From sle-updates at lists.suse.com Wed Nov 1 17:07:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2017 00:07:57 +0100 (CET) Subject: SUSE-RU-2017:2917-1: Recommended update for gnome-keyring, libsecret Message-ID: <20171101230757.B0274FCB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-keyring, libsecret ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2917-1 Rating: low References: #1043861 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-keyring and libsecret provides the following fix: - Ensure that generated secret occupies the same number of bytes as prime. Eliminates random errors while libsecret tries to communicate with gnome-keyring. (bsc#1043861) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1803=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1803=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1803=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1803=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1803=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1803=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1803=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1803=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1803=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libsecret-debugsource-0.18.5-8.3.8 typelib-1_0-Secret-1-0.18.5-8.3.8 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libsecret-debugsource-0.18.5-8.3.8 typelib-1_0-Secret-1-0.18.5-8.3.8 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsecret-debugsource-0.18.5-8.3.8 libsecret-devel-0.18.5-8.3.8 typelib-1_0-Secret-1-0.18.5-8.3.8 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsecret-debugsource-0.18.5-8.3.8 libsecret-devel-0.18.5-8.3.8 typelib-1_0-Secret-1-0.18.5-8.3.8 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnome-keyring-3.20.0-28.3.18 gnome-keyring-debuginfo-3.20.0-28.3.18 gnome-keyring-debugsource-3.20.0-28.3.18 gnome-keyring-pam-3.20.0-28.3.18 gnome-keyring-pam-debuginfo-3.20.0-28.3.18 libgck-modules-gnome-keyring-3.20.0-28.3.18 libgck-modules-gnome-keyring-debuginfo-3.20.0-28.3.18 libsecret-1-0-0.18.5-8.3.8 libsecret-1-0-debuginfo-0.18.5-8.3.8 libsecret-debugsource-0.18.5-8.3.8 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gnome-keyring-lang-3.20.0-28.3.18 libsecret-lang-0.18.5-8.3.8 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-keyring-3.20.0-28.3.18 gnome-keyring-debuginfo-3.20.0-28.3.18 gnome-keyring-debugsource-3.20.0-28.3.18 gnome-keyring-pam-3.20.0-28.3.18 gnome-keyring-pam-debuginfo-3.20.0-28.3.18 libgck-modules-gnome-keyring-3.20.0-28.3.18 libgck-modules-gnome-keyring-debuginfo-3.20.0-28.3.18 libsecret-1-0-0.18.5-8.3.8 libsecret-1-0-debuginfo-0.18.5-8.3.8 libsecret-debugsource-0.18.5-8.3.8 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): gnome-keyring-32bit-3.20.0-28.3.18 gnome-keyring-debuginfo-32bit-3.20.0-28.3.18 gnome-keyring-pam-32bit-3.20.0-28.3.18 gnome-keyring-pam-debuginfo-32bit-3.20.0-28.3.18 libsecret-1-0-32bit-0.18.5-8.3.8 libsecret-1-0-debuginfo-32bit-0.18.5-8.3.8 - SUSE Linux Enterprise Server 12-SP3 (noarch): gnome-keyring-lang-3.20.0-28.3.18 libsecret-lang-0.18.5-8.3.8 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-keyring-3.20.0-28.3.18 gnome-keyring-debuginfo-3.20.0-28.3.18 gnome-keyring-debugsource-3.20.0-28.3.18 gnome-keyring-pam-3.20.0-28.3.18 gnome-keyring-pam-debuginfo-3.20.0-28.3.18 libgck-modules-gnome-keyring-3.20.0-28.3.18 libgck-modules-gnome-keyring-debuginfo-3.20.0-28.3.18 libsecret-1-0-0.18.5-8.3.8 libsecret-1-0-debuginfo-0.18.5-8.3.8 libsecret-debugsource-0.18.5-8.3.8 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): gnome-keyring-32bit-3.20.0-28.3.18 gnome-keyring-debuginfo-32bit-3.20.0-28.3.18 gnome-keyring-pam-32bit-3.20.0-28.3.18 gnome-keyring-pam-debuginfo-32bit-3.20.0-28.3.18 libsecret-1-0-32bit-0.18.5-8.3.8 libsecret-1-0-debuginfo-32bit-0.18.5-8.3.8 - SUSE Linux Enterprise Server 12-SP2 (noarch): gnome-keyring-lang-3.20.0-28.3.18 libsecret-lang-0.18.5-8.3.8 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-keyring-lang-3.20.0-28.3.18 libsecret-lang-0.18.5-8.3.8 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-keyring-3.20.0-28.3.18 gnome-keyring-32bit-3.20.0-28.3.18 gnome-keyring-debuginfo-3.20.0-28.3.18 gnome-keyring-debuginfo-32bit-3.20.0-28.3.18 gnome-keyring-debugsource-3.20.0-28.3.18 gnome-keyring-pam-3.20.0-28.3.18 gnome-keyring-pam-32bit-3.20.0-28.3.18 gnome-keyring-pam-debuginfo-3.20.0-28.3.18 gnome-keyring-pam-debuginfo-32bit-3.20.0-28.3.18 libgck-modules-gnome-keyring-3.20.0-28.3.18 libgck-modules-gnome-keyring-debuginfo-3.20.0-28.3.18 libsecret-1-0-0.18.5-8.3.8 libsecret-1-0-32bit-0.18.5-8.3.8 libsecret-1-0-debuginfo-0.18.5-8.3.8 libsecret-1-0-debuginfo-32bit-0.18.5-8.3.8 libsecret-debugsource-0.18.5-8.3.8 typelib-1_0-Secret-1-0.18.5-8.3.8 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gnome-keyring-lang-3.20.0-28.3.18 libsecret-lang-0.18.5-8.3.8 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-keyring-3.20.0-28.3.18 gnome-keyring-32bit-3.20.0-28.3.18 gnome-keyring-debuginfo-3.20.0-28.3.18 gnome-keyring-debuginfo-32bit-3.20.0-28.3.18 gnome-keyring-debugsource-3.20.0-28.3.18 gnome-keyring-pam-3.20.0-28.3.18 gnome-keyring-pam-32bit-3.20.0-28.3.18 gnome-keyring-pam-debuginfo-3.20.0-28.3.18 gnome-keyring-pam-debuginfo-32bit-3.20.0-28.3.18 libgck-modules-gnome-keyring-3.20.0-28.3.18 libgck-modules-gnome-keyring-debuginfo-3.20.0-28.3.18 libsecret-1-0-0.18.5-8.3.8 libsecret-1-0-32bit-0.18.5-8.3.8 libsecret-1-0-debuginfo-0.18.5-8.3.8 libsecret-1-0-debuginfo-32bit-0.18.5-8.3.8 libsecret-debugsource-0.18.5-8.3.8 typelib-1_0-Secret-1-0.18.5-8.3.8 References: https://bugzilla.suse.com/1043861 From sle-updates at lists.suse.com Thu Nov 2 11:12:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2017 18:12:37 +0100 (CET) Subject: SUSE-SU-2017:2920-1: important: Security update for the Linux Kernel Message-ID: <20171102171237.E322FFCC4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2920-1 Rating: important References: #1008353 #1012422 #1017941 #1029850 #1030593 #1032268 #1034405 #1034670 #1035576 #1035877 #1036752 #1037182 #1037183 #1037306 #1037994 #1038544 #1038879 #1038981 #1038982 #1039348 #1039349 #1039354 #1039456 #1039721 #1039882 #1039883 #1039885 #1040069 #1041431 #1041958 #1044125 #1045327 #1045487 #1045922 #1046107 #1047408 #1048275 #1049645 #1049882 #1052593 #1053148 #1053152 #1056588 #1056982 #1057179 #1058038 #1058410 #1058507 #1058524 #1062520 #1063667 #1064388 #938162 #975596 #977417 #984779 #985562 #990682 Cross-References: CVE-2015-9004 CVE-2016-10229 CVE-2016-9604 CVE-2017-1000363 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-10661 CVE-2017-11176 CVE-2017-12153 CVE-2017-12154 CVE-2017-12762 CVE-2017-13080 CVE-2017-14051 CVE-2017-14106 CVE-2017-14140 CVE-2017-15265 CVE-2017-15274 CVE-2017-15649 CVE-2017-2647 CVE-2017-6951 CVE-2017-7482 CVE-2017-7487 CVE-2017-7518 CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-8106 CVE-2017-8831 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242 Affected Products: SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 36 vulnerabilities and has 22 fixes is now available. Description: The SUSE Linux Enterprise 12 GA LTS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). - CVE-2015-9004: kernel/events/core.c in the Linux kernel mishandled counter grouping, which allowed local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions (bnc#1037306). - CVE-2016-10229: udp.c in the Linux kernel allowed remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag (bnc#1032268). - CVE-2016-9604: The handling of keyrings starting with '.' in KEYCTL_JOIN_SESSION_KEYRING, which could have allowed local users to manipulate privileged keyrings, was fixed (bsc#1035576) - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line (bnc#1039456). - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354). - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125). - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1048275). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. (bnc#1053148). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179). - CVE-2017-15265: Use-after-free vulnerability in the Linux kernel allowed local users to have unspecified impact via vectors related to /dev/snd/seq (bnc#1062520). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593). - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type (bnc#1029850). - CVE-2017-7482: A potential memory corruption was fixed in decoding of krb5 principals in the kernels kerberos handling. (bnc#1046107). - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879). - CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug exception(#DB) error. It could occur while emulating a syscall instruction and potentially lead to guest privilege escalation. (bsc#1045922). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-7889: The mm subsystem in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allowed local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c (bnc#1034405). - CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 allowed privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer (bnc#1035877). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544). - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1037182 bsc#1038982). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1037183 bsc#1038981). - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882). - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883). - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431). The following non-security bugs were fixed: - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596, bsc#984779, bsc#1008353, bsc#1017941). - dm-mpath: always return reservation conflict. bsc#938162 - getcwd: Close race with d_move called by lustre (bsc#1052593). - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (bsc#1041958). - ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (bsc#1041958). - kabi: avoid bogus kabi errors in ip_output.c (bsc#1041958). - keys: Disallow keyrings beginning with '.' to be joined as session keyrings (bnc#1035576). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348). - net: account for current skb length when deciding about UFO (bsc#1041958). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670 CVE#2017-7645). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670 CVE#2017-7645). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670 CVE#2017-7645). - printk: prevent userland from spoofing kernel messages (bsc#1039721). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - tcp: do not inherit fastopen_req from parent (bsc#1038544). - udp: disallow UFO for sockets with SO_NO_CHECK option (bsc#1041958). - usb: wusbcore: fix NULL-deref at probe (bsc#1045487). - vsock: Detach QP check should filter out non matching QPs (bsc#1036752 bsc#1047408). - vsock: Fix lockdep issue (bsc#977417 bsc#1047408). - vsock: sock_put wasn't safe to call in interrupt context (bsc#977417 bsc#1047408). - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present (bsc#1058524). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1808=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1808=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): kernel-default-3.12.61-52.101.1 kernel-default-base-3.12.61-52.101.1 kernel-default-base-debuginfo-3.12.61-52.101.1 kernel-default-debuginfo-3.12.61-52.101.1 kernel-default-debugsource-3.12.61-52.101.1 kernel-default-devel-3.12.61-52.101.1 kernel-syms-3.12.61-52.101.1 - SUSE Linux Enterprise Server 12-LTSS (x86_64): kernel-xen-3.12.61-52.101.1 kernel-xen-base-3.12.61-52.101.1 kernel-xen-base-debuginfo-3.12.61-52.101.1 kernel-xen-debuginfo-3.12.61-52.101.1 kernel-xen-debugsource-3.12.61-52.101.1 kernel-xen-devel-3.12.61-52.101.1 kgraft-patch-3_12_61-52_101-default-1-8.1 kgraft-patch-3_12_61-52_101-xen-1-8.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): kernel-devel-3.12.61-52.101.1 kernel-macros-3.12.61-52.101.1 kernel-source-3.12.61-52.101.1 - SUSE Linux Enterprise Server 12-LTSS (s390x): kernel-default-man-3.12.61-52.101.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.61-52.101.1 kernel-ec2-debuginfo-3.12.61-52.101.1 kernel-ec2-debugsource-3.12.61-52.101.1 kernel-ec2-devel-3.12.61-52.101.1 kernel-ec2-extra-3.12.61-52.101.1 kernel-ec2-extra-debuginfo-3.12.61-52.101.1 References: https://www.suse.com/security/cve/CVE-2015-9004.html https://www.suse.com/security/cve/CVE-2016-10229.html https://www.suse.com/security/cve/CVE-2016-9604.html https://www.suse.com/security/cve/CVE-2017-1000363.html https://www.suse.com/security/cve/CVE-2017-1000365.html https://www.suse.com/security/cve/CVE-2017-1000380.html https://www.suse.com/security/cve/CVE-2017-10661.html https://www.suse.com/security/cve/CVE-2017-11176.html https://www.suse.com/security/cve/CVE-2017-12153.html https://www.suse.com/security/cve/CVE-2017-12154.html https://www.suse.com/security/cve/CVE-2017-12762.html https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-14051.html https://www.suse.com/security/cve/CVE-2017-14106.html https://www.suse.com/security/cve/CVE-2017-14140.html https://www.suse.com/security/cve/CVE-2017-15265.html https://www.suse.com/security/cve/CVE-2017-15274.html https://www.suse.com/security/cve/CVE-2017-15649.html https://www.suse.com/security/cve/CVE-2017-2647.html https://www.suse.com/security/cve/CVE-2017-6951.html https://www.suse.com/security/cve/CVE-2017-7482.html https://www.suse.com/security/cve/CVE-2017-7487.html https://www.suse.com/security/cve/CVE-2017-7518.html https://www.suse.com/security/cve/CVE-2017-7541.html https://www.suse.com/security/cve/CVE-2017-7542.html https://www.suse.com/security/cve/CVE-2017-7889.html https://www.suse.com/security/cve/CVE-2017-8106.html https://www.suse.com/security/cve/CVE-2017-8831.html https://www.suse.com/security/cve/CVE-2017-8890.html https://www.suse.com/security/cve/CVE-2017-8924.html https://www.suse.com/security/cve/CVE-2017-8925.html https://www.suse.com/security/cve/CVE-2017-9074.html https://www.suse.com/security/cve/CVE-2017-9075.html https://www.suse.com/security/cve/CVE-2017-9076.html https://www.suse.com/security/cve/CVE-2017-9077.html https://www.suse.com/security/cve/CVE-2017-9242.html https://bugzilla.suse.com/1008353 https://bugzilla.suse.com/1012422 https://bugzilla.suse.com/1017941 https://bugzilla.suse.com/1029850 https://bugzilla.suse.com/1030593 https://bugzilla.suse.com/1032268 https://bugzilla.suse.com/1034405 https://bugzilla.suse.com/1034670 https://bugzilla.suse.com/1035576 https://bugzilla.suse.com/1035877 https://bugzilla.suse.com/1036752 https://bugzilla.suse.com/1037182 https://bugzilla.suse.com/1037183 https://bugzilla.suse.com/1037306 https://bugzilla.suse.com/1037994 https://bugzilla.suse.com/1038544 https://bugzilla.suse.com/1038879 https://bugzilla.suse.com/1038981 https://bugzilla.suse.com/1038982 https://bugzilla.suse.com/1039348 https://bugzilla.suse.com/1039349 https://bugzilla.suse.com/1039354 https://bugzilla.suse.com/1039456 https://bugzilla.suse.com/1039721 https://bugzilla.suse.com/1039882 https://bugzilla.suse.com/1039883 https://bugzilla.suse.com/1039885 https://bugzilla.suse.com/1040069 https://bugzilla.suse.com/1041431 https://bugzilla.suse.com/1041958 https://bugzilla.suse.com/1044125 https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1045487 https://bugzilla.suse.com/1045922 https://bugzilla.suse.com/1046107 https://bugzilla.suse.com/1047408 https://bugzilla.suse.com/1048275 https://bugzilla.suse.com/1049645 https://bugzilla.suse.com/1049882 https://bugzilla.suse.com/1052593 https://bugzilla.suse.com/1053148 https://bugzilla.suse.com/1053152 https://bugzilla.suse.com/1056588 https://bugzilla.suse.com/1056982 https://bugzilla.suse.com/1057179 https://bugzilla.suse.com/1058038 https://bugzilla.suse.com/1058410 https://bugzilla.suse.com/1058507 https://bugzilla.suse.com/1058524 https://bugzilla.suse.com/1062520 https://bugzilla.suse.com/1063667 https://bugzilla.suse.com/1064388 https://bugzilla.suse.com/938162 https://bugzilla.suse.com/975596 https://bugzilla.suse.com/977417 https://bugzilla.suse.com/984779 https://bugzilla.suse.com/985562 https://bugzilla.suse.com/990682 From sle-updates at lists.suse.com Thu Nov 2 11:22:23 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2017 18:22:23 +0100 (CET) Subject: SUSE-SU-2017:2921-1: moderate: Security update for mariadb Message-ID: <20171102172223.B520BFCC4@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2921-1 Rating: moderate References: #1039034 #1049399 #1049404 #1049417 #1054591 #1058722 Cross-References: CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 Affected Products: SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for mariadb fixes several issues. These security issues were fixed: - CVE-2017-3636: Client programs had an unspecified vulnerability that could lead to unauthorized access and denial of service [bsc#1049399] - CVE-2017-3641: DDL unspecified vulnerability could lead to denial of service [bsc#1049404] - CVE-2017-3653: DML Unspecified vulnerability could lead to unauthorized database access [bsc#1049417] This non-security issues was fixed: - Add ODBC support for Connect engine [bsc#1039034] - fixed stack frame size detection for the bundled pcre [bsc#1058722] Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-1807=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1807=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12 (x86_64): libmysqlclient-devel-10.0.32-20.36.1 libmysqlclient18-10.0.32-20.36.1 libmysqlclient18-32bit-10.0.32-20.36.1 libmysqlclient18-debuginfo-10.0.32-20.36.1 libmysqlclient18-debuginfo-32bit-10.0.32-20.36.1 libmysqlclient_r18-10.0.32-20.36.1 libmysqld-devel-10.0.32-20.36.1 libmysqld18-10.0.32-20.36.1 libmysqld18-debuginfo-10.0.32-20.36.1 mariadb-10.0.32-20.36.1 mariadb-client-10.0.32-20.36.1 mariadb-client-debuginfo-10.0.32-20.36.1 mariadb-debuginfo-10.0.32-20.36.1 mariadb-debugsource-10.0.32-20.36.1 mariadb-errormessages-10.0.32-20.36.1 mariadb-tools-10.0.32-20.36.1 mariadb-tools-debuginfo-10.0.32-20.36.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): libmysqlclient-devel-10.0.32-20.36.1 libmysqlclient18-10.0.32-20.36.1 libmysqlclient18-debuginfo-10.0.32-20.36.1 libmysqlclient_r18-10.0.32-20.36.1 libmysqld-devel-10.0.32-20.36.1 libmysqld18-10.0.32-20.36.1 libmysqld18-debuginfo-10.0.32-20.36.1 mariadb-10.0.32-20.36.1 mariadb-client-10.0.32-20.36.1 mariadb-client-debuginfo-10.0.32-20.36.1 mariadb-debuginfo-10.0.32-20.36.1 mariadb-debugsource-10.0.32-20.36.1 mariadb-errormessages-10.0.32-20.36.1 mariadb-tools-10.0.32-20.36.1 mariadb-tools-debuginfo-10.0.32-20.36.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libmysqlclient18-32bit-10.0.32-20.36.1 libmysqlclient18-debuginfo-32bit-10.0.32-20.36.1 References: https://www.suse.com/security/cve/CVE-2017-3636.html https://www.suse.com/security/cve/CVE-2017-3641.html https://www.suse.com/security/cve/CVE-2017-3653.html https://bugzilla.suse.com/1039034 https://bugzilla.suse.com/1049399 https://bugzilla.suse.com/1049404 https://bugzilla.suse.com/1049417 https://bugzilla.suse.com/1054591 https://bugzilla.suse.com/1058722 From sle-updates at lists.suse.com Thu Nov 2 11:23:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2017 18:23:31 +0100 (CET) Subject: SUSE-SU-2017:2922-1: important: Security update for ceph Message-ID: <20171102172331.D3975FCC0@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2922-1 Rating: important References: #1042973 #1043767 #1051432 #1051598 #1056536 Cross-References: CVE-2017-7519 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: CEPH was updated to version 10.2.10, which brings several fixes and enhancements. Upstream 10.2.10 release summary can be found at: https://ceph.com/releases/v10-2-10-jewel-released/ Security issues fixed: - CVE-2017-7519: libradosstriper processed arbitrary printf placeholders in user input (bsc#1043767) Non-security issues fixed: - Add explicit Before=ceph.target to systemd service file. (bsc#1042973) - ceph-disk omits "--runtime" when enabling ceph-osd@$ID.service units. (bsc#1051598, bsc#1056536) - Make it possible to customize ceph-disk's timeout and set default to 3h. (bsc#1051432) - Move ceph-disk from ceph-common to ceph-base. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1805=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): ceph-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-base-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-base-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-common-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-common-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-debugsource-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-fuse-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-fuse-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-mds-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-mds-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-mon-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-mon-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-osd-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-osd-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-radosgw-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-radosgw-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-test-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-test-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 ceph-test-debugsource-10.2.10+git.1507616349.698469bd8d-12.6.1 libcephfs1-10.2.10+git.1507616349.698469bd8d-12.6.1 libcephfs1-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 librados2-10.2.10+git.1507616349.698469bd8d-12.6.1 librados2-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 libradosstriper1-10.2.10+git.1507616349.698469bd8d-12.6.1 libradosstriper1-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 librbd1-10.2.10+git.1507616349.698469bd8d-12.6.1 librbd1-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 librgw2-10.2.10+git.1507616349.698469bd8d-12.6.1 librgw2-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 python-ceph-compat-10.2.10+git.1507616349.698469bd8d-12.6.1 python-cephfs-10.2.10+git.1507616349.698469bd8d-12.6.1 python-cephfs-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 python-rados-10.2.10+git.1507616349.698469bd8d-12.6.1 python-rados-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 python-rbd-10.2.10+git.1507616349.698469bd8d-12.6.1 python-rbd-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 rbd-fuse-10.2.10+git.1507616349.698469bd8d-12.6.1 rbd-fuse-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 rbd-mirror-10.2.10+git.1507616349.698469bd8d-12.6.1 rbd-mirror-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 rbd-nbd-10.2.10+git.1507616349.698469bd8d-12.6.1 rbd-nbd-debuginfo-10.2.10+git.1507616349.698469bd8d-12.6.1 References: https://www.suse.com/security/cve/CVE-2017-7519.html https://bugzilla.suse.com/1042973 https://bugzilla.suse.com/1043767 https://bugzilla.suse.com/1051432 https://bugzilla.suse.com/1051598 https://bugzilla.suse.com/1056536 From sle-updates at lists.suse.com Thu Nov 2 11:24:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Nov 2017 18:24:39 +0100 (CET) Subject: SUSE-SU-2017:2923-1: moderate: Security update for SuSEfirewall2 Message-ID: <20171102172439.85649FCC0@maintenance.suse.de> SUSE Security Update: Security update for SuSEfirewall2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2923-1 Rating: moderate References: #1064127 Cross-References: CVE-2017-15638 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed a security issue with too open implicit portmapper rules (bsc#1064127): A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to everyone in the affected zone. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-SuSEfirewall2-13333=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): SuSEfirewall2-3.6_SVNr208-2.18.3.1 References: https://www.suse.com/security/cve/CVE-2017-15638.html https://bugzilla.suse.com/1064127 From sle-updates at lists.suse.com Thu Nov 2 17:08:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Nov 2017 00:08:13 +0100 (CET) Subject: SUSE-SU-2017:2924-1: important: Security update for qemu Message-ID: <20171102230813.E3CEAFCC0@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2924-1 Rating: important References: #1054724 #1055587 #1056291 #1056334 #1057378 #1057585 #1057966 #1062069 #1062942 #1063122 Cross-References: CVE-2017-10911 CVE-2017-12809 CVE-2017-13672 CVE-2017-13711 CVE-2017-14167 CVE-2017-15038 CVE-2017-15268 CVE-2017-15289 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has two fixes is now available. Description: This update for qemu to version 2.9.1 fixes several issues. It also announces that the qed storage format will be no longer supported in SLE 15 (fate#324200). These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942) - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069) - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378) - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724) - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334) - CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets (bsc#1056291). These non-security issues were fixed: - Fixed not being able to build from rpm sources due to undefined macro (bsc#1057966) - Fiedx package build failure against new glibc (bsc#1055587) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1810=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1810=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): qemu-2.9.1-6.6.3 qemu-block-curl-2.9.1-6.6.3 qemu-block-curl-debuginfo-2.9.1-6.6.3 qemu-block-iscsi-2.9.1-6.6.3 qemu-block-iscsi-debuginfo-2.9.1-6.6.3 qemu-block-ssh-2.9.1-6.6.3 qemu-block-ssh-debuginfo-2.9.1-6.6.3 qemu-debugsource-2.9.1-6.6.3 qemu-guest-agent-2.9.1-6.6.3 qemu-guest-agent-debuginfo-2.9.1-6.6.3 qemu-lang-2.9.1-6.6.3 qemu-tools-2.9.1-6.6.3 qemu-tools-debuginfo-2.9.1-6.6.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 x86_64): qemu-block-rbd-2.9.1-6.6.3 qemu-block-rbd-debuginfo-2.9.1-6.6.3 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): qemu-kvm-2.9.1-6.6.3 - SUSE Linux Enterprise Server 12-SP3 (ppc64le): qemu-ppc-2.9.1-6.6.3 qemu-ppc-debuginfo-2.9.1-6.6.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64): qemu-arm-2.9.1-6.6.3 qemu-arm-debuginfo-2.9.1-6.6.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): qemu-ipxe-1.0.0-6.6.3 qemu-seabios-1.10.2-6.6.3 qemu-sgabios-8-6.6.3 qemu-vgabios-1.10.2-6.6.3 - SUSE Linux Enterprise Server 12-SP3 (x86_64): qemu-x86-2.9.1-6.6.3 - SUSE Linux Enterprise Server 12-SP3 (s390x): qemu-s390-2.9.1-6.6.3 qemu-s390-debuginfo-2.9.1-6.6.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): qemu-ipxe-1.0.0-6.6.3 qemu-seabios-1.10.2-6.6.3 qemu-sgabios-8-6.6.3 qemu-vgabios-1.10.2-6.6.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): qemu-2.9.1-6.6.3 qemu-block-curl-2.9.1-6.6.3 qemu-block-curl-debuginfo-2.9.1-6.6.3 qemu-debugsource-2.9.1-6.6.3 qemu-kvm-2.9.1-6.6.3 qemu-tools-2.9.1-6.6.3 qemu-tools-debuginfo-2.9.1-6.6.3 qemu-x86-2.9.1-6.6.3 References: https://www.suse.com/security/cve/CVE-2017-10911.html https://www.suse.com/security/cve/CVE-2017-12809.html https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2017-13711.html https://www.suse.com/security/cve/CVE-2017-14167.html https://www.suse.com/security/cve/CVE-2017-15038.html https://www.suse.com/security/cve/CVE-2017-15268.html https://www.suse.com/security/cve/CVE-2017-15289.html https://bugzilla.suse.com/1054724 https://bugzilla.suse.com/1055587 https://bugzilla.suse.com/1056291 https://bugzilla.suse.com/1056334 https://bugzilla.suse.com/1057378 https://bugzilla.suse.com/1057585 https://bugzilla.suse.com/1057966 https://bugzilla.suse.com/1062069 https://bugzilla.suse.com/1062942 https://bugzilla.suse.com/1063122 From sle-updates at lists.suse.com Fri Nov 3 08:07:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Nov 2017 15:07:16 +0100 (CET) Subject: SUSE-RU-2017:2925-1: moderate: Recommended update for rhnlib, spacewalk-client-tools, spacewalksd, suseRegisterInfo Message-ID: <20171103140716.16B19FCB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for rhnlib, spacewalk-client-tools, spacewalksd, suseRegisterInfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2925-1 Rating: moderate References: #1015136 #1019360 #1025312 #1031667 #1049936 #974864 #990738 #994619 #998185 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for rhnlib, spacewalk-client-tools, spacewalksd and suseRegisterInfo provides fixes and enhancements. rhnlib (update to 2.7.2.1): - Support all TLS versions in rpclib. (bsc#1025312) - Add function aliases for backward compatibility. (bsc#998185) - Set one required attribute to be compatible with all xmlrpclib versions. - Don't use tmpDir configuration from /etc/sysconfig/rhn/up2date. - Multiple Python 2 and 3 compatibility fixes. spacewalk-client-tools (update to 2.7.6.2): - Enable detection of Oracle Linux during registration. - Fix reboot message to use correct product name. (bsc#1031667) - Fix UnicodeDecodeError when running rhnreg_ks with a different locale than en_US. - Resolve /etc/hostname if not FQDN on traditional registration. (bsc#1019360) - Prevent crashes if machine-id is None. (bsc#994619) - Ignore packages with not UTF-8 characters in name, version and release. (bsc#990738) - Convert dbus.Int32 to int to fix a TypeError during registration. (bsc#974864) - Replace upstream subscription counting with new subscription matching. (fate#311619) - Multiple Python 2 and 3 compatibility fixes. spacewalksd (update to 5.0.26): - Fix permissions of PID files in spacewalksd. (bsc#1049936) - Use spacewalk-update-status only on registered systems. (bsc#1015136) suseRegisterInfo (update to 3.1.1) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-rhnlib-13335=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): rhnlib-2.7.2.1-12.3.1 spacewalksd-5.0.26.3-10.3.1 suseRegisterInfo-3.1.1-15.3.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): spacewalk-check-2.7.6.2-22.3.1 spacewalk-client-setup-2.7.6.2-22.3.1 spacewalk-client-tools-2.7.6.2-22.3.1 References: https://bugzilla.suse.com/1015136 https://bugzilla.suse.com/1019360 https://bugzilla.suse.com/1025312 https://bugzilla.suse.com/1031667 https://bugzilla.suse.com/1049936 https://bugzilla.suse.com/974864 https://bugzilla.suse.com/990738 https://bugzilla.suse.com/994619 https://bugzilla.suse.com/998185 From sle-updates at lists.suse.com Fri Nov 3 08:08:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Nov 2017 15:08:58 +0100 (CET) Subject: SUSE-RU-2017:2926-1: moderate: Recommended update for python-eventlet Message-ID: <20171103140858.B79CDFCC4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-eventlet ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2926-1 Rating: moderate References: #1060405 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-eventlet fixes the following issue: - Fix recv_into blocking when reading chunks of data to resolve an issue when the database is configured with SSL. (bsc#1060405) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1811=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): python-eventlet-0.19.0-2.3.1 References: https://bugzilla.suse.com/1060405 From sle-updates at lists.suse.com Fri Nov 3 14:07:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Nov 2017 21:07:21 +0100 (CET) Subject: SUSE-RU-2017:2927-1: moderate: Recommended update for sg3_utils Message-ID: <20171103200721.50474FCC4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sg3_utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2927-1 Rating: moderate References: #1046705 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sg3_utils provides the following fix: - Handle VPD page 0x80 correctly (bsc#1046705) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1813=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1813=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1813=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): libsgutils2-2-1.42-7.10.1 libsgutils2-2-debuginfo-1.42-7.10.1 sg3_utils-1.42-7.10.1 sg3_utils-debuginfo-1.42-7.10.1 sg3_utils-debugsource-1.42-7.10.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libsgutils2-2-1.42-7.10.1 libsgutils2-2-debuginfo-1.42-7.10.1 sg3_utils-1.42-7.10.1 sg3_utils-debuginfo-1.42-7.10.1 sg3_utils-debugsource-1.42-7.10.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libsgutils2-2-1.42-7.10.1 libsgutils2-2-debuginfo-1.42-7.10.1 sg3_utils-1.42-7.10.1 sg3_utils-debuginfo-1.42-7.10.1 sg3_utils-debugsource-1.42-7.10.1 References: https://bugzilla.suse.com/1046705 From sle-updates at lists.suse.com Mon Nov 6 07:07:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Nov 2017 15:07:29 +0100 (CET) Subject: SUSE-SU-2017:2931-1: important: Security update for libwpd Message-ID: <20171106140729.1824FFCC4@maintenance.suse.de> SUSE Security Update: Security update for libwpd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2931-1 Rating: important References: #1058025 Cross-References: CVE-2017-14226 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libwpd fixes the following issues: Security issue fixed: - CVE-2017-14226: WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. (bnc#1058025) Bugfixes: - Fix various crashes, leaks and hangs when reading damaged files found by oss-fuzz. - Fix crash when NULL is passed as input stream. - Use symbol visibility on Linux. The library only exports public functions now. - Avoid infinite loop. (libwpd#3) - Remove bashism. (libwpd#5) - Fix various crashes and hangs when reading broken files found with the help of american-fuzzy-lop. - Make --help output of all command line tools more help2man-friendly. - Miscellaneous fixes and cleanups. - Generate manpages for the libwpd-tools Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1816=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1816=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1816=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1816=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1816=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1816=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): libwpd-0_10-10-0.10.2-2.4.1 libwpd-0_10-10-debuginfo-0.10.2-2.4.1 libwpd-debugsource-0.10.2-2.4.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libwpd-0_10-10-0.10.2-2.4.1 libwpd-0_10-10-debuginfo-0.10.2-2.4.1 libwpd-debugsource-0.10.2-2.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libwpd-0_10-10-0.10.2-2.4.1 libwpd-0_10-10-debuginfo-0.10.2-2.4.1 libwpd-debugsource-0.10.2-2.4.1 libwpd-devel-0.10.2-2.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (noarch): libwpd-devel-doc-0.10.2-2.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libwpd-0_10-10-0.10.2-2.4.1 libwpd-0_10-10-debuginfo-0.10.2-2.4.1 libwpd-debugsource-0.10.2-2.4.1 libwpd-devel-0.10.2-2.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (noarch): libwpd-devel-doc-0.10.2-2.4.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libwpd-0_10-10-0.10.2-2.4.1 libwpd-0_10-10-debuginfo-0.10.2-2.4.1 libwpd-debugsource-0.10.2-2.4.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libwpd-0_10-10-0.10.2-2.4.1 libwpd-0_10-10-debuginfo-0.10.2-2.4.1 libwpd-debugsource-0.10.2-2.4.1 References: https://www.suse.com/security/cve/CVE-2017-14226.html https://bugzilla.suse.com/1058025 From sle-updates at lists.suse.com Mon Nov 6 07:07:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Nov 2017 15:07:55 +0100 (CET) Subject: SUSE-SU-2017:2932-1: moderate: Security update for SuSEfirewall2 Message-ID: <20171106140755.580DCFCC0@maintenance.suse.de> SUSE Security Update: Security update for SuSEfirewall2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2932-1 Rating: moderate References: #1064127 Cross-References: CVE-2017-15638 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed a security issue with too open implicit portmapper rules (bsc#1064127): A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to everyone in the affected zone. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1814=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1814=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1814=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): SuSEfirewall2-3.6.312-2.13.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): SuSEfirewall2-3.6.312-2.13.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): SuSEfirewall2-3.6.312-2.13.1 References: https://www.suse.com/security/cve/CVE-2017-15638.html https://bugzilla.suse.com/1064127 From sle-updates at lists.suse.com Mon Nov 6 07:08:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Nov 2017 15:08:24 +0100 (CET) Subject: SUSE-SU-2017:2933-1: important: Security update for webkit2gtk3 Message-ID: <20171106140824.BE01BFCC0@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2933-1 Rating: important References: #1020950 #1024749 #1045460 #1050469 Cross-References: CVE-2016-7586 CVE-2016-7589 CVE-2016-7592 CVE-2016-7599 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2538 CVE-2017-2539 CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-7064 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 40 vulnerabilities is now available. Description: This update for webkit2gtk3 to version 2.18.0 fixes the following issues: These security issues were fixed: - CVE-2017-7039: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7018: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7030: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7037: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7034: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7055: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7056: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7064: An issue was fixed that allowed remote attackers to bypass intended memory-read restrictions via a crafted app (bsc#1050469). - CVE-2017-7061: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7048: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7046: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-2538: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1045460) - CVE-2017-2496: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2539: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2510: An issue was fixed that allowed remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. - CVE-2017-2365: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2366: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2373: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2363: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2362: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2354: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749). - CVE-2017-2355: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2356: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2371: An issue was fixed that allowed remote attackers to launch popups via a crafted web site (bsc#1024749) - CVE-2017-2364: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2369: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2016-7656: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7635: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7654: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7639: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7645: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7652: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7641: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7632: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7599: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that used HTTP redirects (bsc#1020950) - CVE-2016-7592: An issue was fixed that allowed remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site (bsc#1020950) - CVE-2016-7589: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7623: An issue was fixed that allowed remote attackers to obtain sensitive information via a blob URL on a web site (bsc#1020950) - CVE-2016-7586: An issue was fixed that allowed remote attackers to obtain sensitive information via a crafted web site (bsc#1020950) For other non-security fixes please check the changelog. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1815=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1815=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1815=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1815=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1815=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1815=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1815=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1815=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1815=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): libwebkit2gtk3-lang-2.18.0-2.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): libwebkit2gtk3-lang-2.18.0-2.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): webkit2gtk3-debugsource-2.18.0-2.9.1 webkit2gtk3-devel-2.18.0-2.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): webkit2gtk3-debugsource-2.18.0-2.9.1 webkit2gtk3-devel-2.18.0-2.9.