References: https://bugzilla.suse.com/925309 https://bugzilla.suse.com/970706 https://bugzilla.suse.com/996917 From sle-updates at lists.suse.com Thu Oct 20 11:08:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2016 19:08:15 +0200 (CEST) Subject: SUSE-SU-2016:2579-1: moderate: Security update for sssd Message-ID: <20161020170815.A0ABBF7BF@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2579-1 Rating: moderate References: #1002973 #1004220 #880245 #993582 Cross-References: CVE-2014-0249 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for sssd fixes one security issue and three bugs. The following vulnerability was fixed: - CVE-2014-0249: Incorrect expansion of group membership when encountering a non-POSIX group. (bsc#880245) The following non-security fixes were also included: - Prevent crashes of statically linked binaries using getpwuid when sssd is used and nscd is turned off or has caching disabled. (bsc#993582) - Add logrotate configuration to prevent log files from growing too large when running with debug mode enabled. (bsc#1004220) - Order sudo rules by the same logic used by the native LDAP support from sudo. (bsc#1002973) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1513=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1513=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1513=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libipa_hbac-devel-1.11.5.1-28.1 libsss_idmap-devel-1.11.5.1-28.1 libsss_nss_idmap-devel-1.11.5.1-28.1 libsss_nss_idmap0-1.11.5.1-28.1 libsss_nss_idmap0-debuginfo-1.11.5.1-28.1 sssd-debuginfo-1.11.5.1-28.1 sssd-debugsource-1.11.5.1-28.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libipa_hbac0-1.11.5.1-28.1 libipa_hbac0-debuginfo-1.11.5.1-28.1 libsss_idmap0-1.11.5.1-28.1 libsss_idmap0-debuginfo-1.11.5.1-28.1 libsss_sudo-1.11.5.1-28.1 libsss_sudo-debuginfo-1.11.5.1-28.1 python-sssd-config-1.11.5.1-28.1 python-sssd-config-debuginfo-1.11.5.1-28.1 sssd-1.11.5.1-28.1 sssd-ad-1.11.5.1-28.1 sssd-ad-debuginfo-1.11.5.1-28.1 sssd-debuginfo-1.11.5.1-28.1 sssd-debugsource-1.11.5.1-28.1 sssd-ipa-1.11.5.1-28.1 sssd-ipa-debuginfo-1.11.5.1-28.1 sssd-krb5-1.11.5.1-28.1 sssd-krb5-common-1.11.5.1-28.1 sssd-krb5-common-debuginfo-1.11.5.1-28.1 sssd-krb5-debuginfo-1.11.5.1-28.1 sssd-ldap-1.11.5.1-28.1 sssd-ldap-debuginfo-1.11.5.1-28.1 sssd-proxy-1.11.5.1-28.1 sssd-proxy-debuginfo-1.11.5.1-28.1 sssd-tools-1.11.5.1-28.1 sssd-tools-debuginfo-1.11.5.1-28.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): sssd-32bit-1.11.5.1-28.1 sssd-debuginfo-32bit-1.11.5.1-28.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libipa_hbac0-1.11.5.1-28.1 libipa_hbac0-debuginfo-1.11.5.1-28.1 libsss_idmap0-1.11.5.1-28.1 libsss_idmap0-debuginfo-1.11.5.1-28.1 libsss_sudo-1.11.5.1-28.1 libsss_sudo-debuginfo-1.11.5.1-28.1 python-sssd-config-1.11.5.1-28.1 python-sssd-config-debuginfo-1.11.5.1-28.1 sssd-1.11.5.1-28.1 sssd-32bit-1.11.5.1-28.1 sssd-ad-1.11.5.1-28.1 sssd-ad-debuginfo-1.11.5.1-28.1 sssd-debuginfo-1.11.5.1-28.1 sssd-debuginfo-32bit-1.11.5.1-28.1 sssd-debugsource-1.11.5.1-28.1 sssd-ipa-1.11.5.1-28.1 sssd-ipa-debuginfo-1.11.5.1-28.1 sssd-krb5-1.11.5.1-28.1 sssd-krb5-common-1.11.5.1-28.1 sssd-krb5-common-debuginfo-1.11.5.1-28.1 sssd-krb5-debuginfo-1.11.5.1-28.1 sssd-ldap-1.11.5.1-28.1 sssd-ldap-debuginfo-1.11.5.1-28.1 sssd-proxy-1.11.5.1-28.1 sssd-proxy-debuginfo-1.11.5.1-28.1 sssd-tools-1.11.5.1-28.1 sssd-tools-debuginfo-1.11.5.1-28.1 References: https://www.suse.com/security/cve/CVE-2014-0249.html https://bugzilla.suse.com/1002973 https://bugzilla.suse.com/1004220 https://bugzilla.suse.com/880245 https://bugzilla.suse.com/993582 From sle-updates at lists.suse.com Fri Oct 21 06:08:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2016 14:08:44 +0200 (CEST) Subject: SUSE-RU-2016:2581-1: Recommended update for machinery Message-ID: <20161021120844.0DA29F7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for machinery ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2581-1 Rating: low References: #1002805 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides version 1.22.0 of machinery and brings various fixes and improvements: - Add remaining systemd service states in Kiwi export. - Add export of system descriptions as HTML page. This provides an offline view of description. - Fix changed files inspections on dpkg systems in case of diversions. - Add attribute in patterns scope to identify the patterns manager. - Improve navigation in HTML view to connect "list", "show" and "compare" functionality. - Fix service inspector on systemd to include instantiated services. - Introduce format version 10 to allow distinction between files and directories for meta data of unmanaged files. This distinction is only available for newly inspected descriptions. Additionally, an attribute in the patterns scope was added to identify the patterns manager. - Added explanation for 'N/A' fields for each scope. - Added support of the ARM architectures "armv6l", "armv7l" and "aarch64" to our machinery-helper. - Introduce format version 9 which fixes a migration issue. - Rename config-files inspector to changed-config-files inspector to be more intuitive. - Following the previous change the analyze operation was also renamed to changed-config-files-diffs. - Add explanation for patterns-tasks relationship for Debian based systems. - Public serve task now prints hostname for sharing. - Fix export of description with no repositories scope to Autoyast. - Only use required packages for bootstrap in Kiwi export. - Fix regression which prevented changed-config-file diffs from being shown in the HTML output. - Hint now mentions remote-user option. - Hint is printed when `machinery` is called without options. - Rename --exclude-scope option to --ignore-scope. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2016-1514=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): machinery-1.22.0-51.1 machinery-debuginfo-1.22.0-51.1 machinery-debugsource-1.22.0-51.1 References: https://bugzilla.suse.com/1002805 From sle-updates at lists.suse.com Fri Oct 21 07:08:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2016 15:08:49 +0200 (CEST) Subject: SUSE-RU-2016:2582-1: moderate: Recommended update for the Software Update Stack Message-ID: <20161021130850.01C78F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Software Update Stack ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2582-1 Rating: moderate References: #1003748 #1004096 #964932 #984332 #985390 #989830 #992302 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for the Software Update Stack fixes the following issues: libzypp: - Let 'dup --from' leave an updateTestcase-[DATE] in /var/log. (bsc#1004096) - Allow parsing multiple gpgkey= URLs. (bsc#1003748) - Fix parsing of multiline url entries. (bsc#964932) - Report numeric curl error if code is unrecognized. (bsc#992302) zypper: - Add parseable XML output to "zypper locks". (bsc#985390) libsolv: - Also scan /usr/share/metainfo for appdata files. (bsc#989830) - Support tri-state product-endoflife. (fate#320699) - Ignore application extensions for now in appdata parser. (bsc#984332) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1515=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1515=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1515=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libsolv-debugsource-0.6.23-2.34.1 libsolv-devel-0.6.23-2.34.1 libsolv-devel-debuginfo-0.6.23-2.34.1 libzypp-debuginfo-15.23.1-30.1 libzypp-debugsource-15.23.1-30.1 libzypp-devel-15.23.1-30.1 libzypp-devel-doc-15.23.1-30.1 perl-solv-0.6.23-2.34.1 perl-solv-debuginfo-0.6.23-2.34.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libsolv-debugsource-0.6.23-2.34.1 libsolv-tools-0.6.23-2.34.1 libsolv-tools-debuginfo-0.6.23-2.34.1 libzypp-15.23.1-30.1 libzypp-debuginfo-15.23.1-30.1 libzypp-debugsource-15.23.1-30.1 perl-solv-0.6.23-2.34.1 perl-solv-debuginfo-0.6.23-2.34.1 python-solv-0.6.23-2.34.1 python-solv-debuginfo-0.6.23-2.34.1 zypper-1.12.45-31.2 zypper-debuginfo-1.12.45-31.2 zypper-debugsource-1.12.45-31.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): zypper-log-1.12.45-31.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libsolv-debugsource-0.6.23-2.34.1 libsolv-tools-0.6.23-2.34.1 libsolv-tools-debuginfo-0.6.23-2.34.1 libzypp-15.23.1-30.1 libzypp-debuginfo-15.23.1-30.1 libzypp-debugsource-15.23.1-30.1 python-solv-0.6.23-2.34.1 python-solv-debuginfo-0.6.23-2.34.1 zypper-1.12.45-31.2 zypper-debuginfo-1.12.45-31.2 zypper-debugsource-1.12.45-31.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): zypper-log-1.12.45-31.2 References: https://bugzilla.suse.com/1003748 https://bugzilla.suse.com/1004096 https://bugzilla.suse.com/964932 https://bugzilla.suse.com/984332 https://bugzilla.suse.com/985390 https://bugzilla.suse.com/989830 https://bugzilla.suse.com/992302 From sle-updates at lists.suse.com Fri Oct 21 09:17:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2016 17:17:08 +0200 (CEST) Subject: SUSE-SU-2016:2585-1: important: Security update for the Linux Kernel Message-ID: <20161021151708.A6686F7CA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2585-1 Rating: important References: #1004418 Cross-References: CVE-2016-5195 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix one security issue. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kernel-source-12804=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kernel-source-12804=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-12804=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-source-12804=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): kernel-docs-3.0.101-84.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-3.0.101-84.1 kernel-default-base-3.0.101-84.1 kernel-default-devel-3.0.101-84.1 kernel-source-3.0.101-84.1 kernel-syms-3.0.101-84.1 kernel-trace-3.0.101-84.1 kernel-trace-base-3.0.101-84.1 kernel-trace-devel-3.0.101-84.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): kernel-ec2-3.0.101-84.1 kernel-ec2-base-3.0.101-84.1 kernel-ec2-devel-3.0.101-84.1 kernel-xen-3.0.101-84.1 kernel-xen-base-3.0.101-84.1 kernel-xen-devel-3.0.101-84.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): kernel-default-man-3.0.101-84.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64): kernel-ppc64-3.0.101-84.1 kernel-ppc64-base-3.0.101-84.1 kernel-ppc64-devel-3.0.101-84.1 - SUSE Linux Enterprise Server 11-SP4 (i586): kernel-pae-3.0.101-84.1 kernel-pae-base-3.0.101-84.1 kernel-pae-devel-3.0.101-84.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-84.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-84.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-84.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-84.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-84.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-84.1 kernel-default-debugsource-3.0.101-84.1 kernel-trace-debuginfo-3.0.101-84.1 kernel-trace-debugsource-3.0.101-84.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-84.1 kernel-trace-devel-debuginfo-3.0.101-84.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-84.1 kernel-ec2-debugsource-3.0.101-84.1 kernel-xen-debuginfo-3.0.101-84.1 kernel-xen-debugsource-3.0.101-84.1 kernel-xen-devel-debuginfo-3.0.101-84.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-ppc64-debuginfo-3.0.101-84.1 kernel-ppc64-debugsource-3.0.101-84.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-84.1 kernel-pae-debugsource-3.0.101-84.1 kernel-pae-devel-debuginfo-3.0.101-84.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004418 From sle-updates at lists.suse.com Fri Oct 21 10:10:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2016 18:10:10 +0200 (CEST) Subject: SUSE-RU-2016:2586-1: Recommended update for sleha-bootstrap Message-ID: <20161021161010.B7BC6F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sleha-bootstrap ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2586-1 Rating: low References: #988356 #990213 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sleha-bootstrap fixes the following issues: - Set pcmk_delay_max=30s for SBD resource (bsc#988356, bsc#990213) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-sleha-bootstrap-12805=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-sleha-bootstrap-12805=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (noarch): sleha-bootstrap-0.3-0.35.3 - SUSE Linux Enterprise High Availability Extension 11-SP4 (noarch): sleha-bootstrap-0.3-0.35.3 References: https://bugzilla.suse.com/988356 https://bugzilla.suse.com/990213 From sle-updates at lists.suse.com Fri Oct 21 10:10:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2016 18:10:47 +0200 (CEST) Subject: SUSE-RU-2016:2587-1: Recommended update for lxc Message-ID: <20161021161047.10404F7CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for lxc ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2587-1 Rating: low References: #952046 #990672 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lxc changes the initial installation of packages into the SLE rootfs to no longer use the "base" pattern, which is not available on SLED. Additionally, lxc-start will now raise an error when attempting to start a container that is already running. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-lxc-12806=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-lxc-12806=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-lxc-12806=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): lxc-devel-0.8.0-0.32.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): lxc-0.8.0-0.32.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): lxc-0.8.0-0.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): lxc-debuginfo-0.8.0-0.32.1 lxc-debugsource-0.8.0-0.32.1 References: https://bugzilla.suse.com/952046 https://bugzilla.suse.com/990672 From sle-updates at lists.suse.com Fri Oct 21 10:11:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2016 18:11:30 +0200 (CEST) Subject: SUSE-RU-2016:2588-1: moderate: Recommended update for nfs-utils Message-ID: <20161021161130.2F952F7CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2588-1 Rating: moderate References: #1003342 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nfs-utils provides the following fixes: - Don't attempt hostname lookup before the network it up. It isn't needed earlier, but some nfs-utils code was trying and failing anyway. This particularly affect the new nfs-server-generator which can hang early in boot in certain configurations. (bsc#1003342) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1519=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1519=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): nfs-client-1.3.0-35.1 nfs-client-debuginfo-1.3.0-35.1 nfs-doc-1.3.0-35.1 nfs-kernel-server-1.3.0-35.1 nfs-kernel-server-debuginfo-1.3.0-35.1 nfs-utils-debugsource-1.3.0-35.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): nfs-client-1.3.0-35.1 nfs-client-debuginfo-1.3.0-35.1 nfs-kernel-server-1.3.0-35.1 nfs-kernel-server-debuginfo-1.3.0-35.1 nfs-utils-debugsource-1.3.0-35.1 References: https://bugzilla.suse.com/1003342 From sle-updates at lists.suse.com Fri Oct 21 11:08:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2016 19:08:49 +0200 (CEST) Subject: SUSE-SU-2016:2589-1: important: Security update for qemu Message-ID: <20161021170849.CCB07F7C7@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2589-1 Rating: important References: #1000048 #967012 #967013 #982017 #982018 #982019 #982222 #982223 #982285 #982959 #983961 #983982 #991080 #991466 #994760 #994771 #994774 #996441 #997858 #997859 Cross-References: CVE-2016-2391 CVE-2016-2392 CVE-2016-4453 CVE-2016-4454 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has one errata is now available. Description: qemu was updated to fix 19 security issues. These security issues were fixed: - CVE-2016-2392: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet (bsc#967012) - CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers (bsc#967013) - CVE-2016-5106: The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982018) - CVE-2016-5105: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, used an uninitialized variable, which allowed local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982017) - CVE-2016-5107: The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors (bsc#982019) - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982285) - CVE-2016-4454: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read (bsc#982222) - CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982223) - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer (bsc#983982) - CVE-2016-5337: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983961) - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982959) - CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion (bsc#991080) - CVE-2016-6490: Infinite loop in the virtio framework. A privileged user inside the guest could have used this flaw to crash the Qemu instance on the host resulting in DoS (bsc#991466) - CVE-2016-6888: Integer overflow in packet initialisation in VMXNET3 device driver. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS (bsc#994771) - CVE-2016-6833: Use-after-free issue in the VMWARE VMXNET3 NIC device support. A privileged user inside guest could have used this issue to crash the Qemu instance resulting in DoS (bsc#994774) - CVE-2016-7116: Host directory sharing via Plan 9 File System(9pfs) was vulnerable to a directory/path traversal issue. A privileged user inside guest could have used this flaw to access undue files on the host (bsc#996441) - CVE-2016-6836: VMWARE VMXNET3 NIC device support was leaging information leakage. A privileged user inside guest could have used this to leak host memory bytes to a guest (bsc#994760) - CVE-2016-7155: In the VMWARE PVSCSI paravirtual SCSI bus a OOB access and/or infinite loop issue could have allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#997858) - CVE-2016-7156: In the VMWARE PVSCSI paravirtual SCSI bus a infinite loop issue could have allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#997859) This non-security issue was fixed: - bsc#1000048: Fix migration failure where target host is a soon to be released SLES 12 SP2. Qemu's spice code gets an assertion. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1523=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1523=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): qemu-2.3.1-21.1 qemu-block-curl-2.3.1-21.1 qemu-block-curl-debuginfo-2.3.1-21.1 qemu-debugsource-2.3.1-21.1 qemu-guest-agent-2.3.1-21.1 qemu-guest-agent-debuginfo-2.3.1-21.1 qemu-lang-2.3.1-21.1 qemu-tools-2.3.1-21.1 qemu-tools-debuginfo-2.3.1-21.