From sle-updates at lists.suse.com Thu Sep 1 10:09:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Sep 2016 18:09:31 +0200 (CEST) Subject: SUSE-SU-2016:2210-1: moderate: Security update for php53 Message-ID: <20160901160931.53BDCF7C4@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2210-1 Rating: moderate References: #987530 #991426 #991427 #991428 #991429 #991430 #991433 #991437 Cross-References: CVE-2014-3587 CVE-2016-3587 CVE-2016-5399 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6296 CVE-2016-6297 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for php53 fixes the following issues: - security update: * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12724=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12724=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12724=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-79.2 php53-imap-5.3.17-79.2 php53-posix-5.3.17-79.2 php53-readline-5.3.17-79.2 php53-sockets-5.3.17-79.2 php53-sqlite-5.3.17-79.2 php53-tidy-5.3.17-79.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-79.2 php53-5.3.17-79.2 php53-bcmath-5.3.17-79.2 php53-bz2-5.3.17-79.2 php53-calendar-5.3.17-79.2 php53-ctype-5.3.17-79.2 php53-curl-5.3.17-79.2 php53-dba-5.3.17-79.2 php53-dom-5.3.17-79.2 php53-exif-5.3.17-79.2 php53-fastcgi-5.3.17-79.2 php53-fileinfo-5.3.17-79.2 php53-ftp-5.3.17-79.2 php53-gd-5.3.17-79.2 php53-gettext-5.3.17-79.2 php53-gmp-5.3.17-79.2 php53-iconv-5.3.17-79.2 php53-intl-5.3.17-79.2 php53-json-5.3.17-79.2 php53-ldap-5.3.17-79.2 php53-mbstring-5.3.17-79.2 php53-mcrypt-5.3.17-79.2 php53-mysql-5.3.17-79.2 php53-odbc-5.3.17-79.2 php53-openssl-5.3.17-79.2 php53-pcntl-5.3.17-79.2 php53-pdo-5.3.17-79.2 php53-pear-5.3.17-79.2 php53-pgsql-5.3.17-79.2 php53-pspell-5.3.17-79.2 php53-shmop-5.3.17-79.2 php53-snmp-5.3.17-79.2 php53-soap-5.3.17-79.2 php53-suhosin-5.3.17-79.2 php53-sysvmsg-5.3.17-79.2 php53-sysvsem-5.3.17-79.2 php53-sysvshm-5.3.17-79.2 php53-tokenizer-5.3.17-79.2 php53-wddx-5.3.17-79.2 php53-xmlreader-5.3.17-79.2 php53-xmlrpc-5.3.17-79.2 php53-xmlwriter-5.3.17-79.2 php53-xsl-5.3.17-79.2 php53-zip-5.3.17-79.2 php53-zlib-5.3.17-79.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-79.2 php53-debugsource-5.3.17-79.2 References: https://www.suse.com/security/cve/CVE-2014-3587.html https://www.suse.com/security/cve/CVE-2016-3587.html https://www.suse.com/security/cve/CVE-2016-5399.html https://www.suse.com/security/cve/CVE-2016-6288.html https://www.suse.com/security/cve/CVE-2016-6289.html https://www.suse.com/security/cve/CVE-2016-6290.html https://www.suse.com/security/cve/CVE-2016-6291.html https://www.suse.com/security/cve/CVE-2016-6296.html https://www.suse.com/security/cve/CVE-2016-6297.html https://bugzilla.suse.com/987530 https://bugzilla.suse.com/991426 https://bugzilla.suse.com/991427 https://bugzilla.suse.com/991428 https://bugzilla.suse.com/991429 https://bugzilla.suse.com/991430 https://bugzilla.suse.com/991433 https://bugzilla.suse.com/991437 From sle-updates at lists.suse.com Fri Sep 2 04:09:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Sep 2016 12:09:12 +0200 (CEST) Subject: SUSE-SU-2016:2211-1: moderate: Security update for cracklib Message-ID: <20160902100912.C62B1F7C3@maintenance.suse.de> SUSE Security Update: Security update for cracklib ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2211-1 Rating: moderate References: #928923 #992966 Cross-References: CVE-2016-6318 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cracklib fixes a security issue and a bug: Security issue fixed: - Add patch to fix a stack buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) The following non security issue was fixed: - Call textdomain in cracklib-check main function so that program output is translated accordingly. (bsc#928923) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-cracklib-12726=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-cracklib-12726=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-cracklib-12726=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cracklib-12726=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): cracklib-dict-small-2.8.12-56.13.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): cracklib-devel-2.8.12-56.13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): cracklib-2.8.12-56.13.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): cracklib-32bit-2.8.12-56.13.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): cracklib-x86-2.8.12-56.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): cracklib-debuginfo-2.8.12-56.13.1 cracklib-debugsource-2.8.12-56.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): cracklib-debuginfo-32bit-2.8.12-56.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): cracklib-debuginfo-x86-2.8.12-56.13.1 References: https://www.suse.com/security/cve/CVE-2016-6318.html https://bugzilla.suse.com/928923 https://bugzilla.suse.com/992966 From sle-updates at lists.suse.com Fri Sep 2 04:09:59 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Sep 2016 12:09:59 +0200 (CEST) Subject: SUSE-SU-2016:2212-1: moderate: Security update for wireshark Message-ID: <20160902100959.4BEA8F7C4@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2212-1 Rating: moderate References: #983671 #991012 #991013 #991015 #991016 #991017 #991018 #991019 #991020 Cross-References: CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: This update to wireshark 1.12.13 fixes the following issues: - CVE-2016-6504: wireshark: NDS dissector crash (bsc#991012) - CVE-2016-6505: wireshark: PacketBB dissector could divide by zero (bsc#991013) - CVE-2016-6506: wireshark: WSP infinite loop (bsc#991015) - CVE-2016-6507: wireshark: MMSE infinite loop (bsc#991016) - CVE-2016-6508: wireshark: RLC long loop (bsc#991017) - CVE-2016-6509: wireshark: LDSS dissector crash (bsc#991018) - CVE-2016-6510: wireshark: RLC dissector crash (bsc#991019) - CVE-2016-6511: wireshark: OpenFlow long loop (bnc991020) - CVE-2016-5350: SPOOLS infinite loop (bsc#983671) - CVE-2016-5351: IEEE 802.11 dissector crash (bsc#983671) - CVE-2016-5352: IEEE 802.11 dissector crash, different from wpna-sec-2016-30 (bsc#983671) - CVE-2016-5353: UMTS FP crash (bsc#983671) - CVE-2016-5354: USB dissector crash (bsc#983671) - CVE-2016-5355: Toshiba file parser crash (bsc#983671) - CVE-2016-5356: CoSine file parser crash (bsc#983671) - CVE-2016-5357: NetScreen file parser crash (bsc#983671) - CVE-2016-5358: Ethernet dissector crash (bsc#983671) - CVE-2016-5359: WBXML infinite loop (bsc#983671) For more details please see: https://www.wireshark.org/docs/relnotes/wireshark-1.12.12.html https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-wireshark-12725=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wireshark-12725=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wireshark-12725=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-devel-1.12.13-0.23.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): wireshark-1.12.13-0.23.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-1.12.13-0.23.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wireshark-debuginfo-1.12.13-0.23.1 wireshark-debugsource-1.12.13-0.23.1 References: https://www.suse.com/security/cve/CVE-2016-5350.html https://www.suse.com/security/cve/CVE-2016-5351.html https://www.suse.com/security/cve/CVE-2016-5352.html https://www.suse.com/security/cve/CVE-2016-5353.html https://www.suse.com/security/cve/CVE-2016-5354.html https://www.suse.com/security/cve/CVE-2016-5355.html https://www.suse.com/security/cve/CVE-2016-5356.html https://www.suse.com/security/cve/CVE-2016-5357.html https://www.suse.com/security/cve/CVE-2016-5358.html https://www.suse.com/security/cve/CVE-2016-5359.html https://www.suse.com/security/cve/CVE-2016-6504.html https://www.suse.com/security/cve/CVE-2016-6505.html https://www.suse.com/security/cve/CVE-2016-6506.html https://www.suse.com/security/cve/CVE-2016-6507.html https://www.suse.com/security/cve/CVE-2016-6508.html https://www.suse.com/security/cve/CVE-2016-6509.html https://www.suse.com/security/cve/CVE-2016-6510.html https://www.suse.com/security/cve/CVE-2016-6511.html https://bugzilla.suse.com/983671 https://bugzilla.suse.com/991012 https://bugzilla.suse.com/991013 https://bugzilla.suse.com/991015 https://bugzilla.suse.com/991016 https://bugzilla.suse.com/991017 https://bugzilla.suse.com/991018 https://bugzilla.suse.com/991019 https://bugzilla.suse.com/991020 From sle-updates at lists.suse.com Fri Sep 2 07:09:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Sep 2016 15:09:58 +0200 (CEST) Subject: SUSE-SU-2016:2217-1: moderate: Security update for kinit Message-ID: <20160902130958.E9D35F7C3@maintenance.suse.de> SUSE Security Update: Security update for kinit ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2217-1 Rating: moderate References: #983926 Cross-References: CVE-2016-3100 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: kinit was updated to fix one security issue. This security issue was fixed: - CVE-2016-3100: World readable Xauthority file exposed cookie credentials (boo#983926). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch 5270=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): kinit-5.20.0-6.1 kinit-debuginfo-5.20.0-6.1 kinit-debugsource-5.20.0-6.1 kinit-devel-5.20.0-6.1 - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch): kinit-lang-5.20.0-6.1 References: https://www.suse.com/security/cve/CVE-2016-3100.html https://bugzilla.suse.com/983926 From sle-updates at lists.suse.com Fri Sep 2 07:10:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Sep 2016 15:10:27 +0200 (CEST) Subject: SUSE-SU-2016:2218-1: moderate: Security update for mariadb Message-ID: <20160902131027.07390F7C3@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2218-1 Rating: moderate References: #984858 #985217 #986251 #991616 Cross-References: CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for mariadb fixes the following issues: - CVE-2016-3477: Unspecified vulnerability in subcomponent parser [bsc#991616] - CVE-2016-3521: Unspecified vulnerability in subcomponent types [bsc#991616] - CVE-2016-3615: Unspecified vulnerability in subcomponent dml [bsc#991616] - CVE-2016-5440: Unspecified vulnerability in subcomponent rbr [bsc#991616] - mariadb failing test main.bootstrap [bsc#984858] - left over "openSUSE" comments in MariaDB on SLE12 GM and SP1 [bsc#985217] - remove unnecessary conditionals from specfile - add '--ignore-db-dir=lost+found' option to rc.mysql-multi in order not to misinterpret the lost+found directory as a database [bsc#986251] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1308=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1308=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1308=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1308=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libmysqlclient_r18-10.0.26-9.2 libmysqlclient_r18-32bit-10.0.26-9.2 mariadb-debuginfo-10.0.26-9.2 mariadb-debugsource-10.0.26-9.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.26-9.2 libmysqlclient_r18-10.0.26-9.2 libmysqld-devel-10.0.26-9.2 libmysqld18-10.0.26-9.2 libmysqld18-debuginfo-10.0.26-9.2 mariadb-debuginfo-10.0.26-9.2 mariadb-debugsource-10.0.26-9.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmysqlclient18-10.0.26-9.2 libmysqlclient18-debuginfo-10.0.26-9.2 mariadb-10.0.26-9.2 mariadb-client-10.0.26-9.2 mariadb-client-debuginfo-10.0.26-9.2 mariadb-debuginfo-10.0.26-9.2 mariadb-debugsource-10.0.26-9.2 mariadb-errormessages-10.0.26-9.2 mariadb-tools-10.0.26-9.2 mariadb-tools-debuginfo-10.0.26-9.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libmysqlclient18-32bit-10.0.26-9.2 libmysqlclient18-debuginfo-32bit-10.0.26-9.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libmysqlclient18-10.0.26-9.2 libmysqlclient18-32bit-10.0.26-9.2 libmysqlclient18-debuginfo-10.0.26-9.2 libmysqlclient18-debuginfo-32bit-10.0.26-9.2 libmysqlclient_r18-10.0.26-9.2 libmysqlclient_r18-32bit-10.0.26-9.2 mariadb-10.0.26-9.2 mariadb-client-10.0.26-9.2 mariadb-client-debuginfo-10.0.26-9.2 mariadb-debuginfo-10.0.26-9.2 mariadb-debugsource-10.0.26-9.2 mariadb-errormessages-10.0.26-9.2 References: https://www.suse.com/security/cve/CVE-2016-3477.html https://www.suse.com/security/cve/CVE-2016-3521.html https://www.suse.com/security/cve/CVE-2016-3615.html https://www.suse.com/security/cve/CVE-2016-5440.html https://bugzilla.suse.com/984858 https://bugzilla.suse.com/985217 https://bugzilla.suse.com/986251 https://bugzilla.suse.com/991616 From sle-updates at lists.suse.com Fri Sep 2 09:08:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Sep 2016 17:08:52 +0200 (CEST) Subject: SUSE-SU-2016:2226-1: moderate: Security update for wget Message-ID: <20160902150852.8AC6DF7C2@maintenance.suse.de> SUSE Security Update: Security update for wget ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2226-1 Rating: moderate References: #937096 #958342 #984060 Cross-References: CVE-2015-2059 CVE-2016-4971 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for wget fixes the following issues: - Fix for HTTP to a FTP redirection file name confusion vulnerability (bsc#984060, CVE-2016-4971). - Work around a libidn vulnerability (bsc#937096, CVE-2015-2059). - Fix for wget fails with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1309=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1309=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): wget-1.14-10.3 wget-debuginfo-1.14-10.3 wget-debugsource-1.14-10.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): wget-1.14-10.3 wget-debuginfo-1.14-10.3 wget-debugsource-1.14-10.3 References: https://www.suse.com/security/cve/CVE-2015-2059.html https://www.suse.com/security/cve/CVE-2016-4971.html https://bugzilla.suse.com/937096 https://bugzilla.suse.com/958342 https://bugzilla.suse.com/984060 From sle-updates at lists.suse.com Fri Sep 2 10:10:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Sep 2016 18:10:15 +0200 (CEST) Subject: SUSE-RU-2016:2228-1: Recommended update for apparmor Message-ID: <20160902161015.4FB49F7C3@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2228-1 Rating: low References: #990006 #991901 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for apparmor provides the necessary profile adjustments for compatibility with Samba 4.4.x. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1310=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1310=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1310=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): apparmor-debugsource-2.8.2-45.1 libapparmor-devel-2.8.2-45.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-45.1 apache2-mod_apparmor-debuginfo-2.8.2-45.1 apparmor-debugsource-2.8.2-45.1 apparmor-parser-2.8.2-45.1 apparmor-parser-debuginfo-2.8.2-45.1 libapparmor1-2.8.2-45.1 libapparmor1-debuginfo-2.8.2-45.1 pam_apparmor-2.8.2-45.1 pam_apparmor-debuginfo-2.8.2-45.1 perl-apparmor-2.8.2-45.1 perl-apparmor-debuginfo-2.8.2-45.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libapparmor1-32bit-2.8.2-45.1 libapparmor1-debuginfo-32bit-2.8.2-45.1 pam_apparmor-32bit-2.8.2-45.1 pam_apparmor-debuginfo-32bit-2.8.2-45.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): apparmor-docs-2.8.2-45.1 apparmor-profiles-2.8.2-45.1 apparmor-utils-2.8.2-45.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): apparmor-debugsource-2.8.2-45.1 apparmor-parser-2.8.2-45.1 apparmor-parser-debuginfo-2.8.2-45.1 libapparmor1-2.8.2-45.1 libapparmor1-32bit-2.8.2-45.1 libapparmor1-debuginfo-2.8.2-45.1 libapparmor1-debuginfo-32bit-2.8.2-45.1 pam_apparmor-2.8.2-45.1 pam_apparmor-32bit-2.8.2-45.1 pam_apparmor-debuginfo-2.8.2-45.1 pam_apparmor-debuginfo-32bit-2.8.2-45.1 perl-apparmor-2.8.2-45.1 perl-apparmor-debuginfo-2.8.2-45.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): apparmor-docs-2.8.2-45.1 apparmor-profiles-2.8.2-45.1 apparmor-utils-2.8.2-45.1 References: https://bugzilla.suse.com/990006 https://bugzilla.suse.com/991901 From sle-updates at lists.suse.com Fri Sep 2 13:08:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Sep 2016 21:08:29 +0200 (CEST) Subject: SUSE-SU-2016:2229-1: moderate: Security update for tomcat6 Message-ID: <20160902190829.686B1FC43@maintenance.suse.de> SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2229-1 Rating: moderate References: #988489 Cross-References: CVE-2016-5388 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat6 fixes the following issue: - CVE-2016-5388 Setting HTTP_PROXY environment variable via Proxy header (bsc#988489) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tomcat-12727=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): tomcat6-6.0.45-0.53.2 tomcat6-admin-webapps-6.0.45-0.53.2 tomcat6-docs-webapp-6.0.45-0.53.2 tomcat6-javadoc-6.0.45-0.53.2 tomcat6-jsp-2_1-api-6.0.45-0.53.2 tomcat6-lib-6.0.45-0.53.2 tomcat6-servlet-2_5-api-6.0.45-0.53.2 tomcat6-webapps-6.0.45-0.53.2 References: https://www.suse.com/security/cve/CVE-2016-5388.html https://bugzilla.suse.com/988489 From sle-updates at lists.suse.com Fri Sep 2 13:08:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Sep 2016 21:08:58 +0200 (CEST) Subject: SUSE-SU-2016:2230-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 Message-ID: <20160902190858.615DFFC44@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2230-1 Rating: important References: #991667 Cross-References: CVE-2016-6480 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.62-60_62 fixes several issues. The following security bugs were fixed: - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bsc#991667). The following non-security bugs were fixed: Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1311=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_62-default-2-9.1 kgraft-patch-3_12_62-60_62-xen-2-9.1 References: https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/991667 From sle-updates at lists.suse.com Mon Sep 5 08:08:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Sep 2016 16:08:58 +0200 (CEST) Subject: SUSE-RU-2016:2239-1: moderate: Recommended update for apache2 Message-ID: <20160905140858.4A428FC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2239-1 Rating: moderate References: #955701 #970391 #978543 #991032 #994133 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for apache2 provides the following fixes: - Re-add support for multiple entries in APACHE_ACCESS_LOG. (bsc#991032) - Apache will start after remote-fs. (bsc#978543) - Ignore SIGINT in child processes. (bsc#970391) - Document requirement of FollowSymLinks or SymLinksIfOwnerMatch for RewriteRule in given directory. (bsc#955701) - Do not call %service_add_pre, %service_del_preun for apache2 at .service. (bsc#994133) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1313=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1313=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): apache2-debuginfo-2.4.16-12.1 apache2-debugsource-2.4.16-12.1 apache2-devel-2.4.16-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): apache2-2.4.16-12.1 apache2-debuginfo-2.4.16-12.1 apache2-debugsource-2.4.16-12.1 apache2-example-pages-2.4.16-12.1 apache2-prefork-2.4.16-12.1 apache2-prefork-debuginfo-2.4.16-12.1 apache2-utils-2.4.16-12.1 apache2-utils-debuginfo-2.4.16-12.1 apache2-worker-2.4.16-12.1 apache2-worker-debuginfo-2.4.16-12.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): apache2-doc-2.4.16-12.1 References: https://bugzilla.suse.com/955701 https://bugzilla.suse.com/970391 https://bugzilla.suse.com/978543 https://bugzilla.suse.com/991032 https://bugzilla.suse.com/994133 From sle-updates at lists.suse.com Mon Sep 5 09:08:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Sep 2016 17:08:43 +0200 (CEST) Subject: SUSE-RU-2016:2240-1: moderate: Recommended update for crowbar-barclamp-nova Message-ID: <20160905150843.5CB99FC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-nova ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2240-1 Rating: moderate References: #963029 #965886 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crowbar-barclamp-nova fixes the following issues: - Minimize disruption of services with HA by using interleave for clones (bsc#965886) - Avoid DoS by closing rejected connections on VNC port - Fix libvirt sometimes not having access to rbd secret (bsc#963029) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-nova-12728=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-nova-1.9+git.1460076300.6e4a8da-23.1 References: https://bugzilla.suse.com/963029 https://bugzilla.suse.com/965886 From sle-updates at lists.suse.com Tue Sep 6 07:08:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Sep 2016 15:08:54 +0200 (CEST) Subject: SUSE-SU-2016:2245-1: important: Security update for the Linux Kernel Message-ID: <20160906130854.CDB0DF7A7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2245-1 Rating: important References: #839104 #866130 #919351 #944309 #950998 #960689 #962404 #963655 #963762 #966460 #969149 #970114 #971126 #971360 #971446 #971729 #971944 #974428 #975945 #978401 #978821 #978822 #979213 #979274 #979548 #979681 #979867 #979879 #980371 #980725 #980788 #980931 #981267 #983143 #983213 #983535 #984107 #984755 #986362 #986365 #986445 #986572 #987709 #988065 #989152 #989401 #991608 Cross-References: CVE-2013-4312 CVE-2015-7513 CVE-2015-7833 CVE-2016-0758 CVE-2016-1583 CVE-2016-2053 CVE-2016-2187 CVE-2016-3134 CVE-2016-3955 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4486 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998 CVE-2016-5244 CVE-2016-5696 CVE-2016-5829 CVE-2016-6480 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has 22 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-3955: The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel allowed remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet (bnc#975945). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure was initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack. (bsc#989152) - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability. (bsc#991608) The following non-security bugs were fixed: - Update patches.fixes/pci-determine-actual-vpd-size-on-first-access.patch (bsc#971729, bsc#974428). - Update PCI VPD size patch to upstream: * PCI: Determine actual VPD size on first access (bsc#971729). * PCI: Update VPD definitions (bsc#971729). (cherry picked from commit d2af5b7e0cd7ee2a54f02ad65ec300d16b3ad956) - Update patches.fixes/pci-update-vpd-definitions.patch (bsc#971729, bsc#974428). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - fs/cifs: Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309) - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - hid: add ALWAYS_POLL quirk for a Logitech 0xc055 (bnc#962404). - hid: add HP OEM mouse to quirk ALWAYS_POLL (bsc#919351). - hid: add quirk for PIXART OEM mouse used by HP (bsc#919351). - hid-elo: kill not flush the work. - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - ipv4: fix ineffective source address selection (bsc#980788). - ipvs: count pre-established TCP states as active (bsc#970114). - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446). - mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - nfs: Do not attempt to decode missing directory entries (bsc#980931). - nfs: fix memory corruption rooted in get_ih_name pointer math (bsc#984107). - nfs: reduce access cache shrinker locking (bnc#866130). - ppp: defer netns reference release for ppp channel (bsc#980371). - s390/cio: collect format 1 channel-path description data (bsc#966460,LTC#136434). - s390/cio: ensure consistent measurement state (bsc#966460,LTC#136434). - s390/cio: fix measurement characteristics memleak (bsc#966460,LTC#136434). - s390/cio: update measurement characteristics (bsc#966460,LTC#136434). - usbhid: add device USB_DEVICE_ID_LOGITECH_C077 (bsc#919351). - usbhid: more mice with ALWAYS_POLL (bsc#919351). - usbhid: yet another mouse with ALWAYS_POLL (bsc#919351). - veth: do not modify ip_summed (bsc#969149). - virtio_scsi: Implement eh_timed_out callback. - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065). - xfs: Avoid grabbing ilock when file size is not changed (bsc#983535). - xfs: avoid xfs_buf hang in lookup node directory corruption (bsc#989401). - xfs: only update the last_sync_lsn when a transaction completes (bsc#987709). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-kernel-12730=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-kernel-12730=1 - SUSE Manager 2.1: zypper in -t patch sleman21-kernel-12730=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-12730=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-12730=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-12730=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-12730=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): kernel-bigsmp-3.0.101-0.47.86.1 kernel-bigsmp-base-3.0.101-0.47.86.1 kernel-bigsmp-devel-3.0.101-0.47.86.1 kernel-default-3.0.101-0.47.86.1 kernel-default-base-3.0.101-0.47.86.1 kernel-default-devel-3.0.101-0.47.86.1 kernel-ec2-3.0.101-0.47.86.1 kernel-ec2-base-3.0.101-0.47.86.1 kernel-ec2-devel-3.0.101-0.47.86.1 kernel-source-3.0.101-0.47.86.1 kernel-syms-3.0.101-0.47.86.1 kernel-trace-3.0.101-0.47.86.1 kernel-trace-base-3.0.101-0.47.86.1 kernel-trace-devel-3.0.101-0.47.86.1 kernel-xen-3.0.101-0.47.86.1 kernel-xen-base-3.0.101-0.47.86.1 kernel-xen-devel-3.0.101-0.47.86.1 - SUSE Manager Proxy 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.86.1 kernel-bigsmp-base-3.0.101-0.47.86.1 kernel-bigsmp-devel-3.0.101-0.47.86.1 kernel-default-3.0.101-0.47.86.1 kernel-default-base-3.0.101-0.47.86.1 kernel-default-devel-3.0.101-0.47.86.1 kernel-ec2-3.0.101-0.47.86.1 kernel-ec2-base-3.0.101-0.47.86.1 kernel-ec2-devel-3.0.101-0.47.86.1 kernel-source-3.0.101-0.47.86.1 kernel-syms-3.0.101-0.47.86.1 kernel-trace-3.0.101-0.47.86.1 kernel-trace-base-3.0.101-0.47.86.1 kernel-trace-devel-3.0.101-0.47.86.1 kernel-xen-3.0.101-0.47.86.1 kernel-xen-base-3.0.101-0.47.86.1 kernel-xen-devel-3.0.101-0.47.86.1 - SUSE Manager 2.1 (s390x x86_64): kernel-default-3.0.101-0.47.86.1 kernel-default-base-3.0.101-0.47.86.1 kernel-default-devel-3.0.101-0.47.86.1 kernel-source-3.0.101-0.47.86.1 kernel-syms-3.0.101-0.47.86.1 kernel-trace-3.0.101-0.47.86.1 kernel-trace-base-3.0.101-0.47.86.1 kernel-trace-devel-3.0.101-0.47.86.1 - SUSE Manager 2.1 (x86_64): kernel-bigsmp-3.0.101-0.47.86.1 kernel-bigsmp-base-3.0.101-0.47.86.1 kernel-bigsmp-devel-3.0.101-0.47.86.1 kernel-ec2-3.0.101-0.47.86.1 kernel-ec2-base-3.0.101-0.47.86.1 kernel-ec2-devel-3.0.101-0.47.86.1 kernel-xen-3.0.101-0.47.86.1 kernel-xen-base-3.0.101-0.47.86.1 kernel-xen-devel-3.0.101-0.47.86.1 - SUSE Manager 2.1 (s390x): kernel-default-man-3.0.101-0.47.86.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.86.1 kernel-default-base-3.0.101-0.47.86.1 kernel-default-devel-3.0.101-0.47.86.1 kernel-source-3.0.101-0.47.86.1 kernel-syms-3.0.101-0.47.86.1 kernel-trace-3.0.101-0.47.86.1 kernel-trace-base-3.0.101-0.47.86.1 kernel-trace-devel-3.0.101-0.47.86.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.86.1 kernel-ec2-base-3.0.101-0.47.86.1 kernel-ec2-devel-3.0.101-0.47.86.1 kernel-xen-3.0.101-0.47.86.1 kernel-xen-base-3.0.101-0.47.86.1 kernel-xen-devel-3.0.101-0.47.86.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.86.1 kernel-bigsmp-base-3.0.101-0.47.86.1 kernel-bigsmp-devel-3.0.101-0.47.86.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.86.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.86.1 kernel-pae-base-3.0.101-0.47.86.1 kernel-pae-devel-3.0.101-0.47.86.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.86.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.86.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.86.1 kernel-trace-extra-3.0.101-0.47.86.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.86.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.86.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.86.1 kernel-default-base-3.0.101-0.47.86.1 kernel-default-devel-3.0.101-0.47.86.1 kernel-ec2-3.0.101-0.47.86.1 kernel-ec2-base-3.0.101-0.47.86.1 kernel-ec2-devel-3.0.101-0.47.86.1 kernel-pae-3.0.101-0.47.86.1 kernel-pae-base-3.0.101-0.47.86.1 kernel-pae-devel-3.0.101-0.47.86.1 kernel-source-3.0.101-0.47.86.1 kernel-syms-3.0.101-0.47.86.1 kernel-trace-3.0.101-0.47.86.1 kernel-trace-base-3.0.101-0.47.86.1 kernel-trace-devel-3.0.101-0.47.86.1 kernel-xen-3.0.101-0.47.86.1 kernel-xen-base-3.0.101-0.47.86.1 kernel-xen-devel-3.0.101-0.47.86.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.86.1 kernel-default-debugsource-3.0.101-0.47.86.1 kernel-trace-debuginfo-3.0.101-0.47.86.1 kernel-trace-debugsource-3.0.101-0.47.86.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.86.1 kernel-ec2-debugsource-3.0.101-0.47.86.1 kernel-xen-debuginfo-3.0.101-0.47.86.1 kernel-xen-debugsource-3.0.101-0.47.86.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.86.1 kernel-bigsmp-debugsource-3.0.101-0.47.86.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.86.1 kernel-pae-debugsource-3.0.101-0.47.86.1 References: https://www.suse.com/security/cve/CVE-2013-4312.html https://www.suse.com/security/cve/CVE-2015-7513.html https://www.suse.com/security/cve/CVE-2015-7833.html https://www.suse.com/security/cve/CVE-2016-0758.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2053.html https://www.suse.com/security/cve/CVE-2016-2187.html https://www.suse.com/security/cve/CVE-2016-3134.html https://www.suse.com/security/cve/CVE-2016-3955.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4485.html https://www.suse.com/security/cve/CVE-2016-4486.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4580.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4913.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5696.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://bugzilla.suse.com/839104 https://bugzilla.suse.com/866130 https://bugzilla.suse.com/919351 https://bugzilla.suse.com/944309 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/960689 https://bugzilla.suse.com/962404 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/963762 https://bugzilla.suse.com/966460 https://bugzilla.suse.com/969149 https://bugzilla.suse.com/970114 https://bugzilla.suse.com/971126 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971446 https://bugzilla.suse.com/971729 https://bugzilla.suse.com/971944 https://bugzilla.suse.com/974428 https://bugzilla.suse.com/975945 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978821 https://bugzilla.suse.com/978822 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979274 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/979867 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980725 https://bugzilla.suse.com/980788 https://bugzilla.suse.com/980931 https://bugzilla.suse.com/981267 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/983535 https://bugzilla.suse.com/984107 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986445 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/987709 https://bugzilla.suse.com/988065 https://bugzilla.suse.com/989152 https://bugzilla.suse.com/989401 https://bugzilla.suse.com/991608 From sle-updates at lists.suse.com Tue Sep 6 07:20:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Sep 2016 15:20:31 +0200 (CEST) Subject: SUSE-SU-2016:2246-1: moderate: Security update for perl Message-ID: <20160906132031.0B0A2F7A7@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2246-1 Rating: moderate References: #929027 #967082 #987887 #988311 Cross-References: CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for perl fixes the following issues: - CVE-2016-6185: xsloader looking at a "(eval)" directory [bsc#988311] - CVE-2016-1238: searching current directory for optional modules [bsc#987887] - CVE-2015-8853: regex engine hanging on bad utf8 [bnc976584] - CVE-2016-2381: environment dup handling bug [bsc#967082] - perl panic with utf8_mg_pos_cache_update [bsc#929027] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-perl-12729=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perl-12729=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perl-12729=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): perl-base-32bit-5.10.0-64.80.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-5.10.0-64.80.1 perl-Module-Build-0.2808.01-0.80.1 perl-Test-Simple-0.72-0.80.1 perl-base-5.10.0-64.80.1 perl-doc-5.10.0-64.80.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): perl-32bit-5.10.0-64.80.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): perl-x86-5.10.0-64.80.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-debuginfo-5.10.0-64.80.1 perl-debugsource-5.10.0-64.80.1 References: https://www.suse.com/security/cve/CVE-2015-8853.html https://www.suse.com/security/cve/CVE-2016-1238.html https://www.suse.com/security/cve/CVE-2016-2381.html https://www.suse.com/security/cve/CVE-2016-6185.html https://bugzilla.suse.com/929027 https://bugzilla.suse.com/967082 https://bugzilla.suse.com/987887 https://bugzilla.suse.com/988311 From sle-updates at lists.suse.com Tue Sep 6 11:09:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Sep 2016 19:09:05 +0200 (CEST) Subject: SUSE-RU-2016:2247-1: Recommended update for crowbar-ha Message-ID: <20160906170905.1230FFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2247-1 Rating: low References: #965886 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-ha fixes the following issues: - Fix issue when pacemaker starts a service. (bsc#965886) - Improve haproxy default values. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1319=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): crowbar-ha-3.0+git.1461932148.dbfa34e-7.1 References: https://bugzilla.suse.com/965886 From sle-updates at lists.suse.com Tue Sep 6 12:09:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Sep 2016 20:09:16 +0200 (CEST) Subject: SUSE-SU-2016:2248-1: moderate: Security update for mariadb Message-ID: <20160906180916.4213DF7A7@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2248-1 Rating: moderate References: #984858 #985217 #986251 #991616 Cross-References: CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for mariadb fixes the following issues: - CVE-2016-3477: Unspecified vulnerability in subcomponent parser [bsc#991616] - CVE-2016-3521: Unspecified vulnerability in subcomponent types [bsc#991616] - CVE-2016-3615: Unspecified vulnerability in subcomponent dml [bsc#991616] - CVE-2016-5440: Unspecified vulnerability in subcomponent rbr [bsc#991616] - mariadb failing test main.bootstrap [bsc#984858] - left over "openSUSE" comments in MariaDB on SLE12 GM and SP1 [bsc#985217] - remove unnecessary conditionals from specfile - add '--ignore-db-dir=lost+found' option to rc.mysql-multi in order not to misinterpret the lost+found directory as a database [bsc#986251] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1199=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1199=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libmysqlclient-devel-10.0.26-20.10.2 libmysqlclient18-10.0.26-20.10.2 libmysqlclient18-32bit-10.0.26-20.10.2 libmysqlclient18-debuginfo-10.0.26-20.10.2 libmysqlclient18-debuginfo-32bit-10.0.26-20.10.2 libmysqlclient_r18-10.0.26-20.10.2 libmysqld-devel-10.0.26-20.10.2 libmysqld18-10.0.26-20.10.2 libmysqld18-debuginfo-10.0.26-20.10.2 mariadb-10.0.26-20.10.2 mariadb-client-10.0.26-20.10.2 mariadb-client-debuginfo-10.0.26-20.10.2 mariadb-debuginfo-10.0.26-20.10.2 mariadb-debugsource-10.0.26-20.10.2 mariadb-errormessages-10.0.26-20.10.2 mariadb-tools-10.0.26-20.10.2 mariadb-tools-debuginfo-10.0.26-20.10.