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libjavascriptcoregtk-4_0-18-2.18.0-2.9.1 libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1 libwebkit2gtk-4_0-37-2.18.0-2.9.1 libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1 typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1 typelib-1_0-WebKit2-4_0-2.18.0-2.9.1 webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1 webkit2gtk3-debugsource-2.18.0-2.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.18.0-2.9.1 libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1 libwebkit2gtk-4_0-37-2.18.0-2.9.1 libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1 typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1 typelib-1_0-WebKit2-4_0-2.18.0-2.9.1 webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1 webkit2gtk3-debugsource-2.18.0-2.9.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.18.0-2.9.1 libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1 libwebkit2gtk-4_0-37-2.18.0-2.9.1 libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1 typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1 typelib-1_0-WebKit2-4_0-2.18.0-2.9.1 webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1 webkit2gtk3-debugsource-2.18.0-2.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libjavascriptcoregtk-4_0-18-2.18.0-2.9.1 libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1 libwebkit2gtk-4_0-37-2.18.0-2.9.1 libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1 typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1 typelib-1_0-WebKit2-4_0-2.18.0-2.9.1 webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1 webkit2gtk3-debugsource-2.18.0-2.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): libwebkit2gtk3-lang-2.18.0-2.9.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libjavascriptcoregtk-4_0-18-2.18.0-2.9.1 libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1 libwebkit2gtk-4_0-37-2.18.0-2.9.1 libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1 typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1 typelib-1_0-WebKit2-4_0-2.18.0-2.9.1 webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1 webkit2gtk3-debugsource-2.18.0-2.9.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): libwebkit2gtk3-lang-2.18.0-2.9.1 References: https://www.suse.com/security/cve/CVE-2016-7586.html https://www.suse.com/security/cve/CVE-2016-7589.html https://www.suse.com/security/cve/CVE-2016-7592.html https://www.suse.com/security/cve/CVE-2016-7599.html https://www.suse.com/security/cve/CVE-2016-7623.html https://www.suse.com/security/cve/CVE-2016-7632.html https://www.suse.com/security/cve/CVE-2016-7635.html https://www.suse.com/security/cve/CVE-2016-7639.html https://www.suse.com/security/cve/CVE-2016-7641.html https://www.suse.com/security/cve/CVE-2016-7645.html https://www.suse.com/security/cve/CVE-2016-7652.html https://www.suse.com/security/cve/CVE-2016-7654.html https://www.suse.com/security/cve/CVE-2016-7656.html https://www.suse.com/security/cve/CVE-2017-2350.html https://www.suse.com/security/cve/CVE-2017-2354.html https://www.suse.com/security/cve/CVE-2017-2355.html https://www.suse.com/security/cve/CVE-2017-2356.html https://www.suse.com/security/cve/CVE-2017-2362.html https://www.suse.com/security/cve/CVE-2017-2363.html https://www.suse.com/security/cve/CVE-2017-2364.html https://www.suse.com/security/cve/CVE-2017-2365.html https://www.suse.com/security/cve/CVE-2017-2366.html https://www.suse.com/security/cve/CVE-2017-2369.html https://www.suse.com/security/cve/CVE-2017-2371.html https://www.suse.com/security/cve/CVE-2017-2373.html https://www.suse.com/security/cve/CVE-2017-2496.html https://www.suse.com/security/cve/CVE-2017-2510.html https://www.suse.com/security/cve/CVE-2017-2538.html https://www.suse.com/security/cve/CVE-2017-2539.html https://www.suse.com/security/cve/CVE-2017-7018.html https://www.suse.com/security/cve/CVE-2017-7030.html https://www.suse.com/security/cve/CVE-2017-7034.html https://www.suse.com/security/cve/CVE-2017-7037.html https://www.suse.com/security/cve/CVE-2017-7039.html https://www.suse.com/security/cve/CVE-2017-7046.html https://www.suse.com/security/cve/CVE-2017-7048.html https://www.suse.com/security/cve/CVE-2017-7055.html https://www.suse.com/security/cve/CVE-2017-7056.html https://www.suse.com/security/cve/CVE-2017-7061.html https://www.suse.com/security/cve/CVE-2017-7064.html https://bugzilla.suse.com/1020950 https://bugzilla.suse.com/1024749 https://bugzilla.suse.com/1045460 https://bugzilla.suse.com/1050469 From sle-updates at lists.suse.com Mon Nov 6 13:07:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Nov 2017 21:07:32 +0100 (CET) Subject: SUSE-SU-2017:2935-1: moderate: Security update for SuSEfirewall2 Message-ID: <20171106200732.53F67FCB8@maintenance.suse.de> SUSE Security Update: Security update for SuSEfirewall2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2935-1 Rating: moderate References: #1064127 Cross-References: CVE-2017-15638 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed security issue with too open implicit portmapper rules (bsc#1064127): A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to everyone in the affected zone when the "rpc" matching was used. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1822=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1822=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): SuSEfirewall2-3.6.312.333-3.10.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): SuSEfirewall2-3.6.312.333-3.10.1 References: https://www.suse.com/security/cve/CVE-2017-15638.html https://bugzilla.suse.com/1064127 From sle-updates at lists.suse.com Mon Nov 6 13:07:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Nov 2017 21:07:59 +0100 (CET) Subject: SUSE-SU-2017:2936-1: important: Security update for qemu Message-ID: <20171106200759.56C33FCC0@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2936-1 Rating: important References: #1043176 #1043808 #1046636 #1047674 #1048902 #1049381 #1054724 #1056334 #1057378 #1057585 #1057966 #1059369 #1062069 #1062942 #1063122 #997358 Cross-References: CVE-2017-10664 CVE-2017-10806 CVE-2017-10911 CVE-2017-11334 CVE-2017-11434 CVE-2017-12809 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15268 CVE-2017-15289 CVE-2017-9524 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has four fixes is now available. Description: This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942). - CVE-2017-9524: The qemu-nbd server when built with the Network Block Device (NBD) Server support allowed remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs talking to a client in the nbd_negotiate function (bsc#1043808). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069) - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378) - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724) - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636) - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674) - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585) - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381) - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334) These non-security issues were fixed: - Fixed not being able to build from rpm sources due to undefined macro (bsc#1057966) - Fixed wrong permissions for kvm_stat.1 file - Fixed KVM lun resize not working as expected on SLES12 SP2 HV (bsc#1043176) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1821=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1821=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1821=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): qemu-2.6.2-41.22.2 qemu-arm-2.6.2-41.22.2 qemu-arm-debuginfo-2.6.2-41.22.2 qemu-block-curl-2.6.2-41.22.2 qemu-block-curl-debuginfo-2.6.2-41.22.2 qemu-block-rbd-2.6.2-41.22.2 qemu-block-rbd-debuginfo-2.6.2-41.22.2 qemu-block-ssh-2.6.2-41.22.2 qemu-block-ssh-debuginfo-2.6.2-41.22.2 qemu-debugsource-2.6.2-41.22.2 qemu-guest-agent-2.6.2-41.22.2 qemu-guest-agent-debuginfo-2.6.2-41.22.2 qemu-lang-2.6.2-41.22.2 qemu-tools-2.6.2-41.22.2 qemu-tools-debuginfo-2.6.2-41.22.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): qemu-ipxe-1.0.0-41.22.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): qemu-2.6.2-41.22.2 qemu-block-curl-2.6.2-41.22.2 qemu-block-curl-debuginfo-2.6.2-41.22.2 qemu-block-ssh-2.6.2-41.22.2 qemu-block-ssh-debuginfo-2.6.2-41.22.2 qemu-debugsource-2.6.2-41.22.2 qemu-guest-agent-2.6.2-41.22.2 qemu-guest-agent-debuginfo-2.6.2-41.22.2 qemu-lang-2.6.2-41.22.2 qemu-tools-2.6.2-41.22.2 qemu-tools-debuginfo-2.6.2-41.22.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): qemu-block-rbd-2.6.2-41.22.2 qemu-block-rbd-debuginfo-2.6.2-41.22.2 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): qemu-kvm-2.6.2-41.22.2 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.22.2 qemu-ppc-debuginfo-2.6.2-41.22.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64): qemu-arm-2.6.2-41.22.2 qemu-arm-debuginfo-2.6.2-41.22.2 - SUSE Linux Enterprise Server 12-SP2 (x86_64): qemu-x86-2.6.2-41.22.2 - SUSE Linux Enterprise Server 12-SP2 (noarch): qemu-ipxe-1.0.0-41.22.2 qemu-seabios-1.9.1-41.22.2 qemu-sgabios-8-41.22.2 qemu-vgabios-1.9.1-41.22.2 - SUSE Linux Enterprise Server 12-SP2 (s390x): qemu-s390-2.6.2-41.22.2 qemu-s390-debuginfo-2.6.2-41.22.2 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): qemu-ipxe-1.0.0-41.22.2 qemu-seabios-1.9.1-41.22.2 qemu-sgabios-8-41.22.2 qemu-vgabios-1.9.1-41.22.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): qemu-2.6.2-41.22.2 qemu-block-curl-2.6.2-41.22.2 qemu-block-curl-debuginfo-2.6.2-41.22.2 qemu-debugsource-2.6.2-41.22.2 qemu-kvm-2.6.2-41.22.2 qemu-tools-2.6.2-41.22.2 qemu-tools-debuginfo-2.6.2-41.22.2 qemu-x86-2.6.2-41.22.2 References: https://www.suse.com/security/cve/CVE-2017-10664.html https://www.suse.com/security/cve/CVE-2017-10806.html https://www.suse.com/security/cve/CVE-2017-10911.html https://www.suse.com/security/cve/CVE-2017-11334.html https://www.suse.com/security/cve/CVE-2017-11434.html https://www.suse.com/security/cve/CVE-2017-12809.html https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2017-14167.html https://www.suse.com/security/cve/CVE-2017-15038.html https://www.suse.com/security/cve/CVE-2017-15268.html https://www.suse.com/security/cve/CVE-2017-15289.html https://www.suse.com/security/cve/CVE-2017-9524.html https://bugzilla.suse.com/1043176 https://bugzilla.suse.com/1043808 https://bugzilla.suse.com/1046636 https://bugzilla.suse.com/1047674 https://bugzilla.suse.com/1048902 https://bugzilla.suse.com/1049381 https://bugzilla.suse.com/1054724 https://bugzilla.suse.com/1056334 https://bugzilla.suse.com/1057378 https://bugzilla.suse.com/1057585 https://bugzilla.suse.com/1057966 https://bugzilla.suse.com/1059369 https://bugzilla.suse.com/1062069 https://bugzilla.suse.com/1062942 https://bugzilla.suse.com/1063122 https://bugzilla.suse.com/997358 From sle-updates at lists.suse.com Mon Nov 6 13:10:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Nov 2017 21:10:26 +0100 (CET) Subject: SUSE-SU-2017:2937-1: moderate: Security update for sssd Message-ID: <20171106201026.335EEFCC4@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2937-1 Rating: moderate References: #1039567 #1055123 #1061832 Cross-References: CVE-2017-12173 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for sssd provides the following fixes: Security issues fixed: - CVE-2017-12173: Fixed unsanitized input when searching in local cache database (bsc#1061832). Non security issues fixed: - Fixed a segfault issue in ldap_rfc_2307_fallback_to_local_users. (bsc#1055123) - Install /var/lib/sss/mc directory to correct sssd cache invalidation behaviour. (bsc#1039567) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1823=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1823=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1823=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1823=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1823=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1823=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1823=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.13.4-34.7.1 libsss_idmap-devel-1.13.4-34.7.1 libsss_nss_idmap-devel-1.13.4-34.7.1 sssd-debuginfo-1.13.4-34.7.1 sssd-debugsource-1.13.4-34.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.13.4-34.7.1 libsss_idmap-devel-1.13.4-34.7.1 libsss_nss_idmap-devel-1.13.4-34.7.1 libsss_nss_idmap0-1.13.4-34.7.1 libsss_nss_idmap0-debuginfo-1.13.4-34.7.1 sssd-debuginfo-1.13.4-34.7.1 sssd-debugsource-1.13.4-34.7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libipa_hbac0-1.13.4-34.7.1 libipa_hbac0-debuginfo-1.13.4-34.7.1 libsss_idmap0-1.13.4-34.7.1 libsss_idmap0-debuginfo-1.13.4-34.7.1 libsss_sudo-1.13.4-34.7.1 libsss_sudo-debuginfo-1.13.4-34.7.1 python-sssd-config-1.13.4-34.7.1 python-sssd-config-debuginfo-1.13.4-34.7.1 sssd-1.13.4-34.7.1 sssd-ad-1.13.4-34.7.1 sssd-ad-debuginfo-1.13.4-34.7.1 sssd-debuginfo-1.13.4-34.7.1 sssd-debugsource-1.13.4-34.7.1 sssd-ipa-1.13.4-34.7.1 sssd-ipa-debuginfo-1.13.4-34.7.1 sssd-krb5-1.13.4-34.7.1 sssd-krb5-common-1.13.4-34.7.1 sssd-krb5-common-debuginfo-1.13.4-34.7.1 sssd-krb5-debuginfo-1.13.4-34.7.1 sssd-ldap-1.13.4-34.7.1 sssd-ldap-debuginfo-1.13.4-34.7.1 sssd-proxy-1.13.4-34.7.1 sssd-proxy-debuginfo-1.13.4-34.7.1 sssd-tools-1.13.4-34.7.1 sssd-tools-debuginfo-1.13.4-34.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.13.4-34.7.1 libipa_hbac0-debuginfo-1.13.4-34.7.1 libsss_idmap0-1.13.4-34.7.1 libsss_idmap0-debuginfo-1.13.4-34.7.1 libsss_nss_idmap0-1.13.4-34.7.1 libsss_nss_idmap0-debuginfo-1.13.4-34.7.1 libsss_sudo-1.13.4-34.7.1 libsss_sudo-debuginfo-1.13.4-34.7.1 python-sssd-config-1.13.4-34.7.1 python-sssd-config-debuginfo-1.13.4-34.7.1 sssd-1.13.4-34.7.1 sssd-ad-1.13.4-34.7.1 sssd-ad-debuginfo-1.13.4-34.7.1 sssd-debuginfo-1.13.4-34.7.1 sssd-debugsource-1.13.4-34.7.1 sssd-ipa-1.13.4-34.7.1 sssd-ipa-debuginfo-1.13.4-34.7.1 sssd-krb5-1.13.4-34.7.1 sssd-krb5-common-1.13.4-34.7.1 sssd-krb5-common-debuginfo-1.13.4-34.7.1 sssd-krb5-debuginfo-1.13.4-34.7.1 sssd-ldap-1.13.4-34.7.1 sssd-ldap-debuginfo-1.13.4-34.7.1 sssd-proxy-1.13.4-34.7.1 sssd-proxy-debuginfo-1.13.4-34.7.1 sssd-tools-1.13.4-34.7.1 sssd-tools-debuginfo-1.13.4-34.7.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): sssd-32bit-1.13.4-34.7.1 sssd-debuginfo-32bit-1.13.4-34.7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.13.4-34.7.1 libipa_hbac0-debuginfo-1.13.4-34.7.1 libsss_idmap0-1.13.4-34.7.1 libsss_idmap0-debuginfo-1.13.4-34.7.1 libsss_sudo-1.13.4-34.7.1 libsss_sudo-debuginfo-1.13.4-34.7.1 python-sssd-config-1.13.4-34.7.1 python-sssd-config-debuginfo-1.13.4-34.7.1 sssd-1.13.4-34.7.1 sssd-ad-1.13.4-34.7.1 sssd-ad-debuginfo-1.13.4-34.7.1 sssd-debuginfo-1.13.4-34.7.1 sssd-debugsource-1.13.4-34.7.1 sssd-ipa-1.13.4-34.7.1 sssd-ipa-debuginfo-1.13.4-34.7.1 sssd-krb5-1.13.4-34.7.1 sssd-krb5-common-1.13.4-34.7.1 sssd-krb5-common-debuginfo-1.13.4-34.7.1 sssd-krb5-debuginfo-1.13.4-34.7.1 sssd-ldap-1.13.4-34.7.1 sssd-ldap-debuginfo-1.13.4-34.7.1 sssd-proxy-1.13.4-34.7.1 sssd-proxy-debuginfo-1.13.4-34.7.1 sssd-tools-1.13.4-34.7.1 sssd-tools-debuginfo-1.13.4-34.7.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): sssd-32bit-1.13.4-34.7.1 sssd-debuginfo-32bit-1.13.4-34.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libipa_hbac0-1.13.4-34.7.1 libipa_hbac0-debuginfo-1.13.4-34.7.1 libsss_idmap0-1.13.4-34.7.1 libsss_idmap0-debuginfo-1.13.4-34.7.1 libsss_nss_idmap0-1.13.4-34.7.1 libsss_nss_idmap0-debuginfo-1.13.4-34.7.1 libsss_sudo-1.13.4-34.7.1 libsss_sudo-debuginfo-1.13.4-34.7.1 python-sssd-config-1.13.4-34.7.1 python-sssd-config-debuginfo-1.13.4-34.7.1 sssd-1.13.4-34.7.1 sssd-32bit-1.13.4-34.7.1 sssd-ad-1.13.4-34.7.1 sssd-ad-debuginfo-1.13.4-34.7.1 sssd-debuginfo-1.13.4-34.7.1 sssd-debuginfo-32bit-1.13.4-34.7.1 sssd-debugsource-1.13.4-34.7.1 sssd-ipa-1.13.4-34.7.1 sssd-ipa-debuginfo-1.13.4-34.7.1 sssd-krb5-1.13.4-34.7.1 sssd-krb5-common-1.13.4-34.7.1 sssd-krb5-common-debuginfo-1.13.4-34.7.1 sssd-krb5-debuginfo-1.13.4-34.7.1 sssd-ldap-1.13.4-34.7.1 sssd-ldap-debuginfo-1.13.4-34.7.1 sssd-proxy-1.13.4-34.7.1 sssd-proxy-debuginfo-1.13.4-34.7.1 sssd-tools-1.13.4-34.7.1 sssd-tools-debuginfo-1.13.4-34.7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libipa_hbac0-1.13.4-34.7.1 libipa_hbac0-debuginfo-1.13.4-34.7.1 libsss_idmap0-1.13.4-34.7.1 libsss_idmap0-debuginfo-1.13.4-34.7.1 libsss_sudo-1.13.4-34.7.1 libsss_sudo-debuginfo-1.13.4-34.7.1 python-sssd-config-1.13.4-34.7.1 python-sssd-config-debuginfo-1.13.4-34.7.1 sssd-1.13.4-34.7.1 sssd-32bit-1.13.4-34.7.1 sssd-ad-1.13.4-34.7.1 sssd-ad-debuginfo-1.13.4-34.7.1 sssd-debuginfo-1.13.4-34.7.1 sssd-debuginfo-32bit-1.13.4-34.7.1 sssd-debugsource-1.13.4-34.7.1 sssd-ipa-1.13.4-34.7.1 sssd-ipa-debuginfo-1.13.4-34.7.1 sssd-krb5-1.13.4-34.7.1 sssd-krb5-common-1.13.4-34.7.1 sssd-krb5-common-debuginfo-1.13.4-34.7.1 sssd-krb5-debuginfo-1.13.4-34.7.1 sssd-ldap-1.13.4-34.7.1 sssd-ldap-debuginfo-1.13.4-34.7.1 sssd-proxy-1.13.4-34.7.1 sssd-proxy-debuginfo-1.13.4-34.7.1 sssd-tools-1.13.4-34.7.1 sssd-tools-debuginfo-1.13.4-34.7.1 References: https://www.suse.com/security/cve/CVE-2017-12173.html https://bugzilla.suse.com/1039567 https://bugzilla.suse.com/1055123 https://bugzilla.suse.com/1061832 From sle-updates at lists.suse.com Tue Nov 7 16:09:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Nov 2017 00:09:10 +0100 (CET) Subject: SUSE-RU-2017:2945-1: Recommended update for release-notes-sles Message-ID: <20171107230910.4925FFCC5@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2945-1 Rating: low References: #1040813 #1064422 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: The Release Notes of SUSE Linux Enterprise 12 SP3 have been updated to document: - KVM Now Supports up to 288 vCPUs (fate#321335) - Support for KVM (fate#321734) - Automatic Log Rotation Will Be Disabled After Upgrade (fate#322037) - OFED-related Packages Replaced by Packages From New Upstream (fate#322112) - FCoE Storage Does Not Work with Cavium or QLogic Storage Controllers with FCoE Offload (fate#323796, bsc#1040813) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1824=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): release-notes-sles-12.3.20171020-2.9.1 References: https://bugzilla.suse.com/1040813 https://bugzilla.suse.com/1064422 From sle-updates at lists.suse.com Wed Nov 8 04:10:06 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Nov 2017 12:10:06 +0100 (CET) Subject: SUSE-SU-2017:2946-1: important: Security update for qemu Message-ID: <20171108111006.B72DCFCC5@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2946-1 Rating: important References: #1020427 #1021741 #1025109 #1025311 #1028184 #1028656 #1030624 #1032075 #1034866 #1034908 #1035406 #1035950 #1036211 #1037242 #1037334 #1037336 #1039495 #1042159 #1042800 #1042801 #1043073 #1043296 #1045035 #1046636 #1047674 #1048902 #1049381 #1054724 #1056334 #1057378 #1057585 #1062069 #1063122 #994418 #994605 Cross-References: CVE-2016-6834 CVE-2016-6835 CVE-2016-9602 CVE-2016-9603 CVE-2017-10664 CVE-2017-10806 CVE-2017-10911 CVE-2017-11334 CVE-2017-11434 CVE-2017-12809 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15289 CVE-2017-5579 CVE-2017-5973 CVE-2017-5987 CVE-2017-6505 CVE-2017-7377 CVE-2017-7471 CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8112 CVE-2017-8309 CVE-2017-8379 CVE-2017-8380 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 CVE-2017-9375 CVE-2017-9503 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves 33 vulnerabilities and has two fixes is now available. Description: This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378). - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069) - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585) - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381) - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334) - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109) - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c allowed local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer (bsc#1025311) - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184) - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908) - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406) - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036211) - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800) - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043073) - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159) - CVE-2017-8379: Memory leak in the keyboard input event handlers support allowed local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events (bsc#1037334) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242) - CVE-2017-8380: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to an out-of-bounds read access issue which allowed a privileged user inside guest to read host memory resulting in DoS (bsc#1037336) - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495) - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741) - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296) - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636) - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674) - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427) - CVE-2017-7377: The v9fs_create and v9fs_lcreate functions in hw/9pfs/9p.c allowed local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid (bsc#1032075) - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950) - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866) - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994605) - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994418) - Fix privilege escalation in TCG mode (bsc#1030624) This non-security issue was fixed: - Fix regression introduced by recent virtfs security fixes (bsc#1045035) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1827=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1827=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1827=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): qemu-2.3.1-33.3.3 qemu-block-curl-2.3.1-33.3.3 qemu-block-curl-debuginfo-2.3.1-33.3.3 qemu-block-rbd-2.3.1-33.3.3 qemu-block-rbd-debuginfo-2.3.1-33.3.3 qemu-debugsource-2.3.1-33.3.3 qemu-guest-agent-2.3.1-33.3.3 qemu-guest-agent-debuginfo-2.3.1-33.3.3 qemu-kvm-2.3.1-33.3.3 qemu-lang-2.3.1-33.3.3 qemu-tools-2.3.1-33.3.3 qemu-tools-debuginfo-2.3.1-33.3.3 qemu-x86-2.3.1-33.3.3 - SUSE OpenStack Cloud 6 (noarch): qemu-ipxe-1.0.0-33.3.3 qemu-seabios-1.8.1-33.3.3 qemu-sgabios-8-33.3.3 qemu-vgabios-1.8.1-33.3.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): qemu-2.3.1-33.3.3 qemu-block-curl-2.3.1-33.3.3 qemu-block-curl-debuginfo-2.3.1-33.3.3 qemu-debugsource-2.3.1-33.3.3 qemu-guest-agent-2.3.1-33.3.3 qemu-guest-agent-debuginfo-2.3.1-33.3.3 qemu-lang-2.3.1-33.3.3 qemu-tools-2.3.1-33.3.3 qemu-tools-debuginfo-2.3.1-33.3.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le): qemu-ppc-2.3.1-33.3.3 qemu-ppc-debuginfo-2.3.1-33.3.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): qemu-block-rbd-2.3.1-33.3.3 qemu-block-rbd-debuginfo-2.3.1-33.3.3 qemu-kvm-2.3.1-33.3.3 qemu-x86-2.3.1-33.3.3 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): qemu-ipxe-1.0.0-33.3.3 qemu-seabios-1.8.1-33.3.3 qemu-sgabios-8-33.3.3 qemu-vgabios-1.8.1-33.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): qemu-2.3.1-33.3.3 qemu-block-curl-2.3.1-33.3.3 qemu-block-curl-debuginfo-2.3.1-33.3.3 qemu-debugsource-2.3.1-33.3.3 qemu-guest-agent-2.3.1-33.3.3 qemu-guest-agent-debuginfo-2.3.1-33.3.3 qemu-lang-2.3.1-33.3.3 qemu-tools-2.3.1-33.3.3 qemu-tools-debuginfo-2.3.1-33.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): qemu-kvm-2.3.1-33.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le): qemu-ppc-2.3.1-33.3.3 qemu-ppc-debuginfo-2.3.1-33.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): qemu-block-rbd-2.3.1-33.3.3 qemu-block-rbd-debuginfo-2.3.1-33.3.3 qemu-x86-2.3.1-33.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): qemu-ipxe-1.0.0-33.3.3 qemu-seabios-1.8.1-33.3.3 qemu-sgabios-8-33.3.3 qemu-vgabios-1.8.1-33.3.3 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): qemu-s390-2.3.1-33.3.3 qemu-s390-debuginfo-2.3.1-33.3.3 References: https://www.suse.com/security/cve/CVE-2016-6834.html https://www.suse.com/security/cve/CVE-2016-6835.html https://www.suse.com/security/cve/CVE-2016-9602.html https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-10664.html https://www.suse.com/security/cve/CVE-2017-10806.html https://www.suse.com/security/cve/CVE-2017-10911.html https://www.suse.com/security/cve/CVE-2017-11334.html https://www.suse.com/security/cve/CVE-2017-11434.html https://www.suse.com/security/cve/CVE-2017-12809.html https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2017-14167.html https://www.suse.com/security/cve/CVE-2017-15038.html https://www.suse.com/security/cve/CVE-2017-15289.html https://www.suse.com/security/cve/CVE-2017-5579.html https://www.suse.com/security/cve/CVE-2017-5973.html https://www.suse.com/security/cve/CVE-2017-5987.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7377.html https://www.suse.com/security/cve/CVE-2017-7471.html https://www.suse.com/security/cve/CVE-2017-7493.html https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://www.suse.com/security/cve/CVE-2017-8086.html https://www.suse.com/security/cve/CVE-2017-8112.html https://www.suse.com/security/cve/CVE-2017-8309.html https://www.suse.com/security/cve/CVE-2017-8379.html https://www.suse.com/security/cve/CVE-2017-8380.html https://www.suse.com/security/cve/CVE-2017-9330.html https://www.suse.com/security/cve/CVE-2017-9373.html https://www.suse.com/security/cve/CVE-2017-9374.html https://www.suse.com/security/cve/CVE-2017-9375.html https://www.suse.com/security/cve/CVE-2017-9503.html https://bugzilla.suse.com/1020427 https://bugzilla.suse.com/1021741 https://bugzilla.suse.com/1025109 https://bugzilla.suse.com/1025311 https://bugzilla.suse.com/1028184 https://bugzilla.suse.com/1028656 https://bugzilla.suse.com/1030624 https://bugzilla.suse.com/1032075 https://bugzilla.suse.com/1034866 https://bugzilla.suse.com/1034908 https://bugzilla.suse.com/1035406 https://bugzilla.suse.com/1035950 https://bugzilla.suse.com/1036211 https://bugzilla.suse.com/1037242 https://bugzilla.suse.com/1037334 https://bugzilla.suse.com/1037336 https://bugzilla.suse.com/1039495 https://bugzilla.suse.com/1042159 https://bugzilla.suse.com/1042800 https://bugzilla.suse.com/1042801 https://bugzilla.suse.com/1043073 https://bugzilla.suse.com/1043296 https://bugzilla.suse.com/1045035 https://bugzilla.suse.com/1046636 https://bugzilla.suse.com/1047674 https://bugzilla.suse.com/1048902 https://bugzilla.suse.com/1049381 https://bugzilla.suse.com/1054724 https://bugzilla.suse.com/1056334 https://bugzilla.suse.com/1057378 https://bugzilla.suse.com/1057585 https://bugzilla.suse.com/1062069 https://bugzilla.suse.com/1063122 https://bugzilla.suse.com/994418 https://bugzilla.suse.com/994605 From sle-updates at lists.suse.com Wed Nov 8 04:15:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Nov 2017 12:15:33 +0100 (CET) Subject: SUSE-SU-2017:2947-1: moderate: Security update for shadow Message-ID: <20171108111533.0398AFCD6@maintenance.suse.de> SUSE Security Update: Security update for shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2947-1 Rating: moderate References: #1023895 #1052261 #980486 Cross-References: CVE-2017-12424 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for shadow fixes several issues. This security issue was fixed: - CVE-2017-12424: The newusers tool could have been forced to manipulate internal data structures in ways unintended by the authors. Malformed input may have lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors (bsc#1052261). These non-security issues were fixed: - bsc#1023895: Fixed man page to not contain invalid options and also prevent warnings when using these options in certain settings - bsc#980486: Reset user in /var/log/tallylog because of the usage of pam_tally2 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1829=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1829=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1829=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1829=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1829=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1829=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1829=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): shadow-4.2.1-27.3.3 shadow-debuginfo-4.2.1-27.3.3 shadow-debugsource-4.2.1-27.3.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): shadow-4.2.1-27.3.3 shadow-debuginfo-4.2.1-27.3.3 shadow-debugsource-4.2.1-27.3.3 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): shadow-4.2.1-27.3.3 shadow-debuginfo-4.2.1-27.3.3 shadow-debugsource-4.2.1-27.3.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): shadow-4.2.1-27.3.3 shadow-debuginfo-4.2.1-27.3.3 shadow-debugsource-4.2.1-27.3.3 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): shadow-4.2.1-27.3.3 shadow-debuginfo-4.2.1-27.3.3 shadow-debugsource-4.2.1-27.3.3 - SUSE Container as a Service Platform ALL (x86_64): shadow-4.2.1-27.3.3 shadow-debuginfo-4.2.1-27.3.3 shadow-debugsource-4.2.1-27.3.3 - OpenStack Cloud Magnum Orchestration 7 (x86_64): shadow-4.2.1-27.3.3 shadow-debuginfo-4.2.1-27.3.3 shadow-debugsource-4.2.1-27.3.3 References: https://www.suse.com/security/cve/CVE-2017-12424.html https://bugzilla.suse.com/1023895 https://bugzilla.suse.com/1052261 https://bugzilla.suse.com/980486 From sle-updates at lists.suse.com Wed Nov 8 04:16:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Nov 2017 12:16:42 +0100 (CET) Subject: SUSE-SU-2017:2948-1: important: Security update for krb5 Message-ID: <20171108111642.1171BFCD2@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2948-1 Rating: important References: #1065274 Cross-References: CVE-2017-15088 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: Security issues fixed: - CVE-2017-15088: A buffer overflow in get_matching_data() was fixed that could under specific circumstances be used to execute code (bsc#1065274) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1826=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1826=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1826=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1826=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1826=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1826=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1826=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1826=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1826=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.16.1 krb5-debugsource-1.12.5-40.16.1 krb5-devel-1.12.5-40.16.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.16.1 krb5-debugsource-1.12.5-40.16.1 krb5-devel-1.12.5-40.16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): krb5-1.12.5-40.16.1 krb5-client-1.12.5-40.16.1 krb5-client-debuginfo-1.12.5-40.16.1 krb5-debuginfo-1.12.5-40.16.1 krb5-debugsource-1.12.5-40.16.1 krb5-doc-1.12.5-40.16.1 krb5-plugin-kdb-ldap-1.12.5-40.16.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.16.1 krb5-plugin-preauth-otp-1.12.5-40.16.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.16.1 krb5-plugin-preauth-pkinit-1.12.5-40.16.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.16.1 krb5-server-1.12.5-40.16.1 krb5-server-debuginfo-1.12.5-40.16.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.16.1 krb5-client-1.12.5-40.16.1 krb5-client-debuginfo-1.12.5-40.16.1 krb5-debuginfo-1.12.5-40.16.1 krb5-debugsource-1.12.5-40.16.1 krb5-doc-1.12.5-40.16.1 krb5-plugin-kdb-ldap-1.12.5-40.16.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.16.1 krb5-plugin-preauth-otp-1.12.5-40.16.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.16.1 krb5-plugin-preauth-pkinit-1.12.5-40.16.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.16.1 krb5-server-1.12.5-40.16.1 krb5-server-debuginfo-1.12.5-40.16.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): krb5-32bit-1.12.5-40.16.1 krb5-debuginfo-32bit-1.12.5-40.16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.16.1 krb5-client-1.12.5-40.16.1 krb5-client-debuginfo-1.12.5-40.16.1 krb5-debuginfo-1.12.5-40.16.1 krb5-debugsource-1.12.5-40.16.1 krb5-doc-1.12.5-40.16.1 krb5-plugin-kdb-ldap-1.12.5-40.16.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.16.1 krb5-plugin-preauth-otp-1.12.5-40.16.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.16.1 krb5-plugin-preauth-pkinit-1.12.5-40.16.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.16.1 krb5-server-1.12.5-40.16.1 krb5-server-debuginfo-1.12.5-40.16.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): krb5-32bit-1.12.5-40.16.1 krb5-debuginfo-32bit-1.12.5-40.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): krb5-1.12.5-40.16.1 krb5-32bit-1.12.5-40.16.1 krb5-client-1.12.5-40.16.1 krb5-client-debuginfo-1.12.5-40.16.1 krb5-debuginfo-1.12.5-40.16.1 krb5-debuginfo-32bit-1.12.5-40.16.1 krb5-debugsource-1.12.5-40.16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): krb5-1.12.5-40.16.1 krb5-32bit-1.12.5-40.16.1 krb5-client-1.12.5-40.16.1 krb5-client-debuginfo-1.12.5-40.16.1 krb5-debuginfo-1.12.5-40.16.1 krb5-debuginfo-32bit-1.12.5-40.16.1 krb5-debugsource-1.12.5-40.16.1 - SUSE Container as a Service Platform ALL (x86_64): krb5-1.12.5-40.16.1 krb5-debuginfo-1.12.5-40.16.1 krb5-debugsource-1.12.5-40.16.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): krb5-1.12.5-40.16.1 krb5-debuginfo-1.12.5-40.16.1 krb5-debugsource-1.12.5-40.16.1 References: https://www.suse.com/security/cve/CVE-2017-15088.html https://bugzilla.suse.com/1065274 From sle-updates at lists.suse.com Wed Nov 8 04:17:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Nov 2017 12:17:32 +0100 (CET) Subject: SUSE-SU-2017:2949-1: moderate: Security update for ImageMagick Message-ID: <20171108111732.76926FCD2@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2949-1 Rating: moderate References: #1049379 #1050135 #1052249 #1052253 #1052545 #1054924 #1055219 #1055430 #1061873 Cross-References: CVE-2016-7530 CVE-2017-11446 CVE-2017-11534 CVE-2017-12428 CVE-2017-12431 CVE-2017-12433 CVE-2017-13133 CVE-2017-13139 CVE-2017-15033 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: Security issues fixed: * CVE-2017-15033: A denial of service attack (memory leak) was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873] * CVE-2017-11446: An infinite loop in ReadPESImage was fixed. (bsc#1049379) * CVE-2017-12433: A memory leak in ReadPESImage in coders/pes.c was fixed. (bsc#1052545) * CVE-2017-12428: A memory leak in ReadWMFImage in coders/wmf.c was fixed. (bsc#1052249) * CVE-2017-12431: A use-after-free in ReadWMFImage was fixed. (bsc#1052253) * CVE-2017-11534: A memory leak in the lite_font_map() in coders/wmf.c was fixed. (bsc#1050135) * CVE-2017-13133: A memory exhaustion in load_level function in coders/xcf.c was fixed. (bsc#1055219) * CVE-2017-13139: A out-of-bounds read in the ReadOneMNGImage was fixed. (bsc#1055430) This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924]. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1828=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1828=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1828=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1828=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1828=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1828=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1828=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1828=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1828=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.12.1 ImageMagick-debuginfo-6.8.8.1-71.12.1 ImageMagick-debugsource-6.8.8.1-71.12.1 libMagick++-6_Q16-3-6.8.8.1-71.12.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.12.1 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.12.1 ImageMagick-debuginfo-6.8.8.1-71.12.1 ImageMagick-debugsource-6.8.8.1-71.12.1 libMagick++-6_Q16-3-6.8.8.1-71.12.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.12.1 ImageMagick-debuginfo-6.8.8.1-71.12.1 ImageMagick-debugsource-6.8.8.1-71.12.1 ImageMagick-devel-6.8.8.1-71.12.1 libMagick++-6_Q16-3-6.8.8.1-71.12.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.12.1 libMagick++-devel-6.8.8.1-71.12.1 perl-PerlMagick-6.8.8.1-71.12.1 perl-PerlMagick-debuginfo-6.8.8.1-71.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.12.1 ImageMagick-debuginfo-6.8.8.1-71.12.1 ImageMagick-debugsource-6.8.8.1-71.12.1 ImageMagick-devel-6.8.8.1-71.12.1 libMagick++-6_Q16-3-6.8.8.1-71.12.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.12.1 libMagick++-devel-6.8.8.1-71.12.1 perl-PerlMagick-6.8.8.1-71.12.1 perl-PerlMagick-debuginfo-6.8.8.1-71.12.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): ImageMagick-debuginfo-6.8.8.1-71.12.1 ImageMagick-debugsource-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.12.1 libMagickWand-6_Q16-1-6.8.8.1-71.12.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.12.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.12.1 ImageMagick-debugsource-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.12.1 libMagickWand-6_Q16-1-6.8.8.1-71.12.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.12.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-6.8.8.1-71.12.1 ImageMagick-debugsource-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.12.1 libMagickWand-6_Q16-1-6.8.8.1-71.12.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.12.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ImageMagick-6.8.8.1-71.12.1 ImageMagick-debuginfo-6.8.8.1-71.12.1 ImageMagick-debugsource-6.8.8.1-71.12.1 libMagick++-6_Q16-3-6.8.8.1-71.12.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.12.1 libMagickWand-6_Q16-1-6.8.8.1-71.12.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.12.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): ImageMagick-6.8.8.1-71.12.1 ImageMagick-debuginfo-6.8.8.1-71.12.1 ImageMagick-debugsource-6.8.8.1-71.12.1 libMagick++-6_Q16-3-6.8.8.1-71.12.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.12.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.12.1 libMagickWand-6_Q16-1-6.8.8.1-71.12.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.12.1 References: https://www.suse.com/security/cve/CVE-2016-7530.html https://www.suse.com/security/cve/CVE-2017-11446.html https://www.suse.com/security/cve/CVE-2017-11534.html https://www.suse.com/security/cve/CVE-2017-12428.html https://www.suse.com/security/cve/CVE-2017-12431.html https://www.suse.com/security/cve/CVE-2017-12433.html https://www.suse.com/security/cve/CVE-2017-13133.html https://www.suse.com/security/cve/CVE-2017-13139.html https://www.suse.com/security/cve/CVE-2017-15033.html https://bugzilla.suse.com/1049379 https://bugzilla.suse.com/1050135 https://bugzilla.suse.com/1052249 https://bugzilla.suse.com/1052253 https://bugzilla.suse.com/1052545 https://bugzilla.suse.com/1054924 https://bugzilla.suse.com/1055219 https://bugzilla.suse.com/1055430 https://bugzilla.suse.com/1061873 From sle-updates at lists.suse.com Wed Nov 8 04:19:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Nov 2017 12:19:27 +0100 (CET) Subject: SUSE-SU-2017:2950-1: moderate: Security update for jq Message-ID: <20171108111927.54B5EFCD6@maintenance.suse.de> SUSE Security Update: Security update for jq ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2950-1 Rating: moderate References: #1014176 #1017157 Cross-References: CVE-2016-4074 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for jq fixes the following issues: Security issues fixed: - CVE-2016-4074: The jv_dump_term function in jq allowed remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. (bsc#1014176) Non-security issues fixed: - Update tests dependencies to increase test coverage. (bsc#1017157) - Do not run tests in qemu builds, valgrind does not work reliably in such conditions. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1830=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): jq-1.5-3.5.7 jq-debuginfo-1.5-3.5.7 jq-debugsource-1.5-3.5.7 libjq1-1.5-3.5.7 libjq1-debuginfo-1.5-3.5.7 References: https://www.suse.com/security/cve/CVE-2016-4074.html https://bugzilla.suse.com/1014176 https://bugzilla.suse.com/1017157 From sle-updates at lists.suse.com Wed Nov 8 04:20:18 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Nov 2017 12:20:18 +0100 (CET) Subject: SUSE-SU-2017:2951-1: Security update for perl Message-ID: <20171108112018.C7DE5FCD2@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2951-1 Rating: low References: #1047178 Cross-References: CVE-2017-6512 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl fixes the following issues: Security issue fixed: - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes: - reformat baselibs.conf as source validator workaround Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-perl-13339=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-perl-13339=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perl-13339=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): perl-base-32bit-5.10.0-64.81.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-5.10.0-64.81.3.1 perl-Module-Build-0.2808.01-0.81.3.1 perl-Test-Simple-0.72-0.81.3.1 perl-base-5.10.0-64.81.3.1 perl-doc-5.10.0-64.81.3.