From sle-updates at lists.suse.com Mon Jan 2 04:09:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Jan 2017 12:09:08 +0100 (CET) Subject: SUSE-SU-2017:0003-1: moderate: Security update for zlib Message-ID: <20170102110908.10CDBF533@maintenance.suse.de> SUSE Security Update: Security update for zlib ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0003-1 Rating: moderate References: #1003577 #1003579 #1003580 #1013882 Cross-References: CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for zlib fixes the following issues: CVE-2016-9843: Big-endian out-of-bounds pointer CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) Incompatible declarations for external linkage function deflate (bsc#1003577) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-2=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-2=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-2=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-2=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): zlib-debugsource-1.2.8-11.1 zlib-devel-1.2.8-11.1 zlib-devel-static-1.2.8-11.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (s390x x86_64): zlib-devel-32bit-1.2.8-11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libz1-1.2.8-11.1 libz1-debuginfo-1.2.8-11.1 zlib-debugsource-1.2.8-11.1 zlib-devel-1.2.8-11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libz1-1.2.8-11.1 libz1-debuginfo-1.2.8-11.1 zlib-debugsource-1.2.8-11.1 zlib-devel-1.2.8-11.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libz1-32bit-1.2.8-11.1 libz1-debuginfo-32bit-1.2.8-11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libz1-1.2.8-11.1 libz1-32bit-1.2.8-11.1 libz1-debuginfo-1.2.8-11.1 libz1-debuginfo-32bit-1.2.8-11.1 zlib-debugsource-1.2.8-11.1 zlib-devel-1.2.8-11.1 References: https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://bugzilla.suse.com/1003577 https://bugzilla.suse.com/1003579 https://bugzilla.suse.com/1003580 https://bugzilla.suse.com/1013882 From sle-updates at lists.suse.com Mon Jan 2 04:10:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Jan 2017 12:10:04 +0100 (CET) Subject: SUSE-SU-2017:0004-1: moderate: Security update for zlib Message-ID: <20170102111004.A58C3F7CB@maintenance.suse.de> SUSE Security Update: Security update for zlib ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0004-1 Rating: moderate References: #1003577 #1003579 #1003580 #1013882 Cross-References: CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for zlib fixes the following issues: CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) Incompatible declarations for external linkage function deflate (bsc#1003577) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-3=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-3=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-3=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): zlib-debugsource-1.2.8-6.3.1 zlib-devel-1.2.8-6.3.1 zlib-devel-static-1.2.8-6.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (s390x x86_64): zlib-devel-32bit-1.2.8-6.3.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libz1-1.2.8-6.3.1 libz1-debuginfo-1.2.8-6.3.1 zlib-debugsource-1.2.8-6.3.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libz1-32bit-1.2.8-6.3.1 libz1-debuginfo-32bit-1.2.8-6.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libz1-1.2.8-6.3.1 libz1-32bit-1.2.8-6.3.1 libz1-debuginfo-1.2.8-6.3.1 libz1-debuginfo-32bit-1.2.8-6.3.1 zlib-debugsource-1.2.8-6.3.1 References: https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://bugzilla.suse.com/1003577 https://bugzilla.suse.com/1003579 https://bugzilla.suse.com/1003580 https://bugzilla.suse.com/1013882 From sle-updates at lists.suse.com Mon Jan 2 10:08:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Jan 2017 18:08:01 +0100 (CET) Subject: SUSE-RU-2017:0010-1: Recommended update for libzypp, zypper Message-ID: <20170102170801.D48BAF533@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0010-1 Rating: low References: #1010096 #899510 #945169 #964932 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for libzypp and zypper fixes the following issues: libzypp: - Suppress MediaChangeReport while testing multiple baseurls. (bsc#899510) - Support parsing multiple baseurls from a repo file. (bsc#899510) - Fix parsing of multi-line url entries. (bsc#964932) zypper: - Add new option "psCheckAccessDeleted" to zypper.conf that can be used to prevent 'lsof' calls after commit (bsc#945169, bsc#1010096, fate#322060) - Suppress MediaChangeReport while testing multiple baseurls. (bsc#899510) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-zypper-12926=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-zypper-12926=1 - SUSE Manager 2.1: zypper in -t patch sleman21-zypper-12926=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-zypper-12926=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-zypper-12926=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-zypper-12926=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-zypper-12926=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-zypper-12926=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): libzypp-9.40.2-14.7 zypper-1.6.334-26.3 zypper-log-1.6.334-26.3 - SUSE Manager Proxy 2.1 (x86_64): libzypp-9.40.2-14.7 zypper-1.6.334-26.3 zypper-log-1.6.334-26.3 - SUSE Manager 2.1 (s390x x86_64): libzypp-9.40.2-14.7 zypper-1.6.334-26.3 zypper-log-1.6.334-26.3 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libzypp-devel-9.40.2-14.7 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libzypp-9.40.2-14.7 zypper-1.6.334-26.3 zypper-log-1.6.334-26.3 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libzypp-9.40.2-14.7 zypper-1.6.334-26.3 zypper-log-1.6.334-26.3 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libzypp-9.40.2-14.7 zypper-1.6.334-26.3 zypper-log-1.6.334-26.3 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libzypp-debuginfo-9.40.2-14.7 libzypp-debugsource-9.40.2-14.7 zypper-debuginfo-1.6.334-26.3 zypper-debugsource-1.6.334-26.3 References: https://bugzilla.suse.com/1010096 https://bugzilla.suse.com/899510 https://bugzilla.suse.com/945169 https://bugzilla.suse.com/964932 From sle-updates at lists.suse.com Mon Jan 2 12:07:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Jan 2017 20:07:32 +0100 (CET) Subject: SUSE-RU-2017:0011-1: Recommended update for alsa, pulseaudio Message-ID: <20170102190732.B4CBEF533@maintenance.suse.de> SUSE Recommended Update: Recommended update for alsa, pulseaudio ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0011-1 Rating: low References: #1010690 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for alsa and pulseaudio provides a new UCM profile for Cherry Trail audio devices. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-5=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-5=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-5=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-5=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-5=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-5=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-5=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-5=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-5=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): pulseaudio-debuginfo-5.0-4.1 pulseaudio-debugsource-5.0-4.1 pulseaudio-module-bluetooth-5.0-4.1 pulseaudio-module-bluetooth-debuginfo-5.0-4.1 pulseaudio-module-gconf-5.0-4.1 pulseaudio-module-gconf-debuginfo-5.0-4.1 pulseaudio-module-jack-5.0-4.1 pulseaudio-module-jack-debuginfo-5.0-4.1 pulseaudio-module-lirc-5.0-4.1 pulseaudio-module-lirc-debuginfo-5.0-4.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): pulseaudio-debuginfo-5.0-4.1 pulseaudio-debugsource-5.0-4.1 pulseaudio-module-bluetooth-5.0-4.1 pulseaudio-module-bluetooth-debuginfo-5.0-4.1 pulseaudio-module-gconf-5.0-4.1 pulseaudio-module-gconf-debuginfo-5.0-4.1 pulseaudio-module-jack-5.0-4.1 pulseaudio-module-jack-debuginfo-5.0-4.1 pulseaudio-module-lirc-5.0-4.1 pulseaudio-module-lirc-debuginfo-5.0-4.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): alsa-debugsource-1.0.27.2-15.1 alsa-devel-1.0.27.2-15.1 libpulse-devel-5.0-4.1 pulseaudio-debuginfo-5.0-4.1 pulseaudio-debugsource-5.0-4.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): alsa-debugsource-1.0.27.2-15.1 alsa-devel-1.0.27.2-15.1 libpulse-devel-5.0-4.1 pulseaudio-debuginfo-5.0-4.1 pulseaudio-debugsource-5.0-4.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): alsa-1.0.27.2-15.1 alsa-debugsource-1.0.27.2-15.1 libasound2-1.0.27.2-15.1 libasound2-debuginfo-1.0.27.2-15.1 libpulse-mainloop-glib0-5.0-4.1 libpulse-mainloop-glib0-debuginfo-5.0-4.1 libpulse0-5.0-4.1 libpulse0-debuginfo-5.0-4.1 pulseaudio-5.0-4.1 pulseaudio-debuginfo-5.0-4.1 pulseaudio-debugsource-5.0-4.1 pulseaudio-esound-compat-5.0-4.1 pulseaudio-gdm-hooks-5.0-4.1 pulseaudio-module-x11-5.0-4.1 pulseaudio-module-x11-debuginfo-5.0-4.1 pulseaudio-module-zeroconf-5.0-4.1 pulseaudio-module-zeroconf-debuginfo-5.0-4.1 pulseaudio-utils-5.0-4.1 pulseaudio-utils-debuginfo-5.0-4.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): alsa-docs-1.0.27.2-15.1 pulseaudio-lang-5.0-4.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): alsa-1.0.27.2-15.1 alsa-debugsource-1.0.27.2-15.1 libasound2-1.0.27.2-15.1 libasound2-debuginfo-1.0.27.2-15.1 libpulse-mainloop-glib0-5.0-4.1 libpulse-mainloop-glib0-debuginfo-5.0-4.1 libpulse0-5.0-4.1 libpulse0-debuginfo-5.0-4.1 pulseaudio-5.0-4.1 pulseaudio-debuginfo-5.0-4.1 pulseaudio-debugsource-5.0-4.1 pulseaudio-esound-compat-5.0-4.1 pulseaudio-gdm-hooks-5.0-4.1 pulseaudio-module-x11-5.0-4.1 pulseaudio-module-x11-debuginfo-5.0-4.1 pulseaudio-module-zeroconf-5.0-4.1 pulseaudio-module-zeroconf-debuginfo-5.0-4.1 pulseaudio-utils-5.0-4.1 pulseaudio-utils-debuginfo-5.0-4.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libasound2-32bit-1.0.27.2-15.1 libasound2-debuginfo-32bit-1.0.27.2-15.1 libpulse-mainloop-glib0-32bit-5.0-4.1 libpulse-mainloop-glib0-debuginfo-32bit-5.0-4.1 libpulse0-32bit-5.0-4.1 libpulse0-debuginfo-32bit-5.0-4.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): alsa-docs-1.0.27.2-15.1 pulseaudio-lang-5.0-4.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): alsa-1.0.27.2-15.1 alsa-debugsource-1.0.27.2-15.1 libasound2-1.0.27.2-15.1 libasound2-debuginfo-1.0.27.2-15.1 libpulse-mainloop-glib0-5.0-4.1 libpulse-mainloop-glib0-debuginfo-5.0-4.1 libpulse0-5.0-4.1 libpulse0-debuginfo-5.0-4.1 pulseaudio-5.0-4.1 pulseaudio-debuginfo-5.0-4.1 pulseaudio-debugsource-5.0-4.1 pulseaudio-esound-compat-5.0-4.1 pulseaudio-gdm-hooks-5.0-4.1 pulseaudio-module-x11-5.0-4.1 pulseaudio-module-x11-debuginfo-5.0-4.1 pulseaudio-module-zeroconf-5.0-4.1 pulseaudio-module-zeroconf-debuginfo-5.0-4.1 pulseaudio-utils-5.0-4.1 pulseaudio-utils-debuginfo-5.0-4.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libasound2-32bit-1.0.27.2-15.1 libasound2-debuginfo-32bit-1.0.27.2-15.1 libpulse-mainloop-glib0-32bit-5.0-4.1 libpulse-mainloop-glib0-debuginfo-32bit-5.0-4.1 libpulse0-32bit-5.0-4.1 libpulse0-debuginfo-32bit-5.0-4.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): alsa-docs-1.0.27.2-15.1 pulseaudio-lang-5.0-4.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): pulseaudio-lang-5.0-4.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): alsa-1.0.27.2-15.1 alsa-debugsource-1.0.27.2-15.1 libasound2-1.0.27.2-15.1 libasound2-32bit-1.0.27.2-15.1 libasound2-debuginfo-1.0.27.2-15.1 libasound2-debuginfo-32bit-1.0.27.2-15.1 libpulse-mainloop-glib0-32bit-5.0-4.1 libpulse-mainloop-glib0-5.0-4.1 libpulse-mainloop-glib0-debuginfo-32bit-5.0-4.1 libpulse-mainloop-glib0-debuginfo-5.0-4.1 libpulse0-32bit-5.0-4.1 libpulse0-5.0-4.1 libpulse0-debuginfo-32bit-5.0-4.1 libpulse0-debuginfo-5.0-4.1 pulseaudio-5.0-4.1 pulseaudio-debuginfo-5.0-4.1 pulseaudio-debugsource-5.0-4.1 pulseaudio-esound-compat-5.0-4.1 pulseaudio-gdm-hooks-5.0-4.1 pulseaudio-module-bluetooth-5.0-4.1 pulseaudio-module-bluetooth-debuginfo-5.0-4.1 pulseaudio-module-gconf-5.0-4.1 pulseaudio-module-gconf-debuginfo-5.0-4.1 pulseaudio-module-jack-5.0-4.1 pulseaudio-module-jack-debuginfo-5.0-4.1 pulseaudio-module-lirc-5.0-4.1 pulseaudio-module-lirc-debuginfo-5.0-4.1 pulseaudio-module-x11-5.0-4.1 pulseaudio-module-x11-debuginfo-5.0-4.1 pulseaudio-module-zeroconf-5.0-4.1 pulseaudio-module-zeroconf-debuginfo-5.0-4.1 pulseaudio-utils-5.0-4.1 pulseaudio-utils-debuginfo-5.0-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): alsa-1.0.27.2-15.1 alsa-debugsource-1.0.27.2-15.1 libasound2-1.0.27.2-15.1 libasound2-32bit-1.0.27.2-15.1 libasound2-debuginfo-1.0.27.2-15.1 libasound2-debuginfo-32bit-1.0.27.2-15.1 libpulse-mainloop-glib0-32bit-5.0-4.1 libpulse-mainloop-glib0-5.0-4.1 libpulse-mainloop-glib0-debuginfo-32bit-5.0-4.1 libpulse-mainloop-glib0-debuginfo-5.0-4.1 libpulse0-32bit-5.0-4.1 libpulse0-5.0-4.1 libpulse0-debuginfo-32bit-5.0-4.1 libpulse0-debuginfo-5.0-4.1 pulseaudio-5.0-4.1 pulseaudio-debuginfo-5.0-4.1 pulseaudio-debugsource-5.0-4.1 pulseaudio-esound-compat-5.0-4.1 pulseaudio-gdm-hooks-5.0-4.1 pulseaudio-module-bluetooth-5.0-4.1 pulseaudio-module-bluetooth-debuginfo-5.0-4.1 pulseaudio-module-gconf-5.0-4.1 pulseaudio-module-gconf-debuginfo-5.0-4.1 pulseaudio-module-jack-5.0-4.1 pulseaudio-module-jack-debuginfo-5.0-4.1 pulseaudio-module-lirc-5.0-4.1 pulseaudio-module-lirc-debuginfo-5.0-4.1 pulseaudio-module-x11-5.0-4.1 pulseaudio-module-x11-debuginfo-5.0-4.1 pulseaudio-module-zeroconf-5.0-4.1 pulseaudio-module-zeroconf-debuginfo-5.0-4.1 pulseaudio-utils-5.0-4.1 pulseaudio-utils-debuginfo-5.0-4.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): pulseaudio-lang-5.0-4.1 References: https://bugzilla.suse.com/1010690 From sle-updates at lists.suse.com Tue Jan 3 10:07:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Jan 2017 18:07:58 +0100 (CET) Subject: SUSE-RU-2017:0013-1: moderate: Recommended update for systemd Message-ID: <20170103170758.18F31F533@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0013-1 Rating: moderate References: #1012390 #1012591 #1012818 #1013989 #1015515 #909418 #912715 #945340 #953807 #963290 #990538 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - core: Make mount units from /proc/self/mountinfo possibly bind to a device. Fixes unmounting issues when ejecting CDs or DVDs. (bsc#909418, bsc#912715, bsc#945340) - fstab-generator: Remove bogus condition that leads to warnings on boot. (bsc#1013989) - coredumpctl: Let gdb handle the SIGINT signal. (bsc#1012591) - Ship kbd-model-map with the correct contents. (bsc#1015515) - rules: Set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 only with ADD event. (bsc#963290, bsc#990538) - tmpfiles: Don't skip path_set_perms on error. (bsc#953807) - nspawn: Properly handle image/directory paths that are symbolic links. (bsc#1012390) - systemctl: Fix 'is-enabled' exit status on failure when executed in chroot. (bsc#1012818) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-6=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-6=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-6=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-6=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libudev-devel-228-126.1 systemd-debuginfo-228-126.1 systemd-debugsource-228-126.1 systemd-devel-228-126.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsystemd0-228-126.1 libsystemd0-debuginfo-228-126.1 libudev1-228-126.1 libudev1-debuginfo-228-126.1 systemd-228-126.1 systemd-debuginfo-228-126.1 systemd-debugsource-228-126.1 systemd-sysvinit-228-126.1 udev-228-126.1 udev-debuginfo-228-126.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): systemd-bash-completion-228-126.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsystemd0-228-126.1 libsystemd0-debuginfo-228-126.1 libudev1-228-126.1 libudev1-debuginfo-228-126.1 systemd-228-126.1 systemd-debuginfo-228-126.1 systemd-debugsource-228-126.1 systemd-sysvinit-228-126.1 udev-228-126.1 udev-debuginfo-228-126.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): systemd-bash-completion-228-126.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libsystemd0-32bit-228-126.1 libsystemd0-debuginfo-32bit-228-126.1 libudev1-32bit-228-126.1 libudev1-debuginfo-32bit-228-126.1 systemd-32bit-228-126.1 systemd-debuginfo-32bit-228-126.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): systemd-bash-completion-228-126.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsystemd0-228-126.1 libsystemd0-32bit-228-126.1 libsystemd0-debuginfo-228-126.1 libsystemd0-debuginfo-32bit-228-126.1 libudev1-228-126.1 libudev1-32bit-228-126.1 libudev1-debuginfo-228-126.1 libudev1-debuginfo-32bit-228-126.1 systemd-228-126.1 systemd-32bit-228-126.1 systemd-debuginfo-228-126.1 systemd-debuginfo-32bit-228-126.1 systemd-debugsource-228-126.1 systemd-sysvinit-228-126.1 udev-228-126.1 udev-debuginfo-228-126.1 References: https://bugzilla.suse.com/1012390 https://bugzilla.suse.com/1012591 https://bugzilla.suse.com/1012818 https://bugzilla.suse.com/1013989 https://bugzilla.suse.com/1015515 https://bugzilla.suse.com/909418 https://bugzilla.suse.com/912715 https://bugzilla.suse.com/945340 https://bugzilla.suse.com/953807 https://bugzilla.suse.com/963290 https://bugzilla.suse.com/990538 From sle-updates at lists.suse.com Tue Jan 3 10:10:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Jan 2017 18:10:55 +0100 (CET) Subject: SUSE-OU-2017:0014-1: Initial release of nodejs6 Message-ID: <20170103171055.A4FA2F533@maintenance.suse.de> SUSE Optional Update: Initial release of nodejs6 ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:0014-1 Rating: low References: #1012780 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update brings nodejs 6.9.2 to the SUSE Linux Enterprise 12 Web & Scripting Module. Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient. Node.js' package ecosystem, npm, is the largest ecosystem of open source libraries in the world. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-7=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs6-6.9.2-4.1 nodejs6-debuginfo-6.9.2-4.1 nodejs6-debugsource-6.9.2-4.1 nodejs6-devel-6.9.2-4.1 npm6-6.9.2-4.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs6-docs-6.9.2-4.1 References: https://bugzilla.suse.com/1012780 From sle-updates at lists.suse.com Wed Jan 4 07:07:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jan 2017 15:07:34 +0100 (CET) Subject: SUSE-SU-2017:0017-1: moderate: Security update for php7 Message-ID: <20170104140734.C3622F533@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0017-1 Rating: moderate References: #1015187 #1015188 #1015189 #1015191 Cross-References: CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 CVE-2016-9936 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for php7 fixes the following issues: * CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] * CVE-2016-9936 Use After free in the function serialize() could lead to crash [bsc#1015191] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-8=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-8=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-8=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-28.2 php7-debugsource-7.0.7-28.2 php7-devel-7.0.7-28.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php7-debuginfo-7.0.7-28.2 php7-debugsource-7.0.7-28.2 php7-devel-7.0.7-28.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-28.2 apache2-mod_php7-debuginfo-7.0.7-28.2 php7-7.0.7-28.2 php7-bcmath-7.0.7-28.2 php7-bcmath-debuginfo-7.0.7-28.2 php7-bz2-7.0.7-28.2 php7-bz2-debuginfo-7.0.7-28.2 php7-calendar-7.0.7-28.2 php7-calendar-debuginfo-7.0.7-28.2 php7-ctype-7.0.7-28.2 php7-ctype-debuginfo-7.0.7-28.2 php7-curl-7.0.7-28.2 php7-curl-debuginfo-7.0.7-28.2 php7-dba-7.0.7-28.2 php7-dba-debuginfo-7.0.7-28.2 php7-debuginfo-7.0.7-28.2 php7-debugsource-7.0.7-28.2 php7-dom-7.0.7-28.2 php7-dom-debuginfo-7.0.7-28.2 php7-enchant-7.0.7-28.2 php7-enchant-debuginfo-7.0.7-28.2 php7-exif-7.0.7-28.2 php7-exif-debuginfo-7.0.7-28.2 php7-fastcgi-7.0.7-28.2 php7-fastcgi-debuginfo-7.0.7-28.2 php7-fileinfo-7.0.7-28.2 php7-fileinfo-debuginfo-7.0.7-28.2 php7-fpm-7.0.7-28.2 php7-fpm-debuginfo-7.0.7-28.2 php7-ftp-7.0.7-28.2 php7-ftp-debuginfo-7.0.7-28.2 php7-gd-7.0.7-28.2 php7-gd-debuginfo-7.0.7-28.2 php7-gettext-7.0.7-28.2 php7-gettext-debuginfo-7.0.7-28.2 php7-gmp-7.0.7-28.2 php7-gmp-debuginfo-7.0.7-28.2 php7-iconv-7.0.7-28.2 php7-iconv-debuginfo-7.0.7-28.2 php7-imap-7.0.7-28.2 php7-imap-debuginfo-7.0.7-28.2 php7-intl-7.0.7-28.2 php7-intl-debuginfo-7.0.7-28.2 php7-json-7.0.7-28.2 php7-json-debuginfo-7.0.7-28.2 php7-ldap-7.0.7-28.2 php7-ldap-debuginfo-7.0.7-28.2 php7-mbstring-7.0.7-28.2 php7-mbstring-debuginfo-7.0.7-28.2 php7-mcrypt-7.0.7-28.2 php7-mcrypt-debuginfo-7.0.7-28.2 php7-mysql-7.0.7-28.2 php7-mysql-debuginfo-7.0.7-28.2 php7-odbc-7.0.7-28.2 php7-odbc-debuginfo-7.0.7-28.2 php7-opcache-7.0.7-28.2 php7-opcache-debuginfo-7.0.7-28.2 php7-openssl-7.0.7-28.2 php7-openssl-debuginfo-7.0.7-28.2 php7-pcntl-7.0.7-28.2 php7-pcntl-debuginfo-7.0.7-28.2 php7-pdo-7.0.7-28.2 php7-pdo-debuginfo-7.0.7-28.2 php7-pgsql-7.0.7-28.2 php7-pgsql-debuginfo-7.0.7-28.2 php7-phar-7.0.7-28.2 php7-phar-debuginfo-7.0.7-28.2 php7-posix-7.0.7-28.2 php7-posix-debuginfo-7.0.7-28.2 php7-pspell-7.0.7-28.2 php7-pspell-debuginfo-7.0.7-28.2 php7-shmop-7.0.7-28.2 php7-shmop-debuginfo-7.0.7-28.2 php7-snmp-7.0.7-28.2 php7-snmp-debuginfo-7.0.7-28.2 php7-soap-7.0.7-28.2 php7-soap-debuginfo-7.0.7-28.2 php7-sockets-7.0.7-28.2 php7-sockets-debuginfo-7.0.7-28.2 php7-sqlite-7.0.7-28.2 php7-sqlite-debuginfo-7.0.7-28.2 php7-sysvmsg-7.0.7-28.2 php7-sysvmsg-debuginfo-7.0.7-28.2 php7-sysvsem-7.0.7-28.2 php7-sysvsem-debuginfo-7.0.7-28.2 php7-sysvshm-7.0.7-28.2 php7-sysvshm-debuginfo-7.0.7-28.2 php7-tokenizer-7.0.7-28.2 php7-tokenizer-debuginfo-7.0.7-28.2 php7-wddx-7.0.7-28.2 php7-wddx-debuginfo-7.0.7-28.2 php7-xmlreader-7.0.7-28.2 php7-xmlreader-debuginfo-7.0.7-28.2 php7-xmlrpc-7.0.7-28.2 php7-xmlrpc-debuginfo-7.0.7-28.2 php7-xmlwriter-7.0.7-28.2 php7-xmlwriter-debuginfo-7.0.7-28.2 php7-xsl-7.0.7-28.2 php7-xsl-debuginfo-7.0.7-28.2 php7-zip-7.0.7-28.2 php7-zip-debuginfo-7.0.7-28.2 php7-zlib-7.0.7-28.2 php7-zlib-debuginfo-7.0.7-28.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-28.2 php7-pear-Archive_Tar-7.0.7-28.2 References: https://www.suse.com/security/cve/CVE-2016-9933.html https://www.suse.com/security/cve/CVE-2016-9934.html https://www.suse.com/security/cve/CVE-2016-9935.html https://www.suse.com/security/cve/CVE-2016-9936.html https://bugzilla.suse.com/1015187 https://bugzilla.suse.com/1015188 https://bugzilla.suse.com/1015189 https://bugzilla.suse.com/1015191 From sle-updates at lists.suse.com Wed Jan 4 08:07:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jan 2017 16:07:25 +0100 (CET) Subject: SUSE-RU-2017:0018-1: moderate: Recommended update for resource-agents Message-ID: <20170104150725.C9527F533@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0018-1 Rating: moderate References: #1005424 #1007142 #994519 Affected Products: SUSE Linux Enterprise High Availability 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fix sapdb.sh to work with HANA Multi-Tenant databases. (bsc#1007142, bsc#994519) - Add support for Oracle 12c monprofile. (bsc#1005424) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2017-10=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): ldirectord-3.9.6+git.1442374860.7f3628a-22.1 monitoring-plugins-metadata-3.9.6+git.1442374860.7f3628a-22.1 resource-agents-3.9.6+git.1442374860.7f3628a-22.1 resource-agents-debuginfo-3.9.6+git.1442374860.7f3628a-22.1 resource-agents-debugsource-3.9.6+git.1442374860.7f3628a-22.1 References: https://bugzilla.suse.com/1005424 https://bugzilla.suse.com/1007142 https://bugzilla.suse.com/994519 From sle-updates at lists.suse.com Wed Jan 4 08:08:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jan 2017 16:08:12 +0100 (CET) Subject: SUSE-RU-2017:0019-1: Recommended update for libsolv, libzypp, zypper Message-ID: <20170104150812.EA4E2F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0019-1 Rating: low References: #1003748 #1004096 #1007273 #1010712 #1010952 #1014265 #731333 #975777 #975794 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: The Software Update Stack was updated to include fixes and enhancements. libsolv: - Rework susetags multi-line handling. (bsc#1007273) - Improve checks against corrupt rpm packages. - Add SOLVER_FLAG_FOCUS_BEST solver flag. libzypp: - Don't raise FileCheckException if user accepted a package with wrong digest. (bsc#1014265) - Also provide the exception history when requesting a media failed. (bsc#1010952) - Let 'dup --from' leave updateTestcase logs in /var/log. (bsc#1004096) - Allow parsing multiple gpgkey= URLs. (bsc#1003748) zypper: - Properly escape patch script output in xml mode. (bsc#1010712) - Show repository priority summary in "zypper lr" output. - Fix German translations. (bsc#975777, bsc#975794) - Do not warn about processes using deleted files when using --root. (bsc#731333) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-9=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-9=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-9=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-9=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.24-2.25.3 libsolv-devel-0.6.24-2.25.3 libsolv-devel-debuginfo-0.6.24-2.25.3 libzypp-debuginfo-16.3.2-25.1 libzypp-debugsource-16.3.2-25.1 libzypp-devel-16.3.2-25.1 libzypp-devel-doc-16.3.2-25.1 perl-solv-0.6.24-2.25.3 perl-solv-debuginfo-0.6.24-2.25.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsolv-debugsource-0.6.24-2.25.3 libsolv-tools-0.6.24-2.25.3 libsolv-tools-debuginfo-0.6.24-2.25.3 libzypp-16.3.2-25.1 libzypp-debuginfo-16.3.2-25.1 libzypp-debugsource-16.3.2-25.1 perl-solv-0.6.24-2.25.3 perl-solv-debuginfo-0.6.24-2.25.3 python-solv-0.6.24-2.25.3 python-solv-debuginfo-0.6.24-2.25.3 zypper-1.13.14-16.9 zypper-debuginfo-1.13.14-16.9 zypper-debugsource-1.13.14-16.9 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): zypper-log-1.13.14-16.9 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsolv-debugsource-0.6.24-2.25.3 libsolv-tools-0.6.24-2.25.3 libsolv-tools-debuginfo-0.6.24-2.25.3 libzypp-16.3.2-25.1 libzypp-debuginfo-16.3.2-25.1 libzypp-debugsource-16.3.2-25.1 perl-solv-0.6.24-2.25.3 perl-solv-debuginfo-0.6.24-2.25.3 python-solv-0.6.24-2.25.3 python-solv-debuginfo-0.6.24-2.25.3 zypper-1.13.14-16.9 zypper-debuginfo-1.13.14-16.9 zypper-debugsource-1.13.14-16.9 - SUSE Linux Enterprise Server 12-SP2 (noarch): zypper-log-1.13.14-16.9 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): zypper-log-1.13.14-16.9 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsolv-debugsource-0.6.24-2.25.3 libsolv-tools-0.6.24-2.25.3 libsolv-tools-debuginfo-0.6.24-2.25.3 libzypp-16.3.2-25.1 libzypp-debuginfo-16.3.2-25.1 libzypp-debugsource-16.3.2-25.1 python-solv-0.6.24-2.25.3 python-solv-debuginfo-0.6.24-2.25.3 zypper-1.13.14-16.9 zypper-debuginfo-1.13.14-16.9 zypper-debugsource-1.13.14-16.9 References: https://bugzilla.suse.com/1003748 https://bugzilla.suse.com/1004096 https://bugzilla.suse.com/1007273 https://bugzilla.suse.com/1010712 https://bugzilla.suse.com/1010952 https://bugzilla.suse.com/1014265 https://bugzilla.suse.com/731333 https://bugzilla.suse.com/975777 https://bugzilla.suse.com/975794 From sle-updates at lists.suse.com Wed Jan 4 11:07:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jan 2017 19:07:28 +0100 (CET) Subject: SUSE-RU-2017:0024-1: moderate: Recommended update for gnome-session Message-ID: <20170104180728.8F77DF533@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-session ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0024-1 Rating: moderate References: #982938 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-session fixes the following issues: - Avoid a crash at startup if the values of environment variables are not valid UTF-8. (bsc#982938) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-11=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-11=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gnome-session-3.10.1-8.3.6 gnome-session-core-3.10.1-8.3.6 gnome-session-core-debuginfo-3.10.1-8.3.6 gnome-session-debugsource-3.10.1-8.3.6 gnome-session-default-session-3.10.1-8.3.6 - SUSE Linux Enterprise Server 12-SP1 (noarch): gnome-session-lang-3.10.1-8.3.6 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gnome-session-lang-3.10.1-8.3.6 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gnome-session-3.10.1-8.3.6 gnome-session-core-3.10.1-8.3.6 gnome-session-core-debuginfo-3.10.1-8.3.6 gnome-session-debugsource-3.10.1-8.3.6 gnome-session-default-session-3.10.1-8.3.6 References: https://bugzilla.suse.com/982938 From sle-updates at lists.suse.com Wed Jan 4 13:07:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Jan 2017 21:07:14 +0100 (CET) Subject: SUSE-SU-2017:0025-1: moderate: Security update for perl-DBD-mysql Message-ID: <20170104200714.8AC9AF533@maintenance.suse.de> SUSE Security Update: Security update for perl-DBD-mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0025-1 Rating: moderate References: #1012546 Cross-References: CVE-2016-1251 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-DBD-mysql fixes the following issues: - Add patch to fix CVE-2016-1251 (bsc#1012546) use-after-free for repeated fetchrow_arrayref calls when mysql_server_prepare=1 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-perl-DBD-mysql-12927=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perl-DBD-mysql-12927=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perl-DBD-mysql-12927=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): perl-DBD-mysql-4.008-6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-DBD-mysql-4.008-6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-DBD-mysql-debuginfo-4.008-6.1 perl-DBD-mysql-debugsource-4.008-6.1 References: https://www.suse.com/security/cve/CVE-2016-1251.html https://bugzilla.suse.com/1012546 From sle-updates at lists.suse.com Thu Jan 5 05:09:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 13:09:26 +0100 (CET) Subject: SUSE-SU-2017:0027-1: moderate: Security update for gstreamer-0_10-plugins-bad Message-ID: <20170105120926.79FE4F533@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-bad ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0027-1 Rating: moderate References: #1010514 #1010829 Cross-References: CVE-2016-9445 CVE-2016-9446 CVE-2016-9447 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gstreamer-0_10-plugins-bad fixes the following issues: - CVE-2016-9445, CVE-2016-9446: Protection against buffer overflows (bsc#1010829) - CVE-2016-9447: Disable the nsf plugin (bsc#1010514) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-13=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-13=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-13=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gstreamer-0_10-plugins-bad-lang-0.10.23-22.5 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gstreamer-0_10-plugins-bad-0.10.23-22.5 gstreamer-0_10-plugins-bad-debuginfo-0.10.23-22.5 gstreamer-0_10-plugins-bad-debuginfo-32bit-0.10.23-22.5 gstreamer-0_10-plugins-bad-debugsource-0.10.23-22.5 libgstbasecamerabinsrc-0_10-23-0.10.23-22.5 libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-22.5 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-22.5 libgstbasecamerabinsrc-0_10-23-debuginfo-32bit-0.10.23-22.5 libgstbasevideo-0_10-23-0.10.23-22.5 libgstbasevideo-0_10-23-32bit-0.10.23-22.5 libgstbasevideo-0_10-23-debuginfo-0.10.23-22.5 libgstbasevideo-0_10-23-debuginfo-32bit-0.10.23-22.5 libgstcodecparsers-0_10-23-0.10.23-22.5 libgstcodecparsers-0_10-23-debuginfo-0.10.23-22.5 libgstphotography-0_10-23-0.10.23-22.5 libgstphotography-0_10-23-32bit-0.10.23-22.5 libgstphotography-0_10-23-debuginfo-0.10.23-22.5 libgstphotography-0_10-23-debuginfo-32bit-0.10.23-22.5 libgstsignalprocessor-0_10-23-0.10.23-22.5 libgstsignalprocessor-0_10-23-32bit-0.10.23-22.5 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-22.5 libgstsignalprocessor-0_10-23-debuginfo-32bit-0.10.23-22.5 libgstvdp-0_10-23-0.10.23-22.5 libgstvdp-0_10-23-32bit-0.10.23-22.5 libgstvdp-0_10-23-debuginfo-0.10.23-22.5 libgstvdp-0_10-23-debuginfo-32bit-0.10.23-22.5 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-0_10-plugins-bad-debuginfo-0.10.23-22.5 gstreamer-0_10-plugins-bad-debugsource-0.10.23-22.5 gstreamer-0_10-plugins-bad-devel-0.10.23-22.5 libgstbasecamerabinsrc-0_10-23-0.10.23-22.5 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-22.5 libgstbasevideo-0_10-23-0.10.23-22.5 libgstbasevideo-0_10-23-debuginfo-0.10.23-22.5 libgstcodecparsers-0_10-23-0.10.23-22.5 libgstcodecparsers-0_10-23-debuginfo-0.10.23-22.5 libgstphotography-0_10-23-0.10.23-22.5 libgstphotography-0_10-23-debuginfo-0.10.23-22.5 libgstsignalprocessor-0_10-23-0.10.23-22.5 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-22.5 libgstvdp-0_10-23-0.10.23-22.5 libgstvdp-0_10-23-debuginfo-0.10.23-22.5 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-0_10-plugins-bad-0.10.23-22.5 gstreamer-0_10-plugins-bad-debuginfo-0.10.23-22.5 gstreamer-0_10-plugins-bad-debuginfo-32bit-0.10.23-22.5 gstreamer-0_10-plugins-bad-debugsource-0.10.23-22.5 libgstbasecamerabinsrc-0_10-23-0.10.23-22.5 libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-22.5 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-22.5 libgstbasecamerabinsrc-0_10-23-debuginfo-32bit-0.10.23-22.5 libgstbasevideo-0_10-23-0.10.23-22.5 libgstbasevideo-0_10-23-32bit-0.10.23-22.5 libgstbasevideo-0_10-23-debuginfo-0.10.23-22.5 libgstbasevideo-0_10-23-debuginfo-32bit-0.10.23-22.5 libgstcodecparsers-0_10-23-0.10.23-22.5 libgstcodecparsers-0_10-23-debuginfo-0.10.23-22.5 libgstphotography-0_10-23-0.10.23-22.5 libgstphotography-0_10-23-32bit-0.10.23-22.5 libgstphotography-0_10-23-debuginfo-0.10.23-22.5 libgstphotography-0_10-23-debuginfo-32bit-0.10.23-22.5 libgstsignalprocessor-0_10-23-0.10.23-22.5 libgstsignalprocessor-0_10-23-32bit-0.10.23-22.5 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-22.5 libgstsignalprocessor-0_10-23-debuginfo-32bit-0.10.23-22.5 libgstvdp-0_10-23-0.10.23-22.5 libgstvdp-0_10-23-32bit-0.10.23-22.5 libgstvdp-0_10-23-debuginfo-0.10.23-22.5 libgstvdp-0_10-23-debuginfo-32bit-0.10.23-22.5 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-0_10-plugins-bad-lang-0.10.23-22.5 References: https://www.suse.com/security/cve/CVE-2016-9445.html https://www.suse.com/security/cve/CVE-2016-9446.html https://www.suse.com/security/cve/CVE-2016-9447.html https://bugzilla.suse.com/1010514 https://bugzilla.suse.com/1010829 From sle-updates at lists.suse.com Thu Jan 5 05:10:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 13:10:04 +0100 (CET) Subject: SUSE-SU-2017:0028-1: moderate: Security update for gstreamer-0_10-plugins-bad Message-ID: <20170105121004.AAFB4F7CB@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-bad ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0028-1 Rating: moderate References: #1010514 #1010829 Cross-References: CVE-2016-9445 CVE-2016-9446 CVE-2016-9447 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gstreamer-0_10-plugins-bad fixes the following issues: - CVE-2016-9445, CVE-2016-9446: Protection against buffer overflows (bsc#1010829) - CVE-2016-9447: Disable the nsf plugin (bsc#1010514) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-14=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-14=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-14=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): gstreamer-0_10-plugins-bad-lang-0.10.23-19.3.4 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gstreamer-0_10-plugins-bad-0.10.23-19.3.4 gstreamer-0_10-plugins-bad-debuginfo-0.10.23-19.3.4 gstreamer-0_10-plugins-bad-debuginfo-32bit-0.10.23-19.3.4 gstreamer-0_10-plugins-bad-debugsource-0.10.23-19.3.4 libgstbasecamerabinsrc-0_10-23-0.10.23-19.3.4 libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-19.3.4 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-19.3.4 libgstbasecamerabinsrc-0_10-23-debuginfo-32bit-0.10.23-19.3.4 libgstbasevideo-0_10-23-0.10.23-19.3.4 libgstbasevideo-0_10-23-32bit-0.10.23-19.3.4 libgstbasevideo-0_10-23-debuginfo-0.10.23-19.3.4 libgstbasevideo-0_10-23-debuginfo-32bit-0.10.23-19.3.4 libgstcodecparsers-0_10-23-0.10.23-19.3.4 libgstcodecparsers-0_10-23-debuginfo-0.10.23-19.3.4 libgstphotography-0_10-23-0.10.23-19.3.4 libgstphotography-0_10-23-32bit-0.10.23-19.3.4 libgstphotography-0_10-23-debuginfo-0.10.23-19.3.4 libgstphotography-0_10-23-debuginfo-32bit-0.10.23-19.3.4 libgstsignalprocessor-0_10-23-0.10.23-19.3.4 libgstsignalprocessor-0_10-23-32bit-0.10.23-19.3.4 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-19.3.4 libgstsignalprocessor-0_10-23-debuginfo-32bit-0.10.23-19.3.4 libgstvdp-0_10-23-0.10.23-19.3.4 libgstvdp-0_10-23-32bit-0.10.23-19.3.4 libgstvdp-0_10-23-debuginfo-0.10.23-19.3.4 libgstvdp-0_10-23-debuginfo-32bit-0.10.23-19.3.4 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gstreamer-0_10-plugins-bad-debuginfo-0.10.23-19.3.4 gstreamer-0_10-plugins-bad-debugsource-0.10.23-19.3.4 gstreamer-0_10-plugins-bad-devel-0.10.23-19.3.4 libgstbasecamerabinsrc-0_10-23-0.10.23-19.3.4 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-19.3.4 libgstbasevideo-0_10-23-0.10.23-19.3.4 libgstbasevideo-0_10-23-debuginfo-0.10.23-19.3.4 libgstcodecparsers-0_10-23-0.10.23-19.3.4 libgstcodecparsers-0_10-23-debuginfo-0.10.23-19.3.4 libgstphotography-0_10-23-0.10.23-19.3.4 libgstphotography-0_10-23-debuginfo-0.10.23-19.3.4 libgstsignalprocessor-0_10-23-0.10.23-19.3.4 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-19.3.4 libgstvdp-0_10-23-0.10.23-19.3.4 libgstvdp-0_10-23-debuginfo-0.10.23-19.3.4 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-0_10-plugins-bad-0.10.23-19.3.4 gstreamer-0_10-plugins-bad-debuginfo-0.10.23-19.3.4 gstreamer-0_10-plugins-bad-debuginfo-32bit-0.10.23-19.3.4 gstreamer-0_10-plugins-bad-debugsource-0.10.23-19.3.4 libgstbasecamerabinsrc-0_10-23-0.10.23-19.3.4 libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-19.3.4 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-19.3.4 libgstbasecamerabinsrc-0_10-23-debuginfo-32bit-0.10.23-19.3.4 libgstbasevideo-0_10-23-0.10.23-19.3.4 libgstbasevideo-0_10-23-32bit-0.10.23-19.3.4 libgstbasevideo-0_10-23-debuginfo-0.10.23-19.3.4 libgstbasevideo-0_10-23-debuginfo-32bit-0.10.23-19.3.4 libgstcodecparsers-0_10-23-0.10.23-19.3.4 libgstcodecparsers-0_10-23-debuginfo-0.10.23-19.3.4 libgstphotography-0_10-23-0.10.23-19.3.4 libgstphotography-0_10-23-32bit-0.10.23-19.3.4 libgstphotography-0_10-23-debuginfo-0.10.23-19.3.4 libgstphotography-0_10-23-debuginfo-32bit-0.10.23-19.3.4 libgstsignalprocessor-0_10-23-0.10.23-19.3.4 libgstsignalprocessor-0_10-23-32bit-0.10.23-19.3.4 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-19.3.4 libgstsignalprocessor-0_10-23-debuginfo-32bit-0.10.23-19.3.4 libgstvdp-0_10-23-0.10.23-19.3.4 libgstvdp-0_10-23-32bit-0.10.23-19.3.4 libgstvdp-0_10-23-debuginfo-0.10.23-19.3.4 libgstvdp-0_10-23-debuginfo-32bit-0.10.23-19.3.4 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-0_10-plugins-bad-lang-0.10.23-19.3.4 References: https://www.suse.com/security/cve/CVE-2016-9445.html https://www.suse.com/security/cve/CVE-2016-9446.html https://www.suse.com/security/cve/CVE-2016-9447.html https://bugzilla.suse.com/1010514 https://bugzilla.suse.com/1010829 From sle-updates at lists.suse.com Thu Jan 5 07:07:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 15:07:18 +0100 (CET) Subject: SUSE-RU-2017:0029-1: Recommended update for irqbalance Message-ID: <20170105140718.C1EC3F533@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0029-1 Rating: low References: #998399 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for irqbalance increases the maximum number of files that can be opened simultaneously to 4096. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-irqbalance-12928=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-irqbalance-12928=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): irqbalance-1.0.4-0.23.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): irqbalance-debuginfo-1.0.4-0.23.2 irqbalance-debugsource-1.0.4-0.23.2 References: https://bugzilla.suse.com/998399 From sle-updates at lists.suse.com Thu Jan 5 07:07:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 15:07:48 +0100 (CET) Subject: SUSE-RU-2017:0030-1: Recommended update for irqbalance Message-ID: <20170105140748.8A512F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0030-1 Rating: low References: #998399 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for irqbalance increases the maximum number of files that can be opened simultaneously to 4096. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-16=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-16=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le x86_64): irqbalance-1.0.7-17.1 irqbalance-debuginfo-1.0.7-17.1 irqbalance-debugsource-1.0.7-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): irqbalance-1.0.7-17.1 irqbalance-debuginfo-1.0.7-17.1 irqbalance-debugsource-1.0.7-17.1 References: https://bugzilla.suse.com/998399 From sle-updates at lists.suse.com Thu Jan 5 07:08:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 15:08:15 +0100 (CET) Subject: SUSE-RU-2017:0031-1: Recommended update for irqbalance Message-ID: <20170105140815.2426EF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for irqbalance ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0031-1 Rating: low References: #998399 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for irqbalance increases the maximum number of files that can be opened simultaneously to 4096. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-15=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-15=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-15=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): irqbalance-1.1.0-8.4 irqbalance-debuginfo-1.1.0-8.4 irqbalance-debugsource-1.1.0-8.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): irqbalance-1.1.0-8.4 irqbalance-debuginfo-1.1.0-8.4 irqbalance-debugsource-1.1.0-8.4 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): irqbalance-1.1.0-8.4 irqbalance-debuginfo-1.1.0-8.4 irqbalance-debugsource-1.1.0-8.4 References: https://bugzilla.suse.com/998399 From sle-updates at lists.suse.com Thu Jan 5 09:07:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 17:07:23 +0100 (CET) Subject: SUSE-RU-2017:0032-1: Recommended update for kiwi Message-ID: <20170105160723.76F0AF533@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0032-1 Rating: low References: #1012107 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The following packages have been added to the Software Development Kit for SUSE Linux Enterprise 12 SP1: - kiwi-instsource - kiwi-instsource-plugins-SLE-12-SP1 These packages allow external parties to generate add-on products and installation images using the same tools used to build SUSE Linux Enterprise 12 medias. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-19=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-19=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-19=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-19=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (x86_64): kiwi-instsource-7.02.104-47.2.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (noarch): kiwi-instsource-plugins-SLE-12-SP1-1.0-6.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kiwi-pxeboot-7.02.104-47.2.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kiwi-7.02.104-47.2.2 kiwi-debugsource-7.02.104-47.2.2 kiwi-desc-netboot-7.02.104-47.2.2 kiwi-desc-oemboot-7.02.104-47.2.2 kiwi-desc-vmxboot-7.02.104-47.2.2 kiwi-templates-7.02.104-47.2.2 kiwi-tools-7.02.104-47.2.2 kiwi-tools-debuginfo-7.02.104-47.2.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): kiwi-desc-isoboot-7.02.104-47.2.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): kiwi-doc-7.02.104-47.2.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kiwi-debugsource-7.02.104-47.2.2 kiwi-tools-7.02.104-47.2.2 kiwi-tools-debuginfo-7.02.104-47.2.2 References: https://bugzilla.suse.com/1012107 From sle-updates at lists.suse.com Thu Jan 5 09:07:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 17:07:48 +0100 (CET) Subject: SUSE-RU-2017:0033-1: moderate: Recommended update for ipmitool Message-ID: <20170105160748.0347BF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for ipmitool ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0033-1 Rating: moderate References: #1011382 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ipmitool provides the following fixes: - Fix dumping of the first two bytes of raw SDR data. - Fix interpretation of led states. - Fall back to IPv4 for IPMI v2 / RMCP+ sessions. - Add support for 13G Dell PowerEdge servers. - Implement DDR4 DIMM decoding logic. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-18=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-18=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-18=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-18=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): ipmitool-1.8.13-9.1 ipmitool-debuginfo-1.8.13-9.1 ipmitool-debugsource-1.8.13-9.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): ipmitool-1.8.13-9.1 ipmitool-debuginfo-1.8.13-9.1 ipmitool-debugsource-1.8.13-9.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): ipmitool-1.8.13-9.1 ipmitool-debuginfo-1.8.13-9.1 ipmitool-debugsource-1.8.13-9.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): ipmitool-1.8.13-9.1 ipmitool-debuginfo-1.8.13-9.1 ipmitool-debugsource-1.8.13-9.1 References: https://bugzilla.suse.com/1011382 From sle-updates at lists.suse.com Thu Jan 5 10:09:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 18:09:00 +0100 (CET) Subject: SUSE-RU-2017:0036-1: moderate: Recommended update for rubygem-passenger Message-ID: <20170105170900.82AD7F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-passenger ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0036-1 Rating: moderate References: #1015092 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-passenger fixes the following issues: - Disable mod_autoindex. Otherwise, with SLE 12 SP2 Apache2 shows the error "Access forbidden". (bsc#1015092) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-20=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): ruby2.1-rubygem-passenger-5.0.18-11.1 ruby2.1-rubygem-passenger-debuginfo-5.0.18-11.1 rubygem-passenger-5.0.18-11.1 rubygem-passenger-apache2-5.0.18-11.1 rubygem-passenger-apache2-debuginfo-5.0.18-11.1 rubygem-passenger-debuginfo-5.0.18-11.1 rubygem-passenger-debugsource-5.0.18-11.1 References: https://bugzilla.suse.com/1015092 From sle-updates at lists.suse.com Thu Jan 5 11:07:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 19:07:26 +0100 (CET) Subject: SUSE-RU-2017:0037-1: moderate: Recommended update for emacs Message-ID: <20170105180726.DF509F533@maintenance.suse.de> SUSE Recommended Update: Recommended update for emacs ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0037-1 Rating: moderate References: #1013572 #1013849 #967260 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for emacs fixes the following issues: - Icons toolbar missing with newer versions of GTK. (bsc#1013849) - Segmentation fault when saving files. (bsc#967260, bsc#1013572) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-22=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-22=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-22=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-22=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-22=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): emacs-24.3-19.2 emacs-debuginfo-24.3-19.2 emacs-debugsource-24.3-19.2 emacs-nox-24.3-19.2 emacs-nox-debuginfo-24.3-19.2 emacs-x11-24.3-19.2 emacs-x11-debuginfo-24.3-19.2 etags-24.3-19.2 etags-debuginfo-24.3-19.