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libmysqlclient-devel-10.0.26-20.10.2 libmysqlclient18-10.0.26-20.10.2 libmysqlclient18-debuginfo-10.0.26-20.10.2 libmysqlclient_r18-10.0.26-20.10.2 libmysqld-devel-10.0.26-20.10.2 libmysqld18-10.0.26-20.10.2 libmysqld18-debuginfo-10.0.26-20.10.2 mariadb-10.0.26-20.10.2 mariadb-client-10.0.26-20.10.2 mariadb-client-debuginfo-10.0.26-20.10.2 mariadb-debuginfo-10.0.26-20.10.2 mariadb-debugsource-10.0.26-20.10.2 mariadb-errormessages-10.0.26-20.10.2 mariadb-tools-10.0.26-20.10.2 mariadb-tools-debuginfo-10.0.26-20.10.2 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.26-20.10.2 libmysqlclient18-debuginfo-32bit-10.0.26-20.10.2 References: https://www.suse.com/security/cve/CVE-2016-3477.html https://www.suse.com/security/cve/CVE-2016-3521.html https://www.suse.com/security/cve/CVE-2016-3615.html https://www.suse.com/security/cve/CVE-2016-5440.html https://bugzilla.suse.com/984858 https://bugzilla.suse.com/985217 https://bugzilla.suse.com/986251 https://bugzilla.suse.com/991616 From sle-updates at lists.suse.com Tue Sep 6 12:10:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Sep 2016 20:10:05 +0200 (CEST) Subject: SUSE-SU-2016:2249-1: moderate: Security update for hawk Message-ID: <20160906181005.0D639FC43@maintenance.suse.de> SUSE Security Update: Security update for hawk ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2249-1 Rating: moderate References: #957369 #984619 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for hawk fixes the following issues: - Set Content-Security-Policy to frame-ancestors 'self' (bsc#984619) - Colocation: Fix NameError when creating 2-resource constraints (bsc#957369) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-hawk-12731=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-hawk-12731=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): hawk-0.7.0+git.1430140184.8e872c5-7.1 hawk-templates-0.7.0+git.1430140184.8e872c5-7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): hawk-debuginfo-0.7.0+git.1430140184.8e872c5-7.1 hawk-debugsource-0.7.0+git.1430140184.8e872c5-7.1 References: https://bugzilla.suse.com/957369 https://bugzilla.suse.com/984619 From sle-updates at lists.suse.com Tue Sep 6 13:09:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Sep 2016 21:09:12 +0200 (CEST) Subject: SUSE-SU-2016:2251-1: important: Security update for Chromium Message-ID: <20160906190912.34FD3FC43@maintenance.suse.de> SUSE Security Update: Security update for Chromium ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2251-1 Rating: important References: #995932 #996032 #99606 #996648 Cross-References: CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150 CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154 CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162 CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: Chromium was updated to 53.0.2785.89 to fix a number of security issues. The following vulnerabilities were fixed: (boo#996648) - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free in Blink. - CVE-2016-5151: Use after free in PDFium. - CVE-2016-5152: Heap overflow in PDFium. - CVE-2016-5153: Use after destruction in Blink. - CVE-2016-5154: Heap overflow in PDFium. - CVE-2016-5155: Address bar spoofing. - CVE-2016-5156: Use after free in event bindings. - CVE-2016-5157: Heap overflow in PDFium. - CVE-2016-5158: Heap overflow in PDFium. - CVE-2016-5159: Heap overflow in PDFium. - CVE-2016-5161: Type confusion in Blink. - CVE-2016-5162: Extensions web accessible resources bypass. - CVE-2016-5163: Address bar spoofing. - CVE-2016-5164: Universal XSS using DevTools. - CVE-2016-5165: Script injection in DevTools. - CVE-2016-5166: SMB Relay Attack via Save Page As. - CVE-2016-5160: Extensions web accessible resources bypass. A number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch 5568=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64): chromedriver-53.0.2785.89-96.1 chromedriver-debuginfo-53.0.2785.89-96.1 chromium-53.0.2785.89-96.1 chromium-debuginfo-53.0.2785.89-96.1 chromium-desktop-gnome-53.0.2785.89-96.1 chromium-desktop-kde-53.0.2785.89-96.1 chromium-ffmpegsumo-53.0.2785.89-96.1 chromium-ffmpegsumo-debuginfo-53.0.2785.89-96.1 References: https://www.suse.com/security/cve/CVE-2016-5147.html https://www.suse.com/security/cve/CVE-2016-5148.html https://www.suse.com/security/cve/CVE-2016-5149.html https://www.suse.com/security/cve/CVE-2016-5150.html https://www.suse.com/security/cve/CVE-2016-5151.html https://www.suse.com/security/cve/CVE-2016-5152.html https://www.suse.com/security/cve/CVE-2016-5153.html https://www.suse.com/security/cve/CVE-2016-5154.html https://www.suse.com/security/cve/CVE-2016-5155.html https://www.suse.com/security/cve/CVE-2016-5156.html https://www.suse.com/security/cve/CVE-2016-5157.html https://www.suse.com/security/cve/CVE-2016-5158.html https://www.suse.com/security/cve/CVE-2016-5159.html https://www.suse.com/security/cve/CVE-2016-5160.html https://www.suse.com/security/cve/CVE-2016-5161.html https://www.suse.com/security/cve/CVE-2016-5162.html https://www.suse.com/security/cve/CVE-2016-5163.html https://www.suse.com/security/cve/CVE-2016-5164.html https://www.suse.com/security/cve/CVE-2016-5165.html https://www.suse.com/security/cve/CVE-2016-5166.html https://bugzilla.suse.com/995932 https://bugzilla.suse.com/996032 https://bugzilla.suse.com/99606 https://bugzilla.suse.com/996648 From sle-updates at lists.suse.com Wed Sep 7 09:09:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Sep 2016 17:09:10 +0200 (CEST) Subject: SUSE-SU-2016:2259-1: moderate: Security update for mysql-connector-java Message-ID: <20160907150910.CE8A5FC41@maintenance.suse.de> SUSE Security Update: Security update for mysql-connector-java ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2259-1 Rating: moderate References: #927981 Cross-References: CVE-2015-2575 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: mysql-connector-java was updated to 5.1.35, fixing multiple bugs and a security issues. - CVE-2015-2575: Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. (bnc#927981) Please see http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1322=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): mysql-connector-java-5.1.35-3.1 References: https://www.suse.com/security/cve/CVE-2015-2575.html https://bugzilla.suse.com/927981 From sle-updates at lists.suse.com Wed Sep 7 11:09:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Sep 2016 19:09:40 +0200 (CEST) Subject: SUSE-RU-2016:2260-1: moderate: Recommended update for crowbar-barclamp-neutron, crowbar-barclamp-pacemaker, and openstack-neutron Message-ID: <20160907170940.BF9CEFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-neutron, crowbar-barclamp-pacemaker, and openstack-neutron ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2260-1 Rating: moderate References: #963938 #965886 #967009 #967858 #969877 #970704 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for crowbar-barclamp-neutron, crowbar-barclamp-pacemaker, and openstack-neutron fixes the following issues: - Much improved reliability of neutron-ha-tool (bsc#965886) - Minimize disruption of services with HA by using interleave for clones (bsc#965886) - Fix bug when updating from Cloud 5 GM and using linxubridge (bsc#967858) - Add http-keep-alive option to haproxy defaults - Fix breakage for openvswitch setups without vlan (bsc#969877) - Added http-keep-alive option to haproxy defaults - Fix incompatibility with iptables on SLE11 (bsc#970704) - Fix permission issue with neutron PID files when using HA (bsc#963938) - Fix database attributes of the floating network and its router port (bsc#967009) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-neutron-12732=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-neutron-1.9+git.1460063790.399039f-26.1 crowbar-barclamp-pacemaker-1.9+git.1462180510.f29c364-17.1 openstack-neutron-doc-2014.2.4.juno-22.2 - SUSE OpenStack Cloud 5 (x86_64): openstack-neutron-2014.2.4.juno-22.1 openstack-neutron-dhcp-agent-2014.2.4.juno-22.1 openstack-neutron-ha-tool-2014.2.4.juno-22.1 openstack-neutron-ibm-agent-2014.2.4.juno-22.1 openstack-neutron-l3-agent-2014.2.4.juno-22.1 openstack-neutron-lbaas-agent-2014.2.4.juno-22.1 openstack-neutron-linuxbridge-agent-2014.2.4.juno-22.1 openstack-neutron-metadata-agent-2014.2.4.juno-22.1 openstack-neutron-metering-agent-2014.2.4.juno-22.1 openstack-neutron-mlnx-agent-2014.2.4.juno-22.1 openstack-neutron-nec-agent-2014.2.4.juno-22.1 openstack-neutron-nvsd-agent-2014.2.4.juno-22.1 openstack-neutron-openvswitch-agent-2014.2.4.juno-22.1 openstack-neutron-plugin-cisco-2014.2.4.juno-22.1 openstack-neutron-restproxy-agent-2014.2.4.juno-22.1 openstack-neutron-ryu-agent-2014.2.4.juno-22.1 openstack-neutron-server-2014.2.4.juno-22.1 openstack-neutron-vpn-agent-2014.2.4.juno-22.1 python-neutron-2014.2.4.juno-22.1 References: https://bugzilla.suse.com/963938 https://bugzilla.suse.com/965886 https://bugzilla.suse.com/967009 https://bugzilla.suse.com/967858 https://bugzilla.suse.com/969877 https://bugzilla.suse.com/970704 From sle-updates at lists.suse.com Wed Sep 7 12:09:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Sep 2016 20:09:15 +0200 (CEST) Subject: SUSE-SU-2016:2261-1: important: Security update for java-1_7_1-ibm Message-ID: <20160907180915.7273CFC45@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2261-1 Rating: important References: #992537 Cross-References: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-java-1_7_1_ibm-12733=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-java-1_7_1_ibm-12733=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.50-16.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.50-16.1 java-1_7_1-ibm-jdbc-1.7.1_sr3.50-16.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.50-16.1 java-1_7_1-ibm-plugin-1.7.1_sr3.50-16.1 References: https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3598.html https://bugzilla.suse.com/992537 From sle-updates at lists.suse.com Wed Sep 7 13:09:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Sep 2016 21:09:08 +0200 (CEST) Subject: SUSE-RU-2016:2262-1: Recommended update for fetchmail Message-ID: <20160907190908.2BDEAFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for fetchmail ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2262-1 Rating: low References: #979534 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fetchmail fixes the helper script used to run fetchmail in daemon mode to return exit status 5 on configuration errors instead of 1. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1325=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1325=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): fetchmail-6.3.26-12.3 fetchmail-debuginfo-6.3.26-12.3 fetchmail-debugsource-6.3.26-12.3 fetchmailconf-6.3.26-12.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): fetchmail-6.3.26-12.3 fetchmail-debuginfo-6.3.26-12.3 fetchmail-debugsource-6.3.26-12.3 References: https://bugzilla.suse.com/979534 From sle-updates at lists.suse.com Thu Sep 8 07:10:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Sep 2016 15:10:48 +0200 (CEST) Subject: SUSE-SU-2016:2263-1: moderate: Security update for perl Message-ID: <20160908131048.1B5A0FC45@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2263-1 Rating: moderate References: #928292 #932894 #967082 #984906 #987887 #988311 Cross-References: CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for Perl fixes the following issues: - CVE-2016-6185: Xsloader looking at a "(eval)" directory. (bsc#988311) - CVE-2016-1238: Searching current directory for optional modules. (bsc#987887) - CVE-2015-8853: Regular expression engine hanging on bad utf8. (bsc) - CVE-2016-2381: Environment dup handling bug. (bsc#967082) - "Insecure dependency in require" error in taint mode. (bsc#984906) - Memory leak in 'use utf8' handling. (bsc#928292) - Missing lock prototype to the debugger. (bsc#932894) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1326=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1326=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): perl-5.18.2-11.1 perl-base-5.18.2-11.1 perl-base-debuginfo-5.18.2-11.1 perl-debuginfo-5.18.2-11.1 perl-debugsource-5.18.2-11.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): perl-32bit-5.18.2-11.1 perl-debuginfo-32bit-5.18.2-11.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): perl-doc-5.18.2-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): perl-doc-5.18.2-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): perl-32bit-5.18.2-11.1 perl-5.18.2-11.1 perl-base-5.18.2-11.1 perl-base-debuginfo-5.18.2-11.1 perl-debuginfo-32bit-5.18.2-11.1 perl-debuginfo-5.18.2-11.1 perl-debugsource-5.18.2-11.1 References: https://www.suse.com/security/cve/CVE-2015-8853.html https://www.suse.com/security/cve/CVE-2016-1238.html https://www.suse.com/security/cve/CVE-2016-2381.html https://www.suse.com/security/cve/CVE-2016-6185.html https://bugzilla.suse.com/928292 https://bugzilla.suse.com/932894 https://bugzilla.suse.com/967082 https://bugzilla.suse.com/984906 https://bugzilla.suse.com/987887 https://bugzilla.suse.com/988311 From sle-updates at lists.suse.com Thu Sep 8 08:08:51 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Sep 2016 16:08:51 +0200 (CEST) Subject: SUSE-RU-2016:2265-1: Recommended update for yast2-storage Message-ID: <20160908140851.6D69CFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2265-1 Rating: low References: #997005 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The recently released libstorage introduced a dependency issue with yast2-storage-devel. This update provides a rebuilt yast2-storage that meets the new requirements. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1327=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1327=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1327=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): yast2-storage-debuginfo-3.1.71-2.1 yast2-storage-debugsource-3.1.71-2.1 yast2-storage-devel-3.1.71-2.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): yast2-storage-3.1.71-2.1 yast2-storage-debuginfo-3.1.71-2.1 yast2-storage-debugsource-3.1.71-2.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): yast2-storage-3.1.71-2.1 yast2-storage-debuginfo-3.1.71-2.1 yast2-storage-debugsource-3.1.71-2.1 References: https://bugzilla.suse.com/997005 From sle-updates at lists.suse.com Fri Sep 9 04:09:35 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Sep 2016 12:09:35 +0200 (CEST) Subject: SUSE-RU-2016:2269-1: moderate: Recommended update for pyxml Message-ID: <20160909100935.25B73FC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for pyxml ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2269-1 Rating: moderate References: #995955 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pyxml fixes the following issue: Added a missing check of stopped parser in doContent() 'for' loop in the included expat library, which could have lead to crashes. (bsc#995955) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-pyxml-12734=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pyxml-12734=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): pyxml-0.8.4-194.25.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): pyxml-debuginfo-0.8.4-194.25.1 pyxml-debugsource-0.8.4-194.25.1 References: https://bugzilla.suse.com/995955 From sle-updates at lists.suse.com Fri Sep 9 04:10:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Sep 2016 12:10:03 +0200 (CEST) Subject: SUSE-SU-2016:2270-1: moderate: Security update for python Message-ID: <20160909101003.099D6FC44@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2270-1 Rating: moderate References: #984751 #985348 #989523 Cross-References: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-python-12735=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-python-12735=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-12735=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-devel-2.6.9-39.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): python-demo-2.6.9-39.1 python-gdbm-2.6.9-39.1 python-idle-2.6.9-39.1 python-tk-2.6.9-39.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): python-doc-2.6-8.39.1 python-doc-pdf-2.6-8.39.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): python-32bit-2.6.9-39.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libpython2_6-1_0-2.6.9-39.1 python-2.6.9-39.1 python-base-2.6.9-39.1 python-curses-2.6.9-39.1 python-demo-2.6.9-39.1 python-gdbm-2.6.9-39.1 python-idle-2.6.9-39.1 python-tk-2.6.9-39.1 python-xml-2.6.9-39.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpython2_6-1_0-32bit-2.6.9-39.1 python-32bit-2.6.9-39.1 python-base-32bit-2.6.9-39.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): python-doc-2.6-8.39.1 python-doc-pdf-2.6-8.39.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libpython2_6-1_0-x86-2.6.9-39.1 python-base-x86-2.6.9-39.1 python-x86-2.6.9-39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): python-base-debuginfo-2.6.9-39.1 python-base-debugsource-2.6.9-39.1 python-debuginfo-2.6.9-39.1 python-debugsource-2.6.9-39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): python-base-debuginfo-32bit-2.6.9-39.1 python-debuginfo-32bit-2.6.9-39.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): python-base-debuginfo-x86-2.6.9-39.1 python-debuginfo-x86-2.6.9-39.1 References: https://www.suse.com/security/cve/CVE-2016-0772.html https://www.suse.com/security/cve/CVE-2016-1000110.html https://www.suse.com/security/cve/CVE-2016-5699.html https://bugzilla.suse.com/984751 https://bugzilla.suse.com/985348 https://bugzilla.suse.com/989523 From sle-updates at lists.suse.com Fri Sep 9 04:10:57 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Sep 2016 12:10:57 +0200 (CEST) Subject: SUSE-SU-2016:2271-1: moderate: Security update for tiff Message-ID: <20160909101057.9F294FC44@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2271-1 Rating: moderate References: #964225 #973340 #984808 #984831 #984837 #984842 #987351 Cross-References: CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2016-3186 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for tiff fixes the following issues: * CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225) * CVE-2016-3186: Buffer overflow in gif2tiff (bnc#973340). * CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat (bsc#987351) * CVE-2016-5316: Out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c (bsc#984837) * CVE-2016-5314: Out-of-bounds write in PixarLogDecode() function (bsc#984831) * CVE-2016-5317: Out-of-bounds write in PixarLogDecode() function in libtiff.so (bsc#984842) * CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c (bsc#984808) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1330=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1330=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1330=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libtiff-devel-4.0.6-26.3 tiff-debuginfo-4.0.6-26.3 tiff-debugsource-4.0.6-26.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libtiff5-4.0.6-26.3 libtiff5-debuginfo-4.0.6-26.3 tiff-4.0.6-26.3 tiff-debuginfo-4.0.6-26.3 tiff-debugsource-4.0.6-26.3 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libtiff5-32bit-4.0.6-26.3 libtiff5-debuginfo-32bit-4.0.6-26.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libtiff5-32bit-4.0.6-26.3 libtiff5-4.0.6-26.3 libtiff5-debuginfo-32bit-4.0.6-26.3 libtiff5-debuginfo-4.0.6-26.3 tiff-debuginfo-4.0.6-26.3 tiff-debugsource-4.0.6-26.3 References: https://www.suse.com/security/cve/CVE-2015-8781.html https://www.suse.com/security/cve/CVE-2015-8782.html https://www.suse.com/security/cve/CVE-2015-8783.html https://www.suse.com/security/cve/CVE-2016-3186.html https://www.suse.com/security/cve/CVE-2016-5314.html https://www.suse.com/security/cve/CVE-2016-5316.html https://www.suse.com/security/cve/CVE-2016-5317.html https://www.suse.com/security/cve/CVE-2016-5320.html https://www.suse.com/security/cve/CVE-2016-5875.html https://bugzilla.suse.com/964225 https://bugzilla.suse.com/973340 https://bugzilla.suse.com/984808 https://bugzilla.suse.com/984831 https://bugzilla.suse.com/984837 https://bugzilla.suse.com/984842 https://bugzilla.suse.com/987351 From sle-updates at lists.suse.com Fri Sep 9 09:09:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Sep 2016 17:09:14 +0200 (CEST) Subject: SUSE-RU-2016:2279-1: Recommended update for cairo Message-ID: <20160909150914.6A754FC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for cairo ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2279-1 Rating: low References: #987617 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cairo fixes a potential crash when calculating polygon intersections. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1331=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1331=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1331=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): cairo-debugsource-1.12.16-16.3 cairo-devel-1.12.16-16.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): cairo-debugsource-1.12.16-16.3 libcairo-gobject2-1.12.16-16.3 libcairo-gobject2-debuginfo-1.12.16-16.3 libcairo-script-interpreter2-1.12.16-16.3 libcairo-script-interpreter2-debuginfo-1.12.16-16.3 libcairo2-1.12.16-16.3 libcairo2-debuginfo-1.12.16-16.3 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcairo-gobject2-32bit-1.12.16-16.3 libcairo-gobject2-debuginfo-32bit-1.12.16-16.3 libcairo2-32bit-1.12.16-16.3 libcairo2-debuginfo-32bit-1.12.16-16.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): cairo-debugsource-1.12.16-16.3 libcairo-gobject2-1.12.16-16.3 libcairo-gobject2-32bit-1.12.16-16.3 libcairo-gobject2-debuginfo-1.12.16-16.3 libcairo-gobject2-debuginfo-32bit-1.12.16-16.3 libcairo-script-interpreter2-1.12.16-16.3 libcairo-script-interpreter2-debuginfo-1.12.16-16.3 libcairo2-1.12.16-16.3 libcairo2-32bit-1.12.16-16.3 libcairo2-debuginfo-1.12.16-16.3 libcairo2-debuginfo-32bit-1.12.16-16.3 References: https://bugzilla.suse.com/987617 From sle-updates at lists.suse.com Fri Sep 9 11:09:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Sep 2016 19:09:23 +0200 (CEST) Subject: SUSE-SU-2016:2280-1: moderate: Security update for openssh Message-ID: <20160909170924.03300FC43@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2280-1 Rating: moderate References: #948902 #981654 #989363 #992533 Cross-References: CVE-2016-6210 CVE-2016-6515 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for openssh fixes the following issues: - Prevent user enumeration through the timing of password processing (bsc#989363, CVE-2016-6210) [-prevent_timing_user_enumeration] - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902) - limit accepted password length (prevents possible DoS) (bsc#992533, CVE-2016-6515) Bug fixes: - avoid complaining about unset DISPLAY variable (bsc#981654) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1332=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1332=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1332=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1332=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): openssh-6.6p1-52.1 openssh-askpass-gnome-6.6p1-52.1 openssh-askpass-gnome-debuginfo-6.6p1-52.1 openssh-debuginfo-6.6p1-52.1 openssh-debugsource-6.6p1-52.1 openssh-fips-6.6p1-52.1 openssh-helpers-6.6p1-52.1 openssh-helpers-debuginfo-6.6p1-52.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): openssh-6.6p1-52.1 openssh-askpass-gnome-6.6p1-52.1 openssh-askpass-gnome-debuginfo-6.6p1-52.1 openssh-debuginfo-6.6p1-52.1 openssh-debugsource-6.6p1-52.1 openssh-fips-6.6p1-52.1 openssh-helpers-6.6p1-52.1 openssh-helpers-debuginfo-6.6p1-52.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): openssh-6.6p1-52.1 openssh-askpass-gnome-6.6p1-52.1 openssh-askpass-gnome-debuginfo-6.6p1-52.1 openssh-debuginfo-6.6p1-52.1 openssh-debugsource-6.6p1-52.1 openssh-fips-6.6p1-52.1 openssh-helpers-6.6p1-52.1 openssh-helpers-debuginfo-6.6p1-52.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): openssh-6.6p1-52.1 openssh-askpass-gnome-6.6p1-52.1 openssh-askpass-gnome-debuginfo-6.6p1-52.1 openssh-debuginfo-6.6p1-52.1 openssh-debugsource-6.6p1-52.1 openssh-helpers-6.6p1-52.1 openssh-helpers-debuginfo-6.6p1-52.1 References: https://www.suse.com/security/cve/CVE-2016-6210.html https://www.suse.com/security/cve/CVE-2016-6515.html https://bugzilla.suse.com/948902 https://bugzilla.suse.com/981654 https://bugzilla.suse.com/989363 https://bugzilla.suse.com/992533 From sle-updates at lists.suse.com Fri Sep 9 11:10:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Sep 2016 19:10:17 +0200 (CEST) Subject: SUSE-SU-2016:2281-1: moderate: Security update for openssh Message-ID: <20160909171017.68C82FC44@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2281-1 Rating: moderate References: #948902 #981654 #989363 #992533 Cross-References: CVE-2016-6210 CVE-2016-6515 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for openssh fixes the following issues: - CVE-2016-6210: Prevent user enumeration through the timing of password processing (bsc#989363) [-prevent_timing_user_enumeration] - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used (bsc#948902) - CVE-2016-6515: Limiting the accepted password length to prevent possible DoS (bsc#992533) Bug fixes: - avoid complaining about unset DISPLAY variable (bsc#981654) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-openssh-12736=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-12736=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-6.6p1-28.1 openssh-askpass-gnome-6.6p1-28.2 openssh-fips-6.6p1-28.1 openssh-helpers-6.6p1-28.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-28.2 openssh-debuginfo-6.6p1-28.1 openssh-debugsource-6.6p1-28.1 References: https://www.suse.com/security/cve/CVE-2016-6210.html https://www.suse.com/security/cve/CVE-2016-6515.html https://bugzilla.suse.com/948902 https://bugzilla.suse.com/981654 https://bugzilla.suse.com/989363 https://bugzilla.suse.com/992533 From sle-updates at lists.suse.com Fri Sep 9 13:08:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Sep 2016 21:08:55 +0200 (CEST) Subject: SUSE-RU-2016:2282-1: Recommended update for release-notes-sles Message-ID: <20160909190855.27963FC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2282-1 Rating: low References: #982481 Affected Products: SUSE Linux Enterprise Server 10 SP4 LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. It includes one version update. Description: This update provides the latest version of the release notes for SUSE Linux Enterprise Server 10 SP4 LTSS, documenting the availability of a new ntp-4.2.8 package that can replace xntp. Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 10.4.15]: release-notes-sles-10.4.15-0.11.1 References: https://bugzilla.suse.com/982481 https://download.suse.com/patch/finder/?keywords=3ea8b7f9f05cc9c56c1fd2a70fc2348f From sle-updates at lists.suse.com Sat Sep 10 08:08:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Sep 2016 16:08:49 +0200 (CEST) Subject: SUSE-SU-2016:2285-1: moderate: Security update for apache2-mod_nss Message-ID: <20160910140849.19A7BFC43@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2285-1 Rating: moderate References: #972968 #975394 #979688 Cross-References: CVE-2013-4566 CVE-2014-3566 CVE-2015-5244 CVE-2016-3099 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements: - Fix OpenSSL ciphers stopped parsing at +. (CVE-2016-3099) - Created valgrind suppression files to ease debugging. - Implement SSL_PPTYPE_FILTER to call executables to get the key password pins. - Improvements to migrate.pl. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI). - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Fix logical AND support in OpenSSL cipher compatibility. - Correctly handle disabled ciphers. (CVE-2015-5244) - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in NSS. - Add compatibility for mod_ssl-style cipher definitions. - Add TLSv1.2-specific ciphers. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Fix CVE-2013-4566. - Move nss_pcache to /usr/libexec. - Support httpd 2.4+. - Use apache2-systemd-ask-pass to prompt for a certificate passphrase. (bsc#972968, bsc#975394) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1335=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): apache2-mod_nss-1.0.14-18.3 apache2-mod_nss-debuginfo-1.0.14-18.3 apache2-mod_nss-debugsource-1.0.14-18.3 References: https://www.suse.com/security/cve/CVE-2013-4566.html https://www.suse.com/security/cve/CVE-2014-3566.html https://www.suse.com/security/cve/CVE-2015-5244.html https://www.suse.com/security/cve/CVE-2016-3099.html https://bugzilla.suse.com/972968 https://bugzilla.suse.com/975394 https://bugzilla.suse.com/979688 From sle-updates at lists.suse.com Sat Sep 10 08:09:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Sep 2016 16:09:41 +0200 (CEST) Subject: SUSE-SU-2016:2286-1: important: Security update for java-1_7_0-ibm Message-ID: <20160910140941.2D369FC45@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2286-1 Rating: important References: #992537 Cross-References: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: IBM Java 7 was updated to 7.1-9.50, fixing bugs and security issues (bsc#992537). Security issues fixed: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_7_0-ibm-12737=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_7_0-ibm-12737=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_7_0-ibm-12737=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_7_0-ibm-12737=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_7_0-ibm-12737=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-12737=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 - SUSE Manager Proxy 2.1 (x86_64): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 - SUSE Manager 2.1 (s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 - SUSE Manager 2.1 (x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr9.50-55.1 java-1_7_0-ibm-alsa-1.7.0_sr9.50-55.1 java-1_7_0-ibm-devel-1.7.0_sr9.50-55.1 java-1_7_0-ibm-jdbc-1.7.0_sr9.50-55.1 java-1_7_0-ibm-plugin-1.7.0_sr9.50-55.1 References: https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3598.html https://bugzilla.suse.com/992537 From sle-updates at lists.suse.com Mon Sep 12 06:10:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Sep 2016 14:10:00 +0200 (CEST) Subject: SUSE-RU-2016:2288-1: moderate: Recommended update for crowbar-barclamp-cinder Message-ID: <20160912121000.CE600FC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-cinder ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2288-1 Rating: moderate References: #945043 #949241 #965886 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crowbar-barclamp-cinder fixes the following issues: - Minimize disruption of services with HA by using interleave for clones (bsc#965886) - Improve performance when Ceph is used and Glance allows displaying the storage location (bsc#945043) - Avoid potential hang in communication with clients (bsc#949241) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-cinder-12738=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-cinder-1.9+git.1460063742.52a4042-16.1 References: https://bugzilla.suse.com/945043 https://bugzilla.suse.com/949241 https://bugzilla.suse.com/965886 From sle-updates at lists.suse.com Mon Sep 12 06:11:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Sep 2016 14:11:05 +0200 (CEST) Subject: SUSE-RU-2016:2289-1: Recommended update for rabbitmq-server Message-ID: <20160912121105.9FB0EFC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2289-1 Rating: low References: #973999 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 3 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rabbitmq-server fixes the following issues: - rabbitmq-server.service: Increase NOFILE limit per documentation (bsc#973999) - rabbitqm-server.ocf: Add OCF_RESKEY_limit_nofile parameter default as 65535 (bsc#973999) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1338=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2016-1338=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1338=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): rabbitmq-server-3.4.4-4.1 rabbitmq-server-plugins-3.4.4-4.1 - SUSE Enterprise Storage 3 (x86_64): rabbitmq-server-3.4.4-4.1 - SUSE Enterprise Storage 2.1 (x86_64): rabbitmq-server-3.4.4-4.1 References: https://bugzilla.suse.com/973999 From sle-updates at lists.suse.com Mon Sep 12 07:10:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Sep 2016 15:10:08 +0200 (CEST) Subject: SUSE-SU-2016:2291-1: moderate: Security update for libidn Message-ID: <20160912131008.32695FC43@maintenance.suse.de> SUSE Security Update: Security update for libidn ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2291-1 Rating: moderate References: #923241 #990189 #990190 #990191 Cross-References: CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libidn-12739=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libidn-12739=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libidn-12739=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libidn-devel-1.10-6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libidn-1.10-6.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libidn-32bit-1.10-6.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libidn-x86-1.10-6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libidn-debuginfo-1.10-6.1 libidn-debugsource-1.10-6.1 References: https://www.suse.com/security/cve/CVE-2015-2059.html https://www.suse.com/security/cve/CVE-2015-8948.html https://www.suse.com/security/cve/CVE-2016-6261.html https://www.suse.com/security/cve/CVE-2016-6262.html https://www.suse.com/security/cve/CVE-2016-6263.html https://bugzilla.suse.com/923241 https://bugzilla.suse.com/990189 https://bugzilla.suse.com/990190 https://bugzilla.suse.com/990191 From sle-updates at lists.suse.com Mon Sep 12 08:09:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Sep 2016 16:09:33 +0200 (CEST) Subject: SUSE-RU-2016:2292-1: Recommended update for release-notes-hae Message-ID: <20160912140933.547BFFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-hae ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2292-1 Rating: low References: #997821 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest version of the Release Notes for the High Availability Extension. The changes in detail are: - Document sbd's Option "pcmk_delay_max" to Prevent Double-fencing. (fate#321185) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-release-notes-hae-12740=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): release-notes-hae-11.4.7-0.12.2 References: https://bugzilla.suse.com/997821 From sle-updates at lists.suse.com Mon Sep 12 09:09:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Sep 2016 17:09:28 +0200 (CEST) Subject: SUSE-RU-2016:2293-1: moderate: Recommended update for dracut Message-ID: <20160912150928.7828FFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2293-1 Rating: moderate References: #970215 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut provides the following fixes: - Fix shell syntax error in parse-suse-initrd.sh script which could lead to incorrect processing of the "mduuid" boot parameter. (bsc#970215) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1342=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1342=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dracut-037-75.1 dracut-debuginfo-037-75.1 dracut-debugsource-037-75.1 dracut-fips-037-75.