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): qemu-kvm-2.3.1-21.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): qemu-ppc-2.3.1-21.1 qemu-ppc-debuginfo-2.3.1-21.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): qemu-ipxe-1.0.0-21.1 qemu-seabios-1.8.1-21.1 qemu-sgabios-8-21.1 qemu-vgabios-1.8.1-21.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): qemu-block-rbd-2.3.1-21.1 qemu-block-rbd-debuginfo-2.3.1-21.1 qemu-x86-2.3.1-21.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): qemu-s390-2.3.1-21.1 qemu-s390-debuginfo-2.3.1-21.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): qemu-ipxe-1.0.0-21.1 qemu-seabios-1.8.1-21.1 qemu-sgabios-8-21.1 qemu-vgabios-1.8.1-21.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): qemu-2.3.1-21.1 qemu-block-curl-2.3.1-21.1 qemu-block-curl-debuginfo-2.3.1-21.1 qemu-debugsource-2.3.1-21.1 qemu-kvm-2.3.1-21.1 qemu-tools-2.3.1-21.1 qemu-tools-debuginfo-2.3.1-21.1 qemu-x86-2.3.1-21.1 References: https://www.suse.com/security/cve/CVE-2016-2391.html https://www.suse.com/security/cve/CVE-2016-2392.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-5105.html https://www.suse.com/security/cve/CVE-2016-5106.html https://www.suse.com/security/cve/CVE-2016-5107.html https://www.suse.com/security/cve/CVE-2016-5126.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5337.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6490.html https://www.suse.com/security/cve/CVE-2016-6833.html https://www.suse.com/security/cve/CVE-2016-6836.html https://www.suse.com/security/cve/CVE-2016-6888.html https://www.suse.com/security/cve/CVE-2016-7116.html https://www.suse.com/security/cve/CVE-2016-7155.html https://www.suse.com/security/cve/CVE-2016-7156.html https://bugzilla.suse.com/1000048 https://bugzilla.suse.com/967012 https://bugzilla.suse.com/967013 https://bugzilla.suse.com/982017 https://bugzilla.suse.com/982018 https://bugzilla.suse.com/982019 https://bugzilla.suse.com/982222 https://bugzilla.suse.com/982223 https://bugzilla.suse.com/982285 https://bugzilla.suse.com/982959 https://bugzilla.suse.com/983961 https://bugzilla.suse.com/983982 https://bugzilla.suse.com/991080 https://bugzilla.suse.com/991466 https://bugzilla.suse.com/994760 https://bugzilla.suse.com/994771 https://bugzilla.suse.com/994774 https://bugzilla.suse.com/996441 https://bugzilla.suse.com/997858 https://bugzilla.suse.com/997859 From sle-updates at lists.suse.com Fri Oct 21 11:12:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2016 19:12:24 +0200 (CEST) Subject: SUSE-RU-2016:2590-1: moderate: Recommended update for lvm2 Message-ID: <20161021171224.36F10F7CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2590-1 Rating: moderate References: #970943 #979635 #980200 #984321 #997637 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Fix LVM volume disabled after installation (bsc#997637) - Fix clvmd binary not found in case that users still use RA from ocf:lvm2:clvm (bsc#980200) - Fix start of clvm resources due to failure to find lvmconf (bsc#979635) - Restore polling in pvscan's auto-activation handler (bsc#970943) - Improve snapshot merge initiation (bsc#970943) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1520=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1520=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1520=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1520=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): device-mapper-devel-1.02.97-74.1 lvm2-debuginfo-2.02.120-74.1 lvm2-debugsource-2.02.120-74.1 lvm2-devel-2.02.120-74.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): device-mapper-1.02.97-74.1 device-mapper-debuginfo-1.02.97-74.1 lvm2-2.02.120-74.1 lvm2-debuginfo-2.02.120-74.1 lvm2-debugsource-2.02.120-74.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): device-mapper-32bit-1.02.97-74.1 device-mapper-debuginfo-32bit-1.02.97-74.1 - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): lvm2-clvm-2.02.120-74.1 lvm2-clvm-debuginfo-2.02.120-74.1 lvm2-cmirrord-2.02.120-74.1 lvm2-cmirrord-debuginfo-2.02.120-74.1 lvm2-debuginfo-2.02.120-74.1 lvm2-debugsource-2.02.120-74.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): device-mapper-1.02.97-74.1 device-mapper-32bit-1.02.97-74.1 device-mapper-debuginfo-1.02.97-74.1 device-mapper-debuginfo-32bit-1.02.97-74.1 lvm2-2.02.120-74.1 lvm2-debuginfo-2.02.120-74.1 lvm2-debugsource-2.02.120-74.1 References: https://bugzilla.suse.com/970943 https://bugzilla.suse.com/979635 https://bugzilla.suse.com/980200 https://bugzilla.suse.com/984321 https://bugzilla.suse.com/997637 From sle-updates at lists.suse.com Fri Oct 21 11:13:37 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2016 19:13:37 +0200 (CEST) Subject: SUSE-RU-2016:2591-1: moderate: Recommended update for ha-cluster-bootstrap Message-ID: <20161021171337.767C5F7CA@maintenance.suse.de> SUSE Recommended Update: Recommended update for ha-cluster-bootstrap ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2591-1 Rating: moderate References: #981056 #988356 #990213 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for ha-cluster-bootstrap fixes the following issues: - Set pcmk_delay_max=30s for SBD resource (bsc#988356, bsc#990213) - Don't configure no-quorum-policy=ignore, ever (bsc#981056) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1521=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (noarch): ha-cluster-bootstrap-0.4+git.1441350120.8e9abbe-7.1 References: https://bugzilla.suse.com/981056 https://bugzilla.suse.com/988356 https://bugzilla.suse.com/990213 From sle-updates at lists.suse.com Fri Oct 21 11:14:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2016 19:14:23 +0200 (CEST) Subject: SUSE-SU-2016:2592-1: important: Security update for the Linux Kernel Message-ID: <20161021171423.5015DF7CA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2592-1 Rating: important References: #1001419 #1002165 #1004418 #904970 #907150 #920615 #920633 #930408 Cross-References: CVE-2016-5195 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to fix two issues. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). This non-security bug was fixed: - sched/core: Fix a race between try_to_wake_up() and a woken up task (bsc#1002165, bsc#1001419). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1522=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1522=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1522=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1522=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1522=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1522=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): kernel-default-debuginfo-3.12.62-60.64.8.2 kernel-default-debugsource-3.12.62-60.64.8.2 kernel-default-extra-3.12.62-60.64.8.2 kernel-default-extra-debuginfo-3.12.62-60.64.8.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kernel-obs-build-3.12.62-60.64.8.3 kernel-obs-build-debugsource-3.12.62-60.64.8.3 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kernel-docs-3.12.62-60.64.8.5 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kernel-default-3.12.62-60.64.8.2 kernel-default-base-3.12.62-60.64.8.2 kernel-default-base-debuginfo-3.12.62-60.64.8.2 kernel-default-debuginfo-3.12.62-60.64.8.2 kernel-default-debugsource-3.12.62-60.64.8.2 kernel-default-devel-3.12.62-60.64.8.2 kernel-syms-3.12.62-60.64.8.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-devel-3.12.62-60.64.8.2 kernel-macros-3.12.62-60.64.8.2 kernel-source-3.12.62-60.64.8.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kernel-xen-3.12.62-60.64.8.2 kernel-xen-base-3.12.62-60.64.8.2 kernel-xen-base-debuginfo-3.12.62-60.64.8.2 kernel-xen-debuginfo-3.12.62-60.64.8.2 kernel-xen-debugsource-3.12.62-60.64.8.2 kernel-xen-devel-3.12.62-60.64.8.2 - SUSE Linux Enterprise Server 12-SP1 (s390x): kernel-default-man-3.12.62-60.64.8.2 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.62-60.64.8.2 kernel-ec2-debuginfo-3.12.62-60.64.8.2 kernel-ec2-debugsource-3.12.62-60.64.8.2 kernel-ec2-devel-3.12.62-60.64.8.2 kernel-ec2-extra-3.12.62-60.64.8.2 kernel-ec2-extra-debuginfo-3.12.62-60.64.8.2 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_64_8-default-1-2.2 kgraft-patch-3_12_62-60_64_8-xen-1-2.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kernel-default-3.12.62-60.64.8.2 kernel-default-debuginfo-3.12.62-60.64.8.2 kernel-default-debugsource-3.12.62-60.64.8.2 kernel-default-devel-3.12.62-60.64.8.2 kernel-default-extra-3.12.62-60.64.8.2 kernel-default-extra-debuginfo-3.12.62-60.64.8.2 kernel-syms-3.12.62-60.64.8.2 kernel-xen-3.12.62-60.64.8.2 kernel-xen-debuginfo-3.12.62-60.64.8.2 kernel-xen-debugsource-3.12.62-60.64.8.2 kernel-xen-devel-3.12.62-60.64.8.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-devel-3.12.62-60.64.8.2 kernel-macros-3.12.62-60.64.8.2 kernel-source-3.12.62-60.64.8.2 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1001419 https://bugzilla.suse.com/1002165 https://bugzilla.suse.com/1004418 https://bugzilla.suse.com/904970 https://bugzilla.suse.com/907150 https://bugzilla.suse.com/920615 https://bugzilla.suse.com/920633 https://bugzilla.suse.com/930408 From sle-updates at lists.suse.com Fri Oct 21 13:08:19 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2016 21:08:19 +0200 (CEST) Subject: SUSE-SU-2016:2593-1: important: Security update for the Linux Kernel Message-ID: <20161021190819.E4D73FFC3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2593-1 Rating: important References: #1001419 #1002165 #1004418 #904970 #907150 #920615 #920633 #930408 Cross-References: CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: The SUSE Linux Enterprise 12 GA LTSS kernel was updated to fix two issues. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). This non-security bug was fixed: - sched/core: Fix a race between try_to_wake_up() and a woken up task (bsc#1002165, bsc#1001419). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1524=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1524=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1524=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): kernel-devel-3.12.60-52.57.1 kernel-macros-3.12.60-52.57.1 kernel-source-3.12.60-52.57.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): kernel-default-3.12.60-52.57.1 kernel-default-base-3.12.60-52.57.1 kernel-default-base-debuginfo-3.12.60-52.57.1 kernel-default-debuginfo-3.12.60-52.57.1 kernel-default-debugsource-3.12.60-52.57.1 kernel-default-devel-3.12.60-52.57.1 kernel-syms-3.12.60-52.57.1 kernel-xen-3.12.60-52.57.1 kernel-xen-base-3.12.60-52.57.1 kernel-xen-base-debuginfo-3.12.60-52.57.1 kernel-xen-debuginfo-3.12.60-52.57.1 kernel-xen-debugsource-3.12.60-52.57.1 kernel-xen-devel-3.12.60-52.57.1 kgraft-patch-3_12_60-52_57-default-1-2.1 kgraft-patch-3_12_60-52_57-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.60-52.57.1 kernel-default-base-3.12.60-52.57.1 kernel-default-base-debuginfo-3.12.60-52.57.1 kernel-default-debuginfo-3.12.60-52.57.1 kernel-default-debugsource-3.12.60-52.57.1 kernel-default-devel-3.12.60-52.57.1 kernel-syms-3.12.60-52.57.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.60-52.57.1 kernel-macros-3.12.60-52.57.1 kernel-source-3.12.60-52.57.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.60-52.57.1 kernel-xen-base-3.12.60-52.57.1 kernel-xen-base-debuginfo-3.12.60-52.57.1 kernel-xen-debuginfo-3.12.60-52.57.1 kernel-xen-debugsource-3.12.60-52.57.1 kernel-xen-devel-3.12.60-52.57.1 kgraft-patch-3_12_60-52_57-default-1-2.1 kgraft-patch-3_12_60-52_57-xen-1-2.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.60-52.57.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.60-52.57.1 kernel-ec2-debuginfo-3.12.60-52.57.1 kernel-ec2-debugsource-3.12.60-52.57.1 kernel-ec2-devel-3.12.60-52.57.1 kernel-ec2-extra-3.12.60-52.57.1 kernel-ec2-extra-debuginfo-3.12.60-52.57.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1001419 https://bugzilla.suse.com/1002165 https://bugzilla.suse.com/1004418 https://bugzilla.suse.com/904970 https://bugzilla.suse.com/907150 https://bugzilla.suse.com/920615 https://bugzilla.suse.com/920633 https://bugzilla.suse.com/930408 From sle-updates at lists.suse.com Fri Oct 21 16:08:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2016 00:08:39 +0200 (CEST) Subject: SUSE-RU-2016:2594-1: Recommended update for cfengine Message-ID: <20161021220840.02C38FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for cfengine ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2594-1 Rating: low References: #990198 #990210 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cfengine fixes the following issues: - Add cfengine3.target that controls start/stop of all CFengine daemons. (bsc#990198) - Replace MD5 functionality with SHA256 so we can run cf-serverd in FIPS mode. (bsc#990210) - Do not generate keys on install. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1526=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2016-1526=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): cfengine-debuginfo-3.7.3-16.1 cfengine-debugsource-3.7.3-16.1 libpromises-devel-3.7.3-16.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): cfengine-3.7.3-16.1 cfengine-debuginfo-3.7.3-16.1 cfengine-debugsource-3.7.3-16.1 cfengine-doc-3.7.3-16.1 libpromises3-3.7.3-16.1 libpromises3-debuginfo-3.7.3-16.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): cfengine-masterfiles-3.7.3-9.1 References: https://bugzilla.suse.com/990198 https://bugzilla.suse.com/990210 From sle-updates at lists.suse.com Fri Oct 21 16:09:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2016 00:09:26 +0200 (CEST) Subject: SUSE-RU-2016:2595-1: moderate: Recommended update for open-fcoe Message-ID: <20161021220926.F1A58FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-fcoe ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2595-1 Rating: moderate References: #935957 #940241 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-fcoe fixes the following issues: - Don't add FCoE to an initrd if the CNA does not require it. (bsc#940241) - Create rtnl socket without multicast group for sanmac discovery. (bsc#935957) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-open-fcoe-12808=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-open-fcoe-12808=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): open-fcoe-1.0.29-0.19.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): open-fcoe-debuginfo-1.0.29-0.19.3 open-fcoe-debugsource-1.0.29-0.19.3 References: https://bugzilla.suse.com/935957 https://bugzilla.suse.com/940241 From sle-updates at lists.suse.com Fri Oct 21 16:10:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2016 00:10:21 +0200 (CEST) Subject: SUSE-SU-2016:2596-1: important: Security update for the Linux Kernel Message-ID: <20161021221021.E673FFFC5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2596-1 Rating: important References: #1004418 Cross-References: CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to fix one security issue. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-kernel-source-12807=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-kernel-source-12807=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.7.44.1 kernel-default-base-3.0.101-0.7.44.1 kernel-default-devel-3.0.101-0.7.44.1 kernel-source-3.0.101-0.7.44.1 kernel-syms-3.0.101-0.7.44.1 kernel-trace-3.0.101-0.7.44.1 kernel-trace-base-3.0.101-0.7.44.1 kernel-trace-devel-3.0.101-0.7.44.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.7.44.1 kernel-ec2-base-3.0.101-0.7.44.1 kernel-ec2-devel-3.0.101-0.7.44.1 kernel-xen-3.0.101-0.7.44.1 kernel-xen-base-3.0.101-0.7.44.1 kernel-xen-devel-3.0.101-0.7.44.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x): kernel-default-man-3.0.101-0.7.44.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): kernel-pae-3.0.101-0.7.44.1 kernel-pae-base-3.0.101-0.7.44.1 kernel-pae-devel-3.0.101-0.7.44.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.7.44.1 kernel-default-debugsource-3.0.101-0.7.44.1 kernel-default-devel-debuginfo-3.0.101-0.7.44.1 kernel-trace-debuginfo-3.0.101-0.7.44.1 kernel-trace-debugsource-3.0.101-0.7.44.1 kernel-trace-devel-debuginfo-3.0.101-0.7.44.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.7.44.1 kernel-ec2-debugsource-3.0.101-0.7.44.1 kernel-xen-debuginfo-3.0.101-0.7.44.1 kernel-xen-debugsource-3.0.101-0.7.44.1 kernel-xen-devel-debuginfo-3.0.101-0.7.44.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586): kernel-pae-debuginfo-3.0.101-0.7.44.1 kernel-pae-debugsource-3.0.101-0.7.44.1 kernel-pae-devel-debuginfo-3.0.101-0.7.44.