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): perl-32bit-5.10.0-64.81.3.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): perl-x86-5.10.0-64.81.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): perl-debuginfo-5.10.0-64.81.3.1 perl-debugsource-5.10.0-64.81.3.1 References: https://www.suse.com/security/cve/CVE-2017-6512.html https://bugzilla.suse.com/1047178 From sle-updates at lists.suse.com Wed Nov 8 04:21:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Nov 2017 12:21:02 +0100 (CET) Subject: SUSE-SU-2017:2952-1: moderate: Security update for poppler Message-ID: <20171108112102.02973FCD2@maintenance.suse.de> SUSE Security Update: Security update for poppler ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2952-1 Rating: moderate References: #1059066 #1059101 #1059155 #1061265 Cross-References: CVE-2017-14517 CVE-2017-14518 CVE-2017-14520 CVE-2017-14977 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for poppler fixes the following issues: This security issue was fixed: - CVE-2017-14517: Prevent NULL Pointer dereference in the XRef::parseEntry() function via a crafted PDF document (bsc#1059066). - CVE-2017-14518: Remedy a floating point exception in isImageInterpolationRequired() that could have been exploited using a specially crafted PDF document. (bsc#1059101) - CVE-2017-14520: Remedy a floating point exception in Splash::scaleImageYuXd() that could have been exploited using a specially crafted PDF document. (bsc#1059155) - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (bsc#1061265) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1831=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1831=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1831=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1831=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libpoppler44-0.24.4-14.13.1 libpoppler44-debuginfo-0.24.4-14.13.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libpoppler44-0.24.4-14.13.1 libpoppler44-debuginfo-0.24.4-14.13.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libpoppler44-0.24.4-14.13.1 libpoppler44-debuginfo-0.24.4-14.13.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libpoppler44-0.24.4-14.13.1 libpoppler44-debuginfo-0.24.4-14.13.1 References: https://www.suse.com/security/cve/CVE-2017-14517.html https://www.suse.com/security/cve/CVE-2017-14518.html https://www.suse.com/security/cve/CVE-2017-14520.html https://www.suse.com/security/cve/CVE-2017-14977.html https://bugzilla.suse.com/1059066 https://bugzilla.suse.com/1059101 https://bugzilla.suse.com/1059155 https://bugzilla.suse.com/1061265 From sle-updates at lists.suse.com Wed Nov 8 07:08:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Nov 2017 15:08:14 +0100 (CET) Subject: SUSE-RU-2017:2954-1: moderate: Recommended update for drbd Message-ID: <20171108140814.DDCA2FCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2954-1 Rating: moderate References: #1005578 #1006176 #1025089 #1025585 #1037109 #983633 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP2 SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update provides DRBD 9.0.6, which brings the following fixes: - Fix resync finished with bits set (bsc#1025089) - Fix drbdmeta propagation of full bitmaps (bsc#1037109) - Fixed error handling in del_path - Fix multiple issues with concurrent two-phase-commits - Reorganize data structures of receiver for efficiency - Allow multiple updates per AL-transaction on a secondary - No longer allocate bitmap-slots on diskfull nodes for diskless node - Fix bugs in the try_become_up_to_date() logic - Fix two phase-commits when the nodes form a circular structure - Fix the resync after online grow - Fix two-phase-commits when the nodes build a loop - A number of fixes to speed up establishing of connections - Create a new current UUID when the peer's disk breaks - Restored the new-current-uuid --clear-bitmap functionality - Empty flush requests no longer trigger a bogus "IO ERROR" log entry. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP2: zypper in -t patch SUSE-SLE-RT-12-SP2-2017-1832=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1832=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 12-SP2 (x86_64): drbd-kmp-rt-9.0.6+git.08cda19_k4.4.74_7.10-10.3.1 drbd-kmp-rt-debuginfo-9.0.6+git.08cda19_k4.4.74_7.10-10.3.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): drbd-9.0.6+git.08cda19-10.5.12 drbd-debugsource-9.0.6+git.08cda19-10.5.12 drbd-kmp-default-9.0.6+git.08cda19_k4.4.90_92.45-10.5.12 drbd-kmp-default-debuginfo-9.0.6+git.08cda19_k4.4.90_92.45-10.5.12 References: https://bugzilla.suse.com/1005578 https://bugzilla.suse.com/1006176 https://bugzilla.suse.com/1025089 https://bugzilla.suse.com/1025585 https://bugzilla.suse.com/1037109 https://bugzilla.suse.com/983633 From sle-updates at lists.suse.com Wed Nov 8 13:08:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Nov 2017 21:08:44 +0100 (CET) Subject: SUSE-SU-2017:2956-1: important: Security update for the Linux Kernel Message-ID: <20171108200844.BCDA4FCD7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2956-1 Rating: important References: #1005917 #1006180 #1011913 #1012382 #1012829 #1013887 #1018419 #1019151 #1020645 #1020657 #1020685 #1021424 #1022476 #1022743 #1023175 #1024405 #1028173 #1028286 #1028819 #1029693 #1030552 #1030850 #1031515 #1031717 #1031784 #1033587 #1034048 #1034075 #1034762 #1036303 #1036632 #1037344 #1037404 #1037994 #1038078 #1038583 #1038616 #1038792 #1038846 #1038847 #1039354 #1039915 #1040307 #1040351 #1041958 #1042286 #1042314 #1042422 #1042778 #1043652 #1044112 #1044636 #1045154 #1045563 #1045922 #1046682 #1046821 #1046985 #1047027 #1047048 #1047096 #1047118 #1047121 #1047152 #1047277 #1047343 #1047354 #1047487 #1047651 #1047653 #1047670 #1048155 #1048221 #1048317 #1048891 #1048893 #1048914 #1048934 #1049226 #1049483 #1049486 #1049580 #1049603 #1049645 #1049882 #1050061 #1050188 #1051022 #1051059 #1051239 #1051399 #1051478 #1051479 #1051556 #1051663 #1051790 #1052049 #1052223 #1052311 #1052365 #1052533 #1052580 #1052709 #1052773 #1052794 #1052888 #1053117 #1053802 #1053915 #1054084 #1055013 #1055096 #1055359 #1056261 #1056588 #1056827 #1056982 #1057015 #1057389 #1058038 #1058116 #1058507 #963619 #964063 #964944 #971975 #974215 #981309 #988784 #993890 Cross-References: CVE-2017-1000111 CVE-2017-1000112 CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000365 CVE-2017-10810 CVE-2017-11472 CVE-2017-11473 CVE-2017-12134 CVE-2017-12154 CVE-2017-14051 CVE-2017-14106 CVE-2017-7518 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 CVE-2017-8831 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP2 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 113 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 RT kernel was updated to 4.4.88 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation (bnc#1039354) - CVE-2017-1000112: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bnc#1052311) - CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in remote code execution in kernel space (bnc#1057389) - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588) - CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994) - CVE-2017-1000252: Wrong gsi values via KVM_IRQFD allowed unprivileged users using KVM to cause DoS on Intel systems (bsc#1058038). - CVE-2017-1000111: Prevent in packet_set_ring on PACKET_RESERVE (bsc#1052365). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). - CVE-2017-11472: The acpi_ns_terminate() function did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table (bnc#1049580). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-12134: The xen_biovec_phys_mergeable function might have allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790). - CVE-2017-12154: L2 guest could have accessed hardware(L0) CR8 register and crashed the host system (bsc#1058507). - CVE-2017-14106: The tcp_disconnect function allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-7518: Faulty debug exception via syscall emulation allowed non-linux guests to escalate their privileges in the guest (bsc#1045922). - CVE-2017-7533: Race condition in the fsnotify implementation allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bsc#1049483). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bsc#1049645). - CVE-2017-7542: The ip6_find_1stfragopt function allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882). The following non-security bugs were fixed: - ACPI / processor: Avoid reserving IO regions too early (bsc#1051478). - ACPI / scan: Prefer devices without _HID for _ADR matching. - ALSA: fm801: Initialize chip after IRQ handler is registered (bsc#1031717). - ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657). - ALSA: hda - Fix endless loop of codec configure (bsc#1031717). - ALSA: hda - Implement mic-mute LED mode enum (bsc#1055013). - ALSA: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717). - ALSA: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405). - ALSA: ice1712: Add support for STAudio ADCIII (bsc#1048934). - ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580). - Add "shutdown" to "struct class" (bsc#1053117). - Bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784). - Bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784). - Bluetooth: hidp: fix possible might sleep error in hidp_session_thread (bsc#1031784). - Drivers: hv: Fix the bug in generating the guest ID. - Drivers: hv: util: Fix a typo. - Drivers: hv: vmbus: Get the current time from the current clocksource (bnc#1044112, bnc#1042778, bnc#1029693). - Drivers: hv: vmbus: Move the code to signal end of message. - Drivers: hv: vmbus: Move the definition of generate_guest_id(). - Drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents. - Drivers: hv: vmbus: Restructure the clockevents code. - Fix kABI breakage by KVM CVE fix (bsc#1045922). - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151). - Input: gpio-keys - fix check for disabling unsupported keys (bsc#1031717). - KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478). - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478). - KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478). - MD: fix sleep in atomic (bsc#1040351). - More Git-commit header fixups No functional change intended. - NFS: Cache aggressively when file is open for writing (bsc#1033587). - NFS: Do not flush caches for a getattr that races with writeback (bsc#1033587). - NFS: flush data when locking a file to ensure cache coherence for mmap (bsc#981309). - NFS: invalidate file size when taking a lock (git-fixes). - NFS: only invalidate dentrys that are clearly invalid (bsc#1047118). - PCI / PM: Fix native PME handling during system suspend/resume (bsc#1051478). - PCI: Add Mellanox device IDs (bsc#1051478). - PCI: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478). - PCI: Correct PCI_STD_RESOURCE_END usage (bsc#1051478). - PCI: Enable ECRC only if device supports it (bsc#1051478). - PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478). - PCI: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478). - PCI: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478). - PM / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059). - Revert "/proc/iomem: only expose physical resource addresses to privileged users" (kabi). - Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" (bsc#1031717). - Revert "Add "shutdown" to "struct class"." (kabi). - Revert "KVM: x86: fix emulation of RSM and IRET instructions" (kabi). - Revert "Make file credentials available to the seqfile interfaces" (kabi). - Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi). - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" (bsc#1048914). - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi). - USB: core: fix device node leak (bsc#1047487). - Update kabi files: sync with 4.4.74 updates - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - b43: Add missing MODULE_FIRMWARE() (bsc#1037344). - bcache: force trigger gc (bsc#1038078). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307). - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061) - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478). - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478). - blacklist.conf: add inapplicable commits for wifi (bsc#1031717) - blacklist.conf: add unapplicable drm fixes (bsc#1031717). - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717). - blkfront: add uevent for size change (bnc#1036632). - block: Allow bdi re-registration (bsc#1040307). - block: Fix front merge check (bsc#1051239). - block: Make del_gendisk() safer for disks without queues (bsc#1040307). - block: Move bdi_unregister() to del_gendisk() (bsc#1040307). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - bnxt: add a missing rcu synchronization (bnc#1038583). - bnxt: do not busy-poll when link is down (bnc#1038583). - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583). - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583). - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583). - bnxt_en: Fix VF virtual link state (bnc#1038583). - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583). - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583). - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583). - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583). - bnxt_en: Refactor TPA code path (bnc#1038583). - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583). - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583). - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717). - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286). - btrfs: fix early ENOSPC due to delalloc (bsc#1049226). - btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682). - btrfs: incremental send, fix invalid path for link commands (bsc#1051479). - btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479). - btrfs: resume qgroup rescan on rw remount (bsc#1047152). - btrfs: send, fix invalid path after renaming and linking file (bsc#1051479). - ceph: fix readpage from fscache (bsc#1057015). - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476). - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154). - cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743). - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes). - dentry name snapshots (bsc#1049483). - dm: fix second blk_delay_queue() parameter to be in msec units not (bsc#1047670). - drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (bnc#1044112). - drivers: net: xgene: Fix wrong logical operation (bsc#1056827). - drm/amdgpu: Fix overflow of watermark calcs at greater than 4k resolutions (bsc#1031717). - drm/bochs: Implement nomodeset (bsc#1047096). - drm/i915/fbdev: Stop repeating tile configuration on stagnation (bsc#1031717). - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717). - drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821). - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277). - drm/vmwgfx: Fix large topology crash (bsc#1048155). - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155). - drm/vmwgfx: Support topology greater than texture size (bsc#1048155). - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486). - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829). - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180). - fuse: initialize the flock flag in fuse_file on allocation (git-fixes). - gcov: add support for gcc version greater than 6 (bsc#1051663). - gcov: support GCC 7.1 (bsc#1051663). - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829). - gfs2: fix flock panic issue (bsc#1012829). - hrtimer: Catch invalid clockids again (bsc#1047651). - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651). - hv_util: switch to using timespec64. - hv_utils: drop .getcrosststamp() support from PTP driver (bnc#1044112, bnc#1042778, bnc#1029693). - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (bnc#1044112, bnc#1042778, bnc#1029693). - i2c: designware-baytrail: fix potential null pointer dereference on dev (bsc#1011913). - i40e: Removal of workaround for simple MAC address filter deletion (bsc#1039915). - i40e: When searching all MAC/VLAN filters, ignore removed filters (bsc#1039915). - i40e: add VSI info to macaddr messages (bsc#1039915). - i40e: add hw struct local variable (bsc#1039915). - i40e: add private flag to control source pruning (bsc#1034075). - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915). - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915). - i40e: delete filter after adding its replacement when converting (bsc#1039915). - i40e: do not add broadcast filter for VFs (bsc#1039915). - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID lower than 1 (bsc#1039915). - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter (bsc#1039915). - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter (bsc#1039915). - i40e: factor out addition/deletion of VLAN per each MAC address (bsc#1039915). - i40e: fix MAC filters when removing VLANs (bsc#1039915). - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (bsc#1039915). - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915). - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915). - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters (bsc#1039915). - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (bsc#1039915). - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters (bsc#1039915). - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915). - i40e: refactor Rx filter handling (bsc#1039915). - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan (bsc#1039915). - i40e: refactor i40e_update_filter_state to avoid passing aq_err (bsc#1039915). - i40e: remove code to handle dev_addr specially (bsc#1039915). - i40e: remove duplicate add/delete adminq command code for filters (bsc#1039915). - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid (bsc#1039915). - i40e: removed unreachable code (bsc#1039915). - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: restore workaround for removing default MAC filter (bsc#1039915). - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915). - i40e: store MAC/VLAN filters in a hash with the MAC Address as key (bsc#1039915). - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID (bsc#1039915). - i40e: when adding or removing MAC filters, correctly handle VLANs (bsc#1039915). - i40e: write HENA for VFs (bsc#1039915). - ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709). - ibmvnic: Clean up resources on probe failure (bsc#1058116). - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223). - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794). - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value (bsc#1031717). - introduce the walk_process_tree() helper (bnc#1022476). - iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533). - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (bsc#1041958). - ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (bsc#1041958). - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717). - iwlwifi: mvm: compare full command ID. - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717). - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717). - iwlwifi: mvm: synchronize firmware DMA paging memory. - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717). - iwlwifi: mvm: unmap the paging memory before freeing it. - iwlwifi: pcie: fix command completion name debug (bsc#1031717). - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly version in panic path" (bsc#1051478). - kernel/*: switch to memdup_user_nul() (bsc#1048893). - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478). - lib: test_rhashtable: Fix KASAN warning (bsc#1055359). - lib: test_rhashtable: fix for large entry counts (bsc#1055359). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175). - libnvdimm: fix badblock range handling of ARS range (bsc#1023175). - lightnvm: nvme reset_controller is not working after adapter's firmware upgrade (bsc#988784). - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning. - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651). - md/raid5: fix a race condition in stripe batch (linux-stable). - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes). - mm-adaptive-hash-table-scaling-v5 (bnc#1036303). - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes). - mm: adaptive hash table scaling (bnc#1036303). - mm: call page_ext_init() after all struct pages are initialized (VM Debugging Functionality, bsc#1047048). - mm: drop HASH_ADAPT (bnc#1036303). - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality, bsc#1042314). - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891). - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850). - mwifiex: do not update MCS set from hostapd (bsc#1031717). - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes). - net: account for current skb length when deciding about UFO (bsc#1041958). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() (bsc#1042286). - net: phy: Do not perform software reset for Generic PHY (bsc#1042286). - netfilter: fix IS_ERR_VALUE usage (bsc#1052888). - netfilter: x_tables: pack percpu counter allocations (bsc#1052888). - netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888). - netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888). - new helper: memdup_user_nul() (bsc#1048893). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: Make ocfs2_set_acl() static (bsc#1030552). - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829). - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes() (bsc#1056827). - ovl: fix dentry leak for default_permissions (bsc#1054084). - percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096). - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096). - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096). - percpu_ref: restructure operation mode switching (bsc#1055096). - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096). - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478). - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478). - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478). - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022). - prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476). - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063). - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261). - s390: export symbols for crash-kmp (bsc#1053915). - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476). - sched/debug: Print the scheduler topology group mask (bnc#1022476). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476). - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476). - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476). - sched/topology: Add sched_group_capacity debugging (bnc#1022476). - sched/topology: Fix building of overlapping sched-groups (bnc#1022476). - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476). - sched/topology: Move comment about asymmetric node setups (bnc#1022476). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476). - sched/topology: Small cleanup (bnc#1022476). - sched/topology: Verify the first group matches the child domain (bnc#1022476). - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887). - scsi: storvsc: Workaround for virtual DVD SCSI version (bnc#1044636). - scsi_devinfo: fixup string compare (bsc#1037404). - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - sysctl: do not print negative flag for proc_douintvec (bnc#1046985). - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893). - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893). - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893). - sysctl: simplify unsigned int support (bsc#1048893). - timers: Plug locking race vs. timer migration (bnc#1022476). - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117). - tpm: KABI fix (bsc#1053117). - tpm: fix: return rc when devm_add_action() fails (bsc#1020645, bsc#1034048). - tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, bsc#1034048). - tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, bsc#1034048). - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, bsc#1034048). - tty: serial: msm: Support more bauds (git-fixes). - ubifs: Correctly evict xattr inodes (bsc#1012829). - ubifs: Do not leak kernel memory to the MTD (bsc#1012829). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829). - udf: Fix races with i_size changes during readpage (bsc#1012829). - vfs: fix missing inode_get_dev sites (bsc#1052049). - x86/LDT: Print the real LDT base address (bsc#1051478). - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399). - x86/mce: Make timer handling more robust (bsc#1042422). - x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478). - xen-netfront: Rework the fix for Rx stall during OOM and network stress (git-fixes). - xen/balloon: do not online new memory initially (bnc#1028173). - xen/pvh*: Support greater than 32 VCPUs at domain restore (bnc#1045563). - xen: allocate page for shared info page from low memory (bnc#1038616). - xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188). - xfs: fix inobt inode allocation search optimization (bsc#1012829). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP2: zypper in -t patch SUSE-SLE-RT-12-SP2-2017-1833=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 12-SP2 (x86_64): cluster-md-kmp-rt-4.4.88-18.1 cluster-md-kmp-rt-debuginfo-4.4.88-18.1 cluster-network-kmp-rt-4.4.88-18.1 cluster-network-kmp-rt-debuginfo-4.4.88-18.1 dlm-kmp-rt-4.4.88-18.1 dlm-kmp-rt-debuginfo-4.4.88-18.1 gfs2-kmp-rt-4.4.88-18.1 gfs2-kmp-rt-debuginfo-4.4.88-18.1 kernel-rt-4.4.88-18.1 kernel-rt-base-4.4.88-18.1 kernel-rt-base-debuginfo-4.4.88-18.1 kernel-rt-debuginfo-4.4.88-18.1 kernel-rt-debugsource-4.4.88-18.1 kernel-rt-devel-4.4.88-18.1 kernel-rt_debug-debuginfo-4.4.88-18.1 kernel-rt_debug-debugsource-4.4.88-18.1 kernel-rt_debug-devel-4.4.88-18.1 kernel-rt_debug-devel-debuginfo-4.4.88-18.1 kernel-syms-rt-4.4.88-18.1 ocfs2-kmp-rt-4.4.88-18.1 ocfs2-kmp-rt-debuginfo-4.4.88-18.1 - SUSE Linux Enterprise Real Time Extension 12-SP2 (noarch): kernel-devel-rt-4.4.88-18.1 kernel-source-rt-4.4.88-18.1 References: https://www.suse.com/security/cve/CVE-2017-1000111.html https://www.suse.com/security/cve/CVE-2017-1000112.html https://www.suse.com/security/cve/CVE-2017-1000251.html https://www.suse.com/security/cve/CVE-2017-1000252.html https://www.suse.com/security/cve/CVE-2017-1000365.html https://www.suse.com/security/cve/CVE-2017-10810.html https://www.suse.com/security/cve/CVE-2017-11472.html https://www.suse.com/security/cve/CVE-2017-11473.html https://www.suse.com/security/cve/CVE-2017-12134.html https://www.suse.com/security/cve/CVE-2017-12154.html https://www.suse.com/security/cve/CVE-2017-14051.html https://www.suse.com/security/cve/CVE-2017-14106.html https://www.suse.com/security/cve/CVE-2017-7518.html https://www.suse.com/security/cve/CVE-2017-7533.html https://www.suse.com/security/cve/CVE-2017-7541.html https://www.suse.com/security/cve/CVE-2017-7542.html https://www.suse.com/security/cve/CVE-2017-8831.html https://bugzilla.suse.com/1005917 https://bugzilla.suse.com/1006180 https://bugzilla.suse.com/1011913 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1012829 https://bugzilla.suse.com/1013887 https://bugzilla.suse.com/1018419 https://bugzilla.suse.com/1019151 https://bugzilla.suse.com/1020645 https://bugzilla.suse.com/1020657 https://bugzilla.suse.com/1020685 https://bugzilla.suse.com/1021424 https://bugzilla.suse.com/1022476 https://bugzilla.suse.com/1022743 https://bugzilla.suse.com/1023175 https://bugzilla.suse.com/1024405 https://bugzilla.suse.com/1028173 https://bugzilla.suse.com/1028286 https://bugzilla.suse.com/1028819 https://bugzilla.suse.com/1029693 https://bugzilla.suse.com/1030552 https://bugzilla.suse.com/1030850 https://bugzilla.suse.com/1031515 https://bugzilla.suse.com/1031717 https://bugzilla.suse.com/1031784 https://bugzilla.suse.com/1033587 https://bugzilla.suse.com/1034048 https://bugzilla.suse.com/1034075 https://bugzilla.suse.com/1034762 https://bugzilla.suse.com/1036303 https://bugzilla.suse.com/1036632 https://bugzilla.suse.com/1037344 https://bugzilla.suse.com/1037404 https://bugzilla.suse.com/1037994 https://bugzilla.suse.com/1038078 https://bugzilla.suse.com/1038583 https://bugzilla.suse.com/1038616 https://bugzilla.suse.com/1038792 https://bugzilla.suse.com/1038846 https://bugzilla.suse.com/1038847 https://bugzilla.suse.com/1039354 https://bugzilla.suse.com/1039915 https://bugzilla.suse.com/1040307 https://bugzilla.suse.com/1040351 https://bugzilla.suse.com/1041958 https://bugzilla.suse.com/1042286 https://bugzilla.suse.com/1042314 https://bugzilla.suse.com/1042422 https://bugzilla.suse.com/1042778 https://bugzilla.suse.com/1043652 https://bugzilla.suse.com/1044112 https://bugzilla.suse.com/1044636 https://bugzilla.suse.com/1045154 https://bugzilla.suse.com/1045563 https://bugzilla.suse.com/1045922 https://bugzilla.suse.com/1046682 https://bugzilla.suse.com/1046821 https://bugzilla.suse.com/1046985 https://bugzilla.suse.com/1047027 https://bugzilla.suse.com/1047048 https://bugzilla.suse.com/1047096 https://bugzilla.suse.com/1047118 https://bugzilla.suse.com/1047121 https://bugzilla.suse.com/1047152 https://bugzilla.suse.com/1047277 https://bugzilla.suse.com/1047343 https://bugzilla.suse.com/1047354 https://bugzilla.suse.com/1047487 https://bugzilla.suse.com/1047651 https://bugzilla.suse.com/1047653 https://bugzilla.suse.com/1047670 https://bugzilla.suse.com/1048155 https://bugzilla.suse.com/1048221 https://bugzilla.suse.com/1048317 https://bugzilla.suse.com/1048891 https://bugzilla.suse.com/1048893 https://bugzilla.suse.com/1048914 https://bugzilla.suse.com/1048934 https://bugzilla.suse.com/1049226 https://bugzilla.suse.com/1049483 https://bugzilla.suse.com/1049486 https://bugzilla.suse.com/1049580 https://bugzilla.suse.com/1049603 https://bugzilla.suse.com/1049645 https://bugzilla.suse.com/1049882 https://bugzilla.suse.com/1050061 https://bugzilla.suse.com/1050188 https://bugzilla.suse.com/1051022 https://bugzilla.suse.com/1051059 https://bugzilla.suse.com/1051239 https://bugzilla.suse.com/1051399 https://bugzilla.suse.com/1051478 https://bugzilla.suse.com/1051479 https://bugzilla.suse.com/1051556 https://bugzilla.suse.com/1051663 https://bugzilla.suse.com/1051790 https://bugzilla.suse.com/1052049 https://bugzilla.suse.com/1052223 https://bugzilla.suse.com/1052311 https://bugzilla.suse.com/1052365 https://bugzilla.suse.com/1052533 https://bugzilla.suse.com/1052580 https://bugzilla.suse.com/1052709 https://bugzilla.suse.com/1052773 https://bugzilla.suse.com/1052794 https://bugzilla.suse.com/1052888 https://bugzilla.suse.com/1053117 https://bugzilla.suse.com/1053802 https://bugzilla.suse.com/1053915 https://bugzilla.suse.com/1054084 https://bugzilla.suse.com/1055013 https://bugzilla.suse.com/1055096 https://bugzilla.suse.com/1055359 https://bugzilla.suse.com/1056261 https://bugzilla.suse.com/1056588 https://bugzilla.suse.com/1056827 https://bugzilla.suse.com/1056982 https://bugzilla.suse.com/1057015 https://bugzilla.suse.com/1057389 https://bugzilla.suse.com/1058038 https://bugzilla.suse.com/1058116 https://bugzilla.suse.com/1058507 https://bugzilla.suse.com/963619 https://bugzilla.suse.com/964063 https://bugzilla.suse.com/964944 https://bugzilla.suse.com/971975 https://bugzilla.suse.com/974215 https://bugzilla.suse.com/981309 https://bugzilla.suse.com/988784 https://bugzilla.suse.com/993890 From sle-updates at lists.suse.com Wed Nov 8 16:08:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Nov 2017 00:08:57 +0100 (CET) Subject: SUSE-RU-2017:2957-1: important: Recommended update for SuSEfirewall2 Message-ID: <20171108230857.48431FCDD@maintenance.suse.de> SUSE Recommended Update: Recommended update for SuSEfirewall2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2957-1 Rating: important References: #1067057 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SuSEfirewall2 fixes the following issues: - Fixed a regression that was introduced by the previous security update. The regression caused some rpcinfo related configurations of SuSEfirewall2 to fail. For example the setting FW_CONFIGURATIONS_EXT="nfs-kernel-server" no longer correctly opened up the necessary ports for the nfs server, consequently making NFS unavailable (bsc#1067057). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1834=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1834=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1834=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): SuSEfirewall2-3.6.312-2.16.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): SuSEfirewall2-3.6.312-2.16.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): SuSEfirewall2-3.6.312-2.16.1 References: https://bugzilla.suse.com/1067057 From sle-updates at lists.suse.com Thu Nov 9 01:08:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Nov 2017 09:08:21 +0100 (CET) Subject: SUSE-RU-2017:2958-1: important: Recommended update for SuSEfirewall2 Message-ID: <20171109080821.793FAFCDD@maintenance.suse.de> SUSE Recommended Update: Recommended update for SuSEfirewall2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2958-1 Rating: important References: #1067057 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SuSEfirewall2 fixes the following issues: - Fixed a regression that was introduced by the previous security update. The regression caused some rpcinfo related configurations of SuSEfirewall2 to fail. For example the setting FW_CONFIGURATIONS_EXT="nfs-kernel-server" no longer correctly opened up the necessary ports for the nfs server, consequently making NFS unavailable (bsc#1067057). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-SuSEfirewall2-13340=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): SuSEfirewall2-3.6_SVNr208-2.18.6.1 References: https://bugzilla.suse.com/1067057 From sle-updates at lists.suse.com Fri Nov 10 01:05:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 09:05:07 +0100 (CET) Subject: SUSE-RU-2017:2962-1: moderate: Recommended update for pdsh Message-ID: <20171110080507.A3194FCD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for pdsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2962-1 Rating: moderate References: #1066731 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pdsh fixes the following issues: pdsh was update to version 2.33 for SLE-12 (HPC) (FATE#324169 bsc#1066731). * Always pass RTLD_GLOBAL to dlopen(3) of modules. Fixes missing symbol errors from modules using libraries that also use dlopen() (e.g. nodeupdown, slurm) * Switch to dlopen(3)/dlsym(3) instead of using libltdl * Drop qshell, mqshell, rmsquery, nodeattr and sdr modules. * Fix issue 70: dshbak: handle hostname of "0" * Allow PDSH_CONNECT_TIMEOUT and PDSH_COMMAND_TIMEOUT environment variables (Erik Jacobson) * Fix some old URLs in documentation (Al Chu) * Avoid exporting POSIXLY_CORRECT to child processes (Dorian Krause) * Fix mcmd start offset bug in max bytes calculation (Egbert Eich) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1837=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): pdsh-2.33-7.3.1 pdsh-debuginfo-2.33-7.3.1 pdsh-debugsource-2.33-7.3.1 References: https://bugzilla.suse.com/1066731 From sle-updates at lists.suse.com Fri Nov 10 01:05:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 09:05:34 +0100 (CET) Subject: SUSE-SU-2017:2963-1: important: Security update for kvm Message-ID: <20171110080534.DECC3FCD6@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2963-1 Rating: important References: #1020427 #1021741 #1025109 #1028184 #1028656 #1030624 #1031051 #1034044 #1034866 #1034908 #1035406 #1035950 #1037242 #1038396 #1039495 #1042159 #1042800 #1042801 #1043296 #1045035 #1046636 #1047674 #1048902 #1049381 #1049785 #1056334 #1057585 #1062069 #1063122 Cross-References: CVE-2016-9602 CVE-2016-9603 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15289 CVE-2017-5579 CVE-2017-5973 CVE-2017-6505 CVE-2017-7471 CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8309 CVE-2017-9330 CVE-2017-9373 CVE-2017-9375 CVE-2017-9503 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that solves 23 vulnerabilities and has 6 fixes is now available. Description: This update for kvm fixes several issues. These security issues were fixed: - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427) - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656) - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636) - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674). - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334). - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585). - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122). - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741) - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109) - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184) - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866) - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908) - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406) - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159) - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801) - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800) - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296) - Privilege escalation in TCG mode (bsc#1030624) These non-security issues were fixed: - bsc#1038396: Fixed 12 tempest tests - bsc#1045035: Fixed regression introduced by previous virtfs security fixes - bsc#1034044: Prevent KVM guests stuck when waiting for sg_io() completion - bsc#1031051: Prevent I/O errors when using pvmove with disk device=lun - bsc#1049785: Make virsh dump output readable by crash Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-13342=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-60.3.1 References: https://www.suse.com/security/cve/CVE-2016-9602.html https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-10664.html https://www.suse.com/security/cve/CVE-2017-10806.html https://www.suse.com/security/cve/CVE-2017-11334.html https://www.suse.com/security/cve/CVE-2017-11434.html https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2017-14167.html https://www.suse.com/security/cve/CVE-2017-15038.html https://www.suse.com/security/cve/CVE-2017-15289.html https://www.suse.com/security/cve/CVE-2017-5579.html https://www.suse.com/security/cve/CVE-2017-5973.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7471.html https://www.suse.com/security/cve/CVE-2017-7493.html https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://www.suse.com/security/cve/CVE-2017-8086.html https://www.suse.com/security/cve/CVE-2017-8309.html https://www.suse.com/security/cve/CVE-2017-9330.html https://www.suse.com/security/cve/CVE-2017-9373.html https://www.suse.com/security/cve/CVE-2017-9375.html https://www.suse.com/security/cve/CVE-2017-9503.html https://bugzilla.suse.com/1020427 https://bugzilla.suse.com/1021741 https://bugzilla.suse.com/1025109 https://bugzilla.suse.com/1028184 https://bugzilla.suse.com/1028656 https://bugzilla.suse.com/1030624 https://bugzilla.suse.com/1031051 https://bugzilla.suse.com/1034044 https://bugzilla.suse.com/1034866 https://bugzilla.suse.com/1034908 https://bugzilla.suse.com/1035406 https://bugzilla.suse.com/1035950 https://bugzilla.suse.com/1037242 https://bugzilla.suse.com/1038396 https://bugzilla.suse.com/1039495 https://bugzilla.suse.com/1042159 https://bugzilla.suse.com/1042800 https://bugzilla.suse.com/1042801 https://bugzilla.suse.com/1043296 https://bugzilla.suse.com/1045035 https://bugzilla.suse.com/1046636 https://bugzilla.suse.com/1047674 https://bugzilla.suse.com/1048902 https://bugzilla.suse.com/1049381 https://bugzilla.suse.com/1049785 https://bugzilla.suse.com/1056334 https://bugzilla.suse.com/1057585 https://bugzilla.suse.com/1062069 https://bugzilla.suse.com/1063122 From sle-updates at lists.suse.com Fri Nov 10 01:10:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 09:10:07 +0100 (CET) Subject: SUSE-SU-2017:2964-1: moderate: Security update for SUSE Manager Server 3.0 Message-ID: <20171110081007.17BB0FCD7@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 3.