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): emacs-el-24.3-19.2 emacs-info-24.3-19.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): emacs-24.3-19.2 emacs-debuginfo-24.3-19.2 emacs-debugsource-24.3-19.2 emacs-nox-24.3-19.2 emacs-nox-debuginfo-24.3-19.2 emacs-x11-24.3-19.2 emacs-x11-debuginfo-24.3-19.2 etags-24.3-19.2 etags-debuginfo-24.3-19.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): emacs-el-24.3-19.2 emacs-info-24.3-19.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): emacs-24.3-19.2 emacs-debuginfo-24.3-19.2 emacs-debugsource-24.3-19.2 emacs-nox-24.3-19.2 emacs-nox-debuginfo-24.3-19.2 emacs-x11-24.3-19.2 emacs-x11-debuginfo-24.3-19.2 etags-24.3-19.2 etags-debuginfo-24.3-19.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): emacs-el-24.3-19.2 emacs-info-24.3-19.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): emacs-info-24.3-19.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): emacs-24.3-19.2 emacs-debuginfo-24.3-19.2 emacs-debugsource-24.3-19.2 emacs-x11-24.3-19.2 emacs-x11-debuginfo-24.3-19.2 etags-24.3-19.2 etags-debuginfo-24.3-19.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): emacs-info-24.3-19.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): emacs-24.3-19.2 emacs-debuginfo-24.3-19.2 emacs-debugsource-24.3-19.2 emacs-x11-24.3-19.2 emacs-x11-debuginfo-24.3-19.2 etags-24.3-19.2 etags-debuginfo-24.3-19.2 References: https://bugzilla.suse.com/1013572 https://bugzilla.suse.com/1013849 https://bugzilla.suse.com/967260 From sle-updates at lists.suse.com Thu Jan 5 11:08:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 19:08:21 +0100 (CET) Subject: SUSE-SU-2017:0038-1: moderate: Security update for php5 Message-ID: <20170105180821.96779F7CB@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0038-1 Rating: moderate References: #1015187 #1015188 #1015189 Cross-References: CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php5 fixes the following issues: * CVE-2016-9933 Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934 Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935 Invalid read could lead to crash [bsc#1015189] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-21=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-21=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-21=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): php5-debuginfo-5.5.14-89.2 php5-debugsource-5.5.14-89.2 php5-devel-5.5.14-89.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): php5-debuginfo-5.5.14-89.2 php5-debugsource-5.5.14-89.2 php5-devel-5.5.14-89.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-89.2 apache2-mod_php5-debuginfo-5.5.14-89.2 php5-5.5.14-89.2 php5-bcmath-5.5.14-89.2 php5-bcmath-debuginfo-5.5.14-89.2 php5-bz2-5.5.14-89.2 php5-bz2-debuginfo-5.5.14-89.2 php5-calendar-5.5.14-89.2 php5-calendar-debuginfo-5.5.14-89.2 php5-ctype-5.5.14-89.2 php5-ctype-debuginfo-5.5.14-89.2 php5-curl-5.5.14-89.2 php5-curl-debuginfo-5.5.14-89.2 php5-dba-5.5.14-89.2 php5-dba-debuginfo-5.5.14-89.2 php5-debuginfo-5.5.14-89.2 php5-debugsource-5.5.14-89.2 php5-dom-5.5.14-89.2 php5-dom-debuginfo-5.5.14-89.2 php5-enchant-5.5.14-89.2 php5-enchant-debuginfo-5.5.14-89.2 php5-exif-5.5.14-89.2 php5-exif-debuginfo-5.5.14-89.2 php5-fastcgi-5.5.14-89.2 php5-fastcgi-debuginfo-5.5.14-89.2 php5-fileinfo-5.5.14-89.2 php5-fileinfo-debuginfo-5.5.14-89.2 php5-fpm-5.5.14-89.2 php5-fpm-debuginfo-5.5.14-89.2 php5-ftp-5.5.14-89.2 php5-ftp-debuginfo-5.5.14-89.2 php5-gd-5.5.14-89.2 php5-gd-debuginfo-5.5.14-89.2 php5-gettext-5.5.14-89.2 php5-gettext-debuginfo-5.5.14-89.2 php5-gmp-5.5.14-89.2 php5-gmp-debuginfo-5.5.14-89.2 php5-iconv-5.5.14-89.2 php5-iconv-debuginfo-5.5.14-89.2 php5-imap-5.5.14-89.2 php5-imap-debuginfo-5.5.14-89.2 php5-intl-5.5.14-89.2 php5-intl-debuginfo-5.5.14-89.2 php5-json-5.5.14-89.2 php5-json-debuginfo-5.5.14-89.2 php5-ldap-5.5.14-89.2 php5-ldap-debuginfo-5.5.14-89.2 php5-mbstring-5.5.14-89.2 php5-mbstring-debuginfo-5.5.14-89.2 php5-mcrypt-5.5.14-89.2 php5-mcrypt-debuginfo-5.5.14-89.2 php5-mysql-5.5.14-89.2 php5-mysql-debuginfo-5.5.14-89.2 php5-odbc-5.5.14-89.2 php5-odbc-debuginfo-5.5.14-89.2 php5-opcache-5.5.14-89.2 php5-opcache-debuginfo-5.5.14-89.2 php5-openssl-5.5.14-89.2 php5-openssl-debuginfo-5.5.14-89.2 php5-pcntl-5.5.14-89.2 php5-pcntl-debuginfo-5.5.14-89.2 php5-pdo-5.5.14-89.2 php5-pdo-debuginfo-5.5.14-89.2 php5-pgsql-5.5.14-89.2 php5-pgsql-debuginfo-5.5.14-89.2 php5-phar-5.5.14-89.2 php5-phar-debuginfo-5.5.14-89.2 php5-posix-5.5.14-89.2 php5-posix-debuginfo-5.5.14-89.2 php5-pspell-5.5.14-89.2 php5-pspell-debuginfo-5.5.14-89.2 php5-shmop-5.5.14-89.2 php5-shmop-debuginfo-5.5.14-89.2 php5-snmp-5.5.14-89.2 php5-snmp-debuginfo-5.5.14-89.2 php5-soap-5.5.14-89.2 php5-soap-debuginfo-5.5.14-89.2 php5-sockets-5.5.14-89.2 php5-sockets-debuginfo-5.5.14-89.2 php5-sqlite-5.5.14-89.2 php5-sqlite-debuginfo-5.5.14-89.2 php5-suhosin-5.5.14-89.2 php5-suhosin-debuginfo-5.5.14-89.2 php5-sysvmsg-5.5.14-89.2 php5-sysvmsg-debuginfo-5.5.14-89.2 php5-sysvsem-5.5.14-89.2 php5-sysvsem-debuginfo-5.5.14-89.2 php5-sysvshm-5.5.14-89.2 php5-sysvshm-debuginfo-5.5.14-89.2 php5-tokenizer-5.5.14-89.2 php5-tokenizer-debuginfo-5.5.14-89.2 php5-wddx-5.5.14-89.2 php5-wddx-debuginfo-5.5.14-89.2 php5-xmlreader-5.5.14-89.2 php5-xmlreader-debuginfo-5.5.14-89.2 php5-xmlrpc-5.5.14-89.2 php5-xmlrpc-debuginfo-5.5.14-89.2 php5-xmlwriter-5.5.14-89.2 php5-xmlwriter-debuginfo-5.5.14-89.2 php5-xsl-5.5.14-89.2 php5-xsl-debuginfo-5.5.14-89.2 php5-zip-5.5.14-89.2 php5-zip-debuginfo-5.5.14-89.2 php5-zlib-5.5.14-89.2 php5-zlib-debuginfo-5.5.14-89.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-89.2 References: https://www.suse.com/security/cve/CVE-2016-9933.html https://www.suse.com/security/cve/CVE-2016-9934.html https://www.suse.com/security/cve/CVE-2016-9935.html https://bugzilla.suse.com/1015187 https://bugzilla.suse.com/1015188 https://bugzilla.suse.com/1015189 From sle-updates at lists.suse.com Thu Jan 5 12:07:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 20:07:16 +0100 (CET) Subject: SUSE-RU-2017:0039-1: Recommended update for release-notes-ses Message-ID: <20170105190716.DC8DAF533@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0039-1 Rating: low References: #1014324 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Release Notes of SUSE Enterprise Storage 4 have been updated to document support for NFS Access to S3 buckets. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-23=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (noarch): release-notes-ses-4.0.20161207-3.1 References: https://bugzilla.suse.com/1014324 From sle-updates at lists.suse.com Thu Jan 5 12:07:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 20:07:38 +0100 (CET) Subject: SUSE-RU-2017:0040-1: moderate: Recommended update for sblim-sfcb Message-ID: <20170105190738.A9129F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sblim-sfcb ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0040-1 Rating: moderate References: #1008130 #1015155 #923349 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sblim-sfcb fixes the following issues: - Potential segmentation fault due to un-initialized memory access. (bsc#1015155) - Add support for text/xml mimetype. - Do not overwrite configuration file on upgrades. - Some associatorname CIM operations could hang. - CMPIRole not passed to provider context. - Add sslNoSSLv3 and sslNoTLSv1 configuration options. (bsc#923349, bsc#1008130) Please restart the service after applying the update. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-24=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-24=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-24=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-24=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-24=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): sblim-sfcb-1.4.8-10.1 sblim-sfcb-debuginfo-1.4.8-10.1 sblim-sfcb-debugsource-1.4.8-10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): sblim-sfcb-1.4.8-10.1 sblim-sfcb-debuginfo-1.4.8-10.1 sblim-sfcb-debugsource-1.4.8-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): sblim-sfcb-1.4.8-10.1 sblim-sfcb-debuginfo-1.4.8-10.1 sblim-sfcb-debugsource-1.4.8-10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): sblim-sfcb-1.4.8-10.1 sblim-sfcb-debuginfo-1.4.8-10.1 sblim-sfcb-debugsource-1.4.8-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): sblim-sfcb-1.4.8-10.1 sblim-sfcb-debuginfo-1.4.8-10.1 sblim-sfcb-debugsource-1.4.8-10.1 References: https://bugzilla.suse.com/1008130 https://bugzilla.suse.com/1015155 https://bugzilla.suse.com/923349 From sle-updates at lists.suse.com Thu Jan 5 13:07:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 21:07:19 +0100 (CET) Subject: SUSE-RU-2017:0041-1: Recommended update for xf86-video-ati Message-ID: <20170105200719.48849F533@maintenance.suse.de> SUSE Recommended Update: Recommended update for xf86-video-ati ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0041-1 Rating: low References: #1008200 #990066 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update provides xf86-video-ati version 7.7.1, which brings many fixes, mostly concerning scanout (DRI2, PRIME) and better support for multi-head setups with 4k displays. Release notes is available at: https://lists.x.org/archives/xorg-announce/2016-September/002707.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-26=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-26=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-26=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): xf86-video-ati-7.7.1-12.1 xf86-video-ati-debuginfo-7.7.1-12.1 xf86-video-ati-debugsource-7.7.1-12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): xf86-video-ati-7.7.1-12.1 xf86-video-ati-debuginfo-7.7.1-12.1 xf86-video-ati-debugsource-7.7.1-12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xf86-video-ati-7.7.1-12.1 xf86-video-ati-debuginfo-7.7.1-12.1 xf86-video-ati-debugsource-7.7.1-12.1 References: https://bugzilla.suse.com/1008200 https://bugzilla.suse.com/990066 From sle-updates at lists.suse.com Thu Jan 5 13:08:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Jan 2017 21:08:04 +0100 (CET) Subject: SUSE-RU-2017:0042-1: moderate: Recommended update for star Message-ID: <20170105200804.3AE5BF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for star ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0042-1 Rating: moderate References: #1014065 #935569 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for star fixes the following issues: - Set extended attributes after chown(), as recent Linux kernels reset them with a chown() call. (bsc#1014065) - Flush the verbose file stream before checking for missing links. Prevents mixed output when the user redirects star's standard error to standard output and pipe it to tee(1). (bsc#935569) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-25=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-25=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-25=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-25=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-25=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): star-1.5final-71.1 star-debuginfo-1.5final-71.1 star-debugsource-1.5final-71.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): star-1.5final-71.1 star-debuginfo-1.5final-71.1 star-debugsource-1.5final-71.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): star-1.5final-71.1 star-debuginfo-1.5final-71.1 star-debugsource-1.5final-71.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): star-1.5final-71.1 star-debuginfo-1.5final-71.1 star-debugsource-1.5final-71.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): star-1.5final-71.1 star-debuginfo-1.5final-71.1 star-debugsource-1.5final-71.1 References: https://bugzilla.suse.com/1014065 https://bugzilla.suse.com/935569 From sle-updates at lists.suse.com Sun Jan 8 09:07:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 8 Jan 2017 17:07:29 +0100 (CET) Subject: SUSE-SU-2017:0084-1: important: Security update for jasper Message-ID: <20170108160729.48AFDF533@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0084-1 Rating: important References: #1010977 #1010979 #1011830 #1012530 #1015993 Cross-References: CVE-2016-8654 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9591 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for jasper fixes the following issues: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. (bsc#1012530) - CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010977) - CVE-2016-9398: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010979) - CVE-2016-9560: Stack-based buffer overflow in jpc_tsfb_getbands2. (bsc#1011830) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy. (bsc#1015993) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-27=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-27=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-27=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-27=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-27=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-27=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-27=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-184.1 jasper-debugsource-1.900.14-184.1 libjasper-devel-1.900.14-184.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): jasper-debuginfo-1.900.14-184.1 jasper-debugsource-1.900.14-184.1 libjasper-devel-1.900.14-184.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): jasper-debuginfo-1.900.14-184.1 jasper-debugsource-1.900.14-184.1 libjasper1-1.900.14-184.1 libjasper1-debuginfo-1.900.14-184.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): jasper-debuginfo-1.900.14-184.1 jasper-debugsource-1.900.14-184.1 libjasper1-1.900.14-184.1 libjasper1-debuginfo-1.900.14-184.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libjasper1-32bit-1.900.14-184.1 libjasper1-debuginfo-32bit-1.900.14-184.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): jasper-debuginfo-1.900.14-184.1 jasper-debugsource-1.900.14-184.1 libjasper1-1.900.14-184.1 libjasper1-debuginfo-1.900.14-184.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libjasper1-32bit-1.900.14-184.1 libjasper1-debuginfo-32bit-1.900.14-184.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): jasper-debuginfo-1.900.14-184.1 jasper-debugsource-1.900.14-184.1 libjasper1-1.900.14-184.1 libjasper1-32bit-1.900.14-184.1 libjasper1-debuginfo-1.900.14-184.1 libjasper1-debuginfo-32bit-1.900.14-184.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): jasper-debuginfo-1.900.14-184.1 jasper-debugsource-1.900.14-184.1 libjasper1-1.900.14-184.1 libjasper1-32bit-1.900.14-184.1 libjasper1-debuginfo-1.900.14-184.1 libjasper1-debuginfo-32bit-1.900.14-184.1 References: https://www.suse.com/security/cve/CVE-2016-8654.html https://www.suse.com/security/cve/CVE-2016-9395.html https://www.suse.com/security/cve/CVE-2016-9398.html https://www.suse.com/security/cve/CVE-2016-9560.html https://www.suse.com/security/cve/CVE-2016-9591.html https://bugzilla.suse.com/1010977 https://bugzilla.suse.com/1010979 https://bugzilla.suse.com/1011830 https://bugzilla.suse.com/1012530 https://bugzilla.suse.com/1015993 From sle-updates at lists.suse.com Mon Jan 9 07:07:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Jan 2017 15:07:50 +0100 (CET) Subject: SUSE-RU-2017:0085-1: moderate: Recommended update for dracut Message-ID: <20170109140750.D3FA4F533@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0085-1 Rating: moderate References: #1007648 #908143 #915218 #975404 #995812 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Set persistent policy to by-path on s390 platforms to prevent the system from hanging during boot when vDISKs are used as swap devices. (bsc#915218) - Correctly handle incomplete ibft bootflag settings. (bsc#1007648) - Do not pass ifname for bonding devices. (bsc#995812) - Give persistent policy precedence over dev mapper names. (bsc#908143) - Fix mdadm doesn't assemble RSTe array in kdump. (bsc#975404) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-31=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-31=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dracut-037-84.1 dracut-debuginfo-037-84.1 dracut-debugsource-037-84.1 dracut-fips-037-84.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dracut-037-84.1 dracut-debuginfo-037-84.1 dracut-debugsource-037-84.1 References: https://bugzilla.suse.com/1007648 https://bugzilla.suse.com/908143 https://bugzilla.suse.com/915218 https://bugzilla.suse.com/975404 https://bugzilla.suse.com/995812 From sle-updates at lists.suse.com Mon Jan 9 07:09:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Jan 2017 15:09:28 +0100 (CET) Subject: SUSE-RU-2017:0086-1: Recommended update for dirmngr Message-ID: <20170109140928.65AEAF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for dirmngr ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0086-1 Rating: low References: #994794 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dirmngr enables support for daemon mode. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-32=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-32=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-32=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-32=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-32=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dirmngr-1.1.1-7.1 dirmngr-debuginfo-1.1.1-7.1 dirmngr-debugsource-1.1.1-7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dirmngr-1.1.1-7.1 dirmngr-debuginfo-1.1.1-7.1 dirmngr-debugsource-1.1.1-7.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): dirmngr-1.1.1-7.1 dirmngr-debuginfo-1.1.1-7.1 dirmngr-debugsource-1.1.1-7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dirmngr-1.1.1-7.1 dirmngr-debuginfo-1.1.1-7.1 dirmngr-debugsource-1.1.1-7.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): dirmngr-1.1.1-7.1 dirmngr-debuginfo-1.1.1-7.1 dirmngr-debugsource-1.1.1-7.1 References: https://bugzilla.suse.com/994794 From sle-updates at lists.suse.com Mon Jan 9 10:08:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Jan 2017 18:08:18 +0100 (CET) Subject: SUSE-RU-2017:0087-1: Recommended update for kiwi Message-ID: <20170109170818.F011DF533@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0087-1 Rating: low References: #1003091 #1006834 #1009032 #1010966 #1012107 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update provides KIWI v7.03.108, which brings several fixes and enhancements: - Fixed expansion of msdos disks: If the target disk size is beyond 2TB it can't be expanded to the full size if the msdos partition table layout is in use. Because of this the disk expansion will be limited to the allowed maximum for the msdos partition table type which is at 2TB. (bsc#1010966) - Fixed release network using ip tool: Apply the CIDR fix from setupNic and introduce a new method called deleteNic which replaces the wrong ip call from the releaseNetwork method. (bsc#1003091) - Move bootloader_cmdline to etc: For netboot images the information should be permanently available, thus the former tmp location was not suitable. (bsc#1009032) - Fix lease time in setupNetworkWicked: The default lease time with 300s used by wicked is relatively short and different from the default lease time of the former dhcpcd. This change causes wicked to use a lease time of 3600s. (bsc#1003091) - Fix default behavior of releaseNetwork: If no tool was found to communicate with the dhcp server in order to free the lease the method did nothing. However it should at least bring down the network. (bsc#1003091) - Refactoring of getKernelBootParameters: Instead of trying to extract the command line information from the various bootloader configuration files we now write a metadata file which contains this information as result of the bootloader setup. (bsc#1009032) Additionally, the following packages have been added to the Software Development Kit for SUSE Linux Enterprise 12 SP2: - kiwi-instsource - kiwi-instsource-plugins-SLE-12-SP2 These packages allow external parties to generate add-on products and installation images using the same tools used to build SUSE Linux Enterprise 12 medias. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-35=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2017-35=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-35=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-35=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-35=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (x86_64): kiwi-instsource-7.03.108-60.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kiwi-instsource-plugins-SLE-12-SP2-1.0-5.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kiwi-pxeboot-7.03.108-60.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kiwi-7.03.108-60.1 kiwi-debugsource-7.03.108-60.1 kiwi-desc-oemboot-7.03.108-60.1 kiwi-desc-vmxboot-7.03.108-60.1 kiwi-templates-7.03.108-60.1 kiwi-tools-7.03.108-60.1 kiwi-tools-debuginfo-7.03.108-60.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kiwi-doc-7.03.108-60.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kiwi-7.03.108-60.1 kiwi-debugsource-7.03.108-60.1 kiwi-desc-oemboot-7.03.108-60.1 kiwi-desc-vmxboot-7.03.108-60.1 kiwi-templates-7.03.108-60.1 kiwi-tools-7.03.108-60.1 kiwi-tools-debuginfo-7.03.108-60.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le x86_64): kiwi-desc-netboot-7.03.108-60.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kiwi-doc-7.03.108-60.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): kiwi-desc-isoboot-7.03.108-60.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kiwi-debugsource-7.03.108-60.1 kiwi-tools-7.03.108-60.1 kiwi-tools-debuginfo-7.03.108-60.1 References: https://bugzilla.suse.com/1003091 https://bugzilla.suse.com/1006834 https://bugzilla.suse.com/1009032 https://bugzilla.suse.com/1010966 https://bugzilla.suse.com/1012107 From sle-updates at lists.suse.com Mon Jan 9 10:09:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Jan 2017 18:09:38 +0100 (CET) Subject: SUSE-RU-2017:0089-1: moderate: Recommended update for containerd, docker, runc Message-ID: <20170109170938.0109EF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for containerd, docker, runc ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0089-1 Rating: moderate References: #1015661 #1016307 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: Docker was updated to version 1.12.5, which brings several fixes and enhancements: - Remove old flags from dockerd's command-line to be more inline with upstream now that docker-runc is provided by the runc package. -H is dropped because upstream dropped it due to concerns with socket activation. - Remove socket activation entirely. - Fix bash-completion. A comprehensive list of changes is available at https://github.com/docker/docker/blob/v1.12.5/CHANGELOG.md RunC and containerd were also updated for compatibility with Docker 1.12.5. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-36=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-36=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): containerd-0.2.5+gitr569_2a5e70c-12.2 containerd-debuginfo-0.2.5+gitr569_2a5e70c-12.2 containerd-debugsource-0.2.5+gitr569_2a5e70c-12.2 docker-1.12.5-84.1 docker-debuginfo-1.12.5-84.1 docker-debugsource-1.12.5-84.1 runc-0.1.1+gitr2818_f59ba3cdd76f-12.1 runc-debuginfo-0.1.1+gitr2818_f59ba3cdd76f-12.1 runc-debugsource-0.1.1+gitr2818_f59ba3cdd76f-12.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-0.2.5+gitr569_2a5e70c-12.2 containerd-debuginfo-0.2.5+gitr569_2a5e70c-12.2 containerd-debugsource-0.2.5+gitr569_2a5e70c-12.2 docker-1.12.5-84.1 docker-debuginfo-1.12.5-84.1 docker-debugsource-1.12.5-84.1 runc-0.1.1+gitr2818_f59ba3cdd76f-12.1 runc-debuginfo-0.1.1+gitr2818_f59ba3cdd76f-12.1 runc-debugsource-0.1.1+gitr2818_f59ba3cdd76f-12.1 References: https://bugzilla.suse.com/1015661 https://bugzilla.suse.com/1016307 From sle-updates at lists.suse.com Mon Jan 9 10:10:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Jan 2017 18:10:15 +0100 (CET) Subject: SUSE-RU-2017:0090-1: Recommended update for lvm2 Message-ID: <20170109171015.6FA35F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0090-1 Rating: low References: #960344 #971150 #985892 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for lvm2 provides the following fixes: - Redirect non-critical warnings when generating boot ramdisk to /dev/null. (bsc#971150) - Do not print error message inside retry loops to avoid multiple error messages when attempting to remove a busy device. (bsc#960344) - When stopping the lvm service, boot.udev must still be running. (bsc#985892) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-lvm2-12930=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-lvm2-12930=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-lvm2-12930=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): lvm2-2.02.98-0.42.3 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): lvm2-clvm-2.02.98-0.42.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): lvm2-clvm-debuginfo-2.02.98-0.42.3 lvm2-clvm-debugsource-2.02.98-0.42.3 lvm2-debuginfo-2.02.98-0.42.3 lvm2-debugsource-2.02.98-0.42.3 References: https://bugzilla.suse.com/960344 https://bugzilla.suse.com/971150 https://bugzilla.suse.com/985892 From sle-updates at lists.suse.com Mon Jan 9 10:11:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Jan 2017 18:11:25 +0100 (CET) Subject: SUSE-RU-2017:0091-1: Recommended update for kernel-firmware Message-ID: <20170109171125.C290AF7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0091-1 Rating: low References: #1010690 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kernel-firmware updates ASoC Intel SST Atom firmwares to 20161201. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-33=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-33=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-33=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-firmware-20160516git-19.4 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-firmware-20160516git-19.4 ucode-amd-20160516git-19.4 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-firmware-20160516git-19.4 ucode-amd-20160516git-19.4 References: https://bugzilla.suse.com/1010690 From sle-updates at lists.suse.com Mon Jan 9 12:07:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Jan 2017 20:07:35 +0100 (CET) Subject: SUSE-RU-2017:0092-1: Recommended update for smt Message-ID: <20170109190735.3F4F6F533@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0092-1 Rating: low References: #1001178 #1004714 #1004716 #1007543 #1012116 #1013854 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for smt fixes the following issues: - Use CATALOGID for mirroring a specific repository. (bsc#1007543) - Fix help message when adding a custom repository and check for valid custom repository id. (bsc#1004714) - Support namespace option for SUSEConnect. (bsc#1012116) - Add option to deregister a system using SUSEConnect. (bsc#1012116) - Fix error when calling smt-sibling-sync with --help (bsc#1001178) - do not remove the .mirror file during repository cleaning with "smt-mirror --clean" (bsc#1013854) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-37=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-37=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-37=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-37=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): res-signingkeys-3.0.22-38.1 smt-3.0.22-38.1 smt-debuginfo-3.0.22-38.1 smt-debugsource-3.0.22-38.1 smt-support-3.0.22-38.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): res-signingkeys-3.0.22-38.1 smt-3.0.22-38.1 smt-debuginfo-3.0.22-38.1 smt-debugsource-3.0.22-38.1 smt-support-3.0.22-38.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): res-signingkeys-3.0.22-38.1 smt-3.0.22-38.1 smt-debuginfo-3.0.22-38.1 smt-debugsource-3.0.22-38.1 smt-support-3.0.22-38.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): smt-ha-3.0.22-38.1 References: https://bugzilla.suse.com/1001178 https://bugzilla.suse.com/1004714 https://bugzilla.suse.com/1004716 https://bugzilla.suse.com/1007543 https://bugzilla.suse.com/1012116 https://bugzilla.suse.com/1013854 From sle-updates at lists.suse.com Tue Jan 10 06:08:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Jan 2017 14:08:48 +0100 (CET) Subject: SUSE-RU-2017:0096-1: Recommended update for python-networking-cisco Message-ID: <20170110130848.3BB3CF533@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-networking-cisco ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0096-1 Rating: low References: #1010466 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-networking-cisco fixes the following issues: - Update to latest code from OpenStack Liberty Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-38=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): python-networking-cisco-2.1.2~a0~dev5-9.1 References: https://bugzilla.suse.com/1010466 From sle-updates at lists.suse.com Tue Jan 10 06:09:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Jan 2017 14:09:18 +0100 (CET) Subject: SUSE-RU-2017:0097-1: moderate: Recommended update for libosinfo Message-ID: <20170110130918.15961F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for libosinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0097-1 Rating: moderate References: #1012005 #1013983 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libosinfo fixes the following issues: - Incomplete capabilities list of SLE and openSUSE distributions. (bsc#1013983) - Use of the wrong bootloader tool to boot SLES 12-SP3 PV kernel on Xen platform. (bsc#1012005) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-39=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-39=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-39=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-39=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libosinfo-debuginfo-0.3.0-13.2 libosinfo-debugsource-0.3.0-13.2 libosinfo-devel-0.3.0-13.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libosinfo-0.3.0-13.2 libosinfo-1_0-0-0.3.0-13.2 libosinfo-1_0-0-debuginfo-0.3.0-13.2 libosinfo-debuginfo-0.3.0-13.2 libosinfo-debugsource-0.3.0-13.2 typelib-1_0-Libosinfo-1_0-0.3.0-13.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): libosinfo-lang-0.3.0-13.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libosinfo-0.3.0-13.2 libosinfo-1_0-0-0.3.0-13.2 libosinfo-1_0-0-debuginfo-0.3.0-13.2 libosinfo-debuginfo-0.3.0-13.2 libosinfo-debugsource-0.3.0-13.2 typelib-1_0-Libosinfo-1_0-0.3.0-13.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): libosinfo-lang-0.3.0-13.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libosinfo-0.3.0-13.2 libosinfo-1_0-0-0.3.0-13.2 libosinfo-1_0-0-debuginfo-0.3.0-13.2 libosinfo-debuginfo-0.3.0-13.2 libosinfo-debugsource-0.3.0-13.2 typelib-1_0-Libosinfo-1_0-0.3.0-13.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): libosinfo-lang-0.3.0-13.2 References: https://bugzilla.suse.com/1012005 https://bugzilla.suse.com/1013983 From sle-updates at lists.suse.com Tue Jan 10 09:08:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Jan 2017 17:08:32 +0100 (CET) Subject: SUSE-RU-2017:0098-1: moderate: Recommended update for cloud-init Message-ID: <20170110160832.7FD01F533@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0098-1 Rating: moderate References: #1016160 #998103 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-init provides fixes and enhancements: - Move cloud.cfg into an own sub-package, allowing introduction of product-specific settings. (fate#322039, bsc#1016160) - Adjust package license: AGPL-3.0 was added with 0.7.8. - Store previous hostname so update_hostname module does not overwrite manually set host names. (bsc#998103) - Add LocalDisk datasource. (fate#321107) - Support repositories for zypper. (fate#322038) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-41=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): cloud-init-0.7.8-32.1 cloud-init-config-suse-0.7.8-32.1 References: https://bugzilla.suse.com/1016160 https://bugzilla.suse.com/998103 From sle-updates at lists.suse.com Tue Jan 10 09:09:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Jan 2017 17:09:13 +0100 (CET) Subject: SUSE-RU-2017:0099-1: important: Recommended update for python-pyldap Message-ID: <20170110160913.81624F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pyldap ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0099-1 Rating: important References: #1016659 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update properly declares python-pyldap as a drop-in replacement for python-ldap (bsc#1016659). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-42=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-42=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-42=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): python-pyldap-2.4.25.1-3.2 python-pyldap-debuginfo-2.4.25.1-3.2 python-pyldap-debugsource-2.4.25.1-3.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): python-pyldap-2.4.25.1-3.2 python-pyldap-debuginfo-2.4.25.1-3.2 python-pyldap-debugsource-2.4.25.1-3.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): python-pyldap-2.4.25.1-3.2 python-pyldap-debuginfo-2.4.25.1-3.2 python-pyldap-debugsource-2.4.25.1-3.2 References: https://bugzilla.suse.com/1016659 From sle-updates at lists.suse.com Tue Jan 10 09:09:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Jan 2017 17:09:44 +0100 (CET) Subject: SUSE-RU-2017:0100-1: Recommended update for librdmacm Message-ID: <20170110160944.A4514F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for librdmacm ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0100-1 Rating: low References: #1010030 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for librdmacm fixes the runtime requirements of librdmacm-devel-32bit. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-40=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-40=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-40=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-40=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): librdmacm-debugsource-1.1.0-6.2 librdmacm-devel-1.1.0-6.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): librdmacm-debugsource-1.1.0-6.2 librdmacm-tools-1.1.0-6.2 librdmacm-tools-debuginfo-1.1.0-6.2 librdmacm1-1.1.0-6.2 librdmacm1-debuginfo-1.1.0-6.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): librdmacm-debugsource-1.1.0-6.2 librdmacm-tools-1.1.0-6.2 librdmacm-tools-debuginfo-1.1.0-6.2 librdmacm1-1.1.0-6.2 librdmacm1-debuginfo-1.1.0-6.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): librdmacm1-32bit-1.1.0-6.2 librdmacm1-debuginfo-32bit-1.1.0-6.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): librdmacm-debugsource-1.1.0-6.2 librdmacm1-1.1.0-6.2 librdmacm1-debuginfo-1.1.0-6.2 References: https://bugzilla.suse.com/1010030 From sle-updates at lists.suse.com Tue Jan 10 11:09:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Jan 2017 19:09:21 +0100 (CET) Subject: SUSE-SU-2017:0102-1: important: Security update for freeradius-server Message-ID: <20170110180921.6FA97F7CB@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0102-1 Rating: important References: #1013311 #911886 #935573 #951404 Cross-References: CVE-2015-4680 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update of freeradius-server fixes several issues. Security issue fixed: - CVE-2015-4680: Fixed Insufficent CRL application for intermediate certificates (bsc#935573) Non security issues fixed: - Allows FreeRadius Server to start on SUSE Linux Enterprise Server 12 SP2 systems by relaxing a too strict openssl version check. (bsc#1013311) - Fixed radclient error free() invalid pointer (bsc#911886) - Fixed failing rebuild of freeradius-server package (bsc#951404) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-44=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-44=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-44=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-44=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-44=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.3-14.1 freeradius-server-debugsource-3.0.3-14.1 freeradius-server-devel-3.0.3-14.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.3-14.1 freeradius-server-debugsource-3.0.3-14.1 freeradius-server-devel-3.0.3-14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): freeradius-server-3.0.3-14.1 freeradius-server-debuginfo-3.0.3-14.1 freeradius-server-debugsource-3.0.3-14.1 freeradius-server-doc-3.0.3-14.1 freeradius-server-krb5-3.0.3-14.1 freeradius-server-krb5-debuginfo-3.0.3-14.1 freeradius-server-ldap-3.0.3-14.1 freeradius-server-ldap-debuginfo-3.0.3-14.1 freeradius-server-libs-3.0.3-14.1 freeradius-server-libs-debuginfo-3.0.3-14.1 freeradius-server-mysql-3.0.3-14.1 freeradius-server-mysql-debuginfo-3.0.3-14.1 freeradius-server-perl-3.0.3-14.1 freeradius-server-perl-debuginfo-3.0.3-14.1 freeradius-server-postgresql-3.0.3-14.1 freeradius-server-postgresql-debuginfo-3.0.3-14.1 freeradius-server-python-3.0.3-14.1 freeradius-server-python-debuginfo-3.0.3-14.1 freeradius-server-sqlite-3.0.3-14.1 freeradius-server-sqlite-debuginfo-3.0.3-14.1 freeradius-server-utils-3.0.3-14.1 freeradius-server-utils-debuginfo-3.0.3-14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): freeradius-server-3.0.3-14.1 freeradius-server-debuginfo-3.0.3-14.1 freeradius-server-debugsource-3.0.3-14.1 freeradius-server-doc-3.0.3-14.1 freeradius-server-krb5-3.0.3-14.1 freeradius-server-krb5-debuginfo-3.0.3-14.1 freeradius-server-ldap-3.0.3-14.1 freeradius-server-ldap-debuginfo-3.0.3-14.1 freeradius-server-libs-3.0.3-14.1 freeradius-server-libs-debuginfo-3.0.3-14.1 freeradius-server-mysql-3.0.3-14.1 freeradius-server-mysql-debuginfo-3.0.3-14.1 freeradius-server-perl-3.0.3-14.1 freeradius-server-perl-debuginfo-3.0.3-14.1 freeradius-server-postgresql-3.0.3-14.1 freeradius-server-postgresql-debuginfo-3.0.3-14.1 freeradius-server-python-3.0.3-14.1 freeradius-server-python-debuginfo-3.0.3-14.1 freeradius-server-sqlite-3.0.3-14.1 freeradius-server-sqlite-debuginfo-3.0.3-14.1 freeradius-server-utils-3.0.3-14.1 freeradius-server-utils-debuginfo-3.0.3-14.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): freeradius-server-3.0.3-14.1 freeradius-server-debuginfo-3.0.3-14.1 freeradius-server-debugsource-3.0.3-14.1 freeradius-server-doc-3.0.3-14.1 freeradius-server-krb5-3.0.3-14.1 freeradius-server-krb5-debuginfo-3.0.3-14.1 freeradius-server-ldap-3.0.3-14.1 freeradius-server-ldap-debuginfo-3.0.3-14.1 freeradius-server-libs-3.0.3-14.1 freeradius-server-libs-debuginfo-3.0.3-14.1 freeradius-server-mysql-3.0.3-14.1 freeradius-server-mysql-debuginfo-3.0.3-14.1 freeradius-server-perl-3.0.3-14.1 freeradius-server-perl-debuginfo-3.0.3-14.1 freeradius-server-postgresql-3.0.3-14.1 freeradius-server-postgresql-debuginfo-3.0.3-14.1 freeradius-server-python-3.0.3-14.1 freeradius-server-python-debuginfo-3.0.3-14.1 freeradius-server-sqlite-3.0.3-14.1 freeradius-server-sqlite-debuginfo-3.0.3-14.1 freeradius-server-utils-3.0.3-14.1 freeradius-server-utils-debuginfo-3.0.3-14.1 References: https://www.suse.com/security/cve/CVE-2015-4680.html https://bugzilla.suse.com/1013311 https://bugzilla.suse.com/911886 https://bugzilla.suse.com/935573 https://bugzilla.suse.com/951404 From sle-updates at lists.suse.com Tue Jan 10 13:08:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Jan 2017 21:08:22 +0100 (CET) Subject: SUSE-SU-2017:0103-1: Security update for rrdtool Message-ID: <20170110200822.3DAF8F533@maintenance.suse.de> SUSE Security Update: Security update for rrdtool ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0103-1 Rating: low References: #828003 #967671 Cross-References: CVE-2013-2131 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for rrdtool provides the following fixes: - CVE-2013-2131: Enhance imginfo format validation checks to prevent crashes. (bsc#828003) - Add rrdtool-cached sub-package to SLE 12-SP1. (bsc#967671) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-45=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-45=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-45=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-45=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-45=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-45=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-45=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): rrdtool-debuginfo-1.4.7-20.1 rrdtool-debugsource-1.4.7-20.1 rrdtool-devel-1.4.7-20.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): rrdtool-debuginfo-1.4.7-20.1 rrdtool-debugsource-1.4.7-20.1 rrdtool-devel-1.4.7-20.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): rrdtool-1.4.7-20.1 rrdtool-cached-1.4.7-20.1 rrdtool-cached-debuginfo-1.4.7-20.1 rrdtool-debuginfo-1.4.7-20.1 rrdtool-debugsource-1.4.7-20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): rrdtool-1.4.7-20.1 rrdtool-cached-1.4.7-20.1 rrdtool-cached-debuginfo-1.4.7-20.1 rrdtool-debuginfo-1.4.7-20.1 rrdtool-debugsource-1.4.7-20.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): rrdtool-1.4.7-20.1 rrdtool-cached-1.4.7-20.1 rrdtool-cached-debuginfo-1.4.7-20.1 rrdtool-debuginfo-1.4.7-20.1 rrdtool-debugsource-1.4.7-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): rrdtool-1.4.7-20.1 rrdtool-cached-1.4.7-20.1 rrdtool-cached-debuginfo-1.4.7-20.1 rrdtool-debuginfo-1.4.7-20.1 rrdtool-debugsource-1.4.7-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): rrdtool-1.4.7-20.1 rrdtool-cached-1.4.7-20.1 rrdtool-cached-debuginfo-1.4.7-20.1 rrdtool-debuginfo-1.4.7-20.1 rrdtool-debugsource-1.4.7-20.1 References: https://www.suse.com/security/cve/CVE-2013-2131.html https://bugzilla.suse.com/828003 https://bugzilla.suse.com/967671 From sle-updates at lists.suse.com Wed Jan 11 06:08:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jan 2017 14:08:28 +0100 (CET) Subject: SUSE-SU-2017:0104-1: important: Security update for LibVNCServer Message-ID: <20170111130828.5D064F533@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0104-1 Rating: important References: #1017711 #1017712 Cross-References: CVE-2016-9941 CVE-2016-9942 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711) - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-LibVNCServer-12932=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-LibVNCServer-12932=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-LibVNCServer-12932=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-devel-0.9.1-159.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-0.9.1-159.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): LibVNCServer-debuginfo-0.9.1-159.1 LibVNCServer-debugsource-0.9.1-159.1 References: https://www.suse.com/security/cve/CVE-2016-9941.html https://www.suse.com/security/cve/CVE-2016-9942.html https://bugzilla.suse.com/1017711 https://bugzilla.suse.com/1017712 From sle-updates at lists.suse.com Wed Jan 11 07:08:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jan 2017 15:08:24 +0100 (CET) Subject: SUSE-RU-2017:0105-1: important: Recommended update for systemd Message-ID: <20170111140824.5EBD1F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0105-1 Rating: important References: #1018214 #1018399 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd fixes the following two issues: - A regression in the previous update (SUSE-RU-2017:0013-1, bsc#909418) could have caused systemd to freeze. (bsc#1018399) - Warnings emitted when udev socket units are restarted during package upgrade were silenced. (bsc#1018214) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-47=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-47=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-47=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-47=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libudev-devel-228-129.1 systemd-debuginfo-228-129.1 systemd-debugsource-228-129.1 systemd-devel-228-129.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsystemd0-228-129.1 libsystemd0-debuginfo-228-129.1 libudev1-228-129.1 libudev1-debuginfo-228-129.1 systemd-228-129.1 systemd-debuginfo-228-129.1 systemd-debugsource-228-129.1 systemd-sysvinit-228-129.1 udev-228-129.1 udev-debuginfo-228-129.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): systemd-bash-completion-228-129.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsystemd0-228-129.1 libsystemd0-debuginfo-228-129.1 libudev1-228-129.1 libudev1-debuginfo-228-129.1 systemd-228-129.1 systemd-debuginfo-228-129.1 systemd-debugsource-228-129.1 systemd-sysvinit-228-129.1 udev-228-129.1 udev-debuginfo-228-129.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libsystemd0-32bit-228-129.1 libsystemd0-debuginfo-32bit-228-129.1 libudev1-32bit-228-129.1 libudev1-debuginfo-32bit-228-129.1 systemd-32bit-228-129.1 systemd-debuginfo-32bit-228-129.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): systemd-bash-completion-228-129.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): systemd-bash-completion-228-129.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsystemd0-228-129.1 libsystemd0-32bit-228-129.1 libsystemd0-debuginfo-228-129.1 libsystemd0-debuginfo-32bit-228-129.1 libudev1-228-129.1 libudev1-32bit-228-129.1 libudev1-debuginfo-228-129.1 libudev1-debuginfo-32bit-228-129.1 systemd-228-129.1 systemd-32bit-228-129.1 systemd-debuginfo-228-129.1 systemd-debuginfo-32bit-228-129.1 systemd-debugsource-228-129.1 systemd-sysvinit-228-129.1 udev-228-129.1 udev-debuginfo-228-129.1 References: https://bugzilla.suse.com/1018214 https://bugzilla.suse.com/1018399 From sle-updates at lists.suse.com Wed Jan 11 11:08:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jan 2017 19:08:26 +0100 (CET) Subject: SUSE-RU-2017:0106-1: important: Recommended update for gstreamer-plugins-good Message-ID: <20170111180826.D56A3F533@maintenance.suse.de> SUSE Recommended Update: Recommended update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0106-1 Rating: important References: #1013653 #1013655 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gstreamer-plugins-good fixes the following issues: - Fix FLC/FLI playing. The code responsible for these formats had accidentally been broken by a previously applied security update. [bsc#1013653, bsc#1013655]. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-48=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-48=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-48=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-48=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (noarch): gstreamer-plugins-good-lang-1.2.4-2.6.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): gstreamer-plugins-good-1.2.4-2.6.1 gstreamer-plugins-good-debuginfo-1.2.4-2.6.1 gstreamer-plugins-good-debugsource-1.2.4-2.6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-good-1.2.4-2.6.1 gstreamer-plugins-good-debuginfo-1.2.4-2.6.1 gstreamer-plugins-good-debugsource-1.2.4-2.6.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): gstreamer-plugins-good-lang-1.2.4-2.6.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gstreamer-plugins-good-1.2.4-2.6.1 gstreamer-plugins-good-debuginfo-1.2.4-2.6.1 gstreamer-plugins-good-debugsource-1.2.4-2.6.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): gstreamer-plugins-good-lang-1.2.4-2.6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-plugins-good-1.2.4-2.6.1 gstreamer-plugins-good-debuginfo-1.2.4-2.6.1 gstreamer-plugins-good-debugsource-1.2.4-2.6.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-plugins-good-lang-1.2.4-2.6.1 References: https://bugzilla.suse.com/1013653 https://bugzilla.suse.com/1013655 From sle-updates at lists.suse.com Wed Jan 11 13:08:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jan 2017 21:08:32 +0100 (CET) Subject: SUSE-SU-2017:0108-1: important: Security update for flash-player Message-ID: <20170111200832.24604F7CB@maintenance.suse.de> SUSE Security Update: Security update for flash-player ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0108-1 Rating: important References: #1019129 Cross-References: CVE-2017-2925 CVE-2017-2926 CVE-2017-2927 CVE-2017-2928 CVE-2017-2930 CVE-2017-2931 CVE-2017-2932 CVE-2017-2933 CVE-2017-2934 CVE-2017-2935 CVE-2017-2936 CVE-2017-2937 CVE-2017-2938 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update to Adobe Flash 24.0.0.194 fixes the following vulnerabilities advised under APSB17-02: - security bypass vulnerability that could lead to information disclosure (CVE-2017-2938) - use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937) - heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935) - memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-51=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-51=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): flash-player-24.0.0.194-155.1 flash-player-gnome-24.0.0.194-155.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): flash-player-24.0.0.194-155.1 flash-player-gnome-24.0.0.194-155.1 References: https://www.suse.com/security/cve/CVE-2017-2925.html https://www.suse.com/security/cve/CVE-2017-2926.html https://www.suse.com/security/cve/CVE-2017-2927.html https://www.suse.com/security/cve/CVE-2017-2928.html https://www.suse.com/security/cve/CVE-2017-2930.html https://www.suse.com/security/cve/CVE-2017-2931.html https://www.suse.com/security/cve/CVE-2017-2932.html https://www.suse.com/security/cve/CVE-2017-2933.html https://www.suse.com/security/cve/CVE-2017-2934.html https://www.suse.com/security/cve/CVE-2017-2935.html https://www.suse.com/security/cve/CVE-2017-2936.html https://www.suse.com/security/cve/CVE-2017-2937.html https://www.suse.com/security/cve/CVE-2017-2938.html https://bugzilla.suse.com/1019129 From sle-updates at lists.suse.com Wed Jan 11 13:08:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jan 2017 21:08:58 +0100 (CET) Subject: SUSE-SU-2017:0109-1: moderate: Security update for php53 Message-ID: <20170111200858.BE11FF7CB@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0109-1 Rating: moderate References: #1012232 #1015187 #1015188 #1015189 #974305 Cross-References: CVE-2014-9912 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for php53 fixes the following issues: * CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName() [bsc#1012232] * CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] * CVE-2016-9935: Invalid read could lead to crash [bsc#1015189] * Buffer overflow in libmagic, allowing attackers to crash the PHP interpreter [bsc#974305] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-php53-12933=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-php53-12933=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-12933=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-devel-5.3.17-94.1 php53-imap-5.3.17-94.1 php53-posix-5.3.17-94.1 php53-readline-5.3.17-94.1 php53-sockets-5.3.17-94.1 php53-sqlite-5.3.17-94.1 php53-tidy-5.3.17-94.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-94.1 php53-5.3.17-94.1 php53-bcmath-5.3.17-94.1 php53-bz2-5.3.17-94.1 php53-calendar-5.3.17-94.1 php53-ctype-5.3.17-94.1 php53-curl-5.3.17-94.1 php53-dba-5.3.17-94.1 php53-dom-5.3.17-94.1 php53-exif-5.3.17-94.1 php53-fastcgi-5.3.17-94.1 php53-fileinfo-5.3.17-94.1 php53-ftp-5.3.17-94.1 php53-gd-5.3.17-94.1 php53-gettext-5.3.17-94.1 php53-gmp-5.3.17-94.1 php53-iconv-5.3.17-94.1 php53-intl-5.3.17-94.1 php53-json-5.3.17-94.1 php53-ldap-5.3.17-94.1 php53-mbstring-5.3.17-94.1 php53-mcrypt-5.3.17-94.1 php53-mysql-5.3.17-94.1 php53-odbc-5.3.17-94.1 php53-openssl-5.3.17-94.1 php53-pcntl-5.3.17-94.1 php53-pdo-5.3.17-94.1 php53-pear-5.3.17-94.1 php53-pgsql-5.3.17-94.1 php53-pspell-5.3.17-94.1 php53-shmop-5.3.17-94.1 php53-snmp-5.3.17-94.1 php53-soap-5.3.17-94.1 php53-suhosin-5.3.17-94.1 php53-sysvmsg-5.3.17-94.1 php53-sysvsem-5.3.17-94.1 php53-sysvshm-5.3.17-94.1 php53-tokenizer-5.3.17-94.1 php53-wddx-5.3.17-94.1 php53-xmlreader-5.3.17-94.1 php53-xmlrpc-5.3.17-94.1 php53-xmlwriter-5.3.17-94.1 php53-xsl-5.3.17-94.1 php53-zip-5.3.17-94.1 php53-zlib-5.3.17-94.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): php53-debuginfo-5.3.17-94.1 php53-debugsource-5.3.17-94.1 References: https://www.suse.com/security/cve/CVE-2014-9912.html https://www.suse.com/security/cve/CVE-2016-9933.html https://www.suse.com/security/cve/CVE-2016-9934.html https://www.suse.com/security/cve/CVE-2016-9935.html https://bugzilla.suse.com/1012232 https://bugzilla.suse.com/1015187 https://bugzilla.suse.com/1015188 https://bugzilla.suse.com/1015189 https://bugzilla.suse.com/974305 From sle-updates at lists.suse.com Wed Jan 11 13:10:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Jan 2017 21:10:06 +0100 (CET) Subject: SUSE-SU-2017:0110-1: moderate: Security update for squid3 Message-ID: <20170111201006.D409CF7CB@maintenance.suse.de> SUSE Security Update: Security update for squid3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0110-1 Rating: moderate References: #1016168 #949942 Cross-References: CVE-2014-9749 CVE-2016-10002 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for squid3 fixes the following issues: - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168) - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-squid3-12934=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-squid3-12934=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): squid3-3.1.23-8.16.36.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): squid3-debuginfo-3.1.23-8.16.36.1 squid3-debugsource-3.1.23-8.16.36.1 References: https://www.suse.com/security/cve/CVE-2014-9749.html https://www.suse.com/security/cve/CVE-2016-10002.html https://bugzilla.suse.com/1016168 https://bugzilla.suse.com/949942 From sle-updates at lists.suse.com Wed Jan 11 18:08:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jan 2017 02:08:42 +0100 (CET) Subject: SUSE-SU-2017:0111-1: important: Security update for bind Message-ID: <20170112010842.817F7F533@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0111-1 Rating: important References: #1018699 #1018700 #1018701 #1018702 Cross-References: CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-54=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-54=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-54=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-54=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-54=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-54=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-54=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-53.1 bind-debugsource-9.9.9P1-53.1 bind-devel-9.9.9P1-53.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): bind-debuginfo-9.9.9P1-53.1 bind-debugsource-9.9.9P1-53.1 bind-devel-9.9.9P1-53.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): bind-9.9.9P1-53.1 bind-chrootenv-9.9.9P1-53.1 bind-debuginfo-9.9.9P1-53.1 bind-debugsource-9.9.9P1-53.1 bind-libs-9.9.9P1-53.1 bind-libs-debuginfo-9.9.9P1-53.1 bind-utils-9.9.9P1-53.1 bind-utils-debuginfo-9.9.9P1-53.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): bind-doc-9.9.9P1-53.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): bind-9.9.9P1-53.1 bind-chrootenv-9.9.9P1-53.1 bind-debuginfo-9.9.9P1-53.1 bind-debugsource-9.9.9P1-53.1 bind-libs-9.9.9P1-53.1 bind-libs-debuginfo-9.9.9P1-53.1 bind-utils-9.9.9P1-53.1 bind-utils-debuginfo-9.9.9P1-53.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): bind-libs-32bit-9.9.9P1-53.1 bind-libs-debuginfo-32bit-9.9.9P1-53.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): bind-doc-9.9.9P1-53.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): bind-9.9.9P1-53.1 bind-chrootenv-9.9.9P1-53.1 bind-debuginfo-9.9.9P1-53.1 bind-debugsource-9.9.9P1-53.1 bind-libs-9.9.9P1-53.1 bind-libs-debuginfo-9.9.9P1-53.1 bind-utils-9.9.9P1-53.1 bind-utils-debuginfo-9.9.9P1-53.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): bind-libs-32bit-9.9.9P1-53.1 bind-libs-debuginfo-32bit-9.9.9P1-53.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): bind-doc-9.9.9P1-53.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): bind-debuginfo-9.9.9P1-53.1 bind-debugsource-9.9.9P1-53.1 bind-libs-32bit-9.9.9P1-53.1 bind-libs-9.9.9P1-53.1 bind-libs-debuginfo-32bit-9.9.9P1-53.1 bind-libs-debuginfo-9.9.9P1-53.1 bind-utils-9.9.9P1-53.1 bind-utils-debuginfo-9.9.9P1-53.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): bind-debuginfo-9.9.9P1-53.1 bind-debugsource-9.9.9P1-53.1 bind-libs-32bit-9.9.9P1-53.1 bind-libs-9.9.9P1-53.1 bind-libs-debuginfo-32bit-9.9.9P1-53.1 bind-libs-debuginfo-9.9.9P1-53.1 bind-utils-9.9.9P1-53.1 bind-utils-debuginfo-9.9.9P1-53.1 References: https://www.suse.com/security/cve/CVE-2016-9131.html https://www.suse.com/security/cve/CVE-2016-9147.html https://www.suse.com/security/cve/CVE-2016-9444.html https://bugzilla.suse.com/1018699 https://bugzilla.suse.com/1018700 https://bugzilla.suse.com/1018701 https://bugzilla.suse.com/1018702 From sle-updates at lists.suse.com Wed Jan 11 18:09:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jan 2017 02:09:48 +0100 (CET) Subject: SUSE-SU-2017:0112-1: important: Security update for bind Message-ID: <20170112010948.7AE1DF7CB@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0112-1 Rating: important References: #1018699 #1018700 #1018701 #1018702 Cross-References: CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-bind-12936=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-bind-12936=1 - SUSE Manager 2.1: zypper in -t patch sleman21-bind-12936=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bind-12936=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bind-12936=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-bind-12936=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-bind-12936=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-bind-12936=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bind-12936=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): bind-9.9.6P1-0.36.1 bind-chrootenv-9.9.6P1-0.36.1 bind-doc-9.9.6P1-0.36.1 bind-libs-32bit-9.9.6P1-0.36.1 bind-libs-9.9.6P1-0.36.1 bind-utils-9.9.6P1-0.36.1 - SUSE Manager Proxy 2.1 (x86_64): bind-9.9.6P1-0.36.1 bind-chrootenv-9.9.6P1-0.36.1 bind-doc-9.9.6P1-0.36.1 bind-libs-32bit-9.9.6P1-0.36.1 bind-libs-9.9.6P1-0.36.1 bind-utils-9.9.6P1-0.36.1 - SUSE Manager 2.1 (s390x x86_64): bind-9.9.6P1-0.36.1 bind-chrootenv-9.9.6P1-0.36.1 bind-doc-9.9.6P1-0.36.1 bind-libs-32bit-9.9.6P1-0.36.1 bind-libs-9.9.6P1-0.36.1 bind-utils-9.9.6P1-0.36.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-devel-9.9.6P1-0.36.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): bind-devel-32bit-9.9.6P1-0.36.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-9.9.6P1-0.36.1 bind-chrootenv-9.9.6P1-0.36.1 bind-doc-9.9.6P1-0.36.1 bind-libs-9.9.6P1-0.36.1 bind-utils-9.9.6P1-0.36.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): bind-libs-32bit-9.9.6P1-0.36.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bind-libs-x86-9.9.6P1-0.36.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.36.1 bind-chrootenv-9.9.6P1-0.36.1 bind-doc-9.9.6P1-0.36.1 bind-libs-9.9.6P1-0.36.1 bind-utils-9.9.6P1-0.36.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.36.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): bind-9.9.6P1-0.36.1 bind-chrootenv-9.9.6P1-0.36.1 bind-devel-9.9.6P1-0.36.1 bind-doc-9.9.6P1-0.36.1 bind-libs-9.9.6P1-0.36.1 bind-utils-9.9.6P1-0.36.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64): bind-libs-32bit-9.9.6P1-0.36.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): bind-9.9.6P1-0.36.1 bind-chrootenv-9.9.6P1-0.36.1 bind-doc-9.9.6P1-0.36.1 bind-libs-9.9.6P1-0.36.1 bind-utils-9.9.6P1-0.36.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bind-debuginfo-9.9.6P1-0.36.1 bind-debugsource-9.9.6P1-0.36.1 References: https://www.suse.com/security/cve/CVE-2016-9131.html https://www.suse.com/security/cve/CVE-2016-9147.html https://www.suse.com/security/cve/CVE-2016-9444.html https://bugzilla.suse.com/1018699 https://bugzilla.suse.com/1018700 https://bugzilla.suse.com/1018701 https://bugzilla.suse.com/1018702 From sle-updates at lists.suse.com Wed Jan 11 18:10:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jan 2017 02:10:52 +0100 (CET) Subject: SUSE-SU-2017:0113-1: important: Security update for bind Message-ID: <20170112011052.32F28F7CB@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0113-1 Rating: important References: #1018699 #1018700 #1018701 #1018702 #965748 Cross-References: CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] - Fixed ldapdump to use a temporary pseudo nameserver that conforms to BIND's expected syntax. Prior versions would not work correctly with an LDAP backed DNS server. [bsc#965748] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-52=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-52=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): bind-9.9.9P1-28.26.1 bind-chrootenv-9.9.9P1-28.26.1 bind-debuginfo-9.9.9P1-28.26.1 bind-debugsource-9.9.9P1-28.26.1 bind-libs-32bit-9.9.9P1-28.26.1 bind-libs-9.9.9P1-28.26.1 bind-libs-debuginfo-32bit-9.9.9P1-28.26.1 bind-libs-debuginfo-9.9.9P1-28.26.1 bind-utils-9.9.9P1-28.26.1 bind-utils-debuginfo-9.9.9P1-28.26.1 - SUSE Linux Enterprise Server for SAP 12 (noarch): bind-doc-9.9.9P1-28.26.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-28.26.1 bind-chrootenv-9.9.9P1-28.26.1 bind-debuginfo-9.9.9P1-28.26.1 bind-debugsource-9.9.9P1-28.26.1 bind-libs-9.9.9P1-28.26.1 bind-libs-debuginfo-9.9.9P1-28.26.1 bind-utils-9.9.9P1-28.26.1 bind-utils-debuginfo-9.9.9P1-28.26.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-28.26.1 bind-libs-debuginfo-32bit-9.9.9P1-28.26.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): bind-doc-9.9.9P1-28.26.1 References: https://www.suse.com/security/cve/CVE-2016-9131.html https://www.suse.com/security/cve/CVE-2016-9147.html https://www.suse.com/security/cve/CVE-2016-9444.html https://bugzilla.suse.com/1018699 https://bugzilla.suse.com/1018700 https://bugzilla.suse.com/1018701 https://bugzilla.suse.com/1018702 https://bugzilla.suse.com/965748 From sle-updates at lists.suse.com Thu Jan 12 07:08:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jan 2017 15:08:43 +0100 (CET) Subject: SUSE-SU-2017:0114-1: moderate: Security update for python-Twisted Message-ID: <20170112140843.A0765F533@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0114-1 Rating: moderate References: #989997 Cross-References: CVE-2016-1000111 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 4 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2016-1000111: sets environmental variable HTTP_PROXY based on user supplied Proxy request header (bsc#989997) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-56=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-56=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-56=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): python-Twisted-15.2.1-8.1 python-Twisted-debuginfo-15.2.1-8.1 python-Twisted-debugsource-15.2.1-8.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-Twisted-15.2.1-8.1 python-Twisted-debuginfo-15.2.1-8.1 python-Twisted-debugsource-15.2.1-8.1 - SUSE Enterprise Storage 3 (aarch64 x86_64): python-Twisted-15.2.1-8.1 python-Twisted-debuginfo-15.2.1-8.1 python-Twisted-debugsource-15.2.1-8.1 References: https://www.suse.com/security/cve/CVE-2016-1000111.html https://bugzilla.suse.com/989997 From sle-updates at lists.suse.com Thu Jan 12 08:09:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jan 2017 16:09:30 +0100 (CET) Subject: SUSE-RU-2017:0115-1: Recommended update for amavisd-new Message-ID: <20170112150930.BD8E8F533@maintenance.suse.de> SUSE Recommended Update: Recommended update for amavisd-new ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0115-1 Rating: low References: #942254 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for amavisd-new provides the following fixes: - Require perl-Convert-BinHex as otherwise startup fails if the package is missing. (bsc#942254) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-58=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-58=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-58=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-58=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-58=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-58=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-58=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): amavisd-new-debuginfo-2.8.1-11.1 amavisd-new-debugsource-2.8.1-11.1 amavisd-new-docs-2.8.1-11.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): amavisd-new-debuginfo-2.8.1-11.1 amavisd-new-debugsource-2.8.1-11.1 amavisd-new-docs-2.8.1-11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): amavisd-new-2.8.1-11.1 amavisd-new-debuginfo-2.8.1-11.1 amavisd-new-debugsource-2.8.1-11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): amavisd-new-2.8.1-11.1 amavisd-new-debuginfo-2.8.1-11.1 amavisd-new-debugsource-2.8.1-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): amavisd-new-2.8.1-11.1 amavisd-new-debuginfo-2.8.1-11.1 amavisd-new-debugsource-2.8.1-11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): amavisd-new-2.8.1-11.1 amavisd-new-debuginfo-2.8.1-11.1 amavisd-new-debugsource-2.8.1-11.1 amavisd-new-docs-2.8.1-11.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): amavisd-new-2.8.1-11.1 amavisd-new-debuginfo-2.8.1-11.1 amavisd-new-debugsource-2.8.1-11.1 amavisd-new-docs-2.8.1-11.1 References: https://bugzilla.suse.com/942254 From sle-updates at lists.suse.com Thu Jan 12 08:10:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jan 2017 16:10:05 +0100 (CET) Subject: SUSE-SU-2017:0116-1: moderate: Security update for squid Message-ID: <20170112151005.61C80F7BF@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0116-1 Rating: moderate References: #1016168 #949942 Cross-References: CVE-2014-9749 CVE-2016-10002 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168) - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-57=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): squid-3.3.14-22.6.1 squid-debuginfo-3.3.14-22.6.1 squid-debugsource-3.3.14-22.6.1 References: https://www.suse.com/security/cve/CVE-2014-9749.html https://www.suse.com/security/cve/CVE-2016-10002.html https://bugzilla.suse.com/1016168 https://bugzilla.suse.com/949942 From sle-updates at lists.suse.com Thu Jan 12 11:08:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jan 2017 19:08:27 +0100 (CET) Subject: SUSE-RU-2017:0117-1: Recommended update for xdm Message-ID: <20170112180827.DA728F533@maintenance.suse.de> SUSE Recommended Update: Recommended update for xdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0117-1 Rating: low References: #1013200 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xdm provides the following fixes: - Ensure that display managers will be started after systemd's login manager. (bsc#1013200) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-59=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-59=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-59=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): xdm-1.1.11-41.16.1 xdm-debuginfo-1.1.11-41.16.1 xdm-debugsource-1.1.11-41.16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): xdm-1.1.11-41.16.1 xdm-debuginfo-1.1.11-41.16.1 xdm-debugsource-1.1.11-41.16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xdm-1.1.11-41.16.1 xdm-debuginfo-1.1.11-41.16.1 xdm-debugsource-1.1.11-41.16.1 References: https://bugzilla.suse.com/1013200 From sle-updates at lists.suse.com Thu Jan 12 11:09:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jan 2017 19:09:04 +0100 (CET) Subject: SUSE-RU-2017:0118-1: moderate: Recommended update for rubygem-cfa_grub2 Message-ID: <20170112180904.AF1C1F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-cfa_grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0118-1 Rating: moderate References: #1012503 #877047 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rubygem-cfa_grub2 provides the following fixes: - Use correct configuration file for Xen kernel parameters. (bsc#1012503) - Fix YaST performance problems when /etc/hosts includes many records. (bsc#877047) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-60=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-60=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-60=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ruby2.1-rubygem-cfa_grub2-0.5.3-2.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): ruby2.1-rubygem-cfa_grub2-0.5.3-2.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ruby2.1-rubygem-cfa_grub2-0.5.3-2.3.1 References: https://bugzilla.suse.com/1012503 https://bugzilla.suse.com/877047 From sle-updates at lists.suse.com Thu Jan 12 12:09:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jan 2017 20:09:10 +0100 (CET) Subject: SUSE-RU-2017:0119-1: Recommended update for smt Message-ID: <20170112190910.89C33F7CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0119-1 Rating: low References: #1004714 #1004716 #1007543 #1012116 #1013854 Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for smt fixes the following issues: - Use CATALOGID for mirroring a specific repository. (bsc#1007543) - Fix help message when adding a custom repository and check for valid custom repository id. (bsc#1004714) - Support namespace option for SUSEConnect. (bsc#1012116) - Add option to deregister a system using SUSEConnect. (bsc#1012116) - do not remove the .mirror file during repository cleaning with "smt-mirror --clean" (bsc#1013854) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-smt-12937=1 To bring your system up-to-date, use "zypper patch". Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64): res-signingkeys-2.0.28-43.1 smt-2.0.28-43.1 smt-support-2.0.28-43.1 References: https://bugzilla.suse.com/1004714 https://bugzilla.suse.com/1004716 https://bugzilla.suse.com/1007543 https://bugzilla.suse.com/1012116 https://bugzilla.suse.com/1013854 From sle-updates at lists.suse.com Thu Jan 12 12:10:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Jan 2017 20:10:36 +0100 (CET) Subject: SUSE-RU-2017:0120-1: Recommended update for yast2 Message-ID: <20170112191036.AD7A4F7BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0120-1 Rating: low References: #966413 #972575 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2 fixes the following issues: - Add-on module: Do not escape characters like ":" in the path string. (bsc#966413) - Filter out INTERFACETYPE option from ifcfg files. This option used to be written with incorrect value by older versions of YaST. (bsc#972575) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-62=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-62=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-62=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): yast2-devel-doc-3.1.155.5-14.9 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): yast2-3.1.155.5-14.9 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): yast2-3.1.155.5-14.9 References: https://bugzilla.suse.com/966413 https://bugzilla.suse.com/972575 From sle-updates at lists.suse.com Fri Jan 13 06:08:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jan 2017 14:08:37 +0100 (CET) Subject: SUSE-RU-2017:0121-1: moderate: Recommended update for lrbd Message-ID: <20170113130837.3BF4EF533@maintenance.suse.de> SUSE Recommended Update: Recommended update for lrbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0121-1 Rating: moderate References: #963757 Affected Products: SUSE Enterprise Storage 2.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lrbd fixes the following issues: - Disable tpg until fully configured. - Add retries for globbing files. (bsc#963757) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 2.1: zypper in -t patch SUSE-Storage-2.1-2017-63=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 2.1 (noarch): lrbd-1.0.5.1-11.1 References: https://bugzilla.suse.com/963757 From sle-updates at lists.suse.com Fri Jan 13 06:09:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jan 2017 14:09:10 +0100 (CET) Subject: SUSE-SU-2017:0122-1: moderate: Security update for perl-DBD-mysql Message-ID: <20170113130910.BD3C7F7CB@maintenance.suse.de> SUSE Security Update: Security update for perl-DBD-mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0122-1 Rating: moderate References: #1002626 #1010457 Cross-References: CVE-2016-1246 CVE-2016-1249 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for perl-DBD-mysql fixes the following issues: - CVE-2016-1246: Buffer overflow allowed context-dependent attackers to cause a denial of service (crash) via vectors related to an error message (bsc#1002626). - CVE-2016-1249: Out-of-bounds read when using server-side prepared statement support (bsc#1010457). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-perl-DBD-mysql-12938=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perl-DBD-mysql-12938=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perl-DBD-mysql-12938=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): perl-DBD-mysql-4.008-9.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-DBD-mysql-4.008-9.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-DBD-mysql-debuginfo-4.008-9.1 perl-DBD-mysql-debugsource-4.008-9.1 References: https://www.suse.com/security/cve/CVE-2016-1246.html https://www.suse.com/security/cve/CVE-2016-1249.html https://bugzilla.suse.com/1002626 https://bugzilla.suse.com/1010457 From sle-updates at lists.suse.com Fri Jan 13 06:09:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jan 2017 14:09:54 +0100 (CET) Subject: SUSE-SU-2017:0123-1: moderate: Security update for perl-DBD-mysql Message-ID: <20170113130954.909E0F7CB@maintenance.suse.de> SUSE Security Update: Security update for perl-DBD-mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0123-1 Rating: moderate References: #1002626 #1010457 #1012546 Cross-References: CVE-2016-1246 CVE-2016-1249 CVE-2016-1251 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for perl-DBD-mysql fixes the following issues: - CVE-2016-1251: A use-after-free when used with mysql_server_prepare=1 (bsc#1012546). - CVE-2016-1246: Buffer overflow allowed context-dependent attackers to cause a denial of service (crash) via vectors related to an error message (bsc#1002626). - CVE-2016-1249: Out-of-bounds read when using server-side prepared statement support (bsc#1010457). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-65=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-65=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-65=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): perl-DBD-mysql-4.021-11.1 perl-DBD-mysql-debuginfo-4.021-11.1 perl-DBD-mysql-debugsource-4.021-11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): perl-DBD-mysql-4.021-11.1 perl-DBD-mysql-debuginfo-4.021-11.1 perl-DBD-mysql-debugsource-4.021-11.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): perl-DBD-mysql-4.021-11.1 perl-DBD-mysql-debuginfo-4.021-11.1 perl-DBD-mysql-debugsource-4.021-11.1 References: https://www.suse.com/security/cve/CVE-2016-1246.html https://www.suse.com/security/cve/CVE-2016-1249.html https://www.suse.com/security/cve/CVE-2016-1251.html https://bugzilla.suse.com/1002626 https://bugzilla.suse.com/1010457 https://bugzilla.suse.com/1012546 From sle-updates at lists.suse.com Fri Jan 13 12:09:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jan 2017 20:09:39 +0100 (CET) Subject: SUSE-RU-2017:0126-1: Recommended update for bash-completion Message-ID: <20170113190939.94A2AF7BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash-completion ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0126-1 Rating: low References: #1012212 #995045 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for bash-completion fixes the following issues: - Allow mixed long and short tar(1) options. (bsc#1012212) - Only remove completion for umount/mount for older SUSE versions. (bsc#995045) - Disable html documentation by default to avoid build loops. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-70=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-70=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-70=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): bash-completion-2.1-12.13.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): bash-completion-2.1-12.13.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): bash-completion-2.1-12.13.1 References: https://bugzilla.suse.com/1012212 https://bugzilla.suse.com/995045 From sle-updates at lists.suse.com Fri Jan 13 12:10:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jan 2017 20:10:25 +0100 (CET) Subject: SUSE-SU-2017:0127-1: important: Security update for qemu Message-ID: <20170113191025.156F0FF0F@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0127-1 Rating: important References: #1007454 #1008519 #1009109 #1013285 #1013341 #1013764 #1013767 #1014109 #1014110 #1014111 #1014112 #1014256 #1014514 #1016779 #937125 Cross-References: CVE-2016-9102 CVE-2016-9103 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has two fixes is now available. Description: qemu was updated to fix several issues. These security issues were fixed: - CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number (bsc#1014256). - CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values writing to them (bsc#1007454). - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285). - CVE-2016-9845: The Virtio GPU Device emulator support as vulnerable to an information leakage issue while processing the 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could have used this flaw to leak contents of the host memory (bsc#1013767). - CVE-2016-9846: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while updating the cursor data in update_cursor_data_virgl. A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host (bsc#1013764). - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109). - CVE-2016-9908: The Virtio GPU Device emulator support was vulnerable to an information leakage issue while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could have used this flaw to leak contents of the host memory (bsc#1014514). - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111). - CVE-2016-9912: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host (bsc#1014112). - CVE-2016-9913: VirtFS was vulnerable to memory leakage issue via its '9p-handle' or '9p-proxy' backend drivers. A privileged user inside guest could have used this flaw to leak host memory, thus affecting other services on the host and/or potentially crash the Qemu process on the host (bsc#1014110). These non-security issues were fixed: - Fixed uint64 property parsing and add regression tests (bsc#937125) - Added a man page for kvm_stat - Fix crash in vte (bsc#1008519) - Various upstream commits targeted towards stable releases (bsc#1013341) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-68=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-68=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-68=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): qemu-2.6.2-39.1 qemu-arm-2.6.2-39.1 qemu-arm-debuginfo-2.6.2-39.1 qemu-block-curl-2.6.2-39.1 qemu-block-curl-debuginfo-2.6.2-39.1 qemu-block-rbd-2.6.2-39.1 qemu-block-rbd-debuginfo-2.6.2-39.1 qemu-block-ssh-2.6.2-39.1 qemu-block-ssh-debuginfo-2.6.2-39.1 qemu-debugsource-2.6.2-39.1 qemu-guest-agent-2.6.2-39.1 qemu-guest-agent-debuginfo-2.6.2-39.1 qemu-lang-2.6.2-39.1 qemu-tools-2.6.2-39.1 qemu-tools-debuginfo-2.6.2-39.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): qemu-ipxe-1.0.0-39.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): qemu-2.6.2-39.1 qemu-block-curl-2.6.2-39.1 qemu-block-curl-debuginfo-2.6.2-39.1 qemu-block-ssh-2.6.2-39.1 qemu-block-ssh-debuginfo-2.6.2-39.1 qemu-debugsource-2.6.2-39.1 qemu-guest-agent-2.6.2-39.1 qemu-guest-agent-debuginfo-2.6.2-39.1 qemu-lang-2.6.2-39.1 qemu-tools-2.6.2-39.1 qemu-tools-debuginfo-2.6.2-39.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): qemu-block-rbd-2.6.2-39.1 qemu-block-rbd-debuginfo-2.6.2-39.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): qemu-ppc-2.6.2-39.1 qemu-ppc-debuginfo-2.6.2-39.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64): qemu-arm-2.6.2-39.1 qemu-arm-debuginfo-2.6.2-39.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): qemu-kvm-2.6.2-39.1 qemu-x86-2.6.2-39.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): qemu-ipxe-1.0.0-39.1 qemu-seabios-1.9.1-39.1 qemu-sgabios-8-39.1 qemu-vgabios-1.9.1-39.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): qemu-ipxe-1.0.0-39.1 qemu-seabios-1.9.1-39.1 qemu-sgabios-8-39.1 qemu-vgabios-1.9.1-39.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): qemu-2.6.2-39.1 qemu-block-curl-2.6.2-39.1 qemu-block-curl-debuginfo-2.6.2-39.1 qemu-debugsource-2.6.2-39.1 qemu-kvm-2.6.2-39.1 qemu-tools-2.6.2-39.1 qemu-tools-debuginfo-2.6.2-39.1 qemu-x86-2.6.2-39.1 References: https://www.suse.com/security/cve/CVE-2016-9102.html https://www.suse.com/security/cve/CVE-2016-9103.html https://www.suse.com/security/cve/CVE-2016-9381.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9845.html https://www.suse.com/security/cve/CVE-2016-9846.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9908.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9912.html https://www.suse.com/security/cve/CVE-2016-9913.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://bugzilla.suse.com/1007454 https://bugzilla.suse.com/1008519 https://bugzilla.suse.com/1009109 https://bugzilla.suse.com/1013285 https://bugzilla.suse.com/1013341 https://bugzilla.suse.com/1013764 https://bugzilla.suse.com/1013767 https://bugzilla.suse.com/1014109 https://bugzilla.suse.com/1014110 https://bugzilla.suse.com/1014111 https://bugzilla.suse.com/1014112 https://bugzilla.suse.com/1014256 https://bugzilla.suse.com/1014514 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/937125 From sle-updates at lists.suse.com Fri Jan 13 12:13:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jan 2017 20:13:34 +0100 (CET) Subject: SUSE-SU-2017:0128-1: moderate: Security update for squid Message-ID: <20170113191334.6E218FF0F@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0128-1 Rating: moderate References: #1016168 #1016169 #949942 Cross-References: CVE-2014-9749 CVE-2016-10002 CVE-2016-10003 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2016-10003: Prevent incorrect forwarding of cached private responses when Collapsed Forwarding feature is enabled. This allowed remote attacker (proxy user) to discover private and sensitive information about another user (bsc#1016169). - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168). - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-67=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-67=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): squid-3.5.21-25.1 squid-debuginfo-3.5.21-25.1 squid-debugsource-3.5.21-25.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): squid-3.5.21-25.1 squid-debuginfo-3.5.21-25.1 squid-debugsource-3.5.21-25.1 References: https://www.suse.com/security/cve/CVE-2014-9749.html https://www.suse.com/security/cve/CVE-2016-10002.html https://www.suse.com/security/cve/CVE-2016-10003.html https://bugzilla.suse.com/1016168 https://bugzilla.suse.com/1016169 https://bugzilla.suse.com/949942 From sle-updates at lists.suse.com Fri Jan 13 12:14:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jan 2017 20:14:33 +0100 (CET) Subject: SUSE-RU-2017:0129-1: Recommended update for bash-completion Message-ID: <20170113191433.4EAF5FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash-completion ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0129-1 Rating: low References: #1012212 #995045 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for bash-completion fixes the following issues: - Allow mixed long and short tar(1) options. (bsc#1012212) - Only remove completion for umount/mount for older SUSE versions. (bsc#995045) - Disable html documentation by default to avoid build loops. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-71=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-71=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): bash-completion-2.1-10.16.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): bash-completion-2.1-10.16.1 References: https://bugzilla.suse.com/1012212 https://bugzilla.suse.com/995045 From sle-updates at lists.suse.com Fri Jan 13 12:15:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Jan 2017 20:15:22 +0100 (CET) Subject: SUSE-RU-2017:0130-1: Recommended update for gdk-pixbuf Message-ID: <20170113191522.75C55FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdk-pixbuf ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0130-1 Rating: low References: #1010497 #929462 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gdk-pixbuf provides the following fixes: - Fix RGBA conversion for big endian X11 environments. (bsc#929462, bsc#1010497) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-69=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-69=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-69=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-69=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.34.0-18.1 gdk-pixbuf-devel-2.34.0-18.1 gdk-pixbuf-devel-debuginfo-2.34.0-18.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gdk-pixbuf-debugsource-2.34.0-18.1 gdk-pixbuf-query-loaders-2.34.0-18.1 gdk-pixbuf-query-loaders-debuginfo-2.34.0-18.1 libgdk_pixbuf-2_0-0-2.34.0-18.1 libgdk_pixbuf-2_0-0-debuginfo-2.34.0-18.1 typelib-1_0-GdkPixbuf-2_0-2.34.0-18.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gdk-pixbuf-lang-2.34.0-18.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gdk-pixbuf-debugsource-2.34.0-18.1 gdk-pixbuf-query-loaders-2.34.0-18.1 gdk-pixbuf-query-loaders-debuginfo-2.34.0-18.1 libgdk_pixbuf-2_0-0-2.34.0-18.1 libgdk_pixbuf-2_0-0-debuginfo-2.34.0-18.1 typelib-1_0-GdkPixbuf-2_0-2.34.0-18.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): gdk-pixbuf-query-loaders-32bit-2.34.0-18.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-18.1 libgdk_pixbuf-2_0-0-32bit-2.34.0-18.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-18.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): gdk-pixbuf-lang-2.34.0-18.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gdk-pixbuf-lang-2.34.0-18.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gdk-pixbuf-debugsource-2.34.0-18.1 gdk-pixbuf-query-loaders-2.34.0-18.1 gdk-pixbuf-query-loaders-32bit-2.34.0-18.1 gdk-pixbuf-query-loaders-debuginfo-2.34.0-18.1 gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-18.1 libgdk_pixbuf-2_0-0-2.34.0-18.1 libgdk_pixbuf-2_0-0-32bit-2.34.0-18.1 libgdk_pixbuf-2_0-0-debuginfo-2.34.0-18.1 libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-18.1 typelib-1_0-GdkPixbuf-2_0-2.34.0-18.1 References: https://bugzilla.suse.com/1010497 https://bugzilla.suse.com/929462 From sle-updates at lists.suse.com Mon Jan 16 07:08:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Jan 2017 15:08:47 +0100 (CET) Subject: SUSE-RU-2017:0138-1: moderate: Recommended update for gnome-shell, gnome-shell-extensions Message-ID: <20170116140847.1D727F7BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell, gnome-shell-extensions ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0138-1 Rating: moderate References: #1007468 #1008539 #993341 #999592 #999655 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for gnome-shell and gnome-shell-extensions fixes the following issues: - If the "Activities Overview" is active and "Applications List" is started, the former was not being closed, incorrectly overlaying the latter. (bsc#1008539) - The SUSE logo was not being displayed in the lock screen. (bsc#1007468) - A problem when unpacking settings of the SLE Classic theme. (bsc#993341) - Use DBUS to get the system hostname. (bsc#999592) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-73=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-73=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-73=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-73=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-73=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gnome-shell-calendar-3.20.4-76.3 gnome-shell-calendar-debuginfo-3.20.4-76.3 gnome-shell-debuginfo-3.20.4-76.3 gnome-shell-debugsource-3.20.4-76.3 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-shell-debuginfo-3.20.4-76.3 gnome-shell-debugsource-3.20.4-76.3 gnome-shell-devel-3.20.4-76.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnome-shell-3.20.4-76.3 gnome-shell-browser-plugin-3.20.4-76.3 gnome-shell-browser-plugin-debuginfo-3.20.4-76.3 gnome-shell-debuginfo-3.20.4-76.3 gnome-shell-debugsource-3.20.4-76.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gnome-shell-classic-3.20.1-24.19.45 gnome-shell-extensions-common-3.20.1-24.19.45 gnome-shell-extensions-common-lang-3.20.1-24.19.45 gnome-shell-lang-3.20.4-76.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gnome-shell-3.20.4-76.3 gnome-shell-browser-plugin-3.20.4-76.3 gnome-shell-browser-plugin-debuginfo-3.20.4-76.3 gnome-shell-debuginfo-3.20.4-76.3 gnome-shell-debugsource-3.20.4-76.3 - SUSE Linux Enterprise Server 12-SP2 (noarch): gnome-shell-classic-3.20.1-24.19.45 gnome-shell-extensions-common-3.20.1-24.19.45 gnome-shell-extensions-common-lang-3.20.1-24.19.45 gnome-shell-lang-3.20.4-76.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-shell-3.20.4-76.3 gnome-shell-browser-plugin-3.20.4-76.3 gnome-shell-browser-plugin-debuginfo-3.20.4-76.3 gnome-shell-calendar-3.20.4-76.3 gnome-shell-calendar-debuginfo-3.20.4-76.3 gnome-shell-debuginfo-3.20.4-76.3 gnome-shell-debugsource-3.20.4-76.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gnome-shell-classic-3.20.1-24.19.45 gnome-shell-extensions-common-3.20.1-24.19.45 gnome-shell-extensions-common-lang-3.20.1-24.19.45 gnome-shell-lang-3.20.4-76.3 References: https://bugzilla.suse.com/1007468 https://bugzilla.suse.com/1008539 https://bugzilla.suse.com/993341 https://bugzilla.suse.com/999592 https://bugzilla.suse.com/999655 From sle-updates at lists.suse.com Mon Jan 16 11:11:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Jan 2017 19:11:58 +0100 (CET) Subject: SUSE-RU-2017:0142-1: Recommended update for python-ec2uploadimg Message-ID: <20170116181158.79710FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ec2uploadimg ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0142-1 Rating: low References: #1007793 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-ec2uploadimg to version 3.0.1 fixes the following issue: - ec2uploadimg did not transfer the device mapping properties from the donor image (bsc#1007793). It also adds the following feature: - Support new command line argument --instance-id to designate a running instance as the helper instance. Brings incompatible change of the uploader c-tor Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-74=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-ec2uploadimg-3.0.1-27.1 References: https://bugzilla.suse.com/1007793 From sle-updates at lists.suse.com Mon Jan 16 11:27:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Jan 2017 19:27:21 +0100 (CET) Subject: SUSE-SU-2017:0164-1: moderate: Security update for libxml2 Message-ID: <20170116182721.126D1FF0F@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0164-1 Rating: moderate References: #1010675 #1014873 Cross-References: CVE-2016-9318 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libxml2 fixes the following issues: * CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675). * Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-libxml2-12940=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-libxml2-12940=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-12940=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-devel-2.7.6-0.64.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libxml2-devel-32bit-2.7.6-0.64.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-2.7.6-0.64.1 libxml2-doc-2.7.6-0.64.1 libxml2-python-2.7.6-0.64.4 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.64.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libxml2-x86-2.7.6-0.64.