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004418 From sle-updates at lists.suse.com Sun Oct 23 13:08:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2016 21:08:40 +0200 (CEST) Subject: SUSE-SU-2016:2598-1: important: Security update for Chromium Message-ID: <20161023190840.CD135FFC5@maintenance.suse.de> SUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2598-1 Rating: important References: #1000019 #1004465 Cross-References: CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: Chromium was updated to 54.0.2840.59 to fix security issues and bugs. The following security issues are fixed (bnc#1004465): - CVE-2016-5181: Universal XSS in Blink - CVE-2016-5182: Heap overflow in Blink - CVE-2016-5183: Use after free in PDFium - CVE-2016-5184: Use after free in PDFium - CVE-2016-5185: Use after free in Blink - CVE-2016-5187: URL spoofing - CVE-2016-5188: UI spoofing - CVE-2016-5192: Cross-origin bypass in Blink - CVE-2016-5189: URL spoofing - CVE-2016-5186: Out of bounds read in DevTools - CVE-2016-5191: Universal XSS in Bookmarks - CVE-2016-5190: Use after free in Internals - CVE-2016-5193: Scheme bypass The following bugs were fixed: - bnc#1000019: display issues in full screen mode, add --ui-disable-partial-swap to the launcher The following packaging changes are included: - The desktop sub-packages are no obsolete - The package now uses the system variants of some bundled libraries - The hangouts extension is now built Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch 5717=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-54.0.2840.59-109.1 chromedriver-debuginfo-54.0.2840.59-109.1 chromium-54.0.2840.59-109.1 chromium-debuginfo-54.0.2840.59-109.1 chromium-debugsource-54.0.2840.59-109.1 chromium-ffmpegsumo-54.0.2840.59-109.1 chromium-ffmpegsumo-debuginfo-54.0.2840.59-109.1 References: https://www.suse.com/security/cve/CVE-2016-5181.html https://www.suse.com/security/cve/CVE-2016-5182.html https://www.suse.com/security/cve/CVE-2016-5183.html https://www.suse.com/security/cve/CVE-2016-5184.html https://www.suse.com/security/cve/CVE-2016-5185.html https://www.suse.com/security/cve/CVE-2016-5186.html https://www.suse.com/security/cve/CVE-2016-5187.html https://www.suse.com/security/cve/CVE-2016-5188.html https://www.suse.com/security/cve/CVE-2016-5189.html https://www.suse.com/security/cve/CVE-2016-5190.html https://www.suse.com/security/cve/CVE-2016-5191.html https://www.suse.com/security/cve/CVE-2016-5192.html https://www.suse.com/security/cve/CVE-2016-5193.html https://bugzilla.suse.com/1000019 https://bugzilla.suse.com/1004465 From sle-updates at lists.suse.com Mon Oct 24 08:08:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2016 16:08:12 +0200 (CEST) Subject: SUSE-RU-2016:2611-1: moderate: Recommended update for rubygem-chef Message-ID: <20161024140812.66437FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2611-1 Rating: moderate References: #991435 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 3 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef fixes the following issues: - Fix chef configuration in case multiple partitions are used (bsc#991435) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1531=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1531=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1531=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-chef-10.32.2-10.1 rubygem-chef-10.32.2-10.1 - SUSE Enterprise Storage 3 (x86_64): ruby2.1-rubygem-chef-10.32.2-10.1 rubygem-chef-10.32.2-10.1 - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-chef-10.32.2-10.1 rubygem-chef-10.32.2-10.1 References: https://bugzilla.suse.com/991435 From sle-updates at lists.suse.com Mon Oct 24 08:08:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2016 16:08:38 +0200 (CEST) Subject: SUSE-RU-2016:2612-1: moderate: Recommended update for crowbar-openstack and openstack-cinder Message-ID: <20161024140838.2D8CAFFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-openstack and openstack-cinder ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2612-1 Rating: moderate References: #991985 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-openstack and openstack-cinder fixes the following issues: - Improve OpenStack service start handling (bsc#991985) - Update to latest code from OpenStack Liberty - cinder: Use service-specific config files to allow overriding settings - cinder: Allow to use active/passive cinder-volumes in HA - horizon: Enable password retrieve option Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1529=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-openstack-3.0+git.1473176989.8601d1a-21.1 openstack-cinder-7.0.3~a0~dev7-10.1 openstack-cinder-api-7.0.3~a0~dev7-10.1 openstack-cinder-backup-7.0.3~a0~dev7-10.1 openstack-cinder-doc-7.0.3~a0~dev7-10.1 openstack-cinder-scheduler-7.0.3~a0~dev7-10.1 openstack-cinder-volume-7.0.3~a0~dev7-10.1 python-cinder-7.0.3~a0~dev7-10.1 References: https://bugzilla.suse.com/991985 From sle-updates at lists.suse.com Mon Oct 24 08:09:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2016 16:09:07 +0200 (CEST) Subject: SUSE-RU-2016:2613-1: moderate: Recommended update for crowbar and crowbar-core Message-ID: <20161024140907.A23A6FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar and crowbar-core ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2613-1 Rating: moderate References: #975473 #993035 #994125 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crowbar and crowbar-core fixes the following issues: - Fail in the package installation if the barclamp installation fails (bsc#993035) - Always run rake tasks as crowbar user - Various preparations for the upgrade to SUSE OpenStack Cloud 7 - Improve network speed detection - Improve batch export backend (bsc#994125) - Improve database schema handling while database migration Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1530=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1530=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-3.0+git.1472050458.c48d934-14.1 crowbar-core-3.0+git.1473177183.7ddfa69-11.3 crowbar-core-branding-upstream-3.0+git.1473177183.7ddfa69-11.3 crowbar-devel-3.0+git.1472050458.c48d934-14.1 - SUSE Enterprise Storage 2.1 (noarch): crowbar-3.0+git.1472050458.c48d934-14.1 References: https://bugzilla.suse.com/975473 https://bugzilla.suse.com/993035 https://bugzilla.suse.com/994125 From sle-updates at lists.suse.com Mon Oct 24 09:08:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2016 17:08:22 +0200 (CEST) Subject: SUSE-SU-2016:2614-1: important: Security update for the Linux Kernel Message-ID: <20161024150822.8101BF7B8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2614-1 Rating: important References: #1004418 Cross-References: CVE-2016-5195 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to fix one security issue. This security bug was fixed: - CVE-2016-5195: Local privilege escalation using MAP_PRIVATE. It is reportedly exploited in the wild (bsc#1004418). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-kernel-source-12809=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-kernel-source-12809=1 - SUSE Manager 2.1: zypper in -t patch sleman21-kernel-source-12809=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-source-12809=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-source-12809=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-source-12809=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-source-12809=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): kernel-bigsmp-3.0.101-0.47.90.1 kernel-bigsmp-base-3.0.101-0.47.90.1 kernel-bigsmp-devel-3.0.101-0.47.90.1 kernel-default-3.0.101-0.47.90.1 kernel-default-base-3.0.101-0.47.90.1 kernel-default-devel-3.0.101-0.47.90.1 kernel-ec2-3.0.101-0.47.90.1 kernel-ec2-base-3.0.101-0.47.90.1 kernel-ec2-devel-3.0.101-0.47.90.1 kernel-source-3.0.101-0.47.90.1 kernel-syms-3.0.101-0.47.90.1 kernel-trace-3.0.101-0.47.90.1 kernel-trace-base-3.0.101-0.47.90.1 kernel-trace-devel-3.0.101-0.47.90.1 kernel-xen-3.0.101-0.47.90.1 kernel-xen-base-3.0.101-0.47.90.1 kernel-xen-devel-3.0.101-0.47.90.1 - SUSE Manager Proxy 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.90.1 kernel-bigsmp-base-3.0.101-0.47.90.1 kernel-bigsmp-devel-3.0.101-0.47.90.1 kernel-default-3.0.101-0.47.90.1 kernel-default-base-3.0.101-0.47.90.1 kernel-default-devel-3.0.101-0.47.90.1 kernel-ec2-3.0.101-0.47.90.1 kernel-ec2-base-3.0.101-0.47.90.1 kernel-ec2-devel-3.0.101-0.47.90.1 kernel-source-3.0.101-0.47.90.1 kernel-syms-3.0.101-0.47.90.1 kernel-trace-3.0.101-0.47.90.1 kernel-trace-base-3.0.101-0.47.90.1 kernel-trace-devel-3.0.101-0.47.90.1 kernel-xen-3.0.101-0.47.90.1 kernel-xen-base-3.0.101-0.47.90.1 kernel-xen-devel-3.0.101-0.47.90.1 - SUSE Manager 2.1 (s390x x86_64): kernel-default-3.0.101-0.47.90.1 kernel-default-base-3.0.101-0.47.90.1 kernel-default-devel-3.0.101-0.47.90.1 kernel-source-3.0.101-0.47.90.1 kernel-syms-3.0.101-0.47.90.1 kernel-trace-3.0.101-0.47.90.1 kernel-trace-base-3.0.101-0.47.90.1 kernel-trace-devel-3.0.101-0.47.90.1 - SUSE Manager 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.90.1 kernel-bigsmp-base-3.0.101-0.47.90.1 kernel-bigsmp-devel-3.0.101-0.47.90.1 kernel-ec2-3.0.101-0.47.90.1 kernel-ec2-base-3.0.101-0.47.90.1 kernel-ec2-devel-3.0.101-0.47.90.1 kernel-xen-3.0.101-0.47.90.1 kernel-xen-base-3.0.101-0.47.90.1 kernel-xen-devel-3.0.101-0.47.90.1 - SUSE Manager 2.1 (s390x): kernel-default-man-3.0.101-0.47.90.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.90.1 kernel-default-base-3.0.101-0.47.90.1 kernel-default-devel-3.0.101-0.47.90.1 kernel-source-3.0.101-0.47.90.1 kernel-syms-3.0.101-0.47.90.1 kernel-trace-3.0.101-0.47.90.1 kernel-trace-base-3.0.101-0.47.90.1 kernel-trace-devel-3.0.101-0.47.90.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.90.1 kernel-ec2-base-3.0.101-0.47.90.1 kernel-ec2-devel-3.0.101-0.47.90.1 kernel-xen-3.0.101-0.47.90.1 kernel-xen-base-3.0.101-0.47.90.1 kernel-xen-devel-3.0.101-0.47.90.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.90.1 kernel-bigsmp-base-3.0.101-0.47.90.1 kernel-bigsmp-devel-3.0.101-0.47.90.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.90.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.90.1 kernel-pae-base-3.0.101-0.47.90.1 kernel-pae-devel-3.0.101-0.47.90.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 s390x x86_64): kernel-default-extra-3.0.101-0.47.90.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.90.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.90.1 kernel-trace-extra-3.0.101-0.47.90.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.90.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.90.1 kernel-default-base-3.0.101-0.47.90.1 kernel-default-devel-3.0.101-0.47.90.1 kernel-ec2-3.0.101-0.47.90.1 kernel-ec2-base-3.0.101-0.47.90.1 kernel-ec2-devel-3.0.101-0.47.90.1 kernel-pae-3.0.101-0.47.90.1 kernel-pae-base-3.0.101-0.47.90.1 kernel-pae-devel-3.0.101-0.47.90.1 kernel-source-3.0.101-0.47.90.1 kernel-syms-3.0.101-0.47.90.1 kernel-trace-3.0.101-0.47.90.1 kernel-trace-base-3.0.101-0.47.90.1 kernel-trace-devel-3.0.101-0.47.90.1 kernel-xen-3.0.101-0.47.90.1 kernel-xen-base-3.0.101-0.47.90.1 kernel-xen-devel-3.0.101-0.47.90.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.90.1 kernel-default-debugsource-3.0.101-0.47.90.1 kernel-trace-debuginfo-3.0.101-0.47.90.1 kernel-trace-debugsource-3.0.101-0.47.90.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.90.1 kernel-ec2-debugsource-3.0.101-0.47.90.1 kernel-xen-debuginfo-3.0.101-0.47.90.1 kernel-xen-debugsource-3.0.101-0.47.90.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.90.1 kernel-bigsmp-debugsource-3.0.101-0.47.90.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.90.1 kernel-pae-debugsource-3.0.101-0.47.90.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004418 From sle-updates at lists.suse.com Mon Oct 24 10:08:20 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2016 18:08:20 +0200 (CEST) Subject: SUSE-RU-2016:2615-1: moderate: Recommended update for cobbler Message-ID: <20161024160820.E6DABFFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2615-1 Rating: moderate References: #986978 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cobbler fixes the following issue: - Enabling PXE grub2 support for PowerPC (bsc#986978) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1533=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): cobbler-2.6.6-39.1 References: https://bugzilla.suse.com/986978 From sle-updates at lists.suse.com Mon Oct 24 10:08:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2016 18:08:46 +0200 (CEST) Subject: SUSE-RU-2016:2616-1: moderate: Recommended update for SUSE Manager Server 3.0 Message-ID: <20161024160846.48AC7FFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2616-1 Rating: moderate References: #1000666 #1001361 #1002231 #1003123 #1004454 #1004456 #967894 #969790 #969889 #971372 #973198 #979476 #979664 #980678 #981278 #982347 #983347 #984794 #986019 #986447 #986770 #986796 #987835 #987864 #988196 #988303 #989498 #990202 #990439 #990738 #990789 #991440 #992987 #993304 #994305 #994578 #994619 #994623 #995314 #996609 #997243 #998185 #998329 #998380 #998542 #999304 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has 46 recommended fixes can now be installed. Description: This update includes the following new features: - Support for Salt minions via SUSE Manager Proxy - Salt on Expanded Support Platform - Support for SLE12 SP2 product family - skipping a Service Pack during SP migration This update fixes the following issues: pxe-default-image: - Rebuild with latest OS fixes rhnlib: - Add function aliases for backward compatibility (bsc#998185) smdba: - Fix recovery.conf permissions and ownership for latest PostgreSQL (bsc#1002231) spacewalk-backend: - Fix invalid severity error (bsc#996609) - Fix for non-integer IDs for bugzilla bug - Silently ignore non-existing errata severity label on errata import, remove non-used exception (bsc#986447) - Make suseLib usable on a proxy spacewalk-branding: - Support Formulas in SUSE Manager - SPMigration: add multi-target-selection step in front of the wizard - Handle minion down and job not found when canceling jobs on minions (bsc#993304,bsc#994623) - Rename Errata to Patches/Updates in system details page (bsc#979476) - Change btn-primary border color to @suse-green-dark (bsc#967894) - Re-title page as "Managed Systems" (bsc#981278) - Rename "States Catalog" to "State Catalog" in UI spacewalk-certs-tools: - Install zypp-plugin-spacewalk only with traditional stack - Fix traditional bootstrap on RES (bsc#1004454) - Fix traditional bootstrap for RHEL clients (bsc#1003123) - Added the bootstrap repo for RHEL minions when using the bootstrap.sh script (bsc#1001361) - Use init.d where systemd is not available - Salt: do not up2date/remote-mgmt/disable local repo - Only use the first activation key for minions - Add `--salt` option to mgr-bootstrap command to create a bootstrap script which install and configure salt - Terminate registration if hosts aren't found in nsswitch configuration (bsc#992565) - Check only if all required packages are installed (bsc#992987) spacewalk-client-tools: - Logging message in case of malformed XML file - Prevent crashes if machine-id is None (bsc#994619) - Print invalid package name and replace the invalid character - Ignore packages with not UTF-8 characters in name, version and release (bsc#990738) spacewalk-config: - Make the Apache proxy timeout greater (5 min) than the Salt timeout (bsc#993304,bsc#994623) spacewalk-java: - Fix "Duplicate Systems" misreporting. (bsc#983347) - Fix internal server error when calling mgr-sync (bsc#982347) - Hide all formula tabs as long as there are no formulas installed - Support formulas in SUSE Manager - SPMigration UI: list not synced channels in the tooltip - SPMigration: add multi-target-selection step in front of the wizard - Sync product extensions - Handle JsonException when sls with error (bsc#987835) - Many fixes for onboarding minions - Handle hardware refresh like any other action - Clone Severity from an errata (bsc#1000666) - Do not check for password type on autoyast files (bsc#999304) - Handle minion down and job not found when canceling jobs on minions (bsc#993304,bsc#994623) - Clear hibernate session after entity type change to fix NonUniqueObjectException (bsc#997243) - Remove previous client capabilities on traditional->minion reactivation (bsc#997243) - Enables pkgset beacon to work in RHEL systems - Support Open Enterprise Server 11 SP3 (bsc#988303) - Fix broken merge (bsc#987864) - Use raw package install for non zypper systems - Redirect user to a meaningful page after requesting details of non-existing Action Chain (bsc#973198) - Setup Salt Minion before packages are taken - Support Salt on RedHat like systems - Fix race condition during auto errata update (bsc#969790) - API requests should not be redirected to login - Introduce Spark router conventions - Add server endpoint for TaskoTop web UI page - Change EmptyString warning to debug log level to not spam the logs (bsc#989498) - BugFix: use user preferences parameters as default page size (bsc#980678) - Add proxy detection during registration and pillar generation - Adding default channel for minion (bsc#986019) - Fix NoClassDefFoundError (bsc#988196) - Call cobbler sync in profile edit only if requested (bsc#991440) - No explicit cobbler sync needed (bsc#991440) - Call all sync_* functions at minion start event - Add beacon configuration for pkgset (bsc#971372) spacewalk-setup: - Commented on file_roots/pillar_roots - Added formula directories and formulas.sls to setup script - Master_tops module provides static top information - Merging top.sls files in base env (bsc#986770) spacewalk-web: - Support formulas in SUSE Manager - Switched SUSE Manager version to 3.0.1 - Introduce Spark router conventions - Disable strict host key checking per default - Rename "States Catalog" to "State Catalog" in UI - Add TaskoTop to UI - BugFix: use user preferences parameters as default page size (bsc#980678) - Unified table version susemanager: - Support creating bootstrap repository for SLE12 SP2 family (bsc#969889) - Use systemctl instead of insserv for enabling postgresql - Quietly enable systemd services and do not pollute logfiles - Enable postgresql via systemctl; it's already adapted to systemd (bsc#995314) - Check the integrity of an archive before the import actually starts - Mgr-create-bootstrap-repo: Support to append additional packages names via commandline - Mgr-create-bootstrap-repo: Collect errors and print them at the end and copy all found packages - Add salt bootstrap repo data for RES6 and RES7 - Added dependencies for JeOS SLE12 - Add dependency packages for JeOS (fate#320809) - Enable and start postfix on setup (bsc#979664) susemanager-docs_en: - Getting Started with SALT section missing in documentation (bsc#998542) - Getting started with Salt only shows headers but no content (bsc#990789) - Salt GS Single HTML missing on suse.com/documentation (bsc#998329) - Constructing the Sandbox with JeOS image (bsc#986796) - Added Comments for users to /etc/salt/master.d/susemanager.conf for file_roots, pillar_roots, and external pillar (bsc#984794) - DOCREVIEW: Fixed a large number of DocReview Reported Comments(Internal Documentation Testing Bugs) - ALL: Added Doc Update Sections to each book - GETTING STARTED: Salt Getting Started Content - BEST PRACTICE: Additional Resources YAML, jinja, and Salt - BEST PRACTICE: Backup Chapter Updates - BEST PRACTICE: Minor Product Comparison Updates - BEST PRACTICE: Added a Common Administration Tasks Section - BEST PRACTICE: Added Additional Tips to Troubleshooting Chapter - REFERENCE: Added New SP Migration Features (Skipping a Service pack) - ADVANCED TOPICS: Added Salt Proxy Quickstart Chapter - ADVANCED TOPICS: Getting Started with Icinga Chapter susemanager-schema: - Add table for storing product extensions - Add severity_id to rhnErrataTmp for consistency with rhnErrata (bsc#1000666) - Fixing suseMinionInfo.sql to make 'osFamily' NULLABLE - Delete rhnContentSourceFilter before rhnContentSource (bsc#998380) - Avoid a deadlock when deleting a server (bsc#969790) susemanager-sls: - Only normalize lists (bsc#1004456) - Call normalize() before add_scsi_info() (bsc#1004456) - Fixed bug with numbers in FormulaForm and improved ext_pillar script - Added formula directories and formulas.sls to setup script - External pillar script now also includes formula pillars - Rename symlinks according to changed 'os' grain for Expanded Support - Adding certs states for RHEL minion based on SLES-ES - Rename udevdb scsi info json key - Add support for mapping mainframe sysinfo - Implement isX86() in jinja more correctly - Initial support for querying