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2964-1 Rating: moderate References: #1019097 #1021432 #1032065 #1032122 #1038862 #1040420 #1041489 #1042265 #1043880 #1044719 #1045152 #1048294 #1048295 #1049139 #1053038 #1054044 #1054902 #1055292 #1055467 #1056358 #1056678 #1057126 #1057599 #1059201 #1059319 #1059388 #1059524 #1059568 #1061548 #1061574 #1061576 #1062094 #1062476 #1063590 #1065085 #729910 #971785 #971916 #989991 Cross-References: CVE-2017-7514 Affected Products: SUSE Manager Server 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has 38 fixes is now available. Description: This update fixes the following issues: nutch: - Log Hadoop into proper log dir (bsc#1061574): change-default-log-location.patch salt-netapi-client: See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.13.0 spacecmd: - Configchannel export binary flag to json (bsc#1044719) spacewalk: - Support postgresql 9.6 (bsc#1045152) spacewalk-backend: - Add hostname to duplicate machine_id email (bsc#1055292) - Fix link to manual and described procedure - Fix SP migration for traditional clients which were registered by a currently disabled user (bsc#1057126) spacewalk-branding: - Disallow entering multiple identical mirror credentials (bsc#971785) - Fix ISE error with invalid custom key id (bsc#1048294) spacewalk-certs-tools: - Do not use registration keys from last autoinstallation (bsc#1057599) spacewalk-java: - Disallow entering multiple identical mirror credentials (bsc#971785) - Fix ISE error with invalid custom key id (bsc#1048294) - Skip the server if no channel can be guessed (bsc#1040420) - Keep the GPG Check value if validation fails (bsc#1061548) - Make systems in system group list selectable by the group admins (bsc#1021432) - Hide non-relevant typed systems in SystemCurrency (bsc#1019097) - Exclude salt systems from the list of target systems for traditional configuration stack installation - Start registration for accepted minions only on the minion start event, not automatically on any event (bsc#1054044) - Extract proxy version from named installed product (bsc#1055467) - Install update stack erratas as a package list (bsc#1049139) - Schedule one action for all selected patches on RHEL (bsc#1038862) - Improve duplicate hostname and transaction handling in minion registration - Display GUI message after successfully deleting custom key (bsc#1048295) - Harmonize presentation of patch information (bsc#1032065) - Fix links on schedule pages (bsc#1059201) - Fix duplicate machine id in event history on minion restart (bsc#1059388) - Show link in message when rescheduling actions (bsc#1032122) - Prevent ISE when distribution does not exist (bsc#1059524) - Do not store registration-keys during autoinstallation (bsc#1057599) - Fix cloning Kickstart Profiles with Custom Options (bsc#1061576) - Checkin the foreign host if a s390 minion finished a job (bsc#971916) - Increase max length of hardware address to 32 bytes (bsc#989991) - Adapt Salt runner and wheel calls to the new error handling introduced in salt-netapi-client-0.12.0 - Change log level and event history for duplicate machine id (bsc#1041489) - Trim spaces around the target expression in the Salt remote command page (bsc#1056678) - Fix a ConstraintViolationException when refreshing hardware with changed network interfaces or IP addresses - Check entitlement usage based on grains when onboarding a minion (bsc#1043880) - Escape failure-text of failed-actions (CVE-2017-7514, bsc#1042265) - Fix minor UI issues on overview page (bsc#1063590) spacewalk-reports: - Add machine_id and minion_id to system-profiles and inventory report (bsc#1054902) spacewalk-web: - Disallow entering multiple identical mirror credentials (bsc#971785) supportutils-plugin-susemanager: - Use correct function validate_rpm for supportconfig (bsc#1062094) susemanager: - Add 'yum-plugin-security' package to RES6 bootstrap rep (bsc#1059319) - Ensure postgres db template uses unicode (bsc#1062476) susemanager-docs_en: - Update text and image files. - Fix some version strings (bsc#1065085) release-notes-susemanager: - Enable SUSE Linux Enterprise 12 SP3 as base OS susemanager-schema: - Re-create unique index on minion_id (bsc#1059568, bsc#1056358) - Increase max length of hardware address to 32 bytes (bsc#989991) susemanager-sls: - Targeting patches instead of packages for non Zypper patch installation (bsc#1038862) - Support xccdf 1.2 namespace in openscap result file (bsc#1059319) - Fix create empty top.sls with no-op (bsc#1053038) - Enabling certificate deployment for Leap 42.3 clients which is needed for bootstrapping How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-1840=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Server 3.0 (s390x x86_64): release-notes-susemanager-3.0.9-0.53.9.2 spacewalk-branding-2.5.2.15-16.6.4 susemanager-3.0.24-25.6.4 susemanager-tools-3.0.24-25.6.4 - SUSE Manager Server 3.0 (noarch): nutch-1.0-0.9.5.4 salt-netapi-client-0.13.0-16.6.4 spacecmd-2.5.5.9-16.9.4 spacewalk-backend-2.5.24.14-26.11.4 spacewalk-backend-app-2.5.24.14-26.11.4 spacewalk-backend-applet-2.5.24.14-26.11.4 spacewalk-backend-config-files-2.5.24.14-26.11.4 spacewalk-backend-config-files-common-2.5.24.14-26.11.4 spacewalk-backend-config-files-tool-2.5.24.14-26.11.4 spacewalk-backend-iss-2.5.24.14-26.11.4 spacewalk-backend-iss-export-2.5.24.14-26.11.4 spacewalk-backend-libs-2.5.24.14-26.11.4 spacewalk-backend-package-push-server-2.5.24.14-26.11.4 spacewalk-backend-server-2.5.24.14-26.11.4 spacewalk-backend-sql-2.5.24.14-26.11.4 spacewalk-backend-sql-oracle-2.5.24.14-26.11.4 spacewalk-backend-sql-postgresql-2.5.24.14-26.11.4 spacewalk-backend-tools-2.5.24.14-26.11.4 spacewalk-backend-xml-export-libs-2.5.24.14-26.11.4 spacewalk-backend-xmlrpc-2.5.24.14-26.11.4 spacewalk-base-2.5.7.19-25.9.4 spacewalk-base-minimal-2.5.7.19-25.9.4 spacewalk-base-minimal-config-2.5.7.19-25.9.4 spacewalk-certs-tools-2.5.1.11-21.6.4 spacewalk-common-2.5.0.7-4.6.4 spacewalk-html-2.5.7.19-25.9.4 spacewalk-java-2.5.59.18-27.9.4 spacewalk-java-config-2.5.59.18-27.9.4 spacewalk-java-lib-2.5.59.18-27.9.4 spacewalk-java-oracle-2.5.59.18-27.9.4 spacewalk-java-postgresql-2.5.59.18-27.9.4 spacewalk-oracle-2.5.0.7-4.6.4 spacewalk-postgresql-2.5.0.7-4.6.4 spacewalk-reports-2.5.1.3-4.3.4 spacewalk-taskomatic-2.5.59.18-27.9.4 supportutils-plugin-susemanager-3.0.5-2.3.4 susemanager-advanced-topics_en-pdf-3-25.8.2 susemanager-best-practices_en-pdf-3-25.8.2 susemanager-docs_en-3-25.8.2 susemanager-getting-started_en-pdf-3-25.8.2 susemanager-jsp_en-3-25.8.2 susemanager-reference_en-pdf-3-25.8.2 susemanager-schema-3.0.22-25.6.4 susemanager-sls-0.1.24-27.9.4 References: https://www.suse.com/security/cve/CVE-2017-7514.html https://bugzilla.suse.com/1019097 https://bugzilla.suse.com/1021432 https://bugzilla.suse.com/1032065 https://bugzilla.suse.com/1032122 https://bugzilla.suse.com/1038862 https://bugzilla.suse.com/1040420 https://bugzilla.suse.com/1041489 https://bugzilla.suse.com/1042265 https://bugzilla.suse.com/1043880 https://bugzilla.suse.com/1044719 https://bugzilla.suse.com/1045152 https://bugzilla.suse.com/1048294 https://bugzilla.suse.com/1048295 https://bugzilla.suse.com/1049139 https://bugzilla.suse.com/1053038 https://bugzilla.suse.com/1054044 https://bugzilla.suse.com/1054902 https://bugzilla.suse.com/1055292 https://bugzilla.suse.com/1055467 https://bugzilla.suse.com/1056358 https://bugzilla.suse.com/1056678 https://bugzilla.suse.com/1057126 https://bugzilla.suse.com/1057599 https://bugzilla.suse.com/1059201 https://bugzilla.suse.com/1059319 https://bugzilla.suse.com/1059388 https://bugzilla.suse.com/1059524 https://bugzilla.suse.com/1059568 https://bugzilla.suse.com/1061548 https://bugzilla.suse.com/1061574 https://bugzilla.suse.com/1061576 https://bugzilla.suse.com/1062094 https://bugzilla.suse.com/1062476 https://bugzilla.suse.com/1063590 https://bugzilla.suse.com/1065085 https://bugzilla.suse.com/729910 https://bugzilla.suse.com/971785 https://bugzilla.suse.com/971916 https://bugzilla.suse.com/989991 From sle-updates at lists.suse.com Fri Nov 10 01:16:10 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 09:16:10 +0100 (CET) Subject: SUSE-RU-2017:2965-1: moderate: Recommended update for SUSE Manager Proxy 3.0 Message-ID: <20171110081610.A7F3FFCD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 3.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2965-1 Rating: moderate References: #1038862 #1053038 #1055292 #1057126 #1057542 #1057599 #1059319 #1059998 #971785 Affected Products: SUSE Manager Proxy 3.0 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update fixes the following issues: spacewalk-backend: - Add hostname to duplicate machine_id email (bsc#1055292) - Fix link to manual and the described procedure - Fix SP migration for traditional clients which were registered by a currently disabled user (bsc#1057126) spacewalk-certs-tools: - Do not use registration keys from last autoinstallation (bsc#1057599) spacewalk-proxy: - Try to resolve the proxy hostname even if the HTTP 'Host' header is an ip address (bsc#1057542) spacewalk-proxy-installer: - More exact question for custom certificate and key (bsc#1059998) spacewalk-web: - Disallow entering multiple identical mirror credentials (bsc#971785) susemanager-sls: - Targeting patches instead of packages for non Zypper patch installation (bsc#1038862) - Support xccdf 1.2 namespace in openscap result file (bsc#1059319) - Fix create empty top.sls with no-op (bsc#1053038) - Enabling certificate deployment for Leap 42.3 clients which is needed for bootstrapping How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Manager Proxy 3.0: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-1840=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Manager Proxy 3.0 (noarch): spacewalk-backend-2.5.24.14-26.11.4 spacewalk-backend-libs-2.5.24.14-26.11.4 spacewalk-base-minimal-2.5.7.19-25.9.4 spacewalk-base-minimal-config-2.5.7.19-25.9.4 spacewalk-certs-tools-2.5.1.11-21.6.4 spacewalk-proxy-broker-2.5.1.11-20.6.4 spacewalk-proxy-common-2.5.1.11-20.6.4 spacewalk-proxy-installer-2.5.2.6-7.3.4 spacewalk-proxy-management-2.5.1.11-20.6.4 spacewalk-proxy-package-manager-2.5.1.11-20.6.4 spacewalk-proxy-redirect-2.5.1.11-20.6.4 spacewalk-proxy-salt-2.5.1.11-20.6.4 susemanager-sls-0.1.24-27.9.4 - SUSE Manager Proxy 3.0 (x86_64): release-notes-susemanager-proxy-3.0.9-0.28.9.2 References: https://bugzilla.suse.com/1038862 https://bugzilla.suse.com/1053038 https://bugzilla.suse.com/1055292 https://bugzilla.suse.com/1057126 https://bugzilla.suse.com/1057542 https://bugzilla.suse.com/1057599 https://bugzilla.suse.com/1059319 https://bugzilla.suse.com/1059998 https://bugzilla.suse.com/971785 From sle-updates at lists.suse.com Fri Nov 10 01:17:45 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 09:17:45 +0100 (CET) Subject: SUSE-OU-2017:2966-1: Initial release of python-pyinotify Message-ID: <20171110081745.7D7A0FCD6@maintenance.suse.de> SUSE Optional Update: Initial release of python-pyinotify ______________________________________________________________________________ Announcement ID: SUSE-OU-2017:2966-1 Rating: low References: #1047652 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update adds python-pyinotify to the SUSE Manager Client Tools for SLE 11. pyinotify is a Python module for watching filesystem changes and enables salt-beacons and -reactors. Patch Instructions: To install this SUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-python-pyinotify-13341=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-python-pyinotify-13341=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python-pyinotify-0.9.6-2.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python-pyinotify-0.9.6-2.1 References: https://bugzilla.suse.com/1047652 From sle-updates at lists.suse.com Fri Nov 10 01:18:31 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 09:18:31 +0100 (CET) Subject: SUSE-SU-2017:2968-1: important: Security update for openssl1 Message-ID: <20171110081831.44372FCD6@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2968-1 Rating: important References: #1027908 #1032261 #1055825 #1056058 #1057660 #1065363 #990592 Cross-References: CVE-2017-3735 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for openssl1 fixes the following issues: Security issues fixed: - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908) - out of bounds read+crash in DES_fcrypt (bsc#1065363) - DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) - Missing important ciphers in openssl 1.0.1i-47.1 (bsc#990592) Bug fixes: - support alternate root ca chains (bsc#1032261) - Require openssl1, so c_rehash1 is available during %post to hash the certificates (bsc#1057660) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-13343=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.3.1 libopenssl1_0_0-1.0.1g-0.58.3.1 openssl1-1.0.1g-0.58.3.1 openssl1-doc-1.0.1g-0.58.3.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.3.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.3.1 References: https://www.suse.com/security/cve/CVE-2017-3735.html https://bugzilla.suse.com/1027908 https://bugzilla.suse.com/1032261 https://bugzilla.suse.com/1055825 https://bugzilla.suse.com/1056058 https://bugzilla.suse.com/1057660 https://bugzilla.suse.com/1065363 https://bugzilla.suse.com/990592 From sle-updates at lists.suse.com Fri Nov 10 01:19:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 09:19:55 +0100 (CET) Subject: SUSE-SU-2017:2969-1: important: Security update for qemu Message-ID: <20171110081955.2E1D1FCD6@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2969-1 Rating: important References: #1020427 #1021741 #1025109 #1025311 #1026612 #1028184 #1028656 #1030624 #1032075 #1034866 #1034908 #1035406 #1035950 #1036211 #1037242 #1039495 #1042159 #1042800 #1042801 #1043296 #1045035 #1046636 #1047674 #1048902 #1049381 #1056334 #1057585 #1062069 #1063122 #994418 #994605 Cross-References: CVE-2016-6834 CVE-2016-6835 CVE-2016-9602 CVE-2016-9603 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15289 CVE-2017-2633 CVE-2017-5579 CVE-2017-5973 CVE-2017-5987 CVE-2017-6505 CVE-2017-7377 CVE-2017-7471 CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8112 CVE-2017-8309 CVE-2017-9330 CVE-2017-9373 CVE-2017-9375 CVE-2017-9503 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves 29 vulnerabilities and has two fixes is now available. Description: This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-2633: The VNC display driver support was vulnerable to an out-of-bounds memory access issue. A user/process inside guest could use this flaw to cause DoS (bsc#1026612) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069) - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585) - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381) - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334) - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109) - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c allowed local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer (bsc#1025311) - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184) - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908) - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406) - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036211) - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800) - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242) - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495) - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741) - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296) - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636) - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674) - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427) - CVE-2017-7377: The v9fs_create and v9fs_lcreate functions in hw/9pfs/9p.c allowed local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid (bsc#1032075) - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950) - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866) - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994418) - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994605) - Fix privilege escalation in TCG mode (bsc#1030624) This non-security issue wsa fixed: * bsc#1045035: Fix regression introduced by former virtfs security fixes Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1839=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): qemu-2.0.2-48.34.3 qemu-block-curl-2.0.2-48.34.3 qemu-block-curl-debuginfo-2.0.2-48.34.3 qemu-debugsource-2.0.2-48.34.3 qemu-guest-agent-2.0.2-48.34.3 qemu-guest-agent-debuginfo-2.0.2-48.34.3 qemu-lang-2.0.2-48.34.3 qemu-tools-2.0.2-48.34.3 qemu-tools-debuginfo-2.0.2-48.34.3 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): qemu-kvm-2.0.2-48.34.3 - SUSE Linux Enterprise Server 12-LTSS (ppc64le): qemu-ppc-2.0.2-48.34.3 qemu-ppc-debuginfo-2.0.2-48.34.3 - SUSE Linux Enterprise Server 12-LTSS (noarch): qemu-ipxe-1.0.0-48.34.3 qemu-seabios-1.7.4-48.34.3 qemu-sgabios-8-48.34.3 qemu-vgabios-1.7.4-48.34.3 - SUSE Linux Enterprise Server 12-LTSS (x86_64): qemu-block-rbd-2.0.2-48.34.3 qemu-block-rbd-debuginfo-2.0.2-48.34.3 qemu-x86-2.0.2-48.34.3 qemu-x86-debuginfo-2.0.2-48.34.3 - SUSE Linux Enterprise Server 12-LTSS (s390x): qemu-s390-2.0.2-48.34.3 qemu-s390-debuginfo-2.0.2-48.34.3 References: https://www.suse.com/security/cve/CVE-2016-6834.html https://www.suse.com/security/cve/CVE-2016-6835.html https://www.suse.com/security/cve/CVE-2016-9602.html https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2017-10664.html https://www.suse.com/security/cve/CVE-2017-10806.html https://www.suse.com/security/cve/CVE-2017-11334.html https://www.suse.com/security/cve/CVE-2017-11434.html https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2017-14167.html https://www.suse.com/security/cve/CVE-2017-15038.html https://www.suse.com/security/cve/CVE-2017-15289.html https://www.suse.com/security/cve/CVE-2017-2633.html https://www.suse.com/security/cve/CVE-2017-5579.html https://www.suse.com/security/cve/CVE-2017-5973.html https://www.suse.com/security/cve/CVE-2017-5987.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7377.html https://www.suse.com/security/cve/CVE-2017-7471.html https://www.suse.com/security/cve/CVE-2017-7493.html https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://www.suse.com/security/cve/CVE-2017-8086.html https://www.suse.com/security/cve/CVE-2017-8112.html https://www.suse.com/security/cve/CVE-2017-8309.html https://www.suse.com/security/cve/CVE-2017-9330.html https://www.suse.com/security/cve/CVE-2017-9373.html https://www.suse.com/security/cve/CVE-2017-9375.html https://www.suse.com/security/cve/CVE-2017-9503.html https://bugzilla.suse.com/1020427 https://bugzilla.suse.com/1021741 https://bugzilla.suse.com/1025109 https://bugzilla.suse.com/1025311 https://bugzilla.suse.com/1026612 https://bugzilla.suse.com/1028184 https://bugzilla.suse.com/1028656 https://bugzilla.suse.com/1030624 https://bugzilla.suse.com/1032075 https://bugzilla.suse.com/1034866 https://bugzilla.suse.com/1034908 https://bugzilla.suse.com/1035406 https://bugzilla.suse.com/1035950 https://bugzilla.suse.com/1036211 https://bugzilla.suse.com/1037242 https://bugzilla.suse.com/1039495 https://bugzilla.suse.com/1042159 https://bugzilla.suse.com/1042800 https://bugzilla.suse.com/1042801 https://bugzilla.suse.com/1043296 https://bugzilla.suse.com/1045035 https://bugzilla.suse.com/1046636 https://bugzilla.suse.com/1047674 https://bugzilla.suse.com/1048902 https://bugzilla.suse.com/1049381 https://bugzilla.suse.com/1056334 https://bugzilla.suse.com/1057585 https://bugzilla.suse.com/1062069 https://bugzilla.suse.com/1063122 https://bugzilla.suse.com/994418 https://bugzilla.suse.com/994605 From sle-updates at lists.suse.com Fri Nov 10 01:24:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 09:24:13 +0100 (CET) Subject: SUSE-RU-2017:2970-1: moderate: Recommended update for High Performance Computing - compiler selection and integration Message-ID: <20171110082413.0952FFCD7@maintenance.suse.de> SUSE Recommended Update: Recommended update for High Performance Computing - compiler selection and integration ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2970-1 Rating: moderate References: #1011335 #1032970 #1048964 #1053237 #1066132 #1066135 #1066137 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This adds or updates the compiler / library selection mechanism used for the SUSE HPC stack. - lua-lmod: LUA based environment modules system. Update to version 7.6. (FATE#324199 bsc#1066137) * Update to 7.6: 1. Support for disable 2. A marked default is honored even if it is hidden 3. Support for depends_on() as a better way to handle module dependencies. + Lmod 7.5: 1. Added -T, --trace option to report restore, load, unloads and spider. 2. Report both global and version aliases with module --terse Add Global Aliases output to module avail if they exist. 3. Support for isVisibleHook (Thanks @wpoely86!) to control whether a module is hidden or not. 4. Support for "spider -o spider-json" to set the key "hidden" to true or false for each module. 5. Setting LMOD_EXACT_MATCH=yes also turns off the display of (D) with avail. 6. CMake "shell" added. 7. Added feature that LMOD_TMOD_FIND_FIRST. A site can decide to force FIND_FIRST instead FIND_BEST for NV module layouts. Bug Fixes: 1. Fix bug where Lmod would be unable to load a module where NV and NVV module layouts were mixed. 2. Fix bug where LMOD_CASE_INDEPENDENT_SORTING=yes wasn't case independent when using avail hook. + Lmod 7.4: 1. Using built-in luafilesystem if system version doesn't exist or < 1.6.2 2. Support for setting LMOD_SYSHOST with configure. 3. Sites or users can use italic instead of dim for hidden modules 4. Detailed spider output reports all dependencies hidden or not. 5. Support for fish shell 6. Move almost all configuration variables from profile.in to bash.in and similarly for tcsh. Bug Fixes: 1. Fixed bug that caused LMOD env vars to be lower cased. 2. Fixed bug where tcsh/csh exit status was not returned. 3. bash and zsh tab completions works when LMOD_REDIRECT is yes. 4. Can now conflict with a version. 5. Fixed bug with addto a:b:c 6. Fixed bugs in computeHashSum, generating softwarePage. + Lmod 7.3: 1. The isloaded() function has been repaired. 2. Updated French, German and Spanish translations. 3. Two error message related to missing modules are now available for translations. + Lmod 7.2.1: 1. A test suite for testing the Lmod installation has been added. See https://github.com/rtmclay/Lmod_test_suite for details. 2. Added support for localization of errors and warnings and messages. 3. Language Translations complete: ES, Partial: FR, ZH, DE 4. Introduced "errWarnMsgHook" to take advantage of the new message handling. Bug Fixes: 1. Several bug fixes related to Spider Cache and LMOD_CACHED_LOADS=1 2. Repaired zsh tab completion. 3. Minimize the output of Lmod's BASH_ENV when debugging Bash shell scripts. 4. Allow colons as well as spaces for the path used in the addto command. 5. Handles module directories that are empty or bad symlink or a .version file only. 6. Fix bug in module describe. + Lmod 7.1: 1. The commands "module --show_hidden avail" and "module --show_hidden" list now show "hidden" modules with the (H) property. Also they are displayed as dim. This works better on black backgrounds. 2. Added the command "module --config_json" to generate a json output of Lmod's configuration. 3. Add support for env. var. LMOD_SITE_NAME to set a site's name. This is also a configure option. Bug Fixes: 1. Hidden module now will not be marked as default. 2. Now check permission of a directory before trying to open it. 3. Lmod now does not pollute the configure time value of LD_LIBRARY_PATH and LD_PRELOAD into the users env. 4. Lmod now handles illegal values of $TERM. + Lmod 7.0: 1. This version support N/V/V. (e.g. fftw/64/3.3.4). Put a .version file in with the "64" directory to tell Lmod where the version starts. 2. Marking a default in the MODULERC is now supported. 3. User ~/.modulerc has priority over system MODULERC. 4. System MODULERC has priority over marking a default in the module tree. 5. Installed Modules can be hidden by "hide-version foo/3.2.1" in any modulerc file. 6. The system spider cache has changed. Please update your scripts to build spiderT.lua instead of moduleT.lua + Lmod 6.6: 1. Now uses the value of LD_PRELOAD and LD_LIBRARY_PATH found at configure time to run all TCL progams. 2. Now uses a custom _module_dir function for tab completion in bash for module use path. Thanks to Pieter Neerincx! 3. Support for LMOD_FAMILY__VERSION added. 4. If ~/.lmod.d/.cache/invalidated exists then the user cache file(s) are ignored. When generating a user cache file ~/.lmod.d/.cache/invalidated is deleted. Bug Fixes: 1. Correctly merges spider cache location where there are multiple lmodrc.lua files. 2. Remove leading and trailing blanks for names in setenv, pushenv, prepend_path, etc. 3. ml now generates error for unknown argument that start with a double minus. (e.g. ml --vers) 4. pushenv("name","") fixed when unloading module. 5. Make sure to regularize MODULEPATH when ingesting it for the first time. * Add man page and other documentation (bsc#1032970) * Add profile files for bash and csh (bsc#1048964) * Prepare for SUSE default Settings (bsc#1053237) - ohpc: OpenHPC RPM macro compatibility package. Updated, moved macros to lua-lmod (bsc#1048964) - suse-hpc: Provides RPM macros for building SUSE HPC packages. (FATE#320596 bsc#1066135) - gnu-compilers-hpc: Provides HPC compatible setup of the gcc toolchain, modules files and RPM macros (FATE#321705 bsc#1066132) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1841=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): suse-hpc-0.1-2.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): gnu-compilers-hpc-1.3-4.1 gnu-compilers-hpc-devel-1.3-4.1 gnu-compilers-hpc-macros-devel-1.3-4.1 lua-lmod-7.6.1-4.4.1 ohpc-1.3-4.3.1 References: https://bugzilla.suse.com/1011335 https://bugzilla.suse.com/1032970 https://bugzilla.suse.com/1048964 https://bugzilla.suse.com/1053237 https://bugzilla.suse.com/1066132 https://bugzilla.suse.com/1066135 https://bugzilla.suse.com/1066137 From sle-updates at lists.suse.com Fri Nov 10 07:07:49 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 15:07:49 +0100 (CET) Subject: SUSE-SU-2017:2971-1: moderate: Security update for samba Message-ID: <20171110140749.BC3D6FD05@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2971-1 Rating: moderate References: #1042419 #1058565 #1058622 #1058624 #1064016 #1065892 Cross-References: CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624). - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565). This non-security issue was fixed: - Fix error where short name length was read as 2 bytes, should be 1 (bsc#1042419) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1844=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1844=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1844=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1844=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1844=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1844=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1844=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): samba-doc-4.2.4-28.21.1 - SUSE OpenStack Cloud 6 (x86_64): ctdb-4.2.4-28.21.1 ctdb-debuginfo-4.2.4-28.21.1 libdcerpc-binding0-32bit-4.2.4-28.21.1 libdcerpc-binding0-4.2.4-28.21.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.21.1 libdcerpc-binding0-debuginfo-4.2.4-28.21.1 libdcerpc0-32bit-4.2.4-28.21.1 libdcerpc0-4.2.4-28.21.1 libdcerpc0-debuginfo-32bit-4.2.4-28.21.1 libdcerpc0-debuginfo-4.2.4-28.21.1 libgensec0-32bit-4.2.4-28.21.1 libgensec0-4.2.4-28.21.1 libgensec0-debuginfo-32bit-4.2.4-28.21.1 libgensec0-debuginfo-4.2.4-28.21.1 libndr-krb5pac0-32bit-4.2.4-28.21.1 libndr-krb5pac0-4.2.4-28.21.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.21.1 libndr-krb5pac0-debuginfo-4.2.4-28.21.1 libndr-nbt0-32bit-4.2.4-28.21.1 libndr-nbt0-4.2.4-28.21.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.21.1 libndr-nbt0-debuginfo-4.2.4-28.21.1 libndr-standard0-32bit-4.2.4-28.21.1 libndr-standard0-4.2.4-28.21.1 libndr-standard0-debuginfo-32bit-4.2.4-28.21.1 libndr-standard0-debuginfo-4.2.4-28.21.1 libndr0-32bit-4.2.4-28.21.1 libndr0-4.2.4-28.21.1 libndr0-debuginfo-32bit-4.2.4-28.21.1 libndr0-debuginfo-4.2.4-28.21.1 libnetapi0-32bit-4.2.4-28.21.1 libnetapi0-4.2.4-28.21.1 libnetapi0-debuginfo-32bit-4.2.4-28.21.1 libnetapi0-debuginfo-4.2.4-28.21.1 libregistry0-4.2.4-28.21.1 libregistry0-debuginfo-4.2.4-28.21.1 libsamba-credentials0-32bit-4.2.4-28.21.1 libsamba-credentials0-4.2.4-28.21.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.21.1 libsamba-credentials0-debuginfo-4.2.4-28.21.1 libsamba-hostconfig0-32bit-4.2.4-28.21.1 libsamba-hostconfig0-4.2.4-28.21.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.21.1 libsamba-hostconfig0-debuginfo-4.2.4-28.21.1 libsamba-passdb0-32bit-4.2.4-28.21.1 libsamba-passdb0-4.2.4-28.21.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.21.1 libsamba-passdb0-debuginfo-4.2.4-28.21.1 libsamba-util0-32bit-4.2.4-28.21.1 libsamba-util0-4.2.4-28.21.1 libsamba-util0-debuginfo-32bit-4.2.4-28.21.1 libsamba-util0-debuginfo-4.2.4-28.21.1 libsamdb0-32bit-4.2.4-28.21.1 libsamdb0-4.2.4-28.21.1 libsamdb0-debuginfo-32bit-4.2.4-28.21.1 libsamdb0-debuginfo-4.2.4-28.21.1 libsmbclient-raw0-32bit-4.2.4-28.21.1 libsmbclient-raw0-4.2.4-28.21.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.21.1 libsmbclient-raw0-debuginfo-4.2.4-28.21.1 libsmbclient0-32bit-4.2.4-28.21.1 libsmbclient0-4.2.4-28.21.1 libsmbclient0-debuginfo-32bit-4.2.4-28.21.1 libsmbclient0-debuginfo-4.2.4-28.21.1 libsmbconf0-32bit-4.2.4-28.21.1 libsmbconf0-4.2.4-28.21.1 libsmbconf0-debuginfo-32bit-4.2.4-28.21.1 libsmbconf0-debuginfo-4.2.4-28.21.1 libsmbldap0-32bit-4.2.4-28.21.1 libsmbldap0-4.2.4-28.21.1 libsmbldap0-debuginfo-32bit-4.2.4-28.21.1 libsmbldap0-debuginfo-4.2.4-28.21.1 libtevent-util0-32bit-4.2.4-28.21.1 libtevent-util0-4.2.4-28.21.1 libtevent-util0-debuginfo-32bit-4.2.4-28.21.1 libtevent-util0-debuginfo-4.2.4-28.21.1 libwbclient0-32bit-4.2.4-28.21.1 libwbclient0-4.2.4-28.21.1 libwbclient0-debuginfo-32bit-4.2.4-28.21.1 libwbclient0-debuginfo-4.2.4-28.21.1 samba-32bit-4.2.4-28.21.1 samba-4.2.4-28.21.1 samba-client-32bit-4.2.4-28.21.1 samba-client-4.2.4-28.21.1 samba-client-debuginfo-32bit-4.2.4-28.21.1 samba-client-debuginfo-4.2.4-28.21.1 samba-debuginfo-32bit-4.2.4-28.21.1 samba-debuginfo-4.2.4-28.21.1 samba-debugsource-4.2.4-28.21.1 samba-libs-32bit-4.2.4-28.21.1 samba-libs-4.2.4-28.21.1 samba-libs-debuginfo-32bit-4.2.4-28.21.1 samba-libs-debuginfo-4.2.4-28.21.1 samba-winbind-32bit-4.2.4-28.21.1 samba-winbind-4.2.4-28.21.1 samba-winbind-debuginfo-32bit-4.2.4-28.21.1 samba-winbind-debuginfo-4.2.4-28.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): samba-test-devel-4.2.4-28.21.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): ctdb-4.2.4-28.21.1 ctdb-debuginfo-4.2.4-28.21.1 libdcerpc-binding0-4.2.4-28.21.1 libdcerpc-binding0-debuginfo-4.2.4-28.21.1 libdcerpc0-4.2.4-28.21.1 libdcerpc0-debuginfo-4.2.4-28.21.1 libgensec0-4.2.4-28.21.1 libgensec0-debuginfo-4.2.4-28.21.1 libndr-krb5pac0-4.2.4-28.21.1 libndr-krb5pac0-debuginfo-4.2.4-28.21.1 libndr-nbt0-4.2.4-28.21.1 libndr-nbt0-debuginfo-4.2.4-28.21.1 libndr-standard0-4.2.4-28.21.1 libndr-standard0-debuginfo-4.2.4-28.21.1 libndr0-4.2.4-28.21.1 libndr0-debuginfo-4.2.4-28.21.1 libnetapi0-4.2.4-28.21.1 libnetapi0-debuginfo-4.2.4-28.21.1 libregistry0-4.2.4-28.21.1 libregistry0-debuginfo-4.2.4-28.21.1 libsamba-credentials0-4.2.4-28.21.1 libsamba-credentials0-debuginfo-4.2.4-28.21.1 libsamba-hostconfig0-4.2.4-28.21.1 libsamba-hostconfig0-debuginfo-4.2.4-28.21.1 libsamba-passdb0-4.2.4-28.21.1 libsamba-passdb0-debuginfo-4.2.4-28.21.1 libsamba-util0-4.2.4-28.21.1 libsamba-util0-debuginfo-4.2.4-28.21.1 libsamdb0-4.2.4-28.21.1 libsamdb0-debuginfo-4.2.4-28.21.1 libsmbclient-raw0-4.2.4-28.21.1 libsmbclient-raw0-debuginfo-4.2.4-28.21.1 libsmbclient0-4.2.4-28.21.1 libsmbclient0-debuginfo-4.2.4-28.21.1 libsmbconf0-4.2.4-28.21.1 libsmbconf0-debuginfo-4.2.4-28.21.1 libsmbldap0-4.2.4-28.21.1 libsmbldap0-debuginfo-4.2.4-28.21.1 libtevent-util0-4.2.4-28.21.1 libtevent-util0-debuginfo-4.2.4-28.21.1 libwbclient0-4.2.4-28.21.1 libwbclient0-debuginfo-4.2.4-28.21.1 samba-4.2.4-28.21.1 samba-client-4.2.4-28.21.1 samba-client-debuginfo-4.2.4-28.21.1 samba-debuginfo-4.2.4-28.21.1 samba-debugsource-4.2.4-28.21.1 samba-libs-4.2.4-28.21.1 samba-libs-debuginfo-4.2.4-28.21.1 samba-winbind-4.2.4-28.21.1 samba-winbind-debuginfo-4.2.4-28.21.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libdcerpc-binding0-32bit-4.2.4-28.21.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.21.1 libdcerpc0-32bit-4.2.4-28.21.1 libdcerpc0-debuginfo-32bit-4.2.4-28.21.1 libgensec0-32bit-4.2.4-28.21.1 libgensec0-debuginfo-32bit-4.2.4-28.21.1 libndr-krb5pac0-32bit-4.2.4-28.21.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.21.1 libndr-nbt0-32bit-4.2.4-28.21.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.21.1 libndr-standard0-32bit-4.2.4-28.21.1 libndr-standard0-debuginfo-32bit-4.2.4-28.21.1 libndr0-32bit-4.2.4-28.21.1 libndr0-debuginfo-32bit-4.2.4-28.21.1 libnetapi0-32bit-4.2.4-28.21.1 libnetapi0-debuginfo-32bit-4.2.4-28.21.1 libsamba-credentials0-32bit-4.2.4-28.21.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.21.1 libsamba-hostconfig0-32bit-4.2.4-28.21.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.21.1 libsamba-passdb0-32bit-4.2.4-28.21.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.21.1 libsamba-util0-32bit-4.2.4-28.21.1 libsamba-util0-debuginfo-32bit-4.2.4-28.21.1 libsamdb0-32bit-4.2.4-28.21.1 libsamdb0-debuginfo-32bit-4.2.4-28.21.1 libsmbclient-raw0-32bit-4.2.4-28.21.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.21.1 libsmbclient0-32bit-4.2.4-28.21.1 libsmbclient0-debuginfo-32bit-4.2.4-28.21.1 libsmbconf0-32bit-4.2.4-28.21.1 libsmbconf0-debuginfo-32bit-4.2.4-28.21.1 libsmbldap0-32bit-4.2.4-28.21.1 libsmbldap0-debuginfo-32bit-4.2.4-28.21.1 libtevent-util0-32bit-4.2.4-28.21.1 libtevent-util0-debuginfo-32bit-4.2.4-28.21.1 libwbclient0-32bit-4.2.4-28.21.1 libwbclient0-debuginfo-32bit-4.2.4-28.21.1 samba-32bit-4.2.4-28.21.1 samba-client-32bit-4.2.4-28.21.1 samba-client-debuginfo-32bit-4.2.4-28.21.1 samba-debuginfo-32bit-4.2.4-28.21.1 samba-libs-32bit-4.2.4-28.21.1 samba-libs-debuginfo-32bit-4.2.4-28.21.1 samba-winbind-32bit-4.2.4-28.21.1 samba-winbind-debuginfo-32bit-4.2.4-28.21.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): samba-doc-4.2.4-28.21.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-atsvc0-4.2.4-28.21.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.21.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libdcerpc-atsvc0-4.2.4-28.21.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-28.21.1 ctdb-debuginfo-4.2.4-28.21.1 libdcerpc-binding0-4.2.4-28.21.1 libdcerpc-binding0-debuginfo-4.2.4-28.21.1 libdcerpc0-4.2.4-28.21.1 libdcerpc0-debuginfo-4.2.4-28.21.1 libgensec0-4.2.4-28.21.1 libgensec0-debuginfo-4.2.4-28.21.1 libndr-krb5pac0-4.2.4-28.21.1 libndr-krb5pac0-debuginfo-4.2.4-28.21.1 libndr-nbt0-4.2.4-28.21.1 libndr-nbt0-debuginfo-4.2.4-28.21.1 libndr-standard0-4.2.4-28.21.1 libndr-standard0-debuginfo-4.2.4-28.21.1 libndr0-4.2.4-28.21.1 libndr0-debuginfo-4.2.4-28.21.1 libnetapi0-4.2.4-28.21.1 libnetapi0-debuginfo-4.2.4-28.21.1 libregistry0-4.2.4-28.21.1 libregistry0-debuginfo-4.2.4-28.21.1 libsamba-credentials0-4.2.4-28.21.1 libsamba-credentials0-debuginfo-4.2.4-28.21.1 libsamba-hostconfig0-4.2.4-28.21.1 libsamba-hostconfig0-debuginfo-4.2.4-28.21.1 libsamba-passdb0-4.2.4-28.21.1 libsamba-passdb0-debuginfo-4.2.4-28.21.1 libsamba-util0-4.2.4-28.21.1 libsamba-util0-debuginfo-4.2.4-28.21.1 libsamdb0-4.2.4-28.21.1 libsamdb0-debuginfo-4.2.4-28.21.1 libsmbclient-raw0-4.2.4-28.21.1 libsmbclient-raw0-debuginfo-4.2.4-28.21.1 libsmbclient0-4.2.4-28.21.1 libsmbclient0-debuginfo-4.2.4-28.21.1 libsmbconf0-4.2.4-28.21.1 libsmbconf0-debuginfo-4.2.4-28.21.1 libsmbldap0-4.2.4-28.21.1 libsmbldap0-debuginfo-4.2.4-28.21.1 libtevent-util0-4.2.4-28.21.1 libtevent-util0-debuginfo-4.2.4-28.21.1 libwbclient0-4.2.4-28.21.1 libwbclient0-debuginfo-4.2.4-28.21.1 samba-4.2.4-28.21.1 samba-client-4.2.4-28.21.1 samba-client-debuginfo-4.2.4-28.21.1 samba-debuginfo-4.2.4-28.21.1 samba-debugsource-4.2.4-28.21.1 samba-libs-4.2.4-28.21.1 samba-libs-debuginfo-4.2.4-28.21.1 samba-winbind-4.2.4-28.21.1 samba-winbind-debuginfo-4.2.4-28.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-28.21.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.21.1 libdcerpc0-32bit-4.2.4-28.21.1 libdcerpc0-debuginfo-32bit-4.2.4-28.21.1 libgensec0-32bit-4.2.4-28.21.1 libgensec0-debuginfo-32bit-4.2.4-28.21.1 libndr-krb5pac0-32bit-4.2.4-28.21.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.21.1 libndr-nbt0-32bit-4.2.4-28.21.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.21.1 libndr-standard0-32bit-4.2.4-28.21.1 libndr-standard0-debuginfo-32bit-4.2.4-28.21.1 libndr0-32bit-4.2.4-28.21.1 libndr0-debuginfo-32bit-4.2.4-28.21.1 libnetapi0-32bit-4.2.4-28.21.1 libnetapi0-debuginfo-32bit-4.2.4-28.21.1 libsamba-credentials0-32bit-4.2.4-28.21.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.21.1 libsamba-hostconfig0-32bit-4.2.4-28.21.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.21.1 libsamba-passdb0-32bit-4.2.4-28.21.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.21.1 libsamba-util0-32bit-4.2.4-28.21.1 libsamba-util0-debuginfo-32bit-4.2.4-28.21.1 libsamdb0-32bit-4.2.4-28.21.1 libsamdb0-debuginfo-32bit-4.2.4-28.21.1 libsmbclient-raw0-32bit-4.2.4-28.21.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.21.1 libsmbclient0-32bit-4.2.4-28.21.1 libsmbclient0-debuginfo-32bit-4.2.4-28.21.1 libsmbconf0-32bit-4.2.4-28.21.1 libsmbconf0-debuginfo-32bit-4.2.4-28.21.1 libsmbldap0-32bit-4.2.4-28.21.1 libsmbldap0-debuginfo-32bit-4.2.4-28.21.1 libtevent-util0-32bit-4.2.4-28.21.1 libtevent-util0-debuginfo-32bit-4.2.4-28.21.1 libwbclient0-32bit-4.2.4-28.21.1 libwbclient0-debuginfo-32bit-4.2.4-28.21.1 samba-32bit-4.2.4-28.21.1 samba-client-32bit-4.2.4-28.21.1 samba-client-debuginfo-32bit-4.2.4-28.21.1 samba-debuginfo-32bit-4.2.4-28.21.1 samba-libs-32bit-4.2.4-28.21.1 samba-libs-debuginfo-32bit-4.2.4-28.21.1 samba-winbind-32bit-4.2.4-28.21.1 samba-winbind-debuginfo-32bit-4.2.4-28.21.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): samba-doc-4.2.4-28.21.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-atsvc0-4.2.4-28.21.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.21.1 References: https://www.suse.com/security/cve/CVE-2017-12150.html https://www.suse.com/security/cve/CVE-2017-12151.html https://www.suse.com/security/cve/CVE-2017-12163.html https://bugzilla.suse.com/1042419 https://bugzilla.suse.com/1058565 https://bugzilla.suse.com/1058622 https://bugzilla.suse.com/1058624 https://bugzilla.suse.com/1064016 https://bugzilla.suse.com/1065892 From sle-updates at lists.suse.com Fri Nov 10 07:08:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 15:08:58 +0100 (CET) Subject: SUSE-RU-2017:2972-1: moderate: Recommended update for cpuid Message-ID: <20171110140858.33C5EFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpuid ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2972-1 Rating: moderate References: #1066729 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cpuid fixes the following issues: This update provides cpuid version 20170122 for the HPC Module (FATE#324170). * Added synth decoding for Intel Knights Landing B0. * Added new synth decodings for Intel Kaby Lake. * Fixed synth decodings for AMD Steamroller and Jaguar. * Added synth decodings for AMD Puma and Excavator. * For (6,15),(0,2) Piledriver processors, detect FX series and report it as Vishera instead of Abu Dhabi/Seoul/Delhi. * Added general microarchitecure names for AMD (e.g. Piledriver) in addition to specific core names (e.g. Trinity) for later generation processors. If I have trouble remembering these, it seems likely other people do too. * Added synth decoding for Quark X1000. * Added Intel Atom Z2760 (Clover Trail). * Added extra synth decodings for some Ivy Bridge and Sandy Bridge processors. Update to upstream release 20161201: * Fixed bugs in the subleaf walks for 0x8000001d (AMD cache information) and 0x40000003 (Xen hypervisor information) because the code for them was under wholly the wrong loops. Update to upstream release 20161114: * cpuid.c: Added -l/--leaf and -s/--subleaf options to cause cpuid to dump just the specified leaf and subleaf. If -s/--subleaf is not specified, it is assumed to be 0. The intended purpose for this is to display raw dumps of not-yet-supported leaves. * cpuid.c: Added AVX512DQ, AVX512IFMA, AVX512BW, AVX512VL, and CLWB decoding to 7/ebx. * cpuid.c: Added AVX512VBMI to 7/ecx. * cpuid.c: Added print_f_0_edx to show L3 cache QoS monitoring support. * cpuid.c: Added total & local bandwidth monitoring to 0xf/1/edx. * cpuid.c: Added 0x15/ecx nominal core crystal clock decoding. * cpuid.c: In print_17_0_ebx, corrected reversed scheme encodings. * cpuid.c: Added synth decoding for Xeon D-1500 (Broadwell-DE) Y0 stepping. * cpuid.c: Added synth decoding comment about Braswell D1 stepping, but its stepping number is not documented. * cpuid.c: Added synth decoding for (0,6),(8,14) Kaby Lake processors. * cpuid.c: Added synth decoding for Apollo Lake processors. * cpuid.c: Added vague synth decoding for (0,6),(9,14) Kaby Lake processors. * cpuid.c: Add AVX512_4VNNIW & AVX512_4FMAPS flags. * cpuid.c: Add Knights Mill (KNM) CPUID. Update to upstream release 20160814: * cpuinfo2cpuid: Added a script that takes input from a /proc/cpuinfo file and converts it into suitable input to cpuid. The information that cpuid is capable of producing based on this very limited input information is slight, but apparently there is interest in getting the synthesized (synth) leaf from this. * Support SGX, MPX, BNDLDX/BNDSTX, RDPID, and IA32_XSS PT state. * Add information for Skylake, Broadwell, Broadwell-E and -EX processors, Atom C2000 (Avoton) with A0/A1 steppings, Atom Z3n00 (Bay Trail) stepping 1, Xeon D-1500 (Broadwell-DE) V2 stepping, corrected Atom Z8000 (Cherry Trail), added Atom S1200 (Centerton) and VIA Eden. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1843=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (x86_64): cpuid-20170122-2.3.1 cpuid-debuginfo-20170122-2.3.1 cpuid-debugsource-20170122-2.3.1 References: https://bugzilla.suse.com/1066729 From sle-updates at lists.suse.com Fri Nov 10 10:08:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 18:08:22 +0100 (CET) Subject: SUSE-RU-2017:2973-1: moderate: Initial release of openblas for HPC (v0.2.20, gcc) Message-ID: <20171110170822.3B0C7FD06@maintenance.suse.de> SUSE Recommended Update: Initial release of openblas for HPC (v0.2.20, gcc) ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2973-1 Rating: moderate References: #1039397 #1066736 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update introduces the openblas packages version 0.2.20 of built for environment modules to the HPC module. (FATE#321708). An optimized BLAS library based on GotoBLAS2. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1850=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libopenblas-gnu-hpc-0.2.20-2.6.1 libopenblas-gnu-hpc-devel-0.2.20-2.6.1 libopenblas-pthreads-gnu-hpc-0.2.20-2.6.1 libopenblas-pthreads-gnu-hpc-devel-0.2.20-2.6.1 libopenblas-pthreads_0_2_20-gnu-hpc-0.2.20-2.6.1 libopenblas-pthreads_0_2_20-gnu-hpc-debuginfo-0.2.20-2.6.1 libopenblas-pthreads_0_2_20-gnu-hpc-devel-0.2.20-2.6.1 libopenblas_0_2_20-gnu-hpc-0.2.20-2.6.1 libopenblas_0_2_20-gnu-hpc-debuginfo-0.2.20-2.6.1 libopenblas_0_2_20-gnu-hpc-devel-0.2.20-2.6.1 openblas-pthreads_0_2_20-gnu-hpc-debugsource-0.2.20-2.6.1 openblas-pthreads_0_2_20-gnu-hpc-devel-static-0.2.20-2.6.1 openblas_0_2_20-gnu-hpc-debugsource-0.2.20-2.6.1 openblas_0_2_20-gnu-hpc-devel-static-0.2.20-2.6.1 References: https://bugzilla.suse.com/1039397 https://bugzilla.suse.com/1066736 From sle-updates at lists.suse.com Fri Nov 10 10:14:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 18:14:08 +0100 (CET) Subject: SUSE-SU-2017:2981-1: important: Security update for openssl Message-ID: <20171110171408.D936AFD05@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2981-1 Rating: important References: #1027908 #1032261 #1055825 #1056058 #1065363 #990592 Cross-References: CVE-2017-3735 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for openssl fixes the following issues: Security issues fixed: - CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - adjust DEFAULT_SUSE to meet 1.0.2 and current state (bsc#1027908) - out of bounds read+crash in DES_fcrypt (bsc#1065363) - DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) - Missing important ciphers in openssl 1.0.1i-47.1 (bsc#990592) Bug fixes: - support alternate root ca chains (bsc#1032261) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1846=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1846=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1846=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): libopenssl1_0_0-1.0.1i-54.8.1 libopenssl1_0_0-32bit-1.0.1i-54.8.1 libopenssl1_0_0-debuginfo-1.0.1i-54.8.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.8.1 libopenssl1_0_0-hmac-1.0.1i-54.8.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1 openssl-1.0.1i-54.8.1 openssl-debuginfo-1.0.1i-54.8.1 openssl-debugsource-1.0.1i-54.8.1 - SUSE OpenStack Cloud 6 (noarch): openssl-doc-1.0.1i-54.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): libopenssl1_0_0-1.0.1i-54.8.1 libopenssl1_0_0-debuginfo-1.0.1i-54.8.1 libopenssl1_0_0-hmac-1.0.1i-54.8.1 openssl-1.0.1i-54.8.1 openssl-debuginfo-1.0.1i-54.8.1 openssl-debugsource-1.0.1i-54.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-32bit-1.0.1i-54.8.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.8.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-54.8.1 libopenssl1_0_0-debuginfo-1.0.1i-54.8.1 libopenssl1_0_0-hmac-1.0.1i-54.8.1 openssl-1.0.1i-54.8.1 openssl-debuginfo-1.0.1i-54.8.1 openssl-debugsource-1.0.1i-54.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-54.8.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.8.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): openssl-doc-1.0.1i-54.8.1 References: https://www.suse.com/security/cve/CVE-2017-3735.html https://bugzilla.suse.com/1027908 https://bugzilla.suse.com/1032261 https://bugzilla.suse.com/1055825 https://bugzilla.suse.com/1056058 https://bugzilla.suse.com/1065363 https://bugzilla.suse.com/990592 From sle-updates at lists.suse.com Fri Nov 10 10:15:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 18:15:29 +0100 (CET) Subject: SUSE-RU-2017:2983-1: Recommended update for python-kiwi Message-ID: <20171110171529.2BD25FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2983-1 Rating: low References: #1050665 #1055542 #1065028 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update provides python-kiwi 8.33.3, which brings fixes and enhancements: - Do not require cracklib-dict-full in boot images (bsc#1065028) - Cleanup SLE12 boot image descriptions - Update documentation - Added vhdx image format support - Move to dracut for vmx and iso types - Update btrfs features required for CaaS Platform - Cleanup use of obs:// repos - Better integrate with the Open Build Service for building container images (fate#324024) - Fix vmdk descriptor file (bsc#1050665) - Include the disturl label in container images (bsc#1055542) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2017-1848=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1848=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1848=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): kiwi-pxeboot-8.33.3-9.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): kiwi-man-pages-8.33.3-9.9.1 kiwi-tools-8.33.3-9.9.1 kiwi-tools-debuginfo-8.33.3-9.9.1 python-kiwi-debugsource-8.33.3-9.9.1 python2-kiwi-8.33.3-9.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): kiwi-tools-8.33.3-9.9.1 kiwi-tools-debuginfo-8.33.3-9.9.1 python-kiwi-debugsource-8.33.3-9.9.1 References: https://bugzilla.suse.com/1050665 https://bugzilla.suse.com/1055542 https://bugzilla.suse.com/1065028 From sle-updates at lists.suse.com Fri Nov 10 10:16:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 18:16:28 +0100 (CET) Subject: SUSE-RU-2017:2985-1: moderate: Initial release of mvapich2 for HPC (v2.2, gcc) Message-ID: <20171110171628.08B49FD05@maintenance.suse.de> SUSE Recommended Update: Initial release of mvapich2 for HPC (v2.2, gcc) ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2985-1 Rating: moderate References: #1066740 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update introduces the mvapich2 packages version 2.2 built for environment modules to the HPC module. (FATE#321712). Mvapich2 is an MPI-3 implementation which includes all MPI-1 features. It is based on MPICH2 and MVICH. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1845=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): mvapich2-gnu-hpc-2.2-13.3.1 mvapich2-gnu-hpc-devel-2.2-13.3.1 mvapich2_2_2-gnu-hpc-2.2-13.3.1 mvapich2_2_2-gnu-hpc-debuginfo-2.2-13.3.1 mvapich2_2_2-gnu-hpc-debugsource-2.2-13.3.1 mvapich2_2_2-gnu-hpc-devel-2.2-13.3.1 mvapich2_2_2-gnu-hpc-devel-static-2.2-13.3.1 mvapich2_2_2-gnu-hpc-doc-2.2-13.3.1 mvapich2_2_2-gnu-hpc-macros-devel-2.2-13.3.1 - SUSE Linux Enterprise Module for HPC 12 (x86_64): mvapich2-psm-gnu-hpc-2.2-13.3.1 mvapich2-psm-gnu-hpc-devel-2.2-13.3.1 mvapich2-psm2-gnu-hpc-2.2-13.3.1 mvapich2-psm2-gnu-hpc-devel-2.2-13.3.1 mvapich2-psm2_2_2-gnu-hpc-2.2-13.3.1 mvapich2-psm2_2_2-gnu-hpc-debuginfo-2.2-13.3.1 mvapich2-psm2_2_2-gnu-hpc-debugsource-2.2-13.3.1 mvapich2-psm2_2_2-gnu-hpc-devel-2.2-13.3.1 mvapich2-psm2_2_2-gnu-hpc-devel-static-2.2-13.3.1 mvapich2-psm2_2_2-gnu-hpc-doc-2.2-13.3.1 mvapich2-psm2_2_2-gnu-hpc-macros-devel-2.2-13.3.1 mvapich2-psm_2_2-gnu-hpc-2.2-13.3.1 mvapich2-psm_2_2-gnu-hpc-debuginfo-2.2-13.3.1 mvapich2-psm_2_2-gnu-hpc-debugsource-2.2-13.3.1 mvapich2-psm_2_2-gnu-hpc-devel-2.2-13.3.1 mvapich2-psm_2_2-gnu-hpc-devel-static-2.2-13.3.1 mvapich2-psm_2_2-gnu-hpc-doc-2.2-13.3.1 mvapich2-psm_2_2-gnu-hpc-macros-devel-2.2-13.3.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): mvapich2-gnu-hpc-doc-2.2-13.3.1 mvapich2-gnu-hpc-macros-devel-2.2-13.3.1 mvapich2-psm-gnu-hpc-doc-2.2-13.3.1 mvapich2-psm-gnu-hpc-macros-devel-2.2-13.3.1 mvapich2-psm2-gnu-hpc-doc-2.2-13.3.1 mvapich2-psm2-gnu-hpc-macros-devel-2.2-13.3.1 References: https://bugzilla.suse.com/1066740 From sle-updates at lists.suse.com Fri Nov 10 10:17:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 18:17:05 +0100 (CET) Subject: SUSE-RU-2017:2987-1: moderate: Recommended update for conman Message-ID: <20171110171705.1D857FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for conman ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2987-1 Rating: moderate References: #1066730 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for conman fixes the following issues: Connman was updated to version 0.2.8 for the HPC module (FATE#324168). Updated to version 0.2.8: * Changed project homepage to . (#21) * Changed conman.conf default loopback setting to ON. * Changed rpm spec file from sysvinit to systemd. * Added 'server nofile' config directive to increase NOFILE limit. (#17) * Added '-P' cmdline opt to daemon for specifying pidfile. (#20) * Added test console device to aid in development and testing. * Fixed telnet option negotiation loop. (#9) * Fixed arbitrary limit on number of IPMI SOL consoles. (#15) * Fixed 4-character limit on timezones. (#16) * Fixed 1-second delay when connecting the client to a console. * Fixed UDS console reconnect delay to use exponential timeout. * Fixed UDS console reconnect delay to require min connect time before reset. * Fixed UDS console resource leak of pathname during config processing. * Fixed all gcc, clang, and Coverity Scan warnings. * Improved scalability of daemon. - Enable tcpwrappers on all platforms by default. - Set user/group for conman to root/root on SLE12 for backward compatibility. - Remove Provides: group/user(): these are only used by conman, there is no intention to provide them to other packages. - conman service configured to start as conman:conman user - Fixed ssh expect script for SUSE-specific output. - conman.conf: make differences between openSUSE and SLES explicit. - Set use of tcpwrappers to 'off' by default. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1849=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): conman-0.2.8-4.3.1 conman-debuginfo-0.2.8-4.3.1 conman-debugsource-0.2.8-4.3.1 References: https://bugzilla.suse.com/1066730 From sle-updates at lists.suse.com Fri Nov 10 10:18:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 18:18:14 +0100 (CET) Subject: SUSE-SU-2017:2989-1: important: Security update for java-1_8_0-openjdk Message-ID: <20171110171814.0664EFD05@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2989-1 Rating: important References: #1032647 #1052009 #1064069 #1064070 #1064071 #1064072 #1064073 #1064075 #1064077 #1064078 #1064079 #1064080 #1064081 #1064082 #1064083 #1064084 #1064085 #1064086 Cross-References: CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed: - CVE-2017-10274: Handle smartcard clean up better (bsc#1064071) - CVE-2017-10281: Better queuing priorities (bsc#1064072) - CVE-2017-10285: Unreferenced references (bsc#1064073) - CVE-2017-10295: Better URL connections (bsc#1064075) - CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086) - CVE-2017-10346: Better invokespecial checks (bsc#1064078) - CVE-2017-10350: Better Base Exceptions (bsc#1064082) - CVE-2017-10347: Better timezone processing (bsc#1064079) - CVE-2017-10349: Better X processing (bsc#1064081) - CVE-2017-10345: Better keystore handling (bsc#1064077) - CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080) - CVE-2017-10357: Process Proxy presentation (bsc#1064085) - CVE-2017-10355: More stable connection processing (bsc#1064083) - CVE-2017-10356: Update storage implementations (bsc#1064084) - CVE-2016-10165: Improve CMS header processing (bsc#1064069) - CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes: - Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1847=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1847=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1847=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1847=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1847=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1847=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1847=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1847=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): java-1_8_0-openjdk-1.8.0.151-27.8.1 java-1_8_0-openjdk-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-debugsource-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-devel-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.151-27.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.151-27.8.1 java-1_8_0-openjdk-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-debugsource-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-devel-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.151-27.8.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): java-1_8_0-openjdk-1.8.0.151-27.8.1 java-1_8_0-openjdk-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-debugsource-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-devel-1.8.0.151-27.8.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.151-27.8.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.151-27.8.1 java-1_8_0-openjdk-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-debugsource-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-devel-1.8.0.151-27.8.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.151-27.8.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.151-27.8.1 java-1_8_0-openjdk-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-debugsource-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-devel-1.8.0.151-27.8.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.151-27.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.151-27.8.1 java-1_8_0-openjdk-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-debugsource-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-1.8.0.151-27.8.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-devel-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.151-27.8.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): java-1_8_0-openjdk-1.8.0.151-27.8.1 java-1_8_0-openjdk-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-debugsource-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.151-27.8.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): java-1_8_0-openjdk-1.8.0.151-27.8.1 java-1_8_0-openjdk-debuginfo-1.8.0.151-27.8.1 java-1_8_0-openjdk-debugsource-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-1.8.0.151-27.8.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.151-27.8.1 References: https://www.suse.com/security/cve/CVE-2016-10165.html https://www.suse.com/security/cve/CVE-2016-9840.html https://www.suse.com/security/cve/CVE-2016-9841.html https://www.suse.com/security/cve/CVE-2016-9842.html https://www.suse.com/security/cve/CVE-2016-9843.html https://www.suse.com/security/cve/CVE-2017-10274.html https://www.suse.com/security/cve/CVE-2017-10281.html https://www.suse.com/security/cve/CVE-2017-10285.html https://www.suse.com/security/cve/CVE-2017-10295.html https://www.suse.com/security/cve/CVE-2017-10345.html https://www.suse.com/security/cve/CVE-2017-10346.html https://www.suse.com/security/cve/CVE-2017-10347.html https://www.suse.com/security/cve/CVE-2017-10348.html https://www.suse.com/security/cve/CVE-2017-10349.html https://www.suse.com/security/cve/CVE-2017-10350.html https://www.suse.com/security/cve/CVE-2017-10355.html https://www.suse.com/security/cve/CVE-2017-10356.html https://www.suse.com/security/cve/CVE-2017-10357.html https://www.suse.com/security/cve/CVE-2017-10388.html https://bugzilla.suse.com/1032647 https://bugzilla.suse.com/1052009 https://bugzilla.suse.com/1064069 https://bugzilla.suse.com/1064070 https://bugzilla.suse.com/1064071 https://bugzilla.suse.com/1064072 https://bugzilla.suse.com/1064073 https://bugzilla.suse.com/1064075 https://bugzilla.suse.com/1064077 https://bugzilla.suse.com/1064078 https://bugzilla.suse.com/1064079 https://bugzilla.suse.com/1064080 https://bugzilla.suse.com/1064081 https://bugzilla.suse.com/1064082 https://bugzilla.suse.com/1064083 https://bugzilla.suse.com/1064084 https://bugzilla.suse.com/1064085 https://bugzilla.suse.com/1064086 From sle-updates at lists.suse.com Fri Nov 10 13:07:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Nov 2017 21:07:05 +0100 (CET) Subject: SUSE-RU-2017:2995-1: moderate: Initial release of papi for HPC (v5.5.1) Message-ID: <20171110200705.053EEFD06@maintenance.suse.de> SUSE Recommended Update: Initial release of papi for HPC (v5.5.1) ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2995-1 Rating: moderate References: #1066733 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update introduces papi version 5.5.1 built for environment modules to the HPC Module. (FATE#321720). PAPI provides the tool designer and application engineer with a consistent interface and methodology for use of the performance counter hardware found in most major microprocessors. PAPI enables software engineers to see, in near real time, the relation between software performance and processor events. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1851=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpapi_5_5_1-hpc-5.5.1-9.3.1 libpapi_5_5_1-hpc-debuginfo-5.5.1-9.3.1 papi-hpc-devel-5.5.1-9.3.1 papi_5_5_1-hpc-5.5.1-9.3.1 papi_5_5_1-hpc-debuginfo-5.5.1-9.3.1 papi_5_5_1-hpc-debugsource-5.5.1-9.3.1 papi_5_5_1-hpc-devel-5.5.1-9.3.1 papi_5_5_1-hpc-devel-static-5.5.1-9.3.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): papi-hpc-5.5.1-9.3.1 References: https://bugzilla.suse.com/1066733 From sle-updates at lists.suse.com Fri Nov 10 16:07:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Nov 2017 00:07:24 +0100 (CET) Subject: SUSE-SU-2017:2996-1: important: Security update for mysql Message-ID: <20171110230724.53E8FFD03@maintenance.suse.de> SUSE Security Update: Security update for mysql ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2996-1 Rating: important References: #1064101 #1064115 #1064116 #1064117 #1064119 Cross-References: CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for mysql to version 5.5.58 fixes the following issues: Fixed security issues: - CVE-2017-10268: issue inside subcomponent Server Replication [bsc#1064101] - CVE-2017-10378: issue inside subcomponent Server Optimizer [bsc#1064115] - CVE-2017-10379: issue inside subcomponent Client programs [bsc#1064116] - CVE-2017-10384: issue inside subcomponent Server DDL [bsc#1064117] For a full list of changes check: http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-58.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mysql-13344=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-mysql-13344=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-mysql-13344=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mysql-13344=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mysql-13344=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mysql-13344=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libmysql55client_r18-32bit-5.5.58-0.39.6.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64): libmysql55client_r18-x86-5.5.58-0.39.6.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmysql55client18-5.5.58-0.39.6.1 libmysql55client_r18-5.5.58-0.39.6.1 mysql-5.5.58-0.39.6.1 mysql-client-5.5.58-0.39.6.1 mysql-tools-5.5.58-0.39.6.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libmysql55client18-32bit-5.5.58-0.39.6.1 libmysql55client_r18-32bit-5.5.58-0.39.6.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): libmysql55client18-x86-5.5.58-0.39.6.1 libmysql55client_r18-x86-5.5.58-0.39.6.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): libmysql55client18-5.5.58-0.39.6.1 libmysql55client_r18-5.5.58-0.39.6.1 mysql-5.5.58-0.39.6.1 mysql-client-5.5.58-0.39.6.1 mysql-tools-5.5.58-0.39.6.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64): libmysql55client18-32bit-5.5.58-0.39.6.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libmysql55client18-5.5.58-0.39.6.1 libmysql55client_r18-5.5.58-0.39.6.1 mysql-5.5.58-0.39.6.1 mysql-client-5.5.58-0.39.6.1 mysql-tools-5.5.58-0.39.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mysql-debuginfo-5.5.58-0.39.6.1 mysql-debugsource-5.5.58-0.39.6.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mysql-debuginfo-5.5.58-0.39.6.1 mysql-debugsource-5.5.58-0.39.6.1 References: https://www.suse.com/security/cve/CVE-2017-10268.html https://www.suse.com/security/cve/CVE-2017-10378.html https://www.suse.com/security/cve/CVE-2017-10379.html https://www.suse.com/security/cve/CVE-2017-10384.html https://bugzilla.suse.com/1064101 https://bugzilla.suse.com/1064115 https://bugzilla.suse.com/1064116 https://bugzilla.suse.com/1064117 https://bugzilla.suse.com/1064119 From sle-updates at lists.suse.com Fri Nov 10 16:08:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 11 Nov 2017 00:08:19 +0100 (CET) Subject: SUSE-RU-2017:2997-1: moderate: Initial release of openmpi for HPC (v1.10.7, gcc) Message-ID: <20171110230819.E6776FD05@maintenance.suse.de> SUSE Recommended Update: Initial release of openmpi for HPC (v1.10.7, gcc) ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:2997-1 Rating: moderate References: #1066739 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update introduces the openmpi packages version 1.10.7 built for environment modules to the HPC module. (FATE#321711). OpenMPI is an implementation of the Message Passing Interface, a standardized API typically used for parallel and/or distributed computing. OpenMPI is the merged result of four prior implementations where the team found for them to excel in one or more areas, such as latency or throughput. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1853=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libopenmpi1-gnu-hpc-1.10.7-17.5.1 libopenmpi_1_10_7-gnu-hpc-1.10.7-17.5.1 libopenmpi_1_10_7-gnu-hpc-debuginfo-1.10.7-17.5.1 openmpi-config-1.10.7-17.5.1 openmpi1-gnu-hpc-1.10.7-17.5.1 openmpi1-gnu-hpc-devel-1.10.7-17.5.1 openmpi1-gnu-hpc-devel-static-1.10.7-17.5.1 openmpi_1_10_7-gnu-hpc-1.10.7-17.5.1 openmpi_1_10_7-gnu-hpc-debuginfo-1.10.7-17.5.1 openmpi_1_10_7-gnu-hpc-debugsource-1.10.7-17.5.1 openmpi_1_10_7-gnu-hpc-devel-1.10.7-17.5.1 openmpi_1_10_7-gnu-hpc-devel-debuginfo-1.10.7-17.5.1 openmpi_1_10_7-gnu-hpc-devel-static-1.10.7-17.5.1 openmpi_1_10_7-gnu-hpc-macros-devel-1.10.7-17.5.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): openmpi1-gnu-hpc-macros-devel-1.10.7-17.5.1 References: https://bugzilla.suse.com/1066739 From sle-updates at lists.suse.com Mon Nov 13 07:07:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2017 15:07:13 +0100 (CET) Subject: SUSE-SU-2017:3000-1: important: Security update for storm, storm-kit Message-ID: <20171113140713.A8B01FD06@maintenance.suse.de> SUSE Security Update: Security update for storm, storm-kit ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3000-1 Rating: important References: #1048688 #1059463 Cross-References: CVE-2017-9799 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for storm, storm-kit fixes the following issues: - Update storm to version 1.0.5 (bsc#1059463, CVE-2017-9799) - Update storm-kit to version 1.0.5 (bsc#1059463, CVE-2017-9799) - Initial package (bsc#1048688, fate#323204) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1854=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (x86_64): storm-1.0.5-5.3 storm-nimbus-1.0.5-5.3 storm-supervisor-1.0.5-5.3 References: https://www.suse.com/security/cve/CVE-2017-9799.html https://bugzilla.suse.com/1048688 https://bugzilla.suse.com/1059463 From sle-updates at lists.suse.com Mon Nov 13 07:07:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2017 15:07:13 +0100 (CET) Subject: SUSE-SU-2017:3000-1: important: Security update for storm, storm-kit Message-ID: <20171113140713.A8B01FD06@maintenance.suse.de> SUSE Security Update: Security update for storm, storm-kit ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3000-1 Rating: important References: #1048688 #1059463 Cross-References: CVE-2017-9799 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for storm, storm-kit fixes the following issues: - Update storm to version 1.0.5 (bsc#1059463, CVE-2017-9799) - Update storm-kit to version 1.0.5 (bsc#1059463, CVE-2017-9799) - Initial package (bsc#1048688, fate#323204) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1854=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (x86_64): storm-1.0.5-5.3 storm-nimbus-1.0.5-5.3 storm-supervisor-1.0.5-5.3 References: https://www.suse.com/security/cve/CVE-2017-9799.html https://bugzilla.suse.com/1048688 https://bugzilla.suse.com/1059463 From sle-updates at lists.suse.com Mon Nov 13 10:09:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2017 18:09:05 +0100 (CET) Subject: SUSE-RU-2017:3001-1: moderate: Initial release of fftw3 for HPC (v3.3.6, gcc, non-mpi/openmpi/mvapich2) Message-ID: <20171113170905.0BAB8FD03@maintenance.suse.de> SUSE Recommended Update: Initial release of fftw3 for HPC (v3.3.6, gcc, non-mpi/openmpi/mvapich2) ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3001-1 Rating: moderate References: #1066737 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update introduces fftw3 version 3.3.6 built for environment modules to the HPC Module. (FATE#321716). FFTW is a C subroutine library for computing the Discrete Fourier Transform (DFT) in one or more dimensions, of both real and complex data, and of arbitrary input size. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1857=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): fftw3-gnu-mvapich2-hpc-devel-3.3.6-6.6.1 fftw3-gnu-openmpi1-hpc-devel-3.3.6-6.6.1 fftw3_3_3_6-gnu-mvapich2-hpc-debugsource-3.3.6-6.6.1 fftw3_3_3_6-gnu-mvapich2-hpc-devel-3.3.6-6.6.1 fftw3_3_3_6-gnu-mvapich2-hpc-devel-debuginfo-3.3.6-6.6.1 fftw3_3_3_6-gnu-mvapich2-hpc-devel-static-3.3.6-6.6.1 fftw3_3_3_6-gnu-openmpi1-hpc-debugsource-3.3.6-6.6.1 fftw3_3_3_6-gnu-openmpi1-hpc-devel-3.3.6-6.6.1 fftw3_3_3_6-gnu-openmpi1-hpc-devel-debuginfo-3.3.6-6.6.1 fftw3_3_3_6-gnu-openmpi1-hpc-devel-static-3.3.6-6.6.1 libfftw3-gnu-mvapich2-hpc-3.3.6-6.6.1 libfftw3-gnu-openmpi1-hpc-3.3.6-6.6.1 libfftw3_3_3_6-gnu-mvapich2-hpc-3.3.6-6.6.1 libfftw3_3_3_6-gnu-mvapich2-hpc-debuginfo-3.3.6-6.6.1 libfftw3_3_3_6-gnu-openmpi1-hpc-3.3.6-6.6.1 libfftw3_3_3_6-gnu-openmpi1-hpc-debuginfo-3.3.6-6.6.1 - SUSE Linux Enterprise Module for HPC 12 (x86_64): fftw3-gnu-hpc-devel-3.3.6-6.6.1 fftw3_3_3_6-gnu-hpc-debugsource-3.3.6-6.6.1 fftw3_3_3_6-gnu-hpc-devel-3.3.6-6.6.1 fftw3_3_3_6-gnu-hpc-devel-debuginfo-3.3.6-6.6.1 fftw3_3_3_6-gnu-hpc-devel-static-3.3.6-6.6.1 libfftw3-gnu-hpc-3.3.6-6.6.1 libfftw3_3_3_6-gnu-hpc-3.3.6-6.6.1 libfftw3_3_3_6-gnu-hpc-debuginfo-3.3.6-6.6.1 References: https://bugzilla.suse.com/1066737 From sle-updates at lists.suse.com Mon Nov 13 10:09:32 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2017 18:09:32 +0100 (CET) Subject: SUSE-RU-2017:3002-1: moderate: Initial release of hdf5 for HPC (v1.10.1, gcc, non-mpi/openmpi/mvapich2) Message-ID: <20171113170932.69EFEFD05@maintenance.suse.de> SUSE Recommended Update: Initial release of hdf5 for HPC (v1.10.1, gcc, non-mpi/openmpi/mvapich2) ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3002-1 Rating: moderate References: #1066744 #1066746 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update introduces hdf5 version 1.10.1 built for environment modules to the HPC Module. This is supported for use without (FATE#321710) and with MPI (FATE#321717). HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF5. The HDF5 technology suite is designed to organize, store, discover, access, analyze, share, and preserve diverse, complex data in continuously evolving heterogeneous computing and storage environments. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1856=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): hdf5-1.10.1-3.8.1 hdf5-debuginfo-1.10.1-3.8.1 hdf5-debugsource-1.10.1-3.8.1 hdf5-devel-1.10.1-3.8.1 hdf5-devel-data-1.10.1-3.8.1 hdf5-devel-debuginfo-1.10.1-3.8.1 hdf5-devel-static-1.10.1-3.8.1 hdf5-examples-1.10.1-3.8.1 hdf5_1_10_1-gnu-hpc-1.10.1-3.8.1 hdf5_1_10_1-gnu-hpc-debuginfo-1.10.1-3.8.1 hdf5_1_10_1-gnu-hpc-debugsource-1.10.1-3.8.1 hdf5_1_10_1-gnu-hpc-devel-1.10.1-3.8.1 hdf5_1_10_1-gnu-hpc-devel-debuginfo-1.10.1-3.8.1 hdf5_1_10_1-gnu-hpc-devel-static-1.10.1-3.8.1 hdf5_1_10_1-gnu-mvapich2-hpc-1.10.1-3.8.1 hdf5_1_10_1-gnu-mvapich2-hpc-debuginfo-1.10.1-3.8.1 hdf5_1_10_1-gnu-mvapich2-hpc-debugsource-1.10.1-3.8.1 hdf5_1_10_1-gnu-mvapich2-hpc-devel-1.10.1-3.8.1 hdf5_1_10_1-gnu-mvapich2-hpc-devel-debuginfo-1.10.1-3.8.1 hdf5_1_10_1-gnu-mvapich2-hpc-devel-static-1.10.1-3.8.1 hdf5_1_10_1-gnu-openmpi1-hpc-1.10.1-3.8.1 hdf5_1_10_1-gnu-openmpi1-hpc-debuginfo-1.10.1-3.8.1 hdf5_1_10_1-gnu-openmpi1-hpc-debugsource-1.10.1-3.8.1 hdf5_1_10_1-gnu-openmpi1-hpc-devel-1.10.1-3.8.1 hdf5_1_10_1-gnu-openmpi1-hpc-devel-debuginfo-1.10.1-3.8.1 hdf5_1_10_1-gnu-openmpi1-hpc-devel-static-1.10.1-3.8.1 libhdf5-101-1.10.1-3.8.1 libhdf5-101-debuginfo-1.10.1-3.8.1 libhdf5-gnu-hpc-1.10.1-3.8.1 libhdf5-gnu-mvapich2-hpc-1.10.1-3.8.1 libhdf5-gnu-openmpi1-hpc-1.10.1-3.8.1 libhdf5_1_10_1-gnu-hpc-1.10.1-3.8.1 libhdf5_1_10_1-gnu-hpc-debuginfo-1.10.1-3.8.1 libhdf5_1_10_1-gnu-mvapich2-hpc-1.10.1-3.8.1 libhdf5_1_10_1-gnu-mvapich2-hpc-debuginfo-1.10.1-3.8.1 libhdf5_1_10_1-gnu-openmpi1-hpc-1.10.1-3.8.1 libhdf5_1_10_1-gnu-openmpi1-hpc-debuginfo-1.10.1-3.8.1 libhdf5_cpp-gnu-hpc-1.10.1-3.8.1 libhdf5_cpp101-1.10.1-3.8.1 libhdf5_cpp101-debuginfo-1.10.1-3.8.1 libhdf5_cpp_1_10_1-gnu-hpc-1.10.1-3.8.1 libhdf5_cpp_1_10_1-gnu-hpc-debuginfo-1.10.1-3.8.1 libhdf5_fortran-gnu-hpc-1.10.1-3.8.1 libhdf5_fortran-gnu-mvapich2-hpc-1.10.1-3.8.1 libhdf5_fortran-gnu-openmpi1-hpc-1.10.1-3.8.1 libhdf5_fortran100-1.10.1-3.8.1 libhdf5_fortran100-debuginfo-1.10.1-3.8.1 libhdf5_fortran_1_10_1-gnu-hpc-1.10.1-3.8.1 libhdf5_fortran_1_10_1-gnu-hpc-debuginfo-1.10.1-3.8.1 libhdf5_fortran_1_10_1-gnu-mvapich2-hpc-1.10.1-3.8.1 libhdf5_fortran_1_10_1-gnu-mvapich2-hpc-debuginfo-1.10.1-3.8.1 libhdf5_fortran_1_10_1-gnu-openmpi1-hpc-1.10.1-3.8.1 libhdf5_fortran_1_10_1-gnu-openmpi1-hpc-debuginfo-1.10.1-3.8.1 libhdf5_hl-gnu-hpc-1.10.1-3.8.1 libhdf5_hl-gnu-mvapich2-hpc-1.10.1-3.8.1 libhdf5_hl-gnu-openmpi1-hpc-1.10.1-3.8.1 libhdf5_hl100-1.10.1-3.8.1 libhdf5_hl100-debuginfo-1.10.1-3.8.1 libhdf5_hl_1_10_1-gnu-hpc-1.10.1-3.8.1 libhdf5_hl_1_10_1-gnu-hpc-debuginfo-1.10.1-3.8.1 libhdf5_hl_1_10_1-gnu-mvapich2-hpc-1.10.1-3.8.1 libhdf5_hl_1_10_1-gnu-mvapich2-hpc-debuginfo-1.10.1-3.8.1 libhdf5_hl_1_10_1-gnu-openmpi1-hpc-1.10.1-3.8.1 libhdf5_hl_1_10_1-gnu-openmpi1-hpc-debuginfo-1.10.1-3.8.1 libhdf5_hl_cpp-gnu-hpc-1.10.1-3.8.1 libhdf5_hl_cpp100-1.10.1-3.8.1 libhdf5_hl_cpp100-debuginfo-1.10.1-3.8.1 libhdf5_hl_cpp_1_10_1-gnu-hpc-1.10.1-3.8.1 libhdf5_hl_cpp_1_10_1-gnu-hpc-debuginfo-1.10.1-3.8.1 libhdf5_hl_fortran-gnu-hpc-1.10.1-3.8.1 libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.1-3.8.1 libhdf5_hl_fortran-gnu-openmpi1-hpc-1.10.1-3.8.1 libhdf5hl_fortran100-1.10.1-3.8.1 libhdf5hl_fortran100-debuginfo-1.10.1-3.8.1 libhdf5hl_fortran_1_10_1-gnu-hpc-1.10.1-3.8.1 libhdf5hl_fortran_1_10_1-gnu-hpc-debuginfo-1.10.1-3.8.1 libhdf5hl_fortran_1_10_1-gnu-mvapich2-hpc-1.10.1-3.8.1 libhdf5hl_fortran_1_10_1-gnu-mvapich2-hpc-debuginfo-1.10.1-3.8.1 libhdf5hl_fortran_1_10_1-gnu-openmpi1-hpc-1.10.1-3.8.1 libhdf5hl_fortran_1_10_1-gnu-openmpi1-hpc-debuginfo-1.10.1-3.8.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): hdf5-gnu-hpc-devel-1.10.1-3.8.1 hdf5-gnu-mvapich2-hpc-devel-1.10.1-3.8.1 hdf5-gnu-openmpi1-hpc-devel-1.10.1-3.8.1 hdf5_1_10_1-gnu-hpc-module-1.10.1-3.8.1 hdf5_1_10_1-gnu-mvapich2-hpc-module-1.10.1-3.8.1 hdf5_1_10_1-gnu-openmpi1-hpc-module-1.10.1-3.8.1 References: https://bugzilla.suse.com/1066744 https://bugzilla.suse.com/1066746 From sle-updates at lists.suse.com Mon Nov 13 10:10:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2017 18:10:04 +0100 (CET) Subject: SUSE-RU-2017:3003-1: moderate: Recommended update for mpiP Message-ID: <20171113171004.65F28FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for mpiP ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3003-1 Rating: moderate References: #1066741 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mpiP fixes the following issues: Enable the openmpi build for the HPC Module and include it in the Module. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1858=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): mpiP_3_4_1-gnu-mvapich2-hpc-3.4.1-4.1 mpiP_3_4_1-gnu-mvapich2-hpc-debuginfo-3.4.1-4.1 mpiP_3_4_1-gnu-mvapich2-hpc-debugsource-3.4.1-4.1 mpiP_3_4_1-gnu-mvapich2-hpc-devel-static-3.4.1-4.1 mpiP_3_4_1-gnu-mvapich2-hpc-doc-3.4.1-4.1 mpiP_3_4_1-gnu-openmpi1-hpc-3.4.1-4.1 mpiP_3_4_1-gnu-openmpi1-hpc-debuginfo-3.4.1-4.1 mpiP_3_4_1-gnu-openmpi1-hpc-debugsource-3.4.1-4.1 mpiP_3_4_1-gnu-openmpi1-hpc-devel-static-3.4.1-4.1 mpiP_3_4_1-gnu-openmpi1-hpc-doc-3.4.1-4.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): mpiP-gnu-mvapich2-hpc-3.4.1-4.1 mpiP-gnu-openmpi1-hpc-3.4.1-4.1 References: https://bugzilla.suse.com/1066741 From sle-updates at lists.suse.com Mon Nov 13 13:06:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2017 21:06:58 +0100 (CET) Subject: SUSE-RU-2017:3004-1: Recommended update for OpenStack Message-ID: <20171113200658.E5E80FD03@maintenance.suse.de> SUSE Recommended Update: Recommended update for OpenStack ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3004-1 Rating: low References: #1023507 #996527 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openstack-designate, -glance, -manila, -heat-templates, -horizon-manila-ui, python-novaclient and python-oslo.concurrency brings the latest version provided by the OpenStack upstream project and fixes several issues. openstack-designate: - Fix Liberty migrations schema to PostgreSQL. (bsc#996527) openstack-glance: - Restrict image_location metadata. (bsc#1023507) openstack-heat-templates: - Add splay option. - Enable the use of a non-standard module-path for ansible. - Allow ansible inventory to be configurable. openstack-manila: - Allow access to test VM floating IP. python-oslo.concurrency: - processutils: add support for missing process limits - Add prlimit parameter to execute() - Updated from global requirements Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1860=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (noarch): openstack-designate-1.0.3~a0~dev11-13.3.1 openstack-designate-agent-1.0.3~a0~dev11-13.3.1 openstack-designate-api-1.0.3~a0~dev11-13.3.1 openstack-designate-central-1.0.3~a0~dev11-13.3.1 openstack-designate-doc-1.0.3~a0~dev11-13.3.4 openstack-designate-sink-1.0.3~a0~dev11-13.3.1 openstack-glance-11.0.2~a0~dev19-14.3.1 openstack-glance-doc-11.0.2~a0~dev19-14.3.1 openstack-heat-templates-0.0.0+git.1493224211.6d2659b-4.3.1 openstack-horizon-plugin-manila-ui-1.2.1~a0~dev4-4.3.1 openstack-manila-1.0.2~a0~dev19-13.3.1 openstack-manila-api-1.0.2~a0~dev19-13.3.1 openstack-manila-doc-1.0.2~a0~dev19-13.3.6 openstack-manila-scheduler-1.0.2~a0~dev19-13.3.1 openstack-manila-share-1.0.2~a0~dev19-13.3.1 python-designate-1.0.3~a0~dev11-13.3.1 python-glance-11.0.2~a0~dev19-14.3.1 python-horizon-plugin-manila-ui-1.2.1~a0~dev4-4.3.1 python-manila-1.0.2~a0~dev19-13.3.1 python-novaclient-2.30.3-4.3.1 python-novaclient-doc-2.30.3-4.3.1 python-oslo.concurrency-2.6.1-2.3.1 References: https://bugzilla.suse.com/1023507 https://bugzilla.suse.com/996527 From sle-updates at lists.suse.com Mon Nov 13 13:07:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2017 21:07:36 +0100 (CET) Subject: SUSE-RU-2017:3005-1: Recommended update for rabbitmq-server Message-ID: <20171113200736.CD68DFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3005-1 Rating: low References: #1054243 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rabbitmq-server fixes the following issues: - Detect missing 'user' process. (bsc#1054243) - Synchronize rabbitmq-server OCF resource agents. - Add rabbitmq-server-ha OCF resource agent from upstream. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1862=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-1862=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): rabbitmq-server-3.4.4-5.3.1 rabbitmq-server-plugins-3.4.4-5.3.1 - SUSE Enterprise Storage 3 (aarch64 x86_64): rabbitmq-server-3.4.4-5.3.1 References: https://bugzilla.suse.com/1054243 From sle-updates at lists.suse.com Mon Nov 13 13:07:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2017 21:07:56 +0100 (CET) Subject: SUSE-RU-2017:3006-1: moderate: Recommended update for papi Message-ID: <20171113200756.6E66FFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for papi ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3006-1 Rating: moderate References: #1066733 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for papi fixes the following issues: - Add lua-lmod as dependency to HPC package. (FATE#321720). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1859=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpapi_5_5_1-hpc-5.5.1-9.6.1 libpapi_5_5_1-hpc-debuginfo-5.5.1-9.6.1 papi-hpc-devel-5.5.1-9.6.1 papi_5_5_1-hpc-5.5.1-9.6.1 papi_5_5_1-hpc-debuginfo-5.5.1-9.6.1 papi_5_5_1-hpc-debugsource-5.5.1-9.6.1 papi_5_5_1-hpc-devel-5.5.1-9.6.1 papi_5_5_1-hpc-devel-static-5.5.1-9.6.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): papi-hpc-5.5.1-9.6.1 References: https://bugzilla.suse.com/1066733 From sle-updates at lists.suse.com Mon Nov 13 13:08:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2017 21:08:19 +0100 (CET) Subject: SUSE-SU-2017:2872-2: important: Security update for MozillaFirefox, mozilla-nss Message-ID: <20171113200819.3B8C0FD05@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2872-2 Rating: important References: #1060445 #1061005 Cross-References: CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 (bsc#1060445) * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes * MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode * MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation * MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API * MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE * MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 * MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin * MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings Mozilla Network Security Services (Mozilla NSS) received a security fix: * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-firefox-201710-13330=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-firefox-201710-13330=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-firefox-201710-13330=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (x86_64): MozillaFirefox-devel-52.4.0esr-72.13.2 mozilla-nss-devel-3.29.5-47.6.1 - SUSE Linux Enterprise Server 11-SP4 (s390x): MozillaFirefox-52.4.0esr-72.13.2 MozillaFirefox-translations-52.4.0esr-72.13.2 libfreebl3-3.29.5-47.6.1 libfreebl3-32bit-3.29.5-47.6.1 libsoftokn3-3.29.5-47.6.1 libsoftokn3-32bit-3.29.5-47.6.1 mozilla-nss-3.29.5-47.6.1 mozilla-nss-32bit-3.29.5-47.6.1 mozilla-nss-tools-3.29.5-47.6.