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.64.1 libxml2-debugsource-2.7.6-0.64.1 libxml2-python-debuginfo-2.7.6-0.64.4 libxml2-python-debugsource-2.7.6-0.64.4 References: https://www.suse.com/security/cve/CVE-2016-9318.html https://bugzilla.suse.com/1010675 https://bugzilla.suse.com/1014873 From sle-updates at lists.suse.com Mon Jan 16 12:09:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Jan 2017 20:09:02 +0100 (CET) Subject: SUSE-RU-2017:0165-1: Recommended update for yast2-installation Message-ID: <20170116190902.70277F7BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0165-1 Rating: low References: #1013976 #988377 #999895 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-installation provides the following fixes: - Do not crash when the proposal screen is configured through an AutoYaST profile and tabs are not being used. (bsc#1013976) - AutoYaST upgrade: Respect user-defined timeouts for errors, messages and pop-ups in general. (bsc#999895) - Fix missing icon next to SSH Key Import in AutoYaST. (bsc#988377) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-76=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-76=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-76=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): yast2-installation-3.1.218-45.4 - SUSE Linux Enterprise Server 12-SP2 (noarch): yast2-installation-3.1.218-45.4 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): yast2-installation-3.1.218-45.4 References: https://bugzilla.suse.com/1013976 https://bugzilla.suse.com/988377 https://bugzilla.suse.com/999895 From sle-updates at lists.suse.com Tue Jan 17 05:08:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 13:08:50 +0100 (CET) Subject: SUSE-RU-2017:0169-1: moderate: Recommended update for Salt Message-ID: <20170117120850.99CE3F7BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0169-1 Rating: moderate References: #1008933 #1012398 #1016475 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.0 SUSE Manager Proxy 3.0 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for Salt fixes one security issue and several non-security issues. The following security issue has been fixed: - Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639) The following non-security issues have been fixed: - Update to 2015.8.12 - Add pre-require to salt for minions. - Do not restart salt-minion in salt package. - Add try-restart to sys-v init scripts. - Add "Restart=on-failure" for salt-minion systemd service. - Various fixes for signal handling. - Successfully exit of salt-api child processes when SIGTERM is received. - Re-introduce "KillMode=process" for salt-minion systemd service. - Fix changing default-timezone. (bsc#1008933) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-77=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-77=1 - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-77=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2017-77=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-77=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): salt-2015.8.12-27.5 salt-doc-2015.8.12-27.5 salt-minion-2015.8.12-27.5 - SUSE Manager Server 3.0 (noarch): salt-bash-completion-2015.8.12-27.5 salt-zsh-completion-2015.8.12-27.5 - SUSE Manager Server 3.0 (x86_64): salt-2015.8.12-27.5 salt-api-2015.8.12-27.5 salt-doc-2015.8.12-27.5 salt-master-2015.8.12-27.5 salt-minion-2015.8.12-27.5 salt-proxy-2015.8.12-27.5 salt-ssh-2015.8.12-27.5 salt-syndic-2015.8.12-27.5 - SUSE Manager Proxy 3.0 (noarch): salt-bash-completion-2015.8.12-27.5 salt-zsh-completion-2015.8.12-27.5 - SUSE Manager Proxy 3.0 (x86_64): salt-2015.8.12-27.5 salt-api-2015.8.12-27.5 salt-doc-2015.8.12-27.5 salt-master-2015.8.12-27.5 salt-minion-2015.8.12-27.5 salt-proxy-2015.8.12-27.5 salt-ssh-2015.8.12-27.5 salt-syndic-2015.8.12-27.5 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): salt-2015.8.12-27.5 salt-minion-2015.8.12-27.5 - SUSE Enterprise Storage 3 (aarch64 x86_64): salt-2015.8.12-27.5 salt-master-2015.8.12-27.5 salt-minion-2015.8.12-27.5 References: https://www.suse.com/security/cve/CVE-2016-9639.html https://bugzilla.suse.com/1008933 https://bugzilla.suse.com/1012398 https://bugzilla.suse.com/1016475 From sle-updates at lists.suse.com Tue Jan 17 05:09:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 13:09:40 +0100 (CET) Subject: SUSE-RU-2017:0170-1: moderate: Recommended update for deepsea Message-ID: <20170117120940.6D353FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0170-1 Rating: moderate References: #1018874 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for deepsea fixes the following issues: - Renamed "name" parameter to stay compatible with salt 2015.8.12. (bsc#1018874) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-78=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (noarch): deepsea-0.6.11-3.1 References: https://bugzilla.suse.com/1018874 From sle-updates at lists.suse.com Tue Jan 17 05:10:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 13:10:06 +0100 (CET) Subject: SUSE-RU-2017:0171-1: moderate: Recommended update for salt Message-ID: <20170117121006.74EB9FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0171-1 Rating: moderate References: #1003449 #1004047 #1004260 #1004723 #1008933 #1012398 #986019 #999852 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has 7 fixes is now available. Description: This update for Salt fixes one security issue and several non-security issues. The following security issue has been fixed: - Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639) The following non-security issues have been fixed: - Update to 2015.8.12 - Add pre-require to salt for minions. - Do not restart salt-minion in salt package. - Add try-restart to sys-v init scripts. - Add "Restart=on-failure" for salt-minion systemd service. - Re-introduce "KillMode=process" for salt-minion systemd service. - Successfully exit of salt-api child processes when SIGTERM is received. - Fix exit codes of sysv init script. (bsc#999852) - Include resolution parameters in the Zypper debug-solver call during a dry-run dist-upgrade. - Fix Salt API crash via salt-ssh on empty roster. (bsc#1004723) - Add 'dist-upgrade' support to zypper module. (fate#320559) - Fix position of -X option to setfacl. (bsc#1004260) - Fix generated shebang in scripts on SLES-ES 7. (bsc#1004047) - Fix changing default-timezone. (bsc#1008933) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-77=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): salt-2015.8.12-27.5 salt-master-2015.8.12-27.5 salt-minion-2015.8.12-27.5 References: https://www.suse.com/security/cve/CVE-2016-9639.html https://bugzilla.suse.com/1003449 https://bugzilla.suse.com/1004047 https://bugzilla.suse.com/1004260 https://bugzilla.suse.com/1004723 https://bugzilla.suse.com/1008933 https://bugzilla.suse.com/1012398 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/999852 From sle-updates at lists.suse.com Tue Jan 17 05:12:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 13:12:02 +0100 (CET) Subject: SUSE-RU-2017:0172-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20170117121202.E74BCFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0172-1 Rating: moderate References: #1009435 #1009677 #1013002 #967818 #980752 #988889 #995764 #996609 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Using "chain.c32" instead of "LOCALBOOT -1" for the local boot entry in pxe menu. (bsc#988889) osad: - Fix logfile option for osa-dispatcher (bsc#980752) spacewalk-backend: - Handle non-unique machine_id after migrate from 2.1. (bsc#1013002) - Refer to scc.suse.com instead of bugzilla.novell.com in case of problem. (bsc#967818) - Fix selection of primary interface. (bsc#1009677) - Add link from satellite-sync to mgr-inter-sync man page. (bsc#1009435) - Reposync - assign orphaned vendor packages to the default org. (bsc#995764) - Add missing reference for bsc#996609. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-82=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Tools 12 (noarch): koan-2.6.6-42.1 osa-common-5.11.64.3-27.1 osad-5.11.64.3-27.1 spacewalk-backend-libs-2.5.24.7-43.1 References: https://bugzilla.suse.com/1009435 https://bugzilla.suse.com/1009677 https://bugzilla.suse.com/1013002 https://bugzilla.suse.com/967818 https://bugzilla.suse.com/980752 https://bugzilla.suse.com/988889 https://bugzilla.suse.com/995764 https://bugzilla.suse.com/996609 From sle-updates at lists.suse.com Tue Jan 17 05:14:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 13:14:04 +0100 (CET) Subject: SUSE-RU-2017:0173-1: moderate: Recommended update for SUSE Manager Proxy 3.0 Message-ID: <20170117121404.CF256FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0173-1 Rating: moderate References: #1005924 #1007261 #1008221 #1009004 #1009435 #1009677 #1009749 #1010674 #1011344 #1012613 #1012761 #1013002 #1014281 #1015122 #967818 #970460 #980752 #989905 #995764 #996609 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update includes the following new features: - Implement fetching kernel live version as module. (fate#319519) This update fixes the following issues: osad: - Fix logfile option for osa-dispatcher. (bsc#980752) spacewalk-backend: - Handle non-unique machine_id after migrate from 2.1. (bsc#1013002) - Refer to scc.suse.com instead of bugzilla.novell.com in case of problem. (bsc#967818) - Fix selection of primary interface. (bsc#1009677) - Add link from satellite-sync to mgr-inter-sync man page. (bsc#1009435) - Reposync: Assign orphaned vendor packages to the default org. (bsc#995764) - Add missing reference for bsc#996609. spacewalk-certs-tools: - Allow passing multiple GPG keys to mgr-bootstrap. (bsc#989905) spacewalk-proxy: - Add keepalive settings for ZeroMQ connections from broker to master. (bsc#1012613) - Revert "provide /usr/share/spacewalk in proxy". (bsc#1008221) spacewalk-web: - Small adjustments on bootstrap page. (bsc#1012761) - Bootstrapping: SSH push for salt system feature preview. - Fix plus/minus buttons in action chain list. (bsc#1011344) - Fix message consistency attempting bootstrapping a minion. (bsc#1005924) - Only show minions with sids available as links. (bsc#1007261, bsc#970460) supportutils-plugin-susemanager-client: - Include correct configuration file in the supportconfig. susemanager-sls: - Add tunneling to salt-ssh support. - Provide SUMA static pillar data for unregistered minions. (bsc#1015122) - Implement fetching kernel live version as module. (fate#319519) - Removing '/usr/share/susemanager/pillar' path, - Retrieving SUMA static pillar data from ext_pillar. (bsc#1010674) - Prevent salt-master ERROR messages if formulas files are missing. (bsc#1009004) - Fallback to major os release version for cert names. (bsc#1009749) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-84=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.0 (noarch): osa-common-5.11.64.3-3.1 osad-5.11.64.3-3.1 spacewalk-backend-2.5.24.7-14.1 spacewalk-backend-libs-2.5.24.7-14.1 spacewalk-base-minimal-2.5.7.12-15.1 spacewalk-base-minimal-config-2.5.7.12-15.1 spacewalk-certs-tools-2.5.1.7-14.1 spacewalk-proxy-broker-2.5.1.5-9.1 spacewalk-proxy-common-2.5.1.5-9.1 spacewalk-proxy-management-2.5.1.5-9.1 spacewalk-proxy-package-manager-2.5.1.5-9.1 spacewalk-proxy-redirect-2.5.1.5-9.1 spacewalk-proxy-salt-2.5.1.5-9.1 supportutils-plugin-susemanager-client-3.0.5-3.1 susemanager-sls-0.1.18-17.1 References: https://bugzilla.suse.com/1005924 https://bugzilla.suse.com/1007261 https://bugzilla.suse.com/1008221 https://bugzilla.suse.com/1009004 https://bugzilla.suse.com/1009435 https://bugzilla.suse.com/1009677 https://bugzilla.suse.com/1009749 https://bugzilla.suse.com/1010674 https://bugzilla.suse.com/1011344 https://bugzilla.suse.com/1012613 https://bugzilla.suse.com/1012761 https://bugzilla.suse.com/1013002 https://bugzilla.suse.com/1014281 https://bugzilla.suse.com/1015122 https://bugzilla.suse.com/967818 https://bugzilla.suse.com/970460 https://bugzilla.suse.com/980752 https://bugzilla.suse.com/989905 https://bugzilla.suse.com/995764 https://bugzilla.suse.com/996609 From sle-updates at lists.suse.com Tue Jan 17 05:18:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 13:18:37 +0100 (CET) Subject: SUSE-RU-2017:0174-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20170117121837.A5437FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0174-1 Rating: moderate References: #1008933 #1009435 #1009677 #1012398 #1013002 #967818 #980752 #995764 #996609 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: This update fixes the following issues: osad: - Fix logfile option for osa-dispatcher. (bsc#980752) salt: - Update to 2015.8.12 - Add pre-require to salt for minions. - Do not restart salt-minion in salt package. - Add try-restart to sys-v init scripts. - Add "Restart=on-failure" for salt-minion systemd service. - Various fixes for signal handling. - Successfully exit of salt-api child processes when SIGTERM is received. - Re-introduce "KillMode=process" for salt-minion systemd service. - Fix setting default timezone. (bsc#1008933) - Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639) spacewalk-backend: - Handle non-unique machine_id after migrate from 2.1. (bsc#1013002) - Refer to scc.suse.com instead of bugzilla.novell.com in case of problem. (bsc#967818) - Fix selection of primary interface. (bsc#1009677) - Add link from satellite-sync to mgr-inter-sync man page. (bsc#1009435) - Reposync: Assign orphaned vendor packages to the default org. (bsc#995764) - Add missing reference for bsc#996609 supportutils-plugin-susemanager-client: - Include correct configuration file in the supportconfig. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201612-12942=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201612-12942=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2015.8.12-27.1 salt-doc-2015.8.12-27.1 salt-minion-2015.8.12-27.1 spacewalk-backend-libs-2.5.24.7-16.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): osa-common-5.11.64.3-5.1 osad-5.11.64.3-5.1 supportutils-plugin-susemanager-client-3.0.5-5.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2015.8.12-27.1 salt-doc-2015.8.12-27.1 salt-minion-2015.8.12-27.1 spacewalk-backend-libs-2.5.24.7-16.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): osa-common-5.11.64.3-5.1 osad-5.11.64.3-5.1 supportutils-plugin-susemanager-client-3.0.5-5.1 References: https://www.suse.com/security/cve/CVE-2016-9639.html https://bugzilla.suse.com/1008933 https://bugzilla.suse.com/1009435 https://bugzilla.suse.com/1009677 https://bugzilla.suse.com/1012398 https://bugzilla.suse.com/1013002 https://bugzilla.suse.com/967818 https://bugzilla.suse.com/980752 https://bugzilla.suse.com/995764 https://bugzilla.suse.com/996609 From sle-updates at lists.suse.com Tue Jan 17 05:20:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 13:20:36 +0100 (CET) Subject: SUSE-RU-2017:0175-1: moderate: Recommended update for SUSE Manager Server 3.0 Message-ID: <20170117122036.0E5FDFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0175-1 Rating: moderate References: #988889 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: cobbler: - Using "chain.c32" instead of "LOCALBOOT -1" for the local boot entry in pxe menu. (bsc#988889) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-82=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (noarch): cobbler-2.6.6-42.1 References: https://bugzilla.suse.com/988889 From sle-updates at lists.suse.com Tue Jan 17 05:21:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 13:21:04 +0100 (CET) Subject: SUSE-RU-2017:0176-1: moderate: Recommended update for SUSE Manager Server 3.0 Message-ID: <20170117122104.89CBDFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0176-1 Rating: moderate References: #1005008 #1005924 #1005927 #1006119 #1006556 #1007261 #1007490 #1008480 #1008759 #1009004 #1009006 #1009102 #1009435 #1009677 #1009749 #1009982 #1010049 #1010543 #1010664 #1010674 #1011317 #1011344 #1011817 #1012761 #1012789 #1013002 #1013551 #1013945 #1014281 #1015055 #1015122 #1015967 #868132 #959573 #963545 #966888 #967818 #967880 #967881 #968935 #969564 #970460 #972492 #973226 #979053 #979623 #980752 #984447 #984450 #987579 #989703 #989905 #995764 #996609 #998696 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has 55 recommended fixes can now be installed. Description: This update includes the following new features: - Add Live Patching support and show kernel live patching info in 'system details overview'. (fate#319519) - Salt should support ssh-push. (fate#320782) This update fixes the following issues: osad: - Fix logfile option for osa-dispatcher. (bsc#980752) spacewalk-backend: - Handle non-unique machine_id after migrate from 2.1. (bsc#1013002) - Refer to scc.suse.com instead of bugzilla.novell.com in case of problem. (bsc#967818) - Fix selection of primary interface. (bsc#1009677) - Add link from satellite-sync to mgr-inter-sync man page. (bsc#1009435) - Reposync: Assign orphaned vendor packages to the default org. (bsc#995764) - Add missing reference for bsc#996609. spacewalk-branding: - Show kernel live patching info in 'system details overview'. (fate#319519) - Differentiate writable/non-writable fields. (bsc#868132) - Fix checkbox icon align. (bsc#966888) - Use different symbols for collapsible sidebar items. (bsc#967880) - Use a brighter background color for legends in asides. (bsc#967881) - Update copyright year to 2016. (bsc#1010543) spacewalk-certs-tools: - Allow passing multiple GPG keys to mgr-bootstrap. (bsc#989905) spacewalk-java: - Add support for live patching. - Initial support for executing actions in taskomatic. - Hide kernel patches in CVE Audit results when live patching is used. (fate#319519) - Show kernel live patching info in 'system details overview'. (fate#319519) - Escape act key names in bootstrap UI. (bsc#1015967) - Add tunneling to salt-ssh support. - Fix server checks to allow minions to perform a distribution upgrade. (bsc#1013945) - Change default sort to ascending for pending actions list. - Add reboot/restart type icon to relevant patch column in upgradable package lists. - Add system.getKernelLivePatch API method. - Update kernel version and other system info during package refresh. (bsc#1013551) - Fix ISE when sorting system notes list. (bsc#979053) - Fix checkbox icon align. (bsc#966888) - Fix fromdir for 3rd party server. (bsc#998696) - Display warning when JavaScript is disabled on all pages. (bsc#987579) - Rename SSM page titles for consistency. (bsc#979623) - Hide action chain schedule for salt systems also in SSM. (bsc#1005008) - Send ActionScheduled message for all saved actions. (bsc#1005008) - Fix plus/minus buttons in action chain list. (bsc#1011344) - Fix misleading message on system reboot schedule in SSM. (bsc#1011817) - Utilize HostPortValidator to validate bootstrap host. (bsc#1011317) - Increment 'earliest' date by a millisecond between chain actions. (bsc#973226) - Use human-parseable dates for server notes. (bsc#969564) - Respect order of validation constraints in XSD files. (bsc#959573) - Remove useless self-link on login page. (bsc#963545) - Use different symbols for collapsible sidebar items. (bsc#967880) - Fix SSM reboot action success messages. (bsc#968935) - Allow sorting on advisory name in errata lists. (bsc#989703) - Update 'view/modify file' action buttons text. (bsc#1009102) - Handle salt ssh sdterr message. (bsc#1005927) - ScheduleDetail.jsp: Clarify button label. (bsc#1010664) - Prevent salt-master ERROR messages if formulas files are missing. (bsc#1009004) - Hide RHN disconnection option. (bsc#1010049) - Reword general configuration page text. (bsc#1009982) - Check and fix also the assigned repository while updating the channels. (bsc#1007490) - Match url including query parameter separator to have a definitive end of the path component. (bsc#1007490) - Only show minions with sids available as links. (bsc#1007261, bsc#970460) - Delete previous Salt key on register event. (bsc#1006119) - Repository progress: Decode another possible log info. (bsc#972492) - Add oes extensions to base products. (bsc#1008480) - Create "script.run" capability if it is not found. (bsc#1008759) - Avoid misleading expected check-in message. (bsc#1009006) spacewalk-setup: - Preventing stderr output from systemctl calls. (bsc#1015055) - Removing non-used '/srv/susemanager/pillar'. - Removing '/usr/share/susemanager/pillar' path. - Retrieving SUMA static pillar data from ext_pillar. (bsc#1010674) spacewalk-utils: - Use spacewalk 2.6 for openSUSE Leap 42.2. - Add channels for openSUSE Leap 42.2. spacewalk-web: - Small adjustments on bootstrap page. (bsc#1012761) - Bootstrapping: SSH push for salt system feature preview. - Fix plus/minus buttons in action chain list. (bsc#1011344) - Fix Message consistency attempting bootstrapping a minion. (bsc#1005924) - Only show minions with sids available as links. (bsc#1007261, bsc#970460) susemanager: - Preventing stderr output from systemctl calls. (bsc#1015055) susemanager-docs_en: - Live Patching support. (fate#319519) - Salt should support ssh-push. (fate#320782) - Over 100 documentation bugs and typos fixed. - Spacecmd documented in Advanced Topics book. susemanager-schema: - Schema upgrade for live patching. (fate#319519) susemanager-sls: - Rename 'master' pillar to 'mgr_server'. - Add tunneling to salt-ssh support. - Provide SUMA static pillar data for unregistered minions. (bsc#1015122) - Implement fetching kernel live version as module. (fate#319519) - Removing '/usr/share/susemanager/pillar' path. - Retrieving SUMA static pillar data from ext_pillar. (bsc#1010674) - Prevent salt-master ERROR messages if formulas files are missing. (bsc#1009004) - Fallback to major os release version for cert names. (bsc#1009749) susemanager-sync-data: - Add support for SUSE Enterprise Storage 4, SUSE OpenStack Cloud 7, SLE-RT 12 SP2 SLE-POS 12 SP2 and Raspberry Pi. (bsc#1012789, bsc#1006556, bsc#984450, bsc#984447) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-84=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): spacewalk-branding-2.5.2.13-15.1 susemanager-3.0.19-15.1 susemanager-tools-3.0.19-15.1 - SUSE Manager Server 3.0 (noarch): osa-common-5.11.64.3-3.1 osa-dispatcher-5.11.64.3-3.1 spacewalk-backend-2.5.24.7-14.1 spacewalk-backend-app-2.5.24.7-14.1 spacewalk-backend-applet-2.5.24.7-14.1 spacewalk-backend-config-files-2.5.24.7-14.1 spacewalk-backend-config-files-common-2.5.24.7-14.1 spacewalk-backend-config-files-tool-2.5.24.7-14.1 spacewalk-backend-iss-2.5.24.7-14.1 spacewalk-backend-iss-export-2.5.24.7-14.1 spacewalk-backend-libs-2.5.24.7-14.1 spacewalk-backend-package-push-server-2.5.24.7-14.1 spacewalk-backend-server-2.5.24.7-14.1 spacewalk-backend-sql-2.5.24.7-14.1 spacewalk-backend-sql-oracle-2.5.24.7-14.1 spacewalk-backend-sql-postgresql-2.5.24.7-14.1 spacewalk-backend-tools-2.5.24.7-14.1 spacewalk-backend-xml-export-libs-2.5.24.7-14.1 spacewalk-backend-xmlrpc-2.5.24.7-14.1 spacewalk-base-2.5.7.12-15.1 spacewalk-base-minimal-2.5.7.12-15.1 spacewalk-base-minimal-config-2.5.7.12-15.1 spacewalk-certs-tools-2.5.1.7-14.1 spacewalk-html-2.5.7.12-15.1 spacewalk-java-2.5.59.11-15.1 spacewalk-java-config-2.5.59.11-15.1 spacewalk-java-lib-2.5.59.11-15.1 spacewalk-java-oracle-2.5.59.11-15.1 spacewalk-java-postgresql-2.5.59.11-15.1 spacewalk-setup-2.5.3.11-12.1 spacewalk-taskomatic-2.5.59.11-15.1 spacewalk-utils-2.5.6.5-6.1 susemanager-advanced-topics_en-pdf-3-21.2 susemanager-best-practices_en-pdf-3-21.2 susemanager-docs_en-3-21.2 susemanager-getting-started_en-pdf-3-21.2 susemanager-jsp_en-3-21.2 susemanager-reference_en-pdf-3-21.2 susemanager-schema-3.0.17-15.1 susemanager-sls-0.1.18-17.1 susemanager-sync-data-3.0.13-15.1 References: https://bugzilla.suse.com/1005008 https://bugzilla.suse.com/1005924 https://bugzilla.suse.com/1005927 https://bugzilla.suse.com/1006119 https://bugzilla.suse.com/1006556 https://bugzilla.suse.com/1007261 https://bugzilla.suse.com/1007490 https://bugzilla.suse.com/1008480 https://bugzilla.suse.com/1008759 https://bugzilla.suse.com/1009004 https://bugzilla.suse.com/1009006 https://bugzilla.suse.com/1009102 https://bugzilla.suse.com/1009435 https://bugzilla.suse.com/1009677 https://bugzilla.suse.com/1009749 https://bugzilla.suse.com/1009982 https://bugzilla.suse.com/1010049 https://bugzilla.suse.com/1010543 https://bugzilla.suse.com/1010664 https://bugzilla.suse.com/1010674 https://bugzilla.suse.com/1011317 https://bugzilla.suse.com/1011344 https://bugzilla.suse.com/1011817 https://bugzilla.suse.com/1012761 https://bugzilla.suse.com/1012789 https://bugzilla.suse.com/1013002 https://bugzilla.suse.com/1013551 https://bugzilla.suse.com/1013945 https://bugzilla.suse.com/1014281 https://bugzilla.suse.com/1015055 https://bugzilla.suse.com/1015122 https://bugzilla.suse.com/1015967 https://bugzilla.suse.com/868132 https://bugzilla.suse.com/959573 https://bugzilla.suse.com/963545 https://bugzilla.suse.com/966888 https://bugzilla.suse.com/967818 https://bugzilla.suse.com/967880 https://bugzilla.suse.com/967881 https://bugzilla.suse.com/968935 https://bugzilla.suse.com/969564 https://bugzilla.suse.com/970460 https://bugzilla.suse.com/972492 https://bugzilla.suse.com/973226 https://bugzilla.suse.com/979053 https://bugzilla.suse.com/979623 https://bugzilla.suse.com/980752 https://bugzilla.suse.com/984447 https://bugzilla.suse.com/984450 https://bugzilla.suse.com/987579 https://bugzilla.suse.com/989703 https://bugzilla.suse.com/989905 https://bugzilla.suse.com/995764 https://bugzilla.suse.com/996609 https://bugzilla.suse.com/998696 From sle-updates at lists.suse.com Tue Jan 17 06:08:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 14:08:58 +0100 (CET) Subject: SUSE-RU-2017:0177-1: Recommended update for libqt5-qtdeclarative Message-ID: <20170117130858.2069CF7BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqt5-qtdeclarative ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0177-1 Rating: low References: #1016882 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libqt5-qtdeclarative fixes the following issue: - Wrong string comparison in V4 javascript engine (bsc#1016882) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-85=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-85=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-85=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-85=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libqt5-qtdeclarative-debugsource-5.6.1-11.1 libqt5-qtdeclarative-devel-5.6.1-11.1 libqt5-qtdeclarative-devel-debuginfo-5.6.1-11.1 libqt5-qtdeclarative-tools-5.6.1-11.1 libqt5-qtdeclarative-tools-debuginfo-5.6.1-11.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): libqt5-qtdeclarative-private-headers-devel-5.6.1-11.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libQtQuick5-5.6.1-11.1 libQtQuick5-debuginfo-5.6.1-11.1 libqt5-qtdeclarative-debugsource-5.6.1-11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libQtQuick5-5.6.1-11.1 libQtQuick5-debuginfo-5.6.1-11.1 libqt5-qtdeclarative-debugsource-5.6.1-11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libQtQuick5-5.6.1-11.1 libQtQuick5-debuginfo-5.6.1-11.1 libqt5-qtdeclarative-debugsource-5.6.1-11.1 References: https://bugzilla.suse.com/1016882 From sle-updates at lists.suse.com Tue Jan 17 07:08:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 15:08:44 +0100 (CET) Subject: SUSE-RU-2017:0179-1: Recommended update for dracut Message-ID: <20170117140844.1FABCF7BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0179-1 Rating: low References: #1007648 #915218 #995812 #998440 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for dracut provides the following fixes: - Set persistent policy to by-path on s390 platforms to prevent the system from hanging during boot when vDISKs are used as swap devices. (bsc#915218) - Correctly handle incomplete ibft bootflag settings. (bsc#1007648) - Do not pass ifname for bonding devices. (bsc#995812) - Always try to load the pinctrl-cherryview kernel module. (bsc#998440) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-86=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-86=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-86=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dracut-044-95.1 dracut-debuginfo-044-95.1 dracut-debugsource-044-95.1 dracut-fips-044-95.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dracut-044-95.1 dracut-debuginfo-044-95.1 dracut-debugsource-044-95.1 dracut-fips-044-95.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dracut-044-95.1 dracut-debuginfo-044-95.1 dracut-debugsource-044-95.1 References: https://bugzilla.suse.com/1007648 https://bugzilla.suse.com/915218 https://bugzilla.suse.com/995812 https://bugzilla.suse.com/998440 From sle-updates at lists.suse.com Tue Jan 17 11:11:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 19:11:44 +0100 (CET) Subject: SUSE-SU-2017:0181-1: important: Security update for the Linux Kernel Message-ID: <20170117181144.A2608FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0181-1 Rating: important References: #1000118 #1000189 #1000287 #1000304 #1000433 #1000776 #1001169 #1001171 #1001310 #1001462 #1001486 #1001888 #1002322 #1002770 #1002786 #1003068 #1003566 #1003581 #1003606 #1003813 #1003866 #1003964 #1004048 #1004052 #1004252 #1004365 #1004517 #1005169 #1005327 #1005545 #1005666 #1005745 #1005895 #1005917 #1005921 #1005923 #1005925 #1005929 #1006103 #1006175 #1006267 #1006528 #1006576 #1006804 #1006809 #1006827 #1006915 #1006918 #1007197 #1007615 #1007653 #1007955 #1008557 #1008979 #1009062 #1009969 #1010040 #1010158 #1010444 #1010478 #1010507 #1010665 #1010690 #1010970 #1011176 #1011250 #1011913 #1012060 #1012094 #1012452 #1012767 #1012829 #1012992 #1013001 #1013479 #1013531 #1013700 #1014120 #1014392 #1014701 #1014710 #1015212 #1015359 #1015367 #1015416 #799133 #914939 #922634 #963609 #963655 #963904 #964462 #966170 #966172 #966186 #966191 #966316 #966318 #966325 #966471 #969474 #969475 #969476 #969477 #969756 #971975 #971989 #972993 #974313 #974842 #974843 #978907 #979378 #979681 #981825 #983087 #983152 #983318 #985850 #986255 #986987 #987641 #987703 #987805 #988524 #988715 #990384 #992555 #993739 #993841 #993891 #994881 #995278 #997059 #997639 #997807 #998054 #998689 #999907 #999932 Cross-References: CVE-2015-1350 CVE-2015-8964 CVE-2016-7039 CVE-2016-7042 CVE-2016-7425 CVE-2016-7913 CVE-2016-7917 CVE-2016-8645 CVE-2016-8666 CVE-2016-9083 CVE-2016-9084 CVE-2016-9793 CVE-2016-9919 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 127 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1003964). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation was fixed, which allowed CAP_NET_ADMIN users to cause memory corruption. (bsc#1013531). - CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux kernel omits a certain check of the dst data structure, which allowed remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet (bnc#1014701). The following non-security bugs were fixed: - 8250_pci: Fix potential use-after-free in error path (bsc#1013001). - acpi / PAD: do not register acpi_pad driver if running as Xen dom0 (bnc#995278). - Add mainline tags to various hyperv patches - alsa: fm801: detect FM-only card earlier (bsc#1005917). - alsa: fm801: explicitly free IRQ line (bsc#1005917). - alsa: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1005917). - alsa: hda - Bind with i915 only when Intel graphics is present (bsc#1012767). - alsa: hda - Clear the leftover component assignment at snd_hdac_i915_exit() (bsc#1012767). - alsa: hda - Degrade i915 binding failure message (bsc#1012767). - alsa: hda - Fix yet another i915 pointer leftover in error path (bsc#1012767). - alsa: hda - Gate the mic jack on HP Z1 Gen3 AiO (bsc#1004365). - alsa: hda - Turn off loopback mixing as default (bsc#1001462). - apparmor: add missing id bounds check on dfa verification (bsc#1000304). - apparmor: check that xindex is in trans_table bounds (bsc#1000304). - apparmor: do not check for vmalloc_addr if kvzalloc() failed (bsc#1000304). - apparmor: do not expose kernel stack (bsc#1000304). - apparmor: ensure the target profile name is always audited (bsc#1000304). - apparmor: exec should not be returning ENOENT when it denies (bsc#1000304). - apparmor: fix audit full profile hname on successful load (bsc#1000304). - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287). - apparmor: fix disconnected bind mnts reconnection (bsc#1000304). - apparmor: fix log failures for all profiles in a set (bsc#1000304). - apparmor: fix module parameters can be changed after policy is locked (bsc#1000304). - apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304). - apparmor: fix put() parent ref after updating the active ref (bsc#1000304). - apparmor: fix refcount bug in profile replacement (bsc#1000304). - apparmor: fix refcount race when finding a child profile (bsc#1000304). - apparmor: fix replacement bug that adds new child to old parent (bsc#1000304). - apparmor: fix uninitialized lsm_audit member (bsc#1000304). - apparmor: fix update the mtime of the profile file on replacement (bsc#1000304). - apparmor: internal paths should be treated as disconnected (bsc#1000304). - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304). - arm64: Call numa_store_cpu_info() earlier. - arm64/efi: Enable runtime call flag checking (bsc#1005745). - arm64/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - arm64: Refuse to install 4k kernel on 64k system - arm64: Update config files. Disable CONFIG_IPMI_SI_PROBE_DEFAULTS (bsc#1006576) - arm: bcm2835: add CPU node for ARM core (boo#1012094). - arm: bcm2835: Split the DT for peripherals from the DT for the CPU (boo#1012094). - asoc: cht_bsw_rt5645: Enable jack detection (bsc#1010690). - asoc: cht_bsw_rt5645: Fix writing to string literal (bsc#1010690). - asoc: cht_bsw_rt5672: Use HID translation unit (bsc#1010690). - asoc: fsl_ssi: mark SACNT register volatile (bsc#1005917). - asoc: imx-spdif: Fix crash on suspend (bsc#1005917). - asoc: intel: add function stub when ACPI is not enabled (bsc#1010690). - asoc: Intel: add fw name to common dsp context (bsc#1010690). - asoc: Intel: Add missing 10EC5672 ACPI ID matching for Cherry Trail (bsc#1010690). - asoc: Intel: Add module tags for common match module (bsc#1010690). - asoc: Intel: add NULL test (bsc#1010690). - AsoC: Intel: Add quirks for MinnowBoard MAX (bsc#1010690). - asoc: Intel: Add surface3 entry in CHT-RT5645 machine (bsc#1010690). - asoc: Intel: Atom: add 24-bit support for media playback and capture (bsc#1010690). - ASoc: Intel: Atom: add deep buffer definitions for atom platforms (bsc#1010690). - asoc: Intel: Atom: add definitions for modem/SSP0 interface (bsc#1010690). - asoc: Intel: Atom: Add quirk for Surface 3 (bsc#1010690). - asoc: Intel: Atom: add support for CHT w/ RT5640 (bsc#1010690). - asoc: Intel: Atom: Add support for HP ElitePad 1000 G2 (bsc#1010690). - asoc: Intel: Atom: add support for RT5642 (bsc#1010690). - asoc: Intel: Atom: add terminate entry for dmi_system_id tables (bsc#1010690). - asoc: Intel: Atom: auto-detection of Baytrail-CR (bsc#1010690). - asoc: Intel: Atom: clean-up compressed DAI definition (bsc#1010690). - asoc: Intel: atom: enable configuration of SSP0 (bsc#1010690). - asoc: Intel: atom: fix 0-day warnings (bsc#1010690). - asoc: Intel: Atom: fix boot warning (bsc#1010690). - asoc: Intel: Atom: Fix message handling during drop stream (bsc#1010690). - asoc: Intel: atom: fix missing breaks that would cause the wrong operation to execute (bsc#1010690). - asoc: Intel: Atom: fix regression on compress DAI (bsc#1010690). - asoc: Intel: Atom: flip logic for gain Switch (bsc#1010690). - asoc: Intel: atom: Make some messages to debug level (bsc#1010690). - asoc: Intel: Atom: move atom driver to common acpi match (bsc#1010690). - asoc: Intel: atom: statify cht_quirk (bsc#1010690). - asoc: Intel: boards: add DEEP_BUFFER support for BYT/CHT/BSW (bsc#1010690). - asoc: Intel: boards: align pin names between byt-rt5640 drivers (bsc#1010690). - asoc: Intel: boards: merge DMI-based quirks in bytcr-rt5640 driver (bsc#1010690). - asoc: Intel: boards: start merging byt-rt5640 drivers (bsc#1010690). - asoc: Intel: bytcr_rt56040: additional routing quirks (bsc#1010690). - asoc: Intel: bytcr-rt5640: add Asus T100TAF quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: add IN3 map (bsc#1010690). - asoc: Intel: bytcr_rt5640: add MCLK support (bsc#1010690). - asoc: Intel: bytcr_rt5640: Add quirk for Teclast X98 Air 3G tablet (bsc#1010690). - asoc: Intel: bytcr_rt5640: add SSP2_AIF2 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: change quirk position (bsc#1010690). - asoc: Intel: bytcr_rt5640: default routing and quirks on Baytrail-CR (bsc#1010690). - asoc: Intel: bytcr-rt5640: enable ASRC (bsc#1010690). - asoc: Intel: bytcr_rt5640: enable differential mic quirk (bsc#1010690). - asoc: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled (bsc#1010690). - asoc: Intel: bytcr_rt5640: fix dai/clock setup for SSP0 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: fixup DAI codec_name with HID (bsc#1010690). - asoc: Intel: bytcr_rt5640: log quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for Acer Aspire SWS-012 (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for mono speaker (bsc#1010690). - asoc: Intel: bytcr_rt5640: set SSP to I2S mode 2ch (bsc#1010690). - asoc: Intel: bytcr_rt5640: use HID translation util (bsc#1010690). - asoc: Intel: cht: fix uninit variable warning (bsc#1010690). - asoc: Intel: common: add translation from HID to codec-name (bsc#1010690). - asoc: Intel: common: filter ACPI devices with _STA return value (bsc#1010690). - asoc: Intel: common: increase the loglevel of "FW Poll Status" (bsc#1010690). - asoc: Intel: Create independent acpi match module (bsc#1010690). - asoc: intel: Fix sst-dsp dependency on dw stuff (bsc#1010690). - asoc: Intel: Keep building old baytrail machine drivers (bsc#1010690). - asoc: Intel: Load the atom DPCM driver only (bsc#1010690). - asoc: intel: make function stub static (bsc#1010690). - asoc: Intel: Move apci find machine routines (bsc#1010690). - asoc: Intel: pass correct parameter in sst_alloc_stream_mrfld() (bsc#1005917). - asoc: intel: Replace kthread with work (bsc#1010690). - asoc: Intel: Skylake: Always acquire runtime pm ref on unload (bsc#1005917). - asoc: Intel: sst: fix sst_memcpy32 wrong with non-4x bytes issue (bsc#1010690). - asoc: rt5640: add ASRC support (bsc#1010690). - asoc: rt5640: add internal clock source support (bsc#1010690). - asoc: rt5640: add master clock handling for rt5640 (bsc#1010690). - asoc: rt5640: add supplys for dac power (bsc#1010690). - asoc: rt5640: remove unused variable (bsc#1010690). - asoc: rt5640: Set PLL src according to source (bsc#1010690). - asoc: rt5645: add DAC1 soft volume func control (bsc#1010690). - asoc: rt5645: Add dmi_system_id "Google Setzer" (bsc#1010690). - asoc: rt5645: extend delay time for headphone pop noise (bsc#1010690). - asoc: rt5645: fix reg-2f default value (bsc#1010690). - asoc: rt5645: improve headphone pop when system resumes from S3 (bsc#1010690). - asoc: rt5645: improve IRQ reaction time for HS button (bsc#1010690). - asoc: rt5645: merge DMI tables of google projects (bsc#1010690). - asoc: rt5645: patch reg-0x8a (bsc#1010690). - asoc: rt5645: polling jd status in all conditions (bsc#1010690). - asoc: rt5645: Separate regmap for rt5645 and rt5650 (bsc#1010690). - asoc: rt5645: set RT5645_PRIV_INDEX as volatile (bsc#1010690). - asoc: rt5645: use polling to support HS button (bsc#1010690). - asoc: rt5645: Use the mod_delayed_work instead of the queue_delayed_work and cancel_delayed_work_sync (bsc#1010690). - asoc: rt5670: Add missing 10EC5072 ACPI ID (bsc#1010690). - asoc: rt5670: Enable Braswell platform workaround for Dell Wyse 3040 (bsc#1010690). - asoc: rt5670: fix HP Playback Volume control (bsc#1010690). - asoc: rt5670: patch reg-0x8a (bsc#1010690). - asoc: simple-card: do not fail if sysclk setting is not supported (bsc#1005917). - asoc: tegra_alc5632: check return value (bsc#1005917). - asoc: wm8960: Fix WM8960_SYSCLK_PLL mode (bsc#1005917). - autofs: fix multiple races (bsc#997639). - autofs: use dentry flags to block walks during expire (bsc#997639). - blacklist.conf: Add dup / unapplicable commits (bsc#1005545). - blacklist.conf: Add i915 stable commits that can be ignored (bsc#1015367) - blacklist.conf: add inapplicable / duped commits (bsc#1005917) - blacklist.conf: ignore commit bfe6c8a89e03 ("arm64: Fix NUMA build error when !CONFIG_ACPI") - blacklist.conf: Remove intel_pstate potential patch that SLE 12 SP2 The code layout upstream that motivated this patch is completely different to what is in SLE 12 SP2 as schedutil was not backported. - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - btrfs: allocate root item at snapshot ioctl time (bsc#1012452). - btrfs: better packing of btrfs_delayed_extent_op (bsc#1012452). - btrfs: Check metadata redundancy on balance (bsc#1012452). - btrfs: clean up an error code in btrfs_init_space_info() (bsc#1012452). - btrfs: cleanup, stop casting for extent_map->lookup everywhere (bsc#1012452). - btrfs: cleanup, use enum values for btrfs_path reada (bsc#1012452). - btrfs: deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171). - btrfs: deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171). - btrfs: do an allocation earlier during snapshot creation (bsc#1012452). - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881). - btrfs: do not leave dangling dentry if symlink creation failed (bsc#1012452). - btrfs: do not use slab cache for struct btrfs_delalloc_work (bsc#1012452). - btrfs: drop duplicate prefix from scrub workqueues (bsc#1012452). - btrfs: drop unused parameter from lock_extent_bits (bsc#1012452). - btrfs: Enhance chunk validation check (bsc#1012452). - btrfs: Enhance super validation check (bsc#1012452). - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666). - btrfs: Expoert and move leaf/subtree qgroup helpers to qgroup.c (bsc983087, bsc986255). - btrfs: fix endless loop in balancing block groups (bsc#1006804). - btrfs: fix incremental send failure caused by balance (bsc#985850). - btrfs: fix locking bugs when defragging leaves (bsc#1012452). - btrfs: fix memory leaks after transaction is aborted (bsc#1012452). - btrfs: fix output of compression message in btrfs_parse_options() (bsc#1012452). - btrfs: fix race between free space endio workers and space cache writeout (bsc#1012452). - btrfs: fix races on root_log_ctx lists (bsc#1007653). - btrfs: fix race when finishing dev replace leading to transaction abort (bsc#1012452). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: fix typo in log message when starting a balance (bsc#1012452). - btrfs: fix unprotected list operations at btrfs_write_dirty_block_groups (bsc#1012452). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: make btrfs_close_one_device static (bsc#1012452). - btrfs: make clear_extent_bit helpers static inline (bsc#1012452). - btrfs: make clear_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make end_extent_writepage return void (bsc#1012452). - btrfs: make extent_clear_unlock_delalloc return void (bsc#1012452). - btrfs: make extent_range_clear_dirty_for_io return void (bsc#1012452). - btrfs: make extent_range_redirty_for_io return void (bsc#1012452). - btrfs: make lock_extent static inline (bsc#1012452). - btrfs: make set_extent_bit helpers static inline (bsc#1012452). - btrfs: make set_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make set_range_writeback return void (bsc#1012452). - btrfs: preallocate path for snapshot creation at ioctl time (bsc#1012452). - btrfs: put delayed item hook into inode (bsc#1012452). - btrfs: qgroup: Add comments explaining how btrfs qgroup works (bsc983087, bsc986255). - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc983087, bsc986255). - btrfs: qgroup: Rename functions to make it follow reserve, trace, account steps (bsc983087, bsc986255). - btrfs: remove a trivial helper btrfs_set_buffer_uptodate (bsc#1012452). - btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns (bsc#1007653). - btrfs: remove unused inode argument from uncompress_inline() (bsc#1012452). - btrfs: remove wait from struct btrfs_delalloc_work (bsc#1012452). - btrfs: send, do not bug on inconsistent snapshots (bsc#985850). - btrfs: sink parameter wait to btrfs_alloc_delalloc_work (bsc#1012452). - btrfs: Support convert to -d dup for btrfs-convert (bsc#1012452). - btrfs: use GFP_KERNEL for allocations in ioctl handlers (bsc#1012452). - btrfs: use GFP_KERNEL for allocations of workqueues (bsc#1012452). - btrfs: use GFP_KERNEL for xattr and acl allocations (bsc#1012452). - btrfs: use smaller type for btrfs_path locks (bsc#1012452). - btrfs: use smaller type for btrfs_path lowest_level (bsc#1012452). - btrfs: use smaller type for btrfs_path reada (bsc#1012452). - btrfs: verbose error when we find an unexpected item in sys_array (bsc#1012452). - cdc-acm: added sanity checking for probe() (bsc#993891). - cxgbi: fix uninitialized flowi6 (bsc#963904 FATE#320115). - Delete patches.fixes/apparmor-initialize-common_audit_data.patch (bsc#1000304) It'll be fixed in the upcoming apparmor fix series from upstream. - dell-laptop: Fixate rfkill work on CPU#0 (bsc#1004052). - dell-wmi: Check if Dell WMI descriptor structure is valid (bsc#1004052). - dell-wmi: Clean up hotkey table size check (bsc#1004052). - dell-wmi: Ignore WMI event code 0xe045 (bsc#1004052). - dell-wmi: Improve unknown hotkey handling (bsc#1004052). - dell-wmi: Process only one event on devices with interface version 0 (bsc#1004052). - dell-wmi: Stop storing pointers to DMI tables (bsc#1004052). - dell-wmi: Support new hotkeys on the XPS 13 9350 (Skylake) (bsc#1004052). - dell_wmi: Use a C99-style array for bios_to_linux_keycode (bsc#1004052). - Drivers: hv: utils: fix a race on userspace daemons registration (bnc#1014392). - drm/amdgpu: Do not leak runtime pm ref on driver load (bsc#1005545). - drm/amdgpu: Do not leak runtime pm ref on driver unload (bsc#1005545). - drm/i915: Acquire audio powerwell for HD-Audio registers (bsc#1005545). - drm/i915: add helpers for platform specific revision id range checks (bsc#1015367). - drm/i915: Add missing ring_mask to Pineview (bsc#1005917). - drm/i915: Apply broader WaRsDisableCoarsePowerGating for guc also (bsc#1015367). - drm/i915/bxt: add revision id for A1 stepping and use it (bsc#1015367). - drm/i915: Calculate watermark related members in the crtc_state, v4 (bsc#1011176). - drm/i915: Call intel_dp_mst_resume() before resuming displays (bsc#1015359). - drm/i915: call kunmap_px on pt_vaddr (bsc#1005545). - drm/i915: Cleaning up DDI translation tables (bsc#1014392). - drm/i915: Clean up L3 SQC register field definitions (bsc#1014392). - drm/i915/dsi: fix CHV dsi encoder hardware state readout on port C (bsc#1015367). - drm/i915: Enable polling when we do not have hpd (bsc#1014120). - drm/i915: Exit cherryview_irq_handler() after one pass (bsc#1015367). - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2 (bsc#1014392). - drm/i915: Fix system resume if PCI device remained enabled (bsc#1015367). - drm/i915: fix the SDE irq dmesg warnings properly (bsc#1005545). - drm/i915: Fix VBT backlight Hz to PWM conversion for PNV (bsc#1005545). - drm/i915: Fix vbt PWM max setup for CTG (bsc#1005545). - drm/i915: Force ringbuffers to not be at offset 0 (bsc#1015367). - drm/i915/gen9: Add WaInPlaceDecompressionHang (bsc#1014392). - drm/i915/ivb: Move WaCxSRDisabledForSpriteScaling w/a to atomic check (bsc#1011176). - drm/i915: Kill intel_runtime_pm_disable() (bsc#1005545). - drm/i915: Make plane fb tracking work correctly, v2 (bsc#1004048). - drm/i915: Make prepare_plane_fb fully interruptible (bsc#1004048). - drm/i915: Move disable_cxsr to the crtc_state (bsc#1011176). - drm/i915: On fb alloc failure, unref gem object where it gets refed (bsc#1005545). - drm/i915: Only call commit_planes when there are things to commit (bsc#1004048). - drm/i915: Only commit active planes when updating planes during reset (bsc#1004048). - drm/i915: Only run commit when crtc is active, v2 (bsc#1004048). - drm/i915: remove parens around revision ids (bsc#1015367). - drm/i915: Set crtc_state->lane_count for HDMI (bsc#1005545). - drm/i915/skl: Add WaDisableGafsUnitClkGating (bsc#1014392). - drm/i915/skl: Fix rc6 based gpu/system hang (bsc#1015367). - drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs (bsc#1015367). - drm/i915/skl: Update DDI translation tables for SKL (bsc#1014392). - drm/i915/skl: Update watermarks before the crtc is disabled (bsc#1015367). - drm/i915: suppress spurious !wm_changed warning (bsc#1006267). - drm/i915: Unconditionally flush any chipset buffers before execbuf (bsc#1005545). - drm/i915: Update legacy primary state outside the commit hook, v2 (bsc#1004048). - drm/i915: Update Skylake DDI translation table for DP (bsc#1014392). - drm/i915: Update Skylake DDI translation table for HDMI (bsc#1014392). - drm/i915/userptr: Hold mmref whilst calling get-user-pages (bsc#1015367). - drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() (bsc#1014120). - drm/i915/vlv: Make intel_crt_reset() per-encoder (bsc#1014120). - drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init() (bsc#1014120). - drm/i915: Wait for power cycle delay after turning off DSI panel power (bsc#1005545). - drm/i915: Wait up to 3ms for the pcu to ack the cdclk change request on SKL (bsc#1005545). - drm/layerscape: reduce excessive stack usage (bsc#1005545). - drm/mgag200: fix error return code in mgag200fb_create() (bsc#1005917). - drm/nouveau: Do not leak runtime pm ref on driver unload (bsc#1005545). - drm/radeon: Also call cursor_move_locked when the cursor size changes (bsc#1000433). - drm/radeon: Always store CRTC relative radeon_crtc->cursor_x/y values (bsc#1000433). - drm/radeon/ci add comment to document intentionally unreachable code (bsc#1005545). - drm/radeon: Do not leak runtime pm ref on driver load (bsc#1005545). - drm/radeon: Do not leak runtime pm ref on driver unload (bsc#1005545). - drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on (bsc#998054) - drm/radeon: Hide the HW cursor while it's out of bounds (bsc#1000433). - drm/radeon: Switch to drm_vblank_on/off (bsc#998054). - drm/rockchip: fix a couple off by one bugs (bsc#1005545). - drm/tegra: checking for IS_ERR() instead of NULL (bsc#1005545). - edac/mce_amd: Add missing SMCA error descriptions (fate#320474, bsc#1013700). - edac/mce_amd: Use SMCA prefix for error descriptions arrays (fate#320474, bsc#1013700). - efi/arm64: Do not apply MEMBLOCK_NOMAP to UEFI memory map mapping (bsc#986987). - efi: ARM: avoid warning about phys_addr_t cast. - efi/runtime-wrappers: Add {__,}efi_call_virt() templates (bsc#1005745). - efi/runtime-wrappers: Detect firmware IRQ flag corruption (bsc#1005745). - efi/runtime-wrappers: Remove redundant #ifdefs (bsc#1005745). - ext4: fix data exposure after a crash (bsc#1012829). - Fix kabi change cause by adding flock_owner to open_context (bsc#998689). - Fixup UNMAP calculation (bsc#1005327) - fs, block: force direct-I/O for dax-enabled block devices (bsc#1012992). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - genirq: Add untracked irq handler (bsc#1006827). - genirq: Use a common macro to go through the actions list (bsc#1006827). - gpio: generic: make bgpio_pdata always visible. - gpio: Restore indentation of parent device setup. - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486). - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486). - gro_cells: mark napi struct as not busy poll candidates (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - group-source-files.pl: mark arch/*/scripts as devel make[2]: /usr/src/linux-4.6.4-2/arch/powerpc/scripts/gcc-check-mprofile-kernel.sh: C ommand not found - hpsa: fallback to use legacy REPORT PHYS command (bsc#1006175). - hpsa: use bus '3' for legacy HBA devices (bsc#1010665). - hpsa: use correct DID_NO_CONNECT hostbyte (bsc#1010665). - hv: do not lose pending heartbeat vmbus packets (bnc#1006918). - i2c: designware-baytrail: Add support for cherrytrail (bsc#1011913). - i2c: designware-baytrail: Pass dw_i2c_dev into helper functions (bsc#1011913). - i2c: designware-baytrail: Work around Cherry Trail semaphore errors (bsc#1011913). - i2c: designware: Prevent runtime suspend during adapter registration (bsc#1011913). - i2c: designware: retry transfer on transient failure (bsc#1011913). - i2c: designware: Use transfer timeout from ioctl I2C_TIMEOUT (bsc#1011913). - i2c: Enable CONFIG_I2C_DESIGNWARE_PLATFORM and *_BAYTRAIL (bsc#1010690) Realtek codecs on CHT platform require this i2c bus driver. - i2c: xgene: Avoid dma_buffer overrun (bsc#1006576). - i40e: fix an uninitialized variable bug (bsc#969476 FATE#319648). - i40e: fix broken i40e_config_rss_aq function (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40e: Remove redundant memset (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Add missing check for interface already open (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Add missing NULL check for MPA private data (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Avoid writing to freed memory (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Change mem_resources pointer to a u8 (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Do not set self-referencing pointer to NULL after kfree (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Fix double free of allocated_buffer (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Protect req_resource_num update (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Receive notification events correctly (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Send last streaming mode message for loopback connections (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Update hw_iwarp_state (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - ib/core: Fix possible memory leak in cma_resolve_iboe_route() (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - ib/mlx5: Fix iteration overrun in GSI qps (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ib/mlx5: Fix steering resource leak (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ib/mlx5: Set source mac address in FTE (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: convert to use simple_open() (bsc#1015416). - ibmvnic: Driver Version 1.0.1 (bsc#1015416). - ibmvnic: drop duplicate header seq_file.h (bsc#1015416). - ibmvnic: fix error return code in ibmvnic_probe() (bsc#1015416). - ibmvnic: Fix GFP_KERNEL allocation in interrupt context (bsc#1015416). - ibmvnic: Fix missing brackets in init_sub_crq_irqs (bsc#1015416). - ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context (bsc#1015416). - ibmvnic: Fix size of debugfs name buffer (bsc#1015416). - ibmvnic: Handle backing device failover and reinitialization (bsc#1015416). - ibmvnic: Start completion queue negotiation at server-provided optimum values (bsc#1015416). - ibmvnic: Unmap ibmvnic_statistics structure (bsc#1015416). - ibmvnic: Update MTU after device initialization (bsc#1015416). - input: ALPS - add touchstick support for SS5 hardware (bsc#987703). - input: ALPS - allow touchsticks to report pressure (bsc#987703). - input: ALPS - handle 0-pressure 1F events (bsc#987703). - input: ALPS - set DualPoint flag for 74 03 28 devices (bsc#987703). - iommu/arm-smmu: Add support for 16 bit VMID (fate#319978). - iommu/arm-smmu: Workaround for ThunderX erratum #27704 (fate#319978). - ipc/sem.c: add cond_resched in exit_sme (bsc#979378). - ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062). - ixgbe: Do not clear RAR entry when clearing VMDq for SAN MAC (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - kABI: protect struct dw_mci. - kABI: protect struct mmc_packed (kabi). - kABI: reintroduce iov_iter_fault_in_multipages_readable. - kABI: reintroduce sk_filter (kabi). - kABI: reintroduce strtobool (kabi). - kABI: restore ip_cmsg_recv_offset parameters (kabi). - kabi/severities: Ignore kABI for asoc Intel SST drivers (bsc#1010690) These drivers are self-contained, not for 3rd party drivers. - kabi/severities: Whitelist libceph and rbd (bsc#988715). Like SLE12-SP1. - kernel-module-subpackage: Properly quote flavor in expressions That fixes a parse error if the flavor starts with a digit or contains other non-alphabetic characters. - kgr: ignore zombie tasks during the patching (bnc#1008979). - kvm: arm/arm64: Fix occasional warning from the timer work function (bsc#988524). - kvm: x86: correctly reset dest_map->vector when restoring LAPIC state (bsc#966471). - libceph: enable large, variable-sized OSD requests (bsc#988715). - libceph: make r_request msg_size calculation clearer (bsc#988715). - libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op (bsc#988715). - libceph: osdc->req_mempool should be backed by a slab pool (bsc#988715). - libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715). - lib/mpi: avoid assembler warning (bsc#1003581). - lib/mpi: mpi_read_buffer(): fix buffer overflow (bsc#1003581). - lib/mpi: mpi_read_buffer(): optimize skipping of leading zero limbs (bsc#1003581). - lib/mpi: mpi_read_buffer(): replace open coded endian conversion (bsc#1003581). - lib/mpi: mpi_write_sgl(): fix out-of-bounds stack access (bsc#1003581). - lib/mpi: mpi_write_sgl(): fix style issue with lzero decrement (bsc#1003581). - lib/mpi: mpi_write_sgl(): purge redundant pointer arithmetic (bsc#1003581). - lib/mpi: mpi_write_sgl(): replace open coded endian conversion (bsc#1003581). - lib/mpi: use "static inline" instead of "extern inline" (bsc#1003581). - locking/pv-qspinlock: Use cmpxchg_release() in __pv_queued_spin_unlock() (bsc#969756). - locking/rtmutex: Prevent dequeue vs. unlock race (bsc#1015212). - locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() (bsc#1015212). - mailbox/xgene-slimpro: Checking for IS_ERR instead of NULL. - md/raid1: fix: IO can block resync indefinitely (bsc#1001310). - mlx4: Do not BUG_ON() if device reset failed (bsc#1001888). - mm: do not use radix tree writeback tags for pages in swap cache (bnc#971975 VM performance -- swap). - mm: filemap: do not plant shadow entries without radix tree node (bnc#1005929). - mm: filemap: fix mapping->nrpages double accounting in fuse (bnc#1005929). - mm/filemap: generic_file_read_iter(): check for zero reads unconditionally (bnc#1007955). - mm/mprotect.c: do not touch single threaded PTEs which are on the right node (bnc#971975 VM performance -- numa balancing). - mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page() (bnc#1005929). - mm/zswap: use workqueue to destroy pool (VM Functionality, bsc#1005923). - net: icmp6_send should use dst dev to determine L3 domain (bsc#1014701). - net: ipv6: tcp reset, icmp need to consider L3 domain (bsc#1014701). - net/mlx4_en: Fix panic on xmit while port is down (bsc#966191 FATE#320230). - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (bsc#1006809). - net/mlx5: Add error prints when validate ETS failed (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Avoid setting unused var when modifying vport node GUID (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Use correct flow dissector key on flower offloading (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix autogroups groups num not decreasing (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix teardown errors that happen in pci error handler (bsc#1001169). - net/mlx5: Keep autogroups list ordered (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net_sched: fix a typo in tc_for_each_action() (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: sctp, forbid negative length (bnc#1005921). - netvsc: fix incorrect receive checksum offloading (bnc#1006915). - nfs: nfs4_fl_prepare_ds must be careful about reporting success (bsc#1000776). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - oom: print nodemask in the oom report (bnc#1003866). - overlayfs: allow writing on read-only btrfs subvolumes (bsc#1010158) - pci/acpi: Allow all PCIe services on non-ACPI host bridges (bsc#1006827). - pci: Allow additional bus numbers for hotplug bridges (bsc#1006827). - pci: correctly cast mem_base in pci_read_bridge_mmio_pref() (bsc#1001888). - pci: Do not set RCB bit in LNKCTL if the upstream bridge hasn't (bsc#1001888). - pci: Fix BUG on device attach failure (bnc#987641). - pci: pciehp: Allow exclusive userspace control of indicators (bsc#1006827). - pci: Remove return values from pcie_port_platform_notify() and relatives (bsc#1006827). - perf/x86: Add perf support for AMD family-17h processors (fate#320473). - pm / hibernate: Fix 2G size issue of snapshot image verification (bsc#1004252). - pm / sleep: declare __tracedata symbols as char rather than char (bnc#1005895). - powercap/intel_rapl: Add support for Kabylake (bsc#1003566). - powercap / RAPL: add support for Denverton (bsc#1003566). - powercap / RAPL: Add support for Ivy Bridge server (bsc#1003566). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - powerpc/xmon: Add xmon command to dump process/task similar to ps(1) (fate#322020). - proc: much faster /proc/vmstat (bnc#971975 VM performance -- vmstat). - qede: Correctly map aggregation replacement pages (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - qed: FLR of active VFs might lead to FW assert (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841). - qla2xxx: Fix NULL pointer deref in QLA interrupt (bsc#1003068). - qla2xxx: setup data needed in ISR before setting up the ISR (bsc#1006528). - rbd: truncate objects on cmpext short reads (bsc#988715). - Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()" (bsc#1005917). - Revert "can: dev: fix deadlock reported after bus-off". - Revert "fix minor infoleak in get_user_ex()" (p.k.o). - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - Revert "x86/mm: Expand the exception table logic to allow new handling options" (p.k.o). - rpm/config.sh: Build against SP2 in the OBS as well - rpm/constraints.in: increase disk for kernel-syzkaller The kernel-syzkaller build now consumes around 30G. This causes headache in factory where the package rebuilds over and over. Require 35G disk size to successfully build the flavor. - rpm/kernel-binary.spec.in: Build the -base package unconditionally (bsc#1000118) - rpm/kernel-binary.spec.in: Do not create KMPs with CONFIG_MODULES=n - rpm/kernel-binary.spec.in: Only build -base and -extra with CONFIG_MODULES (bsc#1000118) - rpm/kernel-binary.spec.in: Simplify debug info switch Any CONFIG_DEBUG_INFO sub-options are answered in the configs nowadays. - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - rpm/package-descriptions: Add 64kb kernel flavor description - rpm/package-descriptions: add kernel-syzkaller - rpm/package-descriptions: pv has been merged into -default (fate#315712) - rpm/package-descriptions: the flavor is 64kb, not 64k - s390/mm: fix gmap tlb flush issues (bnc#1005925). - sched/core: Optimize __schedule() (bnc#978907 Scheduler performance -- context switch). - sched/fair: Fix incorrect task group ->load_avg (bsc#981825). - sched/fair: Optimize find_idlest_cpu() when there is no choice (bnc#978907 Scheduler performance -- idle search). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001). - serial: 8250_port: fix runtime PM use in __do_stop_tx_rs485() (bsc#983152). - sunrpc: fix refcounting problems with auth_gss messages (boo#1011250). - supported.conf: add hid-logitech-hidpp (bsc#1002322 bsc#1002786) - supported.conf: Add overlay.ko to -base (fate#321903) Also, delete the stale entry for the old overlayfs. - supported.conf: Mark vmx-crypto as supported (fate#319564) - supported.conf: xen-netfront should be in base packages, just like its non-pvops predecessor. (bsc#1002770) - target: fix tcm_rbd_gen_it_nexus for emulated XCOPY state (bsc#1003606). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#963609 FATE#320143). - time: Avoid undefined behaviour in ktime_add_safe() (bnc#1006103). - Update config files: select new CONFIG_SND_SOC_INTEL_SST_* helpers - Update patches.suse/btrfs-8401-fix-qgroup-accounting-when-creating-snap.patch (bsc#972993). - usb: gadget: composite: Clear reserved fields of SSP Dev Cap (FATE#319959). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - Using BUG_ON() as an assert() is _never_ acceptable (bnc#1005929). - vmxnet3: Wake queue from reset work (bsc#999907). - Whitelist KVM KABI changes resulting from adding a hcall. caused by 5246adec59458b5d325b8e1462ea9ef3ead7f6ae powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec No problem is expected as result of changing KVM KABI so whitelisting for now. If we get some additional input from IBM we can back out the patch. - writeback: initialize inode members that track writeback history (bsc#1012829). - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479). - x86/efi: Enable runtime call flag checking (bsc#1005745). - x86/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - x86/hpet: Reduce HPET counter read contention (bsc#1014710). - x86/mce/AMD, EDAC/mce_amd: Define and use tables for known SMCA IP types (fate#320474, bsc#1013700). Exclude removed symbols from kABI check. They're AMD Zen relevant only and completely useless to other modules - only edac_mce_amd.ko. - x86/mce/AMD: Increase size of the bank_map type (fate#320474, bsc#1013700). - x86/mce/AMD: Read MSRs on the CPU allocating the threshold blocks (fate#320474, bsc#1013700). - x86/mce/AMD: Update sysfs bank names for SMCA systems (fate#320474, bsc#1013700). - x86/mce/AMD: Use msr_ops.misc() in allocate_threshold_blocks() (fate#320474, bsc#1013700). - x86/pci: VMD: Attach VMD resources to parent domain's resource tree (bsc#1006827). - x86/pci: VMD: Document code for maintainability (bsc#1006827). - x86/pci: VMD: Fix infinite loop executing irq's (bsc#1006827). - x86/pci: VMD: Initialize list item in IRQ disable (bsc#1006827). - x86/pci: VMD: Request userspace control of PCIe hotplug indicators (bsc#1006827). - x86/pci: VMD: Select device dma ops to override (bsc#1006827). - x86/pci: VMD: Separate MSI and MSI-X vector sharing (bsc#1006827). - x86/pci: VMD: Set bus resource start to 0 (bsc#1006827). - x86/pci: VMD: Synchronize with RCU freeing MSI IRQ descs (bsc#1006827). - x86/pci: VMD: Use lock save/restore in interrupt enable path (bsc#1006827). - x86/pci/VMD: Use untracked irq handler (bsc#1006827). - x86/pci: VMD: Use x86_vector_domain as parent domain (bsc#1006827). - x86, powercap, rapl: Add Skylake Server model number (bsc#1003566). - x86, powercap, rapl: Reorder CPU detection table (bsc#1003566). - x86, powercap, rapl: Use Intel model macros intead of open-coding (bsc#1003566). - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (bnc#1005169). - zram: Fix unbalanced idr management at hot removal (bsc#1010970). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-87=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-87=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-87=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-87=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-87=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-87=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-87=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): kernel-default-debuginfo-4.4.38-93.1 kernel-default-debugsource-4.4.38-93.1 kernel-default-extra-4.4.38-93.1 kernel-default-extra-debuginfo-4.4.38-93.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.4.38-93.1 kernel-obs-build-debugsource-4.4.38-93.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): kernel-docs-4.4.38-93.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kernel-default-4.4.38-93.1 kernel-default-base-4.4.38-93.1 kernel-default-base-debuginfo-4.4.38-93.1 kernel-default-debuginfo-4.4.38-93.1 kernel-default-debugsource-4.4.38-93.1 kernel-default-devel-4.4.38-93.1 kernel-syms-4.4.38-93.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-devel-4.4.38-93.1 kernel-macros-4.4.38-93.1 kernel-source-4.4.38-93.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kernel-default-4.4.38-93.1 kernel-default-base-4.4.38-93.1 kernel-default-base-debuginfo-4.4.38-93.1 kernel-default-debuginfo-4.4.38-93.1 kernel-default-debugsource-4.4.38-93.1 kernel-default-devel-4.4.38-93.1 kernel-syms-4.4.38-93.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-devel-4.4.38-93.1 kernel-macros-4.4.38-93.1 kernel-source-4.4.38-93.1 - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_38-93-default-1-2.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.38-93.1 cluster-md-kmp-default-debuginfo-4.4.38-93.1 cluster-network-kmp-default-4.4.38-93.1 cluster-network-kmp-default-debuginfo-4.4.38-93.1 dlm-kmp-default-4.4.38-93.1 dlm-kmp-default-debuginfo-4.4.38-93.1 gfs2-kmp-default-4.4.38-93.1 gfs2-kmp-default-debuginfo-4.4.38-93.1 kernel-default-debuginfo-4.4.38-93.1 kernel-default-debugsource-4.4.38-93.1 ocfs2-kmp-default-4.4.38-93.1 ocfs2-kmp-default-debuginfo-4.4.38-93.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-devel-4.4.38-93.1 kernel-macros-4.4.38-93.1 kernel-source-4.4.38-93.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kernel-default-4.4.38-93.1 kernel-default-debuginfo-4.4.38-93.1 kernel-default-debugsource-4.4.38-93.1 kernel-default-devel-4.4.38-93.1 kernel-default-extra-4.4.38-93.1 kernel-default-extra-debuginfo-4.4.38-93.1 kernel-syms-4.4.38-93.1 References: https://www.suse.com/security/cve/CVE-2015-1350.html https://www.suse.com/security/cve/CVE-2015-8964.html https://www.suse.com/security/cve/CVE-2016-7039.html https://www.suse.com/security/cve/CVE-2016-7042.html https://www.suse.com/security/cve/CVE-2016-7425.html https://www.suse.com/security/cve/CVE-2016-7913.html https://www.suse.com/security/cve/CVE-2016-7917.html https://www.suse.com/security/cve/CVE-2016-8645.html https://www.suse.com/security/cve/CVE-2016-8666.html https://www.suse.com/security/cve/CVE-2016-9083.html https://www.suse.com/security/cve/CVE-2016-9084.html https://www.suse.com/security/cve/CVE-2016-9793.html https://www.suse.com/security/cve/CVE-2016-9919.html https://bugzilla.suse.com/1000118 https://bugzilla.suse.com/1000189 https://bugzilla.suse.com/1000287 https://bugzilla.suse.com/1000304 https://bugzilla.suse.com/1000433 https://bugzilla.suse.com/1000776 https://bugzilla.suse.com/1001169 https://bugzilla.suse.com/1001171 https://bugzilla.suse.com/1001310 https://bugzilla.suse.com/1001462 https://bugzilla.suse.com/1001486 https://bugzilla.suse.com/1001888 https://bugzilla.suse.com/1002322 https://bugzilla.suse.com/1002770 https://bugzilla.suse.com/1002786 https://bugzilla.suse.com/1003068 https://bugzilla.suse.com/1003566 https://bugzilla.suse.com/1003581 https://bugzilla.suse.com/1003606 https://bugzilla.suse.com/1003813 https://bugzilla.suse.com/1003866 https://bugzilla.suse.com/1003964 https://bugzilla.suse.com/1004048 https://bugzilla.suse.com/1004052 https://bugzilla.suse.com/1004252 https://bugzilla.suse.com/1004365 https://bugzilla.suse.com/1004517 https://bugzilla.suse.com/1005169 https://bugzilla.suse.com/1005327 https://bugzilla.suse.com/1005545 https://bugzilla.suse.com/1005666 https://bugzilla.suse.com/1005745 https://bugzilla.suse.com/1005895 https://bugzilla.suse.com/1005917 https://bugzilla.suse.com/1005921 https://bugzilla.suse.com/1005923 https://bugzilla.suse.com/1005925 https://bugzilla.suse.com/1005929 https://bugzilla.suse.com/1006103 https://bugzilla.suse.com/1006175 https://bugzilla.suse.com/1006267 https://bugzilla.suse.com/1006528 https://bugzilla.suse.com/1006576 https://bugzilla.suse.com/1006804 https://bugzilla.suse.com/1006809 https://bugzilla.suse.com/1006827 https://bugzilla.suse.com/1006915 https://bugzilla.suse.com/1006918 https://bugzilla.suse.com/1007197 https://bugzilla.suse.com/1007615 https://bugzilla.suse.com/1007653 https://bugzilla.suse.com/1007955 https://bugzilla.suse.com/1008557 https://bugzilla.suse.com/1008979 https://bugzilla.suse.com/1009062 https://bugzilla.suse.com/1009969 https://bugzilla.suse.com/1010040 https://bugzilla.suse.com/1010158 https://bugzilla.suse.com/1010444 https://bugzilla.suse.com/1010478 https://bugzilla.suse.com/1010507 https://bugzilla.suse.com/1010665 https://bugzilla.suse.com/1010690 https://bugzilla.suse.com/1010970 https://bugzilla.suse.com/1011176 https://bugzilla.suse.com/1011250 https://bugzilla.suse.com/1011913 https://bugzilla.suse.com/1012060 https://bugzilla.suse.com/1012094 https://bugzilla.suse.com/1012452 https://bugzilla.suse.com/1012767 https://bugzilla.suse.com/1012829 https://bugzilla.suse.com/1012992 https://bugzilla.suse.com/1013001 https://bugzilla.suse.com/1013479 https://bugzilla.suse.com/1013531 https://bugzilla.suse.com/1013700 https://bugzilla.suse.com/1014120 https://bugzilla.suse.com/1014392 https://bugzilla.suse.com/1014701 https://bugzilla.suse.com/1014710 https://bugzilla.suse.com/1015212 https://bugzilla.suse.com/1015359 https://bugzilla.suse.com/1015367 https://bugzilla.suse.com/1015416 https://bugzilla.suse.com/799133 https://bugzilla.suse.com/914939 https://bugzilla.suse.com/922634 https://bugzilla.suse.com/963609 https://bugzilla.suse.com/963655 https://bugzilla.suse.com/963904 https://bugzilla.suse.com/964462 https://bugzilla.suse.com/966170 https://bugzilla.suse.com/966172 https://bugzilla.suse.com/966186 https://bugzilla.suse.com/966191 https://bugzilla.suse.com/966316 https://bugzilla.suse.com/966318 https://bugzilla.suse.com/966325 https://bugzilla.suse.com/966471 https://bugzilla.suse.com/969474 https://bugzilla.suse.com/969475 https://bugzilla.suse.com/969476 https://bugzilla.suse.com/969477 https://bugzilla.suse.com/969756 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/971989 https://bugzilla.suse.com/972993 https://bugzilla.suse.com/974313 https://bugzilla.suse.com/974842 https://bugzilla.suse.com/974843 https://bugzilla.suse.com/978907 https://bugzilla.suse.com/979378 https://bugzilla.suse.com/979681 https://bugzilla.suse.com/981825 https://bugzilla.suse.com/983087 https://bugzilla.suse.com/983152 https://bugzilla.suse.com/983318 https://bugzilla.suse.com/985850 https://bugzilla.suse.com/986255 https://bugzilla.suse.com/986987 https://bugzilla.suse.com/987641 https://bugzilla.suse.com/987703 https://bugzilla.suse.com/987805 https://bugzilla.suse.com/988524 https://bugzilla.suse.com/988715 https://bugzilla.suse.com/990384 https://bugzilla.suse.com/992555 https://bugzilla.suse.com/993739 https://bugzilla.suse.com/993841 https://bugzilla.suse.com/993891 https://bugzilla.suse.com/994881 https://bugzilla.suse.com/995278 https://bugzilla.suse.com/997059 https://bugzilla.suse.com/997639 https://bugzilla.suse.com/997807 https://bugzilla.suse.com/998054 https://bugzilla.suse.com/998689 https://bugzilla.suse.com/999907 https://bugzilla.suse.com/999932 From sle-updates at lists.suse.com Tue Jan 17 13:08:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 21:08:59 +0100 (CET) Subject: SUSE-RU-2017:0188-1: Recommended update for yast2-storage Message-ID: <20170117200859.A8EA4F7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0188-1 Rating: low References: #1008740 #907331 #933517 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-storage fixes the following issues: - Avoid recurring error pop-up in the expert partitioner (bsc#1008740) - Fixed installing required storage packages for unmounted filesystems (bsc#907331) - Removed displaying /var/log/messages (bsc#933517) - Make subvolumes configurable in control.xml (fate#321737) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-88=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-88=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-88=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-88=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): yast2-storage-debuginfo-3.1.106-28.3.2 yast2-storage-debugsource-3.1.106-28.3.2 yast2-storage-devel-3.1.106-28.3.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-storage-3.1.106-28.3.2 yast2-storage-debuginfo-3.1.106-28.3.2 yast2-storage-debugsource-3.1.106-28.3.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-storage-3.1.106-28.3.2 yast2-storage-debuginfo-3.1.106-28.3.2 yast2-storage-debugsource-3.1.106-28.3.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-storage-3.1.106-28.3.2 yast2-storage-debuginfo-3.1.106-28.3.2 yast2-storage-debugsource-3.1.106-28.3.2 References: https://bugzilla.suse.com/1008740 https://bugzilla.suse.com/907331 https://bugzilla.suse.com/933517 From sle-updates at lists.suse.com Tue Jan 17 13:09:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 21:09:51 +0100 (CET) Subject: SUSE-SU-2017:0189-1: moderate: Security update for gstreamer-plugins-base Message-ID: <20170117200951.CE4E5F7C8@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0189-1 Rating: moderate References: #1013669 Cross-References: CVE-2016-9811 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: * CVE-2016-9811: out of bound memory read could lead to crash [bsc#1013669]. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-89=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-89=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-89=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-89=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-89=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gstreamer-plugins-base-debuginfo-1.2.4-2.3.2 gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.3.2 gstreamer-plugins-base-debugsource-1.2.4-2.3.2 libgstfft-1_0-0-32bit-1.2.4-2.3.2 libgstfft-1_0-0-debuginfo-32bit-1.2.4-2.3.2 typelib-1_0-GstAudio-1_0-1.2.4-2.3.2 typelib-1_0-GstPbutils-1_0-1.2.4-2.3.2 typelib-1_0-GstTag-1_0-1.2.4-2.3.2 typelib-1_0-GstVideo-1_0-1.2.4-2.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): typelib-1_0-GstRiff-1_0-1.2.4-2.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-base-debuginfo-1.2.4-2.3.2 gstreamer-plugins-base-debugsource-1.2.4-2.3.2 gstreamer-plugins-base-devel-1.2.4-2.3.2 typelib-1_0-GstAllocators-1_0-1.2.4-2.3.2 typelib-1_0-GstApp-1_0-1.2.4-2.3.2 typelib-1_0-GstAudio-1_0-1.2.4-2.3.2 typelib-1_0-GstFft-1_0-1.2.4-2.3.2 typelib-1_0-GstPbutils-1_0-1.2.4-2.3.2 typelib-1_0-GstRiff-1_0-1.2.4-2.3.2 typelib-1_0-GstRtp-1_0-1.2.4-2.3.2 typelib-1_0-GstRtsp-1_0-1.2.4-2.3.2 typelib-1_0-GstSdp-1_0-1.2.4-2.3.2 typelib-1_0-GstTag-1_0-1.2.4-2.3.2 typelib-1_0-GstVideo-1_0-1.2.4-2.3.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): gstreamer-plugins-base-1.2.4-2.3.2 gstreamer-plugins-base-debuginfo-1.2.4-2.3.2 gstreamer-plugins-base-debugsource-1.2.4-2.3.2 libgstallocators-1_0-0-1.2.4-2.3.2 libgstallocators-1_0-0-debuginfo-1.2.4-2.3.2 libgstapp-1_0-0-1.2.4-2.3.2 libgstapp-1_0-0-debuginfo-1.2.4-2.3.2 libgstaudio-1_0-0-1.2.4-2.3.2 libgstaudio-1_0-0-debuginfo-1.2.4-2.3.2 libgstfft-1_0-0-1.2.4-2.3.2 libgstfft-1_0-0-debuginfo-1.2.4-2.3.2 libgstpbutils-1_0-0-1.2.4-2.3.2 libgstpbutils-1_0-0-debuginfo-1.2.4-2.3.2 libgstriff-1_0-0-1.2.4-2.3.2 libgstriff-1_0-0-debuginfo-1.2.4-2.3.2 libgstrtp-1_0-0-1.2.4-2.3.2 libgstrtp-1_0-0-debuginfo-1.2.4-2.3.2 libgstrtsp-1_0-0-1.2.4-2.3.2 libgstrtsp-1_0-0-debuginfo-1.2.4-2.3.2 libgstsdp-1_0-0-1.2.4-2.3.2 libgstsdp-1_0-0-debuginfo-1.2.4-2.3.2 libgsttag-1_0-0-1.2.4-2.3.2 libgsttag-1_0-0-debuginfo-1.2.4-2.3.2 libgstvideo-1_0-0-1.2.4-2.3.2 libgstvideo-1_0-0-debuginfo-1.2.4-2.3.2 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.3.2 libgstapp-1_0-0-32bit-1.2.4-2.3.2 libgstapp-1_0-0-debuginfo-32bit-1.2.4-2.3.2 libgstaudio-1_0-0-32bit-1.2.4-2.3.2 libgstaudio-1_0-0-debuginfo-32bit-1.2.4-2.3.2 libgstpbutils-1_0-0-32bit-1.2.4-2.3.2 libgstpbutils-1_0-0-debuginfo-32bit-1.2.4-2.3.2 libgsttag-1_0-0-32bit-1.2.4-2.3.2 libgsttag-1_0-0-debuginfo-32bit-1.2.4-2.3.2 libgstvideo-1_0-0-32bit-1.2.4-2.3.2 libgstvideo-1_0-0-debuginfo-32bit-1.2.4-2.3.2 - SUSE Linux Enterprise Server 12-SP1 (noarch): gstreamer-plugins-base-lang-1.2.4-2.3.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-plugins-base-1.2.4-2.3.2 gstreamer-plugins-base-debuginfo-1.2.4-2.3.2 gstreamer-plugins-base-debuginfo-32bit-1.2.4-2.3.2 gstreamer-plugins-base-debugsource-1.2.4-2.3.2 libgstallocators-1_0-0-1.2.4-2.3.2 libgstallocators-1_0-0-debuginfo-1.2.4-2.3.2 libgstapp-1_0-0-1.2.4-2.3.2 libgstapp-1_0-0-32bit-1.2.4-2.3.2 libgstapp-1_0-0-debuginfo-1.2.4-2.3.2 libgstapp-1_0-0-debuginfo-32bit-1.2.4-2.3.2 libgstaudio-1_0-0-1.2.4-2.3.2 libgstaudio-1_0-0-32bit-1.2.4-2.3.2 libgstaudio-1_0-0-debuginfo-1.2.4-2.3.2 libgstaudio-1_0-0-debuginfo-32bit-1.2.4-2.3.2 libgstfft-1_0-0-1.2.4-2.3.2 libgstfft-1_0-0-32bit-1.2.4-2.3.2 libgstfft-1_0-0-debuginfo-1.2.4-2.3.2 libgstfft-1_0-0-debuginfo-32bit-1.2.4-2.3.2 libgstpbutils-1_0-0-1.2.4-2.3.2 libgstpbutils-1_0-0-32bit-1.2.4-2.3.2 libgstpbutils-1_0-0-debuginfo-1.2.4-2.3.2 libgstpbutils-1_0-0-debuginfo-32bit-1.2.4-2.3.2 libgstriff-1_0-0-1.2.4-2.3.2 libgstriff-1_0-0-debuginfo-1.2.4-2.3.2 libgstrtp-1_0-0-1.2.4-2.3.2 libgstrtp-1_0-0-debuginfo-1.2.4-2.3.2 libgstrtsp-1_0-0-1.2.4-2.3.2 libgstrtsp-1_0-0-debuginfo-1.2.4-2.3.2 libgstsdp-1_0-0-1.2.4-2.3.2 libgstsdp-1_0-0-debuginfo-1.2.4-2.3.2 libgsttag-1_0-0-1.2.4-2.3.2 libgsttag-1_0-0-32bit-1.2.4-2.3.2 libgsttag-1_0-0-debuginfo-1.2.4-2.3.2 libgsttag-1_0-0-debuginfo-32bit-1.2.4-2.3.2 libgstvideo-1_0-0-1.2.4-2.3.2 libgstvideo-1_0-0-32bit-1.2.4-2.3.2 libgstvideo-1_0-0-debuginfo-1.2.4-2.3.2 libgstvideo-1_0-0-debuginfo-32bit-1.2.4-2.3.2 typelib-1_0-GstAudio-1_0-1.2.4-2.3.2 typelib-1_0-GstPbutils-1_0-1.2.4-2.3.2 typelib-1_0-GstTag-1_0-1.2.4-2.3.2 typelib-1_0-GstVideo-1_0-1.2.4-2.3.2 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-plugins-base-lang-1.2.4-2.3.2 References: https://www.suse.com/security/cve/CVE-2016-9811.html https://bugzilla.suse.com/1013669 From sle-updates at lists.suse.com Tue Jan 17 13:10:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 21:10:18 +0100 (CET) Subject: SUSE-SU-2017:0190-1: moderate: Security update for nginx-1.0 Message-ID: <20170117201018.79779F7C8@maintenance.suse.de> SUSE Security Update: Security update for nginx-1.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0190-1 Rating: moderate References: #982505 #988491 Cross-References: CVE-2016-1000105 CVE-2016-4450 Affected Products: SUSE Webyast 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nginx-1.0 fixes the following issues: This security issues fixed: - CVE-2016-4450: NULL pointer dereference while writing client request body (bsc#982505). - CVE-2016-1000105: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bnc#988491). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-nginx-12945=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-nginx-12945=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-nginx-12945=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): nginx-1.0-1.0.15-0.34.1 - SUSE Studio Onsite 1.3 (x86_64): nginx-1.0-1.0.15-0.34.1 - SUSE Lifecycle Management Server 1.3 (x86_64): nginx-1.0-1.0.15-0.34.1 References: https://www.suse.com/security/cve/CVE-2016-1000105.html https://www.suse.com/security/cve/CVE-2016-4450.html https://bugzilla.suse.com/982505 https://bugzilla.suse.com/988491 From sle-updates at lists.suse.com Tue Jan 17 15:08:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Jan 2017 23:08:51 +0100 (CET) Subject: SUSE-RU-2017:0191-1: Recommended update for gnome-control-center Message-ID: <20170117220851.E6E1EF7BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-control-center ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0191-1 Rating: low References: #997832 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-control-center fixes the On/Off switch button in the Mobile Broadband page of the Network panel. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-91=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-91=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-91=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-91=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-91=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gnome-control-center-color-3.20.1-43.13 gnome-control-center-debuginfo-3.20.1-43.13 gnome-control-center-debugsource-3.20.1-43.13 gnome-control-center-goa-3.20.1-43.13 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-control-center-debuginfo-3.20.1-43.13 gnome-control-center-debugsource-3.20.1-43.13 gnome-control-center-devel-3.20.1-43.13 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnome-control-center-3.20.1-43.13 gnome-control-center-debuginfo-3.20.1-43.13 gnome-control-center-debugsource-3.20.1-43.13 gnome-control-center-user-faces-3.20.1-43.13 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gnome-control-center-lang-3.20.1-43.13 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gnome-control-center-3.20.1-43.13 gnome-control-center-debuginfo-3.20.1-43.13 gnome-control-center-debugsource-3.20.1-43.13 gnome-control-center-user-faces-3.20.1-43.13 - SUSE Linux Enterprise Server 12-SP2 (noarch): gnome-control-center-lang-3.20.1-43.13 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-control-center-3.20.1-43.13 gnome-control-center-color-3.20.1-43.13 gnome-control-center-debuginfo-3.20.1-43.13 gnome-control-center-debugsource-3.20.1-43.13 gnome-control-center-goa-3.20.1-43.13 gnome-control-center-user-faces-3.20.1-43.13 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gnome-control-center-lang-3.20.1-43.13 References: https://bugzilla.suse.com/997832 From sle-updates at lists.suse.com Wed Jan 18 10:09:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Jan 2017 18:09:24 +0100 (CET) Subject: SUSE-RU-2017:0196-1: Recommended update for release-notes-susemanager-proxy Message-ID: <20170118170924.4DDF5F7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager-proxy ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0196-1 Rating: low References: #1016696 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: SUSE Manager Proxy 3.0 Release Notes have been updated to document: - New features: * 'Live patching' support - Bugs fixed by latest updates: bsc#967818, bsc#970460, bsc#980752, bsc#986447, bsc#989905, bsc#995764, bsc#996609, bsc#1005924, bsc#1007261, bsc#1008221, bsc#1009004, bsc#1009435, bsc#1009677, bsc#1009749, bsc#1011344, bsc#1012613, bsc#1012761, bsc#1013002, bsc#1015122 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-92=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.0 (x86_64): release-notes-susemanager-proxy-3.0.3-0.21.1 References: https://bugzilla.suse.com/1016696 From sle-updates at lists.suse.com Wed Jan 18 10:09:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Jan 2017 18:09:48 +0100 (CET) Subject: SUSE-RU-2017:0197-1: Recommended update for release-notes-susemanager Message-ID: <20170118170948.8207CF7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0197-1 Rating: low References: #1006556 #1012789 #984447 #984450 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: SUSE Manager 3.0 Release Notes have been updated to document: - New features: * Salt 2015.8.12 * 'Live patching' support * SSH push for Salt * Raspberry Pi channels added - New products: * SLE-POS 12 SP2 * SUSE Enterprise Storage 4 * SUSE OpenStack Cloud 7 * SLE-RT 12 SP2 - Bugs fixed by latest updates: bsc#868132, bsc#959573, bsc#963545, bsc#966888, bsc#967818, bsc#967880, bsc#967881, bsc#968935, bsc#969564, bsc#970460, bsc#972492, bsc#973226, bsc#979053, bsc#979623, bsc#980752, bsc#984447, bsc#984450, bsc#986447, bsc#987579, bsc#989703, bsc#989905, bsc#995764, bsc#996609, bsc#998696, bsc#1005008, bsc#1005924, bsc#1005927, bsc#1006119, bsc#1006556, bsc#1007261, bsc#1007490, bsc#1008480, bsc#1008759, bsc#1009004, bsc#1009006, bsc#1009102, bsc#1009435, bsc#1009677, bsc#1009749, bsc#1009982, bsc#1010049, bsc#1010543, bsc#1010664, bsc#1011317, bsc#1011344, bsc#1011817, bsc#1012761, bsc#1012789, bsc#1013002, bsc#1013551, bsc#1013945, bsc#1015055, bsc#1015122, bsc#1015967 Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-93=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): release-notes-susemanager-3.0.3-0.46.1 References: https://bugzilla.suse.com/1006556 https://bugzilla.suse.com/1012789 https://bugzilla.suse.com/984447 https://bugzilla.suse.com/984450 From sle-updates at lists.suse.com Wed Jan 18 16:08:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 00:08:41 +0100 (CET) Subject: SUSE-RU-2017:0200-1: moderate: Recommended update for webyast-base Message-ID: <20170118230841.80CACF7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for webyast-base ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0200-1 Rating: moderate References: #981769 Affected Products: SUSE Webyast 1.3 SUSE Studio Onsite 1.3 SUSE Lifecycle Management Server 1.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for webyast-base provides the following fixes: - Tell the browser that it must not allow embedding this page to another page via an IFRAME, preventing Clickjacking attacks. (bsc#981769) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-webyast-base-12946=1 - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-webyast-base-12946=1 - SUSE Lifecycle Management Server 1.3: zypper in -t patch sleslms13-webyast-base-12946=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): rubygem-cancan-1.6.7-3.1 rubygem-devise-1.5.3-3.3 rubygem-devise-i18n-0.5.7-3.1 rubygem-devise_unix2_chkpwd_authenticatable-0.4.2-3.2 rubygem-haml-3.1.6-0.9.4.3 rubygem-orm_adapter-0.0.7-3.1 rubygem-ruby-dbus-0.7.2-3.1 rubygem-warden-1.1.0-3.1 rubygem-webyast-rake-tasks-0.3.6-0.5.8 - SUSE Webyast 1.3 (noarch): webyast-base-0.3.43.3-7.20 webyast-base-branding-default-0.3.43.3-7.20 - SUSE Studio Onsite 1.3 (noarch): webyast-base-0.3.43.3-7.20 webyast-base-branding-default-0.3.43.3-7.20 - SUSE Studio Onsite 1.3 (x86_64): rubygem-cancan-1.6.7-3.1 rubygem-devise-1.5.3-3.3 rubygem-devise-i18n-0.5.7-3.1 rubygem-devise_unix2_chkpwd_authenticatable-0.4.2-3.2 rubygem-haml-3.1.6-0.9.4.3 rubygem-orm_adapter-0.0.7-3.1 rubygem-ruby-dbus-0.7.2-3.1 rubygem-warden-1.1.0-3.1 rubygem-webyast-rake-tasks-0.3.6-0.5.8 - SUSE Lifecycle Management Server 1.3 (noarch): webyast-base-0.3.43.3-7.20 webyast-base-branding-default-0.3.43.3-7.20 - SUSE Lifecycle Management Server 1.3 (x86_64): rubygem-cancan-1.6.7-3.1 rubygem-devise-1.5.3-3.3 rubygem-devise-i18n-0.5.7-3.1 rubygem-devise_unix2_chkpwd_authenticatable-0.4.2-3.2 rubygem-haml-3.1.6-0.9.4.3 rubygem-orm_adapter-0.0.7-3.1 rubygem-ruby-dbus-0.7.2-3.1 rubygem-warden-1.1.0-3.1 rubygem-webyast-rake-tasks-0.3.6-0.5.8 References: https://bugzilla.suse.com/981769 From sle-updates at lists.suse.com Wed Jan 18 16:09:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 00:09:11 +0100 (CET) Subject: SUSE-RU-2017:0201-1: Recommended update for polkit-gnome Message-ID: <20170118230911.7F344F7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for polkit-gnome ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0201-1 Rating: low References: #1004637 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for polkit-gnome provides the following fixes: - Do not install polkit-gnome-authentication-agent-1 as an auto-start app. It was originally introduced for gnome-fallback but nowadays is no longer used. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-95=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-95=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-95=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-95=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-95=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): polkit-gnome-0.105-10.1 polkit-gnome-debuginfo-0.105-10.1 polkit-gnome-debugsource-0.105-10.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): polkit-gnome-lang-0.105-10.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): polkit-gnome-0.105-10.1 polkit-gnome-debuginfo-0.105-10.1 polkit-gnome-debugsource-0.105-10.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): polkit-gnome-lang-0.105-10.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): polkit-gnome-0.105-10.1 polkit-gnome-debuginfo-0.105-10.1 polkit-gnome-debugsource-0.105-10.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): polkit-gnome-lang-0.105-10.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): polkit-gnome-lang-0.105-10.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): polkit-gnome-0.105-10.1 polkit-gnome-debuginfo-0.105-10.1 polkit-gnome-debugsource-0.105-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): polkit-gnome-lang-0.105-10.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): polkit-gnome-0.105-10.1 polkit-gnome-debuginfo-0.105-10.1 polkit-gnome-debugsource-0.105-10.1 References: https://bugzilla.suse.com/1004637 From sle-updates at lists.suse.com Wed Jan 18 16:09:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 00:09:41 +0100 (CET) Subject: SUSE-RU-2017:0202-1: Recommended update for dpkg Message-ID: <20170118230941.83459F7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpkg ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0202-1 Rating: low References: #913058 #919233 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dpkg provides the following fixes: - Move tar option --no-recursion before -T. With recent tar changes the --no-recursion option is now positional, and needs to be passed before the -T option, otherwise the tarball will end up with duplicated entries. (bsc#919233) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-94=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-94=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): update-alternatives-1.16.10-12.3.1 update-alternatives-debuginfo-1.16.10-12.3.1 update-alternatives-debugsource-1.16.10-12.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): update-alternatives-1.16.10-12.3.1 update-alternatives-debuginfo-1.16.10-12.3.1 update-alternatives-debugsource-1.16.10-12.3.1 References: https://bugzilla.suse.com/913058 https://bugzilla.suse.com/919233 From sle-updates at lists.suse.com Thu Jan 19 06:08:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 14:08:59 +0100 (CET) Subject: SUSE-SU-2017:0203-1: moderate: Security update for apache2 Message-ID: <20170119130900.034D4F7BF@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0203-1 Rating: moderate References: #1013648 Cross-References: CVE-2016-8740 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2 fixes the following issues: - CVE-2016-8740 Server memory can be exhausted and service denied when HTTP/2 is used [bsc#1013648] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-99=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-99=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-99=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-16.3 apache2-debugsource-2.4.23-16.3 apache2-devel-2.4.23-16.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): apache2-2.4.23-16.3 apache2-debuginfo-2.4.23-16.3 apache2-debugsource-2.4.23-16.3 apache2-example-pages-2.4.23-16.3 apache2-prefork-2.4.23-16.3 apache2-prefork-debuginfo-2.4.23-16.3 apache2-utils-2.4.23-16.3 apache2-utils-debuginfo-2.4.23-16.3 apache2-worker-2.4.23-16.3 apache2-worker-debuginfo-2.4.23-16.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): apache2-doc-2.4.23-16.