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dracut-037-75.1 dracut-debuginfo-037-75.1 dracut-debugsource-037-75.1 References: https://bugzilla.suse.com/970215 From sle-updates at lists.suse.com Tue Sep 13 06:09:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Sep 2016 14:09:39 +0200 (CEST) Subject: SUSE-RU-2016:2298-1: Recommended update for yast2-ntp-client Message-ID: <20160913120939.16F00FC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ntp-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2298-1 Rating: low References: #960455 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-ntp-client fixes the following issues: - Sntp uses '-K /dev/null' if the kod file doesn't exist. (bsc#960455) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-yast2-ntp-client-12741=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): yast2-ntp-client-2.17.20-10.34 References: https://bugzilla.suse.com/960455 From sle-updates at lists.suse.com Tue Sep 13 14:08:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Sep 2016 22:08:48 +0200 (CEST) Subject: SUSE-RU-2016:2300-1: Recommended update for kbd Message-ID: <20160913200848.2A90BFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for kbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2300-1 Rating: low References: #984958 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kbd adds mapping for two keycodes to br-abnt2 map: - Slash (/): alt-gr + q - Question mark (?): alt-gr + w Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1344=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1344=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kbd-1.15.5-8.7.1 kbd-debuginfo-1.15.5-8.7.1 kbd-debugsource-1.15.5-8.7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kbd-1.15.5-8.7.1 kbd-debuginfo-1.15.5-8.7.1 kbd-debugsource-1.15.5-8.7.1 References: https://bugzilla.suse.com/984958 From sle-updates at lists.suse.com Tue Sep 13 15:09:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Sep 2016 23:09:22 +0200 (CEST) Subject: SUSE-RU-2016:2301-1: moderate: Recommended update for samba Message-ID: <20160913210922.A2252FC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2301-1 Rating: moderate References: #975131 #978898 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for samba provides the following fixes: - Honor smb.conf socket options in winbind. (bsc#975131) - Fix crash with net rpc join. (bsc#978898) - Fix a regression verifying the security trailer. (bsc#978898) - Fix updating netlogon credentials. (bsc#978898) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-samba-12742=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-samba-12742=1 - SUSE Manager 2.1: zypper in -t patch sleman21-samba-12742=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-samba-12742=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-samba-12742=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-samba-12742=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-12742=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-12742=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-12742=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): samba-doc-3.6.3-79.1 - SUSE OpenStack Cloud 5 (x86_64): ldapsmb-1.34b-79.1 libldb1-3.6.3-79.1 libsmbclient0-3.6.3-79.1 libsmbclient0-32bit-3.6.3-79.1 libtalloc2-3.6.3-79.1 libtalloc2-32bit-3.6.3-79.1 libtdb1-3.6.3-79.1 libtdb1-32bit-3.6.3-79.1 libtevent0-3.6.3-79.1 libtevent0-32bit-3.6.3-79.1 libwbclient0-3.6.3-79.1 libwbclient0-32bit-3.6.3-79.1 samba-3.6.3-79.1 samba-32bit-3.6.3-79.1 samba-client-3.6.3-79.1 samba-client-32bit-3.6.3-79.1 samba-krb-printing-3.6.3-79.1 samba-winbind-3.6.3-79.1 samba-winbind-32bit-3.6.3-79.1 - SUSE Manager Proxy 2.1 (x86_64): ldapsmb-1.34b-79.1 libldb1-3.6.3-79.1 libsmbclient0-3.6.3-79.1 libsmbclient0-32bit-3.6.3-79.1 libtalloc2-3.6.3-79.1 libtalloc2-32bit-3.6.3-79.1 libtdb1-3.6.3-79.1 libtdb1-32bit-3.6.3-79.1 libtevent0-3.6.3-79.1 libtevent0-32bit-3.6.3-79.1 libwbclient0-3.6.3-79.1 libwbclient0-32bit-3.6.3-79.1 samba-3.6.3-79.1 samba-32bit-3.6.3-79.1 samba-client-3.6.3-79.1 samba-client-32bit-3.6.3-79.1 samba-krb-printing-3.6.3-79.1 samba-winbind-3.6.3-79.1 samba-winbind-32bit-3.6.3-79.1 - SUSE Manager Proxy 2.1 (noarch): samba-doc-3.6.3-79.1 - SUSE Manager 2.1 (s390x x86_64): ldapsmb-1.34b-79.1 libldb1-3.6.3-79.1 libsmbclient0-3.6.3-79.1 libsmbclient0-32bit-3.6.3-79.1 libtalloc2-3.6.3-79.1 libtalloc2-32bit-3.6.3-79.1 libtdb1-3.6.3-79.1 libtdb1-32bit-3.6.3-79.1 libtevent0-3.6.3-79.1 libtevent0-32bit-3.6.3-79.1 libwbclient0-3.6.3-79.1 libwbclient0-32bit-3.6.3-79.1 samba-3.6.3-79.1 samba-32bit-3.6.3-79.1 samba-client-3.6.3-79.1 samba-client-32bit-3.6.3-79.1 samba-krb-printing-3.6.3-79.1 samba-winbind-3.6.3-79.1 samba-winbind-32bit-3.6.3-79.1 - SUSE Manager 2.1 (noarch): samba-doc-3.6.3-79.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-79.1 libnetapi-devel-3.6.3-79.1 libnetapi0-3.6.3-79.1 libsmbclient-devel-3.6.3-79.1 libsmbsharemodes-devel-3.6.3-79.1 libsmbsharemodes0-3.6.3-79.1 libtalloc-devel-3.6.3-79.1 libtdb-devel-3.6.3-79.1 libtevent-devel-3.6.3-79.1 libwbclient-devel-3.6.3-79.1 samba-devel-3.6.3-79.1 samba-test-3.6.3-79.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-79.1 libldb1-3.6.3-79.1 libsmbclient0-3.6.3-79.1 libtalloc2-3.6.3-79.1 libtdb1-3.6.3-79.1 libtevent0-3.6.3-79.1 libwbclient0-3.6.3-79.1 samba-3.6.3-79.1 samba-client-3.6.3-79.1 samba-krb-printing-3.6.3-79.1 samba-winbind-3.6.3-79.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-79.1 libtalloc2-32bit-3.6.3-79.1 libtdb1-32bit-3.6.3-79.1 libtevent0-32bit-3.6.3-79.1 libwbclient0-32bit-3.6.3-79.1 samba-32bit-3.6.3-79.1 samba-client-32bit-3.6.3-79.1 samba-winbind-32bit-3.6.3-79.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): samba-doc-3.6.3-79.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libsmbclient0-x86-3.6.3-79.1 libtalloc2-x86-3.6.3-79.1 libtdb1-x86-3.6.3-79.1 libtevent0-x86-3.6.3-79.1 libwbclient0-x86-3.6.3-79.1 samba-client-x86-3.6.3-79.1 samba-winbind-x86-3.6.3-79.1 samba-x86-3.6.3-79.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ldapsmb-1.34b-79.1 libldb1-3.6.3-79.1 libsmbclient0-3.6.3-79.1 libtalloc2-3.6.3-79.1 libtdb1-3.6.3-79.1 libtevent0-3.6.3-79.1 libwbclient0-3.6.3-79.1 samba-3.6.3-79.1 samba-client-3.6.3-79.1 samba-krb-printing-3.6.3-79.1 samba-winbind-3.6.3-79.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libsmbclient0-32bit-3.6.3-79.1 libtalloc2-32bit-3.6.3-79.1 libtdb1-32bit-3.6.3-79.1 libtevent0-32bit-3.6.3-79.1 libwbclient0-32bit-3.6.3-79.1 samba-32bit-3.6.3-79.1 samba-client-32bit-3.6.3-79.1 samba-winbind-32bit-3.6.3-79.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): samba-doc-3.6.3-79.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-79.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-79.1 libldb1-3.6.3-79.1 libsmbclient0-3.6.3-79.1 libtalloc2-3.6.3-79.1 libtdb1-3.6.3-79.1 libtevent0-3.6.3-79.1 libwbclient0-3.6.3-79.1 samba-3.6.3-79.1 samba-client-3.6.3-79.1 samba-krb-printing-3.6.3-79.1 samba-winbind-3.6.3-79.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): samba-debuginfo-3.6.3-79.1 samba-debugsource-3.6.3-79.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-79.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): samba-debuginfo-x86-3.6.3-79.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-79.1 samba-debugsource-3.6.3-79.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-79.1 References: https://bugzilla.suse.com/975131 https://bugzilla.suse.com/978898 From sle-updates at lists.suse.com Wed Sep 14 05:09:48 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Sep 2016 13:09:48 +0200 (CEST) Subject: SUSE-SU-2016:2302-1: moderate: Security update for gd Message-ID: <20160914110948.0A989FC45@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2302-1 Rating: moderate References: #988032 Cross-References: CVE-2016-6161 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gd fixes the following issues: - security update: * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gd-12743=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gd-12743=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gd-12743=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-devel-2.0.36.RC1-52.22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-2.0.36.RC1-52.22.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gd-debuginfo-2.0.36.RC1-52.22.1 gd-debugsource-2.0.36.RC1-52.22.1 References: https://www.suse.com/security/cve/CVE-2016-6161.html https://bugzilla.suse.com/988032 From sle-updates at lists.suse.com Wed Sep 14 05:10:18 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Sep 2016 13:10:18 +0200 (CEST) Subject: SUSE-SU-2016:2303-1: moderate: Security update for gd Message-ID: <20160914111018.C0DB9FC45@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2303-1 Rating: moderate References: #982176 #987577 #988032 #991436 #991622 #991710 #995034 Cross-References: CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for gd fixes the following issues: * CVE-2016-6214: Buffer over-read issue when parsing crafted TGA file [bsc#991436] * CVE-2016-6132: read out-of-bands was found in the parsing of TGA files using libgd [bsc#987577] * CVE-2016-6128: Invalid color index not properly handled [bsc#991710] * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991622] * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] * CVE-2016-5116: avoid stack overflow (read) with large names [bsc#982176] * CVE-2016-6905: Out-of-bounds read in function read_image_tga in gd_tga.c [bsc#995034] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1347=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1347=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1347=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1347=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gd-32bit-2.1.0-12.1 gd-debuginfo-32bit-2.1.0-12.1 gd-debugsource-2.1.0-12.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gd-debuginfo-2.1.0-12.1 gd-debugsource-2.1.0-12.1 gd-devel-2.1.0-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gd-2.1.0-12.1 gd-debuginfo-2.1.0-12.1 gd-debugsource-2.1.0-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gd-2.1.0-12.1 gd-32bit-2.1.0-12.1 gd-debuginfo-2.1.0-12.1 gd-debuginfo-32bit-2.1.0-12.1 gd-debugsource-2.1.0-12.1 References: https://www.suse.com/security/cve/CVE-2016-5116.html https://www.suse.com/security/cve/CVE-2016-6128.html https://www.suse.com/security/cve/CVE-2016-6132.html https://www.suse.com/security/cve/CVE-2016-6161.html https://www.suse.com/security/cve/CVE-2016-6207.html https://www.suse.com/security/cve/CVE-2016-6214.html https://www.suse.com/security/cve/CVE-2016-6905.html https://bugzilla.suse.com/982176 https://bugzilla.suse.com/987577 https://bugzilla.suse.com/988032 https://bugzilla.suse.com/991436 https://bugzilla.suse.com/991622 https://bugzilla.suse.com/991710 https://bugzilla.suse.com/995034 From sle-updates at lists.suse.com Wed Sep 14 11:09:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Sep 2016 19:09:40 +0200 (CEST) Subject: SUSE-SU-2016:2305-1: moderate: Security update for wpa_supplicant Message-ID: <20160914170940.6EF4CFC43@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2305-1 Rating: moderate References: #930077 #930078 #930079 #937419 #952254 Cross-References: CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-5310 CVE-2015-8041 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for wpa_supplicant fixes the following issues: - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. (bnc#930077) - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. (bnc#930078) - CVE-2015-4143: EAP-pwd missing payload length validation. (bnc#930079) - CVE-2015-5310: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use. (bsc#952254) - CVE-2015-8041: Fix payload length validation in NDEF record parser. (bsc#937419) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1351=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1351=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): wpa_supplicant-2.2-14.2 wpa_supplicant-debuginfo-2.2-14.2 wpa_supplicant-debugsource-2.2-14.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): wpa_supplicant-2.2-14.2 wpa_supplicant-debuginfo-2.2-14.2 wpa_supplicant-debugsource-2.2-14.2 References: https://www.suse.com/security/cve/CVE-2015-4141.html https://www.suse.com/security/cve/CVE-2015-4142.html https://www.suse.com/security/cve/CVE-2015-4143.html https://www.suse.com/security/cve/CVE-2015-5310.html https://www.suse.com/security/cve/CVE-2015-8041.html https://bugzilla.suse.com/930077 https://bugzilla.suse.com/930078 https://bugzilla.suse.com/930079 https://bugzilla.suse.com/937419 https://bugzilla.suse.com/952254 From sle-updates at lists.suse.com Wed Sep 14 11:10:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Sep 2016 19:10:53 +0200 (CEST) Subject: SUSE-SU-2016:2306-1: moderate: Security update for samba Message-ID: <20160914171053.63E6EFC44@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2306-1 Rating: moderate References: #969522 #975131 #981566 #986228 #986869 #991564 Cross-References: CVE-2016-2119 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for samba provides the following fixes: - CVE-2016-2119: Prevent client-side SMB2 signing downgrade. (bsc#986869) - Fix possible ctdb crash when opening sockets with htons(IPPROTO_RAW). (bsc#969522) - Honor smb.conf socket options in winbind. (bsc#975131) - Fix ntlm-auth segmentation fault with squid. (bsc#986228) - Implement new "--no-dns-updates" option in "net ads" command. (bsc#991564) - Fix population of ctdb sysconfig after source merge. (bsc#981566) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1350=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1350=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2016-1350=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1350=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): ctdb-debuginfo-4.2.4-26.2 ctdb-devel-4.2.4-26.2 libdcerpc-atsvc-devel-4.2.4-26.2 libdcerpc-atsvc0-4.2.4-26.2 libdcerpc-atsvc0-debuginfo-4.2.4-26.2 libdcerpc-devel-4.2.4-26.2 libdcerpc-samr-devel-4.2.4-26.2 libdcerpc-samr0-4.2.4-26.2 libdcerpc-samr0-debuginfo-4.2.4-26.2 libgensec-devel-4.2.4-26.2 libndr-devel-4.2.4-26.2 libndr-krb5pac-devel-4.2.4-26.2 libndr-nbt-devel-4.2.4-26.2 libndr-standard-devel-4.2.4-26.2 libnetapi-devel-4.2.4-26.2 libregistry-devel-4.2.4-26.2 libsamba-credentials-devel-4.2.4-26.2 libsamba-hostconfig-devel-4.2.4-26.2 libsamba-passdb-devel-4.2.4-26.2 libsamba-policy-devel-4.2.4-26.2 libsamba-policy0-4.2.4-26.2 libsamba-policy0-debuginfo-4.2.4-26.2 libsamba-util-devel-4.2.4-26.2 libsamdb-devel-4.2.4-26.2 libsmbclient-devel-4.2.4-26.2 libsmbclient-raw-devel-4.2.4-26.2 libsmbconf-devel-4.2.4-26.2 libsmbldap-devel-4.2.4-26.2 libtevent-util-devel-4.2.4-26.2 libwbclient-devel-4.2.4-26.2 samba-core-devel-4.2.4-26.2 samba-debuginfo-4.2.4-26.2 samba-debugsource-4.2.4-26.2 samba-test-devel-4.2.4-26.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libdcerpc-binding0-4.2.4-26.2 libdcerpc-binding0-debuginfo-4.2.4-26.2 libdcerpc0-4.2.4-26.2 libdcerpc0-debuginfo-4.2.4-26.2 libgensec0-4.2.4-26.2 libgensec0-debuginfo-4.2.4-26.2 libndr-krb5pac0-4.2.4-26.2 libndr-krb5pac0-debuginfo-4.2.4-26.2 libndr-nbt0-4.2.4-26.2 libndr-nbt0-debuginfo-4.2.4-26.2 libndr-standard0-4.2.4-26.2 libndr-standard0-debuginfo-4.2.4-26.2 libndr0-4.2.4-26.2 libndr0-debuginfo-4.2.4-26.2 libnetapi0-4.2.4-26.2 libnetapi0-debuginfo-4.2.4-26.2 libregistry0-4.2.4-26.2 libregistry0-debuginfo-4.2.4-26.2 libsamba-credentials0-4.2.4-26.2 libsamba-credentials0-debuginfo-4.2.4-26.2 libsamba-hostconfig0-4.2.4-26.2 libsamba-hostconfig0-debuginfo-4.2.4-26.2 libsamba-passdb0-4.2.4-26.2 libsamba-passdb0-debuginfo-4.2.4-26.2 libsamba-util0-4.2.4-26.2 libsamba-util0-debuginfo-4.2.4-26.2 libsamdb0-4.2.4-26.2 libsamdb0-debuginfo-4.2.4-26.2 libsmbclient-raw0-4.2.4-26.2 libsmbclient-raw0-debuginfo-4.2.4-26.2 libsmbclient0-4.2.4-26.2 libsmbclient0-debuginfo-4.2.4-26.2 libsmbconf0-4.2.4-26.2 libsmbconf0-debuginfo-4.2.4-26.2 libsmbldap0-4.2.4-26.2 libsmbldap0-debuginfo-4.2.4-26.2 libtevent-util0-4.2.4-26.2 libtevent-util0-debuginfo-4.2.4-26.2 libwbclient0-4.2.4-26.2 libwbclient0-debuginfo-4.2.4-26.2 samba-4.2.4-26.2 samba-client-4.2.4-26.2 samba-client-debuginfo-4.2.4-26.2 samba-debuginfo-4.2.4-26.2 samba-debugsource-4.2.4-26.2 samba-libs-4.2.4-26.2 samba-libs-debuginfo-4.2.4-26.2 samba-winbind-4.2.4-26.2 samba-winbind-debuginfo-4.2.4-26.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-26.2 libdcerpc-binding0-debuginfo-32bit-4.2.4-26.2 libdcerpc0-32bit-4.2.4-26.2 libdcerpc0-debuginfo-32bit-4.2.4-26.2 libgensec0-32bit-4.2.4-26.2 libgensec0-debuginfo-32bit-4.2.4-26.2 libndr-krb5pac0-32bit-4.2.4-26.2 libndr-krb5pac0-debuginfo-32bit-4.2.4-26.2 libndr-nbt0-32bit-4.2.4-26.2 libndr-nbt0-debuginfo-32bit-4.2.4-26.2 libndr-standard0-32bit-4.2.4-26.2 libndr-standard0-debuginfo-32bit-4.2.4-26.2 libndr0-32bit-4.2.4-26.2 libndr0-debuginfo-32bit-4.2.4-26.2 libnetapi0-32bit-4.2.4-26.2 libnetapi0-debuginfo-32bit-4.2.4-26.2 libsamba-credentials0-32bit-4.2.4-26.2 libsamba-credentials0-debuginfo-32bit-4.2.4-26.2 libsamba-hostconfig0-32bit-4.2.4-26.2 libsamba-hostconfig0-debuginfo-32bit-4.2.4-26.2 libsamba-passdb0-32bit-4.2.4-26.2 libsamba-passdb0-debuginfo-32bit-4.2.4-26.2 libsamba-util0-32bit-4.2.4-26.2 libsamba-util0-debuginfo-32bit-4.2.4-26.2 libsamdb0-32bit-4.2.4-26.2 libsamdb0-debuginfo-32bit-4.2.4-26.2 libsmbclient-raw0-32bit-4.2.4-26.2 libsmbclient-raw0-debuginfo-32bit-4.2.4-26.2 libsmbclient0-32bit-4.2.4-26.2 libsmbclient0-debuginfo-32bit-4.2.4-26.2 libsmbconf0-32bit-4.2.4-26.2 libsmbconf0-debuginfo-32bit-4.2.4-26.2 libsmbldap0-32bit-4.2.4-26.2 libsmbldap0-debuginfo-32bit-4.2.4-26.2 libtevent-util0-32bit-4.2.4-26.2 libtevent-util0-debuginfo-32bit-4.2.4-26.2 libwbclient0-32bit-4.2.4-26.2 libwbclient0-debuginfo-32bit-4.2.4-26.2 samba-32bit-4.2.4-26.2 samba-client-32bit-4.2.4-26.2 samba-client-debuginfo-32bit-4.2.4-26.2 samba-debuginfo-32bit-4.2.4-26.2 samba-libs-32bit-4.2.4-26.2 samba-libs-debuginfo-32bit-4.2.4-26.2 samba-winbind-32bit-4.2.4-26.2 samba-winbind-debuginfo-32bit-4.2.4-26.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): samba-doc-4.2.4-26.2 - SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64): ctdb-4.2.4-26.2 ctdb-debuginfo-4.2.4-26.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libdcerpc-binding0-32bit-4.2.4-26.2 libdcerpc-binding0-4.2.4-26.2 libdcerpc-binding0-debuginfo-32bit-4.2.4-26.2 libdcerpc-binding0-debuginfo-4.2.4-26.2 libdcerpc0-32bit-4.2.4-26.2 libdcerpc0-4.2.4-26.2 libdcerpc0-debuginfo-32bit-4.2.4-26.2 libdcerpc0-debuginfo-4.2.4-26.2 libgensec0-32bit-4.2.4-26.2 libgensec0-4.2.4-26.2 libgensec0-debuginfo-32bit-4.2.4-26.2 libgensec0-debuginfo-4.2.4-26.2 libndr-krb5pac0-32bit-4.2.4-26.2 libndr-krb5pac0-4.2.4-26.2 libndr-krb5pac0-debuginfo-32bit-4.2.4-26.2 libndr-krb5pac0-debuginfo-4.2.4-26.2 libndr-nbt0-32bit-4.2.4-26.2 libndr-nbt0-4.2.4-26.2 libndr-nbt0-debuginfo-32bit-4.2.4-26.2 libndr-nbt0-debuginfo-4.2.4-26.2 libndr-standard0-32bit-4.2.4-26.2 libndr-standard0-4.2.4-26.2 libndr-standard0-debuginfo-32bit-4.2.4-26.2 libndr-standard0-debuginfo-4.2.4-26.2 libndr0-32bit-4.2.4-26.2 libndr0-4.2.4-26.2 libndr0-debuginfo-32bit-4.2.4-26.2 libndr0-debuginfo-4.2.4-26.2 libnetapi0-32bit-4.2.4-26.2 libnetapi0-4.2.4-26.2 libnetapi0-debuginfo-32bit-4.2.4-26.2 libnetapi0-debuginfo-4.2.4-26.2 libregistry0-4.2.4-26.2 libregistry0-debuginfo-4.2.4-26.2 libsamba-credentials0-32bit-4.2.4-26.2 libsamba-credentials0-4.2.4-26.2 libsamba-credentials0-debuginfo-32bit-4.2.4-26.2 libsamba-credentials0-debuginfo-4.2.4-26.2 libsamba-hostconfig0-32bit-4.2.4-26.2 libsamba-hostconfig0-4.2.4-26.2 libsamba-hostconfig0-debuginfo-32bit-4.2.4-26.2 libsamba-hostconfig0-debuginfo-4.2.4-26.2 libsamba-passdb0-32bit-4.2.4-26.2 libsamba-passdb0-4.2.4-26.2 libsamba-passdb0-debuginfo-32bit-4.2.4-26.2 libsamba-passdb0-debuginfo-4.2.4-26.2 libsamba-util0-32bit-4.2.4-26.2 libsamba-util0-4.2.4-26.2 libsamba-util0-debuginfo-32bit-4.2.4-26.2 libsamba-util0-debuginfo-4.2.4-26.2 libsamdb0-32bit-4.2.4-26.2 libsamdb0-4.2.4-26.2 libsamdb0-debuginfo-32bit-4.2.4-26.2 libsamdb0-debuginfo-4.2.4-26.2 libsmbclient-raw0-32bit-4.2.4-26.2 libsmbclient-raw0-4.2.4-26.2 libsmbclient-raw0-debuginfo-32bit-4.2.4-26.2 libsmbclient-raw0-debuginfo-4.2.4-26.2 libsmbclient0-32bit-4.2.4-26.2 libsmbclient0-4.2.4-26.2 libsmbclient0-debuginfo-32bit-4.2.4-26.2 libsmbclient0-debuginfo-4.2.4-26.2 libsmbconf0-32bit-4.2.4-26.2 libsmbconf0-4.2.4-26.2 libsmbconf0-debuginfo-32bit-4.2.4-26.2 libsmbconf0-debuginfo-4.2.4-26.2 libsmbldap0-32bit-4.2.4-26.2 libsmbldap0-4.2.4-26.2 libsmbldap0-debuginfo-32bit-4.2.4-26.2 libsmbldap0-debuginfo-4.2.4-26.2 libtevent-util0-32bit-4.2.4-26.2 libtevent-util0-4.2.4-26.2 libtevent-util0-debuginfo-32bit-4.2.4-26.2 libtevent-util0-debuginfo-4.2.4-26.2 libwbclient0-32bit-4.2.4-26.2 libwbclient0-4.2.4-26.2 libwbclient0-debuginfo-32bit-4.2.4-26.2 libwbclient0-debuginfo-4.2.4-26.2 samba-32bit-4.2.4-26.2 samba-4.2.4-26.2 samba-client-32bit-4.2.4-26.2 samba-client-4.2.4-26.2 samba-client-debuginfo-32bit-4.2.4-26.2 samba-client-debuginfo-4.2.4-26.2 samba-debuginfo-32bit-4.2.4-26.2 samba-debuginfo-4.2.4-26.2 samba-debugsource-4.2.4-26.2 samba-libs-32bit-4.2.4-26.2 samba-libs-4.2.4-26.2 samba-libs-debuginfo-32bit-4.2.4-26.2 samba-libs-debuginfo-4.2.4-26.2 samba-winbind-32bit-4.2.4-26.2 samba-winbind-4.2.4-26.2 samba-winbind-debuginfo-32bit-4.2.4-26.2 samba-winbind-debuginfo-4.2.4-26.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): samba-doc-4.2.4-26.2 References: https://www.suse.com/security/cve/CVE-2016-2119.html https://bugzilla.suse.com/969522 https://bugzilla.suse.com/975131 https://bugzilla.suse.com/981566 https://bugzilla.suse.com/986228 https://bugzilla.suse.com/986869 https://bugzilla.suse.com/991564 From sle-updates at lists.suse.com Wed Sep 14 12:10:21 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Sep 2016 20:10:21 +0200 (CEST) Subject: SUSE-RU-2016:2307-1: Recommended update for libspectre Message-ID: <20160914181021.E9E7DFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for libspectre ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2307-1 Rating: low References: #975503 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libspectre fixes handling of PostScript files with embedded EPS files. Such documents contains two "%%EOF" DSC comments and the first one stopped the parsing of the file as if the real EOF was reached. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1352=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1352=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1352=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libspectre-debugsource-0.2.7-11.1 libspectre-devel-0.2.7-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libspectre-debugsource-0.2.7-11.1 libspectre1-0.2.7-11.1 libspectre1-debuginfo-0.2.7-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libspectre-debugsource-0.2.7-11.1 libspectre1-0.2.7-11.1 libspectre1-debuginfo-0.2.7-11.1 References: https://bugzilla.suse.com/975503 From sle-updates at lists.suse.com Thu Sep 15 06:11:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Sep 2016 14:11:34 +0200 (CEST) Subject: SUSE-SU-2016:2312-1: important: Security update for flash-player Message-ID: <20160915121134.81936FC43@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2312-1 Rating: important References: #998589 Cross-References: CVE-2016-4182 CVE-2016-4237 CVE-2016-4238 CVE-2016-4271 CVE-2016-4272 CVE-2016-4274 CVE-2016-4275 CVE-2016-4276 CVE-2016-4277 CVE-2016-4278 CVE-2016-4279 CVE-2016-4280 CVE-2016-4281 CVE-2016-4282 CVE-2016-4283 CVE-2016-4284 CVE-2016-4285 CVE-2016-4287 CVE-2016-6921 CVE-2016-6922 CVE-2016-6923 CVE-2016-6924 CVE-2016-6925 CVE-2016-6926 CVE-2016-6927 CVE-2016-6929 CVE-2016-6930 CVE-2016-6931 CVE-2016-6932 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: This update for flash-player fixes the following security issues (APSB16-29, boo#998589): - integer overflow vulnerability that could lead to code execution (CVE-2016-4287). - use-after-free vulnerabilities that could lead to code execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932) - security bypass vulnerabilities that could lead to information disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278) - memory corruption vulnerabilities that could lead to code execution (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1353=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1353=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-11.2.202.635-140.1 flash-player-gnome-11.2.202.635-140.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-11.2.202.635-140.1 flash-player-gnome-11.2.202.635-140.1 References: https://www.suse.com/security/cve/CVE-2016-4182.html https://www.suse.com/security/cve/CVE-2016-4237.html https://www.suse.com/security/cve/CVE-2016-4238.html https://www.suse.com/security/cve/CVE-2016-4271.html https://www.suse.com/security/cve/CVE-2016-4272.html https://www.suse.com/security/cve/CVE-2016-4274.html https://www.suse.com/security/cve/CVE-2016-4275.html https://www.suse.com/security/cve/CVE-2016-4276.html https://www.suse.com/security/cve/CVE-2016-4277.html https://www.suse.com/security/cve/CVE-2016-4278.html https://www.suse.com/security/cve/CVE-2016-4279.html https://www.suse.com/security/cve/CVE-2016-4280.html https://www.suse.com/security/cve/CVE-2016-4281.html https://www.suse.com/security/cve/CVE-2016-4282.html https://www.suse.com/security/cve/CVE-2016-4283.html https://www.suse.com/security/cve/CVE-2016-4284.html https://www.suse.com/security/cve/CVE-2016-4285.html https://www.suse.com/security/cve/CVE-2016-4287.html https://www.suse.com/security/cve/CVE-2016-6921.html https://www.suse.com/security/cve/CVE-2016-6922.html https://www.suse.com/security/cve/CVE-2016-6923.html https://www.suse.com/security/cve/CVE-2016-6924.html https://www.suse.com/security/cve/CVE-2016-6925.html https://www.suse.com/security/cve/CVE-2016-6926.html https://www.suse.com/security/cve/CVE-2016-6927.html https://www.suse.com/security/cve/CVE-2016-6929.html https://www.suse.com/security/cve/CVE-2016-6930.html https://www.suse.com/security/cve/CVE-2016-6931.html https://www.suse.com/security/cve/CVE-2016-6932.html https://bugzilla.suse.com/998589 From sle-updates at lists.suse.com Thu Sep 15 10:10:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Sep 2016 18:10:31 +0200 (CEST) Subject: SUSE-RU-2016:2315-1: Recommended update for pciutils Message-ID: <20160915161031.ECB0DFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2315-1 Rating: low References: #990050 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pciutils fixes the following issues: - lspci(8) used to replace long names with "pci_lookup_name: buffer too small". Instead of that, it will now truncate the name and append "..." at the end. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-pciutils-12746=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-pciutils-12746=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pciutils-12746=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): pciutils-devel-3.1.7-11.13.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): pciutils-devel-32bit-3.1.7-11.13.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): pciutils-3.1.7-11.13.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): pciutils-32bit-3.1.7-11.13.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): pciutils-x86-3.1.7-11.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): pciutils-debuginfo-3.1.7-11.13.1 pciutils-debugsource-3.1.7-11.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): pciutils-debuginfo-32bit-3.1.7-11.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): pciutils-debuginfo-x86-3.1.7-11.13.1 References: https://bugzilla.suse.com/990050 From sle-updates at lists.suse.com Thu Sep 15 10:11:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Sep 2016 18:11:03 +0200 (CEST) Subject: SUSE-RU-2016:2316-1: Recommended update for growpart Message-ID: <20160915161103.3BCD4FC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for growpart ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2316-1 Rating: low References: #998378 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides growpart 0.29, which brings the following enhancements and fixes: - Fix use of partx with newer util-linux versions. - Fix some issues in error path reporting. - Capture output of 'partx --help' as older versions do not support that flag and send output to standard error. - Fix bug when growing partitions on disks greater than 2TB. - Support sfdisk 2.26 or newer, and support gpt partitions with sfdisk. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1355=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): growpart-0.29-3.1 References: https://bugzilla.suse.com/998378 From sle-updates at lists.suse.com Thu Sep 15 11:09:17 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Sep 2016 19:09:17 +0200 (CEST) Subject: SUSE-RU-2016:2317-1: Recommended update for zypper-migration-plugin Message-ID: <20160915170917.20647FC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper-migration-plugin ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2317-1 Rating: low References: #984324 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zypper-migration-plugin provides the following fixes: - Pass "--cleanup-algorithm=number" and "--userdata important=yes" parameters to snapper when creating snapshots, like YaST migration does. (bsc#984324) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1356=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1356=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): zypper-migration-plugin-0.10-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): zypper-migration-plugin-0.10-9.1 References: https://bugzilla.suse.com/984324 From sle-updates at lists.suse.com Thu Sep 15 12:09:15 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Sep 2016 20:09:15 +0200 (CEST) Subject: SUSE-RU-2016:2318-1: Recommended update for zypper-migration-plugin Message-ID: <20160915180915.CD6BAFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper-migration-plugin ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2318-1 Rating: low References: #984324 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zypper-migration-plugin provides the following fixes: - Pass "--cleanup-algorithm=number" and "--userdata important=yes" parameters to snapper when creating snapshots, like YaST migration does. (bsc#984324) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1357=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1357=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): zypper-migration-plugin-0.10-16.