and saving DMI info - Add support for mapping the devices - Actually handle incoming hardware details - Initial version of the hardware.profileupdate sls - Added pkgset beacon support in susemanager yum plugin - Trust also RES GPG key on all RedHat minions - Trust GPG keys for SUSE Manager Tools channel on RES - Configure bootstrap repository for RES - Always enable salt-minion service while bootstrapping (bsc#990202) - CentOS cert state symlinks and fixes - States for installing certificate on redhat minions - Pkg.list_products only on Suse - Yum plugin to add jwt token as http header - Generate SLE 12 bootstrap repo path correctly (bsc#994578) - Merging top.sls files in base env (bsc#986770) - Watch files instead of require susemanager-sync-data: - Add support for Open Enterprise Server 11 SP3 (bsc#988303) - Add Support for SLE12 SP2 family (bsc#969889) - AMD repository removed because of security reasons - Add SLES12-GA-LTSS-X86 and SLES12-GA-LTSS-Z channel families (bsc#994305) python-certifi: - Added to fix salt-ssh on SLE11 target machine (bsc#990439) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1539=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): pxe-default-image-3.0-0.13.5 pxe-default-image-debugsource-3.0-0.13.5 rhnlib-2.5.84.3-3.1 spacewalk-backend-2.5.24.6-11.1 spacewalk-backend-app-2.5.24.6-11.1 spacewalk-backend-applet-2.5.24.6-11.1 spacewalk-backend-config-files-2.5.24.6-11.1 spacewalk-backend-config-files-common-2.5.24.6-11.1 spacewalk-backend-config-files-tool-2.5.24.6-11.1 spacewalk-backend-iss-2.5.24.6-11.1 spacewalk-backend-iss-export-2.5.24.6-11.1 spacewalk-backend-libs-2.5.24.6-11.1 spacewalk-backend-package-push-server-2.5.24.6-11.1 spacewalk-backend-server-2.5.24.6-11.1 spacewalk-backend-sql-2.5.24.6-11.1 spacewalk-backend-sql-oracle-2.5.24.6-11.1 spacewalk-backend-sql-postgresql-2.5.24.6-11.1 spacewalk-backend-tools-2.5.24.6-11.1 spacewalk-backend-xml-export-libs-2.5.24.6-11.1 spacewalk-backend-xmlrpc-2.5.24.6-11.1 spacewalk-base-2.5.7.10-9.1 spacewalk-base-minimal-2.5.7.10-9.1 spacewalk-base-minimal-config-2.5.7.10-9.1 spacewalk-certs-tools-2.5.1.5-8.1 spacewalk-client-tools-2.5.13.6-11.1 spacewalk-config-2.5.2.4-3.1 spacewalk-html-2.5.7.10-9.1 spacewalk-java-2.5.59.9-9.3 spacewalk-java-config-2.5.59.9-9.3 spacewalk-java-lib-2.5.59.9-9.3 spacewalk-java-oracle-2.5.59.9-9.3 spacewalk-java-postgresql-2.5.59.9-9.3 spacewalk-setup-2.5.3.9-6.1 spacewalk-taskomatic-2.5.59.9-9.3 susemanager-advanced-topics_en-pdf-3-15.3 susemanager-best-practices_en-pdf-3-15.3 susemanager-docs_en-3-15.3 susemanager-getting-started_en-pdf-3-15.3 susemanager-jsp_en-3-15.3 susemanager-reference_en-pdf-3-15.3 susemanager-schema-3.0.15-9.1 susemanager-sls-0.1.16-11.1 susemanager-sync-data-3.0.11-9.1 - SUSE Manager Server 3.0 (x86_64): python-certifi-2015.9.6.2-2.1 smdba-1.5.5-0.6.1 spacewalk-branding-2.5.2.11-9.1 susemanager-3.0.17-9.1 susemanager-tools-3.0.17-9.1 References: https://bugzilla.suse.com/1000666 https://bugzilla.suse.com/1001361 https://bugzilla.suse.com/1002231 https://bugzilla.suse.com/1003123 https://bugzilla.suse.com/1004454 https://bugzilla.suse.com/1004456 https://bugzilla.suse.com/967894 https://bugzilla.suse.com/969790 https://bugzilla.suse.com/969889 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/973198 https://bugzilla.suse.com/979476 https://bugzilla.suse.com/979664 https://bugzilla.suse.com/980678 https://bugzilla.suse.com/981278 https://bugzilla.suse.com/982347 https://bugzilla.suse.com/983347 https://bugzilla.suse.com/984794 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/986447 https://bugzilla.suse.com/986770 https://bugzilla.suse.com/986796 https://bugzilla.suse.com/987835 https://bugzilla.suse.com/987864 https://bugzilla.suse.com/988196 https://bugzilla.suse.com/988303 https://bugzilla.suse.com/989498 https://bugzilla.suse.com/990202 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990738 https://bugzilla.suse.com/990789 https://bugzilla.suse.com/991440 https://bugzilla.suse.com/992987 https://bugzilla.suse.com/993304 https://bugzilla.suse.com/994305 https://bugzilla.suse.com/994578 https://bugzilla.suse.com/994619 https://bugzilla.suse.com/994623 https://bugzilla.suse.com/995314 https://bugzilla.suse.com/996609 https://bugzilla.suse.com/997243 https://bugzilla.suse.com/998185 https://bugzilla.suse.com/998329 https://bugzilla.suse.com/998380 https://bugzilla.suse.com/998542 https://bugzilla.suse.com/999304 From sle-updates at lists.suse.com Mon Oct 24 10:17:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2016 18:17:32 +0200 (CEST) Subject: SUSE-SU-2016:2618-1: important: Security update for quagga Message-ID: <20161024161732.6C0C7FFC5@maintenance.suse.de> SUSE Security Update: Security update for quagga ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2618-1 Rating: important References: #1005258 Cross-References: CVE-2016-1245 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for quagga fixes the following issue: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code (bsc#1005258). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1537=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1537=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): quagga-debuginfo-0.99.22.1-15.1 quagga-debugsource-0.99.22.1-15.1 quagga-devel-0.99.22.1-15.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): quagga-0.99.22.1-15.1 quagga-debuginfo-0.99.22.1-15.1 quagga-debugsource-0.99.22.1-15.1 References: https://www.suse.com/security/cve/CVE-2016-1245.html https://bugzilla.suse.com/1005258 From sle-updates at lists.suse.com Mon Oct 24 10:17:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2016 18:17:56 +0200 (CEST) Subject: SUSE-RU-2016:2619-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20161024161756.4E01BFFC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2619-1 Rating: moderate References: #1002529 #986447 #990029 #990439 #990440 #990738 #991048 #993039 #993549 #994619 #996455 #998185 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update fixes the following issues: rhnlib: - Add function aliases for backward compatibility (bsc#998185) salt: - Setting up OS grains for SLES-ES (SLES Expanded Support platform) - Move salt home directory to /var/lib/salt (bsc#1002529) - Generate Salt Thin with configured extra modules (bsc#990439) - Prevent pkg.install failure for expired keys (bsc#996455) - Required D-Bus and generating machine ID - Fix python-jinja2 requirements in rhel - Fix pkg.installed refresh repository failure (bsc#993549) - Fix salt.states.pkgrepo.management no change failure (bsc#990440) - Prevent snapper module crash on load if no DBus is available in the system (bsc#993039) - Prevent continuous restart, if a dependency wasn't installed (bsc#991048) - Fix beacon list to include all beacons being process - Run salt-api as user salt like the master (bsc#990029) spacewalk-backend: - Fix for non-integer IDs for bugzilla bug - Silently ignore non-existing errata severity label on errata import, remove non-used exception (bsc#986447) - Make suseLib usable on a proxy spacewalk-client-tools: - Logging message in case of malformed XML file - Prevent crashes if machine-id is None (bsc#994619) - Print invalid package name and replace the invalid character - Ignore packages with not UTF-8 characters in name, version and release (bsc#990738) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201610-12810=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201610-12810=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): rhnlib-2.5.84.3-5.1 salt-2015.8.7-17.1 salt-doc-2015.8.7-17.1 salt-minion-2015.8.7-17.1 spacewalk-backend-libs-2.5.24.6-13.3 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): spacewalk-check-2.5.13.6-17.1 spacewalk-client-setup-2.5.13.6-17.1 spacewalk-client-tools-2.5.13.6-17.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): rhnlib-2.5.84.3-5.1 salt-2015.8.7-17.1 salt-doc-2015.8.7-17.1 salt-minion-2015.8.7-17.1 spacewalk-backend-libs-2.5.24.6-13.3 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): spacewalk-check-2.5.13.6-17.1 spacewalk-client-setup-2.5.13.6-17.1 spacewalk-client-tools-2.5.13.6-17.1 References: https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/986447 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/990738 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/994619 https://bugzilla.suse.com/996455 https://bugzilla.suse.com/998185 From sle-updates at lists.suse.com Mon Oct 24 10:20:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2016 18:20:24 +0200 (CEST) Subject: SUSE-RU-2016:2620-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20161024162024.093B6FFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2620-1 Rating: moderate References: #1002529 #986447 #986978 #990029 #990439 #990440 #990738 #991048 #993039 #993549 #994619 #996455 #998185 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Enabling PXE grub2 support for PowerPC (bsc#986978) rhnlib: - Add function aliases for backward compatibility (bsc#998185) salt: - Setting up OS grains for SLES-ES (SLES Expanded Support platform) - Move salt home directory to /var/lib/salt (bsc#1002529) - Generate Salt Thin with configured extra modules (bsc#990439) - Prevent pkg.install failure for expired keys (bsc#996455) - Required D-Bus and generating machine ID - Fix python-jinja2 requirements in rhel - Fix pkg.installed refresh repository failure (bsc#993549) - Fix salt.states.pkgrepo.management no change failure (bsc#990440) - Prevent snapper module crash on load if no DBus is available in the system (bsc#993039) - Prevent continuous restart, if a dependency wasn't installed (bsc#991048) - Fix beacon list to include all beacons being process - Run salt-api as user salt like the master (bsc#990029) spacewalk-backend: - Fix for non-integer IDs for bugzilla bug - Silently ignore non-existing errata severity label on errata import, remove non-used exception (bsc#986447) - Make suseLib usable on a proxy spacewalk-client-tools: - Logging message in case of malformed XML file - Prevent crashes if machine-id is None (bsc#994619) - Print invalid package name and replace the invalid character - Ignore packages with not UTF-8 characters in name, version and release (bsc#990738) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2016-1533=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (ppc64le s390x x86_64): salt-2015.8.7-17.1 salt-doc-2015.8.7-17.1 salt-minion-2015.8.7-17.1 - SUSE Manager Tools 12 (noarch): koan-2.6.6-39.1 rhnlib-2.5.84.3-14.1 spacewalk-backend-libs-2.5.24.6-40.1 spacewalk-check-2.5.13.6-42.1 spacewalk-client-setup-2.5.13.6-42.1 spacewalk-client-tools-2.5.13.6-42.1 References: https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/986447 https://bugzilla.suse.com/986978 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/990738 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/994619 https://bugzilla.suse.com/996455 https://bugzilla.suse.com/998185 From sle-updates at lists.suse.com Mon Oct 24 10:23:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2016 18:23:06 +0200 (CEST) Subject: SUSE-RU-2016:2621-1: moderate: Recommended update for SUSE Manager Proxy 3.0 Message-ID: <20161024162306.D645EFFC3@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2621-1 Rating: moderate References: #1001361 #1003123 #1004454 #1004456 #980678 #986447 #986770 #989701 #990202 #990738 #992987 #994578 #994619 #996609 #998185 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has 15 recommended fixes can now be installed. Description: This update includes the following new features: - Support for Salt minions via SUSE Manager Proxy - Salt on Expanded Support Platform - Support for SLE12 SP2 product family This update fixes the following issues: rhnlib: - Add function aliases for backward compatibility (bsc#998185) spacewalk-backend: - Fix invalid severity error (bsc#996609) - Fix for non-integer IDs for bugzilla bug - Silently ignore non-existing errata severity label on errata import, remove non-used exception (bsc#986447) - Make suseLib usable on a proxy spacewalk-certs-tools: - Only normalize lists (bsc#1004456) - Call normalize() before add_scsi_info() (bsc#1004456) - Fix traditional bootstrap for RHEL clients (bsc#1003123) - Added the bootstrap repository for RHEL minions when using the bootstrap.sh script (bsc#1001361) - Use init.d where systemd is not available - Salt: do not up2date/remote-mgmt/disable local repository - Only use the first activation key for minions - Add `--salt` option to mgr-bootstrap command to create a bootstrap script which install and configure salt - Terminate registration if hosts aren't found in nsswitch configuration (bsc#992565) - Check only if all required packages are installed (bsc#992987) spacewalk-client-tools: - Logging message in case of malformed XML file - Prevent crashes if machine-id is None (bsc#994619) - Print invalid package name and replace the invalid character - Ignore packages with not UTF-8 characters in name, version and release (bsc#990738) spacewalk-proxy: - Support 'X-Mgr-Auth' headers in proxy for RedHat minions - Fix for Proxy chains: we only use suseLib.accessible when auth token is present - Check for the auth token in HEAD requests - Renaming saltproxy to salt-broker. Using /etc/salt/ and /var/log/salt/ - Make proxy aware of URLs with auth tokens - Salt ZeroMQ proxy service spacewalk-proxy-installer: - Restaring salt-broker service when configure-config.sh finished the setup - Spacewalk-proxy-installer now requires spacewalk-proxy-salt - Configure firewall for saltproxy spacewalk-web: - Support formulas in SUSE Manager - Switched SUSE Manager version to 3.0.1 - Introduce Spark router conventions - Disable strict host key checking per default - Rename "States Catalog" to "State Catalog" in UI - Add TaskoTop to UI - BugFix: use user preferences parameters as default page size (bsc#980678) - Unified table version susemanager-sls: - Only normalize lists (bsc#1004456) - Call normalize() before add_scsi_info() (bsc#1004456) - Fixed bug with numbers in FormulaForm and improved ext_pillar script - Added formula directories and formulas.sls to setup script - External pillar script now also includes formula pillars - Rename symlinks according to changed 'os' grain for Expanded Support - Adding certs states for RHEL minion based on SLES-ES - Rename udevdb scsi info json key - Add support for mapping mainframe sysinfo - Implement isX86() in jinja more correctly - Initial support for querying and saving DMI info - Add support for mapping the devices - Actually handle incoming hardware details - Initial version of the hardware.profileupdate sls - Added pkgset beacon support in susemanager yum plugin - Trust also RES GPG key on all RedHat minions - Trust GPG keys for SUSE Manager Tools channel on RES - Configure bootstrap repository for RES - Always enable salt-minion service while bootstrapping (bsc#990202) - CentOS cert state symlinks and fixes - States for installing certificate on redhat minions - Pkg.list_products only on Suse - Yum plugin to add jwt token as http header - Generate SLE 12 bootstrap repository path correctly (bsc#994578) - Merging top.sls files in base env (bsc#986770) - Watch files instead of require susemanager-tftpsync-recv: - Fix atftp permissions for susemanager proxy (bsc#989701) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2016-1539=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.0 (noarch): rhnlib-2.5.84.3-3.1 spacewalk-backend-2.5.24.6-11.1 spacewalk-backend-libs-2.5.24.6-11.1 spacewalk-base-minimal-2.5.7.10-9.1 spacewalk-base-minimal-config-2.5.7.10-9.1 spacewalk-certs-tools-2.5.1.5-8.1 spacewalk-check-2.5.13.6-11.1 spacewalk-client-setup-2.5.13.6-11.1 spacewalk-client-tools-2.5.13.6-11.1 spacewalk-proxy-broker-2.5.1.3-3.1 spacewalk-proxy-common-2.5.1.3-3.1 spacewalk-proxy-installer-2.5.2.4-3.1 spacewalk-proxy-management-2.5.1.3-3.1 spacewalk-proxy-package-manager-2.5.1.3-3.1 spacewalk-proxy-redirect-2.5.1.3-3.1 spacewalk-proxy-salt-2.5.1.3-3.1 susemanager-sls-0.1.16-11.1 susemanager-tftpsync-recv-3.0.3-3.1 References: https://bugzilla.suse.com/1001361 https://bugzilla.suse.com/1003123 https://bugzilla.suse.com/1004454 https://bugzilla.suse.com/1004456 https://bugzilla.suse.com/980678 https://bugzilla.suse.com/986447 https://bugzilla.suse.com/986770 https://bugzilla.suse.com/989701 https://bugzilla.suse.com/990202 https://bugzilla.suse.com/990738 https://bugzilla.suse.com/992987 https://bugzilla.suse.com/994578 https://bugzilla.suse.com/994619 https://bugzilla.suse.com/996609 https://bugzilla.suse.com/998185 From sle-updates at lists.suse.com Mon Oct 24 16:07:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2016 00:07:57 +0200 (CEST) Subject: SUSE-RU-2016:2622-1: Recommended update for mvapich2 Message-ID: <20161024220757.0D264FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for mvapich2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2622-1 Rating: low References: #939692 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mvapich2 provides the following fixes: - Gracefully handle the case where no devices are found. (bsc#939692) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mvapich2-12814=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mvapich2-12814=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mvapich2-12814=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 x86_64): mvapich2-1.5.1p1-15.1 mvapich2-devel-1.5.1p1-15.