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): MozillaFirefox-52.4.0esr-72.13.2 MozillaFirefox-translations-52.4.0esr-72.13.2 libfreebl3-3.29.5-47.6.1 libfreebl3-32bit-3.29.5-47.6.1 libsoftokn3-3.29.5-47.6.1 libsoftokn3-32bit-3.29.5-47.6.1 mozilla-nss-3.29.5-47.6.1 mozilla-nss-32bit-3.29.5-47.6.1 mozilla-nss-tools-3.29.5-47.6.1 References: https://www.suse.com/security/cve/CVE-2017-7793.html https://www.suse.com/security/cve/CVE-2017-7805.html https://www.suse.com/security/cve/CVE-2017-7810.html https://www.suse.com/security/cve/CVE-2017-7814.html https://www.suse.com/security/cve/CVE-2017-7818.html https://www.suse.com/security/cve/CVE-2017-7819.html https://www.suse.com/security/cve/CVE-2017-7823.html https://www.suse.com/security/cve/CVE-2017-7824.html https://www.suse.com/security/cve/CVE-2017-7825.html https://bugzilla.suse.com/1060445 https://bugzilla.suse.com/1061005 From sle-updates at lists.suse.com Mon Nov 13 13:08:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2017 21:08:52 +0100 (CET) Subject: SUSE-RU-2017:3007-1: Recommended update for the Crowbar-stack Message-ID: <20171113200852.2F8B3FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for the Crowbar-stack ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3007-1 Rating: low References: #1024277 #1024279 #1030881 #1031065 #1032537 #1033917 #1035127 #1035215 #1035923 #1036601 #1037374 Affected Products: SUSE OpenStack Cloud 6 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for crowbar, -core, -ha -openstack and rubygem-crowbar-client brings the latest version provided by the OpenStack-upstream project and fixes the following issues: crowbar: - Trust PTF-repository key. - Fix admin node timezone detection. crowbar-core: - bind: Set transfer-source to avoid xfer failures. (bsc#1036601) - network: Use wicked to control bond slaves. (bsc#1035127) - network: Set MTU for VLAN parent interface. (bsc#1024279) - Unclaimed disks: Improve handling of multipath devices. (bsc#1031065) - network: Add support for xmit_hash_policy. (bsc#1033917) - network: Allow custom MTU for all networks. (bsc#1024277) crowbar-ha: - pacemaker: Use discovered BMC address. (bsc#1035215) crowbar-openstack: - Adjust neighbor table thresholds. (bsc#1035923) rubygem-crowbar-client: - Fix create proposal from file and data. (bsc#1037374) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1861=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-crowbar-client-3.5.0-10.3.1 - SUSE OpenStack Cloud 6 (noarch): crowbar-3.0+git.1497632705.a6a83970-24.3.1 crowbar-core-3.0+git.1507293627.567614779-21.3.2 crowbar-core-branding-upstream-3.0+git.1507293627.567614779-21.3.2 crowbar-devel-3.0+git.1497632705.a6a83970-24.3.1 crowbar-ha-3.0+git.1499431187.0afa16e-14.3.1 crowbar-openstack-3.0+git.1507108114.e23f7ee02-39.3.1 References: https://bugzilla.suse.com/1024277 https://bugzilla.suse.com/1024279 https://bugzilla.suse.com/1030881 https://bugzilla.suse.com/1031065 https://bugzilla.suse.com/1032537 https://bugzilla.suse.com/1033917 https://bugzilla.suse.com/1035127 https://bugzilla.suse.com/1035215 https://bugzilla.suse.com/1035923 https://bugzilla.suse.com/1036601 https://bugzilla.suse.com/1037374 From sle-updates at lists.suse.com Mon Nov 13 13:10:46 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Nov 2017 21:10:46 +0100 (CET) Subject: SUSE-RU-2017:3008-1: Recommended update for rubygem-chef Message-ID: <20171113201046.65246FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3008-1 Rating: low References: #1054081 Affected Products: SUSE OpenStack Cloud 6 SUSE Enterprise Storage 3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef fixes the following issues: - Allow symbol and string for fetching. (bsc#1054081) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1863=1 - SUSE Enterprise Storage 3: zypper in -t patch SUSE-Storage-3-2017-1863=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ruby2.1-rubygem-chef-10.32.2-14.3.1 rubygem-chef-10.32.2-14.3.1 - SUSE Enterprise Storage 3 (aarch64 x86_64): ruby2.1-rubygem-chef-10.32.2-14.3.1 rubygem-chef-10.32.2-14.3.1 References: https://bugzilla.suse.com/1054081 From sle-updates at lists.suse.com Tue Nov 14 04:09:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2017 12:09:29 +0100 (CET) Subject: SUSE-RU-2017:3009-1: moderate: Initial release of netcdf for HPC (v4.4.1.1, gcc, non-mpi/openmpi/mvapich2) Message-ID: <20171114110929.6D099FD03@maintenance.suse.de> SUSE Recommended Update: Initial release of netcdf for HPC (v4.4.1.1, gcc, non-mpi/openmpi/mvapich2) ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3009-1 Rating: moderate References: #1064705 #1066745 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update introduces netcdf version 4.4.1.1 built for environment modules to the HPC module. NetCDF is a set of software libraries and self-describing, machine-independent data formats that support the creation, access, and sharing of array-oriented scientific data. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1864=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libnetcdf-gnu-hpc-4.4.1.1-5.1 libnetcdf-gnu-mvapich2-hpc-4.4.1.1-5.1 libnetcdf-gnu-openmpi1-hpc-4.4.1.1-5.1 libnetcdf_4_4_1_1-gnu-hpc-4.4.1.1-5.1 libnetcdf_4_4_1_1-gnu-hpc-debuginfo-4.4.1.1-5.1 libnetcdf_4_4_1_1-gnu-mvapich2-hpc-4.4.1.1-5.1 libnetcdf_4_4_1_1-gnu-mvapich2-hpc-debuginfo-4.4.1.1-5.1 libnetcdf_4_4_1_1-gnu-openmpi1-hpc-4.4.1.1-5.1 libnetcdf_4_4_1_1-gnu-openmpi1-hpc-debuginfo-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-hpc-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-hpc-debuginfo-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-hpc-devel-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-hpc-devel-static-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-mvapich2-hpc-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-mvapich2-hpc-debuginfo-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-mvapich2-hpc-debugsource-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-mvapich2-hpc-devel-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-mvapich2-hpc-devel-static-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-openmpi1-hpc-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-openmpi1-hpc-debuginfo-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-openmpi1-hpc-devel-4.4.1.1-5.1 netcdf_4_4_1_1-gnu-openmpi1-hpc-devel-static-4.4.1.1-5.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): netcdf-gnu-hpc-4.4.1.1-5.1 netcdf-gnu-hpc-devel-4.4.1.1-5.1 netcdf-gnu-mvapich2-hpc-4.4.1.1-5.1 netcdf-gnu-mvapich2-hpc-devel-4.4.1.1-5.1 netcdf-gnu-openmpi1-hpc-4.4.1.1-5.1 netcdf-gnu-openmpi1-hpc-devel-4.4.1.1-5.1 References: https://bugzilla.suse.com/1064705 https://bugzilla.suse.com/1066745 From sle-updates at lists.suse.com Tue Nov 14 04:10:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2017 12:10:02 +0100 (CET) Subject: SUSE-RU-2017:3010-1: moderate: Initial release of python-numpy for HPC (v1.13.3, gcc) Message-ID: <20171114111002.B0923FD05@maintenance.suse.de> SUSE Recommended Update: Initial release of python-numpy for HPC (v1.13.3, gcc) ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3010-1 Rating: moderate References: #1053963 #1066748 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update introduces the NumPy packages version 1.13.3 built for environment modules to the HPC (module FATE#321709). NumPy is a general-purpose array-processing package for Python designed to manipulate large multi-dimensional arrays of arbitrary records. It also provides basic facilities for discrete fourier transform, basic linear algebra and random number generation. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1865=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): python-numpy_1_13_3-gnu-hpc-1.13.3-4.6.1 python-numpy_1_13_3-gnu-hpc-debuginfo-1.13.3-4.6.1 python-numpy_1_13_3-gnu-hpc-debugsource-1.13.3-4.6.1 python-numpy_1_13_3-gnu-hpc-devel-1.13.3-4.6.1 python2-numpy-gnu-hpc-1.13.3-4.6.1 python2-numpy-gnu-hpc-devel-1.13.3-4.6.1 python3-numpy-gnu-hpc-1.13.3-4.6.1 python3-numpy-gnu-hpc-devel-1.13.3-4.6.1 python3-numpy_1_13_3-gnu-hpc-1.13.3-4.6.1 python3-numpy_1_13_3-gnu-hpc-debuginfo-1.13.3-4.6.1 python3-numpy_1_13_3-gnu-hpc-devel-1.13.3-4.6.1 References: https://www.suse.com/security/cve/CVE-2017-12852.html https://bugzilla.suse.com/1053963 https://bugzilla.suse.com/1066748 From sle-updates at lists.suse.com Tue Nov 14 07:07:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2017 15:07:38 +0100 (CET) Subject: SUSE-RU-2017:3011-1: moderate: Initial release of scalapack for HPC (v2.0.2, gcc, openmpi/mvapich2) Message-ID: <20171114140738.7DBDFFD03@maintenance.suse.de> SUSE Recommended Update: Initial release of scalapack for HPC (v2.0.2, gcc, openmpi/mvapich2) ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3011-1 Rating: moderate References: #1066743 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update introduces the scalapack packages version 2.0.2 built for environment modules to the HPC Module. (FATE#321715). The ScaLAPACK (or Scalable LAPACK) library includes a subset of LAPACK routines redesigned for distributed memory MIMD parallel computers. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1866=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): blacs-devel-headers-2.0.2-2.5.1 libblacs2-gnu-mvapich2-hpc-2.0.2-2.5.1 libblacs2-gnu-mvapich2-hpc-devel-2.0.2-2.5.1 libblacs2-gnu-openmpi1-hpc-2.0.2-2.5.1 libblacs2-gnu-openmpi1-hpc-devel-2.0.2-2.5.1 libblacs2_2_0_2-gnu-mvapich2-hpc-2.0.2-2.5.1 libblacs2_2_0_2-gnu-mvapich2-hpc-debuginfo-2.0.2-2.5.1 libblacs2_2_0_2-gnu-mvapich2-hpc-devel-2.0.2-2.5.1 libblacs2_2_0_2-gnu-mvapich2-hpc-devel-static-2.0.2-2.5.1 libblacs2_2_0_2-gnu-openmpi1-hpc-2.0.2-2.5.1 libblacs2_2_0_2-gnu-openmpi1-hpc-debuginfo-2.0.2-2.5.1 libblacs2_2_0_2-gnu-openmpi1-hpc-devel-2.0.2-2.5.1 libblacs2_2_0_2-gnu-openmpi1-hpc-devel-static-2.0.2-2.5.1 libscalapack2-gnu-mvapich2-hpc-2.0.2-2.5.1 libscalapack2-gnu-mvapich2-hpc-devel-2.0.2-2.5.1 libscalapack2-gnu-openmpi1-hpc-2.0.2-2.5.1 libscalapack2-gnu-openmpi1-hpc-devel-2.0.2-2.5.1 libscalapack2_2_0_2-gnu-mvapich2-hpc-2.0.2-2.5.1 libscalapack2_2_0_2-gnu-mvapich2-hpc-debuginfo-2.0.2-2.5.1 libscalapack2_2_0_2-gnu-mvapich2-hpc-devel-2.0.2-2.5.1 libscalapack2_2_0_2-gnu-mvapich2-hpc-devel-static-2.0.2-2.5.1 libscalapack2_2_0_2-gnu-openmpi1-hpc-2.0.2-2.5.1 libscalapack2_2_0_2-gnu-openmpi1-hpc-debuginfo-2.0.2-2.5.1 libscalapack2_2_0_2-gnu-openmpi1-hpc-devel-2.0.2-2.5.1 libscalapack2_2_0_2-gnu-openmpi1-hpc-devel-static-2.0.2-2.5.1 scalapack_2_0_2-gnu-mvapich2-hpc-debugsource-2.0.2-2.5.1 scalapack_2_0_2-gnu-mvapich2-hpc-test-2.0.2-2.5.1 scalapack_2_0_2-gnu-mvapich2-hpc-test-debuginfo-2.0.2-2.5.1 scalapack_2_0_2-gnu-openmpi1-hpc-debugsource-2.0.2-2.5.1 scalapack_2_0_2-gnu-openmpi1-hpc-test-2.0.2-2.5.1 scalapack_2_0_2-gnu-openmpi1-hpc-test-debuginfo-2.0.2-2.5.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): scalapack_2_0_2-gnu-mvapich2-hpc-module-2.0.2-2.5.1 scalapack_2_0_2-gnu-openmpi1-hpc-module-2.0.2-2.5.1 References: https://bugzilla.suse.com/1066743 From sle-updates at lists.suse.com Tue Nov 14 10:08:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Nov 2017 18:08:58 +0100 (CET) Subject: SUSE-RU-2017:3012-1: moderate: Recommended update for deepsea Message-ID: <20171114170858.BD021FD03@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3012-1 Rating: moderate References: #1064223 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for deepsea to version 0.8 fixes the following issue: - ceph.stage.deploy zaps the partition table of encrypted OSD (bsc#1064223) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2017-1867=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 5 (noarch): deepsea-0.8+git.31.d2243db21-2.3.1 References: https://bugzilla.suse.com/1064223 From sle-updates at lists.suse.com Wed Nov 15 04:08:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2017 12:08:55 +0100 (CET) Subject: SUSE-RU-2017:3013-1: moderate: Initial release of netcdf-cxx4 (v4.3.0, gcc) and netcd-fortran (v4.4.4, gcc, openmpi/mvapich2) for HPC Message-ID: <20171115110855.5D825FD03@maintenance.suse.de> SUSE Recommended Update: Initial release of netcdf-cxx4 (v4.3.0, gcc) and netcd-fortran (v4.4.4, gcc, openmpi/mvapich2) for HPC ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3013-1 Rating: moderate References: #1066745 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update introduces netcdf-cxx4 version 4.3.0 and netcdf-fortran 4.4.4 built for environment modules to the HPC Module. (FATE#321719). NetCDF4 (network Common Data Form) is a set of software libraries and machine-independent data formats that support the creation, access, and sharing of array-oriented scientific data. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1868=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libnetcdf-cxx4-gnu-hpc-4.3.0-5.1 libnetcdf-cxx4-gnu-hpc-devel-4.3.0-5.1 libnetcdf-cxx4_4_3_0-gnu-hpc-4.3.0-5.1 libnetcdf-cxx4_4_3_0-gnu-hpc-debuginfo-4.3.0-5.1 libnetcdf-cxx4_4_3_0-gnu-hpc-devel-4.3.0-5.1 libnetcdf-cxx4_4_3_0-gnu-hpc-devel-static-4.3.0-5.1 libnetcdf-fortran-gnu-mvapich2-hpc-4.4.4-5.1 libnetcdf-fortran-gnu-openmpi1-hpc-4.4.4-5.1 libnetcdf-fortran_4_4_4-gnu-mvapich2-hpc-4.4.4-5.1 libnetcdf-fortran_4_4_4-gnu-mvapich2-hpc-debuginfo-4.4.4-5.1 libnetcdf-fortran_4_4_4-gnu-openmpi1-hpc-4.4.4-5.1 libnetcdf-fortran_4_4_4-gnu-openmpi1-hpc-debuginfo-4.4.4-5.1 netcdf-cxx4_4_3_0-gnu-hpc-debugsource-4.3.0-5.1 netcdf-fortran_4_4_4-gnu-mvapich2-hpc-4.4.4-5.1 netcdf-fortran_4_4_4-gnu-mvapich2-hpc-debugsource-4.4.4-5.1 netcdf-fortran_4_4_4-gnu-mvapich2-hpc-devel-4.4.4-5.1 netcdf-fortran_4_4_4-gnu-mvapich2-hpc-devel-static-4.4.4-5.1 netcdf-fortran_4_4_4-gnu-openmpi1-hpc-4.4.4-5.1 netcdf-fortran_4_4_4-gnu-openmpi1-hpc-debugsource-4.4.4-5.1 netcdf-fortran_4_4_4-gnu-openmpi1-hpc-devel-4.4.4-5.1 netcdf-fortran_4_4_4-gnu-openmpi1-hpc-devel-static-4.4.4-5.1 - SUSE Linux Enterprise Module for HPC 12 (noarch): netcdf-cxx4-gnu-hpc-tools-4.3.0-5.1 netcdf-cxx4_4_3_0-gnu-hpc-tools-4.3.0-5.1 netcdf-fortran-gnu-mvapich2-hpc-4.4.4-5.1 netcdf-fortran-gnu-mvapich2-hpc-devel-4.4.4-5.1 netcdf-fortran-gnu-openmpi1-hpc-4.4.4-5.1 netcdf-fortran-gnu-openmpi1-hpc-devel-4.4.4-5.1 References: https://bugzilla.suse.com/1066745 From sle-updates at lists.suse.com Wed Nov 15 04:09:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Nov 2017 12:09:21 +0100 (CET) Subject: SUSE-RU-2017:3014-1: moderate: Initial release of petsc for HPC (v3.7.6, gcc, openmpi/mvapich2) Message-ID: <20171115110921.393D4FD05@maintenance.suse.de> SUSE Recommended Update: Initial release of petsc for HPC (v3.7.6, gcc, openmpi/mvapich2) ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3014-1 Rating: moderate References: #1066747 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update introduces petsc version 3.7.6 built for environment modules to the HPC Module. (FATE#321718). PETSc is a suite of data structures and routines for the scalable (parallel) solution of scientific applications modeled by partial differential equations. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2017-1869=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpetsc-gnu-mvapich2-hpc-3.7.6-7.1 libpetsc-gnu-openmpi1-hpc-3.7.6-7.1 libpetsc_3_7_6-gnu-mvapich2-hpc-3.7.6-7.1 libpetsc_3_7_6-gnu-mvapich2-hpc-debuginfo-3.7.6-7.1 libpetsc_3_7_6-gnu-openmpi1-hpc-3.7.6-7.1 libpetsc_3_7_6-gnu-openmpi1-hpc-debuginfo-3.7.6-7.1 petsc-gnu-mvapich2-hpc-devel-3.7.6-7.1 petsc-gnu-openmpi1-hpc-devel-3.7.6-7.1 petsc_3_7_6-gnu-mvapich2-hpc-debugsource-3.7.6-7.1 petsc_3_7_6-gnu-mvapich2-hpc-devel-3.7.6-7.1 petsc_3_7_6-gnu-openmpi1-hpc-debugsource-3.7.6-7.1 petsc_3_7_6-gnu-openmpi1-hpc-devel-3.7.6-7.1 References: https://bugzilla.suse.com/1066747 From sle-updates at lists.suse.com Thu Nov 16 07:06:51 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2017 15:06:51 +0100 (CET) Subject: SUSE-SU-2017:2327-2: important: Security update for xen Message-ID: <20171116140651.699A4FD06@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2327-2 Rating: important References: #1002573 #1026236 #1027519 #1035231 #1046637 #1049578 #1051787 #1051788 #1051789 #1052686 #1055695 Cross-References: CVE-2017-10664 CVE-2017-11434 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 5 fixes is now available. Description: This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-12136: Race conditions with maptrack free list handling allows a malicious guest administrator to crash the host or escalate their privilege to that of the host (XSA-228, bsc#1051789). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230 bsc#1052686. These non-security issues were fixed: - bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after the save using xl stack - bsc#1035231: Migration of HVM domU did not use superpages on destination dom0 - bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1437=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): xen-4.9.0_11-3.9.1 xen-debugsource-4.9.0_11-3.9.1 xen-doc-html-4.9.0_11-3.9.1 xen-libs-32bit-4.9.0_11-3.9.1 xen-libs-4.9.0_11-3.9.1 xen-libs-debuginfo-32bit-4.9.0_11-3.9.1 xen-libs-debuginfo-4.9.0_11-3.9.1 xen-tools-4.9.0_11-3.9.1 xen-tools-debuginfo-4.9.0_11-3.9.1 xen-tools-domU-4.9.0_11-3.9.1 xen-tools-domU-debuginfo-4.9.0_11-3.9.1 References: https://www.suse.com/security/cve/CVE-2017-10664.html https://www.suse.com/security/cve/CVE-2017-11434.html https://www.suse.com/security/cve/CVE-2017-12135.html https://www.suse.com/security/cve/CVE-2017-12136.html https://www.suse.com/security/cve/CVE-2017-12137.html https://www.suse.com/security/cve/CVE-2017-12855.html https://bugzilla.suse.com/1002573 https://bugzilla.suse.com/1026236 https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1035231 https://bugzilla.suse.com/1046637 https://bugzilla.suse.com/1049578 https://bugzilla.suse.com/1051787 https://bugzilla.suse.com/1051788 https://bugzilla.suse.com/1051789 https://bugzilla.suse.com/1052686 https://bugzilla.suse.com/1055695 From sle-updates at lists.suse.com Thu Nov 16 07:08:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2017 15:08:55 +0100 (CET) Subject: SUSE-SU-2017:2871-2: important: Security update for wget Message-ID: <20171116140855.B2FFAFD06@maintenance.suse.de> SUSE Security Update: Security update for wget ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:2871-2 Rating: important References: #1064715 #1064716 Cross-References: CVE-2017-13089 CVE-2017-13090 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wget fixes the following security issues: - CVE-2017-13089,CVE-2017-13090: Missing checks for negative remaining_chunk_size in skip_short_body and fd_read_body could cause stack buffer overflows, which could have been exploited by malicious servers. (bsc#1064715,bsc#1064716) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1794=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1794=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1794=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1794=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1794=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1794=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1794=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1794=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): wget-1.14-21.3.1 wget-debuginfo-1.14-21.3.1 wget-debugsource-1.14-21.3.1 References: https://www.suse.com/security/cve/CVE-2017-13089.html https://www.suse.com/security/cve/CVE-2017-13090.html https://bugzilla.suse.com/1064715 https://bugzilla.suse.com/1064716 From sle-updates at lists.suse.com Thu Nov 16 10:08:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2017 18:08:39 +0100 (CET) Subject: SUSE-RU-2017:3024-1: moderate: Recommended update for kubernetes-salt Message-ID: <20171116170839.8A629FD06@maintenance.suse.de> SUSE Recommended Update: Recommended update for kubernetes-salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3024-1 Rating: moderate References: #1066653 Affected Products: SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kubernetes-salt fixes the following issues: - Disable container-feeder before rebooting (bsc#1066653) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1871=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Container as a Service Platform ALL (noarch): kubernetes-salt-2.0.0+git_r465_ae0f1dc-23.3.1 References: https://bugzilla.suse.com/1066653 From sle-updates at lists.suse.com Thu Nov 16 10:09:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2017 18:09:12 +0100 (CET) Subject: SUSE-SU-2017:3025-1: moderate: Security update for xorg-x11-server Message-ID: <20171116170912.0CCA3FD05@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3025-1 Rating: moderate References: #1025084 #1051150 #1063034 #1063035 #1063037 #1063038 #1063039 #1063040 #1063041 Cross-References: CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 CVE-2017-13723 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for xorg-x11-server provides several fixes. These security issues were fixed: - CVE-2017-13723: Prevent local DoS via unusual characters in XkbAtomText and XkbStringText (bsc#1051150). - Improve the entropy when generating random data used in X.org server authorization cookies generation by using getentropy() and getrandom() when available (bsc#1025084) - CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed unvalidated lengths in multiple extensions (bsc#1063034) - CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES extension. (bsc#1063035) - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions (bsc#1063037) - CVE-2017-12179: Fixed an integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer in Xi (bsc#1063038) - CVE-2017-12178: Fixed a wrong extra length check in ProcXIChangeHierarchy in Xi (bsc#1063039) - CVE-2017-12177: Fixed an unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040) - CVE-2017-12176: Fixed an unvalidated extra length in ProcEstablishConnection (bsc#1063041) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-xorg-x11-server-13345=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-xorg-x11-server-13345=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-server-13345=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-sdk-7.4-27.122.16.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.16.1 xorg-x11-server-7.4-27.122.16.1 xorg-x11-server-extra-7.4-27.122.16.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.16.1 xorg-x11-server-debugsource-7.4-27.122.16.1 References: https://www.suse.com/security/cve/CVE-2017-12176.html https://www.suse.com/security/cve/CVE-2017-12177.html https://www.suse.com/security/cve/CVE-2017-12178.html https://www.suse.com/security/cve/CVE-2017-12179.html https://www.suse.com/security/cve/CVE-2017-12180.html https://www.suse.com/security/cve/CVE-2017-12181.html https://www.suse.com/security/cve/CVE-2017-12182.html https://www.suse.com/security/cve/CVE-2017-12183.html https://www.suse.com/security/cve/CVE-2017-12184.html https://www.suse.com/security/cve/CVE-2017-12185.html https://www.suse.com/security/cve/CVE-2017-12186.html https://www.suse.com/security/cve/CVE-2017-12187.html https://www.suse.com/security/cve/CVE-2017-13723.html https://bugzilla.suse.com/1025084 https://bugzilla.suse.com/1051150 https://bugzilla.suse.com/1063034 https://bugzilla.suse.com/1063035 https://bugzilla.suse.com/1063037 https://bugzilla.suse.com/1063038 https://bugzilla.suse.com/1063039 https://bugzilla.suse.com/1063040 https://bugzilla.suse.com/1063041 From sle-updates at lists.suse.com Thu Nov 16 13:09:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Nov 2017 21:09:24 +0100 (CET) Subject: SUSE-RU-2017:3026-1: important: Recommended update for qemu Message-ID: <20171116200924.C4617FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for qemu ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3026-1 Rating: important References: #1043176 #1067824 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for qemu fixes the following issues: - The fix for bsc#1043176 introduced a regression for scsi disk reads. (bsc#1067824) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1872=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1872=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1872=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): qemu-2.6.2-41.25.1 qemu-arm-2.6.2-41.25.1 qemu-arm-debuginfo-2.6.2-41.25.1 qemu-block-curl-2.6.2-41.25.1 qemu-block-curl-debuginfo-2.6.2-41.25.1 qemu-block-rbd-2.6.2-41.25.1 qemu-block-rbd-debuginfo-2.6.2-41.25.1 qemu-block-ssh-2.6.2-41.25.1 qemu-block-ssh-debuginfo-2.6.2-41.25.1 qemu-debugsource-2.6.2-41.25.1 qemu-guest-agent-2.6.2-41.25.1 qemu-guest-agent-debuginfo-2.6.2-41.25.1 qemu-lang-2.6.2-41.25.1 qemu-tools-2.6.2-41.25.1 qemu-tools-debuginfo-2.6.2-41.25.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): qemu-ipxe-1.0.0-41.25.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): qemu-2.6.2-41.25.1 qemu-block-curl-2.6.2-41.25.1 qemu-block-curl-debuginfo-2.6.2-41.25.1 qemu-block-ssh-2.6.2-41.25.1 qemu-block-ssh-debuginfo-2.6.2-41.25.1 qemu-debugsource-2.6.2-41.25.1 qemu-guest-agent-2.6.2-41.25.1 qemu-guest-agent-debuginfo-2.6.2-41.25.1 qemu-lang-2.6.2-41.25.1 qemu-tools-2.6.2-41.25.1 qemu-tools-debuginfo-2.6.2-41.25.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 x86_64): qemu-block-rbd-2.6.2-41.25.1 qemu-block-rbd-debuginfo-2.6.2-41.25.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): qemu-kvm-2.6.2-41.25.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64): qemu-arm-2.6.2-41.25.1 qemu-arm-debuginfo-2.6.2-41.25.1 - SUSE Linux Enterprise Server 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.25.1 qemu-ppc-debuginfo-2.6.2-41.25.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): qemu-x86-2.6.2-41.25.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): qemu-ipxe-1.0.0-41.25.1 qemu-seabios-1.9.1-41.25.1 qemu-sgabios-8-41.25.1 qemu-vgabios-1.9.1-41.25.1 - SUSE Linux Enterprise Server 12-SP2 (s390x): qemu-s390-2.6.2-41.25.1 qemu-s390-debuginfo-2.6.2-41.25.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): qemu-2.6.2-41.25.1 qemu-block-curl-2.6.2-41.25.1 qemu-block-curl-debuginfo-2.6.2-41.25.1 qemu-debugsource-2.6.2-41.25.1 qemu-kvm-2.6.2-41.25.1 qemu-tools-2.6.2-41.25.1 qemu-tools-debuginfo-2.6.2-41.25.1 qemu-x86-2.6.2-41.25.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): qemu-ipxe-1.0.0-41.25.1 qemu-seabios-1.9.1-41.25.1 qemu-sgabios-8-41.25.1 qemu-vgabios-1.9.1-41.25.1 References: https://bugzilla.suse.com/1043176 https://bugzilla.suse.com/1067824 From sle-updates at lists.suse.com Fri Nov 17 10:07:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Nov 2017 18:07:29 +0100 (CET) Subject: SUSE-SU-2017:3029-1: moderate: Security update for ansible and monasca-installer Message-ID: <20171117170729.8BB4EFCD2@maintenance.suse.de> SUSE Security Update: Security update for ansible and monasca-installer ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3029-1 Rating: moderate References: #1019021 #1038785 #1056094 Cross-References: CVE-2016-9587 CVE-2017-7466 CVE-2017-7481 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ansible provides version 2.2.3.0 and fixes the following security issues: - CVE-2017-7481: Data for lookup plugins used as variables was not being marked as "unsafe" and could lead to unintentional disclosure of information. (bsc#1038785) - CVE-2016-9587: Prevent compromised host to execute commands on the controller (bsc#1019021). - CVE-2017-7466: Prevent arbitrary code execution on control nodes. For more information about the upstream bugs fixed, please see /usr/share/doc/packages/ansible/CHANGELOG.md Additionally, monasca-installer received several compatibility fixes for ansible. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1793=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): ansible-2.2.3.0-5.1 monasca-installer-20170912_10.45-5.1 References: https://www.suse.com/security/cve/CVE-2016-9587.html https://www.suse.com/security/cve/CVE-2017-7466.html https://www.suse.com/security/cve/CVE-2017-7481.html https://bugzilla.suse.com/1019021 https://bugzilla.suse.com/1038785 https://bugzilla.suse.com/1056094 From sle-updates at lists.suse.com Wed Nov 22 07:07:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 15:07:22 +0100 (CET) Subject: SUSE-RU-2017:3038-1: Recommended update for gnome-desktop Message-ID: <20171122140722.82319FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-desktop ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3038-1 Rating: low References: #1029083 #1056289 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnome-desktop provides the following fixes: - Switch new user's default input engine from "anthy" to "mozc" with Japanese language and ibus input framework. (bsc#1029083, bsc#1056289) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1875=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1875=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1875=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1875=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1875=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1875=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1875=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-desktop-debugsource-3.20.2-14.3.1 libgnome-desktop-3-devel-3.20.2-14.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-desktop-debugsource-3.20.2-14.3.1 libgnome-desktop-3-devel-3.20.2-14.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gnome-desktop-debugsource-3.20.2-14.3.1 gnome-version-3.20.2-14.3.1 libgnome-desktop-3-12-3.20.2-14.3.1 libgnome-desktop-3-12-debuginfo-3.20.2-14.3.1 libgnome-desktop-3_0-common-3.20.2-14.3.1 libgnome-desktop-3_0-common-debuginfo-3.20.2-14.3.1 typelib-1_0-GnomeDesktop-3_0-3.20.2-14.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): gnome-desktop-lang-3.20.2-14.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gnome-desktop-debugsource-3.20.2-14.3.1 gnome-version-3.20.2-14.3.1 libgnome-desktop-3-12-3.20.2-14.3.1 libgnome-desktop-3-12-debuginfo-3.20.2-14.3.1 libgnome-desktop-3_0-common-3.20.2-14.3.1 libgnome-desktop-3_0-common-debuginfo-3.20.2-14.3.1 typelib-1_0-GnomeDesktop-3_0-3.20.2-14.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libgnome-desktop-3-12-32bit-3.20.2-14.3.1 libgnome-desktop-3-12-debuginfo-32bit-3.20.2-14.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): gnome-desktop-lang-3.20.2-14.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): gnome-desktop-debugsource-3.20.2-14.3.1 gnome-version-3.20.2-14.3.1 libgnome-desktop-3-12-3.20.2-14.3.1 libgnome-desktop-3-12-debuginfo-3.20.2-14.3.1 libgnome-desktop-3_0-common-3.20.2-14.3.1 libgnome-desktop-3_0-common-debuginfo-3.20.2-14.3.1 typelib-1_0-GnomeDesktop-3_0-3.20.2-14.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): gnome-desktop-lang-3.20.2-14.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gnome-desktop-lang-3.20.2-14.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gnome-desktop-debugsource-3.20.2-14.3.1 gnome-version-3.20.2-14.3.1 libgnome-desktop-3-12-3.20.2-14.3.1 libgnome-desktop-3-12-debuginfo-3.20.2-14.3.1 libgnome-desktop-3_0-common-3.20.2-14.3.1 libgnome-desktop-3_0-common-debuginfo-3.20.2-14.3.1 typelib-1_0-GnomeDesktop-3_0-3.20.2-14.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gnome-desktop-debugsource-3.20.2-14.3.1 gnome-version-3.20.2-14.3.1 libgnome-desktop-3-12-3.20.2-14.3.1 libgnome-desktop-3-12-debuginfo-3.20.2-14.3.1 libgnome-desktop-3_0-common-3.20.2-14.3.1 libgnome-desktop-3_0-common-debuginfo-3.20.2-14.3.1 typelib-1_0-GnomeDesktop-3_0-3.20.2-14.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gnome-desktop-lang-3.20.2-14.3.1 References: https://bugzilla.suse.com/1029083 https://bugzilla.suse.com/1056289 From sle-updates at lists.suse.com Wed Nov 22 07:08:02 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 15:08:02 +0100 (CET) Subject: SUSE-SU-2017:3039-1: important: Security update for tomcat Message-ID: <20171122140802.54D1BFD03@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3039-1 Rating: important References: #1019016 #1042910 #1053352 #1059554 #977410 Cross-References: CVE-2017-12617 CVE-2017-5664 CVE-2017-7674 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for tomcat fixes the following issues: Security issues fixed: - CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910). - CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352) - CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554) Non security bugs fixed: - Fix tomcat-digest classpath error (bsc#977410) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1874=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1874=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1874=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): tomcat-8.0.43-29.5.1 tomcat-admin-webapps-8.0.43-29.5.1 tomcat-docs-webapp-8.0.43-29.5.1 tomcat-el-3_0-api-8.0.43-29.5.1 tomcat-javadoc-8.0.43-29.5.1 tomcat-jsp-2_3-api-8.0.43-29.5.1 tomcat-lib-8.0.43-29.5.1 tomcat-servlet-3_1-api-8.0.43-29.5.1 tomcat-webapps-8.0.43-29.5.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): tomcat-8.0.43-29.5.1 tomcat-admin-webapps-8.0.43-29.5.1 tomcat-docs-webapp-8.0.43-29.5.1 tomcat-el-3_0-api-8.0.43-29.5.1 tomcat-javadoc-8.0.43-29.5.1 tomcat-jsp-2_3-api-8.0.43-29.5.1 tomcat-lib-8.0.43-29.5.1 tomcat-servlet-3_1-api-8.0.43-29.5.1 tomcat-webapps-8.0.43-29.5.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): tomcat-8.0.43-29.5.1 tomcat-admin-webapps-8.0.43-29.5.1 tomcat-docs-webapp-8.0.43-29.5.1 tomcat-el-3_0-api-8.0.43-29.5.1 tomcat-javadoc-8.0.43-29.5.1 tomcat-jsp-2_3-api-8.0.43-29.5.1 tomcat-lib-8.0.43-29.5.1 tomcat-servlet-3_1-api-8.0.43-29.5.1 tomcat-webapps-8.0.43-29.5.1 References: https://www.suse.com/security/cve/CVE-2017-12617.html https://www.suse.com/security/cve/CVE-2017-5664.html https://www.suse.com/security/cve/CVE-2017-7674.html https://bugzilla.suse.com/1019016 https://bugzilla.suse.com/1042910 https://bugzilla.suse.com/1053352 https://bugzilla.suse.com/1059554 https://bugzilla.suse.com/977410 From sle-updates at lists.suse.com Wed Nov 22 07:08:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 15:08:56 +0100 (CET) Subject: SUSE-RU-2017:3040-1: Recommended update for hawk2 Message-ID: <20171122140856.87164FD03@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3040-1 Rating: low References: #1037430 #1046820 #1053456 #1056483 #1059492 #1059662 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for hawk2 provides the following fixes: - When generating SSL certificates, make sure the commonName is not too long, fixing it when necessary (bsc#1046820) - Fix a problem when parsing the IP resource that could cause Hawk to grant a ticket to the wrong site. (bsc#1059492) - Don't offset a failure's time by 10 minutes when showing the notification. (bsc#1056483) - Make it possible to revoke locally granted tickets. (bsc#1059662) - Fix a problem that was causing Hawk to add one new attribute per character when entering a name for an Utilization Attribute of a node. (bsc#1053456) - Remove some strange characters showing up in the dashboard when hovering for information. (bsc#1037430) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1876=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): hawk2-2.1.0+git.1505978564.e8d29bb3-2.5.5 hawk2-debuginfo-2.1.0+git.1505978564.e8d29bb3-2.5.5 hawk2-debugsource-2.1.0+git.1505978564.e8d29bb3-2.5.5 References: https://bugzilla.suse.com/1037430 https://bugzilla.suse.com/1046820 https://bugzilla.suse.com/1053456 https://bugzilla.suse.com/1056483 https://bugzilla.suse.com/1059492 https://bugzilla.suse.com/1059662 From sle-updates at lists.suse.com Wed Nov 22 07:09:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 15:09:57 +0100 (CET) Subject: SUSE-RU-2017:3041-1: moderate: Recommended update for yast2-network Message-ID: <20171122140957.0FF12FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3041-1 Rating: moderate References: #1037727 #1039656 #1047615 #1047929 #1052042 #1054400 #1054933 #1056633 #1058396 #1067172 Affected Products: SUSE Linux Enterprise Server for SAP Installer 12-SP3 SUSE Linux Enterprise Server Installer 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop Installer 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has 10 recommended fixes can now be installed. Description: This update for yast2-network fixes the following issues: - AutoYaST: Do not display a warning about disabled second stage when the hostname setting is read out of profile. (bsc#1054400) - Do not clear /etc/hosts when installing virtual host. (bsc#1039656) - Fix device name recognition during AutoYaST installation. (bsc#1037727) - Fix crash during write if Host.Read and Host.Import are called together. (bsc#1047929) - Fix a crash when /etc/hosts does not exist. (bsc#1047615) - When installing via autoyast, do not blank out /etc/hosts when no host section is defined. (bsc#1058396) - If there is a global DHCLIENT_SET_HOSTNAME option set, use it to determine whether the hostname should be set by DHCP, use the control file default otherwise. (bsc#1054933) - Do not override the hostname configuration in /etc/sysconfig/network/dhcp with the default defined in the control file if the user has disabled the option. (bsc#1056633) - Properly update canonical name and aliases in /etc/hosts when FQDN is provided as a hostname. (bsc#1052042) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP Installer 12-SP3: zypper in -t patch SUSE-SLE-SAP-INSTALLER-12-SP3-2017-1879=1 - SUSE Linux Enterprise Server Installer 12-SP3: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP3-2017-1879=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1879=1 - SUSE Linux Enterprise Desktop Installer 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-INSTALLER-12-SP3-2017-1879=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1879=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP Installer 12-SP3 (noarch): yast2-network-3.2.44-2.20.1 - SUSE Linux Enterprise Server Installer 12-SP3 (noarch): yast2-network-3.2.44-2.20.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): yast2-network-3.2.44-2.20.1 - SUSE Linux Enterprise Desktop Installer 12-SP3 (noarch): yast2-network-3.2.44-2.20.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): yast2-network-3.2.44-2.20.1 References: https://bugzilla.suse.com/1037727 https://bugzilla.suse.com/1039656 https://bugzilla.suse.com/1047615 https://bugzilla.suse.com/1047929 https://bugzilla.suse.com/1052042 https://bugzilla.suse.com/1054400 https://bugzilla.suse.com/1054933 https://bugzilla.suse.com/1056633 https://bugzilla.suse.com/1058396 https://bugzilla.suse.com/1067172 From sle-updates at lists.suse.com Wed Nov 22 07:11:38 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 15:11:38 +0100 (CET) Subject: SUSE-RU-2017:3042-1: moderate: Recommended update for openattic Message-ID: <20171122141138.99E66FD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for openattic ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3042-1 Rating: moderate References: #1062212 #1063048 #1063742 #1064448 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for openATTIC fixes the following issues: - Update to upstream version 3.5.3 - See CHANGELOG for detailed changes - Creating an openATTIC user fails (bsc#1063048) - Updating the openattic RPM to a newer version mangles the configuration file /etc/sysconfig/openattic (bsc#1063742) - When updating from 2.0, the Grafana dashboard is missing from oA (bsc#1064448) - openattic AttributeError: 'module' object has no attribute 'SystemD' (bsc#1062212) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2017-1880=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 5 (noarch): openattic-3.5.3-2.3.2 openattic-debugsource-3.5.3-2.3.2 References: https://bugzilla.suse.com/1062212 https://bugzilla.suse.com/1063048 https://bugzilla.suse.com/1063742 https://bugzilla.suse.com/1064448 From sle-updates at lists.suse.com Wed Nov 22 07:12:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 15:12:27 +0100 (CET) Subject: SUSE-RU-2017:3043-1: Recommended update for cpupower Message-ID: <20171122141227.4176DFD03@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpupower ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3043-1 Rating: low References: #1048546 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cpupower provides the following fix: - Decode MSR_IA32_MISC_ENABLE only on Intel machines to prevent turbostat errors on AMD Opteron boxes. (bsc#1048546) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1878=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1878=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1878=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1878=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): cpupower-debuginfo-4.6-14.3.1 cpupower-debugsource-4.6-14.3.1 cpupower-devel-4.6-14.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): cpupower-4.6-14.3.1 cpupower-debuginfo-4.6-14.3.1 cpupower-debugsource-4.6-14.3.1 libcpupower0-4.6-14.3.1 libcpupower0-debuginfo-4.6-14.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): cpupower-4.6-14.3.1 cpupower-debuginfo-4.6-14.3.1 cpupower-debugsource-4.6-14.3.1 libcpupower0-4.6-14.3.1 libcpupower0-debuginfo-4.6-14.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): cpupower-4.6-14.3.1 cpupower-debuginfo-4.6-14.3.1 cpupower-debugsource-4.6-14.3.1 libcpupower0-4.6-14.3.1 libcpupower0-debuginfo-4.6-14.3.1 References: https://bugzilla.suse.com/1048546 From sle-updates at lists.suse.com Wed Nov 22 07:12:53 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 15:12:53 +0100 (CET) Subject: SUSE-RU-2017:3044-1: Recommended update for cpupower Message-ID: <20171122141253.08F58FD03@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpupower ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3044-1 Rating: low References: #1048546 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cpupower provides the following fix: - Decode MSR_IA32_MISC_ENABLE only on Intel machines to prevent turbostat errors on AMD Opteron boxes. (bsc#1048546) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1877=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1877=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1877=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): cpupower-debuginfo-4.10-3.3.1 cpupower-debugsource-4.10-3.3.1 cpupower-devel-4.10-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cpupower-4.10-3.3.1 cpupower-debuginfo-4.10-3.3.1 cpupower-debugsource-4.10-3.3.1 libcpupower0-4.10-3.3.1 libcpupower0-debuginfo-4.10-3.