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): zypper-migration-plugin-0.10-16.1 References: https://bugzilla.suse.com/984324 From sle-updates at lists.suse.com Thu Sep 15 16:09:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Sep 2016 00:09:10 +0200 (CEST) Subject: SUSE-OU-2016:2319-1: Optional update for gcc6 Message-ID: <20160915220910.38D7EFC43@maintenance.suse.de> SUSE Optional Update: Optional update for gcc6 ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2319-1 Rating: low References: #983206 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update ships the GNU Compiler Collection (GCC) in version 6.2. This update is shipped in two parts: - SUSE Linux Enterprise Server 12 and Desktop: The runtime libraries libgcc_s1, libstdc++6, libatomic1, libgomp1, libitm1 and some others can now be used by GCC 6 built binaries. - SUSE Linux Enterprise 12 Toolchain Module: The Toolchain module received the GCC 6 compiler suite with this update. Changes: - The default mode for C++ is now -std=gnu++14 instead of -std=gnu++98. Generic Optimization improvements: - UndefinedBehaviorSanitizer gained a new sanitization option, -fsanitize=bounds-strict, which enables strict checking of array bounds. In particular, it enables -fsanitize=bounds as well as instrumentation of flexible array member-like arrays. - Type-based alias analysis now disambiguates accesses to different pointers. This improves precision of the alias oracle by about 20-30% on higher-level C++ programs. Programs doing invalid type punning of pointer types may now need -fno-strict-aliasing to work correctly. - Alias analysis now correctly supports weakref and alias attributes. This makes it possible to access both a variable and its alias in one translation unit which is common with link-time optimization. - Value range propagation now assumes that the this pointer of C++ member functions is non-null. This eliminates common null pointer checks but also breaks some non-conforming code-bases (such as Qt-5, Chromium, KDevelop). As a temporary work-around -fno-delete-null-pointer-checks can be used. Wrong code can be identified by using -fsanitize=undefined. - Various Link-time optimization improvements. - Inter-procedural optimization improvements: - Basic jump threading is now performed before profile construction and inline analysis, resulting in more realistic size and time estimates that drive the heuristics of the of inliner and function cloning passes. - Function cloning now more aggressively eliminates unused function parameters. - Compared to GCC 5, the GCC 6 release series includes a much improved implementation of the OpenACC 2.0a specification. C language specific improvements: - Version 4.5 of the OpenMP specification is now supported in the C and C++ compilers. - Source locations for the C and C++ compilers are now tracked as ranges, rather than just points, making it easier to identify the subexpression of interest within a complicated expression. In addition, there is now initial support for precise diagnostic locations within strings, - Diagnostics can now contain "fix-it hints", which are displayed in context underneath the relevant source code. - The C and C++ compilers now offer suggestions for misspelled field names. - New command-line options have been added for the C and C++ compilers: - -Wshift-negative-value warns about left shifting a negative value. - -Wshift-overflow warns about left shift overflows. This warning is enabled by default. -Wshift-overflow=2 also warns about left-shifting 1 into the sign bit. - -Wtautological-compare warns if a self-comparison always evaluates to true or false. This warning is enabled by -Wall. - -Wnull-dereference warns if the compiler detects paths that trigger erroneous or undefined behavior due to dereferencing a null pointer. This option is only active when -fdelete-null-pointer-checks is active, which is enabled by optimizations in most targets. The precision of the warnings depends on the optimization options used. - -Wduplicated-cond warns about duplicated conditions in an if-else-if chain. - -Wmisleading-indentation warns about places where the indentation of the code gives a misleading idea of the block structure of the code to a human reader. This warning is enabled by -Wall. - The C and C++ compilers now emit saner error messages if merge-conflict markers are present in a source file. C improvements: - It is possible to disable warnings when an initialized field of a structure or a union with side effects is being overridden when using designated initializers via a new warning option -Woverride-init-side-effects. - A new type attribute scalar_storage_order applying to structures and unions has been introduced. It specifies the storage order (aka endianness) in memory of scalar fields in structures or unions. C++ improvements: - The default mode has been changed to -std=gnu++14. - C++ Concepts are now supported when compiling with -fconcepts. - -flifetime-dse is more aggressive in dead-store elimination in situations where a memory store to a location precedes a constructor to that memory location. - G++ now supports C++17 fold expressions, u8 character literals, extended static_assert, and nested namespace definitions. - G++ now allows constant evaluation for all non-type template arguments. - G++ now supports C++ Transactional Memory when compiling with -fgnu-tm. libstdc++ improvements: - Extensions to the C++ Library to support mathematical special functions (ISO/IEC 29124:2010), thanks to Edward Smith-Rowland. - Experimental support for C++17. - An experimental implementation of the File System TS. - Experimental support for most features of the second version of the Library Fundamentals TS. This includes polymorphic memory resources and array support in shared_ptr, thanks to Fan You. - Some assertions checked by Debug Mode can now also be enabled by _GLIBCXX_ASSERTIONS. The subset of checks enabled by the new macro have less run-time overhead than the full _GLIBCXX_DEBUG checks and don't affect the library ABI, so can be enabled per-translation unit. Fortran improvements: - Fortran 2008 SUBMODULE support. - Fortran 2015 EVENT_TYPE, EVENT_POST, EVENT_WAIT, and EVENT_QUERY support. - Improved support for Fortran 2003 deferred-length character variables. - Improved support for OpenMP and OpenACC. - The MATMUL intrinsic is now inlined for straightforward cases if front-end optimization is active. The maximum size for inlining can be set to n with the -finline-matmul-limit=n option and turned off with -finline-matmul-limit=0. - The -Wconversion-extra option will warn about REAL constants which have excess precision for their kind. - The -Winteger-division option has been added, which warns about divisions of integer constants which are truncated. This option is included in -Wall by default. Architecture improvements: - AArch64 received a lot of improvements. IA-32/x86-64 improvements: - GCC now supports the Intel CPU named Skylake with AVX-512 extensions through -march=skylake-avx512. The switch enables the following ISA extensions: AVX-512F, AVX512VL, AVX-512CD, AVX-512BW, AVX-512DQ. - Support for new AMD instructions monitorx and mwaitx has been added. This includes new intrinsic and built-in support. It is enabled through option -mmwaitx. The instructions monitorx and mwaitx implement the same functionality as the old monitor and mwait instructions. In addition mwaitx adds a configurable timer. The timer value is received as third argument and stored in register %ebx. - x86-64 targets now allow stack realignment from a word-aligned stack pointer using the command-line option -mstackrealign or __attribute__ ((force_align_arg_pointer)). This allows functions compiled with a vector-aligned stack to be invoked from objects that keep only word-alignment. - Support for address spaces __seg_fs, __seg_gs, and __seg_tls. These can be used to access data via the %fs and %gs segments without having to resort to inline assembly. - Support for AMD Zen (family 17h) processors is now available through the -march=znver1 and -mtune=znver1 options. PowerPC / PowerPC64 / RS6000 improvements: - PowerPC64 now supports IEEE 128-bit floating-point using the __float128 data type. In GCC 6, this is not enabled by default, but you can enable it with -mfloat128. The IEEE 128-bit floating-point support requires the use of the VSX instruction set. IEEE 128-bit floating-point values are passed and returned as a single vector value. The software emulator for IEEE 128-bit floating-point support is only built on PowerPC GNU/Linux systems where the default CPU is at least power7. On future ISA 3.0 systems (POWER 9 and later), you will be able to use the -mfloat128-hardware option to use the ISA 3.0 instructions that support IEEE 128-bit floating-point. An additional type (__ibm128) has been added to refer to the IBM extended double type that normally implements long double. This will allow for a future transition to implementing long double with IEEE 128-bit floating-point. - Basic support has been added for POWER9 hardware that will use the recently published OpenPOWER ISA 3.0 instructions. The following new switches are available: - -mcpu=power9: Implement all of the ISA 3.0 instructions supported by the compiler. - -mtune=power9: In the future, apply tuning for POWER9 systems. Currently, POWER8 tunings are used. - -mmodulo: Generate code using the ISA 3.0 integer instructions (modulus, count trailing zeros, array index support, integer multiply/add). - -mpower9-fusion: Generate code to suitably fuse instruction sequences for a POWER9 system. - -mpower9-dform: Generate code to use the new D-form (register+offset) memory instructions for the vector registers. - -mpower9-vector: Generate code using the new ISA 3.0 vector (VSX or Altivec) instructions. - -mpower9-minmax: Reserved for future development. - -mtoc-fusion: Keep TOC entries together to provide more fusion opportunities. - New constraints have been added to support IEEE 128-bit floating-point and ISA 3.0 instructions. - Support has been added for __builtin_cpu_is() and __builtin_cpu_supports(), allowing for very fast access to AT_PLATFORM, AT_HWCAP, and AT_HWCAP2 values. This requires use of glibc 2.23 or later. - All hardware transactional memory builtins now correctly behave as memory barriers. Programmers can use #ifdef __TM_FENCE__ to determine whether their "old" compiler treats the builtins as barriers. - Split-stack support has been added for gccgo on PowerPC64 for both big- and little-endian (but not for 32-bit). The gold linker from at least binutils 2.25.1 must be available in the PATH when configuring and building gccgo to enable split stack. (The requirement for binutils 2.25.1 applies to PowerPC64 only.) The split-stack feature allows a small initial stack size to be allocated for each goroutine, which increases as needed. - GCC on PowerPC now supports the standard lround function. - The "q", "S", "T", and "t" asm-constraints have been removed. - The "b", "B", "m", "M", and "W" format modifiers have been removed. S/390, System z, IBM z Systems improvements: - Support for the IBM z13 processor has been added. When using the -march=z13 option, the compiler will generate code making use of the new instructions and registers introduced with the vector extension facility. The -mtune=z13 option enables z13 specific instruction scheduling without making use of new instructions. - Compiling code with -march=z13 reduces the default alignment of vector types bigger than 8 bytes to 8. This is an ABI change and care must be taken when linking modules compiled with different arch levels which interchange variables containing vector type values. For newly compiled code the GNU linker will emit a warning. - The -mzvector option enables a C/C++ language extension. This extension provides a new keyword vector which can be used to define vector type variables. (Note: This is not available when enforcing strict standard compliance e.g. with -std=c99. Either enable GNU extensions with e.g. -std=gnu99 or use __vector instead of vector.) - Additionally a set of overloaded builtins is provided which is partially compatible to the PowerPC Altivec builtins. In order to make use of these builtins the vecintrin.h header file needs to be included. - The new command line options -march=native, and -mtune=native are now available on native IBM z Systems. Specifying these options will cause GCC to auto-detect the host CPU and rewrite these options to the optimal setting for that system. If GCC is unable to detect the host CPU these options have no effect. - The IBM z Systems port now supports target attributes and pragmas. Please refer to the documentation for details of available attributes and pragmas as well as usage instructions. - -fsplit-stack is now supported as part of the IBM z Systems port. This feature requires a recent gold linker to be used. - Support for the g5 and g6 -march=/-mtune= CPU level switches has been deprecated and will be removed in a future GCC release. -m31 from now on defaults to -march=z900 if not specified otherwise. -march=native on a g5/g6 machine will default to -march=z900. An even more detailed list of features can be found at: https://gcc.gnu.org/gcc-6/changes.html Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1358=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1358=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1358=1 - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2016-1358=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1358=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): gcc6-debugsource-6.2.1+r239768-2.4 libasan3-32bit-6.2.1+r239768-2.4 libasan3-32bit-debuginfo-6.2.1+r239768-2.4 libasan3-6.2.1+r239768-2.4 libasan3-debuginfo-6.2.1+r239768-2.4 libatomic1-32bit-6.2.1+r239768-2.4 libatomic1-32bit-debuginfo-6.2.1+r239768-2.4 libatomic1-6.2.1+r239768-2.4 libatomic1-debuginfo-6.2.1+r239768-2.4 libcilkrts5-32bit-6.2.1+r239768-2.4 libcilkrts5-32bit-debuginfo-6.2.1+r239768-2.4 libcilkrts5-6.2.1+r239768-2.4 libcilkrts5-debuginfo-6.2.1+r239768-2.4 libgcc_s1-32bit-6.2.1+r239768-2.4 libgcc_s1-32bit-debuginfo-6.2.1+r239768-2.4 libgcc_s1-6.2.1+r239768-2.4 libgcc_s1-debuginfo-6.2.1+r239768-2.4 libgfortran3-32bit-6.2.1+r239768-2.4 libgfortran3-32bit-debuginfo-6.2.1+r239768-2.4 libgfortran3-6.2.1+r239768-2.4 libgfortran3-debuginfo-6.2.1+r239768-2.4 libgomp1-32bit-6.2.1+r239768-2.4 libgomp1-32bit-debuginfo-6.2.1+r239768-2.4 libgomp1-6.2.1+r239768-2.4 libgomp1-debuginfo-6.2.1+r239768-2.4 libitm1-32bit-6.2.1+r239768-2.4 libitm1-32bit-debuginfo-6.2.1+r239768-2.4 libitm1-6.2.1+r239768-2.4 libitm1-debuginfo-6.2.1+r239768-2.4 liblsan0-6.2.1+r239768-2.4 liblsan0-debuginfo-6.2.1+r239768-2.4 libmpx2-32bit-6.2.1+r239768-2.4 libmpx2-32bit-debuginfo-6.2.1+r239768-2.4 libmpx2-6.2.1+r239768-2.4 libmpx2-debuginfo-6.2.1+r239768-2.4 libmpxwrappers2-32bit-6.2.1+r239768-2.4 libmpxwrappers2-32bit-debuginfo-6.2.1+r239768-2.4 libmpxwrappers2-6.2.1+r239768-2.4 libmpxwrappers2-debuginfo-6.2.1+r239768-2.4 libquadmath0-32bit-6.2.1+r239768-2.4 libquadmath0-32bit-debuginfo-6.2.1+r239768-2.4 libquadmath0-6.2.1+r239768-2.4 libquadmath0-debuginfo-6.2.1+r239768-2.4 libstdc++6-32bit-6.2.1+r239768-2.4 libstdc++6-32bit-debuginfo-6.2.1+r239768-2.4 libstdc++6-6.2.1+r239768-2.4 libstdc++6-debuginfo-6.2.1+r239768-2.4 libstdc++6-locale-6.2.1+r239768-2.4 libtsan0-6.2.1+r239768-2.4 libtsan0-debuginfo-6.2.1+r239768-2.4 libubsan0-32bit-6.2.1+r239768-2.4 libubsan0-32bit-debuginfo-6.2.1+r239768-2.4 libubsan0-6.2.1+r239768-2.4 libubsan0-debuginfo-6.2.1+r239768-2.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gcc6-debuginfo-6.2.1+r239768-2.4 gcc6-debugsource-6.2.1+r239768-2.4 libatomic1-6.2.1+r239768-2.4 libatomic1-debuginfo-6.2.1+r239768-2.4 libgcc_s1-6.2.1+r239768-2.4 libgcc_s1-debuginfo-6.2.1+r239768-2.4 libgfortran3-6.2.1+r239768-2.4 libgfortran3-debuginfo-6.2.1+r239768-2.4 libgomp1-6.2.1+r239768-2.4 libgomp1-debuginfo-6.2.1+r239768-2.4 libitm1-6.2.1+r239768-2.4 libitm1-debuginfo-6.2.1+r239768-2.4 libstdc++6-6.2.1+r239768-2.4 libstdc++6-debuginfo-6.2.1+r239768-2.4 libstdc++6-locale-6.2.1+r239768-2.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64): libasan3-6.2.1+r239768-2.4 libasan3-debuginfo-6.2.1+r239768-2.4 libubsan0-6.2.1+r239768-2.4 libubsan0-debuginfo-6.2.1+r239768-2.4 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libatomic1-32bit-6.2.1+r239768-2.4 libatomic1-32bit-debuginfo-6.2.1+r239768-2.4 libgcc_s1-32bit-6.2.1+r239768-2.4 libgcc_s1-32bit-debuginfo-6.2.1+r239768-2.4 libgfortran3-32bit-6.2.1+r239768-2.4 libgfortran3-32bit-debuginfo-6.2.1+r239768-2.4 libgomp1-32bit-6.2.1+r239768-2.4 libgomp1-32bit-debuginfo-6.2.1+r239768-2.4 libitm1-32bit-6.2.1+r239768-2.4 libitm1-32bit-debuginfo-6.2.1+r239768-2.4 libstdc++6-32bit-6.2.1+r239768-2.4 libstdc++6-32bit-debuginfo-6.2.1+r239768-2.4 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libasan3-32bit-6.2.1+r239768-2.4 libasan3-32bit-debuginfo-6.2.1+r239768-2.4 libcilkrts5-32bit-6.2.1+r239768-2.4 libcilkrts5-32bit-debuginfo-6.2.1+r239768-2.4 libcilkrts5-6.2.1+r239768-2.4 libcilkrts5-debuginfo-6.2.1+r239768-2.4 liblsan0-6.2.1+r239768-2.4 liblsan0-debuginfo-6.2.1+r239768-2.4 libmpx2-32bit-6.2.1+r239768-2.4 libmpx2-32bit-debuginfo-6.2.1+r239768-2.4 libmpx2-6.2.1+r239768-2.4 libmpx2-debuginfo-6.2.1+r239768-2.4 libmpxwrappers2-32bit-6.2.1+r239768-2.4 libmpxwrappers2-32bit-debuginfo-6.2.1+r239768-2.4 libmpxwrappers2-6.2.1+r239768-2.4 libmpxwrappers2-debuginfo-6.2.1+r239768-2.4 libquadmath0-32bit-6.2.1+r239768-2.4 libquadmath0-32bit-debuginfo-6.2.1+r239768-2.4 libquadmath0-6.2.1+r239768-2.4 libquadmath0-debuginfo-6.2.1+r239768-2.4 libtsan0-6.2.1+r239768-2.4 libtsan0-debuginfo-6.2.1+r239768-2.4 libubsan0-32bit-6.2.1+r239768-2.4 libubsan0-32bit-debuginfo-6.2.1+r239768-2.4 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gcc6-debugsource-6.2.1+r239768-2.4 libatomic1-6.2.1+r239768-2.4 libatomic1-debuginfo-6.2.1+r239768-2.4 libgcc_s1-6.2.1+r239768-2.4 libgcc_s1-debuginfo-6.2.1+r239768-2.4 libgfortran3-6.2.1+r239768-2.4 libgfortran3-debuginfo-6.2.1+r239768-2.4 libgomp1-6.2.1+r239768-2.4 libgomp1-debuginfo-6.2.1+r239768-2.4 libitm1-6.2.1+r239768-2.4 libitm1-debuginfo-6.2.1+r239768-2.4 libstdc++6-6.2.1+r239768-2.4 libstdc++6-debuginfo-6.2.1+r239768-2.4 libstdc++6-locale-6.2.1+r239768-2.4 - SUSE Linux Enterprise Server 12-LTSS (ppc64le x86_64): libasan3-6.2.1+r239768-2.4 libasan3-debuginfo-6.2.1+r239768-2.4 libubsan0-6.2.1+r239768-2.4 libubsan0-debuginfo-6.2.1+r239768-2.4 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libatomic1-32bit-6.2.1+r239768-2.4 libatomic1-32bit-debuginfo-6.2.1+r239768-2.4 libgcc_s1-32bit-6.2.1+r239768-2.4 libgcc_s1-32bit-debuginfo-6.2.1+r239768-2.4 libgfortran3-32bit-6.2.1+r239768-2.4 libgfortran3-32bit-debuginfo-6.2.1+r239768-2.4 libgomp1-32bit-6.2.1+r239768-2.4 libgomp1-32bit-debuginfo-6.2.1+r239768-2.4 libitm1-32bit-6.2.1+r239768-2.4 libitm1-32bit-debuginfo-6.2.1+r239768-2.4 libstdc++6-32bit-6.2.1+r239768-2.4 libstdc++6-32bit-debuginfo-6.2.1+r239768-2.4 - SUSE Linux Enterprise Server 12-LTSS (x86_64): libasan3-32bit-6.2.1+r239768-2.4 libasan3-32bit-debuginfo-6.2.1+r239768-2.4 libcilkrts5-32bit-6.2.1+r239768-2.4 libcilkrts5-32bit-debuginfo-6.2.1+r239768-2.4 libcilkrts5-6.2.1+r239768-2.4 libcilkrts5-debuginfo-6.2.1+r239768-2.4 liblsan0-6.2.1+r239768-2.4 liblsan0-debuginfo-6.2.1+r239768-2.4 libmpx2-32bit-6.2.1+r239768-2.4 libmpx2-32bit-debuginfo-6.2.1+r239768-2.4 libmpx2-6.2.1+r239768-2.4 libmpx2-debuginfo-6.2.1+r239768-2.4 libmpxwrappers2-32bit-6.2.1+r239768-2.4 libmpxwrappers2-32bit-debuginfo-6.2.1+r239768-2.4 libmpxwrappers2-6.2.1+r239768-2.4 libmpxwrappers2-debuginfo-6.2.1+r239768-2.4 libquadmath0-32bit-6.2.1+r239768-2.4 libquadmath0-32bit-debuginfo-6.2.1+r239768-2.4 libquadmath0-6.2.1+r239768-2.4 libquadmath0-debuginfo-6.2.1+r239768-2.4 libtsan0-6.2.1+r239768-2.4 libtsan0-debuginfo-6.2.1+r239768-2.4 libubsan0-32bit-6.2.1+r239768-2.4 libubsan0-32bit-debuginfo-6.2.1+r239768-2.4 - SUSE Linux Enterprise Module for Toolchain 12 (ppc64le s390x x86_64): cpp6-6.2.1+r239768-2.4 cpp6-debuginfo-6.2.1+r239768-2.4 gcc6-6.2.1+r239768-2.4 gcc6-c++-6.2.1+r239768-2.4 gcc6-c++-debuginfo-6.2.1+r239768-2.4 gcc6-debuginfo-6.2.1+r239768-2.4 gcc6-debugsource-6.2.1+r239768-2.4 gcc6-fortran-6.2.1+r239768-2.4 gcc6-fortran-debuginfo-6.2.1+r239768-2.4 gcc6-locale-6.2.1+r239768-2.4 libstdc++6-devel-gcc6-6.2.1+r239768-2.4 - SUSE Linux Enterprise Module for Toolchain 12 (s390x x86_64): gcc6-32bit-6.2.1+r239768-2.4 gcc6-c++-32bit-6.2.1+r239768-2.4 gcc6-fortran-32bit-6.2.1+r239768-2.4 libstdc++6-devel-gcc6-32bit-6.2.1+r239768-2.4 - SUSE Linux Enterprise Module for Toolchain 12 (x86_64): gcc6-ada-32bit-6.2.1+r239768-2.4 gcc6-ada-6.2.1+r239768-2.4 gcc6-ada-debuginfo-6.2.1+r239768-2.4 libada6-32bit-6.2.1+r239768-2.4 libada6-32bit-debuginfo-6.2.1+r239768-2.4 libada6-6.2.1+r239768-2.4 libada6-debuginfo-6.2.1+r239768-2.4 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): gcc6-info-6.2.1+r239768-2.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gcc6-debuginfo-6.2.1+r239768-2.4 gcc6-debugsource-6.2.1+r239768-2.4 libasan3-32bit-6.2.1+r239768-2.4 libasan3-32bit-debuginfo-6.2.1+r239768-2.4 libasan3-6.2.1+r239768-2.4 libasan3-debuginfo-6.2.1+r239768-2.4 libatomic1-32bit-6.2.1+r239768-2.4 libatomic1-32bit-debuginfo-6.2.1+r239768-2.4 libatomic1-6.2.1+r239768-2.4 libatomic1-debuginfo-6.2.1+r239768-2.4 libcilkrts5-32bit-6.2.1+r239768-2.4 libcilkrts5-32bit-debuginfo-6.2.1+r239768-2.4 libcilkrts5-6.2.1+r239768-2.4 libcilkrts5-debuginfo-6.2.1+r239768-2.4 libgcc_s1-32bit-6.2.1+r239768-2.4 libgcc_s1-32bit-debuginfo-6.2.1+r239768-2.4 libgcc_s1-6.2.1+r239768-2.4 libgcc_s1-debuginfo-6.2.1+r239768-2.4 libgfortran3-32bit-6.2.1+r239768-2.4 libgfortran3-32bit-debuginfo-6.2.1+r239768-2.4 libgfortran3-6.2.1+r239768-2.4 libgfortran3-debuginfo-6.2.1+r239768-2.4 libgomp1-32bit-6.2.1+r239768-2.4 libgomp1-32bit-debuginfo-6.2.1+r239768-2.4 libgomp1-6.2.1+r239768-2.4 libgomp1-debuginfo-6.2.1+r239768-2.4 libitm1-32bit-6.2.1+r239768-2.4 libitm1-32bit-debuginfo-6.2.1+r239768-2.4 libitm1-6.2.1+r239768-2.4 libitm1-debuginfo-6.2.1+r239768-2.4 liblsan0-6.2.1+r239768-2.4 liblsan0-debuginfo-6.2.1+r239768-2.4 libmpx2-32bit-6.2.1+r239768-2.4 libmpx2-32bit-debuginfo-6.2.1+r239768-2.4 libmpx2-6.2.1+r239768-2.4 libmpx2-debuginfo-6.2.1+r239768-2.4 libmpxwrappers2-32bit-6.2.1+r239768-2.4 libmpxwrappers2-32bit-debuginfo-6.2.1+r239768-2.4 libmpxwrappers2-6.2.1+r239768-2.4 libmpxwrappers2-debuginfo-6.2.1+r239768-2.4 libquadmath0-32bit-6.2.1+r239768-2.4 libquadmath0-32bit-debuginfo-6.2.1+r239768-2.4 libquadmath0-6.2.1+r239768-2.4 libquadmath0-debuginfo-6.2.1+r239768-2.4 libstdc++6-32bit-6.2.1+r239768-2.4 libstdc++6-32bit-debuginfo-6.2.1+r239768-2.4 libstdc++6-6.2.1+r239768-2.4 libstdc++6-debuginfo-6.2.1+r239768-2.4 libstdc++6-locale-6.2.1+r239768-2.4 libtsan0-6.2.1+r239768-2.4 libtsan0-debuginfo-6.2.1+r239768-2.4 libubsan0-32bit-6.2.1+r239768-2.4 libubsan0-32bit-debuginfo-6.2.1+r239768-2.4 libubsan0-6.2.1+r239768-2.4 libubsan0-debuginfo-6.2.1+r239768-2.4 References: https://bugzilla.suse.com/983206 From sle-updates at lists.suse.com Fri Sep 16 09:09:42 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Sep 2016 17:09:42 +0200 (CEST) Subject: SUSE-RU-2016:2323-1: moderate: Recommended update for crowbar-barclamp-crowbar Message-ID: <20160916150942.6C48EFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-crowbar ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2323-1 Rating: moderate References: #972527 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-barclamp-crowbar fixes the following issue: - Fix backup when multiple DNS forwarders are used (bsc#972527) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-crowbar-12747=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-crowbar-1.9+git.1463492063.2e05861-23.1 References: https://bugzilla.suse.com/972527 From sle-updates at lists.suse.com Fri Sep 16 10:10:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Sep 2016 18:10:04 +0200 (CEST) Subject: SUSE-RU-2016:2324-1: moderate: Recommended update for python-glanceclient and python-swiftclient Message-ID: <20160916161004.8C584FC44@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-glanceclient and python-swiftclient ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2324-1 Rating: moderate References: #914910 #964921 #975302 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for python-glanceclient and python-swiftclient fixes the following issues: - Compatibility fixes for SLE 12 (bsc#975302, bsc#964921) - Fix swiftclient dependencies (bnc#914910) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-python-glanceclient-12749=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): python-glanceclient-0.15.0-15.1 python-swiftclient-2.3.1-9.1 python-swiftclient-doc-2.3.1-9.1 References: https://bugzilla.suse.com/914910 https://bugzilla.suse.com/964921 https://bugzilla.suse.com/975302 From sle-updates at lists.suse.com Fri Sep 16 10:11:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Sep 2016 18:11:00 +0200 (CEST) Subject: SUSE-SU-2016:2325-1: moderate: Security update for openstack-keystone, openstack-nova, and openstack-swift Message-ID: <20160916161100.E5083FC46@maintenance.suse.de> SUSE Security Update: Security update for openstack-keystone, openstack-nova, and openstack-swift ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2325-1 Rating: moderate References: #929628 #960015 #960601 #967356 Cross-References: CVE-2015-3646 CVE-2015-7548 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for openstack-keystone, openstack-nova, and openstack-swift fixes the following issues: - Fix hybrid backend from keystone v3 (bsc#967356) - Fix cleanup when block migration fails (bsc#960015) - Avoid host data leak (bsc#960601, CVE-2015-7548) - Fix init script for openstack-swift-object-expirer - Mark backend_argument as secret (bsc#929628, CVE-2015-3646) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openstack-keystone-12748=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): openstack-keystone-doc-2014.2.4.juno-17.2 openstack-nova-doc-2014.2.4.juno-29.1 openstack-swift-doc-2.1.0-14.1 - SUSE OpenStack Cloud 5 (x86_64): openstack-keystone-2014.2.4.juno-17.1 openstack-nova-2014.2.4.juno-29.1 openstack-nova-api-2014.2.4.juno-29.1 openstack-nova-cells-2014.2.4.juno-29.1 openstack-nova-cert-2014.2.4.juno-29.1 openstack-nova-compute-2014.2.4.juno-29.1 openstack-nova-conductor-2014.2.4.juno-29.1 openstack-nova-console-2014.2.4.juno-29.1 openstack-nova-consoleauth-2014.2.4.juno-29.1 openstack-nova-novncproxy-2014.2.4.juno-29.1 openstack-nova-objectstore-2014.2.4.juno-29.1 openstack-nova-scheduler-2014.2.4.juno-29.1 openstack-nova-serialproxy-2014.2.4.juno-29.1 openstack-nova-vncproxy-2014.2.4.juno-29.1 openstack-swift-2.1.0-14.1 openstack-swift-account-2.1.0-14.1 openstack-swift-container-2.1.0-14.1 openstack-swift-object-2.1.0-14.1 openstack-swift-proxy-2.1.0-14.1 python-keystone-2014.2.4.juno-17.1 python-nova-2014.2.4.juno-29.1 python-swift-2.1.0-14.1 References: https://www.suse.com/security/cve/CVE-2015-3646.html https://www.suse.com/security/cve/CVE-2015-7548.html https://bugzilla.suse.com/929628 https://bugzilla.suse.com/960015 https://bugzilla.suse.com/960601 https://bugzilla.suse.com/967356 From sle-updates at lists.suse.com Fri Sep 16 10:12:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Sep 2016 18:12:14 +0200 (CEST) Subject: SUSE-RU-2016:2326-1: Recommended update for gdb Message-ID: <20160916161214.05C79FC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2326-1 Rating: low References: #944105 #987637 #994537 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for gdb provides the following fixes: - Fix infinite recursion in demangler. (bsc#987637) - Ignore further vdso filenames on ppc64 and s390x. (bsc#944105) - Fix two test cases on ppc64le. (bsc#994537) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1362=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1362=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1362=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gdb-debuginfo-7.11.1-8.38.1 gdb-debugsource-7.11.1-8.38.1 gdbserver-7.11.1-8.38.1 gdbserver-debuginfo-7.11.1-8.38.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x): gdb-debuginfo-32bit-7.11.1-8.38.1 gdbserver-32bit-7.11.1-8.38.1 gdbserver-debuginfo-32bit-7.11.1-8.38.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gdb-7.11.1-8.38.1 gdb-debuginfo-7.11.1-8.38.1 gdb-debugsource-7.11.1-8.38.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gdb-7.11.1-8.38.1 gdb-debuginfo-7.11.1-8.38.1 gdb-debugsource-7.11.1-8.38.1 References: https://bugzilla.suse.com/944105 https://bugzilla.suse.com/987637 https://bugzilla.suse.com/994537 From sle-updates at lists.suse.com Fri Sep 16 11:10:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Sep 2016 19:10:04 +0200 (CEST) Subject: SUSE-RU-2016:2327-1: Recommended update for libguestfs Message-ID: <20160916171004.6F443FC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for libguestfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2327-1 Rating: low References: #993501 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libguestfs fixes support for vfat mounts in virt-make-fs. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1363=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1363=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libguestfs-devel-1.26.10-6.1 ocaml-libguestfs-devel-1.26.10-6.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le x86_64): libguestfs-debugsource-1.26.10-6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): guestfs-data-1.26.10-6.1 guestfs-tools-1.26.10-6.1 guestfsd-1.26.10-6.1 libguestfs0-1.26.10-6.1 perl-Sys-Guestfs-1.26.10-6.1 python-libguestfs-1.26.10-6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64): guestfs-tools-debuginfo-1.26.10-6.1 guestfsd-debuginfo-1.26.10-6.1 libguestfs-debugsource-1.26.10-6.1 libguestfs0-debuginfo-1.26.10-6.1 perl-Sys-Guestfs-debuginfo-1.26.10-6.1 python-libguestfs-debuginfo-1.26.10-6.1 References: https://bugzilla.suse.com/993501 From sle-updates at lists.suse.com Fri Sep 16 13:09:08 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Sep 2016 21:09:08 +0200 (CEST) Subject: SUSE-SU-2016:2328-1: important: Security update for php53 Message-ID: <20160916190908.D1A2EFC43@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2328-1 Rating: important References: #987530 #991426 #991427 #991428 #991429 #991430 #991433 #991437 #997206 #997207 #997208 #997210 #997211 #997220 #997225 #997230 #997257 Cross-References: CVE-2014-3587 CVE-2016-3587 CVE-2016-5399 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: This update for php53 fixes the following security issues: * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allows illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-php53-12750=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-php53-12750=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): apache2-mod_php53-5.3.17-55.1 php53-5.3.17-55.1 php53-bcmath-5.3.17-55.1 php53-bz2-5.3.17-55.1 php53-calendar-5.3.17-55.1 php53-ctype-5.3.17-55.1 php53-curl-5.3.17-55.1 php53-dba-5.3.17-55.1 php53-dom-5.3.17-55.1 php53-exif-5.3.17-55.1 php53-fastcgi-5.3.17-55.1 php53-fileinfo-5.3.17-55.1 php53-ftp-5.3.17-55.1 php53-gd-5.3.17-55.1 php53-gettext-5.3.17-55.1 php53-gmp-5.3.17-55.1 php53-iconv-5.3.17-55.1 php53-intl-5.3.17-55.1 php53-json-5.3.17-55.1 php53-ldap-5.3.17-55.1 php53-mbstring-5.3.17-55.1 php53-mcrypt-5.3.17-55.1 php53-mysql-5.3.17-55.1 php53-odbc-5.3.17-55.1 php53-openssl-5.3.17-55.1 php53-pcntl-5.3.17-55.1 php53-pdo-5.3.17-55.1 php53-pear-5.3.17-55.1 php53-pgsql-5.3.17-55.1 php53-pspell-5.3.17-55.1 php53-shmop-5.3.17-55.1 php53-snmp-5.3.17-55.1 php53-soap-5.3.17-55.1 php53-suhosin-5.3.17-55.1 php53-sysvmsg-5.3.17-55.1 php53-sysvsem-5.3.17-55.1 php53-sysvshm-5.3.17-55.1 php53-tokenizer-5.3.17-55.1 php53-wddx-5.3.17-55.1 php53-xmlreader-5.3.17-55.1 php53-xmlrpc-5.3.17-55.1 php53-xmlwriter-5.3.17-55.1 php53-xsl-5.3.17-55.1 php53-zip-5.3.17-55.1 php53-zlib-5.3.17-55.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): php53-debuginfo-5.3.17-55.1 php53-debugsource-5.3.17-55.1 References: https://www.suse.com/security/cve/CVE-2014-3587.html https://www.suse.com/security/cve/CVE-2016-3587.html https://www.suse.com/security/cve/CVE-2016-5399.html https://www.suse.com/security/cve/CVE-2016-6288.html https://www.suse.com/security/cve/CVE-2016-6289.html https://www.suse.com/security/cve/CVE-2016-6290.html https://www.suse.com/security/cve/CVE-2016-6291.html https://www.suse.com/security/cve/CVE-2016-6296.html https://www.suse.com/security/cve/CVE-2016-6297.html https://www.suse.com/security/cve/CVE-2016-7124.html https://www.suse.com/security/cve/CVE-2016-7125.html https://www.suse.com/security/cve/CVE-2016-7126.html https://www.suse.com/security/cve/CVE-2016-7127.html https://www.suse.com/security/cve/CVE-2016-7128.html https://www.suse.com/security/cve/CVE-2016-7129.html https://www.suse.com/security/cve/CVE-2016-7130.html https://www.suse.com/security/cve/CVE-2016-7131.html https://www.suse.com/security/cve/CVE-2016-7132.html https://bugzilla.suse.com/987530 https://bugzilla.suse.com/991426 https://bugzilla.suse.com/991427 https://bugzilla.suse.com/991428 https://bugzilla.suse.com/991429 https://bugzilla.suse.com/991430 https://bugzilla.suse.com/991433 https://bugzilla.suse.com/991437 https://bugzilla.suse.com/997206 https://bugzilla.suse.com/997207 https://bugzilla.suse.com/997208 https://bugzilla.suse.com/997210 https://bugzilla.suse.com/997211 https://bugzilla.suse.com/997220 https://bugzilla.suse.com/997225 https://bugzilla.suse.com/997230 https://bugzilla.suse.com/997257 From sle-updates at lists.suse.com Fri Sep 16 13:12:41 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Sep 2016 21:12:41 +0200 (CEST) Subject: SUSE-SU-2016:2329-1: moderate: Security update for apache2-mod_nss Message-ID: <20160916191241.6FE5AFC45@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2329-1 Rating: moderate References: #975394 #979688 Cross-References: CVE-2013-4566 CVE-2014-3566 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements: - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Drop mod_nss_migrate.pl and use upstream migrate script instead. - Check for Apache user owner/group read permissions of NSS database at startup. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Don't ignore NSSProtocol when NSSFIPS is enabled. - Use proper shell syntax to avoid creating /0 in gencert. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env. - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI) - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in the version of NSS mod_nss is built against. - Add the SECURE_RENEG environment variable. - Add some hints when NSS database cannot be initialized. - Code cleanup including trailing whitespace and compiler warnings. - Modernize autotools configuration slightly, add config.h. - Add small test suite for SNI. - Add compatibility for mod_ssl-style cipher definitions. - Add Camelia ciphers. - Remove Fortezza ciphers. - Add TLSv1.2-specific ciphers. - Initialize cipher list when re-negotiating handshake. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Improve protocol testing. - Add nss_pcache man page. - Fix argument handling in nss_pcache. - Support httpd 2.4+. - Allow users to configure a helper to ask for certificate passphrases via NSSPassPhraseDialog. (bsc#975394) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-apache2-mod_nss-12751=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-apache2-mod_nss-12751=1 - SUSE Manager 2.1: zypper in -t patch sleman21-apache2-mod_nss-12751=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-apache2-mod_nss-12751=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-apache2-mod_nss-12751=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-apache2-mod_nss-12751=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-apache2-mod_nss-12751=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-apache2-mod_nss-12751=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-apache2-mod_nss-12751=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-apache2-mod_nss-12751=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): apache2-mod_nss-1.0.14-0.4.25.1 - SUSE Manager Proxy 2.1 (x86_64): apache2-mod_nss-1.0.14-0.4.25.1 - SUSE Manager 2.1 (s390x x86_64): apache2-mod_nss-1.0.14-0.4.25.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-1.0.14-0.4.25.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): apache2-mod_nss-1.0.14-0.4.25.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): apache2-mod_nss-1.0.14-0.4.25.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): apache2-mod_nss-1.0.14-0.4.25.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_nss-debuginfo-1.0.14-0.4.25.1 apache2-mod_nss-debugsource-1.0.14-0.4.25.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): apache2-mod_nss-debuginfo-1.0.14-0.4.25.1 apache2-mod_nss-debugsource-1.0.14-0.4.25.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): apache2-mod_nss-debuginfo-1.0.14-0.4.25.1 apache2-mod_nss-debugsource-1.0.14-0.4.25.1 References: https://www.suse.com/security/cve/CVE-2013-4566.html https://www.suse.com/security/cve/CVE-2014-3566.html https://bugzilla.suse.com/975394 https://bugzilla.suse.com/979688 From sle-updates at lists.suse.com Fri Sep 16 13:13:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Sep 2016 21:13:26 +0200 (CEST) Subject: SUSE-SU-2016:2330-1: moderate: Security update for curl Message-ID: <20160916191326.6B2EBFC44@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2330-1 Rating: moderate References: #991389 #991390 #991391 #991746 #997420 Cross-References: CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389) - CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390) - CVE-2016-5421: use of connection struct after free (bsc#991391) - CVE-2016-7141: Fixed incorrect reuse of client certificates with NSS (bsc#997420) Also the following bug was fixed: - fixing a performance issue (bsc#991746) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1364=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1364=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1364=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): curl-debuginfo-7.37.0-28.1 curl-debugsource-7.37.0-28.1 libcurl-devel-7.37.0-28.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): curl-7.37.0-28.1 curl-debuginfo-7.37.0-28.1 curl-debugsource-7.37.0-28.1 libcurl4-7.37.0-28.1 libcurl4-debuginfo-7.37.0-28.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libcurl4-32bit-7.37.0-28.1 libcurl4-debuginfo-32bit-7.37.0-28.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): curl-7.37.0-28.1 curl-debuginfo-7.37.0-28.1 curl-debugsource-7.37.0-28.1 libcurl4-32bit-7.37.0-28.1 libcurl4-7.37.0-28.1 libcurl4-debuginfo-32bit-7.37.0-28.1 libcurl4-debuginfo-7.37.0-28.1 References: https://www.suse.com/security/cve/CVE-2016-5419.html https://www.suse.com/security/cve/CVE-2016-5420.html https://www.suse.com/security/cve/CVE-2016-5421.html https://www.suse.com/security/cve/CVE-2016-7141.html https://bugzilla.suse.com/991389 https://bugzilla.suse.com/991390 https://bugzilla.suse.com/991391 https://bugzilla.suse.com/991746 https://bugzilla.suse.com/997420 From sle-updates at lists.suse.com Fri Sep 16 14:09:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Sep 2016 22:09:14 +0200 (CEST) Subject: SUSE-RU-2016:2331-1: moderate: Recommended update for nfs-utils Message-ID: <20160916200914.1FD7AFC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2331-1 Rating: moderate References: #990356 #994468 #997134 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - nfs.service: Don't fail if "mount" reports an error (bsc#997134) - Included various upstream systemd unit file updates to ensure correct starting dependencies of nfsd and rpcbind. (bsc#990356) - Fix typos relating to version setting (bsc#990356) - Add new systemd "generator" to create proper ordering between nfsd startup and mounting different filesystems. (bsc#994468) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1367=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1367=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): nfs-client-1.3.0-32.1 nfs-client-debuginfo-1.3.0-32.1 nfs-doc-1.3.0-32.1 nfs-kernel-server-1.3.0-32.1 nfs-kernel-server-debuginfo-1.3.0-32.1 nfs-utils-debugsource-1.3.0-32.