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): mvapich2-psm-1.5.1p1-15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 x86_64): mvapich2-debuginfo-1.5.1p1-15.1 mvapich2-debugsource-1.5.1p1-15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): mvapich2-psm-debuginfo-1.5.1p1-15.1 mvapich2-psm-debugsource-1.5.1p1-15.1 References: https://bugzilla.suse.com/939692 From sle-updates at lists.suse.com Tue Oct 25 06:06:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2016 14:06:31 +0200 (CEST) Subject: SUSE-RU-2016:2624-1: Recommended update for kiwi Message-ID: <20161025120631.0F366FFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2624-1 Rating: low References: #1004654 #926651 #963276 #993792 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update provides KIWI v5.05.93, which brings fixes and enhancements: - Don't strip curl alternative binaries from initrd: The last update of curl in SLE11 introduced /usr/bin/curl as a symbolic link. The real binary is /usr/bin/curl.openssl0 or /usr/bin/curl.openssl1. This needs to be taken into account when striping down the initrd by kiwi. (bsc#1004654) - Add missing failsafe entry to elilo.conf: For SLE11 EFI support the elilo wrapper is used, in order to allow elilo to create a grub.cfg with a failsafe entry the elilo template config must provide an image section for it. (bsc#993792) - bootImage: Don't copy initial ram disk content to /run/initramfs: We should avoid copying the initial ram disk content to a tmpfs filesystem, especially on low memory systems. (bsc#963276) - Prefer switch_root over pivot_root. (bsc#963276) - Fixed partition table label for ec2 images: If firmware="ec2" is requested kiwi implicitly set the partition table label to GPT. This leads to a failing boot in EC2. - Prefer packages by priority of repositories, not by architectures. (bsc#926651) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kiwi-12815=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 x86_64): kiwi-5.05.93-9.2 kiwi-desc-isoboot-5.05.93-9.2 kiwi-desc-netboot-5.05.93-9.2 kiwi-desc-oemboot-5.05.93-9.2 kiwi-doc-5.05.93-9.2 kiwi-tools-5.05.93-9.2 References: https://bugzilla.suse.com/1004654 https://bugzilla.suse.com/926651 https://bugzilla.suse.com/963276 https://bugzilla.suse.com/993792 From sle-updates at lists.suse.com Tue Oct 25 12:06:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2016 20:06:38 +0200 (CEST) Subject: SUSE-RU-2016:2626-1: moderate: Recommended update for salt Message-ID: <20161025180638.3DD99FFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2626-1 Rating: moderate References: #1002529 #986019 #990029 #990439 #990440 #991048 #993039 #993549 #996455 Affected Products: SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Add base channel to salt-minion. (bsc#986019) - Setting up OS grains for SLES-ES. (SLES Expanded Support platform) - Move salt home directory to /var/lib/salt. (bsc#1002529) - Generate Salt Thin with configured extra modules. (bsc#990439) - Prevent pkg.install failure for expired keys. (bsc#996455) - Required D-Bus and generating machine ID. - Fix python-jinja2 requirements in rhel. - Fix pkg.installed refresh repository failure. (bsc#993549) - Fix salt.states.pkgrepo.management no change failure. (bsc#990440) - Prevent snapper module crash on load if no DBus is available in the system. (bsc#993039) - Prevent continuous restart, if a dependency wasn't installed. (bsc#991048) - Fix beacon list to include all beacons being process. - Run salt-api as user salt like the master. (bsc#990029) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1542=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2016-1542=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1542=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): salt-2015.8.7-21.2 salt-api-2015.8.7-21.2 salt-doc-2015.8.7-21.2 salt-master-2015.8.7-21.2 salt-minion-2015.8.7-21.2 salt-proxy-2015.8.7-21.2 salt-ssh-2015.8.7-21.2 salt-syndic-2015.8.7-21.2 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2015.8.7-21.2 salt-zsh-completion-2015.8.7-21.2 - SUSE Manager Proxy 3.0 (x86_64): salt-2015.8.7-21.2 salt-api-2015.8.7-21.2 salt-doc-2015.8.7-21.2 salt-master-2015.8.7-21.2 salt-minion-2015.8.7-21.2 salt-proxy-2015.8.7-21.2 salt-ssh-2015.8.7-21.2 salt-syndic-2015.8.7-21.2 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2015.8.7-21.2 salt-zsh-completion-2015.8.7-21.2 - SUSE Enterprise Storage 3 (x86_64): salt-2015.8.7-21.2 salt-master-2015.8.7-21.2 salt-minion-2015.8.7-21.2 References: https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/996455 From sle-updates at lists.suse.com Tue Oct 25 12:08:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2016 20:08:52 +0200 (CEST) Subject: SUSE-SU-2016:2627-1: moderate: Security update for POS_Image3, POS_Server3 Message-ID: <20161025180852.2F4EEFFBA@maintenance.suse.de> SUSE Security Update: Security update for POS_Image3, POS_Server3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2627-1 Rating: moderate References: #1003374 #1003376 #1003383 #840279 #883017 #887607 #889665 #890002 #927232 #944292 #946740 #979925 #985979 #989247 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update provides POS_Image3 and POS_Server3 version 3.5.5, which bring many fixes and enhancements: - Fixed potential security issues (bsc#946740) * use three argument perl open function consistently * use array in perl system call everywhere * use preferably perl built-in functions instead of external shell commands * improved validation of uploaded files from terminals to BS * improved runcmd code used for calling external commands - Auto-registration should not start before dhcpd is ready (bsc#1003383) - Fixed handling of HTTP redirects in registerImages (bsc#1003376) - Fixed handling x86_64 images (bsc#1003374) - Do not limit number of entries for BS LDAP (bsc#985979) - Increase max wait time to 10mins (bsc#989247) - Infer service IP when only one BS NIC is specified in LDAP (bsc#927232) - Fixed regression in directly referenced image in scWorkstation object (bsc#979925) - Fixed handling deltas of compressed images in registerImages (bsc#887607) - Fixed posleases to handle stop event correctly (bsc#883017) - Fixed save_poslogs utility to dump LDAP content on BS (bsc#890002) - Do not configure authoritative DNS outside netmask (bsc#889665) - Add ipHostNumber field to services in posAdmin-GUI (bsc#944292) - Fixed multival modification in posAdmin (bsc#840279) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-POS_Image3-12817=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586 x86_64): POS_Migration-3.5.5-18.1 POS_Server-Admin3-3.5.5-18.1 POS_Server-AdminGUI-3.5.5-18.1 POS_Server-AdminTools3-3.5.5-18.1 POS_Server-BranchTools3-3.5.5-18.1 POS_Server-Modules3-3.5.5-18.1 POS_Server3-3.5.5-18.1 admind-1.9-18.1 admind-client-1.9-18.1 posbios-1.0-18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): POS_Image-Minimal3-3.4.0-18.1 POS_Image-Netboot-hooks-3.4.0-18.1 POS_Image-Tools-3.4.0-18.1 POS_Image3-3.5.5-18.1 References: https://bugzilla.suse.com/1003374 https://bugzilla.suse.com/1003376 https://bugzilla.suse.com/1003383 https://bugzilla.suse.com/840279 https://bugzilla.suse.com/883017 https://bugzilla.suse.com/887607 https://bugzilla.suse.com/889665 https://bugzilla.suse.com/890002 https://bugzilla.suse.com/927232 https://bugzilla.suse.com/944292 https://bugzilla.suse.com/946740 https://bugzilla.suse.com/979925 https://bugzilla.suse.com/985979 https://bugzilla.suse.com/989247 From sle-updates at lists.suse.com Tue Oct 25 12:12:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2016 20:12:29 +0200 (CEST) Subject: SUSE-SU-2016:2628-1: moderate: Security update for kvm Message-ID: <20161025181229.BB4B9FFBA@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2628-1 Rating: moderate References: #902737 #944697 #967012 #967013 #982017 #982018 #982019 #982222 #982223 #982285 #982959 #983961 #983982 #991080 #991466 #996441 Cross-References: CVE-2014-7815 CVE-2015-6815 CVE-2016-2391 CVE-2016-2392 CVE-2016-4453 CVE-2016-4454 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6490 CVE-2016-7116 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: kvm was updated to fix 16 security issues. These security issues were fixed: - CVE-2015-6815: e1000 NIC emulation support was vulnerable to an infinite loop issue. A privileged user inside guest could have used this flaw to crash the Qemu instance resulting in DoS. (bsc#944697). - CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers (bsc#967013). - CVE-2016-2392: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet (bsc#967012). - CVE-2016-4453: The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command (bsc#982223). - CVE-2016-4454: The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read (bsc#982222). - CVE-2016-5105: The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, used an uninitialized variable, which allowed local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982017). - CVE-2016-5106: The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command (bsc#982018). - CVE-2016-5107: The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allowed local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors (bsc#982019). - CVE-2016-5126: Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allowed local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call (bsc#982285). - CVE-2016-5238: The get_cmd function in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode (bsc#982959). - CVE-2016-5337: The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allowed local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information (bsc#983961). - CVE-2016-5338: The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allowed local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer (bsc#983982). - CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion (bsc#991080). - CVE-2016-6490: Infinite loop in the virtio framework. A privileged user inside the guest could have used this flaw to crash the Qemu instance on the host resulting in DoS (bsc#991466). - CVE-2016-7116: Host directory sharing via Plan 9 File System(9pfs) was vulnerable to a directory/path traversal issue. A privileged user inside guest could have used this flaw to access undue files on the host (bsc#996441). - CVE-2014-7815: The set_pixel_format function in ui/vnc.c in QEMU allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value (bsc#902737). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-12816=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-47.1 References: https://www.suse.com/security/cve/CVE-2014-7815.html https://www.suse.com/security/cve/CVE-2015-6815.html https://www.suse.com/security/cve/CVE-2016-2391.html https://www.suse.com/security/cve/CVE-2016-2392.html https://www.suse.com/security/cve/CVE-2016-4453.html https://www.suse.com/security/cve/CVE-2016-4454.html https://www.suse.com/security/cve/CVE-2016-5105.html https://www.suse.com/security/cve/CVE-2016-5106.html https://www.suse.com/security/cve/CVE-2016-5107.html https://www.suse.com/security/cve/CVE-2016-5126.html https://www.suse.com/security/cve/CVE-2016-5238.html https://www.suse.com/security/cve/CVE-2016-5337.html https://www.suse.com/security/cve/CVE-2016-5338.html https://www.suse.com/security/cve/CVE-2016-5403.html https://www.suse.com/security/cve/CVE-2016-6490.html https://www.suse.com/security/cve/CVE-2016-7116.html https://bugzilla.suse.com/902737 https://bugzilla.suse.com/944697 https://bugzilla.suse.com/967012 https://bugzilla.suse.com/967013 https://bugzilla.suse.com/982017 https://bugzilla.suse.com/982018 https://bugzilla.suse.com/982019 https://bugzilla.suse.com/982222 https://bugzilla.suse.com/982223 https://bugzilla.suse.com/982285 https://bugzilla.suse.com/982959 https://bugzilla.suse.com/983961 https://bugzilla.suse.com/983982 https://bugzilla.suse.com/991080 https://bugzilla.suse.com/991466 https://bugzilla.suse.com/996441 From sle-updates at lists.suse.com Tue Oct 25 13:06:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2016 21:06:16 +0200 (CEST) Subject: SUSE-SU-2016:2629-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 Message-ID: <20161025190616.10A7CFFBA@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2629-1 Rating: important References: #1001487 #1004419 Cross-References: CVE-2016-5195 CVE-2016-8666 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_25 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001487). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1546=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_25-default-6-2.1 kgraft-patch-3_12_51-60_25-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://www.suse.com/security/cve/CVE-2016-8666.html https://bugzilla.suse.com/1001487 https://bugzilla.suse.com/1004419 From sle-updates at lists.suse.com Tue Oct 25 13:06:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2016 21:06:49 +0200 (CEST) Subject: SUSE-SU-2016:2630-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 Message-ID: <20161025190649.C05AAFFBC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2630-1 Rating: important References: #1001487 #1004419 Cross-References: CVE-2016-5195 CVE-2016-8666 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-60_20 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001487). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1547=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_20-default-7-2.1 kgraft-patch-3_12_51-60_20-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://www.suse.com/security/cve/CVE-2016-8666.html https://bugzilla.suse.com/1001487 https://bugzilla.suse.com/1004419 From sle-updates at lists.suse.com Tue Oct 25 13:07:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2016 21:07:35 +0200 (CEST) Subject: SUSE-SU-2016:2631-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 Message-ID: <20161025190735.2903AFFBC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2631-1 Rating: important References: #1001487 #1004419 Cross-References: CVE-2016-5195 CVE-2016-8666 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.49-11 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001487). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1545=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_49-11-default-7-20.2 kgraft-patch-3_12_49-11-xen-7-20.2 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://www.suse.com/security/cve/CVE-2016-8666.html https://bugzilla.suse.com/1001487 https://bugzilla.suse.com/1004419 From sle-updates at lists.suse.com Tue Oct 25 19:06:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 03:06:28 +0200 (CEST) Subject: SUSE-SU-2016:2632-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 Message-ID: <20161026010628.C5870F7B8@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2632-1 Rating: important References: #1004418 #986362 Cross-References: CVE-2016-4997 CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-52_34 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986362). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1554=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1554=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_34-default-6-2.1 kgraft-patch-3_12_51-52_34-xen-6-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_34-default-6-2.1 kgraft-patch-3_12_51-52_34-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004418 https://bugzilla.suse.com/986362 From sle-updates at lists.suse.com Tue Oct 25 19:07:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 03:07:21 +0200 (CEST) Subject: SUSE-SU-2016:2633-1: important: Security update for Linux Kernel Live Patch 11 for SLE 12 Message-ID: <20161026010721.8F126FFBC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2633-1 Rating: important References: #1004419 #986377 Cross-References: CVE-2016-4997 CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-52_39 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1548=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1548=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_39-default-5-2.1 kgraft-patch-3_12_51-52_39-xen-5-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_39-default-5-2.1 kgraft-patch-3_12_51-52_39-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004419 https://bugzilla.suse.com/986377 From sle-updates at lists.suse.com Tue Oct 25 19:07:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 03:07:54 +0200 (CEST) Subject: SUSE-SU-2016:2634-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 Message-ID: <20161026010754.D1C00FFBC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2634-1 Rating: important References: #1001487 #1004419 Cross-References: CVE-2016-5195 CVE-2016-8666 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.53-60_30 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001487). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1550=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-5-2.1 kgraft-patch-3_12_53-60_30-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://www.suse.com/security/cve/CVE-2016-8666.html https://bugzilla.suse.com/1001487 https://bugzilla.suse.com/1004419 From sle-updates at lists.suse.com Tue Oct 25 19:08:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 03:08:28 +0200 (CEST) Subject: SUSE-SU-2016:2635-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 Message-ID: <20161026010828.4863BFFBC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2635-1 Rating: important References: #1001487 #1004419 Cross-References: CVE-2016-5195 CVE-2016-8666 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001487). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1549=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-4-2.1 kgraft-patch-3_12_59-60_41-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://www.suse.com/security/cve/CVE-2016-8666.html https://bugzilla.suse.com/1001487 https://bugzilla.suse.com/1004419 From sle-updates at lists.suse.com Tue Oct 25 19:09:01 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 03:09:01 +0200 (CEST) Subject: SUSE-SU-2016:2636-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 Message-ID: <20161026010901.42EEFFFBC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2636-1 Rating: important References: #1004419 #986377 Cross-References: CVE-2016-4997 CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.51-52_31 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1553=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1553=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_31-default-6-5.1 kgraft-patch-3_12_51-52_31-xen-6-5.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_31-default-6-5.1 kgraft-patch-3_12_51-52_31-xen-6-5.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004419 https://bugzilla.suse.com/986377 From sle-updates at lists.suse.com Tue Oct 25 19:09:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 03:09:35 +0200 (CEST) Subject: SUSE-SU-2016:2637-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 Message-ID: <20161026010935.40DDCFFBC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2637-1 Rating: important References: #1001487 #1004419 Cross-References: CVE-2016-5195 CVE-2016-8666 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.59-60_45 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001487). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1552=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-4-2.1 kgraft-patch-3_12_59-60_45-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://www.suse.com/security/cve/CVE-2016-8666.html https://bugzilla.suse.com/1001487 https://bugzilla.suse.com/1004419 From sle-updates at lists.suse.com Tue Oct 25 19:10:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 03:10:08 +0200 (CEST) Subject: SUSE-SU-2016:2638-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 Message-ID: <20161026011008.7A23EFFBC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2638-1 Rating: important References: #1001487 #1004419 Cross-References: CVE-2016-5195 CVE-2016-8666 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.57-60_35 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001487). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1551=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_57-60_35-default-4-2.1 kgraft-patch-3_12_57-60_35-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://www.suse.com/security/cve/CVE-2016-8666.html https://bugzilla.suse.com/1001487 https://bugzilla.suse.com/1004419 From sle-updates at lists.suse.com Wed Oct 26 10:23:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 18:23:49 +0200 (CEST) Subject: SUSE-SU-2016:2650-1: moderate: Security update for libxml2 Message-ID: <20161026162349.0445EFFBB@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2650-1 Rating: moderate References: #1005544 Cross-References: CVE-2016-4658 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following issues: - CVE-2016-4658: Use after free via namespace node in XPointer ranges (bsc#1005544). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1555=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1555=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1555=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libxml2-debugsource-2.9.1-26.3.1 libxml2-devel-2.9.1-26.3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libxml2-2-2.9.1-26.3.1 libxml2-2-debuginfo-2.9.1-26.3.1 libxml2-debugsource-2.9.1-26.3.1 libxml2-tools-2.9.1-26.3.1 libxml2-tools-debuginfo-2.9.1-26.3.1 python-libxml2-2.9.1-26.3.1 python-libxml2-debuginfo-2.9.1-26.3.1 python-libxml2-debugsource-2.9.1-26.3.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libxml2-2-32bit-2.9.1-26.3.1 libxml2-2-debuginfo-32bit-2.9.1-26.3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): libxml2-doc-2.9.1-26.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libxml2-2-2.9.1-26.3.1 libxml2-2-32bit-2.9.1-26.3.1 libxml2-2-debuginfo-2.9.1-26.3.1 libxml2-2-debuginfo-32bit-2.9.1-26.3.1 libxml2-debugsource-2.9.1-26.3.1 libxml2-tools-2.9.1-26.3.1 libxml2-tools-debuginfo-2.9.1-26.3.1 python-libxml2-2.9.1-26.3.1 python-libxml2-debuginfo-2.9.1-26.3.1 python-libxml2-debugsource-2.9.1-26.3.1 References: https://www.suse.com/security/cve/CVE-2016-4658.html https://bugzilla.suse.com/1005544 From sle-updates at lists.suse.com Wed Oct 26 10:25:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 18:25:07 +0200 (CEST) Subject: SUSE-SU-2016:2652-1: moderate: Security update for libxml2 Message-ID: <20161026162507.80C48FFC0@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2652-1 Rating: moderate References: #1005544 Cross-References: CVE-2016-4658 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following issues: - CVE-2016-4658: Use after free via namespace node in XPointer ranges (bsc#1005544). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-12818=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-12818=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-12818=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.50.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.50.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.50.1 libxml2-doc-2.7.6-0.50.1 libxml2-python-2.7.6-0.50.4 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.50.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.50.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.50.1 libxml2-debugsource-2.7.6-0.50.1 libxml2-python-debuginfo-2.7.6-0.50.4 libxml2-python-debugsource-2.7.6-0.50.4 References: https://www.suse.com/security/cve/CVE-2016-4658.html https://bugzilla.suse.com/1005544 From sle-updates at lists.suse.com Wed Oct 26 10:25:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 18:25:39 +0200 (CEST) Subject: SUSE-SU-2016:2653-1: moderate: Security update for python3 Message-ID: <20161026162539.BD481FFC0@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2653-1 Rating: moderate References: #951166 #983582 #984751 #985177 #985348 #989523 #991069 Cross-References: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed: - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177) - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348) The update also includes the following non-security fixes: - Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (bsc#951166) - Make urllib proxy var handling behave as usual on POSIX. (bsc#983582) For a comprehensive list of changes please refer to the upstream change log: https://docs.python.org/3.4/whatsnew/changelog.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1558=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1558=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1558=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1558=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): python3-base-debuginfo-3.4.5-17.1 python3-base-debugsource-3.4.5-17.1 python3-devel-3.4.5-17.1 python3-devel-debuginfo-3.4.5-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpython3_4m1_0-3.4.5-17.1 libpython3_4m1_0-debuginfo-3.4.5-17.1 python3-3.4.5-17.1 python3-base-3.4.5-17.1 python3-base-debuginfo-3.4.5-17.1 python3-base-debugsource-3.4.5-17.1 python3-debuginfo-3.4.5-17.1 python3-debugsource-3.4.5-17.1 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): libpython3_4m1_0-3.4.5-17.1 libpython3_4m1_0-debuginfo-3.4.5-17.1 python3-3.4.5-17.1 python3-base-3.4.5-17.1 python3-base-debuginfo-3.4.5-17.1 python3-base-debugsource-3.4.5-17.1 python3-debuginfo-3.4.5-17.1 python3-debugsource-3.4.5-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libpython3_4m1_0-3.4.5-17.1 libpython3_4m1_0-debuginfo-3.4.5-17.1 python3-3.4.5-17.1 python3-base-3.4.5-17.1 python3-base-debuginfo-3.4.5-17.1 python3-base-debugsource-3.4.5-17.1 python3-debuginfo-3.4.5-17.1 python3-debugsource-3.4.5-17.1 References: https://www.suse.com/security/cve/CVE-2016-0772.html https://www.suse.com/security/cve/CVE-2016-1000110.html https://www.suse.com/security/cve/CVE-2016-5636.html https://www.suse.com/security/cve/CVE-2016-5699.html https://bugzilla.suse.com/951166 https://bugzilla.suse.com/983582 https://bugzilla.suse.com/984751 https://bugzilla.suse.com/985177 https://bugzilla.suse.com/985348 https://bugzilla.suse.com/989523 https://bugzilla.suse.com/991069 From sle-updates at lists.suse.com Wed Oct 26 10:27:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 18:27:16 +0200 (CEST) Subject: SUSE-SU-2016:2654-1: moderate: Security update for ghostscript Message-ID: <20161026162716.949D7FFC0@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2654-1 Rating: moderate References: #1004237 Cross-References: CVE-2016-8602 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issues: - CVE-2016-8602: Insufficient parameter check in .sethalftone5 (bsc#1004237). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1557=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1557=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1557=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ghostscript-debuginfo-9.15-14.1 ghostscript-debugsource-9.15-14.1 ghostscript-devel-9.15-14.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ghostscript-9.15-14.1 ghostscript-debuginfo-9.15-14.1 ghostscript-debugsource-9.15-14.1 ghostscript-x11-9.15-14.1 ghostscript-x11-debuginfo-9.15-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ghostscript-9.15-14.1 ghostscript-debuginfo-9.15-14.1 ghostscript-debugsource-9.15-14.1 ghostscript-x11-9.15-14.1 ghostscript-x11-debuginfo-9.15-14.1 References: https://www.suse.com/security/cve/CVE-2016-8602.html https://bugzilla.suse.com/1004237 From sle-updates at lists.suse.com Wed Oct 26 12:06:25 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 20:06:25 +0200 (CEST) Subject: SUSE-SU-2016:2655-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 Message-ID: <20161026180625.27A31FFC1@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2655-1 Rating: important References: #1004419 #986377 Cross-References: CVE-2016-4997 CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1559=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1559=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_42-default-3-2.1 kgraft-patch-3_12_55-52_42-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_42-default-3-2.1 kgraft-patch-3_12_55-52_42-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004419 https://bugzilla.suse.com/986377 From sle-updates at lists.suse.com Wed Oct 26 13:06:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2016 21:06:14 +0200 (CEST) Subject: SUSE-RU-2016:2656-1: moderate: Recommended update for multipath-tools Message-ID: <20161026190614.A0223FFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2656-1 Rating: moderate References: #979280 #980933 #983167 #991432 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for multipath-tools provides the following fixes: - Add 'wwn' and 'serial' keywords to weightedpath prioritizer. (bsc#991432) - Update multipath.rules to deal with partition devices. (bsc#979280) - Avoid potential memory overflow allocating polls in uxlsnr. - Correctly zero out cookie in libmultipath's dm_simplecmd. - Ensure multipathd enters IDLE mode before sleeping in checkerloop(). - Prevent multipathd from accessing configuration in IDLE mode. - Fix loss of the complete multipath map after single path loss. (bsc#980933) - Fix systemd build requirements. (bsc#983167) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1560=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1560=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1560=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): multipath-tools-debuginfo-0.5.0-55.1 multipath-tools-debugsource-0.5.0-55.1 multipath-tools-devel-0.5.0-55.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kpartx-0.5.0-55.1 kpartx-debuginfo-0.5.0-55.1 multipath-tools-0.5.0-55.1 multipath-tools-debuginfo-0.5.0-55.1 multipath-tools-debugsource-0.5.0-55.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kpartx-0.5.0-55.1 kpartx-debuginfo-0.5.0-55.1 multipath-tools-0.5.0-55.1 multipath-tools-debuginfo-0.5.0-55.1 multipath-tools-debugsource-0.5.0-55.1 References: https://bugzilla.suse.com/979280 https://bugzilla.suse.com/980933 https://bugzilla.suse.com/983167 https://bugzilla.suse.com/991432 From sle-updates at lists.suse.com Wed Oct 26 17:06:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2016 01:06:18 +0200 (CEST) Subject: SUSE-SU-2016:2657-1: important: Security update for Linux Kernel Live Patch 15 for SLE 12 Message-ID: <20161026230618.AD2DBFFC0@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2657-1 Rating: important References: #1004419 Cross-References: CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1562=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1562=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_54-default-3-2.1 kgraft-patch-3_12_60-52_54-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_54-default-3-2.1 kgraft-patch-3_12_60-52_54-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004419 From sle-updates at lists.suse.com Wed Oct 26 17:06:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2016 01:06:43 +0200 (CEST) Subject: SUSE-SU-2016:2658-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 Message-ID: <20161026230643.67639FFBC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2658-1 Rating: important References: #1004419 #986377 Cross-References: CVE-2016-4997 CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1561=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1561=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_49-default-3-2.1 kgraft-patch-3_12_60-52_49-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_49-default-3-2.1 kgraft-patch-3_12_60-52_49-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004419 https://bugzilla.suse.com/986377 From sle-updates at lists.suse.com Wed Oct 26 17:07:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2016 01:07:16 +0200 (CEST) Subject: SUSE-SU-2016:2659-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 Message-ID: <20161026230716.B3B77FFBC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2659-1 Rating: important References: #1004419 #986377 Cross-References: CVE-2016-4997 CVE-2016-5195 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986377). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1563=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1563=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_45-default-3-2.1 kgraft-patch-3_12_55-52_45-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_45-default-3-2.1 kgraft-patch-3_12_55-52_45-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-5195.html https://bugzilla.suse.com/1004419 https://bugzilla.suse.com/986377 From sle-updates at lists.suse.com Thu Oct 27 08:06:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2016 16:06:33 +0200 (CEST) Subject: SUSE-RU-2016:2660-1: moderate: Recommended update for smt Message-ID: <20161027140633.A31A3FFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2660-1 Rating: moderate References: #1004055 #970608 #987559 #996240 #996517 #996519 #998128 #999051 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for smt fixes the following issues: - Show correct Repository ID in smt-repos verbose output (bsc#1004055) - Translate hardware data from NCC to SCC format. (bsc#998128) - Adapt EULA Url for products not hosted on SCC. (bsc#970608) - Fix and check product ids during setup custom repositories. (bsc#996517) - Fix removing custom repository. (bsc#996517) - Support adding products to existing custom repository. (bsc#996517, bsc#996519) - Improve no_proxy handling in SMT. (bsc#996240) - Log repositories missing for migration. (bsc#999051) - Added missing reference for bsc#987559 to the changelog. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-smt-12819=1 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64): res-signingkeys-2.0.26-38.1 smt-2.0.26-38.1 smt-support-2.0.26-38.1 References: https://bugzilla.suse.com/1004055 https://bugzilla.suse.com/970608 https://bugzilla.suse.com/987559 https://bugzilla.suse.com/996240 https://bugzilla.suse.com/996517 https://bugzilla.suse.com/996519 https://bugzilla.suse.com/998128 https://bugzilla.suse.com/999051 From sle-updates at lists.suse.com Thu Oct 27 08:08:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2016 16:08:17 +0200 (CEST) Subject: SUSE-SU-2016:2661-1: moderate: Security update for openslp Message-ID: <20161027140817.09576FFBA@maintenance.suse.de> SUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2661-1 Rating: moderate References: #1001600 #974655 #980722 #994989 Cross-References: CVE-2016-4912 CVE-2016-7567 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for openslp fixes two security issues and two bugs. The following vulnerabilities were fixed: - CVE-2016-4912: A remote attacker could have crashed the server with a large number of packages (bsc#980722) - CVE-2016-7567: A remote attacker could cause a memory corruption having unspecified impact (bsc#1001600) The following bugfix changes are included: - bsc#994989: Removed convenience code as changes bytes in the message buffer breaking the verification code - bsc#974655: Removed no longer needed slpd init file Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1565=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1565=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1565=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): openslp-debuginfo-2.0.0-17.1 openslp-debugsource-2.0.0-17.1 openslp-devel-2.0.0-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openslp-2.0.0-17.1 openslp-debuginfo-2.0.0-17.1 openslp-debugsource-2.0.0-17.1 openslp-server-2.0.0-17.1 openslp-server-debuginfo-2.0.0-17.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): openslp-32bit-2.0.0-17.1 openslp-debuginfo-32bit-2.0.0-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): openslp-2.0.0-17.1 openslp-32bit-2.0.0-17.1 openslp-debuginfo-2.0.0-17.1 openslp-debuginfo-32bit-2.0.0-17.1 openslp-debugsource-2.0.0-17.1 References: https://www.suse.com/security/cve/CVE-2016-4912.html https://www.suse.com/security/cve/CVE-2016-7567.html https://bugzilla.suse.com/1001600 https://bugzilla.suse.com/974655 https://bugzilla.suse.com/980722 https://bugzilla.suse.com/994989 From sle-updates at lists.suse.com Thu Oct 27 10:06:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2016 18:06:56 +0200 (CEST) Subject: SUSE-SU-2016:2662-1: critical: Security update for flash-player Message-ID: <20161027160656.75D65FFBA@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2662-1 Rating: critical References: #1007098 Cross-References: CVE-2016-7855 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for flash-player to version 11.2.202.643 fixes one security issue. This security issue was fixed: - CVE-2016-7855: Use-after-free vulnerability that could lead to code execution (bsc#1007098). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1566=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1566=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.643-146.1 flash-player-gnome-11.2.202.643-146.