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): apache2-2.4.23-16.3 apache2-debuginfo-2.4.23-16.3 apache2-debugsource-2.4.23-16.3 apache2-example-pages-2.4.23-16.3 apache2-prefork-2.4.23-16.3 apache2-prefork-debuginfo-2.4.23-16.3 apache2-utils-2.4.23-16.3 apache2-utils-debuginfo-2.4.23-16.3 apache2-worker-2.4.23-16.3 apache2-worker-debuginfo-2.4.23-16.3 - SUSE Linux Enterprise Server 12-SP2 (noarch): apache2-doc-2.4.23-16.3 References: https://www.suse.com/security/cve/CVE-2016-8740.html https://bugzilla.suse.com/1013648 From sle-updates at lists.suse.com Thu Jan 19 06:09:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 14:09:28 +0100 (CET) Subject: SUSE-RU-2017:0204-1: Recommended update for kmod Message-ID: <20170119130928.ADA1BF7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for kmod ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0204-1 Rating: low References: #998906 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kmod fixes a rare race condition while loading modules. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-98=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-98=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-98=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-98=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-98=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-98=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-98=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): kmod-debuginfo-17-8.1 kmod-debugsource-17-8.1 libkmod-devel-17-8.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): kmod-debuginfo-17-8.1 kmod-debugsource-17-8.1 libkmod-devel-17-8.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): kmod-17-8.1 kmod-compat-17-8.1 kmod-debuginfo-17-8.1 kmod-debugsource-17-8.1 libkmod2-17-8.1 libkmod2-debuginfo-17-8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): kmod-17-8.1 kmod-compat-17-8.1 kmod-debuginfo-17-8.1 kmod-debugsource-17-8.1 libkmod2-17-8.1 libkmod2-debuginfo-17-8.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): kmod-17-8.1 kmod-compat-17-8.1 kmod-debuginfo-17-8.1 kmod-debugsource-17-8.1 libkmod2-17-8.1 libkmod2-debuginfo-17-8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): kmod-17-8.1 kmod-compat-17-8.1 kmod-debuginfo-17-8.1 kmod-debugsource-17-8.1 libkmod2-17-8.1 libkmod2-debuginfo-17-8.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): kmod-17-8.1 kmod-compat-17-8.1 kmod-debuginfo-17-8.1 kmod-debugsource-17-8.1 libkmod2-17-8.1 libkmod2-debuginfo-17-8.1 References: https://bugzilla.suse.com/998906 From sle-updates at lists.suse.com Thu Jan 19 06:10:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 14:10:19 +0100 (CET) Subject: SUSE-RU-2017:0205-1: Recommended update for ovmf Message-ID: <20170119131019.5701EF7C8@maintenance.suse.de> SUSE Recommended Update: Recommended update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0205-1 Rating: low References: #1009707 #1013603 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ovmf fixes the following issues: - Update bundled OpenSSL to version 1.0.2j. (bsc#1013603) - Fix bootindex with virtio-blk. (bsc#1009707) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-97=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-97=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ovmf-2015+git1462940744.321151f-14.1 ovmf-tools-2015+git1462940744.321151f-14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): qemu-uefi-aarch64-2015+git1462940744.321151f-14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): ovmf-2015+git1462940744.321151f-14.1 ovmf-tools-2015+git1462940744.321151f-14.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): qemu-ovmf-x86_64-2015+git1462940744.321151f-14.1 qemu-uefi-aarch64-2015+git1462940744.321151f-14.1 References: https://bugzilla.suse.com/1009707 https://bugzilla.suse.com/1013603 From sle-updates at lists.suse.com Thu Jan 19 07:08:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 15:08:41 +0100 (CET) Subject: SUSE-RU-2017:0206-1: Recommended update for valgrind Message-ID: <20170119140841.DAAF4F7BF@maintenance.suse.de> SUSE Recommended Update: Recommended update for valgrind ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0206-1 Rating: low References: #1019536 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for valgrind fixes a crash when inspecting programs linked against the OpenSSL library. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-100=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): valgrind-3.11.0-7.3.1 valgrind-debuginfo-3.11.0-7.3.1 valgrind-debugsource-3.11.0-7.3.1 valgrind-devel-3.11.0-7.3.1 References: https://bugzilla.suse.com/1019536 From sle-updates at lists.suse.com Thu Jan 19 13:08:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 21:08:57 +0100 (CET) Subject: SUSE-RU-2017:0209-1: moderate: Recommended update for libvirt Message-ID: <20170119200857.0A4CFF34F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0209-1 Rating: moderate References: #1001698 #1005288 #956298 #959297 #996020 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libvirt fixes the following issues: - Package org.libvirt.api.policy polkit file (bsc#959297) - Fix postun systemd services cleanup - Mark /etc/libvirt/nwfilter/*.xml files as config files - xenconfig: Fix libvirtd segfault in virConnectDomainXMLToNative (bsc#956298) - libxl: Fix leaking of migration ports (bsc#1005288) - libxl: Fix handling of credit scheduler weight parameter (bsc#1001698) - libxl: Support VIR_MIGRATE_PERSIST_DEST migration flag and advertise support for migration V3 (bsc#996020) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-102=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-102=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-102=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-102=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libvirt-client-32bit-1.2.18.4-18.2 libvirt-client-debuginfo-32bit-1.2.18.4-18.2 libvirt-debugsource-1.2.18.4-18.2 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libvirt-debugsource-1.2.18.4-18.2 libvirt-devel-1.2.18.4-18.2 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libvirt-1.2.18.4-18.2 libvirt-client-1.2.18.4-18.2 libvirt-client-debuginfo-1.2.18.4-18.2 libvirt-daemon-1.2.18.4-18.2 libvirt-daemon-config-network-1.2.18.4-18.2 libvirt-daemon-config-nwfilter-1.2.18.4-18.2 libvirt-daemon-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-interface-1.2.18.4-18.2 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-lxc-1.2.18.4-18.2 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-network-1.2.18.4-18.2 libvirt-daemon-driver-network-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-nodedev-1.2.18.4-18.2 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-nwfilter-1.2.18.4-18.2 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-qemu-1.2.18.4-18.2 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-secret-1.2.18.4-18.2 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-storage-1.2.18.4-18.2 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-18.2 libvirt-daemon-lxc-1.2.18.4-18.2 libvirt-daemon-qemu-1.2.18.4-18.2 libvirt-debugsource-1.2.18.4-18.2 libvirt-doc-1.2.18.4-18.2 libvirt-lock-sanlock-1.2.18.4-18.2 libvirt-lock-sanlock-debuginfo-1.2.18.4-18.2 - SUSE Linux Enterprise Server 12-SP1 (x86_64): libvirt-daemon-driver-libxl-1.2.18.4-18.2 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-18.2 libvirt-daemon-xen-1.2.18.4-18.2 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): libvirt-1.2.18.4-18.2 libvirt-client-1.2.18.4-18.2 libvirt-client-32bit-1.2.18.4-18.2 libvirt-client-debuginfo-1.2.18.4-18.2 libvirt-client-debuginfo-32bit-1.2.18.4-18.2 libvirt-daemon-1.2.18.4-18.2 libvirt-daemon-config-network-1.2.18.4-18.2 libvirt-daemon-config-nwfilter-1.2.18.4-18.2 libvirt-daemon-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-interface-1.2.18.4-18.2 libvirt-daemon-driver-interface-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-libxl-1.2.18.4-18.2 libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-lxc-1.2.18.4-18.2 libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-network-1.2.18.4-18.2 libvirt-daemon-driver-network-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-nodedev-1.2.18.4-18.2 libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-nwfilter-1.2.18.4-18.2 libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-qemu-1.2.18.4-18.2 libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-secret-1.2.18.4-18.2 libvirt-daemon-driver-secret-debuginfo-1.2.18.4-18.2 libvirt-daemon-driver-storage-1.2.18.4-18.2 libvirt-daemon-driver-storage-debuginfo-1.2.18.4-18.2 libvirt-daemon-lxc-1.2.18.4-18.2 libvirt-daemon-qemu-1.2.18.4-18.2 libvirt-daemon-xen-1.2.18.4-18.2 libvirt-debugsource-1.2.18.4-18.2 libvirt-doc-1.2.18.4-18.2 References: https://bugzilla.suse.com/1001698 https://bugzilla.suse.com/1005288 https://bugzilla.suse.com/956298 https://bugzilla.suse.com/959297 https://bugzilla.suse.com/996020 From sle-updates at lists.suse.com Thu Jan 19 13:10:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 21:10:07 +0100 (CET) Subject: SUSE-SU-2017:0210-1: important: Security update for gstreamer-0_10-plugins-good Message-ID: <20170119201007.1AE4CFF0E@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0210-1 Rating: important References: #1012102 #1012103 #1012104 #1013653 #1013655 #1013663 Cross-References: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for gstreamer-0_10-plugins-good fixes the following issues: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104) - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-104=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-104=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gstreamer-0_10-plugins-good-0.10.31-16.1 gstreamer-0_10-plugins-good-debuginfo-0.10.31-16.1 gstreamer-0_10-plugins-good-debugsource-0.10.31-16.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gstreamer-0_10-plugins-good-lang-0.10.31-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-0_10-plugins-good-lang-0.10.31-16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-0_10-plugins-good-0.10.31-16.1 gstreamer-0_10-plugins-good-debuginfo-0.10.31-16.1 gstreamer-0_10-plugins-good-debugsource-0.10.31-16.1 References: https://www.suse.com/security/cve/CVE-2016-9634.html https://www.suse.com/security/cve/CVE-2016-9635.html https://www.suse.com/security/cve/CVE-2016-9636.html https://www.suse.com/security/cve/CVE-2016-9807.html https://www.suse.com/security/cve/CVE-2016-9808.html https://www.suse.com/security/cve/CVE-2016-9810.html https://bugzilla.suse.com/1012102 https://bugzilla.suse.com/1012103 https://bugzilla.suse.com/1012104 https://bugzilla.suse.com/1013653 https://bugzilla.suse.com/1013655 https://bugzilla.suse.com/1013663 From sle-updates at lists.suse.com Thu Jan 19 13:11:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 21:11:19 +0100 (CET) Subject: SUSE-SU-2017:0211-1: moderate: Security update for gstreamer-plugins-base Message-ID: <20170119201119.41B18FF0E@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0211-1 Rating: moderate References: #1013669 Cross-References: CVE-2016-9811 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-plugins-base fixes the following issues: * CVE-2016-9811: Malicious file could could cause an invalid read leading to crash [bsc#1013669] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-103=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-103=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-103=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-103=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-103=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gstreamer-plugins-base-debuginfo-1.8.3-9.6 gstreamer-plugins-base-debuginfo-32bit-1.8.3-9.6 gstreamer-plugins-base-debugsource-1.8.3-9.6 libgstfft-1_0-0-32bit-1.8.3-9.6 libgstfft-1_0-0-debuginfo-32bit-1.8.3-9.6 typelib-1_0-GstAudio-1_0-1.8.3-9.6 typelib-1_0-GstPbutils-1_0-1.8.3-9.6 typelib-1_0-GstTag-1_0-1.8.3-9.6 typelib-1_0-GstVideo-1_0-1.8.3-9.6 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-base-debuginfo-1.8.3-9.6 gstreamer-plugins-base-debugsource-1.8.3-9.6 gstreamer-plugins-base-devel-1.8.3-9.6 typelib-1_0-GstAllocators-1_0-1.8.3-9.6 typelib-1_0-GstApp-1_0-1.8.3-9.6 typelib-1_0-GstAudio-1_0-1.8.3-9.6 typelib-1_0-GstFft-1_0-1.8.3-9.6 typelib-1_0-GstPbutils-1_0-1.8.3-9.6 typelib-1_0-GstRtp-1_0-1.8.3-9.6 typelib-1_0-GstRtsp-1_0-1.8.3-9.6 typelib-1_0-GstSdp-1_0-1.8.3-9.6 typelib-1_0-GstTag-1_0-1.8.3-9.6 typelib-1_0-GstVideo-1_0-1.8.3-9.6 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gstreamer-plugins-base-1.8.3-9.6 gstreamer-plugins-base-debuginfo-1.8.3-9.6 gstreamer-plugins-base-debugsource-1.8.3-9.6 libgstallocators-1_0-0-1.8.3-9.6 libgstallocators-1_0-0-debuginfo-1.8.3-9.6 libgstapp-1_0-0-1.8.3-9.6 libgstapp-1_0-0-debuginfo-1.8.3-9.6 libgstaudio-1_0-0-1.8.3-9.6 libgstaudio-1_0-0-debuginfo-1.8.3-9.6 libgstfft-1_0-0-1.8.3-9.6 libgstfft-1_0-0-debuginfo-1.8.3-9.6 libgstpbutils-1_0-0-1.8.3-9.6 libgstpbutils-1_0-0-debuginfo-1.8.3-9.6 libgstriff-1_0-0-1.8.3-9.6 libgstriff-1_0-0-debuginfo-1.8.3-9.6 libgstrtp-1_0-0-1.8.3-9.6 libgstrtp-1_0-0-debuginfo-1.8.3-9.6 libgstrtsp-1_0-0-1.8.3-9.6 libgstrtsp-1_0-0-debuginfo-1.8.3-9.6 libgstsdp-1_0-0-1.8.3-9.6 libgstsdp-1_0-0-debuginfo-1.8.3-9.6 libgsttag-1_0-0-1.8.3-9.6 libgsttag-1_0-0-debuginfo-1.8.3-9.6 libgstvideo-1_0-0-1.8.3-9.6 libgstvideo-1_0-0-debuginfo-1.8.3-9.6 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gstreamer-plugins-base-lang-1.8.3-9.6 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): gstreamer-plugins-base-1.8.3-9.6 gstreamer-plugins-base-debuginfo-1.8.3-9.6 gstreamer-plugins-base-debugsource-1.8.3-9.6 libgstallocators-1_0-0-1.8.3-9.6 libgstallocators-1_0-0-debuginfo-1.8.3-9.6 libgstapp-1_0-0-1.8.3-9.6 libgstapp-1_0-0-debuginfo-1.8.3-9.6 libgstaudio-1_0-0-1.8.3-9.6 libgstaudio-1_0-0-debuginfo-1.8.3-9.6 libgstfft-1_0-0-1.8.3-9.6 libgstfft-1_0-0-debuginfo-1.8.3-9.6 libgstpbutils-1_0-0-1.8.3-9.6 libgstpbutils-1_0-0-debuginfo-1.8.3-9.6 libgstriff-1_0-0-1.8.3-9.6 libgstriff-1_0-0-debuginfo-1.8.3-9.6 libgstrtp-1_0-0-1.8.3-9.6 libgstrtp-1_0-0-debuginfo-1.8.3-9.6 libgstrtsp-1_0-0-1.8.3-9.6 libgstrtsp-1_0-0-debuginfo-1.8.3-9.6 libgstsdp-1_0-0-1.8.3-9.6 libgstsdp-1_0-0-debuginfo-1.8.3-9.6 libgsttag-1_0-0-1.8.3-9.6 libgsttag-1_0-0-debuginfo-1.8.3-9.6 libgstvideo-1_0-0-1.8.3-9.6 libgstvideo-1_0-0-debuginfo-1.8.3-9.6 - SUSE Linux Enterprise Server 12-SP2 (x86_64): gstreamer-plugins-base-debuginfo-32bit-1.8.3-9.6 libgstapp-1_0-0-32bit-1.8.3-9.6 libgstapp-1_0-0-debuginfo-32bit-1.8.3-9.6 libgstaudio-1_0-0-32bit-1.8.3-9.6 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-9.6 libgstpbutils-1_0-0-32bit-1.8.3-9.6 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-9.6 libgsttag-1_0-0-32bit-1.8.3-9.6 libgsttag-1_0-0-debuginfo-32bit-1.8.3-9.6 libgstvideo-1_0-0-32bit-1.8.3-9.6 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-9.6 - SUSE Linux Enterprise Server 12-SP2 (noarch): gstreamer-plugins-base-lang-1.8.3-9.6 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-plugins-base-1.8.3-9.6 gstreamer-plugins-base-debuginfo-1.8.3-9.6 gstreamer-plugins-base-debuginfo-32bit-1.8.3-9.6 gstreamer-plugins-base-debugsource-1.8.3-9.6 libgstallocators-1_0-0-1.8.3-9.6 libgstallocators-1_0-0-debuginfo-1.8.3-9.6 libgstapp-1_0-0-1.8.3-9.6 libgstapp-1_0-0-32bit-1.8.3-9.6 libgstapp-1_0-0-debuginfo-1.8.3-9.6 libgstapp-1_0-0-debuginfo-32bit-1.8.3-9.6 libgstaudio-1_0-0-1.8.3-9.6 libgstaudio-1_0-0-32bit-1.8.3-9.6 libgstaudio-1_0-0-debuginfo-1.8.3-9.6 libgstaudio-1_0-0-debuginfo-32bit-1.8.3-9.6 libgstfft-1_0-0-1.8.3-9.6 libgstfft-1_0-0-32bit-1.8.3-9.6 libgstfft-1_0-0-debuginfo-1.8.3-9.6 libgstfft-1_0-0-debuginfo-32bit-1.8.3-9.6 libgstpbutils-1_0-0-1.8.3-9.6 libgstpbutils-1_0-0-32bit-1.8.3-9.6 libgstpbutils-1_0-0-debuginfo-1.8.3-9.6 libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-9.6 libgstriff-1_0-0-1.8.3-9.6 libgstriff-1_0-0-debuginfo-1.8.3-9.6 libgstrtp-1_0-0-1.8.3-9.6 libgstrtp-1_0-0-debuginfo-1.8.3-9.6 libgstrtsp-1_0-0-1.8.3-9.6 libgstrtsp-1_0-0-debuginfo-1.8.3-9.6 libgstsdp-1_0-0-1.8.3-9.6 libgstsdp-1_0-0-debuginfo-1.8.3-9.6 libgsttag-1_0-0-1.8.3-9.6 libgsttag-1_0-0-32bit-1.8.3-9.6 libgsttag-1_0-0-debuginfo-1.8.3-9.6 libgsttag-1_0-0-debuginfo-32bit-1.8.3-9.6 libgstvideo-1_0-0-1.8.3-9.6 libgstvideo-1_0-0-32bit-1.8.3-9.6 libgstvideo-1_0-0-debuginfo-1.8.3-9.6 libgstvideo-1_0-0-debuginfo-32bit-1.8.3-9.6 typelib-1_0-GstAudio-1_0-1.8.3-9.6 typelib-1_0-GstPbutils-1_0-1.8.3-9.6 typelib-1_0-GstTag-1_0-1.8.3-9.6 typelib-1_0-GstVideo-1_0-1.8.3-9.6 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-plugins-base-lang-1.8.3-9.6 References: https://www.suse.com/security/cve/CVE-2016-9811.html https://bugzilla.suse.com/1013669 From sle-updates at lists.suse.com Thu Jan 19 13:14:45 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 21:14:45 +0100 (CET) Subject: SUSE-RU-2017:0214-1: Recommended update for rsyslog Message-ID: <20170119201445.3BF25F34F@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0214-1 Rating: low References: #1000488 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issue: - Fixed mutex locking when timeout occurs (bsc#1000488) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-105=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-105=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-105=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): rsyslog-8.4.0-16.2 rsyslog-debuginfo-8.4.0-16.2 rsyslog-debugsource-8.4.0-16.2 rsyslog-diag-tools-8.4.0-16.2 rsyslog-diag-tools-debuginfo-8.4.0-16.2 rsyslog-doc-8.4.0-16.2 rsyslog-module-gssapi-8.4.0-16.2 rsyslog-module-gssapi-debuginfo-8.4.0-16.2 rsyslog-module-gtls-8.4.0-16.2 rsyslog-module-gtls-debuginfo-8.4.0-16.2 rsyslog-module-mysql-8.4.0-16.2 rsyslog-module-mysql-debuginfo-8.4.0-16.2 rsyslog-module-pgsql-8.4.0-16.2 rsyslog-module-pgsql-debuginfo-8.4.0-16.2 rsyslog-module-relp-8.4.0-16.2 rsyslog-module-relp-debuginfo-8.4.0-16.2 rsyslog-module-snmp-8.4.0-16.2 rsyslog-module-snmp-debuginfo-8.4.0-16.2 rsyslog-module-udpspoof-8.4.0-16.2 rsyslog-module-udpspoof-debuginfo-8.4.0-16.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): rsyslog-8.4.0-16.2 rsyslog-debuginfo-8.4.0-16.2 rsyslog-debugsource-8.4.0-16.2 rsyslog-diag-tools-8.4.0-16.2 rsyslog-diag-tools-debuginfo-8.4.0-16.2 rsyslog-doc-8.4.0-16.2 rsyslog-module-gssapi-8.4.0-16.2 rsyslog-module-gssapi-debuginfo-8.4.0-16.2 rsyslog-module-gtls-8.4.0-16.2 rsyslog-module-gtls-debuginfo-8.4.0-16.2 rsyslog-module-mysql-8.4.0-16.2 rsyslog-module-mysql-debuginfo-8.4.0-16.2 rsyslog-module-pgsql-8.4.0-16.2 rsyslog-module-pgsql-debuginfo-8.4.0-16.2 rsyslog-module-relp-8.4.0-16.2 rsyslog-module-relp-debuginfo-8.4.0-16.2 rsyslog-module-snmp-8.4.0-16.2 rsyslog-module-snmp-debuginfo-8.4.0-16.2 rsyslog-module-udpspoof-8.4.0-16.2 rsyslog-module-udpspoof-debuginfo-8.4.0-16.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): rsyslog-8.4.0-16.2 rsyslog-debuginfo-8.4.0-16.2 rsyslog-debugsource-8.4.0-16.2 References: https://bugzilla.suse.com/1000488 From sle-updates at lists.suse.com Thu Jan 19 13:15:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Jan 2017 21:15:11 +0100 (CET) Subject: SUSE-RU-2017:0215-1: Recommended update for rsyslog Message-ID: <20170119201511.1F87BFF0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0215-1 Rating: low References: #1000488 #992146 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rsyslog fixes the following issues: - Fixed mutex locking when timeout occurs (bsc#1000488) - Added support for newer json-c (bsc#992146) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-101=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-101=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): rsyslog-8.4.0-13.3.1 rsyslog-debuginfo-8.4.0-13.3.1 rsyslog-debugsource-8.4.0-13.3.1 rsyslog-diag-tools-8.4.0-13.3.1 rsyslog-diag-tools-debuginfo-8.4.0-13.3.1 rsyslog-doc-8.4.0-13.3.1 rsyslog-module-gssapi-8.4.0-13.3.1 rsyslog-module-gssapi-debuginfo-8.4.0-13.3.1 rsyslog-module-gtls-8.4.0-13.3.1 rsyslog-module-gtls-debuginfo-8.4.0-13.3.1 rsyslog-module-mysql-8.4.0-13.3.1 rsyslog-module-mysql-debuginfo-8.4.0-13.3.1 rsyslog-module-pgsql-8.4.0-13.3.1 rsyslog-module-pgsql-debuginfo-8.4.0-13.3.1 rsyslog-module-relp-8.4.0-13.3.1 rsyslog-module-relp-debuginfo-8.4.0-13.3.1 rsyslog-module-snmp-8.4.0-13.3.1 rsyslog-module-snmp-debuginfo-8.4.0-13.3.1 rsyslog-module-udpspoof-8.4.0-13.3.1 rsyslog-module-udpspoof-debuginfo-8.4.0-13.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): rsyslog-8.4.0-13.3.1 rsyslog-debuginfo-8.4.0-13.3.1 rsyslog-debugsource-8.4.0-13.3.1 References: https://bugzilla.suse.com/1000488 https://bugzilla.suse.com/992146 From sle-updates at lists.suse.com Fri Jan 20 08:08:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 16:08:43 +0100 (CET) Subject: SUSE-RU-2017:0224-1: Recommended update for suse-build-key Message-ID: <20170120150843.92252F34F@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-build-key ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0224-1 Rating: low References: #1014151 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-build-key fixes the following issues: - Updated gpg signing key for the SLE12 build at suse.de key (bsc#1014151) - Added the current security at suse.de key to the keyring - Changed SuSE to SUSE in texts Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-suse-build-key-12947=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): suse-build-key-1.0-907.46.1 References: https://bugzilla.suse.com/1014151 From sle-updates at lists.suse.com Fri Jan 20 09:08:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 17:08:54 +0100 (CET) Subject: SUSE-SU-2017:0225-1: important: Security update for gstreamer-0_10-plugins-good Message-ID: <20170120160854.9DB42F34F@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0225-1 Rating: important References: #1012102 #1012103 #1012104 #1013653 #1013655 #1013663 Cross-References: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: gstreamer-0_10-plugins-good was updated to fix six security issues. These security issues were fixed: - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102) - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103) - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104). - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655) - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653) - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gstreamer-0_10-plugins-good-12948=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gstreamer-0_10-plugins-good-12948=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gstreamer-0_10-plugins-good-0.10.30-5.14.1 gstreamer-0_10-plugins-good-doc-0.10.30-5.14.1 gstreamer-0_10-plugins-good-lang-0.10.30-5.14.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gstreamer-0_10-plugins-good-debuginfo-0.10.30-5.14.1 gstreamer-0_10-plugins-good-debugsource-0.10.30-5.14.1 References: https://www.suse.com/security/cve/CVE-2016-9634.html https://www.suse.com/security/cve/CVE-2016-9635.html https://www.suse.com/security/cve/CVE-2016-9636.html https://www.suse.com/security/cve/CVE-2016-9807.html https://www.suse.com/security/cve/CVE-2016-9808.html https://www.suse.com/security/cve/CVE-2016-9810.html https://bugzilla.suse.com/1012102 https://bugzilla.suse.com/1012103 https://bugzilla.suse.com/1012104 https://bugzilla.suse.com/1013653 https://bugzilla.suse.com/1013655 https://bugzilla.suse.com/1013663 From sle-updates at lists.suse.com Fri Jan 20 09:10:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 17:10:04 +0100 (CET) Subject: SUSE-SU-2017:0226-1: important: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 Message-ID: <20170120161004.76697FF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0226-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.62-60_62 fixes several issues. The following security bugs were fixed: - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-112=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_62-default-5-2.1 kgraft-patch-3_12_62-60_62-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 From sle-updates at lists.suse.com Fri Jan 20 09:11:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 17:11:02 +0100 (CET) Subject: SUSE-SU-2017:0227-1: important: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 Message-ID: <20170120161102.731EAFF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0227-1 Rating: important References: #1012852 #1013543 #1014271 #1019079 Cross-References: CVE-2016-10088 CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.21-69 fixes several issues. The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bsc#1019079). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). before 4.8.14 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-108=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-69-default-3-8.2 References: https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1019079 From sle-updates at lists.suse.com Fri Jan 20 09:12:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 17:12:00 +0100 (CET) Subject: SUSE-SU-2017:0228-1: important: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 Message-ID: <20170120161200.A9B8CFF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0228-1 Rating: important References: #1012852 #1013543 #1014271 #1019079 Cross-References: CVE-2016-10088 CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.21-81 fixes several issues. The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bsc#1019079). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). before 4.8.14 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-110=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-81-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1019079 From sle-updates at lists.suse.com Fri Jan 20 09:12:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 17:12:53 +0100 (CET) Subject: SUSE-SU-2017:0229-1: important: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 Message-ID: <20170120161253.EFF39FF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0229-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.67-60_64_18 fixes several issues. The following security bugs were fixed: - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-111=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_18-default-3-2.1 kgraft-patch-3_12_67-60_64_18-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 From sle-updates at lists.suse.com Fri Jan 20 09:13:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 17:13:46 +0100 (CET) Subject: SUSE-SU-2017:0230-1: important: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 Message-ID: <20170120161346.B7BA1FF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0230-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.59-60_45 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-113=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_45-default-6-2.1 kgraft-patch-3_12_59-60_45-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Fri Jan 20 09:14:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 17:14:49 +0100 (CET) Subject: SUSE-SU-2017:0231-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 Message-ID: <20170120161449.AD5B2FF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0231-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.51-60_25 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-116=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_51-60_25-default-8-2.1 kgraft-patch-3_12_51-60_25-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Fri Jan 20 09:15:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 17:15:51 +0100 (CET) Subject: SUSE-SU-2017:0232-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 Message-ID: <20170120161551.3E40CFF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0232-1 Rating: important References: #1019079 Cross-References: CVE-2016-10088 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.21-90 fixes several issues. The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bsc#1019079). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-109=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-90-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-10088.html https://bugzilla.suse.com/1019079 From sle-updates at lists.suse.com Fri Jan 20 09:16:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 17:16:13 +0100 (CET) Subject: SUSE-SU-2017:0233-1: important: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 Message-ID: <20170120161613.C7EBBFF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0233-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.53-60_30 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-117=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_53-60_30-default-7-2.1 kgraft-patch-3_12_53-60_30-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Fri Jan 20 09:17:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 17:17:19 +0100 (CET) Subject: SUSE-SU-2017:0234-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 Message-ID: <20170120161719.EE972FF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0234-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.57-60_35 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-115=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_57-60_35-default-6-2.1 kgraft-patch-3_12_57-60_35-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Fri Jan 20 09:18:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 17:18:24 +0100 (CET) Subject: SUSE-SU-2017:0235-1: important: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 Message-ID: <20170120161824.624F4FF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0235-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.59-60_41 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-114=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_59-60_41-default-6-2.1 kgraft-patch-3_12_59-60_41-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Fri Jan 20 10:09:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 18:09:12 +0100 (CET) Subject: SUSE-RU-2017:0236-1: Recommended update for crowbar-barclamp-glance Message-ID: <20170120170912.31521F34F@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-glance ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0236-1 Rating: low References: #945043 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-barclamp-glance fixes the following issues: - Allow pass-through of backend storage location in Glance. (bsc#945043) - Fix glance-scrubber to work with insecure SSL for keystone. - Also set registry_client_insecure in glance-{api,cache}.conf. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-glance-12950=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-glance-1.9+git.1464951129.63c94eb-19.1 References: https://bugzilla.suse.com/945043 From sle-updates at lists.suse.com Fri Jan 20 10:09:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 18:09:49 +0100 (CET) Subject: SUSE-SU-2017:0237-1: important: Security update for gstreamer-0_10-plugins-good Message-ID: <20170120170949.51B7AF355@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0237-1 Rating: important References: #1012102 #1012103 #1012104 #1013653 #1013655 #1013663 Cross-References: CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: gstreamer-0_10-plugins-good was updated to fix five security issues. These security issues were fixed: - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103). - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102). - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663). - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655). - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653). To install this update libbz2-1 needs to be installed if it isn't already present on the system. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-118=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-118=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gstreamer-0_10-plugins-good-0.10.31-13.3.3 gstreamer-0_10-plugins-good-debuginfo-0.10.31-13.3.3 gstreamer-0_10-plugins-good-debugsource-0.10.31-13.3.3 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): gstreamer-0_10-plugins-good-lang-0.10.31-13.3.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-0_10-plugins-good-0.10.31-13.3.3 gstreamer-0_10-plugins-good-debuginfo-0.10.31-13.3.3 gstreamer-0_10-plugins-good-debugsource-0.10.31-13.3.3 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-0_10-plugins-good-lang-0.10.31-13.3.3 References: https://www.suse.com/security/cve/CVE-2016-9634.html https://www.suse.com/security/cve/CVE-2016-9635.html https://www.suse.com/security/cve/CVE-2016-9636.html https://www.suse.com/security/cve/CVE-2016-9807.html https://www.suse.com/security/cve/CVE-2016-9808.html https://www.suse.com/security/cve/CVE-2016-9810.html https://bugzilla.suse.com/1012102 https://bugzilla.suse.com/1012103 https://bugzilla.suse.com/1012104 https://bugzilla.suse.com/1013653 https://bugzilla.suse.com/1013655 https://bugzilla.suse.com/1013663 From sle-updates at lists.suse.com Fri Jan 20 10:11:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 18:11:14 +0100 (CET) Subject: SUSE-RU-2017:0238-1: Recommended update for crowbar-barclamp-crowbar Message-ID: <20170120171114.13413FF0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-barclamp-crowbar ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0238-1 Rating: low References: #978060 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar-barclamp-crowbar fixes the following issues: - Improve Cloud 5 to Cloud 6 upgrade. (bsc#978060) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-barclamp-crowbar-12949=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-barclamp-crowbar-1.9+git.1464950317.0e716a6-26.1 References: https://bugzilla.suse.com/978060 From sle-updates at lists.suse.com Fri Jan 20 10:11:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 18:11:43 +0100 (CET) Subject: SUSE-RU-2017:0239-1: Recommended update for crowbar Message-ID: <20170120171143.1CB2EF355@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0239-1 Rating: low References: #988907 Affected Products: SUSE OpenStack Cloud 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crowbar fixes the following issues: - Replace md5 checksum on repository keys with fingerprint. (bsc#988907) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-crowbar-12951=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (noarch): crowbar-1.9+git.1468913503.19dc76f-25.1 crowbar-devel-1.9+git.1468913503.19dc76f-25.1 References: https://bugzilla.suse.com/988907 From sle-updates at lists.suse.com Fri Jan 20 10:12:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 18:12:07 +0100 (CET) Subject: SUSE-RU-2017:0240-1: moderate: Recommended update for yast2, yast2-network Message-ID: <20170120171207.EE100FF0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2, yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0240-1 Rating: moderate References: #1001454 #1005721 #1007172 #1011869 #1012581 #1016004 #962824 #966413 #984890 #996879 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update provides fixes and enhancements for yast2 and yast2-network. yast2: - Add-on module: Do not escape characters like ":" in the path string. (bsc#966413) - Added method to adapt old configuration of enslaved network interfaces. (bsc#962824) - Use canonical path in save_y2logs. (bsc#1001454) - Fix replacement of workflow modules. (bsc#1011869) - Add a method to read the ID property from the /etc/os-release file. (bsc#1016004) yast2-network: - When an interface is enslaved in a bond the udev rule is modified using the bus_id instead of the mac address but some multi-port cards could use the same bus_id. In such cases also the dev_port is needed. Taking this in account the dev_port will be added always when a udev rule based on bus_id is written. (bsc#1007172, bsc#1005721) - Bridge handling has been improved: (bsc#962824) - "NONE" is shown instead of 0.0.0.0 for old bridge configuration. - The bridge master is shown in the enslaved interface. - The interfaces overview is updated after a bridge is modified. - The interfaces enslaved are not lost when save in a different tab. - Do not crash with internal error stating undefined method when switching to "Hostname / DNS" tab when the system contains incorrect configuration of DHCLIENT_SET_HOSTNAME. (bsc#1012581) - New implementation of setting hostname via DHCP. User is allowed to set hostname via particular interface or set a reasonable default value for all interfaces. (bsc#984890) - Fixed the assignment of udev rules to Lan Items when a previous one does not exist. (bsc#996879) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-123=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-123=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-123=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-3.1.211-37.9.2 yast2-network-3.1.172-37.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-3.1.211-37.9.2 yast2-network-3.1.172-37.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-3.1.211-37.9.2 yast2-network-3.1.172-37.3 References: https://bugzilla.suse.com/1001454 https://bugzilla.suse.com/1005721 https://bugzilla.suse.com/1007172 https://bugzilla.suse.com/1011869 https://bugzilla.suse.com/1012581 https://bugzilla.suse.com/1016004 https://bugzilla.suse.com/962824 https://bugzilla.suse.com/966413 https://bugzilla.suse.com/984890 https://bugzilla.suse.com/996879 From sle-updates at lists.suse.com Fri Jan 20 10:14:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 18:14:38 +0100 (CET) Subject: SUSE-RU-2017:0241-1: moderate: Recommended update for virt-manager Message-ID: <20170120171438.C7F25FF0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0241-1 Rating: moderate References: #955924 #978173 #983241 #996020 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for virt-manager fixes the following issues: - Unable to migrate VMs between SLES12 SP1 XEN Hosts with virt-manager (bsc#996020) - KVM guest re-sizing reduces to small window when going from full screen to "Resize to VM" (bsc#955924) - Using eepro1000 emulated driver leads to 'eepro100' is not a valid device model name (bsc#983241) - Cannot install sles-10-sp4 on sles-12-sp1 host (bsc#978173) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-122=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-122=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): virt-install-1.2.1-17.1 virt-manager-1.2.1-17.1 virt-manager-common-1.2.1-17.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): virt-install-1.2.1-17.1 virt-manager-1.2.1-17.1 virt-manager-common-1.2.1-17.1 References: https://bugzilla.suse.com/955924 https://bugzilla.suse.com/978173 https://bugzilla.suse.com/983241 https://bugzilla.suse.com/996020 From sle-updates at lists.suse.com Fri Jan 20 11:08:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 19:08:55 +0100 (CET) Subject: SUSE-SU-2017:0242-1: moderate: Security update for gstreamer-0_10-plugins-base Message-ID: <20170120180855.2B7C9F34F@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0242-1 Rating: moderate References: #1013669 Cross-References: CVE-2016-9811 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-0_10-plugins-base fixes the following issue: - CVE-2016-9811: out of bounds memory read in windows_icon_typefind (bsc#1013669) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-124=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-124=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-124=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-124=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-14.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gstreamer-0_10-plugins-base-0.10.36-14.1 gstreamer-0_10-plugins-base-debuginfo-0.10.36-14.1 gstreamer-0_10-plugins-base-debugsource-0.10.36-14.1 libgstapp-0_10-0-0.10.36-14.1 libgstapp-0_10-0-debuginfo-0.10.36-14.1 libgstinterfaces-0_10-0-0.10.36-14.1 libgstinterfaces-0_10-0-debuginfo-0.10.36-14.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-0.10.36-14.1 gstreamer-0_10-plugins-base-debugsource-0.10.36-14.1 gstreamer-0_10-plugins-base-devel-0.10.36-14.1 typelib-1_0-GstApp-0_10-0.10.36-14.1 typelib-1_0-GstInterfaces-0_10-0.10.36-14.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-14.1 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-14.1 gstreamer-0_10-plugins-base-debugsource-0.10.36-14.1 libgstapp-0_10-0-32bit-0.10.36-14.1 libgstapp-0_10-0-debuginfo-32bit-0.10.36-14.1 libgstinterfaces-0_10-0-32bit-0.10.36-14.1 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-14.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-0_10-plugins-base-0.10.36-14.1 gstreamer-0_10-plugins-base-32bit-0.10.36-14.1 gstreamer-0_10-plugins-base-debuginfo-0.10.36-14.1 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-14.1 gstreamer-0_10-plugins-base-debugsource-0.10.36-14.1 libgstapp-0_10-0-0.10.36-14.1 libgstapp-0_10-0-32bit-0.10.36-14.1 libgstapp-0_10-0-debuginfo-0.10.36-14.1 libgstapp-0_10-0-debuginfo-32bit-0.10.36-14.1 libgstinterfaces-0_10-0-0.10.36-14.1 libgstinterfaces-0_10-0-32bit-0.10.36-14.1 libgstinterfaces-0_10-0-debuginfo-0.10.36-14.1 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-14.1 References: https://www.suse.com/security/cve/CVE-2016-9811.html https://bugzilla.suse.com/1013669 From sle-updates at lists.suse.com Fri Jan 20 13:08:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Jan 2017 21:08:23 +0100 (CET) Subject: SUSE-RU-2017:0243-1: Recommended update for iprutils Message-ID: <20170120200823.B80F6F34F@maintenance.suse.de> SUSE Recommended Update: Recommended update for iprutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0243-1 Rating: low References: #1005173 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for iprutils provides the following fixes: - Pass disk name to format string in scsi_err()'s error message, fixing potential segmentation fault. (bsc#1005173) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-iprutils-12952=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-iprutils-12952=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-iprutils-12952=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): iprutils-2.4.1-12.3 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 x86_64): iprutils-2.4.1-12.3 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 x86_64): iprutils-debuginfo-2.4.1-12.3 iprutils-debugsource-2.4.1-12.3 References: https://bugzilla.suse.com/1005173 From sle-updates at lists.suse.com Sat Jan 21 07:08:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Jan 2017 15:08:31 +0100 (CET) Subject: SUSE-SU-2017:0244-1: important: Security update for Linux Kernel Live Patch 12 for SLE 12 Message-ID: <20170121140831.F2023FF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 12 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0244-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-130=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-130=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_42-default-5-2.1 kgraft-patch-3_12_55-52_42-xen-5-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_42-default-5-2.1 kgraft-patch-3_12_55-52_42-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Sat Jan 21 07:09:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Jan 2017 15:09:42 +0100 (CET) Subject: SUSE-SU-2017:0245-1: important: Security update for Linux Kernel Live Patch 16 for SLE 12 Message-ID: <20170121140942.6F91FFF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 16 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0245-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.60-52_57 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-126=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-126=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_57-default-3-2.1 kgraft-patch-3_12_60-52_57-xen-3-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_57-default-3-2.1 kgraft-patch-3_12_60-52_57-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Sat Jan 21 07:10:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Jan 2017 15:10:46 +0100 (CET) Subject: SUSE-SU-2017:0246-1: important: Security update for Linux Kernel Live Patch 15 for SLE 12 Message-ID: <20170121141046.15E1AFF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 15 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0246-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-127=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-127=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_54-default-5-2.1 kgraft-patch-3_12_60-52_54-xen-5-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_54-default-5-2.1 kgraft-patch-3_12_60-52_54-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Sat Jan 21 07:11:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Jan 2017 15:11:50 +0100 (CET) Subject: SUSE-SU-2017:0247-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 Message-ID: <20170121141150.B69AFFF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0247-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.51-52_34 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-131=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-131=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_34-default-8-2.1 kgraft-patch-3_12_51-52_34-xen-8-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_34-default-8-2.1 kgraft-patch-3_12_51-52_34-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Sat Jan 21 07:12:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Jan 2017 15:12:53 +0100 (CET) Subject: SUSE-SU-2017:0248-1: important: Security update for Linux Kernel Live Patch 14 for SLE 12 Message-ID: <20170121141253.66F57FF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 14 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0248-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-128=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-128=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_49-default-5-2.1 kgraft-patch-3_12_60-52_49-xen-5-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_49-default-5-2.1 kgraft-patch-3_12_60-52_49-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Sat Jan 21 07:13:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Jan 2017 15:13:58 +0100 (CET) Subject: SUSE-SU-2017:0249-1: important: Security update for Linux Kernel Live Patch 13 for SLE 12 Message-ID: <20170121141358.8955FFF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 13 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0249-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-129=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-129=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_55-52_45-default-5-2.1 kgraft-patch-3_12_55-52_45-xen-5-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_55-52_45-default-5-2.1 kgraft-patch-3_12_55-52_45-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Mon Jan 23 06:09:09 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jan 2017 14:09:09 +0100 (CET) Subject: SUSE-RU-2017:0253-1: moderate: Recommended update for grub2 Message-ID: <20170123130909.A3053F34F@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0253-1 Rating: moderate References: #1004324 #1004398 #1004959 #1008545 #1008568 #1015599 #899465 #998097 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for grub2 provides the following fixes: - Ensure that the path starts with / and has no //. (bsc#1015599) - Load lvm module to support Xen PV booting from LVM volumes. (bsc#1004324) - Fix ARMv7 configuration issues that could lead to unbootable systems. (bsc#1008568) - Fix potential crash when booting ARMv7 systems. (bsc#1008545) - Add support for netboot on arm64-efi platforms. (bsc#998097) - Add support for booting huge pv-domains to grub-xen. (bsc#1004398, bsc#899465) - Build arm-efi and arm64-efi for openSUSE. (bsc#1004959) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-135=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-135=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-135=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): grub2-2.02~beta2-113.1 grub2-arm64-efi-2.02~beta2-113.1 grub2-debuginfo-2.02~beta2-113.1 grub2-debugsource-2.02~beta2-113.