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): nfs-client-1.3.0-32.1 nfs-client-debuginfo-1.3.0-32.1 nfs-kernel-server-1.3.0-32.1 nfs-kernel-server-debuginfo-1.3.0-32.1 nfs-utils-debugsource-1.3.0-32.1 References: https://bugzilla.suse.com/990356 https://bugzilla.suse.com/994468 https://bugzilla.suse.com/997134 From sle-updates at lists.suse.com Fri Sep 16 16:09:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Sep 2016 00:09:03 +0200 (CEST) Subject: SUSE-OU-2016:2332-1: Add scalapack to SLE 12 Backports Message-ID: <20160916220904.01624FC43@maintenance.suse.de> SUSE Optional Update: Add scalapack to SLE 12 Backports ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2332-1 Rating: low References: Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that has 0 optional fixes can now be installed. Description: This updated adds scalapack to the SLE 12 backports project. Scalapack is a subset of LAPACK routines redesigned for heterogenous computing. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch 5557=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): blacs-devel-headers-2.0.2-2.1 libblacs2-openmpi-2.0.2-2.1 libblacs2-openmpi-devel-2.0.2-2.1 libblacs2-openmpi-devel-static-2.0.2-2.1 libscalapack2-openmpi-2.0.2-2.1 libscalapack2-openmpi-devel-2.0.2-2.1 libscalapack2-openmpi-devel-static-2.0.2-2.1 scalapack-openmpi-test-2.0.2-2.1 References: From sle-updates at lists.suse.com Tue Sep 20 12:09:29 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Sep 2016 20:09:29 +0200 (CEST) Subject: SUSE-SU-2016:2343-1: important: Security update for mysql Message-ID: <20160920180929.64E0CFC43@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2343-1 Rating: important References: #937258 #967374 #989913 #989919 #989922 #989926 #998309 Cross-References: CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-6662 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This mysql update to verson 5.5.52 fixes the following issues: Security issues fixed: - CVE-2016-3477: Fixed unspecified vulnerability in subcomponent parser (bsc#989913). - CVE-2016-3521: Fixed unspecified vulnerability in subcomponent types (bsc#989919). - CVE-2016-3615: Fixed unspecified vulnerability in subcomponent dml (bsc#989922). - CVE-2016-5440: Fixed unspecified vulnerability in subcomponent rbr (bsc#989926). - CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and , under certain circumstances, execute arbitrary code as mysql (or even root) user. (bsc#998309) More details can be found on: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html Bugs fixed: - bsc#967374: properly restart mysql multi instances during upgrade - bnc#937258: multi script to restart after crash Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-mysql-12752=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-mysql-12752=1 - SUSE Manager 2.1: zypper in -t patch sleman21-mysql-12752=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-12752=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-12752=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-mysql-12752=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mysql-12752=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-12752=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mysql-12752=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): libmysql55client18-32bit-5.5.52-0.27.1 libmysql55client18-5.5.52-0.27.1 libmysql55client_r18-5.5.52-0.27.1 mysql-5.5.52-0.27.1 mysql-client-5.5.52-0.27.1 mysql-tools-5.5.52-0.27.1 - SUSE Manager Proxy 2.1 (x86_64): libmysql55client18-32bit-5.5.52-0.27.1 libmysql55client18-5.5.52-0.27.1 libmysql55client_r18-5.5.52-0.27.1 mysql-5.5.52-0.27.1 mysql-client-5.5.52-0.27.1 mysql-tools-5.5.52-0.27.1 - SUSE Manager 2.1 (s390x x86_64): libmysql55client18-32bit-5.5.52-0.27.1 libmysql55client18-5.5.52-0.27.1 libmysql55client_r18-5.5.52-0.27.1 mysql-5.5.52-0.27.1 mysql-client-5.5.52-0.27.1 mysql-tools-5.5.52-0.27.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.52-0.27.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.52-0.27.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.52-0.27.1 libmysql55client_r18-5.5.52-0.27.1 mysql-5.5.52-0.27.1 mysql-client-5.5.52-0.27.1 mysql-tools-5.5.52-0.27.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.52-0.27.1 libmysql55client_r18-32bit-5.5.52-0.27.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.52-0.27.1 libmysql55client_r18-x86-5.5.52-0.27.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libmysql55client18-5.5.52-0.27.1 libmysql55client_r18-5.5.52-0.27.1 mysql-5.5.52-0.27.1 mysql-client-5.5.52-0.27.1 mysql-tools-5.5.52-0.27.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libmysql55client18-32bit-5.5.52-0.27.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libmysql55client18-5.5.52-0.27.1 libmysql55client_r18-5.5.52-0.27.1 mysql-5.5.52-0.27.1 mysql-client-5.5.52-0.27.1 mysql-tools-5.5.52-0.27.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.52-0.27.1 mysql-debugsource-5.5.52-0.27.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mysql-debuginfo-5.5.52-0.27.1 mysql-debugsource-5.5.52-0.27.1 References: https://www.suse.com/security/cve/CVE-2016-3477.html https://www.suse.com/security/cve/CVE-2016-3521.html https://www.suse.com/security/cve/CVE-2016-3615.html https://www.suse.com/security/cve/CVE-2016-5440.html https://www.suse.com/security/cve/CVE-2016-6662.html https://bugzilla.suse.com/937258 https://bugzilla.suse.com/967374 https://bugzilla.suse.com/989913 https://bugzilla.suse.com/989919 https://bugzilla.suse.com/989922 https://bugzilla.suse.com/989926 https://bugzilla.suse.com/998309 From sle-updates at lists.suse.com Wed Sep 21 08:09:43 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Sep 2016 16:09:43 +0200 (CEST) Subject: SUSE-SU-2016:2345-1: moderate: Security update for libgcrypt Message-ID: <20160921140943.E1255FC43@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2345-1 Rating: moderate References: #994157 Cross-References: CVE-2016-6313 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libgcrypt fixes the following issues: - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1370=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1370=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1370=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.33.1 libgcrypt-devel-1.6.1-16.33.1 libgcrypt-devel-debuginfo-1.6.1-16.33.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.33.1 libgcrypt20-1.6.1-16.33.1 libgcrypt20-debuginfo-1.6.1-16.33.1 libgcrypt20-hmac-1.6.1-16.33.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgcrypt20-32bit-1.6.1-16.33.1 libgcrypt20-debuginfo-32bit-1.6.1-16.33.1 libgcrypt20-hmac-32bit-1.6.1-16.33.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libgcrypt-debugsource-1.6.1-16.33.1 libgcrypt20-1.6.1-16.33.1 libgcrypt20-32bit-1.6.1-16.33.1 libgcrypt20-debuginfo-1.6.1-16.33.1 libgcrypt20-debuginfo-32bit-1.6.1-16.33.1 References: https://www.suse.com/security/cve/CVE-2016-6313.html https://bugzilla.suse.com/994157 From sle-updates at lists.suse.com Wed Sep 21 09:10:40 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Sep 2016 17:10:40 +0200 (CEST) Subject: SUSE-SU-2016:2346-1: moderate: Security update for libgcrypt Message-ID: <20160921151040.EA752FC47@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2346-1 Rating: moderate References: #994157 Cross-References: CVE-2016-6313 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libgcrypt fixes the following issues: - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libgcrypt-12753=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libgcrypt-12753=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libgcrypt-12753=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgcrypt-devel-1.5.0-0.22.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libgcrypt-devel-32bit-1.5.0-0.22.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgcrypt11-1.5.0-0.22.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libgcrypt11-32bit-1.5.0-0.22.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libgcrypt11-x86-1.5.0-0.22.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgcrypt-debuginfo-1.5.0-0.22.1 libgcrypt-debugsource-1.5.0-0.22.1 References: https://www.suse.com/security/cve/CVE-2016-6313.html https://bugzilla.suse.com/994157 From sle-updates at lists.suse.com Wed Sep 21 12:10:11 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Sep 2016 20:10:11 +0200 (CEST) Subject: SUSE-SU-2016:2347-1: important: Security update for java-1_7_1-ibm Message-ID: <20160921181011.0F9F3FC43@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2347-1 Rating: important References: #992537 Cross-References: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. - Add hwkeytool binary for zSeries. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1372=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1372=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1372=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1372=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2 - SUSE Linux Enterprise Server for SAP 12 (x86_64): java-1_7_1-ibm-1.7.1_sr3.50-28.2 java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2 java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2 java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2 java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.50-28.2 java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2 java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr3.50-28.2 java-1_7_1-ibm-devel-1.7.1_sr3.50-28.2 java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28.2 - SUSE Linux Enterprise Server 12-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr3.50-28.2 java-1_7_1-ibm-plugin-1.7.1_sr3.50-28.2 References: https://www.suse.com/security/cve/CVE-2016-3485.html https://www.suse.com/security/cve/CVE-2016-3511.html https://www.suse.com/security/cve/CVE-2016-3598.html https://bugzilla.suse.com/992537 From sle-updates at lists.suse.com Wed Sep 21 12:10:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Sep 2016 20:10:45 +0200 (CEST) Subject: SUSE-SU-2016:2348-1: important: Security update for java-1_6_0-ibm Message-ID: <20160921181045.BFA4FFC45@maintenance.suse.de> SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2348-1 Rating: important References: #992537 Cross-References: CVE-2016-3485 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: IBM Java 6 was updated to version 6.0-16.30. Following security issue was fixed: CVE-2016-3485 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-java-1_6_0-ibm-12754=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-java-1_6_0-ibm-12754=1 - SUSE Manager 2.1: zypper in -t patch sleman21-java-1_6_0-ibm-12754=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-java-1_6_0-ibm-12754=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-java-1_6_0-ibm-12754=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_6_0-ibm-12754=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): java-1_6_0-ibm-1.6.0_sr16.30-75.1 java-1_6_0-ibm-devel-1.6.0_sr16.30-75.1 java-1_6_0-ibm-fonts-1.6.0_sr16.30-75.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.30-75.1 java-1_6_0-ibm-plugin-1.6.0_sr16.30-75.1 - SUSE Manager Proxy 2.1 (x86_64): java-1_6_0-ibm-1.6.0_sr16.30-75.1 java-1_6_0-ibm-devel-1.6.0_sr16.30-75.1 java-1_6_0-ibm-fonts-1.6.0_sr16.30-75.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.30-75.1 java-1_6_0-ibm-plugin-1.6.0_sr16.30-75.1 - SUSE Manager 2.1 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.30-75.1 java-1_6_0-ibm-devel-1.6.0_sr16.30-75.1 java-1_6_0-ibm-fonts-1.6.0_sr16.30-75.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.30-75.1 - SUSE Manager 2.1 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.30-75.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.30-75.1 java-1_6_0-ibm-devel-1.6.0_sr16.30-75.1 java-1_6_0-ibm-fonts-1.6.0_sr16.30-75.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.30-75.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.30-75.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.30-75.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.30-75.1 java-1_6_0-ibm-devel-1.6.0_sr16.30-75.1 java-1_6_0-ibm-fonts-1.6.0_sr16.30-75.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.30-75.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.30-75.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): java-1_6_0-ibm-alsa-1.6.0_sr16.30-75.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_6_0-ibm-1.6.0_sr16.30-75.1 java-1_6_0-ibm-alsa-1.6.0_sr16.30-75.1 java-1_6_0-ibm-devel-1.6.0_sr16.30-75.1 java-1_6_0-ibm-fonts-1.6.0_sr16.30-75.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.30-75.1 java-1_6_0-ibm-plugin-1.6.0_sr16.30-75.1 References: https://www.suse.com/security/cve/CVE-2016-3485.html https://bugzilla.suse.com/992537 From sle-updates at lists.suse.com Thu Sep 22 18:08:56 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Sep 2016 02:08:56 +0200 (CEST) Subject: SUSE-RU-2016:2350-1: moderate: Recommended update for aaa_base Message-ID: <20160923000856.CFB7EFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2350-1 Rating: moderate References: #996442 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issues: - Fix regression from previous change: wrong return code of chkconfig (bsc#996442) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-aaa_base-12755=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-aaa_base-12755=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): aaa_base-11-6.112.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): aaa_base-debuginfo-11-6.112.1 References: https://bugzilla.suse.com/996442 From sle-updates at lists.suse.com Thu Sep 22 18:09:28 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Sep 2016 02:09:28 +0200 (CEST) Subject: SUSE-RU-2016:2351-1: Recommended update for gconf-editor Message-ID: <20160923000928.2B195FC44@maintenance.suse.de> SUSE Recommended Update: Recommended update for gconf-editor ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2351-1 Rating: low References: #989348 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gconf-editor fixes an assertion failure while navigating the left tree view. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1374=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1374=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gconf-editor-3.0.1-10.3 gconf-editor-debuginfo-3.0.1-10.3 gconf-editor-debugsource-3.0.1-10.3 - SUSE Linux Enterprise Server 12-SP1 (noarch): gconf-editor-lang-3.0.1-10.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gconf-editor-lang-3.0.1-10.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gconf-editor-3.0.1-10.3 gconf-editor-debuginfo-3.0.1-10.3 gconf-editor-debugsource-3.0.1-10.3 References: https://bugzilla.suse.com/989348 From sle-updates at lists.suse.com Thu Sep 22 18:09:53 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Sep 2016 02:09:53 +0200 (CEST) Subject: SUSE-RU-2016:2352-1: moderate: Recommended update for aaa_base Message-ID: <20160923000953.08529FC44@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2352-1 Rating: moderate References: #996442 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issues: - Fix regression introducted by fix for bnc#971567: wrong return code of chkconfig (bsc#996442) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1375=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1375=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1375=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): aaa_base-debuginfo-13.2+git20140911.61c1681-25.1 aaa_base-debugsource-13.2+git20140911.61c1681-25.1 aaa_base-malloccheck-13.2+git20140911.61c1681-25.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): aaa_base-13.2+git20140911.61c1681-25.1 aaa_base-debuginfo-13.2+git20140911.61c1681-25.1 aaa_base-debugsource-13.2+git20140911.61c1681-25.1 aaa_base-extras-13.2+git20140911.61c1681-25.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): aaa_base-13.2+git20140911.61c1681-25.1 aaa_base-debuginfo-13.2+git20140911.61c1681-25.1 aaa_base-debugsource-13.2+git20140911.61c1681-25.1 aaa_base-extras-13.2+git20140911.61c1681-25.1 References: https://bugzilla.suse.com/996442 From sle-updates at lists.suse.com Fri Sep 23 07:10:30 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Sep 2016 15:10:30 +0200 (CEST) Subject: SUSE-SU-2016:2353-1: moderate: Security update for yast2-storage Message-ID: <20160923131030.4492FFC43@maintenance.suse.de> SUSE Security Update: Security update for yast2-storage ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2353-1 Rating: moderate References: #937942 #984245 #986971 #996208 Cross-References: CVE-2016-5746 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for yast2-storage provides the following fixes: Security issues fixed: - Use standard IPC, and not temporary files, to pass passwords between processes. (bsc#986971, CVE-2016-5746) Non security bugs fixed: - Fix usage of complete multipath disk as LVM physical volume. (bsc#984245) - Load the correct multipath module (dm-multipath). (bsc#937942) - Improve message for creating volumes with a filesystem but without a mount point. (bsc#996208) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-yast2-storage-12756=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-yast2-storage-12756=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-yast2-storage-12756=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-storage-devel-2.17.161-5.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-storage-2.17.161-5.1 yast2-storage-lib-2.17.161-5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): yast2-storage-debuginfo-2.17.161-5.1 yast2-storage-debugsource-2.17.161-5.1 References: https://www.suse.com/security/cve/CVE-2016-5746.html https://bugzilla.suse.com/937942 https://bugzilla.suse.com/984245 https://bugzilla.suse.com/986971 https://bugzilla.suse.com/996208 From sle-updates at lists.suse.com Fri Sep 23 08:10:12 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Sep 2016 16:10:12 +0200 (CEST) Subject: SUSE-SU-2016:2355-1: moderate: Security update for libstorage Message-ID: <20160923141012.968F5FC45@maintenance.suse.de> SUSE Security Update: Security update for libstorage ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2355-1 Rating: moderate References: #986971 Cross-References: CVE-2016-5746 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libstorage fixes the following issues: - Use stdin, not tmp files for passwords (bsc#986971, CVE-2016-5746) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1378=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1378=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libstorage-debugsource-2.25.16.1-3.1 libstorage-ruby-2.25.16.1-3.1 libstorage-ruby-debuginfo-2.25.16.1-3.1 libstorage5-2.25.16.1-3.1 libstorage5-debuginfo-2.25.16.1-3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libstorage-debugsource-2.25.16.1-3.1 libstorage-ruby-2.25.16.1-3.1 libstorage-ruby-debuginfo-2.25.16.1-3.1 libstorage5-2.25.16.1-3.1 libstorage5-debuginfo-2.25.16.1-3.1 References: https://www.suse.com/security/cve/CVE-2016-5746.html https://bugzilla.suse.com/986971 From sle-updates at lists.suse.com Fri Sep 23 08:10:52 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Sep 2016 16:10:52 +0200 (CEST) Subject: SUSE-RU-2016:2356-1: moderate: Recommended update for ceph Message-ID: <20160923141052.A3C61FC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2356-1 Rating: moderate References: #995150 #995632 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Real Time Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides Ceph 0.94.7, which brings several fixes and enhancements: - Improved compatibility with SES 2.1 and SES 3 clusters. - Client-side librados code performance improvements: better throughput on flash backends, improved parallelism and scalability on fast machines. - New administrator commands: - 'ceph osd df' (OSD disk utilization) - 'ceph pg ls ...' (query Placement Group states, diagnostics) - Improved health reporting: 'ceph -s' and related commands now properly distinguish between "degraded" and "misplaced" data. - Many bug fixes. For a comprehensive list of changes please refer to the package's change log. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1379=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1379=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1379=1 - SUSE Linux Enterprise Real Time Extension 12-SP1: zypper in -t patch SUSE-SLE-RT-12-SP1-2016-1379=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1379=1 - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2016-1379=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libvirt-client-32bit-1.2.18.4-15.2 libvirt-client-debuginfo-32bit-1.2.18.4-15.2 libvirt-debugsource-1.2.18.4-15.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libvirt-debugsource-1.2.18.4-15.2 libvirt-devel-1.2.18.4-15.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): babeltrace-debuginfo-1.2.4-5.1 babeltrace-debugsource-1.2.4-5.1 babeltrace-devel-1.2.4-5.1 ceph-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 ceph-debugsource-0.94.7+git.1469119571.8e6f430-12.2 ceph-devel-compat-0.94.7+git.1469119571.8e6f430-12.2 libcephfs1-devel-0.94.7+git.1469119571.8e6f430-12.2 librados2-devel-0.94.7+git.1469119571.8e6f430-12.2 libradosstriper1-devel-0.94.7+git.1469119571.8e6f430-12.2 librbd1-devel-0.94.7+git.1469119571.8e6f430-12.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libvirt-1.2.18.4-15.2 libvirt-client-1.2.18.4-15.2 libvirt-client-debuginfo-1.2.18.4-15.2 libvirt-daemon-1.2.18.4-15.2 libvirt-daemon-config-network-1.2.18.4-15.2 libvirt-daemon-config-nwfilter-1.2.18.4-15.2 libvirt-daemon-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-interface-1.2.18.4-15.2 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-lxc-1.2.18.4-15.2 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-network-1.2.18.4-15.2 libvirt-daemon-driver-network-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-nodedev-1.2.18.4-15.2 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-nwfilter-1.2.18.4-15.2 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-qemu-1.2.18.4-15.2 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-secret-1.2.18.4-15.2 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-storage-1.2.18.4-15.2 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-15.2 libvirt-daemon-lxc-1.2.18.4-15.2 libvirt-daemon-qemu-1.2.18.4-15.2 libvirt-debugsource-1.2.18.4-15.2 libvirt-doc-1.2.18.4-15.2 libvirt-lock-sanlock-1.2.18.4-15.2 libvirt-lock-sanlock-debuginfo-1.2.18.4-15.2 qemu-2.3.1-18.4 qemu-block-curl-2.3.1-18.4 qemu-block-curl-debuginfo-2.3.1-18.4 qemu-debugsource-2.3.1-18.4 qemu-guest-agent-2.3.1-18.4 qemu-guest-agent-debuginfo-2.3.1-18.4 qemu-lang-2.3.1-18.4 qemu-tools-2.3.1-18.4 qemu-tools-debuginfo-2.3.1-18.4 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): qemu-kvm-2.3.1-18.4 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): qemu-ppc-2.3.1-18.4 qemu-ppc-debuginfo-2.3.1-18.4 - SUSE Linux Enterprise Server 12-SP1 (x86_64): babeltrace-1.2.4-5.1 babeltrace-debuginfo-1.2.4-5.1 babeltrace-debugsource-1.2.4-5.1 ceph-common-0.94.7+git.1469119571.8e6f430-12.2 ceph-common-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 ceph-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 ceph-debugsource-0.94.7+git.1469119571.8e6f430-12.2 libcephfs1-0.94.7+git.1469119571.8e6f430-12.2 libcephfs1-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 librados2-0.94.7+git.1469119571.8e6f430-12.2 librados2-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 libradosstriper1-0.94.7+git.1469119571.8e6f430-12.2 libradosstriper1-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 librbd1-0.94.7+git.1469119571.8e6f430-12.2 librbd1-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 liburcu-devel-0.8.8-3.1 liburcu0-0.8.8-3.1 liburcu0-debuginfo-0.8.8-3.1 liburcu0-debugsource-0.8.8-3.1 libvirt-daemon-driver-libxl-1.2.18.4-15.2 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-15.2 libvirt-daemon-xen-1.2.18.4-15.2 lttng-ust-2.7.0-3.1 lttng-ust-debuginfo-2.7.0-3.1 lttng-ust-debugsource-2.7.0-3.1 lttng-ust-devel-2.7.0-3.1 python-ceph-compat-0.94.7+git.1469119571.8e6f430-12.2 python-cephfs-0.94.7+git.1469119571.8e6f430-12.2 python-rados-0.94.7+git.1469119571.8e6f430-12.2 python-rbd-0.94.7+git.1469119571.8e6f430-12.2 qemu-block-rbd-2.3.1-18.4 qemu-block-rbd-debuginfo-2.3.1-18.4 qemu-x86-2.3.1-18.4 - SUSE Linux Enterprise Server 12-SP1 (noarch): qemu-ipxe-1.0.0-18.4 qemu-seabios-1.8.1-18.4 qemu-sgabios-8-18.4 qemu-vgabios-1.8.1-18.4 - SUSE Linux Enterprise Server 12-SP1 (s390x): qemu-s390-2.3.1-18.4 qemu-s390-debuginfo-2.3.1-18.4 - SUSE Linux Enterprise Real Time Extension 12-SP1 (x86_64): babeltrace-1.2.4-5.1 babeltrace-debuginfo-1.2.4-5.1 babeltrace-debugsource-1.2.4-5.1 babeltrace-devel-1.2.4-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): qemu-ipxe-1.0.0-18.4 qemu-seabios-1.8.1-18.4 qemu-sgabios-8-18.4 qemu-vgabios-1.8.1-18.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): babeltrace-1.2.4-5.1 babeltrace-debuginfo-1.2.4-5.1 babeltrace-debugsource-1.2.4-5.1 ceph-common-0.94.7+git.1469119571.8e6f430-12.2 ceph-common-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 ceph-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 ceph-debugsource-0.94.7+git.1469119571.8e6f430-12.2 libcephfs1-0.94.7+git.1469119571.8e6f430-12.2 libcephfs1-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 librados2-0.94.7+git.1469119571.8e6f430-12.2 librados2-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 libradosstriper1-0.94.7+git.1469119571.8e6f430-12.2 libradosstriper1-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 librbd1-0.94.7+git.1469119571.8e6f430-12.2 librbd1-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 liburcu0-0.8.8-3.1 liburcu0-debuginfo-0.8.8-3.1 liburcu0-debugsource-0.8.8-3.1 libvirt-1.2.18.4-15.2 libvirt-client-1.2.18.4-15.2 libvirt-client-32bit-1.2.18.4-15.2 libvirt-client-debuginfo-1.2.18.4-15.2 libvirt-client-debuginfo-32bit-1.2.18.4-15.2 libvirt-daemon-1.2.18.4-15.2 libvirt-daemon-config-network-1.2.18.4-15.2 libvirt-daemon-config-nwfilter-1.2.18.4-15.2 libvirt-daemon-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-interface-1.2.18.4-15.2 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-libxl-1.2.18.4-15.2 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-lxc-1.2.18.4-15.2 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-network-1.2.18.4-15.2 libvirt-daemon-driver-network-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-nodedev-1.2.18.4-15.2 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-nwfilter-1.2.18.4-15.2 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-qemu-1.2.18.4-15.2 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-secret-1.2.18.4-15.2 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-15.2 libvirt-daemon-driver-storage-1.2.18.4-15.2 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-15.2 libvirt-daemon-lxc-1.2.18.4-15.2 libvirt-daemon-qemu-1.2.18.4-15.2 libvirt-daemon-xen-1.2.18.4-15.2 libvirt-debugsource-1.2.18.4-15.2 libvirt-doc-1.2.18.4-15.2 lttng-ust-2.7.0-3.1 lttng-ust-debuginfo-2.7.0-3.1 lttng-ust-debugsource-2.7.0-3.1 python-ceph-compat-0.94.7+git.1469119571.8e6f430-12.2 python-cephfs-0.94.7+git.1469119571.8e6f430-12.2 python-rados-0.94.7+git.1469119571.8e6f430-12.2 python-rbd-0.94.7+git.1469119571.8e6f430-12.2 qemu-2.3.1-18.4 qemu-block-curl-2.3.1-18.4 qemu-block-curl-debuginfo-2.3.1-18.4 qemu-debugsource-2.3.1-18.4 qemu-kvm-2.3.1-18.4 qemu-tools-2.3.1-18.4 qemu-tools-debuginfo-2.3.1-18.4 qemu-x86-2.3.1-18.4 - SUSE Enterprise Storage 2.1 (x86_64): ceph-0.94.7+git.1469119571.8e6f430-12.2 ceph-common-0.94.7+git.1469119571.8e6f430-12.2 ceph-common-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 ceph-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 ceph-debugsource-0.94.7+git.1469119571.8e6f430-12.2 ceph-fuse-0.94.7+git.1469119571.8e6f430-12.2 ceph-fuse-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 ceph-radosgw-0.94.7+git.1469119571.8e6f430-12.2 ceph-radosgw-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 ceph-test-0.94.7+git.1469119571.8e6f430-12.2 ceph-test-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 libcephfs1-0.94.7+git.1469119571.8e6f430-12.2 libcephfs1-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 librados2-0.94.7+git.1469119571.8e6f430-12.2 librados2-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 libradosstriper1-0.94.7+git.1469119571.8e6f430-12.2 libradosstriper1-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 librbd1-0.94.7+git.1469119571.8e6f430-12.2 librbd1-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 python-cephfs-0.94.7+git.1469119571.8e6f430-12.2 python-rados-0.94.7+git.1469119571.8e6f430-12.2 python-rbd-0.94.7+git.1469119571.8e6f430-12.2 rbd-fuse-0.94.7+git.1469119571.8e6f430-12.2 rbd-fuse-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 rest-bench-0.94.7+git.1469119571.8e6f430-12.2 rest-bench-debuginfo-0.94.7+git.1469119571.8e6f430-12.2 References: https://bugzilla.suse.com/995150 https://bugzilla.suse.com/995632 From sle-updates at lists.suse.com Fri Sep 23 10:10:47 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Sep 2016 18:10:47 +0200 (CEST) Subject: SUSE-SU-2016:2358-1: moderate: Security update for wget Message-ID: <20160923161047.B861DFC43@maintenance.suse.de> SUSE Security Update: Security update for wget ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2358-1 Rating: moderate References: #958342 #984060 #995964 Cross-References: CVE-2016-4971 CVE-2016-7098 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for wget fixes the following issues: - CVE-2016-4971: A HTTP to FTP redirection file name confusion vulnerability was fixed. (bsc#984060). - CVE-2016-7098: A potential race condition was fixed by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964) Bug fixed: - Wget failed with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-wget-12757=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-wget-12757=1 - SUSE Manager 2.1: zypper in -t patch sleman21-wget-12757=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-wget-12757=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-wget-12757=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-wget-12757=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-wget-12757=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-wget-12757=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-wget-12757=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): wget-1.11.4-1.32.1 - SUSE Manager Proxy 2.1 (x86_64): wget-1.11.4-1.32.1 - SUSE Manager 2.1 (s390x x86_64): wget-1.11.4-1.32.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): wget-1.11.4-1.32.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): wget-1.11.4-1.32.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): wget-openssl1-1.11.4-1.32.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): wget-1.11.4-1.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): wget-debuginfo-1.11.4-1.32.1 wget-debugsource-1.11.4-1.32.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): wget-debuginfo-1.11.4-1.32.1 wget-debugsource-1.11.4-1.32.1 References: https://www.suse.com/security/cve/CVE-2016-4971.html https://www.suse.com/security/cve/CVE-2016-7098.html https://bugzilla.suse.com/958342 https://bugzilla.suse.com/984060 https://bugzilla.suse.com/995964 From sle-updates at lists.suse.com Fri Sep 23 11:09:45 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Sep 2016 19:09:45 +0200 (CEST) Subject: SUSE-RU-2016:2359-1: Recommended update for nodejs4 Message-ID: <20160923170945.A88B3FC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for nodejs4 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2359-1 Rating: low References: #997405 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Node.js 4.5.0, which brings many fixes and enhancements: - Buffer: + Backport new buffer constructor APIs to v4.x. + Backport --zero-fill-buffers cli option. + Ignore negative allocation lengths. - Build + Add Intel Vtune profiling support. - Repl + Copying tabs shouldn't trigger completion. - Src + Add node::FreeEnvironment public API. - Test + Run v8 tests from node tree. - V8 + Add post mortem data to improve object inspection and function's context variables inspection. + upgrade libuv to 1.9.1. + upgrade npm to 2.15.9. - Use system CA store instead of one provided by Node. - Simplify source code integrity check + Use GPG service instead of explicit BR. + Add empty checksum so GPG service is run. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1381=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le x86_64): nodejs4-4.5.0-5.1 nodejs4-debuginfo-4.5.0-5.1 nodejs4-debugsource-4.5.0-5.1 nodejs4-devel-4.5.0-5.1 npm4-4.5.0-5.