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.643-146.1 flash-player-gnome-11.2.202.643-146.1 References: https://www.suse.com/security/cve/CVE-2016-7855.html https://bugzilla.suse.com/1007098 From sle-updates at lists.suse.com Thu Oct 27 13:06:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2016 21:06:39 +0200 (CEST) Subject: SUSE-RU-2016:2664-1: Recommended update for the SUSE Manager 3.0 release notes Message-ID: <20161027190639.6D3F6FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 3.0 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2664-1 Rating: low References: #969889 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: SUSE Manager 3.0 Release Notes have been updated to document: - New features: + Changed versioning scheme + Salt minions via SUSE Manager Proxy + Salt on Expanded Support (and RHEL) platform + Skipping a service pack during SP migration + New API call: listMigrationTargets + taskotop web UI + New documentation sections - New products: + SLE 12 SP2 product family - Bugs fixed by latest updates: bsc#967894, bsc#969790, bsc#969889, bsc#971372, bsc#973198 bsc#979476, bsc#979664, bsc#980678, bsc#981278, bsc#984794 bsc#986019, bsc#986447, bsc#986770, bsc#986796, bsc#987835 bsc#987864, bsc#988196, bsc#988303, bsc#989498, bsc#990029 bsc#990202, bsc#990439, bsc#990440, bsc#990738, bsc#990789 bsc#991048, bsc#991440, bsc#992565, bsc#992987, bsc#993039 bsc#993549, bsc#994305, bsc#994578, bsc#994619, bsc#994623 bsc#995314, bsc#996455, bsc#997243, bsc#998185, bsc#998329 bsc#998380, bsc#998542, bsc#999304, bsc#1000666, bsc#1001361 bsc#1002231, bsc#1002529, bsc#1003123 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2016-1568=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): release-notes-susemanager-3.0.1-0.40.1 References: https://bugzilla.suse.com/969889 From sle-updates at lists.suse.com Fri Oct 28 10:07:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2016 18:07:21 +0200 (CEST) Subject: SUSE-SU-2016:2667-1: moderate: Security update for ImageMagick Message-ID: <20161028160721.1CD2DFFC0@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2667-1 Rating: moderate References: #1000394 #1000399 #1000434 #1000436 #1000686 #1000688 #1000689 #1000690 #1000691 #1000692 #1000693 #1000694 #1000695 #1000696 #1000697 #1000698 #1000699 #1000700 #1000701 #1000702 #1000703 #1000704 #1000706 #1000707 #1000708 #1000709 #1000711 #1000712 #1000713 #1000714 #1000715 #1001066 #1001221 #1002206 #1002209 #1002421 #1002422 #1003629 #1005123 #1005125 #1005127 #1005328 Cross-References: CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8677 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 41 vulnerabilities and has one errata is now available. Description: This update for ImageMagick fixes the following issues: These vulnerabilities could be triggered by processing specially crafted image files, which could lead to a process crash or resource consumtion, or potentially have unspecified futher impact. - CVE-2016-8684: Mismatch between real filesize and header values (bsc#1005123) - CVE-2016-8683: Check that filesize is reasonable compared to the header value (bsc#1005127) - CVE-2016-8682: Stack-buffer read overflow while reading SCT header (bsc#1005125) - CVE-2016-8677: Memory allocation failure in AcquireQuantumPixels (bsc#1005328) - CVE-2016-7996, CVE-2016-7997: WPG Reader Issues (bsc#1003629) - CVE-2016-7800: 8BIM/8BIMW unsigned underflow leads to heap overflow (bsc#1002422) - CVE-2016-7799: mogrify global buffer overflow (bsc#1002421) - CVE-2016-7540: writing to RGF format aborts (bsc#1000394) - CVE-2016-7539: Potential DOS by not releasing memory (bsc#1000715) - CVE-2016-7538: SIGABRT for corrupted pdb file (bsc#1000712) - CVE-2016-7537: Out of bound access for corrupted pdb file (bsc#1000711) - CVE-2016-7535: Out of bound access for corrupted psd file (bsc#1000709) - CVE-2016-7534: Out of bound access in generic decoder (bsc#1000708) - CVE-2016-7533: Wpg file out of bound for corrupted file (bsc#1000707) - CVE-2016-7532: fix handling of corrupted psd file (bsc#1000706) - CVE-2016-7531: Pbd file out of bound access (bsc#1000704) - CVE-2016-7530: Out of bound in quantum handling (bsc#1000703) - CVE-2016-7529: Out-of-bound in quantum handling (bsc#1000399) - CVE-2016-7528: Out-of-bound access in xcf file coder (bsc#1000434) - CVE-2016-7527: Out-of-bound access in wpg file coder: (bsc#1000436) - CVE-2016-7526: out-of-bounds write in ./MagickCore/pixel-accessor.h (bsc#1000702) - CVE-2016-7525: Heap buffer overflow in psd file coder (bsc#1000701) - CVE-2016-7524: AddressSanitizer:heap-buffer-overflow READ of size 1 in meta.c:465 (bsc#1000700) - CVE-2016-7523: AddressSanitizer:heap-buffer-overflow READ of size 1 meta.c:496 (bsc#1000699) - CVE-2016-7522: Out of bound access for malformed psd file (bsc#1000698) - CVE-2016-7521: Heap buffer overflow in psd file handling (bsc#1000697) - CVE-2016-7520: Heap overflow in hdr file handling (bsc#1000696) - CVE-2016-7519: Out-of-bounds read in coders/rle.c (bsc#1000695) - CVE-2016-7518: Out-of-bounds read in coders/sun.c (bsc#1000694) - CVE-2016-7517: Out-of-bounds read in coders/pict.c (bsc#1000693) - CVE-2016-7516: Out-of-bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2016-7515: Rle file handling for corrupted file (bsc#1000689) - CVE-2016-7514: Out-of-bounds read in coders/psd.c (bsc#1000688) - CVE-2016-7513: Off-by-one error leading to segfault (bsc#1000686) - CVE-2016-7101: raphicsMagick: SGI Coder Out-Of-Bounds Read Vulnerability (bsc#1001221) - CVE-2016-6823: raphicsMagick: BMP Coder Out-Of-Bounds Write Vulnerability (bsc#1001066) - CVE-2015-8959: dOS due to corrupted DDS files (bsc#1000713) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - CVE-2014-9907: DOS due to corrupted DDS files (bsc#1000714) - Buffer overflows in SIXEL, PDB, MAP, and TIFF coders (bsc#1002209) - Divide by zero in WriteTIFFImage (bsc#1002206) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1572=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1572=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1572=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1572=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): ImageMagick-6.8.8.1-40.1 ImageMagick-debuginfo-6.8.8.1-40.1 ImageMagick-debugsource-6.8.8.1-40.1 libMagick++-6_Q16-3-6.8.8.1-40.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-40.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-40.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-40.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ImageMagick-6.8.8.1-40.1 ImageMagick-debuginfo-6.8.8.1-40.1 ImageMagick-debugsource-6.8.8.1-40.1 ImageMagick-devel-6.8.8.1-40.1 libMagick++-6_Q16-3-6.8.8.1-40.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-40.1 libMagick++-devel-6.8.8.1-40.1 perl-PerlMagick-6.8.8.1-40.1 perl-PerlMagick-debuginfo-6.8.8.1-40.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-40.1 ImageMagick-debugsource-6.8.8.1-40.1 libMagickCore-6_Q16-1-6.8.8.1-40.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-40.1 libMagickWand-6_Q16-1-6.8.8.1-40.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-40.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ImageMagick-6.8.8.1-40.1 ImageMagick-debuginfo-6.8.8.1-40.1 ImageMagick-debugsource-6.8.8.1-40.1 libMagick++-6_Q16-3-6.8.8.1-40.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-40.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-40.1 libMagickCore-6_Q16-1-6.8.8.1-40.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-40.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-40.1 libMagickWand-6_Q16-1-6.8.8.1-40.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-40.1 References: https://www.suse.com/security/cve/CVE-2014-9907.html https://www.suse.com/security/cve/CVE-2015-8957.html https://www.suse.com/security/cve/CVE-2015-8958.html https://www.suse.com/security/cve/CVE-2015-8959.html https://www.suse.com/security/cve/CVE-2016-6823.html https://www.suse.com/security/cve/CVE-2016-7101.html https://www.suse.com/security/cve/CVE-2016-7513.html https://www.suse.com/security/cve/CVE-2016-7514.html https://www.suse.com/security/cve/CVE-2016-7515.html https://www.suse.com/security/cve/CVE-2016-7516.html https://www.suse.com/security/cve/CVE-2016-7517.html https://www.suse.com/security/cve/CVE-2016-7518.html https://www.suse.com/security/cve/CVE-2016-7519.html https://www.suse.com/security/cve/CVE-2016-7520.html https://www.suse.com/security/cve/CVE-2016-7521.html https://www.suse.com/security/cve/CVE-2016-7522.html https://www.suse.com/security/cve/CVE-2016-7523.html https://www.suse.com/security/cve/CVE-2016-7524.html https://www.suse.com/security/cve/CVE-2016-7525.html https://www.suse.com/security/cve/CVE-2016-7526.html https://www.suse.com/security/cve/CVE-2016-7527.html https://www.suse.com/security/cve/CVE-2016-7528.html https://www.suse.com/security/cve/CVE-2016-7529.html https://www.suse.com/security/cve/CVE-2016-7530.html https://www.suse.com/security/cve/CVE-2016-7531.html https://www.suse.com/security/cve/CVE-2016-7532.html https://www.suse.com/security/cve/CVE-2016-7533.html https://www.suse.com/security/cve/CVE-2016-7534.html https://www.suse.com/security/cve/CVE-2016-7535.html https://www.suse.com/security/cve/CVE-2016-7537.html https://www.suse.com/security/cve/CVE-2016-7538.html https://www.suse.com/security/cve/CVE-2016-7539.html https://www.suse.com/security/cve/CVE-2016-7540.html https://www.suse.com/security/cve/CVE-2016-7799.html https://www.suse.com/security/cve/CVE-2016-7800.html https://www.suse.com/security/cve/CVE-2016-7996.html https://www.suse.com/security/cve/CVE-2016-7997.html https://www.suse.com/security/cve/CVE-2016-8677.html https://www.suse.com/security/cve/CVE-2016-8682.html https://www.suse.com/security/cve/CVE-2016-8683.html https://www.suse.com/security/cve/CVE-2016-8684.html https://bugzilla.suse.com/1000394 https://bugzilla.suse.com/1000399 https://bugzilla.suse.com/1000434 https://bugzilla.suse.com/1000436 https://bugzilla.suse.com/1000686 https://bugzilla.suse.com/1000688 https://bugzilla.suse.com/1000689 https://bugzilla.suse.com/1000690 https://bugzilla.suse.com/1000691 https://bugzilla.suse.com/1000692 https://bugzilla.suse.com/1000693 https://bugzilla.suse.com/1000694 https://bugzilla.suse.com/1000695 https://bugzilla.suse.com/1000696 https://bugzilla.suse.com/1000697 https://bugzilla.suse.com/1000698 https://bugzilla.suse.com/1000699 https://bugzilla.suse.com/1000700 https://bugzilla.suse.com/1000701 https://bugzilla.suse.com/1000702 https://bugzilla.suse.com/1000703 https://bugzilla.suse.com/1000704 https://bugzilla.suse.com/1000706 https://bugzilla.suse.com/1000707 https://bugzilla.suse.com/1000708 https://bugzilla.suse.com/1000709 https://bugzilla.suse.com/1000711 https://bugzilla.suse.com/1000712 https://bugzilla.suse.com/1000713 https://bugzilla.suse.com/1000714 https://bugzilla.suse.com/1000715 https://bugzilla.suse.com/1001066 https://bugzilla.suse.com/1001221 https://bugzilla.suse.com/1002206 https://bugzilla.suse.com/1002209 https://bugzilla.suse.com/1002421 https://bugzilla.suse.com/1002422 https://bugzilla.suse.com/1003629 https://bugzilla.suse.com/1005123 https://bugzilla.suse.com/1005125 https://bugzilla.suse.com/1005127 https://bugzilla.suse.com/1005328 From sle-updates at lists.suse.com Fri Oct 28 10:13:38 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2016 18:13:38 +0200 (CEST) Subject: SUSE-SU-2016:2668-1: important: Security update for gd Message-ID: <20161028161338.DD53DFFC0@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2668-1 Rating: important References: #1001900 #1004924 #1005274 Cross-References: CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gd fixes the following security issues: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp (bsc#1001900) - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1571=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1571=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1571=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1571=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gd-32bit-2.1.0-17.1 gd-debuginfo-32bit-2.1.0-17.1 gd-debugsource-2.1.0-17.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gd-debuginfo-2.1.0-17.1 gd-debugsource-2.1.0-17.1 gd-devel-2.1.0-17.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gd-2.1.0-17.1 gd-debuginfo-2.1.0-17.1 gd-debugsource-2.1.0-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gd-2.1.0-17.1 gd-32bit-2.1.0-17.1 gd-debuginfo-2.1.0-17.1 gd-debuginfo-32bit-2.1.0-17.1 gd-debugsource-2.1.0-17.1 References: https://www.suse.com/security/cve/CVE-2016-6911.html https://www.suse.com/security/cve/CVE-2016-7568.html https://www.suse.com/security/cve/CVE-2016-8670.html https://bugzilla.suse.com/1001900 https://bugzilla.suse.com/1004924 https://bugzilla.suse.com/1005274 From sle-updates at lists.suse.com Fri Oct 28 10:14:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2016 18:14:21 +0200 (CEST) Subject: SUSE-RU-2016:2669-1: Recommended update for ses-manual_en Message-ID: <20161028161421.14C0FFFC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2669-1 Rating: low References: #1005300 #967390 #968067 #968290 #969836 #970104 #974472 #974624 #977187 #977556 #978075 #979380 #980594 #981027 #981611 #981617 #981642 #981756 #981758 #981951 #982284 #982475 #982496 #982497 #982512 #982563 #982607 #982707 #982713 #982995 #983018 #985047 #986037 #987992 #988038 #992019 #993820 #995332 #995561 #995768 #996978 #997051 Affected Products: SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has 42 recommended fixes can now be installed. Description: The Administration and Deployment Guide for SUSE Enterprise Storage 3 has been updated to document: - Improved the procedure to set up hot-storage and cold-storage. - Added a command to install Ceph on the MDS server. - Added a tip referring to more information about using existing partitions for OSDs. - Mixing installation methods is not supported. - Format 1 is no longer the default (in favor of the format 2) when creating RBD volumes. - Added note about increasing the ruleset number to "Rule Sets" section. - Stressed the need for SUSE Enterprise Storage 3 repository before installing 'ses-upgrade-helper'. - Included info on the deprecated 'rgw_region_root_pool' option. - Specified which clients are able to migrate to optimal tunables. - Added new "iSCSI Gateways Upgrade" section. - Added new "Mixed SSDs and HDDs on the Same Node" section. - Improved "Upgrade from SUSE Enterprise Storage 2.1 to 3" chapter. - Updated "Minimal Recommendations per Storage Node". - Fixed support information on snapshot cloning in "Layering" section. - Improved 'bucket' explanation in "Buckets" section. - Clarified non-mixing workload phrase in "Minimal Recommendations per Monitor Node". - Updated RAM requirement for OSDs in "Minimal Recommendations per Storage Node". - Fixed 'hit_set_count' default value in "Operating Pools" section. - Fixed and improved 'ceph-deploy' command line. - Updated several places to match the current Ceph release. - In "Operating Pools" added (explanation) of the following poll parameters: hashpspool, expected_num_objects, cache_target_dirty_high_ratio, hit_set_grade_decay_rate, hit_set_grade_search_last_n, fast_read, scrub_min_interval, scrub_max_interval, deep_scrub_interval, nodelete, nopgchange, nosizechange, noscrub, nodeep-scrub. - Added "How to Use Existing Partitions for OSDs Including OSD Journals" to "Disk Management Best Practices". - Added software pattern selection screens to "Preparing Each Ceph Node" section. - Removed RAID recommendations for OSD disks placement. - Updated the default set of CRUSH map's buckets in "Buckets" section. - Removed 'data' and 'metadata' pools, no longer the default. - Fixed trademarked 3rd party products names and replaced with entities. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1569=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 3 (noarch): ses-admin_en-pdf-3-14.1 ses-manual_en-3-14.1 References: https://bugzilla.suse.com/1005300 https://bugzilla.suse.com/967390 https://bugzilla.suse.com/968067 https://bugzilla.suse.com/968290 https://bugzilla.suse.com/969836 https://bugzilla.suse.com/970104 https://bugzilla.suse.com/974472 https://bugzilla.suse.com/974624 https://bugzilla.suse.com/977187 https://bugzilla.suse.com/977556 https://bugzilla.suse.com/978075 https://bugzilla.suse.com/979380 https://bugzilla.suse.com/980594 https://bugzilla.suse.com/981027 https://bugzilla.suse.com/981611 https://bugzilla.suse.com/981617 https://bugzilla.suse.com/981642 https://bugzilla.suse.com/981756 https://bugzilla.suse.com/981758 https://bugzilla.suse.com/981951 https://bugzilla.suse.com/982284 https://bugzilla.suse.com/982475 https://bugzilla.suse.com/982496 https://bugzilla.suse.com/982497 https://bugzilla.suse.com/982512 https://bugzilla.suse.com/982563 https://bugzilla.suse.com/982607 https://bugzilla.suse.com/982707 https://bugzilla.suse.com/982713 https://bugzilla.suse.com/982995 https://bugzilla.suse.com/983018 https://bugzilla.suse.com/985047 https://bugzilla.suse.com/986037 https://bugzilla.suse.com/987992 https://bugzilla.suse.com/988038 https://bugzilla.suse.com/992019 https://bugzilla.suse.com/993820 https://bugzilla.suse.com/995332 https://bugzilla.suse.com/995561 https://bugzilla.suse.com/995768 https://bugzilla.suse.com/996978 https://bugzilla.suse.com/997051 From sle-updates at lists.suse.com Fri Oct 28 10:21:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2016 18:21:22 +0200 (CEST) Subject: SUSE-SU-2016:2670-1: moderate: Security update for gd Message-ID: <20161028162122.98AB6FFBB@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2670-1 Rating: moderate References: #1004924 #1005274 Cross-References: CVE-2016-6911 CVE-2016-8670 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gd fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gd-12820=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gd-12820=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gd-12820=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-devel-2.0.36.RC1-52.25.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-2.0.36.RC1-52.25.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-debuginfo-2.0.36.RC1-52.25.1 gd-debugsource-2.0.36.RC1-52.25.1 References: https://www.suse.com/security/cve/CVE-2016-6911.html https://www.suse.com/security/cve/CVE-2016-8670.html https://bugzilla.suse.com/1004924 https://bugzilla.suse.com/1005274 From sle-updates at lists.suse.com Mon Oct 31 04:08:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2016 11:08:36 +0100 (CET) Subject: SUSE-SU-2016:2673-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 Message-ID: <20161031100836.7E3E9FFBA@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2673-1 Rating: important References: #1001486 #1001487 #1004419 Cross-References: CVE-2016-5195 CVE-2016-8666 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.62-60_62 fixes several issues. The following security bugs were fixed: - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004419). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001486). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1574=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_62-default-3-5.1 kgraft-patch-3_12_62-60_62-xen-3-5.1 References: https://www.suse.com/security/cve/CVE-2016-5195.html https://www.suse.com/security/cve/CVE-2016-8666.html https://bugzilla.suse.com/1001486 https://bugzilla.suse.com/1001487 https://bugzilla.suse.com/1004419 From sle-updates at lists.suse.com Mon Oct 31 04:09:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2016 11:09:23 +0100 (CET) Subject: SUSE-SU-2016:2674-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 Message-ID: <20161031100923.773B0FFBC@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2674-1 Rating: important References: #1001487 #991667 Cross-References: CVE-2016-6480 CVE-2016-8666 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues. The following security bugs were fixed: - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001487). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1573=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_64_8-default-2-2.1 kgraft-patch-3_12_62-60_64_8-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-6480.html https://www.suse.com/security/cve/CVE-2016-8666.html https://bugzilla.suse.com/1001487 https://bugzilla.suse.com/991667 From sle-updates at lists.suse.com Mon Oct 31 05:08:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2016 12:08:03 +0100 (CET) Subject: SUSE-SU-2016:2681-1: moderate: Security update for php53 Message-ID: <20161031110803.26307FFBC@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2681-1 Rating: moderate References: #1004924 #1005274 Cross-References: CVE-2016-6911 CVE-2016-8670 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php53 fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12821=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12821=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12821=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-87.1 php53-imap-5.3.17-87.1 php53-posix-5.3.17-87.1 php53-readline-5.3.17-87.1 php53-sockets-5.3.17-87.1 php53-sqlite-5.3.17-87.1 php53-tidy-5.3.17-87.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-87.1 php53-5.3.17-87.1 php53-bcmath-5.3.17-87.1 php53-bz2-5.3.17-87.1 php53-calendar-5.3.17-87.1 php53-ctype-5.3.17-87.1 php53-curl-5.3.17-87.1 php53-dba-5.3.17-87.1 php53-dom-5.3.17-87.1 php53-exif-5.3.17-87.1 php53-fastcgi-5.3.17-87.1 php53-fileinfo-5.3.17-87.1 php53-ftp-5.3.17-87.1 php53-gd-5.3.17-87.1 php53-gettext-5.3.17-87.1 php53-gmp-5.3.17-87.1 php53-iconv-5.3.17-87.1 php53-intl-5.3.17-87.1 php53-json-5.3.17-87.1 php53-ldap-5.3.17-87.1 php53-mbstring-5.3.17-87.1 php53-mcrypt-5.3.17-87.1 php53-mysql-5.3.17-87.1 php53-odbc-5.3.17-87.1 php53-openssl-5.3.17-87.1 php53-pcntl-5.3.17-87.1 php53-pdo-5.3.17-87.1 php53-pear-5.3.17-87.1 php53-pgsql-5.3.17-87.1 php53-pspell-5.3.17-87.1 php53-shmop-5.3.17-87.1 php53-snmp-5.3.17-87.1 php53-soap-5.3.17-87.1 php53-suhosin-5.3.17-87.1 php53-sysvmsg-5.3.17-87.1 php53-sysvsem-5.3.17-87.1 php53-sysvshm-5.3.17-87.1 php53-tokenizer-5.3.17-87.1 php53-wddx-5.3.17-87.1 php53-xmlreader-5.3.17-87.1 php53-xmlrpc-5.3.17-87.1 php53-xmlwriter-5.3.17-87.1 php53-xsl-5.3.17-87.1 php53-zip-5.3.17-87.1 php53-zlib-5.3.17-87.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-87.1 php53-debugsource-5.3.17-87.1 References: https://www.suse.com/security/cve/CVE-2016-6911.html https://www.suse.com/security/cve/CVE-2016-8670.html https://bugzilla.suse.com/1004924 https://bugzilla.suse.com/1005274 From sle-updates at lists.suse.com Mon Oct 31 05:09:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2016 12:09:40 +0100 (CET) Subject: SUSE-SU-2016:2683-1: important: Security update for php7 Message-ID: <20161031110940.0C330FFBC@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2683-1 Rating: important References: #1001900 #1004924 #1005274 Cross-References: CVE-2016-6911 CVE-2016-7568 CVE-2016-8670 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php7 fixes the following security issue: - CVE-2016-7568: A specially crafted image file could cause an application crash or potentially execute arbitrary code when the image is converted to webp (bsc#1001900) - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf (bsc#1004924) - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf() (bsc#1005274) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1576=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1576=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php7-debuginfo-7.0.7-20.1 php7-debugsource-7.0.7-20.1 php7-devel-7.0.7-20.1 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php7-7.0.7-20.1 apache2-mod_php7-debuginfo-7.0.7-20.1 php7-7.0.7-20.1 php7-bcmath-7.0.7-20.1 php7-bcmath-debuginfo-7.0.7-20.1 php7-bz2-7.0.7-20.1 php7-bz2-debuginfo-7.0.7-20.1 php7-calendar-7.0.7-20.1 php7-calendar-debuginfo-7.0.7-20.1 php7-ctype-7.0.7-20.1 php7-ctype-debuginfo-7.0.7-20.1 php7-curl-7.0.7-20.1 php7-curl-debuginfo-7.0.7-20.1 php7-dba-7.0.7-20.1 php7-dba-debuginfo-7.0.7-20.1 php7-debuginfo-7.0.7-20.1 php7-debugsource-7.0.7-20.1 php7-dom-7.0.7-20.1 php7-dom-debuginfo-7.0.7-20.1 php7-enchant-7.0.7-20.1 php7-enchant-debuginfo-7.0.7-20.1 php7-exif-7.0.7-20.1 php7-exif-debuginfo-7.0.7-20.1 php7-fastcgi-7.0.7-20.1 php7-fastcgi-debuginfo-7.0.7-20.1 php7-fileinfo-7.0.7-20.1 php7-fileinfo-debuginfo-7.0.7-20.1 php7-fpm-7.0.7-20.1 php7-fpm-debuginfo-7.0.7-20.1 php7-ftp-7.0.7-20.1 php7-ftp-debuginfo-7.0.7-20.1 php7-gd-7.0.7-20.1 php7-gd-debuginfo-7.0.7-20.1 php7-gettext-7.0.7-20.1 php7-gettext-debuginfo-7.0.7-20.1 php7-gmp-7.0.7-20.1 php7-gmp-debuginfo-7.0.7-20.1 php7-iconv-7.0.7-20.1 php7-iconv-debuginfo-7.0.7-20.1 php7-imap-7.0.7-20.1 php7-imap-debuginfo-7.0.7-20.1 php7-intl-7.0.7-20.1 php7-intl-debuginfo-7.0.7-20.1 php7-json-7.0.7-20.1 php7-json-debuginfo-7.0.7-20.1 php7-ldap-7.0.7-20.1 php7-ldap-debuginfo-7.0.7-20.1 php7-mbstring-7.0.7-20.1 php7-mbstring-debuginfo-7.0.7-20.1 php7-mcrypt-7.0.7-20.1 php7-mcrypt-debuginfo-7.0.7-20.1 php7-mysql-7.0.7-20.1 php7-mysql-debuginfo-7.0.7-20.1 php7-odbc-7.0.7-20.1 php7-odbc-debuginfo-7.0.7-20.1 php7-opcache-7.0.7-20.1 php7-opcache-debuginfo-7.0.7-20.1 php7-openssl-7.0.7-20.1 php7-openssl-debuginfo-7.0.7-20.1 php7-pcntl-7.0.7-20.1 php7-pcntl-debuginfo-7.0.7-20.1 php7-pdo-7.0.7-20.1 php7-pdo-debuginfo-7.0.7-20.1 php7-pgsql-7.0.7-20.1 php7-pgsql-debuginfo-7.0.7-20.1 php7-phar-7.0.7-20.1 php7-phar-debuginfo-7.0.7-20.1 php7-posix-7.0.7-20.1 php7-posix-debuginfo-7.0.7-20.1 php7-pspell-7.0.7-20.1 php7-pspell-debuginfo-7.0.7-20.1 php7-shmop-7.0.7-20.1 php7-shmop-debuginfo-7.0.7-20.1 php7-snmp-7.0.7-20.1 php7-snmp-debuginfo-7.0.7-20.1 php7-soap-7.0.7-20.1 php7-soap-debuginfo-7.0.7-20.1 php7-sockets-7.0.7-20.1 php7-sockets-debuginfo-7.0.7-20.1 php7-sqlite-7.0.7-20.1 php7-sqlite-debuginfo-7.0.7-20.1 php7-sysvmsg-7.0.7-20.1 php7-sysvmsg-debuginfo-7.0.7-20.1 php7-sysvsem-7.0.7-20.1 php7-sysvsem-debuginfo-7.0.7-20.1 php7-sysvshm-7.0.7-20.1 php7-sysvshm-debuginfo-7.0.7-20.1 php7-tokenizer-7.0.7-20.1 php7-tokenizer-debuginfo-7.0.7-20.1 php7-wddx-7.0.7-20.1 php7-wddx-debuginfo-7.0.7-20.1 php7-xmlreader-7.0.7-20.1 php7-xmlreader-debuginfo-7.0.7-20.1 php7-xmlrpc-7.0.7-20.1 php7-xmlrpc-debuginfo-7.0.7-20.1 php7-xmlwriter-7.0.7-20.1 php7-xmlwriter-debuginfo-7.0.7-20.1 php7-xsl-7.0.7-20.1 php7-xsl-debuginfo-7.0.7-20.1 php7-zip-7.0.7-20.1 php7-zip-debuginfo-7.0.7-20.1 php7-zlib-7.0.7-20.1 php7-zlib-debuginfo-7.0.7-20.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-20.1 php7-pear-Archive_Tar-7.0.7-20.1 References: https://www.suse.com/security/cve/CVE-2016-6911.html https://www.suse.com/security/cve/CVE-2016-7568.html https://www.suse.com/security/cve/CVE-2016-8670.html https://bugzilla.suse.com/1001900 https://bugzilla.suse.com/1004924 https://bugzilla.suse.com/1005274 From sle-updates at lists.suse.com Mon Oct 31 07:09:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2016 14:09:29 +0100 (CET) Subject: SUSE-RU-2016:2686-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20161031130929.C7B2AFFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2686-1 Rating: moderate References: #986978 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SUSE Manager Client Tools fixes the following issues: cobbler: - Enabling PXE grub2 support for PowerPC. (bsc#986978) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-suse-manager-clienttools-201610-12822=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-suse-manager-clienttools-201610-12822=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.64.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.64.1 References: https://bugzilla.suse.com/986978 From sle-updates at lists.suse.com Mon Oct 31 07:09:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2016 14:09:54 +0100 (CET) Subject: SUSE-RU-2016:2687-1: moderate: Recommended update for SUSE Manager Proxy 2.1 Message-ID: <20161031130954.27372FFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2687-1 Rating: moderate References: #990264 #992987 Affected Products: SUSE Manager Proxy 2.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Alert if a non-unique package ID is detected. - Prevent crashes when running old-style spacecmd cache. - Avoid errors if multiple packages with same long name enter the cache. (bsc#990264) spacewalk-certs-tools: - Check only if all required packages are installed. (bsc#992987) - Fix paths to trust dir and update-ca-certificates tool. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-suse-manager-proxy-21-201610-12822=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 2.1 (x86_64): spacecmd-2.1.25.12-18.1 - SUSE Manager Proxy 2.1 (noarch): spacewalk-certs-tools-2.1.6.12-24.1 References: https://bugzilla.suse.com/990264 https://bugzilla.suse.com/992987 From sle-updates at lists.suse.com Mon Oct 31 07:10:24 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2016 14:10:24 +0100 (CET) Subject: SUSE-RU-2016:2688-1: moderate: Recommended update for SUSE Manager Server 2.1 Message-ID: <20161031131024.6002FFFBC@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2688-1 Rating: moderate References: #1000448 #1000666 #1001738 #1001784 #1001923 #1002231 #1002678 #969790 #969889 #973198 #981635 #986978 #988303 #990264 #992987 #994305 Affected Products: SUSE Manager 2.1 ______________________________________________________________________________ An update that has 16 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Enabling PXE grub2 support for PowerPC. (bsc#986978) smdba: - Fix recovery.conf permissions and ownership for latest PostgreSQL. (bsc#1002231) spacecmd: - Alert if a non-unique package ID is detected. - Prevent crashes when running old-style spacecmd cache. - Avoid errors if multiple packages with same long name enter the cache. (bsc#990264) spacewalk-branding: - More 'errata' > 'patches' string fixes. (bsc#981635) - SPMigration: Add multi-target-selection step in front of the wizard. spacewalk-certs-tools: - Check only if all required packages are installed. (bsc#992987) - Fix paths to trust dir and update-ca-certificates tool. spacewalk-java: - Arch_type of a SUSEProduct can be null. (bsc#1001738, bsc#1001784, bsc#1001923, bsc#1002678) - XMLRPC API for new SP Migration. - SPMigration: Add multi-target-selection step in front of the wizard. - Fix cloning errata severity from an errata. (bsc#1000666) - Support Open Enterprise Server 11 SP3. (bsc#988303) - Redirect user to a meaningful page after requesting details of non-existing Action Chain. (bsc#973198) - Fix race condition during auto errata update. (bsc#969790) susemanager-manuals_en: - Removed SLE 10 SP3, 10 SP4, 11 SP3 as supported client systems. (bsc#1000448) susemanager-schema: - Add table for storing product extensions. - Add severity_id to rhnErrataTmp for consistency with rhnErrata. - Avoid a deadlock when deleting a server. (bsc#969790) susemanager-sync-data: - Support Open Enterprise Server 11 SP3. (bsc#988303) - Add Support for SLE12 SP2 family. (bsc#969889) - AMD repositories removed because of security reasons. - Add SLES12-GA-LTSS-X86 and SLES12-GA-LTSS-Z channel families. (bsc#994305) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-suse-manager-21-201610-12822=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (s390x x86_64): cobbler-2.2.2-0.64.1 smdba-1.5.5-0.15.1 spacecmd-2.1.25.12-18.1 spacewalk-branding-2.1.33.18-24.1 - SUSE Manager 2.1 (noarch): spacewalk-certs-tools-2.1.6.12-24.1 spacewalk-java-2.1.165.26-26.1 spacewalk-java-config-2.1.165.26-26.1 spacewalk-java-lib-2.1.165.26-26.1 spacewalk-java-oracle-2.1.165.26-26.1 spacewalk-java-postgresql-2.1.165.26-26.1 spacewalk-taskomatic-2.1.165.26-26.1 susemanager-client-config_en-pdf-2.1-25.1 susemanager-install_en-pdf-2.1-25.1 susemanager-manuals_en-2.1-25.1 susemanager-proxy-quick_en-pdf-2.1-25.1 susemanager-reference_en-pdf-2.1-25.1 susemanager-schema-2.1.50.18-21.1 susemanager-sync-data-2.1.18-39.1 susemanager-user_en-pdf-2.1-25.1 References: https://bugzilla.suse.com/1000448 https://bugzilla.suse.com/1000666 https://bugzilla.suse.com/1001738 https://bugzilla.suse.com/1001784 https://bugzilla.suse.com/1001923 https://bugzilla.suse.com/1002231 https://bugzilla.suse.com/1002678 https://bugzilla.suse.com/969790 https://bugzilla.suse.com/969889 https://bugzilla.suse.com/973198 https://bugzilla.suse.com/981635 https://bugzilla.suse.com/986978 https://bugzilla.suse.com/988303 https://bugzilla.suse.com/990264 https://bugzilla.suse.com/992987 https://bugzilla.suse.com/994305 From sle-updates at lists.suse.com Mon Oct 31 07:12:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2016 14:12:59 +0100 (CET) Subject: SUSE-RU-2016:2689-1: Recommended update for syslog-ng Message-ID: <20161031131259.6DD73FFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for syslog-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2689-1 Rating: low References: #987207 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: Syslog-NG was updated to version 3.6.4, which brings several fixes and enhancements: - The new systemd-syslog() source replaces the former implicit support for the same functionality. Users who use systemd are advised to use either the system() source, or this new one when they want to receive logs from systemd via the /run/systemd/journal/syslog socket. - The new source driver systemd-journal() reads from the Journal directly, not via the syslog forwarding socket. The system() source defaults to using this source when systemd is detected. - Fix systemd support on platforms which have systemd older than version 209. - Fix AMQP segmentation fault right after starting on some platforms. - Fix inaccurate time stamps for messages read from /dev/kmsg. - Add DOS/Windows line ending support in configuration files. - Fix issue that prevented all plugins from being loaded by default. - Fix potential crash during stop phase when user wanted syslog-ng to stop immediately after start. - Fix memory leak around reload and internal queuing mechanism. - Add support for the monolithic libsystemd library from systemd 209. For a comprehensive list of changes please refer to the Release Notes document: https://github.com/balabit/syslog-ng/blob/syslog-ng-3.6.4/NEWS.md Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-1579=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-1579=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): syslog-ng-3.6.4-5.1 syslog-ng-debuginfo-3.6.4-5.1 syslog-ng-debugsource-3.6.4-5.1 - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le s390x x86_64): syslog-ng-3.6.4-5.1 syslog-ng-debuginfo-3.6.4-5.1 syslog-ng-debugsource-3.6.4-5.1 References: https://bugzilla.suse.com/987207 From sle-updates at lists.suse.com Mon Oct 31 10:06:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2016 17:06:33 +0100 (CET) Subject: SUSE-RU-2016:2690-1: Recommended update for supportutils-plugin-suse-openstack-cloud Message-ID: <20161031160633.45A95FFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2690-1 Rating: low References: #997908 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 3 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-suse-openstack-cloud fixes the following issues: - Capture /var/chef/cache/pause-file.lock* files (bsc#997908) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1580=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1580=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1580=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): supportutils-plugin-suse-openstack-cloud-6.0.1472329275.7b7b59b-6.1 - SUSE Enterprise Storage 3 (noarch): supportutils-plugin-suse-openstack-cloud-6.0.1472329275.7b7b59b-6.1 - SUSE Enterprise Storage 2.1 (noarch): supportutils-plugin-suse-openstack-cloud-6.0.1472329275.7b7b59b-6.1 References: https://bugzilla.suse.com/997908 From sle-updates at lists.suse.com Mon Oct 31 11:06:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2016 18:06:46 +0100 (CET) Subject: SUSE-RU-2016:2691-1: Recommended update for rubygem-ruby-shadow Message-ID: <20161031170646.6D9F3FFBB@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-ruby-shadow ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2691-1 Rating: low References: #920720 #981565 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Enterprise Storage 3 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-ruby-shadow provides the following fixes: - Fix bug in shadow implementations where sp_expired field was incorrectly set as nil. From now on, -1 is used to indicate not set. (bsc#981565) - Simplified compatibility check, removing check for function not actually used in pwd.h implementations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1581=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2016-1581=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1581=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1581=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1581=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-ruby-shadow-2.3.4-6.1 ruby2.1-rubygem-ruby-shadow-debuginfo-2.3.4-6.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): ruby2.1-rubygem-ruby-shadow-2.3.4-6.1 ruby2.1-rubygem-ruby-shadow-debuginfo-2.3.4-6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ruby2.1-rubygem-ruby-shadow-2.3.4-6.1 ruby2.1-rubygem-ruby-shadow-debuginfo-2.3.4-6.1 - SUSE Enterprise Storage 3 (x86_64): ruby2.1-rubygem-ruby-shadow-2.3.4-6.1 ruby2.1-rubygem-ruby-shadow-debuginfo-2.3.4-6.1 - SUSE Enterprise Storage 2.1 (x86_64): ruby2.1-rubygem-ruby-shadow-2.3.4-6.1 ruby2.1-rubygem-ruby-shadow-debuginfo-2.3.4-6.1 References: https://bugzilla.suse.com/920720 https://bugzilla.suse.com/981565 From sle-updates at lists.suse.com Mon Oct 31 14:06:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2016 21:06:45 +0100 (CET) Subject: SUSE-RU-2016:2692-1: moderate: Recommended update for squid3 Message-ID: <20161031200645.DE290FFBA@maintenance.suse.de> SUSE Recommended Update: Recommended update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2692-1 Rating: moderate References: #996890 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for squid3 provides the following fixes: - Fixed a regression when cached external ACLs are used which could lead to crashes, with e.g. these ACL constructs: http_access allow something external_acl auth # works http_access allow something auth external_acl # crashes - Squid passed some structures to MD5 hashing function as (const char*) byte streams, but padding in these structures could have been uninitialized, which might have lead to instabilities. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-squid3-12825=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squid3-12825=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): squid3-3.1.23-8.16.33.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): squid3-debuginfo-3.1.23-8.16.33.2 squid3-debugsource-3.1.23-8.16.33.2 References: https://bugzilla.suse.com/996890