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-113.1 grub2-systemd-sleep-plugin-2.02~beta2-113.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): grub2-2.02~beta2-113.1 grub2-debuginfo-2.02~beta2-113.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): grub2-debugsource-2.02~beta2-113.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-113.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64): grub2-arm64-efi-2.02~beta2-113.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): grub2-i386-pc-2.02~beta2-113.1 grub2-x86_64-efi-2.02~beta2-113.1 grub2-x86_64-xen-2.02~beta2-113.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-113.1 grub2-systemd-sleep-plugin-2.02~beta2-113.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-113.1 grub2-systemd-sleep-plugin-2.02~beta2-113.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): grub2-2.02~beta2-113.1 grub2-debuginfo-2.02~beta2-113.1 grub2-debugsource-2.02~beta2-113.1 grub2-i386-pc-2.02~beta2-113.1 grub2-x86_64-efi-2.02~beta2-113.1 grub2-x86_64-xen-2.02~beta2-113.1 References: https://bugzilla.suse.com/1004324 https://bugzilla.suse.com/1004398 https://bugzilla.suse.com/1004959 https://bugzilla.suse.com/1008545 https://bugzilla.suse.com/1008568 https://bugzilla.suse.com/1015599 https://bugzilla.suse.com/899465 https://bugzilla.suse.com/998097 From sle-updates at lists.suse.com Mon Jan 23 06:11:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jan 2017 14:11:19 +0100 (CET) Subject: SUSE-RU-2017:0254-1: Recommended update for libpfm Message-ID: <20170123131119.6FF31F34F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpfm ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0254-1 Rating: low References: #1017407 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update adds a few useful utilities to libpfm-devel: check_events, evt2raw and showevtinfo. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-134=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-134=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-134=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-134=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-134=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpfm-debugsource-4.6.0-5.1 libpfm-devel-4.6.0-5.1 libpfm-devel-static-4.6.0-5.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): libpfm-debugsource-4.6.0-5.1 libpfm-devel-4.6.0-5.1 libpfm-devel-static-4.6.0-5.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpfm-debugsource-4.6.0-5.1 libpfm4-4.6.0-5.1 libpfm4-debuginfo-4.6.0-5.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpfm-debugsource-4.6.0-5.1 libpfm4-4.6.0-5.1 libpfm4-debuginfo-4.6.0-5.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libpfm4-32bit-4.6.0-5.1 libpfm4-debuginfo-32bit-4.6.0-5.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpfm-debugsource-4.6.0-5.1 libpfm4-4.6.0-5.1 libpfm4-debuginfo-4.6.0-5.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libpfm4-32bit-4.6.0-5.1 libpfm4-debuginfo-32bit-4.6.0-5.1 References: https://bugzilla.suse.com/1017407 From sle-updates at lists.suse.com Mon Jan 23 08:08:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jan 2017 16:08:49 +0100 (CET) Subject: SUSE-SU-2017:0255-1: moderate: Security update for ntp Message-ID: <20170123150849.767BDFF28@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0255-1 Rating: moderate References: #1009434 #1011377 #1011390 #1011395 #1011398 #1011404 #1011406 #1011411 #1011417 #943216 #956365 #981252 #988028 #992038 #992606 Cross-References: CVE-2015-5219 CVE-2015-8139 CVE-2015-8140 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has three fixes is now available. Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-8140: ntpq vulnerable to replay attacks. - CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in "trap" (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in "sntp -a" (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-ntp-12953=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-ntp-12953=1 - SUSE Manager 2.1: zypper in -t patch sleman21-ntp-12953=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-ntp-12953=1 - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-ntp-12953=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ntp-12953=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ntp-12953=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-ntp-12953=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): ntp-4.2.8p9-48.9.1 ntp-doc-4.2.8p9-48.9.1 - SUSE Manager Proxy 2.1 (x86_64): ntp-4.2.8p9-48.9.1 ntp-doc-4.2.8p9-48.9.1 - SUSE Manager 2.1 (s390x x86_64): ntp-4.2.8p9-48.9.1 ntp-doc-4.2.8p9-48.9.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): ntp-4.2.8p9-48.9.1 ntp-doc-4.2.8p9-48.9.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): ntp-4.2.8p9-48.9.1 ntp-doc-4.2.8p9-48.9.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ntp-4.2.8p9-48.9.1 ntp-doc-4.2.8p9-48.9.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ntp-debuginfo-4.2.8p9-48.9.1 ntp-debugsource-4.2.8p9-48.9.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): ntp-debuginfo-4.2.8p9-48.9.1 ntp-debugsource-4.2.8p9-48.9.1 References: https://www.suse.com/security/cve/CVE-2015-5219.html https://www.suse.com/security/cve/CVE-2015-8139.html https://www.suse.com/security/cve/CVE-2015-8140.html https://www.suse.com/security/cve/CVE-2016-7426.html https://www.suse.com/security/cve/CVE-2016-7427.html https://www.suse.com/security/cve/CVE-2016-7428.html https://www.suse.com/security/cve/CVE-2016-7429.html https://www.suse.com/security/cve/CVE-2016-7431.html https://www.suse.com/security/cve/CVE-2016-7433.html https://www.suse.com/security/cve/CVE-2016-7434.html https://www.suse.com/security/cve/CVE-2016-9310.html https://www.suse.com/security/cve/CVE-2016-9311.html https://bugzilla.suse.com/1009434 https://bugzilla.suse.com/1011377 https://bugzilla.suse.com/1011390 https://bugzilla.suse.com/1011395 https://bugzilla.suse.com/1011398 https://bugzilla.suse.com/1011404 https://bugzilla.suse.com/1011406 https://bugzilla.suse.com/1011411 https://bugzilla.suse.com/1011417 https://bugzilla.suse.com/943216 https://bugzilla.suse.com/956365 https://bugzilla.suse.com/981252 https://bugzilla.suse.com/988028 https://bugzilla.suse.com/992038 https://bugzilla.suse.com/992606 From sle-updates at lists.suse.com Mon Jan 23 08:12:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jan 2017 16:12:20 +0100 (CET) Subject: SUSE-SU-2017:0256-1: moderate: Security update for icu Message-ID: <20170123151220.F3DC0FF0E@maintenance.suse.de> SUSE Security Update: Security update for icu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0256-1 Rating: moderate References: #1012224 Cross-References: CVE-2014-9911 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for icu fixes the following security issues: - Passing a locale string longer than 255 characters to uloc_getDisplayName() could have caused a buffer overflow resulting in denial of service or possible code execution (bsc#1012224, CVE-2014-9911). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-icu-12954=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-icu-12954=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-icu-12954=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libicu-devel-4.0-43.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libicu-devel-32bit-4.0-43.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): icu-4.0-43.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): libicu-32bit-4.0-43.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libicu-4.0-43.1 libicu-doc-4.0-43.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libicu-32bit-4.0-43.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libicu-x86-4.0-43.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): icu-debuginfo-4.0-43.1 icu-debugsource-4.0-43.1 References: https://www.suse.com/security/cve/CVE-2014-9911.html https://bugzilla.suse.com/1012224 From sle-updates at lists.suse.com Mon Jan 23 09:11:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jan 2017 17:11:44 +0100 (CET) Subject: SUSE-SU-2017:0263-1: moderate: Security update for gstreamer-0_10-plugins-base Message-ID: <20170123161144.9D692FF0E@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0263-1 Rating: moderate References: #1013669 Cross-References: CVE-2016-9811 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: gstreamer-0_10-plugins-base was updated to fix one issue. This security issue was fixed: * CVE-2016-9811: Out of bounds memory read in windows_icon_typefind (bsc#1013669). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-139=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-139=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-139=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-139=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gstreamer-0_10-plugins-base-0.10.36-11.3.1 gstreamer-0_10-plugins-base-debuginfo-0.10.36-11.3.1 gstreamer-0_10-plugins-base-debugsource-0.10.36-11.3.1 libgstapp-0_10-0-0.10.36-11.3.1 libgstapp-0_10-0-debuginfo-0.10.36-11.3.1 libgstinterfaces-0_10-0-0.10.36-11.3.1 libgstinterfaces-0_10-0-debuginfo-0.10.36-11.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-11.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-0.10.36-11.3.1 gstreamer-0_10-plugins-base-debugsource-0.10.36-11.3.1 gstreamer-0_10-plugins-base-devel-0.10.36-11.3.1 typelib-1_0-GstApp-0_10-0.10.36-11.3.1 typelib-1_0-GstInterfaces-0_10-0.10.36-11.3.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): gstreamer-0_10-plugins-base-32bit-0.10.36-11.3.1 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-11.3.1 libgstapp-0_10-0-32bit-0.10.36-11.3.1 libgstapp-0_10-0-debuginfo-32bit-0.10.36-11.3.1 libgstinterfaces-0_10-0-32bit-0.10.36-11.3.1 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-11.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-0_10-plugins-base-lang-0.10.36-11.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-0_10-plugins-base-0.10.36-11.3.1 gstreamer-0_10-plugins-base-32bit-0.10.36-11.3.1 gstreamer-0_10-plugins-base-debuginfo-0.10.36-11.3.1 gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.36-11.3.1 gstreamer-0_10-plugins-base-debugsource-0.10.36-11.3.1 libgstapp-0_10-0-0.10.36-11.3.1 libgstapp-0_10-0-32bit-0.10.36-11.3.1 libgstapp-0_10-0-debuginfo-0.10.36-11.3.1 libgstapp-0_10-0-debuginfo-32bit-0.10.36-11.3.1 libgstinterfaces-0_10-0-0.10.36-11.3.1 libgstinterfaces-0_10-0-32bit-0.10.36-11.3.1 libgstinterfaces-0_10-0-debuginfo-0.10.36-11.3.1 libgstinterfaces-0_10-0-debuginfo-32bit-0.10.36-11.3.1 References: https://www.suse.com/security/cve/CVE-2016-9811.html https://bugzilla.suse.com/1013669 From sle-updates at lists.suse.com Mon Jan 23 09:12:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jan 2017 17:12:10 +0100 (CET) Subject: SUSE-SU-2017:0264-1: moderate: Security update for openssh Message-ID: <20170123161210.5316FFF0E@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0264-1 Rating: moderate References: #1005480 #1005893 #1006221 #1016366 #1016368 #1016369 #1016370 Cross-References: CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-8858 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: This update for openssh fixes several issues. These security issues were fixed: - CVE-2016-8858: The kex_input_kexinit function in kex.c allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests (bsc#1005480). - CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) did not ensure that a bounds check is enforced by all compilers, which might allowed local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures (bsc#1016370). - CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c allowed remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket (bsc#1016366). - CVE-2016-10010: When forwarding unix domain sockets with privilege separation disabled, the resulting sockets have be created as 'root' instead of the authenticated user. Forwarding unix domain sockets without privilege separation enabled is now rejected. - CVE-2016-10011: authfile.c in sshd did not properly consider the effects of realloc on buffer contents, which might allowed local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process (bsc#1016369). These non-security issues were fixed: - Adjusted suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in configuration (bsc#1005893) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-138=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-138=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-138=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openssh-7.2p2-66.1 openssh-askpass-gnome-7.2p2-66.3 openssh-askpass-gnome-debuginfo-7.2p2-66.3 openssh-debuginfo-7.2p2-66.1 openssh-debugsource-7.2p2-66.1 openssh-fips-7.2p2-66.1 openssh-helpers-7.2p2-66.1 openssh-helpers-debuginfo-7.2p2-66.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): openssh-7.2p2-66.1 openssh-askpass-gnome-7.2p2-66.3 openssh-askpass-gnome-debuginfo-7.2p2-66.3 openssh-debuginfo-7.2p2-66.1 openssh-debugsource-7.2p2-66.1 openssh-fips-7.2p2-66.1 openssh-helpers-7.2p2-66.1 openssh-helpers-debuginfo-7.2p2-66.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): openssh-7.2p2-66.1 openssh-askpass-gnome-7.2p2-66.3 openssh-askpass-gnome-debuginfo-7.2p2-66.3 openssh-debuginfo-7.2p2-66.1 openssh-debugsource-7.2p2-66.1 openssh-helpers-7.2p2-66.1 openssh-helpers-debuginfo-7.2p2-66.1 References: https://www.suse.com/security/cve/CVE-2016-10009.html https://www.suse.com/security/cve/CVE-2016-10010.html https://www.suse.com/security/cve/CVE-2016-10011.html https://www.suse.com/security/cve/CVE-2016-10012.html https://www.suse.com/security/cve/CVE-2016-8858.html https://bugzilla.suse.com/1005480 https://bugzilla.suse.com/1005893 https://bugzilla.suse.com/1006221 https://bugzilla.suse.com/1016366 https://bugzilla.suse.com/1016368 https://bugzilla.suse.com/1016369 https://bugzilla.suse.com/1016370 From sle-updates at lists.suse.com Mon Jan 23 13:08:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Jan 2017 21:08:21 +0100 (CET) Subject: SUSE-RU-2017:0266-1: Recommended update for Portus Message-ID: <20170123200821.CB0FFFF0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for Portus ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0266-1 Rating: low References: #1005594 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides Portus 2.1.1, which brings several fixes and enhancements. Backward incompatible changes: - Moved the machine FQDN from secrets.yml to config.yml. - Deprecated the usage of "x.minutes" strings in configuration values. In future versions this syntax will be forbidden. Fixes: - Use the full repository name in the 'portus:update_tags' task. - Fixed a regression on assets handling. - Fixed handling of the "*" action from the registry. - Various fixes in LDAP support. - Discard pagination for CSV activities. - Make sure that Portus admins are always team owners. - User names are no longer allowed to clash with teams. - Redirect back to accessed page on successful login. - Fixes on the crono job. - Multiple fixes in portusctl. - Show the "I forgot my password" link when the signup is disabled. Improvements: - Notification messages are now more consistent. - Order users by username on the admin panel. - Better reflect updates on Docker images. - General improvements and fixes on the UI/UX. - Allow the admin to provide extra filter options in LDAP lookup. - Password length is no longer checked by Portus in LDAP. - Relaxed the requirements for user names, and removed the conflicts of user names in LDAP. - Introduce the 'display_name' option. - Allow administrators to turn off smtp authentication. - Added an external hostname field to allow for events to come from other named services. - Added a help section to the menu. - Introduced more optional user restrictions. - Added the registry.catalog_page option. - Added option to disable change of visibility. - The signup form can now be disabled, and users can be created by the admin directly. - Added internal policy for namespaces. - Added namespaces and teams to search. - Admins can now change the ownership of a namespace. - Display the git tag, branch/commit or version when possible. - Now logs are redirected to the standard output. - Added the ability to add comments on repositories. - Virtual/hidden teams are no longer counted for the "number of teams"-column under admin/users. - Added rake tasks for creating a registry, updating digests and showing general information. - Added man pages for portusctl. - Register more activities. Features: - Fixes and improvements on Docker Distribution support. - Implemented user removal. - Implemented the removal of images and tags. - Showing the image ID and the digest of docker images. - Implemented webhook support. - Introduce application tokens. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-140=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (x86_64): portus-2.1.1-14.1 portus-debuginfo-2.1.1-14.1 portus-debugsource-2.1.1-14.1 References: https://bugzilla.suse.com/1005594 From sle-updates at lists.suse.com Tue Jan 24 04:09:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Jan 2017 12:09:00 +0100 (CET) Subject: SUSE-SU-2017:0267-1: important: Security update for Linux Kernel Live Patch 17 for SLE 12 Message-ID: <20170124110900.A9E9EFF28@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 17 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0267-1 Rating: important References: #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.60-52_60 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-142=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-142=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_60-default-2-2.1 kgraft-patch-3_12_60-52_60-xen-2-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_60-default-2-2.1 kgraft-patch-3_12_60-52_60-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Tue Jan 24 04:10:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Jan 2017 12:10:06 +0100 (CET) Subject: SUSE-SU-2017:0268-1: important: Security update for Linux Kernel Live Patch 11 for SLE 12 Message-ID: <20170124111006.88795FF0E@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 11 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0268-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 #1017589 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 CVE-2016-9806 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.51-52_39 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-141=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-141=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_51-52_39-default-7-2.1 kgraft-patch-3_12_51-52_39-xen-7-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_51-52_39-default-7-2.1 kgraft-patch-3_12_51-52_39-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Tue Jan 24 07:08:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Jan 2017 15:08:34 +0100 (CET) Subject: SUSE-RU-2017:0271-1: Recommended update for yast2-network Message-ID: <20170124140834.D8516F34F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0271-1 Rating: low References: #1005721 #1007172 #968692 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-network provides the following fixes: - Improved parsing of VLAN IDs that are longer than one character. (bsc#968692) - When an interface is enslaved in a bond the udev rule is modified using the bus_id instead of the mac address but some multiport cards could use the same bus_id. In such cases also the dev_port is needed. Taking this in account the dev_port will be added always when a udev rule based on bus_id is written. (bsc#1007172, bsc#1005721) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-144=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-144=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-144=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): yast2-network-devel-doc-3.1.140.10-29.3 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): yast2-network-3.1.140.10-29.3 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): yast2-network-3.1.140.10-29.3 References: https://bugzilla.suse.com/1005721 https://bugzilla.suse.com/1007172 https://bugzilla.suse.com/968692 From sle-updates at lists.suse.com Tue Jan 24 07:09:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Jan 2017 15:09:37 +0100 (CET) Subject: SUSE-RU-2017:0272-1: Recommended update for yum Message-ID: <20170124140937.291B9FF0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for yum ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0272-1 Rating: low References: #1012867 Affected Products: SUSE Manager Server 3.0 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yum provides the following fixes: - Fix parse restart_suggested flag required for SUSE Manager. (bsc#1012867) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-143=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-143=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-143=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-143=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-143=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-143=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (x86_64): yum-3.4.3-16.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): python-yum-3.4.3-16.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): python-yum-3.4.3-16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): python-yum-3.4.3-16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): python-yum-3.4.3-16.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): python-yum-3.4.3-16.1 References: https://bugzilla.suse.com/1012867 From sle-updates at lists.suse.com Tue Jan 24 16:08:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Jan 2017 00:08:29 +0100 (CET) Subject: SUSE-RU-2017:0273-1: Recommended update for yast2-ruby-bindings Message-ID: <20170124230829.A59C2F34F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ruby-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0273-1 Rating: low References: #1014458 #945299 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-ruby-bindings fixes the following issues: - Do not crash when FastGettext is unable to find the empty.mo file (bsc#1014458) - Fix 'method to_s called on terminated object' message during package installation (bsc#945299) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-145=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-145=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): yast2-ruby-bindings-3.1.24.2-3.1 yast2-ruby-bindings-debuginfo-3.1.24.2-3.1 yast2-ruby-bindings-debugsource-3.1.24.2-3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): yast2-ruby-bindings-3.1.24.2-3.1 yast2-ruby-bindings-debuginfo-3.1.24.2-3.1 yast2-ruby-bindings-debugsource-3.1.24.2-3.1 References: https://bugzilla.suse.com/1014458 https://bugzilla.suse.com/945299 From sle-updates at lists.suse.com Tue Jan 24 16:09:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Jan 2017 00:09:14 +0100 (CET) Subject: SUSE-RU-2017:0274-1: Recommended update for yast2-ruby-bindings Message-ID: <20170124230914.440B1FF0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ruby-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0274-1 Rating: low References: #1014458 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-ruby-bindings fixes the following issues: - Do not crash when FastGettext is unable to find the empty.mo file (bsc#1014458) - Improved debugger support (FATE#318421) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-146=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-146=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-146=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): yast2-ruby-bindings-3.1.51.2-9.3.1 yast2-ruby-bindings-debuginfo-3.1.51.2-9.3.1 yast2-ruby-bindings-debugsource-3.1.51.2-9.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): yast2-ruby-bindings-3.1.51.2-9.3.1 yast2-ruby-bindings-debuginfo-3.1.51.2-9.3.1 yast2-ruby-bindings-debugsource-3.1.51.2-9.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): yast2-ruby-bindings-3.1.51.2-9.3.1 yast2-ruby-bindings-debuginfo-3.1.51.2-9.3.1 yast2-ruby-bindings-debugsource-3.1.51.2-9.3.1 References: https://bugzilla.suse.com/1014458 From sle-updates at lists.suse.com Tue Jan 24 18:08:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Jan 2017 02:08:32 +0100 (CET) Subject: SUSE-RU-2017:0275-1: important: Recommended update for openssh Message-ID: <20170125010832.9625DFF0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0275-1 Rating: important References: #1021626 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - A previous update contained a logic flaw that broke OpenSSH's interpretation of the "DenyUser" config option. That regression could have lead to an exact inversion of the intended meaning, i.e. OpenSSH could have locked out all users except the one that was supposed to be denied access. [bsc#1021626] Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-147=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-147=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-147=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openssh-7.2p2-69.1 openssh-askpass-gnome-7.2p2-69.3 openssh-askpass-gnome-debuginfo-7.2p2-69.3 openssh-debuginfo-7.2p2-69.1 openssh-debugsource-7.2p2-69.1 openssh-fips-7.2p2-69.1 openssh-helpers-7.2p2-69.1 openssh-helpers-debuginfo-7.2p2-69.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): openssh-7.2p2-69.1 openssh-askpass-gnome-7.2p2-69.3 openssh-askpass-gnome-debuginfo-7.2p2-69.3 openssh-debuginfo-7.2p2-69.1 openssh-debugsource-7.2p2-69.1 openssh-fips-7.2p2-69.1 openssh-helpers-7.2p2-69.1 openssh-helpers-debuginfo-7.2p2-69.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): openssh-7.2p2-69.1 openssh-askpass-gnome-7.2p2-69.3 openssh-askpass-gnome-debuginfo-7.2p2-69.3 openssh-debuginfo-7.2p2-69.1 openssh-debugsource-7.2p2-69.1 openssh-helpers-7.2p2-69.1 openssh-helpers-debuginfo-7.2p2-69.1 References: https://bugzilla.suse.com/1021626 From sle-updates at lists.suse.com Wed Jan 25 04:09:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Jan 2017 12:09:07 +0100 (CET) Subject: SUSE-SU-2017:0278-1: important: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 Message-ID: <20170125110907.EADC0FF28@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0278-1 Rating: important References: #1012852 #1013543 #1013604 #1014271 Cross-References: CVE-2016-8632 CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues. The following security bugs were fixed: - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-148=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_62-60_64_8-default-4-2.1 kgraft-patch-3_12_62-60_64_8-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1012852 https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 From sle-updates at lists.suse.com Wed Jan 25 05:08:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Jan 2017 13:08:50 +0100 (CET) Subject: SUSE-SU-2017:0279-1: important: Security update for systemd Message-ID: <20170125120850.F01B9FF0E@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0279-1 Rating: important References: #1012266 #1014560 #1014566 #1020601 #997682 Cross-References: CVE-2016-10156 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for systemd fixes the following issues: This security issue was fixed: - CVE-2016-10156: Fix permissions set on permanent timer timestamp files, preventing local unprivileged users from escalating privileges (bsc#1020601). These non-security issues were fixed: - Fix permission set on /var/lib/systemd/linger/* - install: follow config_path symlink (#3362) - install: fix disable when /etc/systemd/system is a symlink (bsc#1014560) - run: make --slice= work in conjunction with --scope (bsc#1014566) - core: don't dispatch load queue when setting Slice= for transient units - systemctl: remove duplicate entries showed by list-dependencies (#5049) (bsc#1012266) - rule: don't automatically online standby memory on s390x (bsc#997682) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-149=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-149=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-149=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-149=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libudev-devel-228-132.1 systemd-debuginfo-228-132.1 systemd-debugsource-228-132.1 systemd-devel-228-132.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsystemd0-228-132.1 libsystemd0-debuginfo-228-132.1 libudev1-228-132.1 libudev1-debuginfo-228-132.1 systemd-228-132.1 systemd-debuginfo-228-132.1 systemd-debugsource-228-132.1 systemd-sysvinit-228-132.1 udev-228-132.1 udev-debuginfo-228-132.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): systemd-bash-completion-228-132.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libsystemd0-228-132.1 libsystemd0-debuginfo-228-132.1 libudev1-228-132.1 libudev1-debuginfo-228-132.1 systemd-228-132.1 systemd-debuginfo-228-132.1 systemd-debugsource-228-132.1 systemd-sysvinit-228-132.1 udev-228-132.1 udev-debuginfo-228-132.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libsystemd0-32bit-228-132.1 libsystemd0-debuginfo-32bit-228-132.1 libudev1-32bit-228-132.1 libudev1-debuginfo-32bit-228-132.1 systemd-32bit-228-132.1 systemd-debuginfo-32bit-228-132.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): systemd-bash-completion-228-132.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsystemd0-228-132.1 libsystemd0-32bit-228-132.1 libsystemd0-debuginfo-228-132.1 libsystemd0-debuginfo-32bit-228-132.1 libudev1-228-132.1 libudev1-32bit-228-132.1 libudev1-debuginfo-228-132.1 libudev1-debuginfo-32bit-228-132.1 systemd-228-132.1 systemd-32bit-228-132.1 systemd-debuginfo-228-132.1 systemd-debuginfo-32bit-228-132.1 systemd-debugsource-228-132.1 systemd-sysvinit-228-132.1 udev-228-132.1 udev-debuginfo-228-132.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): systemd-bash-completion-228-132.1 References: https://www.suse.com/security/cve/CVE-2016-10156.html https://bugzilla.suse.com/1012266 https://bugzilla.suse.com/1014560 https://bugzilla.suse.com/1014566 https://bugzilla.suse.com/1020601 https://bugzilla.suse.com/997682 From sle-updates at lists.suse.com Wed Jan 25 11:08:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Jan 2017 19:08:50 +0100 (CET) Subject: SUSE-SU-2017:0286-1: moderate: Security update for pcsc-lite Message-ID: <20170125180850.4BAA1FF0E@maintenance.suse.de> SUSE Security Update: Security update for pcsc-lite ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0286-1 Rating: moderate References: #1017902 Cross-References: CVE-2016-10109 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: pcsc-lite was updated to fix one security issue. This security issue was fixed: - CVE-2016-10109: This use-after-free and double-free issue allowed local attacker to cause a Denial of Service and possible privilege escalation (bsc#1017902). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-150=1 - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-150=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-150=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-150=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-150=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-150=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-150=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libpcsclite1-32bit-1.8.10-6.1 libpcsclite1-debuginfo-32bit-1.8.10-6.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): libpcsclite1-32bit-1.8.10-6.1 libpcsclite1-debuginfo-32bit-1.8.10-6.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libpcscspy0-1.8.10-6.1 libpcscspy0-debuginfo-1.8.10-6.1 pcsc-lite-debuginfo-1.8.10-6.1 pcsc-lite-debugsource-1.8.10-6.1 pcsc-lite-devel-1.8.10-6.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpcsclite1-1.8.10-6.1 libpcsclite1-debuginfo-1.8.10-6.1 pcsc-lite-1.8.10-6.1 pcsc-lite-debuginfo-1.8.10-6.1 pcsc-lite-debugsource-1.8.10-6.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): libpcsclite1-1.8.10-6.1 libpcsclite1-debuginfo-1.8.10-6.1 pcsc-lite-1.8.10-6.1 pcsc-lite-debuginfo-1.8.10-6.1 pcsc-lite-debugsource-1.8.10-6.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): libpcsclite1-1.8.10-6.1 libpcsclite1-debuginfo-1.8.10-6.1 pcsc-lite-1.8.10-6.1 pcsc-lite-debuginfo-1.8.10-6.1 pcsc-lite-debugsource-1.8.10-6.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpcsclite1-1.8.10-6.1 libpcsclite1-32bit-1.8.10-6.1 libpcsclite1-debuginfo-1.8.10-6.1 libpcsclite1-debuginfo-32bit-1.8.10-6.1 pcsc-lite-1.8.10-6.1 pcsc-lite-debuginfo-1.8.10-6.1 pcsc-lite-debugsource-1.8.10-6.1 References: https://www.suse.com/security/cve/CVE-2016-10109.html https://bugzilla.suse.com/1017902 From sle-updates at lists.suse.com Wed Jan 25 16:08:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jan 2017 00:08:30 +0100 (CET) Subject: SUSE-RU-2017:0288-1: Recommended update for kernel-firmware Message-ID: <20170125230830.17DA1F34F@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0288-1 Rating: low References: #1010690 #968878 #975328 #975894 #993846 #993873 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for kernel-firmware brings newer firmware versions for several devices: - QLogic qla2xxx firmware was updated to version 08.04.00. - QLogic qed/qede firmware was updated to version 8.10.5.0. - Chelsio cxgb4 firmware was updated to version 1.15.37.0. - ASoC Intel SST Atom firmwares to version 20161201. - Intel SKL audio and graphics updates. - Intel Bluetooth 7265 and 8265. - Intel OPA hfi1. - NVidia GM200, GM204, GM206 and GM20B. - Radeon and amdgpu. - AMD family 15h processors. - Wireless devices: Atheros AR3012, ath10k, rtlwifi, wl18xx, rt2800usb, rt2800pci. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-151=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-151=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (noarch): kernel-firmware-20160516git-10.5.1 ucode-amd-20160516git-10.5.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): kernel-firmware-20160516git-10.5.1 ucode-amd-20160516git-10.5.1 References: https://bugzilla.suse.com/1010690 https://bugzilla.suse.com/968878 https://bugzilla.suse.com/975328 https://bugzilla.suse.com/975894 https://bugzilla.suse.com/993846 https://bugzilla.suse.com/993873 From sle-updates at lists.suse.com Wed Jan 25 18:08:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jan 2017 02:08:31 +0100 (CET) Subject: SUSE-SU-2017:0289-1: moderate: Security update for gstreamer-0_10-plugins-base Message-ID: <20170126010831.61D0EF34F@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0289-1 Rating: moderate References: #1013669 Cross-References: CVE-2016-9811 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-0_10-plugins-base fixes the following issue: - CVE-2016-9811: Out of bounds memory read in windows_icon_typefind (bsc#1013669). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gstreamer-0_10-plugins-base-12955=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gstreamer-0_10-plugins-base-12955=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gstreamer-0_10-plugins-base-12955=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gstreamer-0_10-plugins-base-devel-0.10.35-5.17.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gstreamer-0_10-plugins-base-0.10.35-5.17.1 gstreamer-0_10-plugins-base-doc-0.10.35-5.17.1 gstreamer-0_10-plugins-base-lang-0.10.35-5.17.1 libgstapp-0_10-0-0.10.35-5.17.1 libgstinterfaces-0_10-0-0.10.35-5.17.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): gstreamer-0_10-plugins-base-32bit-0.10.35-5.17.1 libgstapp-0_10-0-32bit-0.10.35-5.17.1 libgstinterfaces-0_10-0-32bit-0.10.35-5.17.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): gstreamer-0_10-plugins-base-x86-0.10.35-5.17.1 libgstapp-0_10-0-x86-0.10.35-5.17.1 libgstinterfaces-0_10-0-x86-0.10.35-5.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-0.10.35-5.17.1 gstreamer-0_10-plugins-base-debugsource-0.10.35-5.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): gstreamer-0_10-plugins-base-debuginfo-32bit-0.10.35-5.17.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gstreamer-0_10-plugins-base-debuginfo-x86-0.10.35-5.17.1 References: https://www.suse.com/security/cve/CVE-2016-9811.html https://bugzilla.suse.com/1013669 From sle-updates at lists.suse.com Thu Jan 26 08:09:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jan 2017 16:09:11 +0100 (CET) Subject: SUSE-SU-2017:0292-1: moderate: Security update for dbus-1 Message-ID: <20170126150911.BDAC5FF3B@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0292-1 Rating: moderate References: #1003898 #1018556 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc#1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus. - Fix a memory leak when GetConnectionCredentials() succeeds (fdo#91008) - Ensure that dbus-monitor does not reply to messages intended for others (fdo#90952) - Add locking to DBusCounter's reference count and notify function (fdo#89297) - Ensure that DBusTransport's reference count is protected by the corresponding DBusConnection's lock (fdo#90312) - Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms (fdo#90021) - Correctly initialize all fields of DBusTypeReader (fdo#90021) - Fix some missing \n in verbose (debug log) messages (fdo#90004) - Clean up some memory leaks in test code (fdo#90021) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-153=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-153=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-153=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-153=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): dbus-1-debuginfo-1.8.22-24.2.1 dbus-1-debugsource-1.8.22-24.2.1 dbus-1-devel-1.8.22-24.2.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): dbus-1-devel-doc-1.8.22-24.2.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): dbus-1-1.8.22-24.2.1 dbus-1-debuginfo-1.8.22-24.2.1 dbus-1-debugsource-1.8.22-24.2.1 dbus-1-x11-1.8.22-24.2.1 dbus-1-x11-debuginfo-1.8.22-24.2.1 dbus-1-x11-debugsource-1.8.22-24.2.1 libdbus-1-3-1.8.22-24.2.1 libdbus-1-3-debuginfo-1.8.22-24.2.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): dbus-1-1.8.22-24.2.1 dbus-1-debuginfo-1.8.22-24.2.1 dbus-1-debugsource-1.8.22-24.2.1 dbus-1-x11-1.8.22-24.2.1 dbus-1-x11-debuginfo-1.8.22-24.2.1 dbus-1-x11-debugsource-1.8.22-24.2.1 libdbus-1-3-1.8.22-24.2.1 libdbus-1-3-debuginfo-1.8.22-24.2.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): dbus-1-debuginfo-32bit-1.8.22-24.2.1 libdbus-1-3-32bit-1.8.22-24.2.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.2.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): dbus-1-1.8.22-24.2.1 dbus-1-debuginfo-1.8.22-24.2.1 dbus-1-debuginfo-32bit-1.8.22-24.2.1 dbus-1-debugsource-1.8.22-24.2.1 dbus-1-x11-1.8.22-24.2.1 dbus-1-x11-debuginfo-1.8.22-24.2.1 dbus-1-x11-debugsource-1.8.22-24.2.1 libdbus-1-3-1.8.22-24.2.1 libdbus-1-3-32bit-1.8.22-24.2.1 libdbus-1-3-debuginfo-1.8.22-24.2.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.2.1 References: https://bugzilla.suse.com/1003898 https://bugzilla.suse.com/1018556 From sle-updates at lists.suse.com Thu Jan 26 12:08:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jan 2017 20:08:40 +0100 (CET) Subject: SUSE-SU-2017:0293-1: important: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 Message-ID: <20170126190840.0D295FF36@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0293-1 Rating: important References: #1013543 #1014271 #1019079 Cross-References: CVE-2016-10088 CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.21-84 fixes several issues. The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bsc#1019079). - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). before 4.8.14 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-154=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-84-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1014271 https://bugzilla.suse.com/1019079 From sle-updates at lists.suse.com Thu Jan 26 12:09:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Jan 2017 20:09:28 +0100 (CET) Subject: SUSE-SU-2017:0294-1: important: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 Message-ID: <20170126190928.0ECBEFF3B@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 10 for SLE 12 SP1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0294-1 Rating: important References: #1013543 #1013604 #1014271 Cross-References: CVE-2016-9576 CVE-2016-9794 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following security bugs were fixed: - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543). - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-155=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-3_12_67-60_64_21-default-2-2.1 kgraft-patch-3_12_67-60_64_21-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-9576.html https://www.suse.com/security/cve/CVE-2016-9794.html https://bugzilla.suse.com/1013543 https://bugzilla.suse.com/1013604 https://bugzilla.suse.com/1014271 From sle-updates at lists.suse.com Fri Jan 27 09:09:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jan 2017 17:09:36 +0100 (CET) Subject: SUSE-RU-2017:0295-1: Recommended update for yast2-ruby-bindings Message-ID: <20170127160936.E7E39FF36@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-ruby-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0295-1 Rating: low References: #1014458 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-ruby-bindings fixes the following issue: - Do not crash when FastGettext is unable to find the empty.mo file (bsc#1014458) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-156=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-156=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): yast2-ruby-bindings-3.1.40.1-2.3.1 yast2-ruby-bindings-debuginfo-3.1.40.1-2.3.1 yast2-ruby-bindings-debugsource-3.1.40.1-2.3.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): yast2-ruby-bindings-3.1.40.1-2.3.1 yast2-ruby-bindings-debuginfo-3.1.40.1-2.3.1 yast2-ruby-bindings-debugsource-3.1.40.1-2.3.1 References: https://bugzilla.suse.com/1014458 From sle-updates at lists.suse.com Fri Jan 27 12:08:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jan 2017 20:08:57 +0100 (CET) Subject: SUSE-RU-2017:0299-1: moderate: Recommended update for SUSE Manager Proxy 2.1 Message-ID: <20170127190857.4451AFF36@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0299-1 Rating: moderate References: #1009435 #1009677 #1011344 #989905 #995764 Affected Products: SUSE Manager Proxy 2.1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: spacewalk-backend: - Add symlink for manpage to SUSE name of program. (bsc#1009435) - Fix selection of primary interface. (bsc#1009677) - Assign orphaned vendor packages to the default org. (bsc#995764) spacewalk-certs-tools: - Allow passing multiple GPG keys to mgr-bootstrap. (bsc#989905) spacewalk-web: - Hides 'Save/Clear' buttons when no changes are present in action chain lists. - Fix plus/minus buttons in action chain list. (bsc#1011344) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-suse-manager-proxy-21-201701-12956=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 2.1 (x86_64): spacewalk-backend-2.1.55.27-30.1 spacewalk-backend-libs-2.1.55.27-30.1 - SUSE Manager Proxy 2.1 (noarch): spacewalk-base-minimal-2.1.60.16-18.1 spacewalk-base-minimal-config-2.1.60.16-18.1 spacewalk-certs-tools-2.1.6.13-27.1 References: https://bugzilla.suse.com/1009435 https://bugzilla.suse.com/1009677 https://bugzilla.suse.com/1011344 https://bugzilla.suse.com/989905 https://bugzilla.suse.com/995764 From sle-updates at lists.suse.com Fri Jan 27 12:10:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jan 2017 20:10:08 +0100 (CET) Subject: SUSE-RU-2017:0300-1: moderate: Recommended update for cobbler Message-ID: <20170127191008.65D52FF3B@maintenance.suse.de> SUSE Recommended Update: Recommended update for cobbler ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0300-1 Rating: moderate References: #1003895 #988889 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cobbler fixes the following issues: - Using "chain.c32" instead of "LOCALBOOT -1" for the local boot entry in pxe menu. (bsc#988889) - Fix ZIPL boot loader on S390. (bsc#1003895) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-cobbler-12956=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-cobbler-12956=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.67.