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs4-docs-4.5.0-5.1 References: https://bugzilla.suse.com/997405 From sle-updates at lists.suse.com Fri Sep 23 15:09:31 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Sep 2016 23:09:31 +0200 (CEST) Subject: SUSE-RU-2016:2360-1: Sync to LTS6 Haskell and add darcs, stack, git-annex + ShellCheck Message-ID: <20160923210931.9BFBAFC43@maintenance.suse.de> SUSE Recommended Update: Sync to LTS6 Haskell and add darcs,stack, git-annex + ShellCheck ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2360-1 Rating: low References: Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: Sync to LTS6 Haskell and add darcs,stack, git-annex + ShellCheck Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch 5585=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): ghc-7.10.3-10.2 ghc-Cabal-1.22.8.0-10.2 ghc-Cabal-devel-1.22.8.0-10.2 ghc-DAV-1.2-2.3 ghc-DAV-devel-1.2-2.3 ghc-array-0.5.1.0-10.2 ghc-array-devel-0.5.1.0-10.2 ghc-aws-0.13.2-2.2 ghc-aws-devel-0.13.2-2.2 ghc-base-4.8.2.0-10.2 ghc-base-devel-4.8.2.0-10.2 ghc-binary-0.7.5.0-10.2 ghc-binary-devel-0.7.5.0-10.2 ghc-bytestring-0.10.6.0-10.2 ghc-bytestring-devel-0.10.6.0-10.2 ghc-compiler-7.10.3-10.2 ghc-containers-0.5.6.2-10.2 ghc-containers-devel-0.5.6.2-10.2 ghc-deepseq-1.4.1.1-10.2 ghc-deepseq-devel-1.4.1.1-10.2 ghc-directory-1.2.2.0-10.2 ghc-directory-devel-1.2.2.0-10.2 ghc-filepath-1.4.0.0-10.2 ghc-filepath-devel-1.4.0.0-10.2 ghc-ghc-7.10.3-10.2 ghc-ghc-devel-7.10.3-10.2 ghc-haskeline-0.7.2.3-10.2 ghc-haskeline-devel-0.7.2.3-10.2 ghc-hoopl-3.10.0.2-10.2 ghc-hoopl-devel-3.10.0.2-10.2 ghc-hpc-0.6.0.2-10.2 ghc-hpc-devel-0.6.0.2-10.2 ghc-libraries-7.10.3-10.2 ghc-old-time-1.1.0.3-6.3 ghc-old-time-devel-1.1.0.3-6.3 ghc-pandoc-1.17.1-8.1 ghc-pandoc-devel-1.17.1-8.1 ghc-pretty-1.1.2.0-10.2 ghc-pretty-devel-1.1.2.0-10.2 ghc-process-1.2.3.0-10.2 ghc-process-devel-1.2.3.0-10.2 ghc-stack-1.1.2-2.2 ghc-stack-devel-1.1.2-2.2 ghc-template-haskell-2.10.0.0-10.2 ghc-template-haskell-devel-2.10.0.0-10.2 ghc-terminfo-0.4.0.2-10.2 ghc-terminfo-devel-0.4.0.2-10.2 ghc-time-1.5.0.1-10.2 ghc-time-devel-1.5.0.1-10.2 ghc-transformers-0.4.2.0-10.2 ghc-transformers-devel-0.4.2.0-10.2 ghc-unix-2.7.1.0-10.2 ghc-unix-devel-2.7.1.0-10.2 ghc-xhtml-3000.2.1-10.2 ghc-xhtml-devel-3000.2.1-10.2 ghc-yesod-1.4.3-2.2 ghc-yesod-auth-1.4.13.3-2.2 ghc-yesod-auth-devel-1.4.13.3-2.2 ghc-yesod-devel-1.4.3-2.2 ghc-yesod-static-1.5.0.3-2.2 ghc-yesod-static-devel-1.5.0.3-2.2 git-annex-6.20160511-2.2 git-annex-bash-completion-6.20160511-2.2 pandoc-1.17.1-8.1 pandoc-pdf-1.17.1-8.1 stack-1.1.2-2.2 - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 s390x x86_64): ShellCheck-0.4.4-2.11 alex-3.1.7-2.20 c2hs-0.28.1-2.12 cabal-install-1.22.9.0-2.23 darcs-2.12.0-2.6 ghc-Glob-0.7.11-2.14 ghc-Glob-devel-0.7.11-2.14 ghc-HTTP-4000.3.3-6.17 ghc-HTTP-devel-4000.3.3-6.17 ghc-HUnit-1.3.1.1-2.15 ghc-HUnit-devel-1.3.1.1-2.15 ghc-IfElse-0.85-2.6 ghc-IfElse-devel-0.85-2.6 ghc-JuicyPixels-3.2.7.2-6.17 ghc-JuicyPixels-devel-3.2.7.2-6.17 ghc-MissingH-1.3.0.2-2.12 ghc-MissingH-devel-1.3.0.2-2.12 ghc-MonadRandom-0.4.2.3-2.6 ghc-MonadRandom-devel-0.4.2.3-2.6 ghc-QuickCheck-2.8.2-2.14 ghc-QuickCheck-devel-2.8.2-2.14 ghc-SHA-1.6.4.2-6.10 ghc-SHA-devel-1.6.4.2-6.10 ghc-SafeSemaphore-0.10.1-2.13 ghc-SafeSemaphore-devel-0.10.1-2.13 ghc-ShellCheck-0.4.4-2.11 ghc-ShellCheck-devel-0.4.4-2.11 ghc-StateVar-1.1.0.4-2.6 ghc-StateVar-devel-1.1.0.4-2.6 ghc-adjunctions-4.3-2.11 ghc-adjunctions-devel-4.3-2.11 ghc-aeson-0.11.2.0-6.19 ghc-aeson-compat-0.3.5.1-2.8 ghc-aeson-compat-devel-0.3.5.1-2.8 ghc-aeson-devel-0.11.2.0-6.19 ghc-aeson-pretty-0.7.2-2.9 ghc-aeson-pretty-devel-0.7.2-2.9 ghc-ansi-terminal-0.6.2.3-2.10 ghc-ansi-terminal-devel-0.6.2.3-2.10 ghc-ansi-wl-pprint-0.6.7.3-2.4 ghc-ansi-wl-pprint-devel-0.6.7.3-2.4 ghc-appar-0.1.4-2.10 ghc-appar-devel-0.1.4-2.10 ghc-asn1-encoding-0.9.4-6.8 ghc-asn1-encoding-devel-0.9.4-6.8 ghc-asn1-parse-0.9.4-6.4 ghc-asn1-parse-devel-0.9.4-6.4 ghc-asn1-types-0.3.2-6.15 ghc-asn1-types-devel-0.3.2-6.15 ghc-async-2.1.0-6.7 ghc-async-devel-2.1.0-6.7 ghc-attoparsec-0.13.0.2-6.19 ghc-attoparsec-devel-0.13.0.2-6.19 ghc-authenticate-1.3.3.2-2.3 ghc-authenticate-devel-1.3.3.2-2.3 ghc-auto-update-0.1.4-2.13 ghc-auto-update-devel-0.1.4-2.13 ghc-base-compat-0.9.1-2.13 ghc-base-compat-devel-0.9.1-2.13 ghc-base-orphans-0.5.4-2.9 ghc-base-orphans-devel-0.5.4-2.9 ghc-base16-bytestring-0.1.1.6-2.9 ghc-base16-bytestring-devel-0.1.1.6-2.9 ghc-base64-bytestring-1.0.0.1-6.14 ghc-base64-bytestring-devel-1.0.0.1-6.14 ghc-bencode-0.6.0.0-2.11 ghc-bencode-devel-0.6.0.0-2.11 ghc-bifunctors-5.2-2.14 ghc-bifunctors-devel-5.2-2.14 ghc-binary-tagged-0.1.4.0-2.6 ghc-binary-tagged-devel-0.1.4.0-2.6 ghc-blaze-builder-0.4.0.2-6.14 ghc-blaze-builder-devel-0.4.0.2-6.14 ghc-blaze-html-0.8.1.2-6.14 ghc-blaze-html-devel-0.8.1.2-6.14 ghc-blaze-markup-0.7.1.0-6.9 ghc-blaze-markup-devel-0.7.1.0-6.9 ghc-bloomfilter-2.0.1.0-2.13 ghc-bloomfilter-devel-2.0.1.0-2.13 ghc-byteable-0.1.1-6.10 ghc-byteable-devel-0.1.1-6.10 ghc-byteorder-1.0.4-2.9 ghc-byteorder-devel-1.0.4-2.9 ghc-bytestring-builder-0.10.6.0.0-2.8 ghc-bytestring-builder-devel-0.10.6.0.0-2.8 ghc-case-insensitive-1.2.0.7-6.17 ghc-case-insensitive-devel-1.2.0.7-6.17 ghc-cereal-0.5.2.0-6.8 ghc-cereal-devel-0.5.2.0-6.8 ghc-cipher-aes-0.2.11-2.3 ghc-cipher-aes-devel-0.2.11-2.3 ghc-clientsession-0.9.1.2-2.7 ghc-clientsession-devel-0.9.1.2-2.7 ghc-clock-0.7.2-6.10 ghc-clock-devel-0.7.2-6.10 ghc-cmark-0.5.3.1-6.13 ghc-cmark-devel-0.5.3.1-6.13 ghc-cmdargs-0.10.14-2.13 ghc-cmdargs-devel-0.10.14-2.13 ghc-colour-2.3.3-2.13 ghc-colour-devel-2.3.3-2.13 ghc-comonad-4.2.7.2-2.12 ghc-comonad-devel-4.2.7.2-2.12 ghc-concurrent-output-1.7.6-2.9 ghc-concurrent-output-devel-1.7.6-2.9 ghc-conduit-1.2.7-6.14 ghc-conduit-devel-1.2.7-6.14 ghc-conduit-extra-1.1.13.2-2.11 ghc-conduit-extra-devel-1.1.13.2-2.11 ghc-connection-0.2.6-6.4 ghc-connection-devel-0.2.6-6.4 ghc-constraints-0.8-2.15 ghc-constraints-devel-0.8-2.15 ghc-contravariant-1.4-2.9 ghc-contravariant-devel-1.4-2.9 ghc-cookie-0.4.2.1-6.8 ghc-cookie-devel-0.4.2.1-6.8 ghc-cprng-aes-0.6.1-2.3 ghc-cprng-aes-devel-0.6.1-2.3 ghc-crypto-api-0.13.2-2.7 ghc-crypto-api-devel-0.13.2-2.7 ghc-crypto-cipher-types-0.0.9-2.8 ghc-crypto-cipher-types-devel-0.0.9-2.8 ghc-crypto-random-0.0.9-2.11 ghc-crypto-random-devel-0.0.9-2.11 ghc-cryptohash-0.11.9-2.8 ghc-cryptohash-conduit-0.1.1-2.4 ghc-cryptohash-conduit-devel-0.1.1-2.4 ghc-cryptohash-devel-0.11.9-2.8 ghc-cryptonite-0.15-6.15 ghc-cryptonite-devel-0.15-6.15 ghc-css-text-0.1.2.1-2.10 ghc-css-text-devel-0.1.2.1-2.10 ghc-darcs-2.12.0-2.6 ghc-darcs-devel-2.12.0-2.6 ghc-data-default-0.5.3-6.3 ghc-data-default-class-0.0.1-6.10 ghc-data-default-class-devel-0.0.1-6.10 ghc-data-default-devel-0.5.3-6.3 ghc-data-default-instances-base-0.1.0-6.5 ghc-data-default-instances-base-devel-0.1.0-6.5 ghc-data-default-instances-containers-0.0.1-6.4 ghc-data-default-instances-containers-devel-0.0.1-6.4 ghc-data-default-instances-dlist-0.0.1-6.4 ghc-data-default-instances-dlist-devel-0.0.1-6.4 ghc-data-default-instances-old-locale-0.0.1-6.4 ghc-data-default-instances-old-locale-devel-0.0.1-6.4 ghc-data-ordlist-0.4.7.0-2.9 ghc-data-ordlist-devel-0.4.7.0-2.9 ghc-dbus-0.10.12-2.12 ghc-dbus-devel-0.10.12-2.12 ghc-deepseq-generics-0.1.1.2-6.10 ghc-deepseq-generics-devel-0.1.1.2-6.10 ghc-digest-0.0.1.2-6.14 ghc-digest-devel-0.0.1.2-6.14 ghc-disk-free-space-0.1.0.1-2.9 ghc-disk-free-space-devel-0.1.0.1-2.9 ghc-distributive-0.5.0.2-2.9 ghc-distributive-devel-0.5.0.2-2.9 ghc-dlist-0.7.1.2-6.10 ghc-dlist-devel-0.7.1.2-6.10 ghc-dns-2.0.3-2.8 ghc-dns-devel-2.0.3-2.8 ghc-easy-file-0.2.1-2.13 ghc-easy-file-devel-0.2.1-2.13 ghc-edit-distance-0.2.2.1-2.10 ghc-edit-distance-devel-0.2.2.1-2.10 ghc-either-4.4.1.1-2.7 ghc-either-devel-4.4.1.1-2.7 ghc-email-validate-2.2.0-2.10 ghc-email-validate-devel-2.2.0-2.10 ghc-enclosed-exceptions-1.0.2-6.6 ghc-enclosed-exceptions-devel-1.0.2-6.6 ghc-entropy-0.3.7-2.9 ghc-entropy-devel-0.3.7-2.9 ghc-errors-2.1.2-2.13 ghc-errors-devel-2.1.2-2.13 ghc-esqueleto-2.4.3-2.4 ghc-esqueleto-devel-2.4.3-2.4 ghc-exceptions-0.8.3-6.8 ghc-exceptions-devel-0.8.3-6.8 ghc-extensible-exceptions-0.1.1.4-6.10 ghc-extensible-exceptions-devel-0.1.1.4-6.10 ghc-extra-1.4.10-2.13 ghc-extra-devel-1.4.10-2.13 ghc-fail-4.9.0.0-2.9 ghc-fail-devel-4.9.0.0-2.9 ghc-fast-logger-2.4.6-2.8 ghc-fast-logger-devel-2.4.6-2.8 ghc-fdo-notify-0.3.1-2.8 ghc-fdo-notify-devel-0.3.1-2.8 ghc-feed-0.3.11.1-2.9 ghc-feed-devel-0.3.11.1-2.9 ghc-fgl-5.5.3.0-2.13 ghc-fgl-devel-5.5.3.0-2.13 ghc-file-embed-0.0.10-2.9 ghc-file-embed-devel-0.0.10-2.9 ghc-filelock-0.1.0.1-2.9 ghc-filelock-devel-0.1.0.1-2.9 ghc-filemanip-0.3.6.3-6.15 ghc-filemanip-devel-0.3.6.3-6.15 ghc-fingertree-0.1.1.0-2.13 ghc-fingertree-devel-0.1.1.0-2.13 ghc-free-4.12.4-2.7 ghc-free-devel-4.12.4-2.7 ghc-fsnotify-0.2.1-2.8 ghc-fsnotify-devel-0.2.1-2.8 ghc-generic-deriving-1.10.5-2.13 ghc-generic-deriving-devel-1.10.5-2.13 ghc-generics-sop-0.2.2.0-2.13 ghc-generics-sop-devel-0.2.2.0-2.13 ghc-gitrev-1.2.0-2.9 ghc-gitrev-devel-1.2.0-2.9 ghc-gnuidn-0.2.2-2.14 ghc-gnuidn-devel-0.2.2-2.14 ghc-gnutls-0.2-2.10 ghc-gnutls-devel-0.2-2.10 ghc-graphviz-2999.18.1.0-2.8 ghc-graphviz-devel-2999.18.1.0-2.8 ghc-gsasl-0.3.6-2.9 ghc-gsasl-devel-0.3.6-2.9 ghc-haddock-library-1.2.1-6.14 ghc-haddock-library-devel-1.2.1-6.14 ghc-hashable-1.2.4.0-6.13 ghc-hashable-devel-1.2.4.0-6.13 ghc-hastache-0.6.1-2.8 ghc-hastache-devel-0.6.1-2.8 ghc-hex-0.1.2-2.9 ghc-hex-devel-0.1.2-2.9 ghc-highlighting-kate-0.6.2.1-6.5 ghc-highlighting-kate-devel-0.6.2.1-6.5 ghc-hinotify-0.3.8.1-2.9 ghc-hinotify-devel-0.3.8.1-2.9 ghc-hit-0.6.3-2.5 ghc-hit-devel-0.6.3-2.5 ghc-hjsmin-0.2.0.1-2.11 ghc-hjsmin-devel-0.2.0.1-2.11 ghc-hourglass-0.2.10-6.14 ghc-hourglass-devel-0.2.10-6.14 ghc-hpack-0.14.1-2.5 ghc-hpack-devel-0.14.1-2.5 ghc-hslogger-1.2.10-2.14 ghc-hslogger-devel-1.2.10-2.14 ghc-hslua-0.4.1-6.10 ghc-hslua-devel-0.4.1-6.10 ghc-html-1.0.1.2-2.9 ghc-html-devel-1.0.1.2-2.9 ghc-http-api-data-0.2.3-2.9 ghc-http-api-data-devel-0.2.3-2.9 ghc-http-client-0.4.31-6.9 ghc-http-client-devel-0.4.31-6.9 ghc-http-client-tls-0.2.4.1-6.4 ghc-http-client-tls-devel-0.2.4.1-6.4 ghc-http-conduit-2.1.11-2.3 ghc-http-conduit-devel-2.1.11-2.3 ghc-http-date-0.0.6.1-2.9 ghc-http-date-devel-0.0.6.1-2.9 ghc-http-types-0.9.1-6.10 ghc-http-types-devel-0.9.1-6.10 ghc-http2-1.6.2-2.5 ghc-http2-devel-1.6.2-2.5 ghc-ieee754-0.7.8-2.11 ghc-ieee754-devel-0.7.8-2.11 ghc-iproute-1.7.0-2.3 ghc-iproute-devel-1.7.0-2.3 ghc-json-0.9.1-2.15 ghc-json-devel-0.9.1-2.15 ghc-kan-extensions-4.2.3-2.6 ghc-kan-extensions-devel-4.2.3-2.6 ghc-language-c-0.5.0-2.10 ghc-language-c-devel-0.5.0-2.10 ghc-language-javascript-0.6.0.7-2.9 ghc-language-javascript-devel-0.6.0.7-2.9 ghc-lens-4.13-2.6 ghc-lens-devel-4.13-2.6 ghc-libxml-sax-0.7.5-2.10 ghc-libxml-sax-devel-0.7.5-2.10 ghc-lifted-base-0.2.3.7-6.14 ghc-lifted-base-devel-0.2.3.7-6.14 ghc-magic-1.1-2.13 ghc-magic-devel-1.1-2.13 ghc-memory-0.13-6.15 ghc-memory-devel-0.13-6.15 ghc-microlens-0.4.5.0-2.9 ghc-microlens-devel-0.4.5.0-2.9 ghc-mime-mail-0.4.11-2.7 ghc-mime-mail-devel-0.4.11-2.7 ghc-mime-types-0.1.0.7-6.13 ghc-mime-types-devel-0.1.0.7-6.13 ghc-mmap-0.5.9-2.9 ghc-mmap-devel-0.5.9-2.9 ghc-mmorph-1.0.6-6.7 ghc-mmorph-devel-1.0.6-6.7 ghc-monad-control-1.0.1.0-6.7 ghc-monad-control-devel-1.0.1.0-6.7 ghc-monad-logger-0.3.19-2.6 ghc-monad-logger-devel-0.3.19-2.6 ghc-monad-loops-0.4.3-2.9 ghc-monad-loops-devel-0.4.3-2.9 ghc-monad-unlift-0.2.0-2.3 ghc-monad-unlift-devel-0.2.0-2.3 ghc-monads-tf-0.1.0.3-2.12 ghc-monads-tf-devel-0.1.0.3-2.12 ghc-mountpoints-1.0.2-2.9 ghc-mountpoints-devel-1.0.2-2.9 ghc-mtl-2.2.1-6.14 ghc-mtl-compat-0.2.1.3-2.4 ghc-mtl-compat-devel-0.2.1.3-2.4 ghc-mtl-devel-2.2.1-6.14 ghc-mwc-random-0.13.4.0-2.14 ghc-mwc-random-devel-0.13.4.0-2.14 ghc-nats-1.1.1-2.8 ghc-nats-devel-1.1.1-2.8 ghc-network-2.6.2.1-6.15 ghc-network-devel-2.6.2.1-6.15 ghc-network-info-0.2.0.8-2.9 ghc-network-info-devel-0.2.0.8-2.9 ghc-network-multicast-0.1.1-2.5 ghc-network-multicast-devel-0.1.1-2.5 ghc-network-protocol-xmpp-0.4.8-2.10 ghc-network-protocol-xmpp-devel-0.4.8-2.10 ghc-network-uri-2.6.1.0-6.9 ghc-network-uri-devel-2.6.1.0-6.9 ghc-nonce-1.0.2-2.7 ghc-nonce-devel-1.0.2-2.7 ghc-old-locale-1.0.0.7-6.11 ghc-old-locale-devel-1.0.0.7-6.11 ghc-open-browser-0.2.1.0-2.13 ghc-open-browser-devel-0.2.1.0-2.13 ghc-optparse-applicative-0.12.1.0-2.7 ghc-optparse-applicative-devel-0.12.1.0-2.7 ghc-optparse-simple-0.0.3-2.5 ghc-optparse-simple-devel-0.0.3-2.5 ghc-pandoc-types-1.16.1-6.6 ghc-pandoc-types-devel-1.16.1-6.6 ghc-parallel-3.2.1.0-2.12 ghc-parallel-devel-3.2.1.0-2.12 ghc-parsec-3.1.11-6.7 ghc-parsec-devel-3.1.11-6.7 ghc-path-0.5.8-2.6 ghc-path-devel-0.5.8-2.6 ghc-path-io-1.1.0-2.6 ghc-path-io-devel-1.1.0-2.6 ghc-path-pieces-0.2.1-2.11 ghc-path-pieces-devel-0.2.1-2.11 ghc-patience-0.1.1-2.9 ghc-patience-devel-0.1.1-2.9 ghc-pem-0.2.2-6.7 ghc-pem-devel-0.2.2-6.7 ghc-persistent-2.2.4.1-2.5 ghc-persistent-devel-2.2.4.1-2.5 ghc-persistent-sqlite-2.2.1-2.4 ghc-persistent-sqlite-devel-2.2.1-2.4 ghc-persistent-template-2.1.8.1-2.4 ghc-persistent-template-devel-2.1.8.1-2.4 ghc-polyparse-1.12-2.12 ghc-polyparse-devel-1.12-2.12 ghc-prelude-extras-0.4.0.3-2.9 ghc-prelude-extras-devel-0.4.0.3-2.9 ghc-primitive-0.6.1.0-6.15 ghc-primitive-devel-0.6.1.0-6.15 ghc-profunctors-5.2-2.7 ghc-profunctors-devel-5.2-2.7 ghc-project-template-0.2.0-2.5 ghc-project-template-devel-0.2.0-2.5 ghc-psqueues-0.2.2.1-2.8 ghc-psqueues-devel-0.2.2.1-2.8 ghc-random-1.1-6.10 ghc-random-devel-1.1-6.10 ghc-reducers-3.12.1-2.9 ghc-reducers-devel-3.12.1-2.9 ghc-reflection-2.1.2-2.9 ghc-reflection-devel-2.1.2-2.9 ghc-regex-applicative-0.3.3-2.13 ghc-regex-applicative-devel-0.3.3-2.13 ghc-regex-applicative-text-0.1.0.1-2.10 ghc-regex-applicative-text-devel-0.1.0.1-2.10 ghc-regex-base-0.93.2-6.4 ghc-regex-base-devel-0.93.2-6.4 ghc-regex-compat-0.95.1-2.3 ghc-regex-compat-devel-0.95.1-2.3 ghc-regex-compat-tdfa-0.95.1.4-2.6 ghc-regex-compat-tdfa-devel-0.95.1.4-2.6 ghc-regex-pcre-builtin-0.94.4.8.8.35-6.6 ghc-regex-pcre-builtin-devel-0.94.4.8.8.35-6.6 ghc-regex-posix-0.95.2-2.6 ghc-regex-posix-devel-0.95.2-2.6 ghc-regex-tdfa-1.2.2-2.7 ghc-regex-tdfa-devel-1.2.2-2.7 ghc-resource-pool-0.2.3.2-2.3 ghc-resource-pool-devel-0.2.3.2-2.3 ghc-resourcet-1.1.7.4-6.3 ghc-resourcet-devel-1.1.7.4-6.3 ghc-retry-0.7.4.1-2.3 ghc-retry-devel-0.7.4.1-2.3 ghc-safe-0.3.9-2.12 ghc-safe-devel-0.3.9-2.12 ghc-sandi-0.3.6-2.9 ghc-sandi-devel-0.3.6-2.9 ghc-scientific-0.3.4.9-6.9 ghc-scientific-devel-0.3.4.9-6.9 ghc-securemem-0.1.9-2.3 ghc-securemem-devel-0.1.9-2.3 ghc-semigroupoids-5.0.1-2.8 ghc-semigroupoids-devel-5.0.1-2.8 ghc-semigroups-0.18.1-6.7 ghc-semigroups-devel-0.18.1-6.7 ghc-setenv-0.1.1.3-2.8 ghc-setenv-devel-0.1.1.3-2.8 ghc-shakespeare-2.0.9-2.6 ghc-shakespeare-devel-2.0.9-2.6 ghc-silently-1.2.5-2.8 ghc-silently-devel-1.2.5-2.8 ghc-simple-sendfile-0.2.25-2.3 ghc-simple-sendfile-devel-0.2.25-2.3 ghc-skein-1.0.9.4-2.7 ghc-skein-devel-1.0.9.4-2.7 ghc-socks-0.5.5-6.7 ghc-socks-devel-0.5.5-6.7 ghc-split-0.2.3.1-6.8 ghc-split-devel-0.2.3.1-6.8 ghc-stm-2.4.4.1-6.12 ghc-stm-chans-3.0.0.4-2.10 ghc-stm-chans-devel-3.0.0.4-2.10 ghc-stm-devel-2.4.4.1-6.12 ghc-streaming-commons-0.1.15.5-6.7 ghc-streaming-commons-devel-0.1.15.5-6.7 ghc-stringsearch-0.3.6.6-2.12 ghc-stringsearch-devel-0.3.6.6-2.12 ghc-syb-0.6-6.11 ghc-syb-devel-0.6-6.11 ghc-system-fileio-0.3.16.3-2.12 ghc-system-fileio-devel-0.3.16.3-2.12 ghc-system-filepath-0.4.13.4-2.10 ghc-system-filepath-devel-0.4.13.4-2.10 ghc-tagged-0.8.4-6.12 ghc-tagged-devel-0.8.4-6.12 ghc-tagsoup-0.13.10-6.12 ghc-tagsoup-devel-0.13.10-6.12 ghc-tagstream-conduit-0.5.5.3-2.5 ghc-tagstream-conduit-devel-0.5.5.3-2.5 ghc-tar-0.5.0.3-2.12 ghc-tar-devel-0.5.0.3-2.12 ghc-tasty-0.11.0.3-2.7 ghc-tasty-devel-0.11.0.3-2.7 ghc-tasty-hunit-0.9.2-2.3 ghc-tasty-hunit-devel-0.9.2-2.3 ghc-tasty-quickcheck-0.8.4-2.3 ghc-tasty-quickcheck-devel-0.8.4-2.3 ghc-tasty-rerun-1.1.6-2.7 ghc-tasty-rerun-devel-1.1.6-2.7 ghc-temporary-1.2.0.4-6.3 ghc-temporary-devel-1.2.0.4-6.3 ghc-terminal-size-0.3.2.1-2.8 ghc-terminal-size-devel-0.3.2.1-2.8 ghc-texmath-0.8.6.4-6.5 ghc-texmath-devel-0.8.6.4-6.5 ghc-text-1.2.2.1-6.12 ghc-text-binary-0.2.1-2.4 ghc-text-binary-devel-0.2.1-2.4 ghc-text-devel-1.2.2.1-6.12 ghc-tf-random-0.5-2.7 ghc-tf-random-devel-0.5-2.7 ghc-time-locale-compat-0.1.1.3-2.3 ghc-time-locale-compat-devel-0.1.1.3-2.3 ghc-tls-1.3.8-6.4 ghc-tls-devel-1.3.8-6.4 ghc-torrent-10000.0.0-2.6 ghc-torrent-devel-10000.0.0-2.6 ghc-transformers-base-0.4.4-6.3 ghc-transformers-base-devel-0.4.4-6.3 ghc-transformers-compat-0.4.0.4-6.8 ghc-transformers-compat-devel-0.4.0.4-6.8 ghc-unbounded-delays-0.1.0.9-2.8 ghc-unbounded-delays-devel-0.1.0.9-2.8 ghc-unexceptionalio-0.3.0-2.8 ghc-unexceptionalio-devel-0.3.0-2.8 ghc-unix-compat-0.4.1.4-6.10 ghc-unix-compat-devel-0.4.1.4-6.10 ghc-unix-time-0.3.6-2.7 ghc-unix-time-devel-0.3.6-2.7 ghc-unordered-containers-0.2.7.1-6.6 ghc-unordered-containers-devel-0.2.7.1-6.6 ghc-utf8-string-1.0.1.1-6.8 ghc-utf8-string-devel-1.0.1.1-6.8 ghc-uuid-1.3.12-2.7 ghc-uuid-devel-1.3.12-2.7 ghc-uuid-types-1.0.3-2.7 ghc-uuid-types-devel-1.0.3-2.7 ghc-vault-0.3.0.6-2.6 ghc-vault-devel-0.3.0.6-2.6 ghc-vector-0.11.0.0-6.6 ghc-vector-binary-instances-0.2.3.2-2.3 ghc-vector-binary-instances-devel-0.2.3.2-2.3 ghc-vector-devel-0.11.0.0-6.6 ghc-void-0.7.1-6.3 ghc-void-devel-0.7.1-6.3 ghc-wai-3.2.1.1-2.7 ghc-wai-app-static-3.1.6.1-2.6 ghc-wai-app-static-devel-3.1.6.1-2.6 ghc-wai-devel-3.2.1.1-2.7 ghc-wai-extra-3.0.16.1-2.6 ghc-wai-extra-devel-3.0.16.1-2.6 ghc-wai-logger-2.2.7-2.8 ghc-wai-logger-devel-2.2.7-2.8 ghc-warp-3.2.8-2.8 ghc-warp-devel-3.2.8-2.8 ghc-warp-tls-3.2.2-2.5 ghc-warp-tls-devel-3.2.2-2.5 ghc-wl-pprint-text-1.1.0.4-2.6 ghc-wl-pprint-text-devel-1.1.0.4-2.6 ghc-word8-0.1.2-2.8 ghc-word8-devel-0.1.2-2.8 ghc-x509-1.6.3-6.4 ghc-x509-devel-1.6.3-6.4 ghc-x509-store-1.6.1-6.4 ghc-x509-store-devel-1.6.1-6.4 ghc-x509-system-1.6.3-6.4 ghc-x509-system-devel-1.6.3-6.4 ghc-x509-validation-1.6.3-6.4 ghc-x509-validation-devel-1.6.3-6.4 ghc-xml-1.3.14-6.6 ghc-xml-conduit-1.3.5-2.5 ghc-xml-conduit-devel-1.3.5-2.5 ghc-xml-devel-1.3.14-6.6 ghc-xml-hamlet-0.4.0.11-2.4 ghc-xml-hamlet-devel-0.4.0.11-2.4 ghc-xml-types-0.3.6-2.6 ghc-xml-types-devel-0.3.6-2.6 ghc-xss-sanitize-0.3.5.7-2.6 ghc-xss-sanitize-devel-0.3.5.7-2.6 ghc-yaml-0.8.18-6.6 ghc-yaml-devel-0.8.18-6.6 ghc-yesod-core-1.4.23-2.4 ghc-yesod-core-devel-1.4.23-2.4 ghc-yesod-default-1.2.0-2.4 ghc-yesod-default-devel-1.2.0-2.4 ghc-yesod-form-1.4.7.1-2.4 ghc-yesod-form-devel-1.4.7.1-2.4 ghc-yesod-persistent-1.4.0.6-2.4 ghc-yesod-persistent-devel-1.4.0.6-2.4 ghc-zip-archive-0.2.3.7-6.7 ghc-zip-archive-devel-0.2.3.7-6.7 ghc-zlib-0.6.1.1-6.12 ghc-zlib-bindings-0.1.1.5-2.4 ghc-zlib-bindings-devel-0.1.1.5-2.4 ghc-zlib-devel-0.6.1.1-6.12 happy-1.19.5-2.4 highlighting-kate-0.6.2.1-6.5 hpack-0.14.1-2.5 texmath-0.8.6.4-6.5 - SUSE Package Hub for SUSE Linux Enterprise 12 (ppc64le): ShellCheck-0.4.4-2.4 alex-3.1.7-2.7 c2hs-0.28.1-2.4 cabal-install-1.22.9.0-2.6 darcs-2.12.0-2.3 ghc-Glob-0.7.11-2.4 ghc-Glob-devel-0.7.11-2.4 ghc-HTTP-4000.3.3-6.5 ghc-HTTP-devel-4000.3.3-6.5 ghc-HUnit-1.3.1.1-2.3 ghc-HUnit-devel-1.3.1.1-2.3 ghc-IfElse-0.85-2.2 ghc-IfElse-devel-0.85-2.2 ghc-JuicyPixels-3.2.7.2-6.6 ghc-JuicyPixels-devel-3.2.7.2-6.6 ghc-MissingH-1.3.0.2-2.4 ghc-MissingH-devel-1.3.0.2-2.4 ghc-MonadRandom-0.4.2.3-2.2 ghc-MonadRandom-devel-0.4.2.3-2.2 ghc-QuickCheck-2.8.2-2.5 ghc-QuickCheck-devel-2.8.2-2.5 ghc-SHA-1.6.4.2-6.3 ghc-SHA-devel-1.6.4.2-6.3 ghc-SafeSemaphore-0.10.1-2.5 ghc-SafeSemaphore-devel-0.10.1-2.5 ghc-ShellCheck-0.4.4-2.4 ghc-ShellCheck-devel-0.4.4-2.4 ghc-StateVar-1.1.0.4-2.2 ghc-StateVar-devel-1.1.0.4-2.2 ghc-adjunctions-4.3-2.4 ghc-adjunctions-devel-4.3-2.4 ghc-aeson-0.11.2.0-6.7 ghc-aeson-compat-0.3.5.1-2.4 ghc-aeson-compat-devel-0.3.5.1-2.4 ghc-aeson-devel-0.11.2.0-6.7 ghc-aeson-pretty-0.7.2-2.4 ghc-aeson-pretty-devel-0.7.2-2.4 ghc-ansi-terminal-0.6.2.3-2.3 ghc-ansi-terminal-devel-0.6.2.3-2.3 ghc-ansi-wl-pprint-0.6.7.3-2.2 ghc-ansi-wl-pprint-devel-0.6.7.3-2.2 ghc-appar-0.1.4-2.3 ghc-appar-devel-0.1.4-2.3 ghc-asn1-encoding-0.9.4-6.5 ghc-asn1-encoding-devel-0.9.4-6.5 ghc-asn1-parse-0.9.4-6.3 ghc-asn1-parse-devel-0.9.4-6.3 ghc-asn1-types-0.3.2-6.6 ghc-asn1-types-devel-0.3.2-6.6 ghc-async-2.1.0-6.2 ghc-async-devel-2.1.0-6.2 ghc-attoparsec-0.13.0.2-6.7 ghc-attoparsec-devel-0.13.0.2-6.7 ghc-authenticate-1.3.3.2-2.2 ghc-authenticate-devel-1.3.3.2-2.2 ghc-auto-update-0.1.4-2.5 ghc-auto-update-devel-0.1.4-2.5 ghc-base-compat-0.9.1-2.2 ghc-base-compat-devel-0.9.1-2.2 ghc-base-orphans-0.5.4-2.3 ghc-base-orphans-devel-0.5.4-2.3 ghc-base16-bytestring-0.1.1.6-2.3 ghc-base16-bytestring-devel-0.1.1.6-2.3 ghc-base64-bytestring-1.0.0.1-6.4 ghc-base64-bytestring-devel-1.0.0.1-6.4 ghc-bencode-0.6.0.0-2.3 ghc-bencode-devel-0.6.0.0-2.3 ghc-bifunctors-5.2-2.5 ghc-bifunctors-devel-5.2-2.5 ghc-binary-tagged-0.1.4.0-2.4 ghc-binary-tagged-devel-0.1.4.0-2.4 ghc-blaze-builder-0.4.0.2-6.4 ghc-blaze-builder-devel-0.4.0.2-6.4 ghc-blaze-html-0.8.1.2-6.6 ghc-blaze-html-devel-0.8.1.2-6.6 ghc-blaze-markup-0.7.1.0-6.4 ghc-blaze-markup-devel-0.7.1.0-6.4 ghc-bloomfilter-2.0.1.0-2.5 ghc-bloomfilter-devel-2.0.1.0-2.5 ghc-byteable-0.1.1-6.4 ghc-byteable-devel-0.1.1-6.4 ghc-byteorder-1.0.4-2.2 ghc-byteorder-devel-1.0.4-2.2 ghc-bytestring-builder-0.10.6.0.0-2.3 ghc-bytestring-builder-devel-0.10.6.0.0-2.3 ghc-case-insensitive-1.2.0.7-6.4 ghc-case-insensitive-devel-1.2.0.7-6.4 ghc-cereal-0.5.2.0-6.3 ghc-cereal-devel-0.5.2.0-6.3 ghc-cipher-aes-0.2.11-2.2 ghc-cipher-aes-devel-0.2.11-2.2 ghc-clientsession-0.9.1.2-2.3 ghc-clientsession-devel-0.9.1.2-2.3 ghc-clock-0.7.2-6.4 ghc-clock-devel-0.7.2-6.4 ghc-cmark-0.5.3.1-6.3 ghc-cmark-devel-0.5.3.1-6.3 ghc-cmdargs-0.10.14-2.3 ghc-cmdargs-devel-0.10.14-2.3 ghc-colour-2.3.3-2.5 ghc-colour-devel-2.3.3-2.5 ghc-comonad-4.2.7.2-2.5 ghc-comonad-devel-4.2.7.2-2.5 ghc-concurrent-output-1.7.6-2.3 ghc-concurrent-output-devel-1.7.6-2.3 ghc-conduit-1.2.7-6.3 ghc-conduit-devel-1.2.7-6.3 ghc-conduit-extra-1.1.13.2-2.3 ghc-conduit-extra-devel-1.1.13.2-2.3 ghc-connection-0.2.6-6.3 ghc-connection-devel-0.2.6-6.3 ghc-constraints-0.8-2.5 ghc-constraints-devel-0.8-2.5 ghc-contravariant-1.4-2.4 ghc-contravariant-devel-1.4-2.4 ghc-cookie-0.4.2.1-6.2 ghc-cookie-devel-0.4.2.1-6.2 ghc-cprng-aes-0.6.1-2.2 ghc-cprng-aes-devel-0.6.1-2.2 ghc-crypto-api-0.13.2-2.3 ghc-crypto-api-devel-0.13.2-2.3 ghc-crypto-cipher-types-0.0.9-2.3 ghc-crypto-cipher-types-devel-0.0.9-2.3 ghc-crypto-random-0.0.9-2.4 ghc-crypto-random-devel-0.0.9-2.4 ghc-cryptohash-0.11.9-2.3 ghc-cryptohash-conduit-0.1.1-2.2 ghc-cryptohash-conduit-devel-0.1.1-2.2 ghc-cryptohash-devel-0.11.9-2.3 ghc-cryptonite-0.15-6.5 ghc-cryptonite-devel-0.15-6.5 ghc-css-text-0.1.2.1-2.6 ghc-css-text-devel-0.1.2.1-2.6 ghc-darcs-2.12.0-2.3 ghc-darcs-devel-2.12.0-2.3 ghc-data-default-0.5.3-6.2 ghc-data-default-class-0.0.1-6.4 ghc-data-default-class-devel-0.0.1-6.4 ghc-data-default-devel-0.5.3-6.2 ghc-data-default-instances-base-0.1.0-6.3 ghc-data-default-instances-base-devel-0.1.0-6.3 ghc-data-default-instances-containers-0.0.1-6.3 ghc-data-default-instances-containers-devel-0.0.1-6.3 ghc-data-default-instances-dlist-0.0.1-6.3 ghc-data-default-instances-dlist-devel-0.0.1-6.3 ghc-data-default-instances-old-locale-0.0.1-6.3 ghc-data-default-instances-old-locale-devel-0.0.1-6.3 ghc-data-ordlist-0.4.7.0-2.3 ghc-data-ordlist-devel-0.4.7.0-2.3 ghc-dbus-0.10.12-2.5 ghc-dbus-devel-0.10.12-2.5 ghc-deepseq-generics-0.1.1.2-6.4 ghc-deepseq-generics-devel-0.1.1.2-6.4 ghc-digest-0.0.1.2-6.6 ghc-digest-devel-0.0.1.2-6.6 ghc-disk-free-space-0.1.0.1-2.3 ghc-disk-free-space-devel-0.1.0.1-2.3 ghc-distributive-0.5.0.2-2.3 ghc-distributive-devel-0.5.0.2-2.3 ghc-dlist-0.7.1.2-6.4 ghc-dlist-devel-0.7.1.2-6.4 ghc-dns-2.0.3-2.3 ghc-dns-devel-2.0.3-2.3 ghc-easy-file-0.2.1-2.5 ghc-easy-file-devel-0.2.1-2.5 ghc-edit-distance-0.2.2.1-2.4 ghc-edit-distance-devel-0.2.2.1-2.4 ghc-either-4.4.1.1-2.3 ghc-either-devel-4.4.1.1-2.3 ghc-email-validate-2.2.0-2.6 ghc-email-validate-devel-2.2.0-2.6 ghc-enclosed-exceptions-1.0.2-6.2 ghc-enclosed-exceptions-devel-1.0.2-6.2 ghc-entropy-0.3.7-2.3 ghc-entropy-devel-0.3.7-2.3 ghc-errors-2.1.2-2.4 ghc-errors-devel-2.1.2-2.4 ghc-esqueleto-2.4.3-2.2 ghc-esqueleto-devel-2.4.3-2.2 ghc-exceptions-0.8.3-6.2 ghc-exceptions-devel-0.8.3-6.2 ghc-extensible-exceptions-0.1.1.4-6.4 ghc-extensible-exceptions-devel-0.1.1.4-6.4 ghc-extra-1.4.10-2.3 ghc-extra-devel-1.4.10-2.3 ghc-fail-4.9.0.0-2.3 ghc-fail-devel-4.9.0.0-2.3 ghc-fast-logger-2.4.6-2.3 ghc-fast-logger-devel-2.4.6-2.3 ghc-fdo-notify-0.3.1-2.2 ghc-fdo-notify-devel-0.3.1-2.2 ghc-feed-0.3.11.1-2.3 ghc-feed-devel-0.3.11.1-2.3 ghc-fgl-5.5.3.0-2.3 ghc-fgl-devel-5.5.3.0-2.3 ghc-file-embed-0.0.10-2.3 ghc-file-embed-devel-0.0.10-2.3 ghc-filelock-0.1.0.1-2.3 ghc-filelock-devel-0.1.0.1-2.3 ghc-filemanip-0.3.6.3-6.4 ghc-filemanip-devel-0.3.6.3-6.4 ghc-fingertree-0.1.1.0-2.3 ghc-fingertree-devel-0.1.1.0-2.3 ghc-free-4.12.4-2.3 ghc-free-devel-4.12.4-2.3 ghc-fsnotify-0.2.1-2.3 ghc-fsnotify-devel-0.2.1-2.3 ghc-generic-deriving-1.10.5-2.5 ghc-generic-deriving-devel-1.10.5-2.5 ghc-generics-sop-0.2.2.0-2.5 ghc-generics-sop-devel-0.2.2.0-2.5 ghc-gitrev-1.2.0-2.3 ghc-gitrev-devel-1.2.0-2.3 ghc-gnuidn-0.2.2-2.5 ghc-gnuidn-devel-0.2.2-2.5 ghc-gnutls-0.2-2.4 ghc-gnutls-devel-0.2-2.4 ghc-graphviz-2999.18.1.0-2.3 ghc-graphviz-devel-2999.18.1.0-2.3 ghc-gsasl-0.3.6-2.3 ghc-gsasl-devel-0.3.6-2.3 ghc-haddock-library-1.2.1-6.4 ghc-haddock-library-devel-1.2.1-6.4 ghc-hashable-1.2.4.0-6.3 ghc-hashable-devel-1.2.4.0-6.3 ghc-hastache-0.6.1-2.3 ghc-hastache-devel-0.6.1-2.3 ghc-hex-0.1.2-2.3 ghc-hex-devel-0.1.2-2.3 ghc-highlighting-kate-0.6.2.1-6.3 ghc-highlighting-kate-devel-0.6.2.1-6.3 ghc-hinotify-0.3.8.1-2.2 ghc-hinotify-devel-0.3.8.1-2.2 ghc-hit-0.6.3-2.2 ghc-hit-devel-0.6.3-2.2 ghc-hjsmin-0.2.0.1-2.4 ghc-hjsmin-devel-0.2.0.1-2.4 ghc-hourglass-0.2.10-6.4 ghc-hourglass-devel-0.2.10-6.4 ghc-hpack-0.14.1-2.3 ghc-hpack-devel-0.14.1-2.3 ghc-hslogger-1.2.10-2.5 ghc-hslogger-devel-1.2.10-2.5 ghc-hslua-0.4.1-6.4 ghc-hslua-devel-0.4.1-6.4 ghc-html-1.0.1.2-2.3 ghc-html-devel-1.0.1.2-2.3 ghc-http-api-data-0.2.3-2.3 ghc-http-api-data-devel-0.2.3-2.3 ghc-http-client-0.4.31-6.4 ghc-http-client-devel-0.4.31-6.4 ghc-http-client-tls-0.2.4.1-6.3 ghc-http-client-tls-devel-0.2.4.1-6.3 ghc-http-conduit-2.1.11-2.2 ghc-http-conduit-devel-2.1.11-2.2 ghc-http-date-0.0.6.1-2.6 ghc-http-date-devel-0.0.6.1-2.6 ghc-http-types-0.9.1-6.5 ghc-http-types-devel-0.9.1-6.5 ghc-http2-1.6.2-2.2 ghc-http2-devel-1.6.2-2.2 ghc-ieee754-0.7.8-2.3 ghc-ieee754-devel-0.7.8-2.3 ghc-iproute-1.7.0-2.2 ghc-iproute-devel-1.7.0-2.2 ghc-json-0.9.1-2.5 ghc-json-devel-0.9.1-2.5 ghc-kan-extensions-4.2.3-2.3 ghc-kan-extensions-devel-4.2.3-2.3 ghc-language-c-0.5.0-2.4 ghc-language-c-devel-0.5.0-2.4 ghc-language-javascript-0.6.0.7-2.5 ghc-language-javascript-devel-0.6.0.7-2.5 ghc-lens-4.13-2.3 ghc-lens-devel-4.13-2.3 ghc-libxml-sax-0.7.5-2.4 ghc-libxml-sax-devel-0.7.5-2.4 ghc-lifted-base-0.2.3.7-6.3 ghc-lifted-base-devel-0.2.3.7-6.3 ghc-magic-1.1-2.3 ghc-magic-devel-1.1-2.3 ghc-memory-0.13-6.4 ghc-memory-devel-0.13-6.4 ghc-microlens-0.4.5.0-2.3 ghc-microlens-devel-0.4.5.0-2.3 ghc-mime-mail-0.4.11-2.3 ghc-mime-mail-devel-0.4.11-2.3 ghc-mime-types-0.1.0.7-6.3 ghc-mime-types-devel-0.1.0.7-6.3 ghc-mmap-0.5.9-2.3 ghc-mmap-devel-0.5.9-2.3 ghc-mmorph-1.0.6-6.2 ghc-mmorph-devel-1.0.6-6.2 ghc-monad-control-1.0.1.0-6.2 ghc-monad-control-devel-1.0.1.0-6.2 ghc-monad-logger-0.3.19-2.2 ghc-monad-logger-devel-0.3.19-2.2 ghc-monad-loops-0.4.3-2.3 ghc-monad-loops-devel-0.4.3-2.3 ghc-monad-unlift-0.2.0-2.2 ghc-monad-unlift-devel-0.2.0-2.2 ghc-monads-tf-0.1.0.3-2.3 ghc-monads-tf-devel-0.1.0.3-2.3 ghc-mountpoints-1.0.2-2.3 ghc-mountpoints-devel-1.0.2-2.3 ghc-mtl-2.2.1-6.6 ghc-mtl-compat-0.2.1.3-2.2 ghc-mtl-compat-devel-0.2.1.3-2.2 ghc-mtl-devel-2.2.1-6.6 ghc-mwc-random-0.13.4.0-2.5 ghc-mwc-random-devel-0.13.4.0-2.5 ghc-nats-1.1.1-2.3 ghc-nats-devel-1.1.1-2.3 ghc-network-2.6.2.1-6.6 ghc-network-devel-2.6.2.1-6.6 ghc-network-info-0.2.0.8-2.3 ghc-network-info-devel-0.2.0.8-2.3 ghc-network-multicast-0.1.1-2.2 ghc-network-multicast-devel-0.1.1-2.2 ghc-network-protocol-xmpp-0.4.8-2.4 ghc-network-protocol-xmpp-devel-0.4.8-2.4 ghc-network-uri-2.6.1.0-6.3 ghc-network-uri-devel-2.6.1.0-6.3 ghc-nonce-1.0.2-2.3 ghc-nonce-devel-1.0.2-2.3 ghc-old-locale-1.0.0.7-6.4 ghc-old-locale-devel-1.0.0.7-6.4 ghc-open-browser-0.2.1.0-2.5 ghc-open-browser-devel-0.2.1.0-2.5 ghc-optparse-applicative-0.12.1.0-2.3 ghc-optparse-applicative-devel-0.12.1.0-2.3 ghc-optparse-simple-0.0.3-2.3 ghc-optparse-simple-devel-0.0.3-2.3 ghc-pandoc-types-1.16.1-6.3 ghc-pandoc-types-devel-1.16.1-6.3 ghc-parallel-3.2.1.0-2.3 ghc-parallel-devel-3.2.1.0-2.3 ghc-parsec-3.1.11-6.4 ghc-parsec-devel-3.1.11-6.4 ghc-path-0.5.8-2.3 ghc-path-devel-0.5.8-2.3 ghc-path-io-1.1.0-2.3 ghc-path-io-devel-1.1.0-2.3 ghc-path-pieces-0.2.1-2.3 ghc-path-pieces-devel-0.2.1-2.3 ghc-patience-0.1.1-2.2 ghc-patience-devel-0.1.1-2.2 ghc-pem-0.2.2-6.4 ghc-pem-devel-0.2.2-6.4 ghc-persistent-2.2.4.1-2.2 ghc-persistent-devel-2.2.4.1-2.2 ghc-persistent-sqlite-2.2.1-2.2 ghc-persistent-sqlite-devel-2.2.1-2.2 ghc-persistent-template-2.1.8.1-2.2 ghc-persistent-template-devel-2.1.8.1-2.2 ghc-polyparse-1.12-2.4 ghc-polyparse-devel-1.12-2.4 ghc-prelude-extras-0.4.0.3-2.3 ghc-prelude-extras-devel-0.4.0.3-2.3 ghc-primitive-0.6.1.0-6.6 ghc-primitive-devel-0.6.1.0-6.6 ghc-profunctors-5.2-2.4 ghc-profunctors-devel-5.2-2.4 ghc-project-template-0.2.0-2.2 ghc-project-template-devel-0.2.0-2.2 ghc-psqueues-0.2.2.1-2.4 ghc-psqueues-devel-0.2.2.1-2.4 ghc-random-1.1-6.3 ghc-random-devel-1.1-6.3 ghc-reducers-3.12.1-2.4 ghc-reducers-devel-3.12.1-2.4 ghc-reflection-2.1.2-2.3 ghc-reflection-devel-2.1.2-2.3 ghc-regex-applicative-0.3.3-2.5 ghc-regex-applicative-devel-0.3.3-2.5 ghc-regex-applicative-text-0.1.0.1-2.3 ghc-regex-applicative-text-devel-0.1.0.1-2.3 ghc-regex-base-0.93.2-6.3 ghc-regex-base-devel-0.93.2-6.3 ghc-regex-compat-0.95.1-2.2 ghc-regex-compat-devel-0.95.1-2.2 ghc-regex-compat-tdfa-0.95.1.4-2.2 ghc-regex-compat-tdfa-devel-0.95.1.4-2.2 ghc-regex-pcre-builtin-0.94.4.8.8.35-6.3 ghc-regex-pcre-builtin-devel-0.94.4.8.8.35-6.3 ghc-regex-posix-0.95.2-2.3 ghc-regex-posix-devel-0.95.2-2.3 ghc-regex-tdfa-1.2.2-2.3 ghc-regex-tdfa-devel-1.2.2-2.3 ghc-resource-pool-0.2.3.2-2.2 ghc-resource-pool-devel-0.2.3.2-2.2 ghc-resourcet-1.1.7.4-6.2 ghc-resourcet-devel-1.1.7.4-6.2 ghc-retry-0.7.4.1-2.2 ghc-retry-devel-0.7.4.1-2.2 ghc-safe-0.3.9-2.5 ghc-safe-devel-0.3.9-2.5 ghc-sandi-0.3.6-2.3 ghc-sandi-devel-0.3.6-2.3 ghc-scientific-0.3.4.9-6.5 ghc-scientific-devel-0.3.4.9-6.5 ghc-securemem-0.1.9-2.2 ghc-securemem-devel-0.1.9-2.2 ghc-semigroupoids-5.0.1-2.4 ghc-semigroupoids-devel-5.0.1-2.4 ghc-semigroups-0.18.1-6.3 ghc-semigroups-devel-0.18.1-6.3 ghc-setenv-0.1.1.3-2.3 ghc-setenv-devel-0.1.1.3-2.3 ghc-shakespeare-2.0.9-2.3 ghc-shakespeare-devel-2.0.9-2.3 ghc-silently-1.2.5-2.3 ghc-silently-devel-1.2.5-2.3 ghc-simple-sendfile-0.2.25-2.2 ghc-simple-sendfile-devel-0.2.25-2.2 ghc-skein-1.0.9.4-2.3 ghc-skein-devel-1.0.9.4-2.3 ghc-socks-0.5.5-6.3 ghc-socks-devel-0.5.5-6.3 ghc-split-0.2.3.1-6.3 ghc-split-devel-0.2.3.1-6.3 ghc-stm-2.4.4.1-6.5 ghc-stm-chans-3.0.0.4-2.5 ghc-stm-chans-devel-3.0.0.4-2.5 ghc-stm-devel-2.4.4.1-6.5 ghc-streaming-commons-0.1.15.5-6.3 ghc-streaming-commons-devel-0.1.15.5-6.3 ghc-stringsearch-0.3.6.6-2.3 ghc-stringsearch-devel-0.3.6.6-2.3 ghc-syb-0.6-6.3 ghc-syb-devel-0.6-6.3 ghc-system-fileio-0.3.16.3-2.3 ghc-system-fileio-devel-0.3.16.3-2.3 ghc-system-filepath-0.4.13.4-2.3 ghc-system-filepath-devel-0.4.13.4-2.3 ghc-tagged-0.8.4-6.5 ghc-tagged-devel-0.8.4-6.5 ghc-tagsoup-0.13.10-6.4 ghc-tagsoup-devel-0.13.10-6.4 ghc-tagstream-conduit-0.5.5.3-2.2 ghc-tagstream-conduit-devel-0.5.5.3-2.2 ghc-tar-0.5.0.3-2.5 ghc-tar-devel-0.5.0.3-2.5 ghc-tasty-0.11.0.3-2.3 ghc-tasty-devel-0.11.0.3-2.3 ghc-tasty-hunit-0.9.2-2.2 ghc-tasty-hunit-devel-0.9.2-2.2 ghc-tasty-quickcheck-0.8.4-2.2 ghc-tasty-quickcheck-devel-0.8.4-2.2 ghc-tasty-rerun-1.1.6-2.4 ghc-tasty-rerun-devel-1.1.6-2.4 ghc-temporary-1.2.0.4-6.2 ghc-temporary-devel-1.2.0.4-6.2 ghc-terminal-size-0.3.2.1-2.2 ghc-terminal-size-devel-0.3.2.1-2.2 ghc-texmath-0.8.6.4-6.2 ghc-texmath-devel-0.8.6.4-6.2 ghc-text-1.2.2.1-6.3 ghc-text-binary-0.2.1-2.2 ghc-text-binary-devel-0.2.1-2.2 ghc-text-devel-1.2.2.1-6.3 ghc-tf-random-0.5-2.3 ghc-tf-random-devel-0.5-2.3 ghc-time-locale-compat-0.1.1.3-2.2 ghc-time-locale-compat-devel-0.1.1.3-2.2 ghc-tls-1.3.8-6.3 ghc-tls-devel-1.3.8-6.3 ghc-torrent-10000.0.0-2.4 ghc-torrent-devel-10000.0.0-2.4 ghc-transformers-base-0.4.4-6.2 ghc-transformers-base-devel-0.4.4-6.2 ghc-transformers-compat-0.4.0.4-6.2 ghc-transformers-compat-devel-0.4.0.4-6.2 ghc-unbounded-delays-0.1.0.9-2.2 ghc-unbounded-delays-devel-0.1.0.9-2.2 ghc-unexceptionalio-0.3.0-2.3 ghc-unexceptionalio-devel-0.3.0-2.3 ghc-unix-compat-0.4.1.4-6.2 ghc-unix-compat-devel-0.4.1.4-6.2 ghc-unix-time-0.3.6-2.3 ghc-unix-time-devel-0.3.6-2.3 ghc-unordered-containers-0.2.7.1-6.4 ghc-unordered-containers-devel-0.2.7.1-6.4 ghc-utf8-string-1.0.1.1-6.4 ghc-utf8-string-devel-1.0.1.1-6.4 ghc-uuid-1.3.12-2.3 ghc-uuid-devel-1.3.12-2.3 ghc-uuid-types-1.0.3-2.3 ghc-uuid-types-devel-1.0.3-2.3 ghc-vault-0.3.0.6-2.4 ghc-vault-devel-0.3.0.6-2.4 ghc-vector-0.11.0.0-6.3 ghc-vector-binary-instances-0.2.3.2-2.2 ghc-vector-binary-instances-devel-0.2.3.2-2.2 ghc-vector-devel-0.11.0.0-6.3 ghc-void-0.7.1-6.2 ghc-void-devel-0.7.1-6.2 ghc-wai-3.2.1.1-2.4 ghc-wai-app-static-3.1.6.1-2.2 ghc-wai-app-static-devel-3.1.6.1-2.2 ghc-wai-devel-3.2.1.1-2.4 ghc-wai-extra-3.0.16.1-2.2 ghc-wai-extra-devel-3.0.16.1-2.2 ghc-wai-logger-2.2.7-2.4 ghc-wai-logger-devel-2.2.7-2.4 ghc-warp-3.2.8-2.4 ghc-warp-devel-3.2.8-2.4 ghc-warp-tls-3.2.2-2.4 ghc-warp-tls-devel-3.2.2-2.4 ghc-wl-pprint-text-1.1.0.4-2.3 ghc-wl-pprint-text-devel-1.1.0.4-2.3 ghc-word8-0.1.2-2.5 ghc-word8-devel-0.1.2-2.5 ghc-x509-1.6.3-6.3 ghc-x509-devel-1.6.3-6.3 ghc-x509-store-1.6.1-6.3 ghc-x509-store-devel-1.6.1-6.3 ghc-x509-system-1.6.3-6.3 ghc-x509-system-devel-1.6.3-6.3 ghc-x509-validation-1.6.3-6.3 ghc-x509-validation-devel-1.6.3-6.3 ghc-xml-1.3.14-6.4 ghc-xml-conduit-1.3.5-2.2 ghc-xml-conduit-devel-1.3.5-2.2 ghc-xml-devel-1.3.14-6.4 ghc-xml-hamlet-0.4.0.11-2.2 ghc-xml-hamlet-devel-0.4.0.11-2.2 ghc-xml-types-0.3.6-2.3 ghc-xml-types-devel-0.3.6-2.3 ghc-xss-sanitize-0.3.5.7-2.4 ghc-xss-sanitize-devel-0.3.5.7-2.4 ghc-yaml-0.8.18-6.3 ghc-yaml-devel-0.8.18-6.3 ghc-yesod-core-1.4.23-2.2 ghc-yesod-core-devel-1.4.23-2.2 ghc-yesod-default-1.2.0-2.2 ghc-yesod-default-devel-1.2.0-2.2 ghc-yesod-form-1.4.7.1-2.2 ghc-yesod-form-devel-1.4.7.1-2.2 ghc-yesod-persistent-1.4.0.6-2.2 ghc-yesod-persistent-devel-1.4.0.6-2.2 ghc-zip-archive-0.2.3.7-6.2 ghc-zip-archive-devel-0.2.3.7-6.2 ghc-zlib-0.6.1.1-6.3 ghc-zlib-bindings-0.1.1.5-2.2 ghc-zlib-bindings-devel-0.1.1.5-2.2 ghc-zlib-devel-0.6.1.1-6.3 happy-1.19.5-2.3 highlighting-kate-0.6.2.1-6.3 hpack-0.14.1-2.3 texmath-0.8.6.4-6.2 - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch): ghc-rpm-macros-1.5.4-9.3 ghc-rpm-macros-1.5.4-9.4 ghc-rpm-macros-extra-1.5.4-9.3 ghc-rpm-macros-extra-1.5.4-9.4 References: From sle-updates at lists.suse.com Mon Sep 26 06:10:26 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Sep 2016 14:10:26 +0200 (CEST) Subject: SUSE-RU-2016:2383-1: Recommended update for mutt Message-ID: <20160926121026.EF06DFC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2383-1 Rating: low References: #961470 #968699 #983722 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The Mutt mail client was updated to version 1.6.0, which brings many new features, fixes and enhancements: - Enable UTF-8 mailbox support for IMAP. - New expandos %r and %R for comma separated list of To: and Cc: recipients respectively. - Improved support for internationalized email and SMTPUTF8 (RFCs 653[0-3]). - Option $use_idn has been renamed to $idn_decode. - New option $idn_encode controls whether outgoing email address domains will be IDNA encoded. If your MTA supports it, unset to use utf-8 email address domains. - The S/MIME message digest algorithm is now specified using the option $smime_sign_digest_alg. Note that $smime_sign_command should be modified to include "-md %d". Please see contrib/smime.rc. - New option $reflow_space_quotes allows format=flowed email quotes to be displayed with spacing between them. - Multipart draft files are now supported. - The "-E" command line argument causes mutt to edit draft or include files. All changes made in mutt will be saved back out to those files. - New option $resume_draft_files and $resume_edited_draft_files control how mutt processes draft files. - For classic gpg mode, $pgp_decryption_okay should be set to verify multipart/encrypted are actually encrypted. Please see contrib/gpg.rc for the suggested value. - mailto URL header parameters by default are now restricted to 'body' and 'subject'. - mailto_allow and unmailto_allow can be used to add or remove allowed mailto header parameters. - The method of setting $hostname has been changed. Instead of scanning /etc/resolv.conf, the domain will now be determined using DNS calls. - Add terminal status-line (TS) support, a.k.a. xterm title. See the following variables: $ts_enabled, $ts_icon_format, $ts_status_format. - Option $ssl_use_sslv3 is now disabled by default. - New command-line arguments: -H now combines template and command-line address arguments. - GnuPG signature name is set to signature.asc. - New color object "prompt" added. - Ability to encrypt postponed messages. See $postpone_encrypt and $postpone_encrypt_as. - History ring now has a scratch buffer. - mail-key is implemented for GPGME. - Removed GPG_AGENT_INFO check for GnuPG 2.1 compatibility. Please set pgp_use_gpg_agent if using GnuPG 2.1 or later. - Option $smime_encrypt_with now defaults to aes256. - GnuPG fingerprints are used internally when possible. "--with-fingerprint" should be added to $pgp_list_pubring_command and $pgp_list_secring_command to enable this. Please see contrib/gpg.rc. Fingerprints may also be used at the prompts for key selection. - Option $crypt_opportunistic_encrypt automatically enables/disables encryption based on message recipients. - Attachments for signed, unencrypted emails may be deleted. - Multiple crypt-hooks may be defined for the same regexp. This means multiple keys may be used for a recipient. - Option $crypt_confirmhook allows the confirmation prompt for crypt-hooks to be disabled. - Option $ssl_ciphers allows the SSL ciphers to be directly set. - sime_keys better handles importing certificate chains. - sime_keys now records certificate purposes (sign/encrypt). Run "sime_keys refresh" to update smime index files. - Option $maildir_check_cur polls the maildir "cur" directory for new mail. - Add support for TLS 1.1/1.2. - Correctly shorten imaps://imap.example.com/INBOX to INBOX, not to NBOX. (bsc#961470) - Recommend installation of perl(Expect) as a useful helper script below the samples depends on it. (bsc#968699) A comprehensive list of changes is available at http://www.mutt.org/doc/ChangeLog Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1383=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1383=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): mutt-1.6.0-54.1 mutt-debuginfo-1.6.0-54.1 mutt-debugsource-1.6.0-54.