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.67.1 References: https://bugzilla.suse.com/1003895 https://bugzilla.suse.com/988889 From sle-updates at lists.suse.com Fri Jan 27 12:10:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jan 2017 20:10:47 +0100 (CET) Subject: SUSE-RU-2017:0301-1: moderate: Recommended update for SUSE Manager Server 2.1 Message-ID: <20170127191047.D96CAFF3B@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 2.1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0301-1 Rating: moderate References: #1002776 #1003895 #1004717 #1006170 #1006556 #1006786 #1007490 #1009102 #1009435 #1009677 #1010020 #1010664 #1011344 #1011817 #1015414 #1017351 #868132 #966888 #968935 #971342 #973226 #984447 #984450 #988889 #989905 #995764 Affected Products: SUSE Manager 2.1 ______________________________________________________________________________ An update that has 26 recommended fixes can now be installed. Description: This update fixes the following issues: cobbler: - Using "chain.c32" instead of "LOCALBOOT -1" for the local boot entry in pxe menu. (bsc#988889) - Fix ZIPL boot loader on S390. (bsc#1003895) spacewalk-backend: - Add symlink for manpage to SUSE name of program. (bsc#1009435) - Fix selection of primary interface. (bsc#1009677) - Assign orphaned vendor packages to the default org. (bsc#995764) spacewalk-branding: - Differentiate writable/non-writable fields. (bsc#868132) - Fix checkbox icon align. (bsc#966888) - Remove markup in auto-installation warning messages. (bsc#1006170) - Add a link to action details in single patch schedule notification. (bsc#971342) - Add a link to system pending events in patch schedule notification for a single system. (bsc#971342) - Align-top radio button with base product. - Make SPMigration button text more consistent. spacewalk-certs-tools: - Allow passing multiple GPG keys to mgr-bootstrap. (bsc#989905) spacewalk-java: - SPMigration: Don't break API interface (bsc#1017351) - Fix checkbox icon align. (bsc#966888) - Hides 'Save/Clear' buttons when no changes are present in action chain lists. - Fix plus/minus buttons in action chain list. (bsc#1011344) - Fix misleading message on system reboot schedule in SSM. (bsc#1011817) - Increment 'earliest' date by a millisecond between chain actions. (bsc#973226) - Fix SSM reboot action success messages. (bsc#968935) - Unittests: Support SUSE Manager Server on aarch64. (bsc#1002776) - Update 'view/modify file' action buttons text. (bsc#1009102) - Clarify button label. (bsc#1010664) - Check and fix also the assigned repository while updating the channels. (bsc#1007490) - Match url including query parameter separator to have a definitive end of the path component. (bsc#1007490) - Add a link to action details in single patch schedule notification. (bsc#971342) - Add a link to system pending events in patch schedule notification for a single system. (bsc#971342) - CVE Audit: Tolerate null products. (bsc#1004717) - Fix autoyast upgrade mode. (bsc#1006786) - Add a Back button for SPMigration wizard. spacewalk-web: - Hides 'Save/Clear' buttons when no changes are present in action chain lists. - Fix plus/minus buttons in action chain list. (bsc#1011344) susemanager: - Create bootstrap repository for SLES for SAP ppc64le. - Support creating bootstrap repositories for SLE12 SP2 family. (bsc#1010020) susemanager-sync-data: - Support SLES for SAP on ppc64le. (bsc#1015414) - Add Raspberry Pi channels to SUSE Manager. - Add support for SUSE Enterprise Storage 4, SUSE OpenStack Cloud 7 and SLE-RT 12 SP2. (bsc#1006556, bsc#984450, bsc#984447) - Support SUSE Manager Server on aarch64. (bsc#1002776) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager 2.1: zypper in -t patch sleman21-suse-manager-21-201701-12956=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager 2.1 (s390x x86_64): cobbler-2.2.2-0.67.1 spacewalk-backend-2.1.55.27-30.1 spacewalk-backend-app-2.1.55.27-30.1 spacewalk-backend-applet-2.1.55.27-30.1 spacewalk-backend-config-files-2.1.55.27-30.1 spacewalk-backend-config-files-common-2.1.55.27-30.1 spacewalk-backend-config-files-tool-2.1.55.27-30.1 spacewalk-backend-iss-2.1.55.27-30.1 spacewalk-backend-iss-export-2.1.55.27-30.1 spacewalk-backend-libs-2.1.55.27-30.1 spacewalk-backend-package-push-server-2.1.55.27-30.1 spacewalk-backend-server-2.1.55.27-30.1 spacewalk-backend-sql-2.1.55.27-30.1 spacewalk-backend-sql-oracle-2.1.55.27-30.1 spacewalk-backend-sql-postgresql-2.1.55.27-30.1 spacewalk-backend-tools-2.1.55.27-30.1 spacewalk-backend-xml-export-libs-2.1.55.27-30.1 spacewalk-backend-xmlrpc-2.1.55.27-30.1 spacewalk-branding-2.1.33.19-27.1 susemanager-2.1.26-29.1 susemanager-tools-2.1.26-29.1 - SUSE Manager 2.1 (noarch): spacewalk-base-2.1.60.16-18.1 spacewalk-base-minimal-2.1.60.16-18.1 spacewalk-base-minimal-config-2.1.60.16-18.1 spacewalk-certs-tools-2.1.6.13-27.1 spacewalk-grail-2.1.60.16-18.1 spacewalk-html-2.1.60.16-18.1 spacewalk-java-2.1.165.28-31.1 spacewalk-java-config-2.1.165.28-31.1 spacewalk-java-lib-2.1.165.28-31.1 spacewalk-java-oracle-2.1.165.28-31.1 spacewalk-java-postgresql-2.1.165.28-31.1 spacewalk-pxt-2.1.60.16-18.1 spacewalk-sniglets-2.1.60.16-18.1 spacewalk-taskomatic-2.1.165.28-31.1 susemanager-sync-data-2.1.19-42.1 References: https://bugzilla.suse.com/1002776 https://bugzilla.suse.com/1003895 https://bugzilla.suse.com/1004717 https://bugzilla.suse.com/1006170 https://bugzilla.suse.com/1006556 https://bugzilla.suse.com/1006786 https://bugzilla.suse.com/1007490 https://bugzilla.suse.com/1009102 https://bugzilla.suse.com/1009435 https://bugzilla.suse.com/1009677 https://bugzilla.suse.com/1010020 https://bugzilla.suse.com/1010664 https://bugzilla.suse.com/1011344 https://bugzilla.suse.com/1011817 https://bugzilla.suse.com/1015414 https://bugzilla.suse.com/1017351 https://bugzilla.suse.com/868132 https://bugzilla.suse.com/966888 https://bugzilla.suse.com/968935 https://bugzilla.suse.com/971342 https://bugzilla.suse.com/973226 https://bugzilla.suse.com/984447 https://bugzilla.suse.com/984450 https://bugzilla.suse.com/988889 https://bugzilla.suse.com/989905 https://bugzilla.suse.com/995764 From sle-updates at lists.suse.com Fri Jan 27 14:08:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jan 2017 22:08:13 +0100 (CET) Subject: SUSE-SU-2017:0302-1: moderate: Security update for bash Message-ID: <20170127210813.3981AFF36@maintenance.suse.de> SUSE Security Update: Security update for bash ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0302-1 Rating: moderate References: #1000396 #1001299 #959755 #971410 Cross-References: CVE-2016-0634 CVE-2016-7543 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for bash fixes the following issues: - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables. (bsc#1001299) - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expanded in the prompt. (bsc#1000396) The following bugs were fixed: - bsc#971410: Scripts could terminate unexpectedly due to mishandled recursive traps. - bsc#959755: Clarify that the files /etc/profile as well as /etc/bash.bashrc may source other files as well even if the bash does not. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bash-12959=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-bash-12959=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bash-12959=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): readline-devel-5.2-147.29.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): readline-devel-32bit-5.2-147.29.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libreadline5-5.2-147.29.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): bash-3.2-147.29.1 bash-doc-3.2-147.29.1 libreadline5-5.2-147.29.1 readline-doc-5.2-147.29.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libreadline5-32bit-5.2-147.29.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): bash-x86-3.2-147.29.1 libreadline5-x86-5.2-147.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bash-debuginfo-3.2-147.29.1 bash-debugsource-3.2-147.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): bash-debuginfo-x86-3.2-147.29.1 References: https://www.suse.com/security/cve/CVE-2016-0634.html https://www.suse.com/security/cve/CVE-2016-7543.html https://bugzilla.suse.com/1000396 https://bugzilla.suse.com/1001299 https://bugzilla.suse.com/959755 https://bugzilla.suse.com/971410 From sle-updates at lists.suse.com Fri Jan 27 14:09:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jan 2017 22:09:29 +0100 (CET) Subject: SUSE-SU-2017:0303-1: important: Security update for Linux Kernel Live Patch 18 for SLE 12 Message-ID: <20170127210929.B5D3AFF3B@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 18 for SLE 12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0303-1 Rating: important References: #1017589 Cross-References: CVE-2016-9806 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 3.12.60-52_63 fixes several issues. The following security bugs were fixed: - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-161=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-161=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): kgraft-patch-3_12_60-52_63-default-2-2.1 kgraft-patch-3_12_60-52_63-xen-2-2.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_63-default-2-2.1 kgraft-patch-3_12_60-52_63-xen-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-9806.html https://bugzilla.suse.com/1017589 From sle-updates at lists.suse.com Fri Jan 27 14:09:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jan 2017 22:09:55 +0100 (CET) Subject: SUSE-SU-2017:0304-1: important: Security update for gnutls Message-ID: <20170127210955.AD468FF3B@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0304-1 Rating: important References: #1005879 #1018832 #961491 Cross-References: CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for gnutls fixes the following issues: - Malformed asn1 definitions could cause a segmentation fault in the asn1 definition parser (bsc#961491). - CVE-2016-8610: Remote denial of service in SSL alert handling (bsc#1005879). - CVE-2017-5335: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5336: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). - CVE-2017-5337: Decoding a specially crafted OpenPGP certificate could have lead to heap and stack overflows (bsc#1018832). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gnutls-12957=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gnutls-12957=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-gnutls-12957=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gnutls-12957=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgnutls-devel-2.4.1-24.39.67.1 libgnutls-extra-devel-2.4.1-24.39.67.1 libgnutls-extra26-2.4.1-24.39.67.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gnutls-2.4.1-24.39.67.1 libgnutls-extra26-2.4.1-24.39.67.1 libgnutls26-2.4.1-24.39.67.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libgnutls26-32bit-2.4.1-24.39.67.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libgnutls26-x86-2.4.1-24.39.67.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64 s390x x86_64): libgnutls-extra26-2.4.1-24.39.67.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gnutls-debuginfo-2.4.1-24.39.67.1 gnutls-debugsource-2.4.1-24.39.67.1 References: https://www.suse.com/security/cve/CVE-2016-8610.html https://www.suse.com/security/cve/CVE-2017-5335.html https://www.suse.com/security/cve/CVE-2017-5336.html https://www.suse.com/security/cve/CVE-2017-5337.html https://bugzilla.suse.com/1005879 https://bugzilla.suse.com/1018832 https://bugzilla.suse.com/961491 From sle-updates at lists.suse.com Fri Jan 27 14:10:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Jan 2017 22:10:48 +0100 (CET) Subject: SUSE-SU-2017:0305-1: moderate: Security update for GraphicsMagick Message-ID: <20170127211048.4F7BAFF3B@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0305-1 Rating: moderate References: #1009318 #1011130 #1011136 #1013640 #1017421 Cross-References: CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9830 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for GraphicsMagick fixes the following issues: * CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8866 Possible memory allocation failure in AcquireMagickMemory [bsc#1009318] * CVE-2016-9830: Memory allocation failure in MagickRealloc (memory.c) (bsc#1013640). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-12958=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-12958=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-12958=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.59.1 libGraphicsMagick2-1.2.5-4.59.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.59.1 libGraphicsMagick2-1.2.5-4.59.1 perl-GraphicsMagick-1.2.5-4.59.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.59.1 GraphicsMagick-debugsource-1.2.5-4.59.1 References: https://www.suse.com/security/cve/CVE-2016-8866.html https://www.suse.com/security/cve/CVE-2016-9556.html https://www.suse.com/security/cve/CVE-2016-9559.html https://www.suse.com/security/cve/CVE-2016-9830.html https://bugzilla.suse.com/1009318 https://bugzilla.suse.com/1011130 https://bugzilla.suse.com/1011136 https://bugzilla.suse.com/1013640 https://bugzilla.suse.com/1017421 From sle-updates at lists.suse.com Fri Jan 27 17:09:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Jan 2017 01:09:08 +0100 (CET) Subject: SUSE-SU-2017:0307-1: important: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 Message-ID: <20170128000909.0B156FF36@maintenance.suse.de> SUSE Security Update: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0307-1 Rating: important References: #1019079 Cross-References: CVE-2016-10088 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel fixes one security issue: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1017710). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-162=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_38-93-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2016-10088.html https://bugzilla.suse.com/1019079 From sle-updates at lists.suse.com Mon Jan 30 08:09:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Jan 2017 16:09:00 +0100 (CET) Subject: SUSE-RU-2017:0329-1: Recommended update for star Message-ID: <20170130150900.4FAC7FF36@maintenance.suse.de> SUSE Recommended Update: Recommended update for star ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0329-1 Rating: low References: #1014065 #918021 #935569 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for star provides the following fixes: - Set extended attributes after chown(), as recent Linux kernels reset them with a chown() call. (bsc#1014065) - Flush the verbose file stream before checking for missing links. Prevents mixed output when the user redirects star's standard error to standard output and pipe it to tee(1). (bsc#935569) - star(1) outputs contents of an archive to standard error instead of standard output. (bsc#918021) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-star-12960=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-star-12960=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): star-1.5final-28.23.27.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): star-debuginfo-1.5final-28.23.27.1 star-debugsource-1.5final-28.23.27.1 References: https://bugzilla.suse.com/1014065 https://bugzilla.suse.com/918021 https://bugzilla.suse.com/935569 From sle-updates at lists.suse.com Mon Jan 30 09:08:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Jan 2017 17:08:43 +0100 (CET) Subject: SUSE-SU-2017:0330-1: moderate: Security update for gstreamer-0_10-plugins-bad Message-ID: <20170130160843.90655FF40@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-bad ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0330-1 Rating: moderate References: #1013659 Cross-References: CVE-2016-9809 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-0_10-plugins-bad fixes the following issue: - CVE-2016-9809: Off by one read in gst_h264_parse_set_caps() (bsc#1013659) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-167=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-167=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-167=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gstreamer-0_10-plugins-bad-lang-0.10.23-25.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gstreamer-0_10-plugins-bad-0.10.23-25.1 gstreamer-0_10-plugins-bad-debuginfo-0.10.23-25.1 gstreamer-0_10-plugins-bad-debuginfo-32bit-0.10.23-25.1 gstreamer-0_10-plugins-bad-debugsource-0.10.23-25.1 libgstbasecamerabinsrc-0_10-23-0.10.23-25.1 libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-25.1 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-25.1 libgstbasecamerabinsrc-0_10-23-debuginfo-32bit-0.10.23-25.1 libgstbasevideo-0_10-23-0.10.23-25.1 libgstbasevideo-0_10-23-32bit-0.10.23-25.1 libgstbasevideo-0_10-23-debuginfo-0.10.23-25.1 libgstbasevideo-0_10-23-debuginfo-32bit-0.10.23-25.1 libgstcodecparsers-0_10-23-0.10.23-25.1 libgstcodecparsers-0_10-23-debuginfo-0.10.23-25.1 libgstphotography-0_10-23-0.10.23-25.1 libgstphotography-0_10-23-32bit-0.10.23-25.1 libgstphotography-0_10-23-debuginfo-0.10.23-25.1 libgstphotography-0_10-23-debuginfo-32bit-0.10.23-25.1 libgstsignalprocessor-0_10-23-0.10.23-25.1 libgstsignalprocessor-0_10-23-32bit-0.10.23-25.1 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-25.1 libgstsignalprocessor-0_10-23-debuginfo-32bit-0.10.23-25.1 libgstvdp-0_10-23-0.10.23-25.1 libgstvdp-0_10-23-32bit-0.10.23-25.1 libgstvdp-0_10-23-debuginfo-0.10.23-25.1 libgstvdp-0_10-23-debuginfo-32bit-0.10.23-25.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gstreamer-0_10-plugins-bad-debuginfo-0.10.23-25.1 gstreamer-0_10-plugins-bad-debugsource-0.10.23-25.1 gstreamer-0_10-plugins-bad-devel-0.10.23-25.1 libgstbasecamerabinsrc-0_10-23-0.10.23-25.1 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-25.1 libgstbasevideo-0_10-23-0.10.23-25.1 libgstbasevideo-0_10-23-debuginfo-0.10.23-25.1 libgstcodecparsers-0_10-23-0.10.23-25.1 libgstcodecparsers-0_10-23-debuginfo-0.10.23-25.1 libgstphotography-0_10-23-0.10.23-25.1 libgstphotography-0_10-23-debuginfo-0.10.23-25.1 libgstsignalprocessor-0_10-23-0.10.23-25.1 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-25.1 libgstvdp-0_10-23-0.10.23-25.1 libgstvdp-0_10-23-debuginfo-0.10.23-25.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gstreamer-0_10-plugins-bad-lang-0.10.23-25.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gstreamer-0_10-plugins-bad-0.10.23-25.1 gstreamer-0_10-plugins-bad-debuginfo-0.10.23-25.1 gstreamer-0_10-plugins-bad-debuginfo-32bit-0.10.23-25.1 gstreamer-0_10-plugins-bad-debugsource-0.10.23-25.1 libgstbasecamerabinsrc-0_10-23-0.10.23-25.1 libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-25.1 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-25.1 libgstbasecamerabinsrc-0_10-23-debuginfo-32bit-0.10.23-25.1 libgstbasevideo-0_10-23-0.10.23-25.1 libgstbasevideo-0_10-23-32bit-0.10.23-25.1 libgstbasevideo-0_10-23-debuginfo-0.10.23-25.1 libgstbasevideo-0_10-23-debuginfo-32bit-0.10.23-25.1 libgstcodecparsers-0_10-23-0.10.23-25.1 libgstcodecparsers-0_10-23-debuginfo-0.10.23-25.1 libgstphotography-0_10-23-0.10.23-25.1 libgstphotography-0_10-23-32bit-0.10.23-25.1 libgstphotography-0_10-23-debuginfo-0.10.23-25.1 libgstphotography-0_10-23-debuginfo-32bit-0.10.23-25.1 libgstsignalprocessor-0_10-23-0.10.23-25.1 libgstsignalprocessor-0_10-23-32bit-0.10.23-25.1 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-25.1 libgstsignalprocessor-0_10-23-debuginfo-32bit-0.10.23-25.1 libgstvdp-0_10-23-0.10.23-25.1 libgstvdp-0_10-23-32bit-0.10.23-25.1 libgstvdp-0_10-23-debuginfo-0.10.23-25.1 libgstvdp-0_10-23-debuginfo-32bit-0.10.23-25.1 References: https://www.suse.com/security/cve/CVE-2016-9809.html https://bugzilla.suse.com/1013659 From sle-updates at lists.suse.com Mon Jan 30 09:09:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Jan 2017 17:09:08 +0100 (CET) Subject: SUSE-SU-2017:0331-1: moderate: Security update for gstreamer-0_10-plugins-bad Message-ID: <20170130160908.C5D8CFF3B@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-0_10-plugins-bad ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0331-1 Rating: moderate References: #1013659 Cross-References: CVE-2016-9809 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: gstreamer-0_10-plugins-bad was udpated to fix one issue. This security issue was fixed: - CVE-2016-9809: Off by one read in gst_h264_parse_set_caps() (bsc#1013659). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP1: zypper in -t patch SUSE-SLE-WE-12-SP1-2017-166=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-166=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-166=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP1 (noarch): gstreamer-0_10-plugins-bad-lang-0.10.23-19.6.1 - SUSE Linux Enterprise Workstation Extension 12-SP1 (x86_64): gstreamer-0_10-plugins-bad-0.10.23-19.6.1 gstreamer-0_10-plugins-bad-debuginfo-0.10.23-19.6.1 gstreamer-0_10-plugins-bad-debuginfo-32bit-0.10.23-19.6.1 gstreamer-0_10-plugins-bad-debugsource-0.10.23-19.6.1 libgstbasecamerabinsrc-0_10-23-0.10.23-19.6.1 libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-19.6.1 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-19.6.1 libgstbasecamerabinsrc-0_10-23-debuginfo-32bit-0.10.23-19.6.1 libgstbasevideo-0_10-23-0.10.23-19.6.1 libgstbasevideo-0_10-23-32bit-0.10.23-19.6.1 libgstbasevideo-0_10-23-debuginfo-0.10.23-19.6.1 libgstbasevideo-0_10-23-debuginfo-32bit-0.10.23-19.6.1 libgstcodecparsers-0_10-23-0.10.23-19.6.1 libgstcodecparsers-0_10-23-debuginfo-0.10.23-19.6.1 libgstphotography-0_10-23-0.10.23-19.6.1 libgstphotography-0_10-23-32bit-0.10.23-19.6.1 libgstphotography-0_10-23-debuginfo-0.10.23-19.6.1 libgstphotography-0_10-23-debuginfo-32bit-0.10.23-19.6.1 libgstsignalprocessor-0_10-23-0.10.23-19.6.1 libgstsignalprocessor-0_10-23-32bit-0.10.23-19.6.1 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-19.6.1 libgstsignalprocessor-0_10-23-debuginfo-32bit-0.10.23-19.6.1 libgstvdp-0_10-23-0.10.23-19.6.1 libgstvdp-0_10-23-32bit-0.10.23-19.6.1 libgstvdp-0_10-23-debuginfo-0.10.23-19.6.1 libgstvdp-0_10-23-debuginfo-32bit-0.10.23-19.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): gstreamer-0_10-plugins-bad-debuginfo-0.10.23-19.6.1 gstreamer-0_10-plugins-bad-debugsource-0.10.23-19.6.1 gstreamer-0_10-plugins-bad-devel-0.10.23-19.6.1 libgstbasecamerabinsrc-0_10-23-0.10.23-19.6.1 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-19.6.1 libgstbasevideo-0_10-23-0.10.23-19.6.1 libgstbasevideo-0_10-23-debuginfo-0.10.23-19.6.1 libgstcodecparsers-0_10-23-0.10.23-19.6.1 libgstcodecparsers-0_10-23-debuginfo-0.10.23-19.6.1 libgstphotography-0_10-23-0.10.23-19.6.1 libgstphotography-0_10-23-debuginfo-0.10.23-19.6.1 libgstsignalprocessor-0_10-23-0.10.23-19.6.1 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-19.6.1 libgstvdp-0_10-23-0.10.23-19.6.1 libgstvdp-0_10-23-debuginfo-0.10.23-19.6.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): gstreamer-0_10-plugins-bad-0.10.23-19.6.1 gstreamer-0_10-plugins-bad-debuginfo-0.10.23-19.6.1 gstreamer-0_10-plugins-bad-debuginfo-32bit-0.10.23-19.6.1 gstreamer-0_10-plugins-bad-debugsource-0.10.23-19.6.1 libgstbasecamerabinsrc-0_10-23-0.10.23-19.6.1 libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-19.6.1 libgstbasecamerabinsrc-0_10-23-debuginfo-0.10.23-19.6.1 libgstbasecamerabinsrc-0_10-23-debuginfo-32bit-0.10.23-19.6.1 libgstbasevideo-0_10-23-0.10.23-19.6.1 libgstbasevideo-0_10-23-32bit-0.10.23-19.6.1 libgstbasevideo-0_10-23-debuginfo-0.10.23-19.6.1 libgstbasevideo-0_10-23-debuginfo-32bit-0.10.23-19.6.1 libgstcodecparsers-0_10-23-0.10.23-19.6.1 libgstcodecparsers-0_10-23-debuginfo-0.10.23-19.6.1 libgstphotography-0_10-23-0.10.23-19.6.1 libgstphotography-0_10-23-32bit-0.10.23-19.6.1 libgstphotography-0_10-23-debuginfo-0.10.23-19.6.1 libgstphotography-0_10-23-debuginfo-32bit-0.10.23-19.6.1 libgstsignalprocessor-0_10-23-0.10.23-19.6.1 libgstsignalprocessor-0_10-23-32bit-0.10.23-19.6.1 libgstsignalprocessor-0_10-23-debuginfo-0.10.23-19.6.1 libgstsignalprocessor-0_10-23-debuginfo-32bit-0.10.23-19.6.1 libgstvdp-0_10-23-0.10.23-19.6.1 libgstvdp-0_10-23-32bit-0.10.23-19.6.1 libgstvdp-0_10-23-debuginfo-0.10.23-19.6.1 libgstvdp-0_10-23-debuginfo-32bit-0.10.23-19.6.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): gstreamer-0_10-plugins-bad-lang-0.10.23-19.6.1 References: https://www.suse.com/security/cve/CVE-2016-9809.html https://bugzilla.suse.com/1013659 From sle-updates at lists.suse.com Mon Jan 30 12:08:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Jan 2017 20:08:59 +0100 (CET) Subject: SUSE-SU-2017:0333-1: important: Security update for the Linux Kernel Message-ID: <20170130190900.024D8FF73@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0333-1 Rating: important References: #1003077 #1003925 #1004517 #1007944 #1008645 #1008831 #1008833 #1009443 #1010150 #1010467 #1010501 #1010507 #1010711 #1010716 #1011482 #1011685 #1012422 #1012832 #1013038 #1013531 #1013542 #1014746 #1017710 #1021258 #835175 #839104 #863873 #874145 #896484 #908069 #914939 #922947 #927287 #940966 #950998 #954984 #956514 #958000 #960689 #963053 #967716 #968500 #969340 #971360 #971944 #978401 #978821 #979213 #979274 #979548 #979595 #979879 #979915 #980363 #980371 #980725 #981267 #983143 #983213 #984755 #986362 #986365 #986445 #986572 #989261 #991608 #991665 #992566 #993890 #993891 #994296 #994436 #994618 #994759 #995968 #997059 #999932 Cross-References: CVE-2004-0230 CVE-2012-6704 CVE-2013-4312 CVE-2015-1350 CVE-2015-7513 CVE-2015-7833 CVE-2015-8956 CVE-2015-8962 CVE-2015-8964 CVE-2016-0823 CVE-2016-10088 CVE-2016-1583 CVE-2016-2187 CVE-2016-2189 CVE-2016-3841 CVE-2016-4470 CVE-2016-4482 CVE-2016-4485 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998 CVE-2016-5244 CVE-2016-5829 CVE-2016-6480 CVE-2016-6828 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7425 CVE-2016-7910 CVE-2016-7911 CVE-2016-7916 CVE-2016-8399 CVE-2016-8632 CVE-2016-8633 CVE-2016-8646 CVE-2016-9555 CVE-2016-9685 CVE-2016-9756 CVE-2016-9793 CVE-2017-5551 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that solves 46 vulnerabilities and has 31 fixes is now available. Description: The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An out of bounds read in the ping protocol handler could have lead to information disclosure (bsc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2017-5551: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. This CVE tracks the fix for the tmpfs filesystem. (bsc#1021258). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bsc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). The following non-security bugs were fixed: - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716). - cdc-acm: added sanity checking for probe() (bsc#993891). - cgroups: do not attach task to subsystem if migration failed (bnc#979274). - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274). - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671). - dasd: Fix unresumed device after suspend/resume (bnc#927287, LTC#123892). - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360). - kabi, unix: properly account for FDs passed over unix sockets (bnc#839104). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - kvm: x86: SYSENTER emulation is broken (bsc#994618). - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445). - mremap: enforce rmap src/dst vma ordering in case of vma_merge() succeeding in copy_vma() (VM Functionality, bsc#1008645). - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1007944). - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261, bsc#1011482). - nfs: do not do blind d_drop() in nfs_prime_dcache() (bnc#908069 bnc#896484 bsc#963053). - nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484 bsc#963053). - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261). - nfsv4: Ensure that we do not drop a state owner more than once (bsc#979595). - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595, bsc#1011482). - nfsv4: nfs4_proc_renew should be declared static (bnc#863873). - nfsv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595). - nfsv4: Recovery of recalled read delegations is broken (bsc#956514 bsc#1011482). - nfsv4: The NFSv4.0 client must send RENEW calls if it holds a delegation (bnc#863873). - powerpc: Add ability to build little endian kernels (bsc#967716). - powerpc: Avoid load of static chain register when calling nested functions through a pointer on 64bit (bsc#967716). - powerpc: Do not build assembly files with ABIv2 (bsc#967716). - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716). - powerpc: dtc is required to build dtb files (bsc#967716). - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716). - powerpc: Fix error when cross building TAGS & cscope (bsc#967716). - powerpc: Make the vdso32 also build big-endian (bsc#967716). - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716). - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716). - powerpc: Require gcc 4.0 on 64-bit (bsc#967716). - ppp: defer netns reference release for ppp channel (bsc#980371). - qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590). - qeth: Fix crash on initial MTU size change (bnc#835175, LTC#96809). - qeth: postpone freeing of qdio memory (bnc#874145, LTC#107873). - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - Revert "s390/mm: fix asce_bits handling with dynamic pagetable levels" This reverts commit 6e00b1d803fa2ab4b130e04b7fbcc99f0b5ecba8. - rpm/config.sh: Set the release string to 0.7. (bsc#997059) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - s390/dasd: fix failfast for disconnected devices (bnc#958000, LTC#135138). - s390/dasd: fix hanging device after clear subchannel (bnc#994436, LTC#144640). - s390/dasd: fix kernel panic when alias is set offline (bnc#940966, LTC#128595). - s390/dasd: fix list_del corruption after lcu changes (bnc#954984, LTC#133077). - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456). Conflicts: series.conf - s390/pageattr: do a single TLB flush for change_page_attr (bsc#1009443,LTC#148182). - Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n on all platforms The specfile adjusts the config if necessary, but a new version of run_oldconfig.sh requires the settings to be present in the repository. - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-kernel-12961=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-kernel-12961=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.7.53.1 kernel-default-base-3.0.101-0.7.53.1 kernel-default-devel-3.0.101-0.7.53.1 kernel-source-3.0.101-0.7.53.1 kernel-syms-3.0.101-0.7.53.1 kernel-trace-3.0.101-0.7.53.1 kernel-trace-base-3.0.101-0.7.53.1 kernel-trace-devel-3.0.101-0.7.53.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.7.53.1 kernel-ec2-base-3.0.101-0.7.53.1 kernel-ec2-devel-3.0.101-0.7.53.1 kernel-xen-3.0.101-0.7.53.1 kernel-xen-base-3.0.101-0.7.53.1 kernel-xen-devel-3.0.101-0.7.53.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (s390x): kernel-default-man-3.0.101-0.7.53.1 - SUSE Linux Enterprise Server 11-SP2-LTSS (i586): kernel-pae-3.0.101-0.7.53.1 kernel-pae-base-3.0.101-0.7.53.1 kernel-pae-devel-3.0.101-0.7.53.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.7.53.1 kernel-default-debugsource-3.0.101-0.7.53.1 kernel-default-devel-debuginfo-3.0.101-0.7.53.1 kernel-trace-debuginfo-3.0.101-0.7.53.1 kernel-trace-debugsource-3.0.101-0.7.53.1 kernel-trace-devel-debuginfo-3.0.101-0.7.53.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.7.53.1 kernel-ec2-debugsource-3.0.101-0.7.53.1 kernel-xen-debuginfo-3.0.101-0.7.53.1 kernel-xen-debugsource-3.0.101-0.7.53.1 kernel-xen-devel-debuginfo-3.0.101-0.7.53.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586): kernel-pae-debuginfo-3.0.101-0.7.53.1 kernel-pae-debugsource-3.0.101-0.7.53.1 kernel-pae-devel-debuginfo-3.0.101-0.7.53.1 References: https://www.suse.com/security/cve/CVE-2004-0230.html https://www.suse.com/security/cve/CVE-2012-6704.html https://www.suse.com/security/cve/CVE-2013-4312.html https://www.suse.com/security/cve/CVE-2015-1350.html https://www.suse.com/security/cve/CVE-2015-7513.html https://www.suse.com/security/cve/CVE-2015-7833.html https://www.suse.com/security/cve/CVE-2015-8956.html https://www.suse.com/security/cve/CVE-2015-8962.html https://www.suse.com/security/cve/CVE-2015-8964.html https://www.suse.com/security/cve/CVE-2016-0823.html https://www.suse.com/security/cve/CVE-2016-10088.html https://www.suse.com/security/cve/CVE-2016-1583.html https://www.suse.com/security/cve/CVE-2016-2187.html https://www.suse.com/security/cve/CVE-2016-2189.html https://www.suse.com/security/cve/CVE-2016-3841.html https://www.suse.com/security/cve/CVE-2016-4470.html https://www.suse.com/security/cve/CVE-2016-4482.html https://www.suse.com/security/cve/CVE-2016-4485.html https://www.suse.com/security/cve/CVE-2016-4565.html https://www.suse.com/security/cve/CVE-2016-4569.html https://www.suse.com/security/cve/CVE-2016-4578.html https://www.suse.com/security/cve/CVE-2016-4580.html https://www.suse.com/security/cve/CVE-2016-4805.html https://www.suse.com/security/cve/CVE-2016-4913.html https://www.suse.com/security/cve/CVE-2016-4997.html https://www.suse.com/security/cve/CVE-2016-4998.html https://www.suse.com/security/cve/CVE-2016-5244.html https://www.suse.com/security/cve/CVE-2016-5829.html https://www.suse.com/security/cve/CVE-2016-6480.html https://www.suse.com/security/cve/CVE-2016-6828.html https://www.suse.com/security/cve/CVE-2016-7042.html https://www.suse.com/security/cve/CVE-2016-7097.html https://www.suse.com/security/cve/CVE-2016-7117.html https://www.suse.com/security/cve/CVE-2016-7425.html https://www.suse.com/security/cve/CVE-2016-7910.html https://www.suse.com/security/cve/CVE-2016-7911.html https://www.suse.com/security/cve/CVE-2016-7916.html https://www.suse.com/security/cve/CVE-2016-8399.html https://www.suse.com/security/cve/CVE-2016-8632.html https://www.suse.com/security/cve/CVE-2016-8633.html https://www.suse.com/security/cve/CVE-2016-8646.html https://www.suse.com/security/cve/CVE-2016-9555.html https://www.suse.com/security/cve/CVE-2016-9685.html https://www.suse.com/security/cve/CVE-2016-9756.html https://www.suse.com/security/cve/CVE-2016-9793.html https://www.suse.com/security/cve/CVE-2017-5551.html https://bugzilla.suse.com/1003077 https://bugzilla.suse.com/1003925 https://bugzilla.suse.com/1004517 https://bugzilla.suse.com/1007944 https://bugzilla.suse.com/1008645 https://bugzilla.suse.com/1008831 https://bugzilla.suse.com/1008833 https://bugzilla.suse.com/1009443 https://bugzilla.suse.com/1010150 https://bugzilla.suse.com/1010467 https://bugzilla.suse.com/1010501 https://bugzilla.suse.com/1010507 https://bugzilla.suse.com/1010711 https://bugzilla.suse.com/1010716 https://bugzilla.suse.com/1011482 https://bugzilla.suse.com/1011685 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1012832 https://bugzilla.suse.com/1013038 https://bugzilla.suse.com/1013531 https://bugzilla.suse.com/1013542 https://bugzilla.suse.com/1014746 https://bugzilla.suse.com/1017710 https://bugzilla.suse.com/1021258 https://bugzilla.suse.com/835175 https://bugzilla.suse.com/839104 https://bugzilla.suse.com/863873 https://bugzilla.suse.com/874145 https://bugzilla.suse.com/896484 https://bugzilla.suse.com/908069 https://bugzilla.suse.com/914939 https://bugzilla.suse.com/922947 https://bugzilla.suse.com/927287 https://bugzilla.suse.com/940966 https://bugzilla.suse.com/950998 https://bugzilla.suse.com/954984 https://bugzilla.suse.com/956514 https://bugzilla.suse.com/958000 https://bugzilla.suse.com/960689 https://bugzilla.suse.com/963053 https://bugzilla.suse.com/967716 https://bugzilla.suse.com/968500 https://bugzilla.suse.com/969340 https://bugzilla.suse.com/971360 https://bugzilla.suse.com/971944 https://bugzilla.suse.com/978401 https://bugzilla.suse.com/978821 https://bugzilla.suse.com/979213 https://bugzilla.suse.com/979274 https://bugzilla.suse.com/979548 https://bugzilla.suse.com/979595 https://bugzilla.suse.com/979879 https://bugzilla.suse.com/979915 https://bugzilla.suse.com/980363 https://bugzilla.suse.com/980371 https://bugzilla.suse.com/980725 https://bugzilla.suse.com/981267 https://bugzilla.suse.com/983143 https://bugzilla.suse.com/983213 https://bugzilla.suse.com/984755 https://bugzilla.suse.com/986362 https://bugzilla.suse.com/986365 https://bugzilla.suse.com/986445 https://bugzilla.suse.com/986572 https://bugzilla.suse.com/989261 https://bugzilla.suse.com/991608 https://bugzilla.suse.com/991665 https://bugzilla.suse.com/992566 https://bugzilla.suse.com/993890 https://bugzilla.suse.com/993891 https://bugzilla.suse.com/994296 https://bugzilla.suse.com/994436 https://bugzilla.suse.com/994618 https://bugzilla.suse.com/994759 https://bugzilla.suse.com/995968 https://bugzilla.suse.com/997059 https://bugzilla.suse.com/999932 From sle-updates at lists.suse.com Mon Jan 30 14:08:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Jan 2017 22:08:52 +0100 (CET) Subject: SUSE-RU-2017:0334-1: Recommended update for kexec-tools Message-ID: <20170130210852.B705BFF7A@maintenance.suse.de> SUSE Recommended Update: Recommended update for kexec-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0334-1 Rating: low References: #1009970 #981339 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kexec-tools fixes a segmentation fault that could happen on IBM Power 64 systems with more than 32TB of memory installed. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-kexec-tools-12962=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kexec-tools-12962=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kexec-tools-12962=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): kexec-tools-2.0.3-0.20.2 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): kexec-tools-2.0.3-0.20.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): kexec-tools-debuginfo-2.0.3-0.20.2 kexec-tools-debugsource-2.0.3-0.20.2 References: https://bugzilla.suse.com/1009970 https://bugzilla.suse.com/981339 From sle-updates at lists.suse.com Mon Jan 30 15:08:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Jan 2017 23:08:08 +0100 (CET) Subject: SUSE-OU-2017:0335-1: Initial release of Salt Message-ID: <20170130220808.A2500FF73@maintenance.suse.de> SUSE Optional Update: Initial release of Salt ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:0335-1 Rating: low References: #989693 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds Salt to the Advanced Systems Management 12 Module. Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loads of information, and not just dozens, but hundreds or even thousands of individual servers, handle them quickly and through a simple and manageable interface. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-170=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): libzmq3-4.0.4-14.1 libzmq3-debuginfo-4.0.4-14.1 python-MarkupSafe-0.18-15.1 python-MarkupSafe-debuginfo-0.18-15.1 python-MarkupSafe-debugsource-0.18-15.1 python-PyYAML-3.10-22.1 python-PyYAML-debuginfo-3.10-22.1 python-PyYAML-debugsource-3.10-22.1 python-msgpack-python-0.4.6-7.1 python-msgpack-python-debuginfo-0.4.6-7.1 python-msgpack-python-debugsource-0.4.6-7.1 python-psutil-1.2.1-14.1 python-psutil-debuginfo-1.2.1-14.1 python-psutil-debugsource-1.2.1-14.1 python-pycrypto-2.6.1-9.1 python-pycrypto-debuginfo-2.6.1-9.1 python-pyzmq-14.0.0-8.1 python-pyzmq-debuginfo-14.0.0-8.1 python-pyzmq-debugsource-14.0.0-8.1 python-tornado-4.2.1-16.1 python-tornado-debuginfo-4.2.1-16.1 python-tornado-debugsource-4.2.1-16.1 salt-2015.8.12-29.10 salt-api-2015.8.12-29.10 salt-cloud-2015.8.12-29.10 salt-doc-2015.8.12-29.10 salt-master-2015.8.12-29.10 salt-minion-2015.8.12-29.10 salt-proxy-2015.8.12-29.10 salt-ssh-2015.8.12-29.10 salt-syndic-2015.8.12-29.10 zeromq-debugsource-4.0.4-14.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-CherryPy-3.6.0-2.1 python-Jinja2-2.7.3-19.8.1 python-apache-libcloud-0.19.0-2.1 python-backports.ssl_match_hostname-3.4.0.2-20.1 python-futures-3.0.2-14.1 python-requests-2.8.1-6.16.1 salt-bash-completion-2015.8.12-29.10 salt-zsh-completion-2015.8.12-29.10 References: https://bugzilla.suse.com/989693 From sle-updates at lists.suse.com Tue Jan 31 08:08:43 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jan 2017 16:08:43 +0100 (CET) Subject: SUSE-SU-2017:0338-1: Security update for policycoreutils Message-ID: <20170131150843.15992FF73@maintenance.suse.de> SUSE Security Update: Security update for policycoreutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0338-1 Rating: low References: #1000998 Cross-References: CVE-2016-7545 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for policycoreutils fixes the following issues: * CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-172=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-172=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): policycoreutils-2.5-6.1 policycoreutils-debuginfo-2.5-6.1 policycoreutils-debugsource-2.5-6.1 policycoreutils-python-2.5-6.1 policycoreutils-python-debuginfo-2.5-6.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): policycoreutils-2.5-6.1 policycoreutils-debuginfo-2.5-6.1 policycoreutils-debugsource-2.5-6.1 policycoreutils-python-2.5-6.1 policycoreutils-python-debuginfo-2.5-6.1 References: https://www.suse.com/security/cve/CVE-2016-7545.html https://bugzilla.suse.com/1000998 From sle-updates at lists.suse.com Tue Jan 31 08:09:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jan 2017 16:09:07 +0100 (CET) Subject: SUSE-SU-2017:0339-1: Security update for policycoreutils Message-ID: <20170131150907.72AD2FF7A@maintenance.suse.de> SUSE Security Update: Security update for policycoreutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0339-1 Rating: low References: #1000998 Cross-References: CVE-2016-7545 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for policycoreutils fixes the following issues: * CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-policycoreutils-12963=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-policycoreutils-12963=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): policycoreutils-2.0.79-4.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): policycoreutils-debuginfo-2.0.79-4.8.1 policycoreutils-debugsource-2.0.79-4.8.1 References: https://www.suse.com/security/cve/CVE-2016-7545.html https://bugzilla.suse.com/1000998 From sle-updates at lists.suse.com Tue Jan 31 08:09:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jan 2017 16:09:31 +0100 (CET) Subject: SUSE-SU-2017:0340-1: Security update for policycoreutils Message-ID: <20170131150931.73B87FF7A@maintenance.suse.de> SUSE Security Update: Security update for policycoreutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0340-1 Rating: low References: #1000998 Cross-References: CVE-2016-7545 Affected Products: SUSE Linux Enterprise Server 12-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for policycoreutils fixes the following issues: * CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-173=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): policycoreutils-2.3-3.3.1 policycoreutils-debuginfo-2.3-3.3.1 policycoreutils-debugsource-2.3-3.3.1 policycoreutils-python-2.3-3.3.1 policycoreutils-python-debuginfo-2.3-3.3.1 References: https://www.suse.com/security/cve/CVE-2016-7545.html https://bugzilla.suse.com/1000998 From sle-updates at lists.suse.com Tue Jan 31 08:09:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jan 2017 16:09:54 +0100 (CET) Subject: SUSE-RU-2017:0341-1: Recommended update for yast2-smt Message-ID: <20170131150954.DA8E1FF7A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-smt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0341-1 Rating: low References: #1006984 #1006989 #1019551 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-smt provides the following fixes: - Prevent exiting the repository selection dialog when hitting Enter in the repository filter. (bsc#1006984) - Report when an error occurs during repository mirroring. (bsc#1006989) - Fix mirroring of custom repositories. (bsc#1019551) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-171=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-171=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): yast2-smt-3.0.11-15.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): yast2-smt-3.0.11-15.1 References: https://bugzilla.suse.com/1006984 https://bugzilla.suse.com/1006989 https://bugzilla.suse.com/1019551 From sle-updates at lists.suse.com Tue Jan 31 13:11:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jan 2017 21:11:52 +0100 (CET) Subject: SUSE-SU-2017:0346-1: important: Security update for java-1_8_0-openjdk Message-ID: <20170131201152.8E600FF73@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0346-1 Rating: important References: #1020905 #1022053 Cross-References: CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 (bsc#1020905) Upgrade to version jdk8u121 (icedtea 3.3.0): - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvements - S8168724, CVE-2016-5549: ECDSA signing improvements Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-176=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-176=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-176=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-176=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-176=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_8_0-openjdk-1.8.0.121-20.1 java-1_8_0-openjdk-debuginfo-1.8.0.121-20.1 java-1_8_0-openjdk-debugsource-1.8.0.121-20.1 java-1_8_0-openjdk-demo-1.8.0.121-20.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-20.1 java-1_8_0-openjdk-devel-1.8.0.121-20.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.121-20.1 java-1_8_0-openjdk-headless-1.8.0.121-20.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-20.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): java-1_8_0-openjdk-1.8.0.121-20.1 java-1_8_0-openjdk-debuginfo-1.8.0.121-20.1 java-1_8_0-openjdk-debugsource-1.8.0.121-20.1 java-1_8_0-openjdk-demo-1.8.0.121-20.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-20.1 java-1_8_0-openjdk-devel-1.8.0.121-20.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.121-20.1 java-1_8_0-openjdk-headless-1.8.0.121-20.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-20.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.121-20.1 java-1_8_0-openjdk-debuginfo-1.8.0.121-20.1 java-1_8_0-openjdk-debugsource-1.8.0.121-20.1 java-1_8_0-openjdk-demo-1.8.0.121-20.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-20.1 java-1_8_0-openjdk-devel-1.8.0.121-20.1 java-1_8_0-openjdk-headless-1.8.0.121-20.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-20.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_8_0-openjdk-1.8.0.121-20.1 java-1_8_0-openjdk-debuginfo-1.8.0.121-20.1 java-1_8_0-openjdk-debugsource-1.8.0.121-20.1 java-1_8_0-openjdk-headless-1.8.0.121-20.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-20.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): java-1_8_0-openjdk-1.8.0.121-20.1 java-1_8_0-openjdk-debuginfo-1.8.0.121-20.1 java-1_8_0-openjdk-debugsource-1.8.0.121-20.1 java-1_8_0-openjdk-headless-1.8.0.121-20.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-20.1 References: https://www.suse.com/security/cve/CVE-2016-2183.html https://www.suse.com/security/cve/CVE-2016-5546.html https://www.suse.com/security/cve/CVE-2016-5547.html https://www.suse.com/security/cve/CVE-2016-5548.html https://www.suse.com/security/cve/CVE-2016-5549.html https://www.suse.com/security/cve/CVE-2016-5552.html https://www.suse.com/security/cve/CVE-2017-3231.html https://www.suse.com/security/cve/CVE-2017-3241.html https://www.suse.com/security/cve/CVE-2017-3252.html https://www.suse.com/security/cve/CVE-2017-3253.html https://www.suse.com/security/cve/CVE-2017-3260.html https://www.suse.com/security/cve/CVE-2017-3261.html https://www.suse.com/security/cve/CVE-2017-3272.html https://www.suse.com/security/cve/CVE-2017-3289.html https://bugzilla.suse.com/1020905 https://bugzilla.suse.com/1022053 From sle-updates at lists.suse.com Tue Jan 31 13:12:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 31 Jan 2017 21:12:32 +0100 (CET) Subject: SUSE-RU-2017:0347-1: Recommended update for lifecycle-data-sle-live-patching Message-ID: <20170131201232.B526CFF7A@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:0347-1 Rating: low References: #1020320 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-live-patching adds life cycle data for Kernel Live Patches 3_12_60-52_60, 3_12_60-52_63, 3_12_67-60_64_21, 3_12_67-60_64_24, 4_4_21-84 and 4_4_21-90. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-175=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-6.1 References: https://bugzilla.suse.com/1020320