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): mutt-1.6.0-54.1 mutt-debuginfo-1.6.0-54.1 mutt-debugsource-1.6.0-54.1 References: https://bugzilla.suse.com/961470 https://bugzilla.suse.com/968699 https://bugzilla.suse.com/983722 From sle-updates at lists.suse.com Mon Sep 26 09:10:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Sep 2016 17:10:04 +0200 (CEST) Subject: SUSE-RU-2016:2384-1: Recommended update for python-azure-sdk Message-ID: <20160926151004.88EF9FC43@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-sdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2384-1 Rating: low References: #999200 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-sdk fixes the following issues: - Adds support for smt server deployment. (bsc#999200) - KeyVault Management - Batch and Batch Management - Enhanced libraries compared to 1.0.0 preview + Storage: Create storage accounts, list keys, and more. Latest API version. + Resource: * resources : Create resource groups, register providers and more * features : Manage features of provider and more * authorization : Manage resource group lock and more * subscriptions : Manage subscriptions and more * policy : Manage resources policy among users and more + Network: Create virtual networks, network interfaces, public ips and more + Compute: Create virtual machines, containers and more **BREAKING CHANGES** We made efforts to document the breaking from ARM 1.0.x version to 2.0.0 here If you were already using the 2.0.0RC5 version, there are no breaking changes. **RC6 PACKAGES** All RC6 packages use the latest APIVersion available for these services azure-storage 0.32.0 * Major version. Check the ChangeLog on storage github account for details - Bugfix + Incomplete parsing if XML contains namespace #257 #707 -New + Associate/Dissociate Reserved IP #695 #716 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1384=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-sdk-2.0.0-10.1 References: https://bugzilla.suse.com/999200 From sle-updates at lists.suse.com Mon Sep 26 09:10:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Sep 2016 17:10:36 +0200 (CEST) Subject: SUSE-SU-2016:2385-1: moderate: Security update for libtcnative-1-0 Message-ID: <20160926151036.C6120FC44@maintenance.suse.de> SUSE Security Update: Security update for libtcnative-1-0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2385-1 Rating: moderate References: #938945 Cross-References: CVE-2015-4000 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtcnative-1-0 fixes the following issues: - CVE-2015-4000: Disable 512-bit export-grade cryptography to prevent Logjam vulnerability (bsc#938945) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libtcnative-1-0-12758=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libtcnative-1-0-12758=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtcnative-1-0-1.3.3-12.4.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libtcnative-1-0-debuginfo-1.3.3-12.4.1 libtcnative-1-0-debugsource-1.3.3-12.4.1 References: https://www.suse.com/security/cve/CVE-2015-4000.html https://bugzilla.suse.com/938945 From sle-updates at lists.suse.com Mon Sep 26 11:10:09 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Sep 2016 19:10:09 +0200 (CEST) Subject: SUSE-SU-2016:2387-1: important: Security update for openssl Message-ID: <20160926171009.67753FC43@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2387-1 Rating: important References: #979475 #982575 #982745 #983249 #988591 #990419 #993819 #994749 #994844 #995075 #995324 #995359 #995377 #998190 #999665 #999666 #999668 Cross-References: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 6 fixes is now available. Description: This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Also following bugs were fixed: * update expired S/MIME certs (bsc#979475) * improve s390x performance (bsc#982745) * allow >= 64GB AESGCM transfers (bsc#988591) * fix crash in print_notice (bsc#998190) * resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1386=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1386=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libopenssl1_0_0-1.0.1i-27.21.1 libopenssl1_0_0-32bit-1.0.1i-27.21.1 libopenssl1_0_0-debuginfo-1.0.1i-27.21.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.21.1 libopenssl1_0_0-hmac-1.0.1i-27.21.1 libopenssl1_0_0-hmac-32bit-1.0.1i-27.21.1 openssl-1.0.1i-27.21.1 openssl-debuginfo-1.0.1i-27.21.1 openssl-debugsource-1.0.1i-27.21.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): openssl-doc-1.0.1i-27.21.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-27.21.1 libopenssl1_0_0-debuginfo-1.0.1i-27.21.1 libopenssl1_0_0-hmac-1.0.1i-27.21.1 openssl-1.0.1i-27.21.1 openssl-debuginfo-1.0.1i-27.21.1 openssl-debugsource-1.0.1i-27.21.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-27.21.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.21.1 libopenssl1_0_0-hmac-32bit-1.0.1i-27.21.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): openssl-doc-1.0.1i-27.21.1 References: https://www.suse.com/security/cve/CVE-2016-2177.html https://www.suse.com/security/cve/CVE-2016-2178.html https://www.suse.com/security/cve/CVE-2016-2179.html https://www.suse.com/security/cve/CVE-2016-2180.html https://www.suse.com/security/cve/CVE-2016-2181.html https://www.suse.com/security/cve/CVE-2016-2182.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-6302.html https://www.suse.com/security/cve/CVE-2016-6303.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6306.html https://bugzilla.suse.com/979475 https://bugzilla.suse.com/982575 https://bugzilla.suse.com/982745 https://bugzilla.suse.com/983249 https://bugzilla.suse.com/988591 https://bugzilla.suse.com/990419 https://bugzilla.suse.com/993819 https://bugzilla.suse.com/994749 https://bugzilla.suse.com/994844 https://bugzilla.suse.com/995075 https://bugzilla.suse.com/995324 https://bugzilla.suse.com/995359 https://bugzilla.suse.com/995377 https://bugzilla.suse.com/998190 https://bugzilla.suse.com/999665 https://bugzilla.suse.com/999666 https://bugzilla.suse.com/999668 From sle-updates at lists.suse.com Mon Sep 26 13:09:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Sep 2016 21:09:33 +0200 (CEST) Subject: SUSE-SU-2016:2388-1: moderate: Security update for openssh Message-ID: <20160926190933.1A141FC46@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2388-1 Rating: moderate References: #932483 #948902 #959096 #962313 #962794 #970632 #975865 #981654 #989363 #992533 Cross-References: CVE-2015-8325 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 5 fixes is now available. Description: This update for OpenSSH fixes the following issues: - Prevent user enumeration through the timing of password processing. (bsc#989363, CVE-2016-6210) - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. (bsc#948902) - Sanitize input for xauth(1). (bsc#970632, CVE-2016-3115) - Prevent X11 SECURITY circumvention when forwarding X11 connections. (bsc#962313, CVE-2016-1908) - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option. (bsc#932483, bsc#948902) - Ignore PAM environment when using login. (bsc#975865, CVE-2015-8325) - Limit the accepted password length (prevents a possible denial of service). (bsc#992533, CVE-2016-6515) - Relax version requires for the openssh-askpass sub-package. (bsc#962794) - Avoid complaining about unset DISPLAY variable. (bsc#981654) - Initialize message id to prevent connection breakups in some cases. (bsc#959096) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-openssh-12759=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-openssh-12759=1 - SUSE Manager 2.1: zypper in -t patch sleman21-openssh-12759=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-openssh-12759=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssh-12759=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssh-12759=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): openssh-6.2p2-0.33.2 openssh-askpass-6.2p2-0.33.2 openssh-askpass-gnome-6.2p2-0.33.5 - SUSE Manager Proxy 2.1 (x86_64): openssh-6.2p2-0.33.2 openssh-askpass-6.2p2-0.33.2 openssh-askpass-gnome-6.2p2-0.33.5 - SUSE Manager 2.1 (s390x x86_64): openssh-6.2p2-0.33.2 openssh-askpass-6.2p2-0.33.2 openssh-askpass-gnome-6.2p2-0.33.5 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): openssh-6.2p2-0.33.2 openssh-askpass-6.2p2-0.33.2 openssh-askpass-gnome-6.2p2-0.33.5 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): openssh-6.2p2-0.33.2 openssh-askpass-6.2p2-0.33.2 openssh-askpass-gnome-6.2p2-0.33.5 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssh-askpass-gnome-debuginfo-6.2p2-0.33.5 openssh-debuginfo-6.2p2-0.33.2 openssh-debugsource-6.2p2-0.33.2 References: https://www.suse.com/security/cve/CVE-2015-8325.html https://www.suse.com/security/cve/CVE-2016-1908.html https://www.suse.com/security/cve/CVE-2016-3115.html https://www.suse.com/security/cve/CVE-2016-6210.html https://www.suse.com/security/cve/CVE-2016-6515.html https://bugzilla.suse.com/932483 https://bugzilla.suse.com/948902 https://bugzilla.suse.com/959096 https://bugzilla.suse.com/962313 https://bugzilla.suse.com/962794 https://bugzilla.suse.com/970632 https://bugzilla.suse.com/975865 https://bugzilla.suse.com/981654 https://bugzilla.suse.com/989363 https://bugzilla.suse.com/992533 From sle-updates at lists.suse.com Mon Sep 26 16:09:10 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 00:09:10 +0200 (CEST) Subject: SUSE-RU-2016:2390-1: Recommended update for flac Message-ID: <20160926220910.E6823FC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for flac ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2390-1 Rating: low References: #998612 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes a low severity issue that manifests itself only when building certain packages against flac-devel. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1388=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1388=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1388=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): flac-debuginfo-1.3.0-11.1 flac-debugsource-1.3.0-11.1 flac-devel-1.3.0-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): flac-debuginfo-1.3.0-11.1 flac-debugsource-1.3.0-11.1 libFLAC++6-1.3.0-11.1 libFLAC++6-debuginfo-1.3.0-11.1 libFLAC8-1.3.0-11.1 libFLAC8-debuginfo-1.3.0-11.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libFLAC8-32bit-1.3.0-11.1 libFLAC8-debuginfo-32bit-1.3.0-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flac-debuginfo-1.3.0-11.1 flac-debugsource-1.3.0-11.1 libFLAC++6-1.3.0-11.1 libFLAC++6-debuginfo-1.3.0-11.1 libFLAC8-1.3.0-11.1 libFLAC8-32bit-1.3.0-11.1 libFLAC8-debuginfo-1.3.0-11.1 libFLAC8-debuginfo-32bit-1.3.0-11.1 References: https://bugzilla.suse.com/998612 From sle-updates at lists.suse.com Tue Sep 27 11:10:36 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 19:10:36 +0200 (CEST) Subject: SUSE-RU-2016:2392-1: moderate: Recommended update for lsof Message-ID: <20160927171036.3A0A4FC46@maintenance.suse.de> SUSE Recommended Update: Recommended update for lsof ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2392-1 Rating: moderate References: #995061 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lsof provides the following fixes: - Prevent 'lsof -b' from hanging when NFS server is unavailable. (bsc#995061) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-lsof-12761=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-lsof-12761=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): lsof-4.80-1.33.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): lsof-debuginfo-4.80-1.33.1 lsof-debugsource-4.80-1.33.1 References: https://bugzilla.suse.com/995061 From sle-updates at lists.suse.com Tue Sep 27 11:11:04 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 19:11:04 +0200 (CEST) Subject: SUSE-RU-2016:2393-1: Recommended update for lftp Message-ID: <20160927171104.552FCFC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for lftp ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2393-1 Rating: low References: #975913 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lftp provides the following fixes: - Allow lftp to recover gracefully when IPv6 support is disabled. The lftp client prefers IPv6 addresses by default, but if IPv6 support is disabled in the kernel (i.e. by setting systcl net.ipv6.conf.all.disable_ipv6=1), then lftp would abort with an error rather than falling back to the target machine's IPv4 address. (bsc#975913) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1395=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1395=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): lftp-4.5.1-5.1 lftp-debuginfo-4.5.1-5.1 lftp-debugsource-4.5.1-5.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): lftp-4.5.1-5.1 lftp-debuginfo-4.5.1-5.1 lftp-debugsource-4.5.1-5.1 References: https://bugzilla.suse.com/975913 From sle-updates at lists.suse.com Tue Sep 27 11:11:33 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 19:11:33 +0200 (CEST) Subject: SUSE-SU-2016:2394-1: important: Security update for openssl Message-ID: <20160927171133.6905EFC45@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2394-1 Rating: important References: #979475 #982575 #982745 #983249 #988591 #990419 #993819 #994749 #994844 #995075 #995324 #995359 #995377 #998190 #999665 #999666 #999668 Cross-References: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 6 fixes is now available. Description: This update for openssl fixes the following issues: OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) More information can be found on: https://www.openssl.org/news/secadv/20160922.txt Also following bugs were fixed: * update expired S/MIME certs (bsc#979475) * improve s390x performance (bsc#982745) * allow >= 64GB AESGCM transfers (bsc#988591) * fix crash in print_notice (bsc#998190) * resume reading from /dev/urandom when interrupted by a signal (bsc#995075) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1393=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1393=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1393=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libopenssl-devel-1.0.1i-52.1 openssl-debuginfo-1.0.1i-52.1 openssl-debugsource-1.0.1i-52.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-52.1 libopenssl1_0_0-debuginfo-1.0.1i-52.1 libopenssl1_0_0-hmac-1.0.1i-52.1 openssl-1.0.1i-52.1 openssl-debuginfo-1.0.1i-52.1 openssl-debugsource-1.0.1i-52.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-52.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-52.1 libopenssl1_0_0-hmac-32bit-1.0.1i-52.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): openssl-doc-1.0.1i-52.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libopenssl1_0_0-1.0.1i-52.1 libopenssl1_0_0-32bit-1.0.1i-52.1 libopenssl1_0_0-debuginfo-1.0.1i-52.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-52.1 openssl-1.0.1i-52.1 openssl-debuginfo-1.0.1i-52.1 openssl-debugsource-1.0.1i-52.1 References: https://www.suse.com/security/cve/CVE-2016-2177.html https://www.suse.com/security/cve/CVE-2016-2178.html https://www.suse.com/security/cve/CVE-2016-2179.html https://www.suse.com/security/cve/CVE-2016-2180.html https://www.suse.com/security/cve/CVE-2016-2181.html https://www.suse.com/security/cve/CVE-2016-2182.html https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-6302.html https://www.suse.com/security/cve/CVE-2016-6303.html https://www.suse.com/security/cve/CVE-2016-6304.html https://www.suse.com/security/cve/CVE-2016-6306.html https://bugzilla.suse.com/979475 https://bugzilla.suse.com/982575 https://bugzilla.suse.com/982745 https://bugzilla.suse.com/983249 https://bugzilla.suse.com/988591 https://bugzilla.suse.com/990419 https://bugzilla.suse.com/993819 https://bugzilla.suse.com/994749 https://bugzilla.suse.com/994844 https://bugzilla.suse.com/995075 https://bugzilla.suse.com/995324 https://bugzilla.suse.com/995359 https://bugzilla.suse.com/995377 https://bugzilla.suse.com/998190 https://bugzilla.suse.com/999665 https://bugzilla.suse.com/999666 https://bugzilla.suse.com/999668 From sle-updates at lists.suse.com Tue Sep 27 11:14:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 19:14:23 +0200 (CEST) Subject: SUSE-SU-2016:2395-1: important: Security update for mariadb Message-ID: <20160927171423.A1DF7FC46@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2395-1 Rating: important References: #949520 #998309 Cross-References: CVE-2016-6662 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mariadb to 1.0.0.27 fixes the following issues: Security issue fixed: * CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and , under certain circumstances, execute arbitrary code as mysql (or even root) user. (bsc#998309) * release notes: * https://kb.askmonty.org/en/mariadb-10027-release-notes * changelog: * https://kb.askmonty.org/en/mariadb-10027-changelog Bugs fixed: - Make ORDER BY optimization functions take into account multiple equalities. (bsc#949520) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1394=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1394=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libmysqlclient-devel-10.0.27-20.13.1 libmysqlclient18-10.0.27-20.13.1 libmysqlclient18-32bit-10.0.27-20.13.1 libmysqlclient18-debuginfo-10.0.27-20.13.1 libmysqlclient18-debuginfo-32bit-10.0.27-20.13.1 libmysqlclient_r18-10.0.27-20.13.1 libmysqld-devel-10.0.27-20.13.1 libmysqld18-10.0.27-20.13.1 libmysqld18-debuginfo-10.0.27-20.13.1 mariadb-10.0.27-20.13.1 mariadb-client-10.0.27-20.13.1 mariadb-client-debuginfo-10.0.27-20.13.1 mariadb-debuginfo-10.0.27-20.13.1 mariadb-debugsource-10.0.27-20.13.1 mariadb-errormessages-10.0.27-20.13.1 mariadb-tools-10.0.27-20.13.1 mariadb-tools-debuginfo-10.0.27-20.13.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libmysqlclient-devel-10.0.27-20.13.1 libmysqlclient18-10.0.27-20.13.1 libmysqlclient18-debuginfo-10.0.27-20.13.1 libmysqlclient_r18-10.0.27-20.13.1 libmysqld-devel-10.0.27-20.13.1 libmysqld18-10.0.27-20.13.1 libmysqld18-debuginfo-10.0.27-20.13.1 mariadb-10.0.27-20.13.1 mariadb-client-10.0.27-20.13.1 mariadb-client-debuginfo-10.0.27-20.13.1 mariadb-debuginfo-10.0.27-20.13.1 mariadb-debugsource-10.0.27-20.13.1 mariadb-errormessages-10.0.27-20.13.1 mariadb-tools-10.0.27-20.13.1 mariadb-tools-debuginfo-10.0.27-20.13.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.27-20.13.1 libmysqlclient18-debuginfo-32bit-10.0.27-20.13.1 References: https://www.suse.com/security/cve/CVE-2016-6662.html https://bugzilla.suse.com/949520 https://bugzilla.suse.com/998309 From sle-updates at lists.suse.com Tue Sep 27 11:15:07 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 19:15:07 +0200 (CEST) Subject: SUSE-SU-2016:2396-1: moderate: Security update for apache2-mod_nss Message-ID: <20160927171507.66A34FC45@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2396-1 Rating: moderate References: #972968 #975394 #979688 Cross-References: CVE-2013-4566 CVE-2014-3566 CVE-2015-5244 CVE-2016-3099 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements: - Fix OpenSSL ciphers stopped parsing at +. (CVE-2016-3099) - Created valgrind suppression files to ease debugging. - Implement SSL_PPTYPE_FILTER to call executables to get the key password pins. - Improvements to migrate.pl. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI). - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Fix logical AND support in OpenSSL cipher compatibility. - Correctly handle disabled ciphers. (CVE-2015-5244) - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in NSS. - Add compatibility for mod_ssl-style cipher definitions. - Add TLSv1.2-specific ciphers. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Fix CVE-2013-4566. - Move nss_pcache to /usr/libexec. - Support httpd 2.4+. - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Use apache2-systemd-ask-pass to prompt for a certificate passphrase. (bsc#972968, bsc#975394) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1391=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1391=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): apache2-mod_nss-1.0.14-10.14.3 apache2-mod_nss-debuginfo-1.0.14-10.14.3 apache2-mod_nss-debugsource-1.0.14-10.14.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): apache2-mod_nss-1.0.14-10.14.3 apache2-mod_nss-debuginfo-1.0.14-10.14.3 apache2-mod_nss-debugsource-1.0.14-10.14.3 References: https://www.suse.com/security/cve/CVE-2013-4566.html https://www.suse.com/security/cve/CVE-2014-3566.html https://www.suse.com/security/cve/CVE-2015-5244.html https://www.suse.com/security/cve/CVE-2016-3099.html https://bugzilla.suse.com/972968 https://bugzilla.suse.com/975394 https://bugzilla.suse.com/979688 From sle-updates at lists.suse.com Tue Sep 27 11:15:54 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 19:15:54 +0200 (CEST) Subject: SUSE-SU-2016:2397-1: moderate: Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit Message-ID: <20160927171554.42178FC45@maintenance.suse.de> SUSE Security Update: Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2397-1 Rating: moderate References: #954210 #990856 Cross-References: CVE-2015-8079 CVE-2016-6354 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Various packages included vulnerable parsers generated by "flex". This update provides a fixed "flex" package and also rebuilds of packages that might have security issues caused by the auto generated code. Flex itself was updated to fix a buffer overflow in the generated scanner (bsc#990856, CVE-2016-6354) Packages that were rebuilt with the fixed flex: - at - bogofilter - cyrus-imapd - kdelibs4 - libQtWebKit4 - libbonobo - mdbtools - netpbm - openslp - sgmltool - virtuoso Also libqt5-qtwebkit received an additional security fix: - CVE-2015-8079: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode (bsc#954210). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1390=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1390=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1390=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1390=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): bogofilter-1.2.4-5.3 bogofilter-debuginfo-1.2.4-5.3 bogofilter-debugsource-1.2.4-5.3 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): flex-2.5.37-8.1 flex-debuginfo-2.5.37-8.1 flex-debugsource-2.5.37-8.1 libbonobo-debuginfo-2.32.1-16.1 libbonobo-debugsource-2.32.1-16.1 libbonobo-devel-2.32.1-16.1 libnetpbm-devel-10.66.3-4.1 mdbtools-0.7-5.1 mdbtools-debuginfo-0.7-5.1 mdbtools-debugsource-0.7-5.1 netpbm-debuginfo-10.66.3-4.1 netpbm-debugsource-10.66.3-4.1 openslp-debuginfo-2.0.0-11.1 openslp-debugsource-2.0.0-11.1 openslp-devel-2.0.0-11.1 sgmltool-1.0.9-1075.1 sgmltool-debuginfo-1.0.9-1075.1 sgmltool-debugsource-1.0.9-1075.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le x86_64): libQtWebKit-devel-4.8.6+2.3.3-3.1 libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1 libQtWebKit4-debugsource-4.8.6+2.3.3-3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): at-3.1.14-7.3 at-debuginfo-3.1.14-7.3 at-debugsource-3.1.14-7.3 cyrus-imapd-debuginfo-2.3.18-40.1 cyrus-imapd-debugsource-2.3.18-40.1 flex-2.5.37-8.1 flex-debuginfo-2.5.37-8.1 flex-debugsource-2.5.37-8.1 kdelibs4-debuginfo-4.12.0-7.3 kdelibs4-debugsource-4.12.0-7.3 libbonobo-2.32.1-16.1 libbonobo-debuginfo-2.32.1-16.1 libbonobo-debugsource-2.32.1-16.1 libbonobo-doc-2.32.1-16.1 libbonobo-doc-debuginfo-2.32.1-16.1 libkde4-4.12.0-7.3 libkde4-debuginfo-4.12.0-7.3 libkdecore4-4.12.0-7.3 libkdecore4-debuginfo-4.12.0-7.3 libksuseinstall1-4.12.0-7.3 libksuseinstall1-debuginfo-4.12.0-7.3 libnetpbm11-10.66.3-4.1 libnetpbm11-debuginfo-10.66.3-4.1 netpbm-10.66.3-4.1 netpbm-debuginfo-10.66.3-4.1 netpbm-debugsource-10.66.3-4.1 openslp-2.0.0-11.1 openslp-debuginfo-2.0.0-11.1 openslp-debugsource-2.0.0-11.1 openslp-server-2.0.0-11.1 openslp-server-debuginfo-2.0.0-11.1 perl-Cyrus-IMAP-2.3.18-40.1 perl-Cyrus-IMAP-debuginfo-2.3.18-40.1 perl-Cyrus-SIEVE-managesieve-2.3.18-40.1 perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-40.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64): libQtWebKit4-4.8.6+2.3.3-3.1 libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1 libQtWebKit4-debugsource-4.8.6+2.3.3-3.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): flex-32bit-2.5.37-8.1 flex-debuginfo-32bit-2.5.37-8.1 libbonobo-32bit-2.32.1-16.1 libbonobo-debuginfo-32bit-2.32.1-16.1 libkde4-32bit-4.12.0-7.3 libkde4-debuginfo-32bit-4.12.0-7.3 libkdecore4-32bit-4.12.0-7.3 libkdecore4-debuginfo-32bit-4.12.0-7.3 libksuseinstall1-32bit-4.12.0-7.3 libksuseinstall1-debuginfo-32bit-4.12.0-7.3 libnetpbm11-32bit-10.66.3-4.1 libnetpbm11-debuginfo-32bit-10.66.3-4.1 openslp-32bit-2.0.0-11.1 openslp-debuginfo-32bit-2.0.0-11.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libQtWebKit4-32bit-4.8.6+2.3.3-3.1 libQtWebKit4-debuginfo-32bit-4.8.6+2.3.3-3.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): libbonobo-lang-2.32.1-16.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): at-3.1.14-7.3 at-debuginfo-3.1.14-7.3 at-debugsource-3.1.14-7.3 bogofilter-1.2.4-5.3 bogofilter-debuginfo-1.2.4-5.3 bogofilter-debugsource-1.2.4-5.3 kdelibs4-debuginfo-4.12.0-7.3 kdelibs4-debugsource-4.12.0-7.3 libQtWebKit4-32bit-4.8.6+2.3.3-3.1 libQtWebKit4-4.8.6+2.3.3-3.1 libQtWebKit4-debuginfo-32bit-4.8.6+2.3.3-3.1 libQtWebKit4-debuginfo-4.8.6+2.3.3-3.1 libQtWebKit4-debugsource-4.8.6+2.3.3-3.1 libbonobo-2.32.1-16.1 libbonobo-32bit-2.32.1-16.1 libbonobo-debuginfo-2.32.1-16.1 libbonobo-debuginfo-32bit-2.32.1-16.1 libbonobo-debugsource-2.32.1-16.1 libkde4-32bit-4.12.0-7.3 libkde4-4.12.0-7.3 libkde4-debuginfo-32bit-4.12.0-7.3 libkde4-debuginfo-4.12.0-7.3 libkdecore4-32bit-4.12.0-7.3 libkdecore4-4.12.0-7.3 libkdecore4-debuginfo-32bit-4.12.0-7.3 libkdecore4-debuginfo-4.12.0-7.3 libksuseinstall1-32bit-4.12.0-7.3 libksuseinstall1-4.12.0-7.3 libksuseinstall1-debuginfo-32bit-4.12.0-7.3 libksuseinstall1-debuginfo-4.12.0-7.3 libnetpbm11-10.66.3-4.1 libnetpbm11-32bit-10.66.3-4.1 libnetpbm11-debuginfo-10.66.3-4.1 libnetpbm11-debuginfo-32bit-10.66.3-4.1 netpbm-10.66.3-4.1 netpbm-debuginfo-10.66.3-4.1 netpbm-debugsource-10.66.3-4.1 openslp-2.0.0-11.1 openslp-32bit-2.0.0-11.1 openslp-debuginfo-2.0.0-11.1 openslp-debuginfo-32bit-2.0.0-11.1 openslp-debugsource-2.0.0-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): libbonobo-lang-2.32.1-16.1 References: https://www.suse.com/security/cve/CVE-2015-8079.html https://www.suse.com/security/cve/CVE-2016-6354.html https://bugzilla.suse.com/954210 https://bugzilla.suse.com/990856 From sle-updates at lists.suse.com Tue Sep 27 12:10:03 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 20:10:03 +0200 (CEST) Subject: SUSE-RU-2016:2398-1: moderate: Recommended update for smt Message-ID: <20160927181003.59A55FC44@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2398-1 Rating: moderate References: #986220 #992764 #993765 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for smt fixes the following issues: - Make the curl connect timeout configurable (bsc#992764) - Find migration targets independent of the order of products reported to the API (bsc#986220) Additionally it provides smt-ha for the Public Cloud Module. (bsc#993765, fate#320820) smt-ha: This package extends the basic SMT functionality with registration sharing capabilities. This allows 2 or more SMT servers running at the same time to share the registrations they receive. The following smt.conf options are used. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1396=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1396=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): res-signingkeys-3.0.18-26.1 smt-3.0.18-26.1 smt-debuginfo-3.0.18-26.1 smt-debugsource-3.0.18-26.1 smt-support-3.0.18-26.1 - SUSE Linux Enterprise Module for Public Cloud 12 (ppc64le s390x x86_64): smt-ha-3.0.18-26.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): perl-File-Touch-0.11-2.1 References: https://bugzilla.suse.com/986220 https://bugzilla.suse.com/992764 https://bugzilla.suse.com/993765 From sle-updates at lists.suse.com Tue Sep 27 13:10:06 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 21:10:06 +0200 (CEST) Subject: SUSE-SU-2016:2399-1: critical: Security update for bind Message-ID: <20160927191006.3238FFC44@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2399-1 Rating: critical References: #1000362 Cross-References: CVE-2016-2776 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1399=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1399=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1399=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-46.1 bind-debugsource-9.9.9P1-46.1 bind-devel-9.9.9P1-46.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): bind-9.9.9P1-46.1 bind-chrootenv-9.9.9P1-46.1 bind-debuginfo-9.9.9P1-46.1 bind-debugsource-9.9.9P1-46.1 bind-libs-9.9.9P1-46.1 bind-libs-debuginfo-9.9.9P1-46.1 bind-utils-9.9.9P1-46.1 bind-utils-debuginfo-9.9.9P1-46.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): bind-libs-32bit-9.9.9P1-46.1 bind-libs-debuginfo-32bit-9.9.9P1-46.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): bind-doc-9.9.9P1-46.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): bind-debuginfo-9.9.9P1-46.1 bind-debugsource-9.9.9P1-46.1 bind-libs-32bit-9.9.9P1-46.1 bind-libs-9.9.9P1-46.1 bind-libs-debuginfo-32bit-9.9.9P1-46.1 bind-libs-debuginfo-9.9.9P1-46.1 bind-utils-9.9.9P1-46.1 bind-utils-debuginfo-9.9.9P1-46.1 References: https://www.suse.com/security/cve/CVE-2016-2776.html https://bugzilla.suse.com/1000362 From sle-updates at lists.suse.com Tue Sep 27 13:10:55 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 21:10:55 +0200 (CEST) Subject: SUSE-SU-2016:2401-1: critical: Security update for bind Message-ID: <20160927191055.41ED6FC45@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2401-1 Rating: critical References: #1000362 Cross-References: CVE-2016-2776 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1400=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1400=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): bind-doc-9.9.9P1-28.20.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): bind-9.9.9P1-28.20.1 bind-chrootenv-9.9.9P1-28.20.1 bind-debuginfo-9.9.9P1-28.20.1 bind-debugsource-9.9.9P1-28.20.1 bind-libs-32bit-9.9.9P1-28.20.1 bind-libs-9.9.9P1-28.20.1 bind-libs-debuginfo-32bit-9.9.9P1-28.20.1 bind-libs-debuginfo-9.9.9P1-28.20.1 bind-utils-9.9.9P1-28.20.1 bind-utils-debuginfo-9.9.9P1-28.20.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-28.20.1 bind-chrootenv-9.9.9P1-28.20.1 bind-debuginfo-9.9.9P1-28.20.1 bind-debugsource-9.9.9P1-28.20.1 bind-libs-9.9.9P1-28.20.1 bind-libs-debuginfo-9.9.9P1-28.20.1 bind-utils-9.9.9P1-28.20.1 bind-utils-debuginfo-9.9.9P1-28.20.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-28.20.1 bind-libs-debuginfo-32bit-9.9.9P1-28.20.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bind-doc-9.9.9P1-28.20.1 References: https://www.suse.com/security/cve/CVE-2016-2776.html https://bugzilla.suse.com/1000362 From sle-updates at lists.suse.com Tue Sep 27 13:11:39 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 21:11:39 +0200 (CEST) Subject: SUSE-RU-2016:2403-1: Recommended update for btrfsmaintenance Message-ID: <20160927191139.BB00DFC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsmaintenance ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2403-1 Rating: low References: #986543 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for btrfsmaintenance fixes a couple of typos in the btrfs-balance.sh script. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-btrfsmaintenance-12762=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): btrfsmaintenance-0.1-3.1 References: https://bugzilla.suse.com/986543 From sle-updates at lists.suse.com Tue Sep 27 13:12:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 21:12:05 +0200 (CEST) Subject: SUSE-SU-2016:2404-1: important: Security update for mariadb Message-ID: <20160927191205.297D2FC46@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2404-1 Rating: important References: #949520 #998309 Cross-References: CVE-2016-6662 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mariadb to 1.0.0.27 fixes the following issues: Security issue fixed: * CVE-2016-6662: A malicious user with SQL and filesystem access could create a my.cnf in the datadir and, under certain circumstances, execute arbitrary code as mysql (or even root) user. (bsc#998309) * release notes: * https://kb.askmonty.org/en/mariadb-10027-release-notes * changelog: * https://kb.askmonty.org/en/mariadb-10027-changelog Bugs fixed: - Make ORDER BY optimization functions take into account multiple equalities. (bsc#949520) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1397=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1397=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1397=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1397=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libmysqlclient_r18-10.0.27-12.1 libmysqlclient_r18-32bit-10.0.27-12.1 mariadb-debuginfo-10.0.27-12.1 mariadb-debugsource-10.0.27-12.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libmysqlclient-devel-10.0.27-12.1 libmysqlclient_r18-10.0.27-12.1 libmysqld-devel-10.0.27-12.1 libmysqld18-10.0.27-12.1 libmysqld18-debuginfo-10.0.27-12.1 mariadb-debuginfo-10.0.27-12.1 mariadb-debugsource-10.0.27-12.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libmysqlclient18-10.0.27-12.1 libmysqlclient18-debuginfo-10.0.27-12.1 mariadb-10.0.27-12.1 mariadb-client-10.0.27-12.1 mariadb-client-debuginfo-10.0.27-12.1 mariadb-debuginfo-10.0.27-12.1 mariadb-debugsource-10.0.27-12.1 mariadb-errormessages-10.0.27-12.1 mariadb-tools-10.0.27-12.1 mariadb-tools-debuginfo-10.0.27-12.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libmysqlclient18-32bit-10.0.27-12.1 libmysqlclient18-debuginfo-32bit-10.0.27-12.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libmysqlclient18-10.0.27-12.1 libmysqlclient18-32bit-10.0.27-12.1 libmysqlclient18-debuginfo-10.0.27-12.1 libmysqlclient18-debuginfo-32bit-10.0.27-12.1 libmysqlclient_r18-10.0.27-12.1 libmysqlclient_r18-32bit-10.0.27-12.1 mariadb-10.0.27-12.1 mariadb-client-10.0.27-12.1 mariadb-client-debuginfo-10.0.27-12.1 mariadb-debuginfo-10.0.27-12.1 mariadb-debugsource-10.0.27-12.1 mariadb-errormessages-10.0.27-12.1 References: https://www.suse.com/security/cve/CVE-2016-6662.html https://bugzilla.suse.com/949520 https://bugzilla.suse.com/998309 From sle-updates at lists.suse.com Tue Sep 27 14:09:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Sep 2016 22:09:44 +0200 (CEST) Subject: SUSE-SU-2016:2405-1: critical: Security update for bind Message-ID: <20160927200944.B5034FC46@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2405-1 Rating: critical References: #1000362 Cross-References: CVE-2016-2776 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The nameserver bind was updated to fix a remote denial of service vulnerability, where a crafted packet could cause the nameserver to abort. (CVE-2016-2776, bsc#1000362) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bind-12763=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bind-12763=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bind-12763=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-12763=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-12763=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-12763=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-bind-12763=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-12763=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-12763=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-bind-12763=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-bind-12763=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): bind-9.9.6P1-0.30.1 bind-chrootenv-9.9.6P1-0.30.1 bind-doc-9.9.6P1-0.30.1 bind-libs-32bit-9.9.6P1-0.30.1 bind-libs-9.9.6P1-0.30.1 bind-utils-9.9.6P1-0.30.1 - SUSE Manager Proxy 2.1 (x86_64): bind-9.9.6P1-0.30.1 bind-chrootenv-9.9.6P1-0.30.1 bind-doc-9.9.6P1-0.30.1 bind-libs-32bit-9.9.6P1-0.30.1 bind-libs-9.9.6P1-0.30.1 bind-utils-9.9.6P1-0.30.1 - SUSE Manager 2.1 (s390x x86_64): bind-9.9.6P1-0.30.1 bind-chrootenv-9.9.6P1-0.30.1 bind-doc-9.9.6P1-0.30.1 bind-libs-32bit-9.9.6P1-0.30.1 bind-libs-9.9.6P1-0.30.1 bind-utils-9.9.6P1-0.30.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.30.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.30.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.30.1 bind-chrootenv-9.9.6P1-0.30.1 bind-doc-9.9.6P1-0.30.1 bind-libs-9.9.6P1-0.30.1 bind-utils-9.9.6P1-0.30.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.30.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.30.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.30.1 bind-chrootenv-9.9.6P1-0.30.1 bind-doc-9.9.6P1-0.30.1 bind-libs-9.9.6P1-0.30.1 bind-utils-9.9.6P1-0.30.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.30.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.30.1 bind-chrootenv-9.9.6P1-0.30.1 bind-devel-9.9.6P1-0.30.1 bind-doc-9.9.6P1-0.30.1 bind-libs-9.9.6P1-0.30.1 bind-utils-9.9.6P1-0.30.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.30.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.30.1 bind-chrootenv-9.9.6P1-0.30.1 bind-doc-9.9.6P1-0.30.1 bind-libs-9.9.6P1-0.30.1 bind-utils-9.9.6P1-0.30.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.30.1 bind-debugsource-9.9.6P1-0.30.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.30.1 bind-debugsource-9.9.6P1-0.30.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): bind-debuginfo-9.9.6P1-0.30.1 bind-debugsource-9.9.6P1-0.30.1 References: https://www.suse.com/security/cve/CVE-2016-2776.html https://bugzilla.suse.com/1000362 From sle-updates at lists.suse.com Wed Sep 28 07:09:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Sep 2016 15:09:46 +0200 (CEST) Subject: SUSE-SU-2016:2408-1: important: Security update for php5 Message-ID: <20160928130946.ABCF2FC44@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2408-1 Rating: important References: #987530 #987580 #988032 #991422 #991424 #991426 #991427 #991428 #991429 #991430 #991433 #991434 #991437 #997206 #997207 #997208 #997210 #997211 #997220 #997225 #997230 #997248 #997257 Cross-References: CVE-2014-3587 CVE-2016-3587 CVE-2016-5399 CVE-2016-6128 CVE-2016-6161 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7134 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This update for php5 fixes the following security issues: * CVE-2016-6128: Invalid color index not properly handled [bsc#987580] * CVE-2016-6161: global out of bounds read when encoding gif from malformed input withgd2togif [bsc#988032] * CVE-2016-6292: Null pointer dereference in exif_process_user_comment [bsc#991422] * CVE-2016-6295: Use after free in SNMP with GC and unserialize() [bsc#991424] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE [bsc#991427] * CVE-2016-6289: Integer overflow leads to buffer overflow in virtual_file_ex [bsc#991428] * CVE-2016-6290: Use after free in unserialize() with Unexpected Session Deserialization [bsc#991429] * CVE-2016-5399: Improper error handling in bzread() [bsc#991430] * CVE-2016-6296: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c [bsc#991437] * CVE-2016-6207: Integer overflow error within _gdContributionsAlloc() [bsc#991434] * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6288: Buffer over-read in php_url_parse_ex [bsc#991433] * CVE-2016-7124: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed arbitrary write access * CVE-2016-7128: Memory Leakage In exif_process_IFD_in_TIFF * CVE-2016-7129: wddx_deserialize allowed illegal memory access * CVE-2016-7130: wddx_deserialize null dereference * CVE-2016-7131: wddx_deserialize null dereference with invalid xml * CVE-2016-7132: wddx_deserialize null dereference in php_wddx_pop_element * CVE-2016-7134: Heap overflow in the function curl_escape Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1403=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1403=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-73.1 php5-debugsource-5.5.14-73.1 php5-devel-5.5.14-73.1 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): apache2-mod_php5-5.5.14-73.1 apache2-mod_php5-debuginfo-5.5.14-73.1 php5-5.5.14-73.1 php5-bcmath-5.5.14-73.1 php5-bcmath-debuginfo-5.5.14-73.1 php5-bz2-5.5.14-73.1 php5-bz2-debuginfo-5.5.14-73.1 php5-calendar-5.5.14-73.1 php5-calendar-debuginfo-5.5.14-73.1 php5-ctype-5.5.14-73.1 php5-ctype-debuginfo-5.5.14-73.1 php5-curl-5.5.14-73.1 php5-curl-debuginfo-5.5.14-73.1 php5-dba-5.5.14-73.1 php5-dba-debuginfo-5.5.14-73.1 php5-debuginfo-5.5.14-73.1 php5-debugsource-5.5.14-73.1 php5-dom-5.5.14-73.1 php5-dom-debuginfo-5.5.14-73.1 php5-enchant-5.5.14-73.1 php5-enchant-debuginfo-5.5.14-73.1 php5-exif-5.5.14-73.1 php5-exif-debuginfo-5.5.14-73.1 php5-fastcgi-5.5.14-73.1 php5-fastcgi-debuginfo-5.5.14-73.1 php5-fileinfo-5.5.14-73.1 php5-fileinfo-debuginfo-5.5.14-73.1 php5-fpm-5.5.14-73.1 php5-fpm-debuginfo-5.5.14-73.1 php5-ftp-5.5.14-73.1 php5-ftp-debuginfo-5.5.14-73.1 php5-gd-5.5.14-73.1 php5-gd-debuginfo-5.5.14-73.1 php5-gettext-5.5.14-73.1 php5-gettext-debuginfo-5.5.14-73.1 php5-gmp-5.5.14-73.1 php5-gmp-debuginfo-5.5.14-73.1 php5-iconv-5.5.14-73.1 php5-iconv-debuginfo-5.5.14-73.1 php5-imap-5.5.14-73.1 php5-imap-debuginfo-5.5.14-73.1 php5-intl-5.5.14-73.1 php5-intl-debuginfo-5.5.14-73.1 php5-json-5.5.14-73.1 php5-json-debuginfo-5.5.14-73.1 php5-ldap-5.5.14-73.1 php5-ldap-debuginfo-5.5.14-73.1 php5-mbstring-5.5.14-73.1 php5-mbstring-debuginfo-5.5.14-73.1 php5-mcrypt-5.5.14-73.1 php5-mcrypt-debuginfo-5.5.14-73.1 php5-mysql-5.5.14-73.1 php5-mysql-debuginfo-5.5.14-73.1 php5-odbc-5.5.14-73.1 php5-odbc-debuginfo-5.5.14-73.1 php5-opcache-5.5.14-73.1 php5-opcache-debuginfo-5.5.14-73.1 php5-openssl-5.5.14-73.1 php5-openssl-debuginfo-5.5.14-73.1 php5-pcntl-5.5.14-73.1 php5-pcntl-debuginfo-5.5.14-73.1 php5-pdo-5.5.14-73.1 php5-pdo-debuginfo-5.5.14-73.1 php5-pgsql-5.5.14-73.1 php5-pgsql-debuginfo-5.5.14-73.1 php5-phar-5.5.14-73.1 php5-phar-debuginfo-5.5.14-73.1 php5-posix-5.5.14-73.1 php5-posix-debuginfo-5.5.14-73.1 php5-pspell-5.5.14-73.1 php5-pspell-debuginfo-5.5.14-73.1 php5-shmop-5.5.14-73.1 php5-shmop-debuginfo-5.5.14-73.1 php5-snmp-5.5.14-73.1 php5-snmp-debuginfo-5.5.14-73.1 php5-soap-5.5.14-73.1 php5-soap-debuginfo-5.5.14-73.1 php5-sockets-5.5.14-73.1 php5-sockets-debuginfo-5.5.14-73.1 php5-sqlite-5.5.14-73.1 php5-sqlite-debuginfo-5.5.14-73.1 php5-suhosin-5.5.14-73.1 php5-suhosin-debuginfo-5.5.14-73.1 php5-sysvmsg-5.5.14-73.1 php5-sysvmsg-debuginfo-5.5.14-73.1 php5-sysvsem-5.5.14-73.1 php5-sysvsem-debuginfo-5.5.14-73.1 php5-sysvshm-5.5.14-73.1 php5-sysvshm-debuginfo-5.5.14-73.1 php5-tokenizer-5.5.14-73.1 php5-tokenizer-debuginfo-5.5.14-73.1 php5-wddx-5.5.14-73.1 php5-wddx-debuginfo-5.5.14-73.1 php5-xmlreader-5.5.14-73.1 php5-xmlreader-debuginfo-5.5.14-73.1 php5-xmlrpc-5.5.14-73.1 php5-xmlrpc-debuginfo-5.5.14-73.1 php5-xmlwriter-5.5.14-73.1 php5-xmlwriter-debuginfo-5.5.14-73.1 php5-xsl-5.5.14-73.1 php5-xsl-debuginfo-5.5.14-73.1 php5-zip-5.5.14-73.1 php5-zip-debuginfo-5.5.14-73.1 php5-zlib-5.5.14-73.1 php5-zlib-debuginfo-5.5.14-73.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-73.1 References: https://www.suse.com/security/cve/CVE-2014-3587.html https://www.suse.com/security/cve/CVE-2016-3587.html https://www.suse.com/security/cve/CVE-2016-5399.html https://www.suse.com/security/cve/CVE-2016-6128.html https://www.suse.com/security/cve/CVE-2016-6161.html https://www.suse.com/security/cve/CVE-2016-6207.html https://www.suse.com/security/cve/CVE-2016-6288.html https://www.suse.com/security/cve/CVE-2016-6289.html https://www.suse.com/security/cve/CVE-2016-6290.html https://www.suse.com/security/cve/CVE-2016-6291.html https://www.suse.com/security/cve/CVE-2016-6292.html https://www.suse.com/security/cve/CVE-2016-6295.html https://www.suse.com/security/cve/CVE-2016-6296.html https://www.suse.com/security/cve/CVE-2016-6297.html https://www.suse.com/security/cve/CVE-2016-7124.html https://www.suse.com/security/cve/CVE-2016-7125.html https://www.suse.com/security/cve/CVE-2016-7126.html https://www.suse.com/security/cve/CVE-2016-7127.html https://www.suse.com/security/cve/CVE-2016-7128.html https://www.suse.com/security/cve/CVE-2016-7129.html https://www.suse.com/security/cve/CVE-2016-7130.html https://www.suse.com/security/cve/CVE-2016-7131.html https://www.suse.com/security/cve/CVE-2016-7132.html https://www.suse.com/security/cve/CVE-2016-7134.html https://bugzilla.suse.com/987530 https://bugzilla.suse.com/987580 https://bugzilla.suse.com/988032 https://bugzilla.suse.com/991422 https://bugzilla.suse.com/991424 https://bugzilla.suse.com/991426 https://bugzilla.suse.com/991427 https://bugzilla.suse.com/991428 https://bugzilla.suse.com/991429 https://bugzilla.suse.com/991430 https://bugzilla.suse.com/991433 https://bugzilla.suse.com/991434 https://bugzilla.suse.com/991437 https://bugzilla.suse.com/997206 https://bugzilla.suse.com/997207 https://bugzilla.suse.com/997208 https://bugzilla.suse.com/997210 https://bugzilla.suse.com/997211 https://bugzilla.suse.com/997220 https://bugzilla.suse.com/997225 https://bugzilla.suse.com/997230 https://bugzilla.suse.com/997248 https://bugzilla.suse.com/997257 From sle-updates at lists.suse.com Thu Sep 29 04:10:14 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Sep 2016 12:10:14 +0200 (CEST) Subject: SUSE-RU-2016:2410-1: Recommended update for kiwi Message-ID: <20160929101014.873C8FC46@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2410-1 Rating: low References: #986602 #988087 #991218 #992875 #992988 #992989 #992992 #993825 #994910 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update provides KIWI v7.02.104, which brings several fixes and enhancements: - Fixed bootloader configuration: Custom kernel parameters should be added to GRUB_CMDLINE_LINUX and not GRUB_CMDLINE_LINUX_DEFAULT. (bsc#994910) - Now waitForStorageDevice method has set a timeout of 4 seconds instead of 60 if the device is a usb. GetDeviceTransportType method has been added in order to determine device type (usb, sata, etc.). (bsc#992992) - Preserve timestamp on grub2-install copy: In order to workaround the bug in shim-install which unnecessarily calls grub2-install we replace the binary by a noop before calling shim-install. However all file attributes of the grub2-install binary, timestamp, modes, etc should stay untouched. (bsc#993825) - Fixed setupNetworkWicked: IP address information from wicked dhcp reply consists out of two parts but we are only interested in the plain IPv4 address information at this point. (bsc#992989) - Make sure DHCPCHADDR is uppercase. (bsc#992988) - Fixed setup of container configuration: An empty fstab file is created, the former deletion of a potentially existing fstab failed if no such file existed. (bsc#991218) - Remove null padding on the vmware disk tag: The block of data read via dd is null padded; adding the tools data after the padding breaks detection of the data. We need to remove the nulls (0x0) so appends can occur adjacent to the block of strings. Also adding the encoding statement to vmware disk tag only if not present (bsc#988087) - Fixed createOVFConfiguration: Make sure destination directory exists prior to moving data. (bsc#986602) - Protect systemd-detect-virt from being deleted in the kiwi initrd. (bsc#992875) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2016-1404=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1404=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1404=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kiwi-pxeboot-7.02.104-45.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kiwi-7.02.104-45.1 kiwi-debugsource-7.02.104-45.1 kiwi-desc-netboot-7.02.104-45.1 kiwi-desc-oemboot-7.02.104-45.1 kiwi-desc-vmxboot-7.02.104-45.1 kiwi-templates-7.02.104-45.1 kiwi-tools-7.02.104-45.1 kiwi-tools-debuginfo-7.02.104-45.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): kiwi-doc-7.02.104-45.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kiwi-desc-isoboot-7.02.104-45.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kiwi-debugsource-7.02.104-45.1 kiwi-tools-7.02.104-45.1 kiwi-tools-debuginfo-7.02.104-45.1 References: https://bugzilla.suse.com/986602 https://bugzilla.suse.com/988087 https://bugzilla.suse.com/991218 https://bugzilla.suse.com/992875 https://bugzilla.suse.com/992988 https://bugzilla.suse.com/992989 https://bugzilla.suse.com/992992 https://bugzilla.suse.com/993825 https://bugzilla.suse.com/994910 From sle-updates at lists.suse.com Thu Sep 29 07:11:22 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Sep 2016 15:11:22 +0200 (CEST) Subject: SUSE-OU-2016:2412-1: Optional update for DirectFB, fltk, libgnomecups, libgsm, mlocate, vlan Message-ID: <20160929131122.25635FC46@maintenance.suse.de> SUSE Optional Update: Optional update for DirectFB, fltk, libgnomecups, libgsm, mlocate, vlan ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2412-1 Rating: low References: #1001359 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update provides rebuilds of a few packages in order to synchronize their binaries on all architectures of SUSE Linux Enterprise Server 12. The following packages have been rebuilt: DirectFB, fltk, libgnomecups, libgsm, mlocate, vlan. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1406=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1406=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1406=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1406=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): DirectFB-debugsource-1.7.1-6.1 libdirectfb-1_7-1-32bit-1.7.1-6.1 libdirectfb-1_7-1-debuginfo-32bit-1.7.1-6.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): DirectFB-debuginfo-1.7.1-6.1 DirectFB-debugsource-1.7.1-6.1 DirectFB-devel-1.7.1-6.1 fltk-debugsource-1.3.2-12.1 fltk-devel-1.3.2-12.1 fltk-devel-debuginfo-1.3.2-12.1 fltk-devel-static-1.3.2-12.1 lib++dfb-devel-1.7.1-6.1 libgnomecups-debuginfo-0.2.3-141.1 libgnomecups-debugsource-0.2.3-141.1 libgnomecups-devel-0.2.3-141.1 libgsm-debugsource-1.0.13-29.1 libgsm-devel-1.0.13-29.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): DirectFB-1.7.1-6.1 DirectFB-debuginfo-1.7.1-6.1 DirectFB-debugsource-1.7.1-6.1 fltk-debugsource-1.3.2-12.1 lib++dfb-1_7-1-1.7.1-6.1 lib++dfb-1_7-1-debuginfo-1.7.1-6.1 libdirectfb-1_7-1-1.7.1-6.1 libdirectfb-1_7-1-debuginfo-1.7.1-6.1 libfltk1-1.3.2-12.1 libfltk1-debuginfo-1.3.2-12.1 libgnomecups-0.2.3-141.1 libgnomecups-debuginfo-0.2.3-141.1 libgnomecups-debugsource-0.2.3-141.1 libgsm-debugsource-1.0.13-29.1 libgsm1-1.0.13-29.1 libgsm1-debuginfo-1.0.13-29.1 mlocate-0.26-7.1 mlocate-debuginfo-0.26-7.1 mlocate-debugsource-0.26-7.1 vlan-1.9-144.1 vlan-debuginfo-1.9-144.1 vlan-debugsource-1.9-144.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libgnomecups-32bit-0.2.3-141.1 libgnomecups-debuginfo-32bit-0.2.3-141.1 libgsm1-32bit-1.0.13-29.1 libgsm1-debuginfo-32bit-1.0.13-29.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): libgnomecups-lang-0.2.3-141.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): DirectFB-1.7.1-6.1 DirectFB-debuginfo-1.7.1-6.1 DirectFB-debugsource-1.7.1-6.1 fltk-debugsource-1.3.2-12.1 lib++dfb-1_7-1-1.7.1-6.1 lib++dfb-1_7-1-debuginfo-1.7.1-6.1 libdirectfb-1_7-1-1.7.1-6.1 libdirectfb-1_7-1-32bit-1.7.1-6.1 libdirectfb-1_7-1-debuginfo-1.7.1-6.1 libdirectfb-1_7-1-debuginfo-32bit-1.7.1-6.1 libfltk1-1.3.2-12.1 libfltk1-debuginfo-1.3.2-12.1 libgnomecups-0.2.3-141.1 libgnomecups-32bit-0.2.3-141.1 libgnomecups-debuginfo-0.2.3-141.1 libgnomecups-debuginfo-32bit-0.2.3-141.1 libgnomecups-debugsource-0.2.3-141.1 libgsm-debugsource-1.0.13-29.1 libgsm1-1.0.13-29.1 libgsm1-32bit-1.0.13-29.1 libgsm1-debuginfo-1.0.13-29.1 libgsm1-debuginfo-32bit-1.0.13-29.1 mlocate-0.26-7.1 mlocate-debuginfo-0.26-7.1 mlocate-debugsource-0.26-7.1 vlan-1.9-144.1 vlan-debuginfo-1.9-144.1 vlan-debugsource-1.9-144.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): libgnomecups-lang-0.2.3-141.1 References: https://bugzilla.suse.com/1001359 From sle-updates at lists.suse.com Thu Sep 29 09:10:16 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Sep 2016 17:10:16 +0200 (CEST) Subject: SUSE-RU-2016:2413-1: moderate: Recommended update for libxml2 Message-ID: <20160929151016.084D0FC44@maintenance.suse.de> SUSE Recommended Update: Recommended update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2413-1 Rating: moderate References: #996079 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libxml2 fixes an issue when processing external entities introduced with the fix for CVE-2014-0191. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-12765=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-12765=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-12765=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.47.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.47.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.47.1 libxml2-doc-2.7.6-0.47.1 libxml2-python-2.7.6-0.47.3 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.47.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.47.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.47.1 libxml2-debugsource-2.7.6-0.47.1 libxml2-python-debuginfo-2.7.6-0.47.3 libxml2-python-debugsource-2.7.6-0.47.3 References: https://bugzilla.suse.com/996079 From sle-updates at lists.suse.com Thu Sep 29 09:10:44 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Sep 2016 17:10:44 +0200 (CEST) Subject: SUSE-SU-2016:2414-1: important: Security update for postgresql93 Message-ID: <20160929151044.C650DFC46@maintenance.suse.de> SUSE Security Update: Security update for postgresql93 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2414-1 Rating: important References: #973660 #993453 #993454 Cross-References: CVE-2016-5423 CVE-2016-5424 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for postgresql93 to version 9.3.14 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453). This non-security issue was fixed: - bsc#973660: Added "Requires: timezone" to Service Pack For additional non-security issues please refer to - http://www.postgresql.org/docs/9.3/static/release-9-3-14.html - http://www.postgresql.org/docs/9.3/static/release-9-3-13.html - http://www.postgresql.org/docs/9.4/static/release-9-3-12.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1407=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1407=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): postgresql93-docs-9.3.14-19.2 - SUSE Linux Enterprise Server for SAP 12 (x86_64): postgresql93-9.3.14-19.2 postgresql93-contrib-9.3.14-19.2 postgresql93-contrib-debuginfo-9.3.14-19.2 postgresql93-debuginfo-9.3.14-19.2 postgresql93-debugsource-9.3.14-19.2 postgresql93-server-9.3.14-19.2 postgresql93-server-debuginfo-9.3.14-19.2 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): postgresql93-9.3.14-19.2 postgresql93-contrib-9.3.14-19.2 postgresql93-contrib-debuginfo-9.3.14-19.2 postgresql93-debuginfo-9.3.14-19.2 postgresql93-debugsource-9.3.14-19.2 postgresql93-server-9.3.14-19.2 postgresql93-server-debuginfo-9.3.14-19.2 - SUSE Linux Enterprise Server 12-LTSS (noarch): postgresql93-docs-9.3.14-19.2 References: https://www.suse.com/security/cve/CVE-2016-5423.html https://www.suse.com/security/cve/CVE-2016-5424.html https://bugzilla.suse.com/973660 https://bugzilla.suse.com/993453 https://bugzilla.suse.com/993454 From sle-updates at lists.suse.com Thu Sep 29 09:11:32 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Sep 2016 17:11:32 +0200 (CEST) Subject: SUSE-SU-2016:2415-1: important: Security update for postgresql94 Message-ID: <20160929151132.1B94EFC45@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2415-1 Rating: important References: #973660 #993453 #993454 Cross-References: CVE-2016-5423 CVE-2016-5424 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453). This non-security issue was fixed: - bsc#973660: Added "Requires: timezone" to Service Pack For additional non-security issues please refer to - http://www.postgresql.org/docs/9.4/static/release-9-4-9.html - http://www.postgresql.org/docs/9.4/static/release-9-4-8.html - http://www.postgresql.org/docs/9.4/static/release-9-4-7.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1409=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1409=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1409=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): postgresql94-devel-9.4.9-14.1 postgresql94-devel-debuginfo-9.4.9-14.1 postgresql94-libs-debugsource-9.4.9-14.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libecpg6-9.4.9-14.1 libecpg6-debuginfo-9.4.9-14.1 libpq5-9.4.9-14.1 libpq5-debuginfo-9.4.9-14.1 postgresql94-9.4.9-14.1 postgresql94-contrib-9.4.9-14.1 postgresql94-contrib-debuginfo-9.4.9-14.1 postgresql94-debuginfo-9.4.9-14.1 postgresql94-debugsource-9.4.9-14.1 postgresql94-libs-debugsource-9.4.9-14.1 postgresql94-server-9.4.9-14.1 postgresql94-server-debuginfo-9.4.9-14.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpq5-32bit-9.4.9-14.1 libpq5-debuginfo-32bit-9.4.9-14.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): postgresql94-docs-9.4.9-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libecpg6-9.4.9-14.1 libecpg6-debuginfo-9.4.9-14.1 libpq5-32bit-9.4.9-14.1 libpq5-9.4.9-14.1 libpq5-debuginfo-32bit-9.4.9-14.1 libpq5-debuginfo-9.4.9-14.1 postgresql94-9.4.9-14.1 postgresql94-debuginfo-9.4.9-14.1 postgresql94-debugsource-9.4.9-14.1 postgresql94-libs-debugsource-9.4.9-14.1 References: https://www.suse.com/security/cve/CVE-2016-5423.html https://www.suse.com/security/cve/CVE-2016-5424.html https://bugzilla.suse.com/973660 https://bugzilla.suse.com/993453 https://bugzilla.suse.com/993454 From sle-updates at lists.suse.com Thu Sep 29 11:10:00 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Sep 2016 19:10:00 +0200 (CEST) Subject: SUSE-SU-2016:2416-1: important: Security update for pidgin Message-ID: <20160929171000.52B74FC44@maintenance.suse.de> SUSE Security Update: Security update for pidgin ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2416-1 Rating: important References: #991691 #991709 #991711 #991712 #991715 Cross-References: CVE-2016-2367 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 CVE-2016-2373 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for pidgin fixes the following issues: Security issues fixed: - CVE-2016-2367: Fixed a MXIT Avatar Length Memory Disclosure Vulnerability (bsc#991715). - CVE-2016-2370: Fixed a MXIT Custom Resource Denial of Service Vulnerability (bsc#991712). - CVE-2016-2371: Fixed a MXIT Extended Profiles Code Execution Vulnerability (bsc#991691). - CVE-2016-2372: Fixed a MXIT File Transfer Length Memory Disclosure Vulnerability (bsc#991711). - CVE-2016-2373: Fixed a MXIT Contact Mood Denial of Service Vulnerability (bsc#991709) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-pidgin-12767=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-pidgin-12767=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): finch-2.6.6-0.29.1 finch-devel-2.6.6-0.29.1 libpurple-2.6.6-0.29.1 libpurple-devel-2.6.6-0.29.1 libpurple-lang-2.6.6-0.29.1 pidgin-2.6.6-0.29.1 pidgin-devel-2.6.6-0.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): pidgin-debuginfo-2.6.6-0.29.1 pidgin-debugsource-2.6.6-0.29.1 References: https://www.suse.com/security/cve/CVE-2016-2367.html https://www.suse.com/security/cve/CVE-2016-2370.html https://www.suse.com/security/cve/CVE-2016-2371.html https://www.suse.com/security/cve/CVE-2016-2372.html https://www.suse.com/security/cve/CVE-2016-2373.html https://bugzilla.suse.com/991691 https://bugzilla.suse.com/991709 https://bugzilla.suse.com/991711 https://bugzilla.suse.com/991712 https://bugzilla.suse.com/991715 From sle-updates at lists.suse.com Thu Sep 29 11:10:58 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Sep 2016 19:10:58 +0200 (CEST) Subject: SUSE-RU-2016:2417-1: Recommended update for seccheck Message-ID: <20160929171058.6F483FC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for seccheck ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2417-1 Rating: low References: #985802 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for seccheck provides the following fixes: - Replace leading whitespaces by tabs in mail templates to avoid problems with HERE-documents processing done by the shell. (bsc#985802) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1410=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): seccheck-3.0-14.1 References: https://bugzilla.suse.com/985802 From sle-updates at lists.suse.com Thu Sep 29 11:11:34 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Sep 2016 19:11:34 +0200 (CEST) Subject: SUSE-SU-2016:2418-1: important: Security update for postgresql94 Message-ID: <20160929171135.00104FC45@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:2418-1 Rating: important References: #993453 #993454 Cross-References: CVE-2016-5423 CVE-2016-5424 Affected Products: SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed: - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs' handling of special characters in database and role names (bsc#993453). For the non-security issues please refer to - http://www.postgresql.org/docs/9.4/static/release-9-4-9.html - http://www.postgresql.org/docs/9.4/static/release-9-4-8.html - http://www.postgresql.org/docs/9.4/static/release-9-4-7.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-postgresql94-12766=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-postgresql94-12766=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-postgresql94-12766=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-postgresql94-12766=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (s390x x86_64): postgresql94-pltcl-9.4.9-0.19.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-devel-9.4.9-0.19.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libecpg6-9.4.9-0.19.1 libpq5-9.4.9-0.19.1 postgresql94-9.4.9-0.19.1 postgresql94-contrib-9.4.9-0.19.1 postgresql94-docs-9.4.9-0.19.1 postgresql94-server-9.4.9-0.19.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libpq5-32bit-9.4.9-0.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): postgresql94-debuginfo-9.4.9-0.19.1 postgresql94-debugsource-9.4.9-0.19.1 postgresql94-libs-debuginfo-9.4.9-0.19.1 postgresql94-libs-debugsource-9.4.9-0.19.1 References: https://www.suse.com/security/cve/CVE-2016-5423.html https://www.suse.com/security/cve/CVE-2016-5424.html https://bugzilla.suse.com/993453 https://bugzilla.suse.com/993454 From sle-updates at lists.suse.com Thu Sep 29 13:09:27 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Sep 2016 21:09:27 +0200 (CEST) Subject: SUSE-RU-2016:2419-1: moderate: Recommended update for irqbalance Message-ID: <20160929190927.B0574FC44@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2419-1 Rating: moderate References: #1000291 #996056 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for irqbalance fixes the following issues: - A potential segmentation fault due to incorrect error handling. (bsc#996056) - A memory leak on systems without PCI devices like AWS EC2 PV VMs. (bsc#1000291) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-irqbalance-12768=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-irqbalance-12768=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): irqbalance-1.0.4-0.20.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): irqbalance-debuginfo-1.0.4-0.20.1 irqbalance-debugsource-1.0.4-0.20.1 References: https://bugzilla.suse.com/1000291 https://bugzilla.suse.com/996056 From sle-updates at lists.suse.com Thu Sep 29 13:10:05 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Sep 2016 21:10:05 +0200 (CEST) Subject: SUSE-OU-2016:2420-1: Initial release of php5-APCu Message-ID: <20160929191005.3527CFC45@maintenance.suse.de> SUSE Optional Update: Initial release of php5-APCu ______________________________________________________________________________ Announcement ID: SUSE-OU-2016:2420-1 Rating: low References: #975517 #980686 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: This update adds php5-APCu to the SLE Web & Scripting Module 12. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1413=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1413=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php5-APCu-debuginfo-4.0.10-5.3 php5-APCu-debugsource-4.0.10-5.3 php5-APCu-devel-4.0.10-5.3 - SUSE Linux Enterprise Module for Web Scripting 12 (ppc64le s390x x86_64): php5-APCu-4.0.10-5.3 php5-APCu-debuginfo-4.0.10-5.3 php5-APCu-debugsource-4.0.10-5.3 References: https://bugzilla.suse.com/975517 https://bugzilla.suse.com/980686 From sle-updates at lists.suse.com Thu Sep 29 14:09:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Sep 2016 22:09:46 +0200 (CEST) Subject: SUSE-RU-2016:2421-1: Recommended update for zypper-migration-plugin Message-ID: <20160929200946.0B966FC44@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper-migration-plugin ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2421-1 Rating: low References: #984324 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zypper-migration-plugin provides the following fixes: - Pass "--cleanup-algorithm=number" and "--userdata important=yes" parameters to snapper when creating snapshots, like YaST migration does. (bsc#984324) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2016-1415=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2016-1415=1 - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-1415=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-1415=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): zypper-migration-plugin-0.10-18.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): zypper-migration-plugin-0.10-18.1 - SUSE Linux Enterprise Server 12 (noarch): zypper-migration-plugin-0.10-18.1 - SUSE Linux Enterprise Desktop 12 (noarch): zypper-migration-plugin-0.10-18.1 References: https://bugzilla.suse.com/984324 From sle-updates at lists.suse.com Fri Sep 30 11:09:46 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Sep 2016 19:09:46 +0200 (CEST) Subject: SUSE-RU-2016:2426-1: Recommended update for autofs Message-ID: <20160930170946.AD988FC44@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2426-1 Rating: low References: #968918 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for autofs fixes the following issues: - Fix spurious ELOOP errors caused by incorrect error handling in the NSS lookup module. (bsc#968918) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1419=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1419=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): autofs-5.0.9-18.1 autofs-debuginfo-5.0.9-18.1 autofs-debugsource-5.0.9-18.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): autofs-5.0.9-18.1 autofs-debuginfo-5.0.9-18.1 autofs-debugsource-5.0.9-18.1 References: https://bugzilla.suse.com/968918 From sle-updates at lists.suse.com Fri Sep 30 11:10:23 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Sep 2016 19:10:23 +0200 (CEST) Subject: SUSE-RU-2016:2427-1: Recommended update for ding-libs Message-ID: <20160930171023.66D81FC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for ding-libs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2427-1 Rating: low References: #989488 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ding-libs provides the following fixes: - Support longer values in INI file parser. (bsc#989488) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ding-libs-12770=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ding-libs-12770=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcollection-devel-0.6.0-1.9.1 libdhash-devel-0.4.2-1.9.1 libini_config-devel-0.6.1-1.9.1 libpath_utils-devel-0.2.1-1.9.1 libref_array-devel-0.1.1-1.9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libcollection2-0.6.0-1.9.1 libdhash1-0.4.2-1.9.1 libini_config2-0.6.1-1.9.1 libpath_utils1-0.2.1-1.9.1 libref_array1-0.1.1-1.9.1 References: https://bugzilla.suse.com/989488 From sle-updates at lists.suse.com Fri Sep 30 11:10:49 2016 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Sep 2016 19:10:49 +0200 (CEST) Subject: SUSE-RU-2016:2428-1: Recommended update for ding-libs Message-ID: <20160930171049.8C517FC45@maintenance.suse.de> SUSE Recommended Update: Recommended update for ding-libs ______________________________________________________________________________ Announcement ID: SUSE-RU-2016:2428-1 Rating: low References: #989488 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ding-libs provides the following fixes: - Support longer values in INI file parser (bsc#989488) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1418=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1418=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1418=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libbasicobjects-devel-0.1.0-20.3 libcollection-devel-0.6.2-20.3 libdhash-devel-0.4.3-20.3 libini_config-devel-1.0.0.1-20.3 libpath_utils-devel-0.2.1-20.3 libref_array-devel-0.1.3-20.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libbasicobjects0-0.1.0-20.3 libbasicobjects0-debuginfo-0.1.0-20.3 libcollection2-0.6.2-20.3 libcollection2-debuginfo-0.6.2-20.3 libdhash1-0.4.3-20.3 libdhash1-debuginfo-0.4.3-20.3 libini_config3-1.0.0.1-20.3 libini_config3-debuginfo-1.0.0.1-20.3 libpath_utils1-0.2.1-20.3 libpath_utils1-debuginfo-0.2.1-20.3 libref_array1-0.1.3-20.3 libref_array1-debuginfo-0.1.3-20.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libbasicobjects0-0.1.0-20.3 libbasicobjects0-debuginfo-0.1.0-20.3 libcollection2-0.6.2-20.3 libcollection2-debuginfo-0.6.2-20.3 libdhash1-0.4.3-20.3 libdhash1-debuginfo-0.4.3-20.3 libini_config3-1.0.0.1-20.3 libini_config3-debuginfo-1.0.0.1-20.3 libpath_utils1-0.2.1-20.3 libpath_utils1-debuginfo-0.2.1-20.3 libref_array1-0.1.3-20.3 libref_array1-debuginfo-0.1.3-20.3 References: https://bugzilla.suse.com/989488