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cpupower-4.10-3.3.1 cpupower-debuginfo-4.10-3.3.1 cpupower-debugsource-4.10-3.3.1 libcpupower0-4.10-3.3.1 libcpupower0-debuginfo-4.10-3.3.1 References: https://bugzilla.suse.com/1048546 From sle-updates at lists.suse.com Wed Nov 22 13:08:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 21:08:08 +0100 (CET) Subject: SUSE-RU-2017:3045-1: moderate: Recommended update for ceph Message-ID: <20171122200808.02F9DFD05@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3045-1 Rating: moderate References: #1061461 #1066182 #1066502 #1067088 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for ceph fixes the following issues: - fix for OSDs generating coredumps when adding a new OSD node to the cluster (bsc#1061461) - Container synchronization between two Ceph clusters failed (bsc#1066182) - After upgrading a single OSD from SES 4 to SES 5 the OSDs do not rejoin the cluster (bsc#1066502) - Upgrade to SES5 restarted all nodes, majority of OSDs aborts during start (bsc#1067088) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2017-1885=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-base-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-base-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-common-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-common-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-debugsource-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-fuse-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-fuse-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-mds-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-mds-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-mgr-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-mgr-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-mon-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-mon-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-osd-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-osd-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-radosgw-12.2.1+git.1510221942.af9ea5e715-2.5.1 ceph-radosgw-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 libcephfs2-12.2.1+git.1510221942.af9ea5e715-2.5.1 libcephfs2-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 librados2-12.2.1+git.1510221942.af9ea5e715-2.5.1 librados2-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 libradosstriper1-12.2.1+git.1510221942.af9ea5e715-2.5.1 libradosstriper1-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 librbd1-12.2.1+git.1510221942.af9ea5e715-2.5.1 librbd1-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 librgw2-12.2.1+git.1510221942.af9ea5e715-2.5.1 librgw2-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 python-ceph-compat-12.2.1+git.1510221942.af9ea5e715-2.5.1 python-cephfs-12.2.1+git.1510221942.af9ea5e715-2.5.1 python-cephfs-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 python-rados-12.2.1+git.1510221942.af9ea5e715-2.5.1 python-rados-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 python-rbd-12.2.1+git.1510221942.af9ea5e715-2.5.1 python-rbd-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 python-rgw-12.2.1+git.1510221942.af9ea5e715-2.5.1 python-rgw-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 python3-ceph-argparse-12.2.1+git.1510221942.af9ea5e715-2.5.1 python3-cephfs-12.2.1+git.1510221942.af9ea5e715-2.5.1 python3-cephfs-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 python3-rados-12.2.1+git.1510221942.af9ea5e715-2.5.1 python3-rados-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 python3-rbd-12.2.1+git.1510221942.af9ea5e715-2.5.1 python3-rbd-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 python3-rgw-12.2.1+git.1510221942.af9ea5e715-2.5.1 python3-rgw-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 rbd-fuse-12.2.1+git.1510221942.af9ea5e715-2.5.1 rbd-fuse-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 rbd-mirror-12.2.1+git.1510221942.af9ea5e715-2.5.1 rbd-mirror-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 rbd-nbd-12.2.1+git.1510221942.af9ea5e715-2.5.1 rbd-nbd-debuginfo-12.2.1+git.1510221942.af9ea5e715-2.5.1 References: https://bugzilla.suse.com/1061461 https://bugzilla.suse.com/1066182 https://bugzilla.suse.com/1066502 https://bugzilla.suse.com/1067088 From sle-updates at lists.suse.com Wed Nov 22 13:09:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 21:09:16 +0100 (CET) Subject: SUSE-RU-2017:3046-1: Recommended update for timezone Message-ID: <20171122200916.15F29FD03@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3046-1 Rating: low References: #1064571 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2017c) for your system, including following changes: - Northern Cyprus switches from +03 to +02/+03 on 2017-10-29 - Fiji ends DST 2018-01-14, not 2018-01-21 - Namibia switches from +01/+02 to +02 on 2018-04-01 - Sudan switches from +03 to +02 on 2017-11-01 - Tonga likely switches from +13/+14 to +13 on 2017-11-05 - Turks and Caicos switches from -04 to -05/-04 on 2018-11-04 - Corrections to past DST transitions - Move oversized Canada/East-Saskatchewan to 'backward' file - zic(8) and the reference runtime now reject multiple leap seconds within 28 days of each other, or leap seconds before the Epoch. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1882=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1882=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1882=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1882=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1882=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1882=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1882=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1882=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1882=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1882=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1882=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): timezone-2017c-74.3.1 timezone-debuginfo-2017c-74.3.1 timezone-debugsource-2017c-74.3.1 - SUSE OpenStack Cloud 6 (noarch): timezone-java-2017c-0.74.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): timezone-2017c-74.3.1 timezone-debuginfo-2017c-74.3.1 timezone-debugsource-2017c-74.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): timezone-java-2017c-0.74.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): timezone-2017c-74.3.1 timezone-debuginfo-2017c-74.3.1 timezone-debugsource-2017c-74.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): timezone-java-2017c-0.74.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): timezone-2017c-74.3.1 timezone-debuginfo-2017c-74.3.1 timezone-debugsource-2017c-74.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): timezone-java-2017c-0.74.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): timezone-2017c-74.3.1 timezone-debuginfo-2017c-74.3.1 timezone-debugsource-2017c-74.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): timezone-java-2017c-0.74.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): timezone-2017c-74.3.1 timezone-debuginfo-2017c-74.3.1 timezone-debugsource-2017c-74.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): timezone-java-2017c-0.74.3.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): timezone-2017c-74.3.1 timezone-debuginfo-2017c-74.3.1 timezone-debugsource-2017c-74.3.1 - SUSE Linux Enterprise Server 12-LTSS (noarch): timezone-java-2017c-0.74.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): timezone-java-2017c-0.74.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): timezone-2017c-74.3.1 timezone-debuginfo-2017c-74.3.1 timezone-debugsource-2017c-74.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): timezone-2017c-74.3.1 timezone-debuginfo-2017c-74.3.1 timezone-debugsource-2017c-74.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): timezone-java-2017c-0.74.3.1 - SUSE Container as a Service Platform ALL (x86_64): timezone-2017c-74.3.1 timezone-debuginfo-2017c-74.3.1 timezone-debugsource-2017c-74.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): timezone-2017c-74.3.1 timezone-debuginfo-2017c-74.3.1 timezone-debugsource-2017c-74.3.1 References: https://bugzilla.suse.com/1064571 From sle-updates at lists.suse.com Wed Nov 22 13:09:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 21:09:47 +0100 (CET) Subject: SUSE-SU-2017:3047-1: moderate: Security update for xorg-x11-server Message-ID: <20171122200947.64BE0FD03@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3047-1 Rating: moderate References: #1022727 #1051150 #1052984 #1061107 #1063034 #1063035 #1063037 #1063038 #1063039 #1063040 #1063041 Cross-References: CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 CVE-2017-13721 CVE-2017-13723 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for xorg-x11-server fixes several issues. These security issues were fixed: - CVE-2017-13721: Missing validation of shmseg resource id in Xext/XShm could lead to shared memory segments of other users beeing freed (bnc#1052984) - CVE-2017-13723: A local denial of service via unusual characters in XkbAtomText and XkbStringText was fixed (bnc#1051150) - CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed unvalidated lengths in multiple extensions (bsc#1063034) - CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES extension. (bsc#1063035) - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions (bsc#1063037) - CVE-2017-12179: Fixed an integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer in Xi (bsc#1063038) - CVE-2017-12178: Fixed a wrong extra length check in ProcXIChangeHierarchy in Xi (bsc#1063039) - CVE-2017-12177: Fixed an unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040) - CVE-2017-12176: Fixed an unvalidated extra length in ProcEstablishConnection (bsc#1063041) These non-security issues were fixed: - Make colormap/gamma glue code work with the RandR extension disabled. This prevents it from crashing and showing wrong colors. (bsc#1061107) - Recognize ssh as a remote client to fix launching applications remotely when using DRI3. (bsc#1022727) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1884=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1884=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1884=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1884=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1884=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1884=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1884=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.18.3-76.15.2 xorg-x11-server-debugsource-7.6_1.18.3-76.15.2 xorg-x11-server-sdk-7.6_1.18.3-76.15.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-7.6_1.18.3-76.15.2 xorg-x11-server-debugsource-7.6_1.18.3-76.15.2 xorg-x11-server-sdk-7.6_1.18.3-76.15.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): xorg-x11-server-7.6_1.18.3-76.15.2 xorg-x11-server-debuginfo-7.6_1.18.3-76.15.2 xorg-x11-server-debugsource-7.6_1.18.3-76.15.2 xorg-x11-server-extra-7.6_1.18.3-76.15.2 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.15.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.15.2 xorg-x11-server-debuginfo-7.6_1.18.3-76.15.2 xorg-x11-server-debugsource-7.6_1.18.3-76.15.2 xorg-x11-server-extra-7.6_1.18.3-76.15.2 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.15.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.15.2 xorg-x11-server-debuginfo-7.6_1.18.3-76.15.2 xorg-x11-server-debugsource-7.6_1.18.3-76.15.2 xorg-x11-server-extra-7.6_1.18.3-76.15.2 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.15.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xorg-x11-server-7.6_1.18.3-76.15.2 xorg-x11-server-debuginfo-7.6_1.18.3-76.15.2 xorg-x11-server-debugsource-7.6_1.18.3-76.15.2 xorg-x11-server-extra-7.6_1.18.3-76.15.2 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.15.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): xorg-x11-server-7.6_1.18.3-76.15.2 xorg-x11-server-debuginfo-7.6_1.18.3-76.15.2 xorg-x11-server-debugsource-7.6_1.18.3-76.15.2 xorg-x11-server-extra-7.6_1.18.3-76.15.2 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.15.2 References: https://www.suse.com/security/cve/CVE-2017-12176.html https://www.suse.com/security/cve/CVE-2017-12177.html https://www.suse.com/security/cve/CVE-2017-12178.html https://www.suse.com/security/cve/CVE-2017-12179.html https://www.suse.com/security/cve/CVE-2017-12180.html https://www.suse.com/security/cve/CVE-2017-12181.html https://www.suse.com/security/cve/CVE-2017-12182.html https://www.suse.com/security/cve/CVE-2017-12183.html https://www.suse.com/security/cve/CVE-2017-12184.html https://www.suse.com/security/cve/CVE-2017-12185.html https://www.suse.com/security/cve/CVE-2017-12186.html https://www.suse.com/security/cve/CVE-2017-12187.html https://www.suse.com/security/cve/CVE-2017-13721.html https://www.suse.com/security/cve/CVE-2017-13723.html https://bugzilla.suse.com/1022727 https://bugzilla.suse.com/1051150 https://bugzilla.suse.com/1052984 https://bugzilla.suse.com/1061107 https://bugzilla.suse.com/1063034 https://bugzilla.suse.com/1063035 https://bugzilla.suse.com/1063037 https://bugzilla.suse.com/1063038 https://bugzilla.suse.com/1063039 https://bugzilla.suse.com/1063040 https://bugzilla.suse.com/1063041 From sle-updates at lists.suse.com Wed Nov 22 13:11:33 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 21:11:33 +0100 (CET) Subject: SUSE-SU-2017:3048-1: moderate: Security update for file Message-ID: <20171122201133.8DAABFCD2@maintenance.suse.de> SUSE Security Update: Security update for file ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3048-1 Rating: moderate References: #1009966 #1063269 #910252 #910253 #913650 #913651 #917152 #996511 Cross-References: CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: The GNU file utility was updated to version 5.22. Security issues fixed: - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 * add indirect relative for TIFF/Exif * restructure elf note printing to avoid repeated messages * add note limit, suggested by Alexander Cherepanov * Bail out on partial pread()'s (Alexander Cherepanov) * Fix incorrect bounds check in file_printable (Alexander Cherepanov) * PR/405: ignore SIGPIPE from uncompress programs * change printable -> file_printable and use it in more places for safety * in ELF, instead of "(uses dynamic libraries)" when PT_INTERP is present print the interpreter name. Version update to file version 5.21 * there was an incorrect free in magic_load_buffers() * there was an out of bounds read for some pascal strings * there was a memory leak in magic lists * don't interpret strings printed from files using the current locale, convert them to ascii format first. * there was an out of bounds read in elf note reads Update to file version 5.20 * recognize encrypted CDF documents * add magic_load_buffers from Brooks Davis * add thumbs.db support Additional non-security bug fixes: * Fixed a memory corruption during rpmbuild (bsc#1063269) * Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) * file command throws "Composite Document File V2 Document, corrupt: Can't read SSAT" error against excel 97/2003 file format. (bsc#1009966) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1881=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1881=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1881=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1881=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1881=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1881=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1881=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1881=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1881=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): file-debuginfo-5.22-10.3.1 file-debugsource-5.22-10.3.1 file-devel-5.22-10.3.1 python-magic-5.22-10.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): file-debuginfo-5.22-10.3.1 file-debugsource-5.22-10.3.1 file-devel-5.22-10.3.1 python-magic-5.22-10.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): file-5.22-10.3.1 file-debuginfo-5.22-10.3.1 file-debugsource-5.22-10.3.1 file-magic-5.22-10.3.1 libmagic1-5.22-10.3.1 libmagic1-debuginfo-5.22-10.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): file-5.22-10.3.1 file-debuginfo-5.22-10.3.1 file-debugsource-5.22-10.3.1 file-magic-5.22-10.3.1 libmagic1-5.22-10.3.1 libmagic1-debuginfo-5.22-10.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libmagic1-32bit-5.22-10.3.1 libmagic1-debuginfo-32bit-5.22-10.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): file-5.22-10.3.1 file-debuginfo-5.22-10.3.1 file-debugsource-5.22-10.3.1 file-magic-5.22-10.3.1 libmagic1-5.22-10.3.1 libmagic1-debuginfo-5.22-10.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libmagic1-32bit-5.22-10.3.1 libmagic1-debuginfo-32bit-5.22-10.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): file-5.22-10.3.1 file-debuginfo-5.22-10.3.1 file-debugsource-5.22-10.3.1 file-magic-5.22-10.3.1 libmagic1-32bit-5.22-10.3.1 libmagic1-5.22-10.3.1 libmagic1-debuginfo-32bit-5.22-10.3.1 libmagic1-debuginfo-5.22-10.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): file-5.22-10.3.1 file-debuginfo-5.22-10.3.1 file-debugsource-5.22-10.3.1 file-magic-5.22-10.3.1 libmagic1-32bit-5.22-10.3.1 libmagic1-5.22-10.3.1 libmagic1-debuginfo-32bit-5.22-10.3.1 libmagic1-debuginfo-5.22-10.3.1 - SUSE Container as a Service Platform ALL (x86_64): file-5.22-10.3.1 file-debuginfo-5.22-10.3.1 file-debugsource-5.22-10.3.1 file-magic-5.22-10.3.1 libmagic1-5.22-10.3.1 libmagic1-debuginfo-5.22-10.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): file-5.22-10.3.1 file-debuginfo-5.22-10.3.1 file-debugsource-5.22-10.3.1 file-magic-5.22-10.3.1 libmagic1-5.22-10.3.1 libmagic1-debuginfo-5.22-10.3.1 References: https://www.suse.com/security/cve/CVE-2014-8116.html https://www.suse.com/security/cve/CVE-2014-8117.html https://www.suse.com/security/cve/CVE-2014-9620.html https://www.suse.com/security/cve/CVE-2014-9621.html https://www.suse.com/security/cve/CVE-2014-9653.html https://bugzilla.suse.com/1009966 https://bugzilla.suse.com/1063269 https://bugzilla.suse.com/910252 https://bugzilla.suse.com/910253 https://bugzilla.suse.com/913650 https://bugzilla.suse.com/913651 https://bugzilla.suse.com/917152 https://bugzilla.suse.com/996511 From sle-updates at lists.suse.com Wed Nov 22 13:12:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Nov 2017 21:12:59 +0100 (CET) Subject: SUSE-RU-2017:3049-1: Recommended update for timezone Message-ID: <20171122201259.584F5FD03@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3049-1 Rating: low References: #1064571 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the latest timezone information (2017c) for your system, including following changes: - Northern Cyprus switches from +03 to +02/+03 on 2017-10-29 - Fiji ends DST 2018-01-14, not 2018-01-21 - Namibia switches from +01/+02 to +02 on 2018-04-01 - Sudan switches from +03 to +02 on 2017-11-01 - Tonga likely switches from +13/+14 to +13 on 2017-11-05 - Turks and Caicos switches from -04 to -05/-04 on 2018-11-04 - Corrections to past DST transitions - Move oversized Canada/East-Saskatchewan to 'backward' file - zic(8) and the reference runtime now reject multiple leap seconds within 28 days of each other, or leap seconds before the Epoch. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-timezone-13346=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-timezone-13346=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-timezone-13346=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-timezone-13346=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-timezone-13346=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-timezone-13346=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch): timezone-java-2017c-0.52.3.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-2017c-0.52.3.1 - SUSE Linux Enterprise Server 11-SP4 (noarch): timezone-java-2017c-0.52.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): timezone-2017c-0.52.3.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (noarch): timezone-java-2017c-0.52.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): timezone-java-2017c-0.52.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): timezone-2017c-0.52.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): timezone-debuginfo-2017c-0.52.3.1 timezone-debugsource-2017c-0.52.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): timezone-debuginfo-2017c-0.52.3.1 timezone-debugsource-2017c-0.52.3.1 References: https://bugzilla.suse.com/1064571 From sle-updates at lists.suse.com Thu Nov 23 13:07:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2017 21:07:08 +0100 (CET) Subject: SUSE-RU-2017:3055-1: moderate: Recommended update for sle-module-public-cloud-release Message-ID: <20171123200708.D99D1FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-public-cloud-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3055-1 Rating: moderate References: #1067849 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Containers was erroneous reported End of Life. This update corrects the Lifetime to Oct. 31st 2024. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1891=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): sle-module-public-cloud-release-12-7.3.1 References: https://bugzilla.suse.com/1067849 From sle-updates at lists.suse.com Thu Nov 23 13:07:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2017 21:07:36 +0100 (CET) Subject: SUSE-SU-2017:3056-1: moderate: Security update for GraphicsMagick Message-ID: <20171123200736.213CAFD06@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3056-1 Rating: moderate References: #1050135 #1054596 #1054598 #1055042 #1055050 #1055430 #1061873 Cross-References: CVE-2017-11534 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13139 CVE-2017-15033 Affected Products: SUSE Studio Onsite 1.3 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for GraphicsMagick fixes the following issues: - CVE-2017-15033: A denial of service attack (memory leak) in ReadYUVImage in coders/yuv.c was fixed (bsc#1061873) - CVE-2017-13063: A heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c was fixed (bsc#1055050) - CVE-2017-13064: A heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c was fixed (bsc#1055042) - CVE-2017-12936: The ReadWMFImage function in coders/wmf.c in GraphicsMagick had a use-after-free issue for data associated with exception reporting. (bsc#1054598) - CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk. (bsc#1055430) - CVE-2017-12937: The ReadSUNImage function in coders/sun.c in GraphicsMagick had a colormap heap-based buffer over-read. (bsc#1054596) - CVE-2017-11534: A Memory Leak in the lite_font_map() function in coders/wmf.c was fixed (bsc#1050135) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Studio Onsite 1.3: zypper in -t patch slestso13-GraphicsMagick-13347=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-GraphicsMagick-13347=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-GraphicsMagick-13347=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Studio Onsite 1.3 (x86_64): GraphicsMagick-1.2.5-4.78.16.1 libGraphicsMagick2-1.2.5-4.78.16.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-1.2.5-4.78.16.1 libGraphicsMagick2-1.2.5-4.78.16.1 perl-GraphicsMagick-1.2.5-4.78.16.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): GraphicsMagick-debuginfo-1.2.5-4.78.16.1 GraphicsMagick-debugsource-1.2.5-4.78.16.1 References: https://www.suse.com/security/cve/CVE-2017-11534.html https://www.suse.com/security/cve/CVE-2017-12936.html https://www.suse.com/security/cve/CVE-2017-12937.html https://www.suse.com/security/cve/CVE-2017-13063.html https://www.suse.com/security/cve/CVE-2017-13064.html https://www.suse.com/security/cve/CVE-2017-13139.html https://www.suse.com/security/cve/CVE-2017-15033.html https://bugzilla.suse.com/1050135 https://bugzilla.suse.com/1054596 https://bugzilla.suse.com/1054598 https://bugzilla.suse.com/1055042 https://bugzilla.suse.com/1055050 https://bugzilla.suse.com/1055430 https://bugzilla.suse.com/1061873 From sle-updates at lists.suse.com Thu Nov 23 13:08:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2017 21:08:54 +0100 (CET) Subject: SUSE-RU-2017:3058-1: moderate: Recommended update for sle-module-adv-systems-management-release Message-ID: <20171123200854.D4DE7FD06@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-adv-systems-management-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3058-1 Rating: moderate References: #1067849 Affected Products: SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Advanced Systems Management module was erroneous reported End of Life. This update corrects the Lifetime to Oct. 31st 2024. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-1892=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): sle-module-adv-systems-management-release-12-4.3.1 References: https://bugzilla.suse.com/1067849 From sle-updates at lists.suse.com Thu Nov 23 13:09:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2017 21:09:19 +0100 (CET) Subject: SUSE-SU-2017:3059-1: important: Security update for tomcat Message-ID: <20171123200919.ED371FD06@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3059-1 Rating: important References: #1042910 #1053352 #1059551 #1059554 #977410 Cross-References: CVE-2017-12615 CVE-2017-12616 CVE-2017-12617 CVE-2017-5664 CVE-2017-7674 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: Apache Tomcat was updated to 7.0.82 adding features, fixing bugs and security issues. This is another bugfix release, for full details see: https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Fixed security issues: - CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910). - CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352) - CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554) - CVE-2017-12616: An information disclosure when using VirtualDirContext was fixed (bsc#1059551) - CVE-2017-12615: A Remote Code Execution via JSP Upload was fixed (bsc#1059554) Non-security issues fixed: - Fix tomcat-digest classpath error (bsc#977410) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1889=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (noarch): tomcat-7.0.82-7.16.1 tomcat-admin-webapps-7.0.82-7.16.1 tomcat-docs-webapp-7.0.82-7.16.1 tomcat-el-2_2-api-7.0.82-7.16.1 tomcat-javadoc-7.0.82-7.16.1 tomcat-jsp-2_2-api-7.0.82-7.16.1 tomcat-lib-7.0.82-7.16.1 tomcat-servlet-3_0-api-7.0.82-7.16.1 tomcat-webapps-7.0.82-7.16.1 References: https://www.suse.com/security/cve/CVE-2017-12615.html https://www.suse.com/security/cve/CVE-2017-12616.html https://www.suse.com/security/cve/CVE-2017-12617.html https://www.suse.com/security/cve/CVE-2017-5664.html https://www.suse.com/security/cve/CVE-2017-7674.html https://bugzilla.suse.com/1042910 https://bugzilla.suse.com/1053352 https://bugzilla.suse.com/1059551 https://bugzilla.suse.com/1059554 https://bugzilla.suse.com/977410 From sle-updates at lists.suse.com Thu Nov 23 13:10:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2017 21:10:16 +0100 (CET) Subject: SUSE-SU-2017:3060-1: moderate: Security update for mxml Message-ID: <20171123201016.1A017FD06@maintenance.suse.de> SUSE Security Update: Security update for mxml ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3060-1 Rating: moderate References: #979205 #979206 Cross-References: CVE-2016-4570 CVE-2016-4571 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mxml fixes the following issues: Security issues fixed: - CVE-2016-4570, CVE-2016-4571: stack exhaustion parsing xml files using mxml (bsc#979205, bsc#979206) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-mxml-13348=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mxml-13348=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): libmxml1-2.5-24.3.1 mxml-2.5-24.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): mxml-debuginfo-2.5-24.3.1 mxml-debugsource-2.5-24.3.1 References: https://www.suse.com/security/cve/CVE-2016-4570.html https://www.suse.com/security/cve/CVE-2016-4571.html https://bugzilla.suse.com/979205 https://bugzilla.suse.com/979206 From sle-updates at lists.suse.com Thu Nov 23 13:10:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2017 21:10:56 +0100 (CET) Subject: SUSE-RU-2017:3061-1: moderate: Recommended update for sle-module-web-scripting-release Message-ID: <20171123201056.6D4C4FD06@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-web-scripting-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3061-1 Rating: moderate References: #1067849 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Web and Scripting module was erroneous reported End of Life. This update corrects the Lifetime to Oct. 31st 2024. Additionally, the End of Life date of the Web and Scripting Module has been dropped from the lifecycle-data package. The date is already documented in the release-package of the module. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-1893=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): lifecycle-data-sle-module-web-scripting-1-7.3.1 sle-module-web-scripting-release-12-10.3.1 References: https://bugzilla.suse.com/1067849 From sle-updates at lists.suse.com Thu Nov 23 13:11:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2017 21:11:27 +0100 (CET) Subject: SUSE-SU-2017:3062-1: moderate: Security update for gimp Message-ID: <20171123201127.E9AECFD06@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3062-1 Rating: moderate References: #1050469 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for gimp fixes the following issues: - Don't build gimp with webkit1 support, as it is no longer maintained and has plenty of security bugs. This disables the GIMP's built-in help browser; it will use an external browser when configured this way. This works around a number of security vulnerabilities in Webkit1. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1887=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1887=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1887=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1887=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1887=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1887=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): gimp-lang-2.8.18-9.3.26 - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): gimp-2.8.18-9.3.26 gimp-debuginfo-2.8.18-9.3.26 gimp-debugsource-2.8.18-9.3.26 gimp-plugins-python-2.8.18-9.3.26 gimp-plugins-python-debuginfo-2.8.18-9.3.26 libgimp-2_0-0-2.8.18-9.3.26 libgimp-2_0-0-debuginfo-2.8.18-9.3.26 libgimpui-2_0-0-2.8.18-9.3.26 libgimpui-2_0-0-debuginfo-2.8.18-9.3.26 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): gimp-2.8.18-9.3.26 gimp-debuginfo-2.8.18-9.3.26 gimp-debugsource-2.8.18-9.3.26 gimp-plugins-python-2.8.18-9.3.26 gimp-plugins-python-debuginfo-2.8.18-9.3.26 libgimp-2_0-0-2.8.18-9.3.26 libgimp-2_0-0-debuginfo-2.8.18-9.3.26 libgimpui-2_0-0-2.8.18-9.3.26 libgimpui-2_0-0-debuginfo-2.8.18-9.3.26 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): gimp-lang-2.8.18-9.3.26 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): gimp-debuginfo-2.8.18-9.3.26 gimp-debugsource-2.8.18-9.3.26 gimp-devel-2.8.18-9.3.26 gimp-devel-debuginfo-2.8.18-9.3.26 libgimp-2_0-0-2.8.18-9.3.26 libgimp-2_0-0-debuginfo-2.8.18-9.3.26 libgimpui-2_0-0-2.8.18-9.3.26 libgimpui-2_0-0-debuginfo-2.8.18-9.3.26 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): gimp-debuginfo-2.8.18-9.3.26 gimp-debugsource-2.8.18-9.3.26 gimp-devel-2.8.18-9.3.26 gimp-devel-debuginfo-2.8.18-9.3.26 libgimp-2_0-0-2.8.18-9.3.26 libgimp-2_0-0-debuginfo-2.8.18-9.3.26 libgimpui-2_0-0-2.8.18-9.3.26 libgimpui-2_0-0-debuginfo-2.8.18-9.3.26 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gimp-2.8.18-9.3.26 gimp-debuginfo-2.8.18-9.3.26 gimp-debugsource-2.8.18-9.3.26 gimp-plugins-python-2.8.18-9.3.26 gimp-plugins-python-debuginfo-2.8.18-9.3.26 libgimp-2_0-0-2.8.18-9.3.26 libgimp-2_0-0-debuginfo-2.8.18-9.3.26 libgimpui-2_0-0-2.8.18-9.3.26 libgimpui-2_0-0-debuginfo-2.8.18-9.3.26 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): gimp-lang-2.8.18-9.3.26 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gimp-2.8.18-9.3.26 gimp-debuginfo-2.8.18-9.3.26 gimp-debugsource-2.8.18-9.3.26 gimp-plugins-python-2.8.18-9.3.26 gimp-plugins-python-debuginfo-2.8.18-9.3.26 libgimp-2_0-0-2.8.18-9.3.26 libgimp-2_0-0-debuginfo-2.8.18-9.3.26 libgimpui-2_0-0-2.8.18-9.3.26 libgimpui-2_0-0-debuginfo-2.8.18-9.3.26 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): gimp-lang-2.8.18-9.3.26 References: https://bugzilla.suse.com/1050469 From sle-updates at lists.suse.com Thu Nov 23 13:11:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Nov 2017 21:11:56 +0100 (CET) Subject: SUSE-RU-2017:3063-1: Recommended update for lifecycle-data-sle-module-legacy Message-ID: <20171123201156.3B0EBFD06@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-legacy ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3063-1 Rating: low References: #1067849 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update drops the End of Life date of the Legacy Module from the lifecycle-data package. The date is already documented in the release-package of the module. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2017-1890=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): lifecycle-data-sle-module-legacy-1-5.3.1 References: https://bugzilla.suse.com/1067849 From sle-updates at lists.suse.com Fri Nov 24 10:09:17 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 18:09:17 +0100 (CET) Subject: SUSE-RU-2017:3073-1: Recommended update for sle-module-containers-release Message-ID: <20171124170917.62C96FCF3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-containers-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3073-1 Rating: low References: #1067849 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update corrects the End of Life date for the Containers module. The correct date is June 30th 2019. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1898=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): sle-module-containers-release-12-6.6.1 References: https://bugzilla.suse.com/1067849 From sle-updates at lists.suse.com Fri Nov 24 10:09:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 18:09:47 +0100 (CET) Subject: SUSE-SU-2017:3074-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) Message-ID: <20171124170947.D2C17FCE5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3074-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.82-6_9 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) Non security issues fixed: - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2017-1899=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_9-default-2-2.1 kgraft-patch-4_4_82-6_9-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Fri Nov 24 10:10:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 18:10:40 +0100 (CET) Subject: SUSE-RU-2017:3075-1: moderate: Recommended update for crash Message-ID: <20171124171040.1C317FCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3075-1 Rating: moderate References: #1053915 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides the crash KMP rebuilt against the latest kernel update released for SUSE Linux Enterprise Server 12 SP3. This fixes an unresolvable symbol issue that made the module unloadable on the s390x architecture. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1897=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1897=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): crash-debuginfo-7.1.8-4.3.1 crash-debugsource-7.1.8-4.3.1 crash-devel-7.1.8-4.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): crash-7.1.8-4.3.1 crash-debuginfo-7.1.8-4.3.1 crash-debugsource-7.1.8-4.3.1 crash-kmp-default-7.1.8_k4.4.92_6.18-4.3.1 crash-kmp-default-debuginfo-7.1.8_k4.4.92_6.18-4.3.1 References: https://bugzilla.suse.com/1053915 From sle-updates at lists.suse.com Fri Nov 24 10:11:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 18:11:11 +0100 (CET) Subject: SUSE-SU-2017:3076-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) Message-ID: <20171124171111.A9F5AFCE5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3076-1 Rating: important References: #1059677 #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for the Linux Kernel 4.4.82-6_6 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Non security issues fixed: - A bug in xfs was fixed: "xfs can't mount - Torn write (CRC failure) detected" (bsc#1059677) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2017-1900=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (x86_64): kgraft-patch-4_4_82-6_6-default-2-2.1 kgraft-patch-4_4_82-6_6-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1059677 https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Fri Nov 24 10:12:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 18:12:07 +0100 (CET) Subject: SUSE-RU-2017:3077-1: Recommended update for empathy Message-ID: <20171124171207.E6CD6FCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for empathy ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3077-1 Rating: low References: #1050469 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP3 SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for empathy fixes the following issues: - Empathy ported to webkit2gtk3 (bgo#749001). Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP3: zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1896=1 - SUSE Linux Enterprise Workstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1896=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1896=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1896=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP3 (x86_64): empathy-3.12.13-8.3.28 empathy-debuginfo-3.12.13-8.3.28 empathy-debugsource-3.12.13-8.3.28 telepathy-mission-control-plugin-goa-3.12.13-8.3.28 telepathy-mission-control-plugin-goa-debuginfo-3.12.13-8.3.28 - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch): empathy-lang-3.12.13-8.3.28 - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): empathy-3.12.13-8.3.28 empathy-debuginfo-3.12.13-8.3.28 empathy-debugsource-3.12.13-8.3.28 telepathy-mission-control-plugin-goa-3.12.13-8.3.28 telepathy-mission-control-plugin-goa-debuginfo-3.12.13-8.3.28 - SUSE Linux Enterprise Workstation Extension 12-SP2 (noarch): empathy-lang-3.12.13-8.3.28 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): empathy-lang-3.12.13-8.3.28 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): empathy-3.12.13-8.3.28 empathy-debuginfo-3.12.13-8.3.28 empathy-debugsource-3.12.13-8.3.28 telepathy-mission-control-plugin-goa-3.12.13-8.3.28 telepathy-mission-control-plugin-goa-debuginfo-3.12.13-8.3.28 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): empathy-3.12.13-8.3.28 empathy-debuginfo-3.12.13-8.3.28 empathy-debugsource-3.12.13-8.3.28 telepathy-mission-control-plugin-goa-3.12.13-8.3.28 telepathy-mission-control-plugin-goa-debuginfo-3.12.13-8.3.28 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): empathy-lang-3.12.13-8.3.28 References: https://bugzilla.suse.com/1050469 From sle-updates at lists.suse.com Fri Nov 24 13:07:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:07:27 +0100 (CET) Subject: SUSE-SU-2017:3078-1: moderate: Security update for liblouis Message-ID: <20171124200727.C34B5FCF3@maintenance.suse.de> SUSE Security Update: Security update for liblouis ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3078-1 Rating: moderate References: #1062458 #1067336 Cross-References: CVE-2014-8184 CVE-2017-15101 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for liblouis fixes the following issues: Security issues fixed: - CVE-2017-15101: Buffer overflow in findTable (bsc#1067336). - CVE-2014-8184: stack-based buffer overflow in findTable() (bsc#1062458). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-liblouis-13350=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-liblouis-13350=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): liblouis-1.7.0-1.3.6.1 liblouis0-1.7.0-1.3.6.1 python-louis-1.7.0-1.3.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): liblouis-debuginfo-1.7.0-1.3.6.1 liblouis-debugsource-1.7.0-1.3.6.1 References: https://www.suse.com/security/cve/CVE-2014-8184.html https://www.suse.com/security/cve/CVE-2017-15101.html https://bugzilla.suse.com/1062458 https://bugzilla.suse.com/1067336 From sle-updates at lists.suse.com Fri Nov 24 13:08:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:08:01 +0100 (CET) Subject: SUSE-RU-2017:3079-1: moderate: Recommended update for python-ceilometermiddleware, python-keystoneclient, python-novaclient, python-oslo.rootwrap Message-ID: <20171124200801.9B278FCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-ceilometermiddleware, python-keystoneclient, python-novaclient, python-oslo.rootwrap ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3079-1 Rating: moderate References: #1064838 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-ceilometermiddleware, python-keystoneclient, python-novaclient, python-oslo.rootwrap fixes the following issues: - python-ceilometermiddleware: + Gate fix: cap oslo.messaging + retrieve project id to ignore from keystone - python-keystoneclient: + Fix response body being omitted in debug mode incorrectly + Only log application/json content type + Do not log binary data during request + X-Serivce-Token should be hashed in the log + Revert "Add auth functional tests" + Update .gitreview for stable/newton - python-novaclient: + Fix aggregate_update name and availability_zone clash + fix formatting of release note + Correct copy/paste errors in help + Use upper-constraints when running tox + Update UPPER_CONSTRAINTS_FILE for stable/newton + Make "policy" a mandatory argument for server-group-create + Update .gitreview for stable/newton + Updated from global requirements - python-oslo.rootwrap: - [daemon] Close inherited filedescriptors after forking - Allow rootwrap-daemon to timeout and exit Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1909=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): python-ceilometermiddleware-0.5.2-2.3.3 python-keystoneclient-3.5.1-2.3.1 python-keystoneclient-doc-3.5.1-2.3.1 python-novaclient-6.0.2-2.3.1 python-novaclient-doc-6.0.2-2.3.1 python-oslo.rootwrap-5.1.2-3.3.1 References: https://bugzilla.suse.com/1064838 From sle-updates at lists.suse.com Fri Nov 24 13:08:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:08:25 +0100 (CET) Subject: SUSE-SU-2017:3080-1: moderate: Security update for openstack-nova Message-ID: <20171124200825.E2860FCE5@maintenance.suse.de> SUSE Security Update: Security update for openstack-nova ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3080-1 Rating: moderate References: #1066198 Cross-References: CVE-2017-16239 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openstack-nova brings the latest version provided by the OpenStack upstream project including the following security fix: - CVE-2017-16239: Filter Scheduler bypass through rebuild action (bsc#1066198). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1911=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-nova-14.0.10~dev13-4.11.1 openstack-nova-api-14.0.10~dev13-4.11.1 openstack-nova-cells-14.0.10~dev13-4.11.1 openstack-nova-cert-14.0.10~dev13-4.11.1 openstack-nova-compute-14.0.10~dev13-4.11.1 openstack-nova-conductor-14.0.10~dev13-4.11.1 openstack-nova-console-14.0.10~dev13-4.11.1 openstack-nova-consoleauth-14.0.10~dev13-4.11.1 openstack-nova-doc-14.0.10~dev13-4.11.3 openstack-nova-novncproxy-14.0.10~dev13-4.11.1 openstack-nova-placement-api-14.0.10~dev13-4.11.1 openstack-nova-scheduler-14.0.10~dev13-4.11.1 openstack-nova-serialproxy-14.0.10~dev13-4.11.1 openstack-nova-vncproxy-14.0.10~dev13-4.11.1 python-nova-14.0.10~dev13-4.11.1 References: https://www.suse.com/security/cve/CVE-2017-16239.html https://bugzilla.suse.com/1066198 From sle-updates at lists.suse.com Fri Nov 24 13:08:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:08:48 +0100 (CET) Subject: SUSE-RU-2017:3081-1: moderate: Recommended update for openstack-dashboard-theme-SUSE, openstack-horizon-plugin-gbp-ui Message-ID: <20171124200848.9353CFCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-dashboard-theme-SUSE, openstack-horizon-plugin-gbp-ui ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3081-1 Rating: moderate References: #1064838 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-dashboard-theme-SUSE, openstack-horizon-plugin-gbp-ui fixes the following issues: - openstack-horizon-plugin-gbp-ui: + Unifies the compute and GBP member launch modals + Replaces multi select combos with transfer tables + Removes and simplifies GBPUI templates + Update templates in policytargets section + Remove unused logging import + Remove patterns call from urls + Fix template names in policy targets view + Fix mistakes in descriptions - openstack-dashboard-theme-SUSE: + Fix horizon reload in the HA case Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1907=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-dashboard-theme-SUSE-2016.2-5.6.1 openstack-horizon-plugin-gbp-ui-5.0.1~dev16-2.6.1 python-horizon-plugin-gbp-ui-5.0.1~dev16-2.6.1 References: https://bugzilla.suse.com/1064838 From sle-updates at lists.suse.com Fri Nov 24 13:09:12 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:09:12 +0100 (CET) Subject: SUSE-RU-2017:3082-1: moderate: Recommended update for python-eventlet Message-ID: <20171124200912.8C6B5FCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-eventlet ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3082-1 Rating: moderate References: #1061197 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-eventlet fixes the following issues: - Fix spurious "Connection reset by peer" errors in /var/log/messages when SSL is enabled and HAProxy health check is configured to verify SSL backend connection. (bsc#1061197) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1914=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): python-eventlet-0.19.0-2.6.1 References: https://bugzilla.suse.com/1061197 From sle-updates at lists.suse.com Fri Nov 24 13:09:40 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:09:40 +0100 (CET) Subject: SUSE-RU-2017:3083-1: moderate: Recommended update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack Message-ID: <20171124200940.09965FCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3083-1 Rating: moderate References: #1020922 #1046616 #1047881 #1049153 #1051298 #1055669 #1056750 #1057233 #1058876 #1059532 #1059733 #1059790 #1060421 #1060628 #1060687 #1061777 #1063772 #1064057 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has 18 recommended fixes can now be installed. Description: This update for crowbar-core, crowbar-ha, crowbar-init, crowbar-openstack fixes the following issues: - crowbar-core: + ohai: don't up interfaces + crowbar_framework:fix filtered nodes in apply_role + ohai: Remove useless assignment + ohai: Coding style fixes + ohai: Code cleanup for static variables + provisioner: Use also permanent addresses for dhcp + ohai: Collect permanent address of NICs + Show IPMI links earlier + crowbar_framework: fix skip_unchanged_nodes + ohai: Do not fail dealing with UEFI config with invalid CurrentBoot + crowbar: Add ability to skip chef run on node when applying + crowbar_framework: add experimental option for skip_unchanged_nodes + Allow setting NVMe drive in ceph (bsc#1051298) + crowbar: Don't store invalid locks (bsc#1055669) + Increase default chef_splay + Prefetch all roles during node listing + network: keep ovs secure fail-mode (bsc#1063772) + Get role data directly from CouchDB + utils: Add systemd override LWRP + schema_migration: Provide a hook into ServiceObject (bsc#1058876) + Get 'all' nodes directly from CouchDB + crowbar: Forward protocol to rails (bsc#1059733) + utils: Fix restart flag removal + crowbar: use pre_cached_nodes on the deployment queue + crowbar: remove unready nodes from deployment + crowbar: Add skip_unready_nodes experimental option + Add experimental.yml file as %config(noreplace) + utils: fix data bag loading on RestartManager + crowbar: Do not save applied proposal as role too early in apply_role + utils: override the service provider to allow for no-restart of services + crowbar: Introduce a config for experimental options + crowbar_framework: Add the RestartManagementController + network: Partly revert 3d24a0f4cb - do not add Restart= for ovs + upgrade: Don't fail without openstack db (bsc#1061777) + nfs-server: Revert systemd Restart= bits for nfs services + Mark crowbar_framework/config/database.yml as config (bsc#1056750) + all: Make systemd restart services on failures + Add chef_splay to allowed time without update + provisioner: Make chef splay configurable + Add json version of /clusters endpoint + utils: Add utils_systemd_service_restart LWRP + apache2: Use new utils_systemd_service_restart LWRP + ipmi: Read-only mode + ipmi: Option to disable BMC NAT + Disable upgrade API in Cloud7 + Switch to admin-server-upgrading for apache config check - crowbar-ha: + corosync: remove nonsensical ring default + crowbar-pacemaker: Reset sync-marks for all nodes + Fix for pacemaker proposal migration failure + crowbar-pacemaker:fix migration number + Add support for multiple Corosync rings + pacemaker: provide a option to configure migrate-threshold + crowbar-framework: fix is_pacemaker flag for RestartManager + crowbar-pacemaker: allow to skip restart if disallow_restart flag is set + crowbar-pacemaker: hide output for #cib_up_for_node? + crowbar-pacemaker: Update apache override for systemd restart LWRP + hawk: Make systemd restart hawk service on failures + pacemaker: Add option to stop managing stateless active/active services + Fix the translation label for the clone_stateless_services hint + crowbar: Save founder name in the proposal role + crowbar-pacemaker: Reimplement sync marks with pacemaker attributes + crowbar-pacemaker: Deprecate usage of revisions in sync marks + pacemaker: Add missing operations to the parser + ipmi: Use discovered IP in read-only mode + haproxy: Add location contraint to VIP directly + haproxy: provide a option to ratelimit frontends + pacemaker: Use --wait with crm configure command + haproxy: Fix VIP creation for haproxy + haproxy: Make sure that systemd kills haproxy service on restart - crowbar-init: + Fix endless loop when waiting for crowbar (bsc#1059790) - crowbar-openstack: + Hide MySQL SSL options from the UI + neutron: Fixes for ACI integration - updates for Newton + Revert "rabbitmq: Fix HA service management" + Revert "database: Fix HA service management" + mariadb: Make HA op timeouts configurable + neutron: use service account for neutron-l3-ha service + mariadb: Drop unneeded root users (bsc#1060628) + ceilometer: add configurable API timeout attribute (bsc#1064060) + crowbar: add timeout parameter to wsgi resource + database: Add resource limit control (bsc#1020922) + rabbitmq: Add resource_limits option (bsc#1020922) + apache: Add resource_limits controls (bsc#1020922) + cinder: Add resource limit controls (bsc#1020922) + neutron: fix fwaas_v1 configuration (bsc#1064057) + nova: get pub key from file instead of stdin + barbican: reorder config creation and initial db sync + database: Fix schema migrations for backend specific attributes (bsc#1058876) + neutron: add HA rate limiting options to raw template + cinder: add HA rate limiting options to raw template + memcached: increase max connections limit + mariadb: Add expire_logs_days config option + mysql: Use increased timeout for promote operation + mariadb: Move pacemaker op arguments to chef attributes + neutron: Wait longer for database sync to complete (bsc#1060421) + nova: Raise timeouts for nova db sync to complete (bsc#1060421) + neutron-l3-ha-service: Introduce log_file + neutron-l3-ha-service: Enable log to file + neutron-l3-ha-service: Set default log path + neutron-l3-ha-service: fixed hound issues + neutron: fix HA neutron-agents_before_ha timeout + neutron: fix neutron_default_networks HA timeout error + neutron, nova: Revert use of Restart= for ovs and nfs + nova: respect image_cache_manager_interval set in proposal (bsc#1057233) + nova: enable cache manager by default (bsc#1057233) + keystone: Fix updated password check (bsc#1060687) + mysql: tune innodb log size / writeback + mysql: Use fqdn for database hostname when using SSL + nova: reduce excessive node searches on compute role nodes + database: Let MariaDB search for user's presence. + mysql: Correctly delete all anonymous users + horizon: Explicit set REST_API_REQUIRED_SETTINGS (bsc#1046616) + database: Expose max_connections and slow_query_logging in UI + neutron: enable dns extension + magnum: Use credential env to setup domain role + database: Show Insecure SSL flag in the UI + nova: stop using the passwd ohai tree + ceilometer: fix hypervisor_inspector value for 'vmware' to be 'vsphere' + mysql: Added SSL configuration for client-server traffic + crowbar-openstack: Update database connection string for SSL setup + crowbar-openstack: Add require_ssl option to database_user resource + database: Return hostname for listen address in case of SSL setup. + rabbitmq: Increase timeouts for start/promote actions (bsc#1059532) + all: Make systemd restart services on failures + postgresql, rabbitmq: Re-use existing variable for clarity + nova: use the proper vars for serialproxy + mysql: Set the current node as non-backup server in haproxy config + rabbitmq: Set "clone-max" for the ms-rabbitmq resource + barbican: Remove unused barbican_service definition + heat: Run "heat-manage db_sync" before defining and starting services + all: Use new pacemaker option to stop managing stateless a/a services + heat, neutron, nova: Make hound happy + nova: add HA rate limiting options to raw template + keystone: Switch memcache backend to oslo_cache.memcache_pool + neutron: Increase inotify max user instances + mysql: Make sure galera resources are started on controller nodes only + rabbitmq: Remove remaining references to old cluster recipe + trove: Remove unused chef node searches + rabbitmq: Enable deploying rabbitmq with clustering when doing HA + rabbitmq: More robust check for rabbit + rabbitmq: dont let the template changes restart if in cluster mode + swift: disable ceilometer middleware when using durable queues + rabbitmq: prevent template changes + Always wait for the cluster to be started + rabbitmq: sync nodes before pacemaker resources + manila, ha: fix bind_host in HA case + ceilometer: Allow enabling SSL with HA (bsc#1049153) + neutron: Switch data center IDs to start at 1 for Infoblox (bsc#1047881) + neutron: Switch to systemd for Infoblox (bsc#1047881) + keystone: Set an origin flag on apache2 restart + Stop exposing passwords in the process table + openstack: Fetch HA resource name for rabbitmq from rabbitmq settings + trove: rename template variable to rabbit_settings + openstack: make rabbitmq durable_queues/ha_queues setting configurable + trove: move retrieval of rabbit url to common openstack cookbook + rabbitmq: remove unused cluster.rb recipe + rabbitmq: prevent configuration changes for backport + mysql: Add a timeout to galera bootstrapping Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1915=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1915=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1508607101.73c7a9c77-9.11.4 crowbar-core-branding-upstream-4.0+git.1508607101.73c7a9c77-9.11.4 - SUSE OpenStack Cloud 7 (noarch): crowbar-ha-4.0+git.1508403557.f438560-4.15.4 crowbar-init-4.0+git.1507187369.c3f2348-8.9.4 crowbar-openstack-4.0+git.1508531151.8580c7e51-9.17.4 - SUSE Enterprise Storage 4 (aarch64 x86_64): crowbar-core-4.0+git.1508607101.73c7a9c77-9.11.4 - SUSE Enterprise Storage 4 (noarch): crowbar-init-4.0+git.1507187369.c3f2348-8.9.4 References: https://bugzilla.suse.com/1020922 https://bugzilla.suse.com/1046616 https://bugzilla.suse.com/1047881 https://bugzilla.suse.com/1049153 https://bugzilla.suse.com/1051298 https://bugzilla.suse.com/1055669 https://bugzilla.suse.com/1056750 https://bugzilla.suse.com/1057233 https://bugzilla.suse.com/1058876 https://bugzilla.suse.com/1059532 https://bugzilla.suse.com/1059733 https://bugzilla.suse.com/1059790 https://bugzilla.suse.com/1060421 https://bugzilla.suse.com/1060628 https://bugzilla.suse.com/1060687 https://bugzilla.suse.com/1061777 https://bugzilla.suse.com/1063772 https://bugzilla.suse.com/1064057 From sle-updates at lists.suse.com Fri Nov 24 13:12:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:12:28 +0100 (CET) Subject: SUSE-SU-2017:3084-1: important: Security update for kvm Message-ID: <20171124201228.DED3DFCE5@maintenance.suse.de> SUSE Security Update: Security update for kvm ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3084-1 Rating: important References: #1013285 #1014109 #1014111 #1014702 #1015048 #1016779 #1020427 #1021129 #1021741 #1023004 #1023053 #1023907 #1024972 #1025109 #1028184 #1028656 #1030624 #1031051 #1034044 #1034866 #1034908 #1035406 #1035950 #1037242 #1038396 #1039495 #1042159 #1042800 #1042801 #1043296 #1045035 #1046636 #1047674 #1048902 #1049381 #1049785 #1056334 #1057585 #1062069 #1063122 Cross-References: CVE-2016-10155 CVE-2016-9602 CVE-2016-9603 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911 CVE-2016-9921 CVE-2016-9922 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15289 CVE-2017-2615 CVE-2017-2620 CVE-2017-5579 CVE-2017-5856 CVE-2017-5898 CVE-2017-5973 CVE-2017-6505 CVE-2017-7471 CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8309 CVE-2017-9330 CVE-2017-9373 CVE-2017-9375 CVE-2017-9503 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves 33 vulnerabilities and has 7 fixes is now available. Description: This update for kvm fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285) - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111) - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427) - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656) - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636) - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674) - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902) - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334) - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069) - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741) - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109) - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184) - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866) - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908) - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406) - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159) - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801) - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800) - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296) * Fix privilege escalation in TCG mode (bsc#1030624) These non-security issues were fixed: - bsc#1045035: Fixed regression introduced by previous virtfs security fixes - bsc#1038396: Fixed 12 tempest tests - bsc#1034044: Prevent KVM guests stuck when waiting for sg_io() completion - bsc#1031051: Prevent I/O errors when using pvmove with disk device=lun - bsc#1049785: Make virsh dump output readable by crash - bsc#1015048: Fixed virtio interface failure - bsc#1016779: Fixed graphical update errors introduced by previous security fix - Fixed various inaccuracies in cirrus vga device emulation Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kvm-13351=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kvm-13351=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kvm-1.4.2-53.11.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kvm-1.4.2-53.11.1 References: https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9602.html https://www.suse.com/security/cve/CVE-2016-9603.html https://www.suse.com/security/cve/CVE-2016-9776.html https://www.suse.com/security/cve/CVE-2016-9907.html https://www.suse.com/security/cve/CVE-2016-9911.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-10664.html https://www.suse.com/security/cve/CVE-2017-10806.html https://www.suse.com/security/cve/CVE-2017-11334.html https://www.suse.com/security/cve/CVE-2017-11434.html https://www.suse.com/security/cve/CVE-2017-13672.html https://www.suse.com/security/cve/CVE-2017-14167.html https://www.suse.com/security/cve/CVE-2017-15038.html https://www.suse.com/security/cve/CVE-2017-15289.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5579.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5898.html https://www.suse.com/security/cve/CVE-2017-5973.html https://www.suse.com/security/cve/CVE-2017-6505.html https://www.suse.com/security/cve/CVE-2017-7471.html https://www.suse.com/security/cve/CVE-2017-7493.html https://www.suse.com/security/cve/CVE-2017-7718.html https://www.suse.com/security/cve/CVE-2017-7980.html https://www.suse.com/security/cve/CVE-2017-8086.html https://www.suse.com/security/cve/CVE-2017-8309.html https://www.suse.com/security/cve/CVE-2017-9330.html https://www.suse.com/security/cve/CVE-2017-9373.html https://www.suse.com/security/cve/CVE-2017-9375.html https://www.suse.com/security/cve/CVE-2017-9503.html https://bugzilla.suse.com/1013285 https://bugzilla.suse.com/1014109 https://bugzilla.suse.com/1014111 https://bugzilla.suse.com/1014702 https://bugzilla.suse.com/1015048 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/1020427 https://bugzilla.suse.com/1021129 https://bugzilla.suse.com/1021741 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1023053 https://bugzilla.suse.com/1023907 https://bugzilla.suse.com/1024972 https://bugzilla.suse.com/1025109 https://bugzilla.suse.com/1028184 https://bugzilla.suse.com/1028656 https://bugzilla.suse.com/1030624 https://bugzilla.suse.com/1031051 https://bugzilla.suse.com/1034044 https://bugzilla.suse.com/1034866 https://bugzilla.suse.com/1034908 https://bugzilla.suse.com/1035406 https://bugzilla.suse.com/1035950 https://bugzilla.suse.com/1037242 https://bugzilla.suse.com/1038396 https://bugzilla.suse.com/1039495 https://bugzilla.suse.com/1042159 https://bugzilla.suse.com/1042800 https://bugzilla.suse.com/1042801 https://bugzilla.suse.com/1043296 https://bugzilla.suse.com/1045035 https://bugzilla.suse.com/1046636 https://bugzilla.suse.com/1047674 https://bugzilla.suse.com/1048902 https://bugzilla.suse.com/1049381 https://bugzilla.suse.com/1049785 https://bugzilla.suse.com/1056334 https://bugzilla.suse.com/1057585 https://bugzilla.suse.com/1062069 https://bugzilla.suse.com/1063122 From sle-updates at lists.suse.com Fri Nov 24 13:18:03 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:18:03 +0100 (CET) Subject: SUSE-RU-2017:3085-1: moderate: Recommended update for rubygem-chef-server-api, rubygem-crowbar-client Message-ID: <20171124201803.950F9FCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef-server-api, rubygem-crowbar-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3085-1 Rating: moderate References: #1037374 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef-server-api, rubygem-crowbar-client fixes the following issues: - rubygem-chef-server-api: + Proper stopping of clustered chef-server + Fixed $OPTIONS expansion in systemd service file. - rubygem-crowbar-client: - Add new service command and subcommands - Fix proposal create from file (bsc#1037374) - Fix create proposal from data (bsc#1037374) - Add filtering of proposal deployment lists Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1908=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1908=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-chef-server-api-10.32.2-2.3.1 ruby2.1-rubygem-crowbar-client-3.5.0-7.3.1 rubygem-chef-server-api-10.32.2-2.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): ruby2.1-rubygem-chef-server-api-10.32.2-2.3.1 ruby2.1-rubygem-crowbar-client-3.5.0-7.3.1 rubygem-chef-server-api-10.32.2-2.3.1 References: https://bugzilla.suse.com/1037374 From sle-updates at lists.suse.com Fri Nov 24 13:18:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:18:30 +0100 (CET) Subject: SUSE-SU-2017:3086-1: important: Security update for samba Message-ID: <20171124201830.BB5CBFCE5@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3086-1 Rating: important References: #1027593 #1060427 #1063008 Cross-References: CVE-2017-14746 CVE-2017-15275 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise High Availability 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2017-14746: Fixed a use-after-free vulnerability that could be used to crash smbd or potentially execute code (bsc#1060427). - CVE-2017-15275: Fixed a server heap memory information leak (bsc#1063008). Non-security issues fixed: - Update 'winbind expand groups' doc in smb.conf man page; (bsc#1027593). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1902=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1902=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1902=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1902=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1902=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1902=1 - SUSE Linux Enterprise High Availability 12-SP1: zypper in -t patch SUSE-SLE-HA-12-SP1-2017-1902=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1902=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): ctdb-4.2.4-28.24.1 ctdb-debuginfo-4.2.4-28.24.1 libdcerpc-binding0-32bit-4.2.4-28.24.1 libdcerpc-binding0-4.2.4-28.24.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.24.1 libdcerpc-binding0-debuginfo-4.2.4-28.24.1 libdcerpc0-32bit-4.2.4-28.24.1 libdcerpc0-4.2.4-28.24.1 libdcerpc0-debuginfo-32bit-4.2.4-28.24.1 libdcerpc0-debuginfo-4.2.4-28.24.1 libgensec0-32bit-4.2.4-28.24.1 libgensec0-4.2.4-28.24.1 libgensec0-debuginfo-32bit-4.2.4-28.24.1 libgensec0-debuginfo-4.2.4-28.24.1 libndr-krb5pac0-32bit-4.2.4-28.24.1 libndr-krb5pac0-4.2.4-28.24.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.24.1 libndr-krb5pac0-debuginfo-4.2.4-28.24.1 libndr-nbt0-32bit-4.2.4-28.24.1 libndr-nbt0-4.2.4-28.24.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.24.1 libndr-nbt0-debuginfo-4.2.4-28.24.1 libndr-standard0-32bit-4.2.4-28.24.1 libndr-standard0-4.2.4-28.24.1 libndr-standard0-debuginfo-32bit-4.2.4-28.24.1 libndr-standard0-debuginfo-4.2.4-28.24.1 libndr0-32bit-4.2.4-28.24.1 libndr0-4.2.4-28.24.1 libndr0-debuginfo-32bit-4.2.4-28.24.1 libndr0-debuginfo-4.2.4-28.24.1 libnetapi0-32bit-4.2.4-28.24.1 libnetapi0-4.2.4-28.24.1 libnetapi0-debuginfo-32bit-4.2.4-28.24.1 libnetapi0-debuginfo-4.2.4-28.24.1 libregistry0-4.2.4-28.24.1 libregistry0-debuginfo-4.2.4-28.24.1 libsamba-credentials0-32bit-4.2.4-28.24.1 libsamba-credentials0-4.2.4-28.24.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.24.1 libsamba-credentials0-debuginfo-4.2.4-28.24.1 libsamba-hostconfig0-32bit-4.2.4-28.24.1 libsamba-hostconfig0-4.2.4-28.24.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.24.1 libsamba-hostconfig0-debuginfo-4.2.4-28.24.1 libsamba-passdb0-32bit-4.2.4-28.24.1 libsamba-passdb0-4.2.4-28.24.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.24.1 libsamba-passdb0-debuginfo-4.2.4-28.24.1 libsamba-util0-32bit-4.2.4-28.24.1 libsamba-util0-4.2.4-28.24.1 libsamba-util0-debuginfo-32bit-4.2.4-28.24.1 libsamba-util0-debuginfo-4.2.4-28.24.1 libsamdb0-32bit-4.2.4-28.24.1 libsamdb0-4.2.4-28.24.1 libsamdb0-debuginfo-32bit-4.2.4-28.24.1 libsamdb0-debuginfo-4.2.4-28.24.1 libsmbclient-raw0-32bit-4.2.4-28.24.1 libsmbclient-raw0-4.2.4-28.24.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.24.1 libsmbclient-raw0-debuginfo-4.2.4-28.24.1 libsmbclient0-32bit-4.2.4-28.24.1 libsmbclient0-4.2.4-28.24.1 libsmbclient0-debuginfo-32bit-4.2.4-28.24.1 libsmbclient0-debuginfo-4.2.4-28.24.1 libsmbconf0-32bit-4.2.4-28.24.1 libsmbconf0-4.2.4-28.24.1 libsmbconf0-debuginfo-32bit-4.2.4-28.24.1 libsmbconf0-debuginfo-4.2.4-28.24.1 libsmbldap0-32bit-4.2.4-28.24.1 libsmbldap0-4.2.4-28.24.1 libsmbldap0-debuginfo-32bit-4.2.4-28.24.1 libsmbldap0-debuginfo-4.2.4-28.24.1 libtevent-util0-32bit-4.2.4-28.24.1 libtevent-util0-4.2.4-28.24.1 libtevent-util0-debuginfo-32bit-4.2.4-28.24.1 libtevent-util0-debuginfo-4.2.4-28.24.1 libwbclient0-32bit-4.2.4-28.24.1 libwbclient0-4.2.4-28.24.1 libwbclient0-debuginfo-32bit-4.2.4-28.24.1 libwbclient0-debuginfo-4.2.4-28.24.1 samba-32bit-4.2.4-28.24.1 samba-4.2.4-28.24.1 samba-client-32bit-4.2.4-28.24.1 samba-client-4.2.4-28.24.1 samba-client-debuginfo-32bit-4.2.4-28.24.1 samba-client-debuginfo-4.2.4-28.24.1 samba-debuginfo-32bit-4.2.4-28.24.1 samba-debuginfo-4.2.4-28.24.1 samba-debugsource-4.2.4-28.24.1 samba-libs-32bit-4.2.4-28.24.1 samba-libs-4.2.4-28.24.1 samba-libs-debuginfo-32bit-4.2.4-28.24.1 samba-libs-debuginfo-4.2.4-28.24.1 samba-winbind-32bit-4.2.4-28.24.1 samba-winbind-4.2.4-28.24.1 samba-winbind-debuginfo-32bit-4.2.4-28.24.1 samba-winbind-debuginfo-4.2.4-28.24.1 - SUSE OpenStack Cloud 6 (noarch): samba-doc-4.2.4-28.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): samba-test-devel-4.2.4-28.24.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): ctdb-4.2.4-28.24.1 ctdb-debuginfo-4.2.4-28.24.1 libdcerpc-binding0-4.2.4-28.24.1 libdcerpc-binding0-debuginfo-4.2.4-28.24.1 libdcerpc0-4.2.4-28.24.1 libdcerpc0-debuginfo-4.2.4-28.24.1 libgensec0-4.2.4-28.24.1 libgensec0-debuginfo-4.2.4-28.24.1 libndr-krb5pac0-4.2.4-28.24.1 libndr-krb5pac0-debuginfo-4.2.4-28.24.1 libndr-nbt0-4.2.4-28.24.1 libndr-nbt0-debuginfo-4.2.4-28.24.1 libndr-standard0-4.2.4-28.24.1 libndr-standard0-debuginfo-4.2.4-28.24.1 libndr0-4.2.4-28.24.1 libndr0-debuginfo-4.2.4-28.24.1 libnetapi0-4.2.4-28.24.1 libnetapi0-debuginfo-4.2.4-28.24.1 libregistry0-4.2.4-28.24.1 libregistry0-debuginfo-4.2.4-28.24.1 libsamba-credentials0-4.2.4-28.24.1 libsamba-credentials0-debuginfo-4.2.4-28.24.1 libsamba-hostconfig0-4.2.4-28.24.1 libsamba-hostconfig0-debuginfo-4.2.4-28.24.1 libsamba-passdb0-4.2.4-28.24.1 libsamba-passdb0-debuginfo-4.2.4-28.24.1 libsamba-util0-4.2.4-28.24.1 libsamba-util0-debuginfo-4.2.4-28.24.1 libsamdb0-4.2.4-28.24.1 libsamdb0-debuginfo-4.2.4-28.24.1 libsmbclient-raw0-4.2.4-28.24.1 libsmbclient-raw0-debuginfo-4.2.4-28.24.1 libsmbclient0-4.2.4-28.24.1 libsmbclient0-debuginfo-4.2.4-28.24.1 libsmbconf0-4.2.4-28.24.1 libsmbconf0-debuginfo-4.2.4-28.24.1 libsmbldap0-4.2.4-28.24.1 libsmbldap0-debuginfo-4.2.4-28.24.1 libtevent-util0-4.2.4-28.24.1 libtevent-util0-debuginfo-4.2.4-28.24.1 libwbclient0-4.2.4-28.24.1 libwbclient0-debuginfo-4.2.4-28.24.1 samba-4.2.4-28.24.1 samba-client-4.2.4-28.24.1 samba-client-debuginfo-4.2.4-28.24.1 samba-debuginfo-4.2.4-28.24.1 samba-debugsource-4.2.4-28.24.1 samba-libs-4.2.4-28.24.1 samba-libs-debuginfo-4.2.4-28.24.1 samba-winbind-4.2.4-28.24.1 samba-winbind-debuginfo-4.2.4-28.24.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libdcerpc-binding0-32bit-4.2.4-28.24.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.24.1 libdcerpc0-32bit-4.2.4-28.24.1 libdcerpc0-debuginfo-32bit-4.2.4-28.24.1 libgensec0-32bit-4.2.4-28.24.1 libgensec0-debuginfo-32bit-4.2.4-28.24.1 libndr-krb5pac0-32bit-4.2.4-28.24.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.24.1 libndr-nbt0-32bit-4.2.4-28.24.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.24.1 libndr-standard0-32bit-4.2.4-28.24.1 libndr-standard0-debuginfo-32bit-4.2.4-28.24.1 libndr0-32bit-4.2.4-28.24.1 libndr0-debuginfo-32bit-4.2.4-28.24.1 libnetapi0-32bit-4.2.4-28.24.1 libnetapi0-debuginfo-32bit-4.2.4-28.24.1 libsamba-credentials0-32bit-4.2.4-28.24.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.24.1 libsamba-hostconfig0-32bit-4.2.4-28.24.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.24.1 libsamba-passdb0-32bit-4.2.4-28.24.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.24.1 libsamba-util0-32bit-4.2.4-28.24.1 libsamba-util0-debuginfo-32bit-4.2.4-28.24.1 libsamdb0-32bit-4.2.4-28.24.1 libsamdb0-debuginfo-32bit-4.2.4-28.24.1 libsmbclient-raw0-32bit-4.2.4-28.24.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.24.1 libsmbclient0-32bit-4.2.4-28.24.1 libsmbclient0-debuginfo-32bit-4.2.4-28.24.1 libsmbconf0-32bit-4.2.4-28.24.1 libsmbconf0-debuginfo-32bit-4.2.4-28.24.1 libsmbldap0-32bit-4.2.4-28.24.1 libsmbldap0-debuginfo-32bit-4.2.4-28.24.1 libtevent-util0-32bit-4.2.4-28.24.1 libtevent-util0-debuginfo-32bit-4.2.4-28.24.1 libwbclient0-32bit-4.2.4-28.24.1 libwbclient0-debuginfo-32bit-4.2.4-28.24.1 samba-32bit-4.2.4-28.24.1 samba-client-32bit-4.2.4-28.24.1 samba-client-debuginfo-32bit-4.2.4-28.24.1 samba-debuginfo-32bit-4.2.4-28.24.1 samba-libs-32bit-4.2.4-28.24.1 samba-libs-debuginfo-32bit-4.2.4-28.24.1 samba-winbind-32bit-4.2.4-28.24.1 samba-winbind-debuginfo-32bit-4.2.4-28.24.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): samba-doc-4.2.4-28.24.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-atsvc0-4.2.4-28.24.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.24.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libdcerpc-atsvc0-4.2.4-28.24.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ctdb-4.2.4-28.24.1 ctdb-debuginfo-4.2.4-28.24.1 libdcerpc-binding0-4.2.4-28.24.1 libdcerpc-binding0-debuginfo-4.2.4-28.24.1 libdcerpc0-4.2.4-28.24.1 libdcerpc0-debuginfo-4.2.4-28.24.1 libgensec0-4.2.4-28.24.1 libgensec0-debuginfo-4.2.4-28.24.1 libndr-krb5pac0-4.2.4-28.24.1 libndr-krb5pac0-debuginfo-4.2.4-28.24.1 libndr-nbt0-4.2.4-28.24.1 libndr-nbt0-debuginfo-4.2.4-28.24.1 libndr-standard0-4.2.4-28.24.1 libndr-standard0-debuginfo-4.2.4-28.24.1 libndr0-4.2.4-28.24.1 libndr0-debuginfo-4.2.4-28.24.1 libnetapi0-4.2.4-28.24.1 libnetapi0-debuginfo-4.2.4-28.24.1 libregistry0-4.2.4-28.24.1 libregistry0-debuginfo-4.2.4-28.24.1 libsamba-credentials0-4.2.4-28.24.1 libsamba-credentials0-debuginfo-4.2.4-28.24.1 libsamba-hostconfig0-4.2.4-28.24.1 libsamba-hostconfig0-debuginfo-4.2.4-28.24.1 libsamba-passdb0-4.2.4-28.24.1 libsamba-passdb0-debuginfo-4.2.4-28.24.1 libsamba-util0-4.2.4-28.24.1 libsamba-util0-debuginfo-4.2.4-28.24.1 libsamdb0-4.2.4-28.24.1 libsamdb0-debuginfo-4.2.4-28.24.1 libsmbclient-raw0-4.2.4-28.24.1 libsmbclient-raw0-debuginfo-4.2.4-28.24.1 libsmbclient0-4.2.4-28.24.1 libsmbclient0-debuginfo-4.2.4-28.24.1 libsmbconf0-4.2.4-28.24.1 libsmbconf0-debuginfo-4.2.4-28.24.1 libsmbldap0-4.2.4-28.24.1 libsmbldap0-debuginfo-4.2.4-28.24.1 libtevent-util0-4.2.4-28.24.1 libtevent-util0-debuginfo-4.2.4-28.24.1 libwbclient0-4.2.4-28.24.1 libwbclient0-debuginfo-4.2.4-28.24.1 samba-4.2.4-28.24.1 samba-client-4.2.4-28.24.1 samba-client-debuginfo-4.2.4-28.24.1 samba-debuginfo-4.2.4-28.24.1 samba-debugsource-4.2.4-28.24.1 samba-libs-4.2.4-28.24.1 samba-libs-debuginfo-4.2.4-28.24.1 samba-winbind-4.2.4-28.24.1 samba-winbind-debuginfo-4.2.4-28.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.2.4-28.24.1 libdcerpc-binding0-debuginfo-32bit-4.2.4-28.24.1 libdcerpc0-32bit-4.2.4-28.24.1 libdcerpc0-debuginfo-32bit-4.2.4-28.24.1 libgensec0-32bit-4.2.4-28.24.1 libgensec0-debuginfo-32bit-4.2.4-28.24.1 libndr-krb5pac0-32bit-4.2.4-28.24.1 libndr-krb5pac0-debuginfo-32bit-4.2.4-28.24.1 libndr-nbt0-32bit-4.2.4-28.24.1 libndr-nbt0-debuginfo-32bit-4.2.4-28.24.1 libndr-standard0-32bit-4.2.4-28.24.1 libndr-standard0-debuginfo-32bit-4.2.4-28.24.1 libndr0-32bit-4.2.4-28.24.1 libndr0-debuginfo-32bit-4.2.4-28.24.1 libnetapi0-32bit-4.2.4-28.24.1 libnetapi0-debuginfo-32bit-4.2.4-28.24.1 libsamba-credentials0-32bit-4.2.4-28.24.1 libsamba-credentials0-debuginfo-32bit-4.2.4-28.24.1 libsamba-hostconfig0-32bit-4.2.4-28.24.1 libsamba-hostconfig0-debuginfo-32bit-4.2.4-28.24.1 libsamba-passdb0-32bit-4.2.4-28.24.1 libsamba-passdb0-debuginfo-32bit-4.2.4-28.24.1 libsamba-util0-32bit-4.2.4-28.24.1 libsamba-util0-debuginfo-32bit-4.2.4-28.24.1 libsamdb0-32bit-4.2.4-28.24.1 libsamdb0-debuginfo-32bit-4.2.4-28.24.1 libsmbclient-raw0-32bit-4.2.4-28.24.1 libsmbclient-raw0-debuginfo-32bit-4.2.4-28.24.1 libsmbclient0-32bit-4.2.4-28.24.1 libsmbclient0-debuginfo-32bit-4.2.4-28.24.1 libsmbconf0-32bit-4.2.4-28.24.1 libsmbconf0-debuginfo-32bit-4.2.4-28.24.1 libsmbldap0-32bit-4.2.4-28.24.1 libsmbldap0-debuginfo-32bit-4.2.4-28.24.1 libtevent-util0-32bit-4.2.4-28.24.1 libtevent-util0-debuginfo-32bit-4.2.4-28.24.1 libwbclient0-32bit-4.2.4-28.24.1 libwbclient0-debuginfo-32bit-4.2.4-28.24.1 samba-32bit-4.2.4-28.24.1 samba-client-32bit-4.2.4-28.24.1 samba-client-debuginfo-32bit-4.2.4-28.24.1 samba-debuginfo-32bit-4.2.4-28.24.1 samba-libs-32bit-4.2.4-28.24.1 samba-libs-debuginfo-32bit-4.2.4-28.24.1 samba-winbind-32bit-4.2.4-28.24.1 samba-winbind-debuginfo-32bit-4.2.4-28.24.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): samba-doc-4.2.4-28.24.1 - SUSE Linux Enterprise High Availability 12-SP1 (ppc64le s390x x86_64): ctdb-4.2.4-28.24.1 ctdb-debuginfo-4.2.4-28.24.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-atsvc0-4.2.4-28.24.1 libdcerpc-atsvc0-debuginfo-4.2.4-28.24.1 References: https://www.suse.com/security/cve/CVE-2017-14746.html https://www.suse.com/security/cve/CVE-2017-15275.html https://bugzilla.suse.com/1027593 https://bugzilla.suse.com/1060427 https://bugzilla.suse.com/1063008 From sle-updates at lists.suse.com Fri Nov 24 13:19:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:19:11 +0100 (CET) Subject: SUSE-RU-2017:3087-1: moderate: Recommended update for openstack-aodh, openstack-ceilometer, openstack-glance, openstack-heat, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-neutron-lbaas Message-ID: <20171124201911.8709AFCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-aodh, openstack-ceilometer, openstack-glance, openstack-heat, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-neutron-lbaas ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3087-1 Rating: moderate References: #1056473 #1057556 #1058267 #1061818 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for openstack-aodh, openstack-ceilometer, openstack-glance, openstack-heat, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-neutron-lbaas fixes the following issues: - openstack-aodh: + Add granularity value to Gnocchi evaluators - openstack-ceilometer: + keystone: pass region name to keystone client - openstack-glance: + Fix random fencing on rcpacemaker stop (bsc#1056473) - openstack-heat: + Always replace DELETE\_COMPLETE resources on update + Deal correctly with negative elapsed time + Don't delete RawTemplate if it referenced by a stack + Mark stack failed when exception raised in resource check + Fix race in ZaqarEventSinkTest.test\_events + Fix restore with convergence + Don't use oslo-incubator in glance client plugin + Don't try detach interface when server not found + Always replace DELETE\_COMPLETE resources on update + Deal correctly with negative elapsed time + Don't delete RawTemplate if it referenced by a stack + Mark stack failed when exception raised in resource check + Fix race in ZaqarEventSinkTest.test\_events + Fix restore with convergence + Don't use oslo-incubator in glance client plugin + Don't try detach interface when server not found - openstack-manila: + Fix null value violation (bsc#1057556) - openstack-neutron: + rally: switch to new format for context name + Fix missing super's skip\_checks() + test\_ha\_router: wait until two agents are scheduled + Make use of -w argument for iptables calls + DHCP provisioning block only on port addr update + Match load\_rc\_for\_rally logic to load\_rc\_hook + Prioritize tox environment executables for fullstack/functional tests + Linuxbridge agent: detect existing IP on bridge + Stop logging versions on every agent update + rally: switch to new format for context name + Fix missing super's skip\_checks() + test\_ha\_router: wait until two agents are scheduled + Make use of -w argument for iptables calls + DHCP provisioning block only on port addr update + Match load\_rc\_for\_rally logic to load\_rc\_hook + Prioritize tox environment executables for fullstack/functional tests + Linuxbridge agent: detect existing IP on bridge + Stop logging versions on every agent update - openstack-neutron-infoblox: + Support keystone v3 authentication (bsc#1058267) - openstack-neutron-lbaas: + tempest: healthmonitor is deleted via resource\_cleanup + Don't forget to call the super's resource\_cleanup + fixed statuses, as it was using an undefined variable + fixed health monitor setting during tempest test, + Switch to use stable data\_utils + Fix exception about loadbalancer\_stats + Use Tempest TimeoutException from tempest.lib + Use call\_until\_true from tempest.test + Fix possible race condition when creating two load balancer pools in parallel (bsc#1061818) + tempest: healthmonitor is deleted via resource\_cleanup + Don't forget to call the super's resource\_cleanup + Fix tempest health monitor + fixed statuses, as it was using an undefined variable + fixed health monitor setting during tempest test + Switch to use stable data\_utils + Plugin to run neutron-lbaas tests with tempest + Fix exception about loadbalancer\_stats + Use Tempest TimeoutException from tempest.lib + Use call\_until\_true from tempest.test - openstack-keystone: + Remove the admin token auth middleware (wasn't configured but caused ugly warning all the time) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1906=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-aodh-3.0.5~dev2-2.6.1 openstack-aodh-api-3.0.5~dev2-2.6.1 openstack-aodh-doc-3.0.5~dev2-2.6.1 openstack-aodh-evaluator-3.0.5~dev2-2.6.1 openstack-aodh-expirer-3.0.5~dev2-2.6.1 openstack-aodh-listener-3.0.5~dev2-2.6.1 openstack-aodh-notifier-3.0.5~dev2-2.6.1 openstack-ceilometer-7.1.1~dev4-4.9.1 openstack-ceilometer-agent-central-7.1.1~dev4-4.9.1 openstack-ceilometer-agent-compute-7.1.1~dev4-4.9.1 openstack-ceilometer-agent-ipmi-7.1.1~dev4-4.9.1 openstack-ceilometer-agent-notification-7.1.1~dev4-4.9.1 openstack-ceilometer-api-7.1.1~dev4-4.9.1 openstack-ceilometer-collector-7.1.1~dev4-4.9.1 openstack-ceilometer-doc-7.1.1~dev4-4.9.3 openstack-ceilometer-polling-7.1.1~dev4-4.9.1 openstack-glance-13.0.1~dev6-4.6.1 openstack-glance-api-13.0.1~dev6-4.6.1 openstack-glance-doc-13.0.1~dev6-4.6.2 openstack-glance-glare-13.0.1~dev6-4.6.1 openstack-glance-registry-13.0.1~dev6-4.6.1 openstack-heat-7.0.7~dev10-5.9.1 openstack-heat-api-7.0.7~dev10-5.9.1 openstack-heat-api-cfn-7.0.7~dev10-5.9.1 openstack-heat-api-cloudwatch-7.0.7~dev10-5.9.1 openstack-heat-doc-7.0.7~dev10-5.9.3 openstack-heat-engine-7.0.7~dev10-5.9.1 openstack-heat-plugin-heat_docker-7.0.7~dev10-5.9.1 openstack-heat-test-7.0.7~dev10-5.9.1 openstack-keystone-10.0.3~dev9-7.6.1 openstack-keystone-doc-10.0.3~dev9-7.6.2 openstack-manila-3.0.1~dev30-4.6.1 openstack-manila-api-3.0.1~dev30-4.6.1 openstack-manila-data-3.0.1~dev30-4.6.1 openstack-manila-doc-3.0.1~dev30-4.6.1 openstack-manila-scheduler-3.0.1~dev30-4.6.1 openstack-manila-share-3.0.1~dev30-4.6.1 openstack-neutron-9.4.2~dev21-7.9.1 openstack-neutron-dhcp-agent-9.4.2~dev21-7.9.1 openstack-neutron-doc-9.4.2~dev21-7.9.2 openstack-neutron-ha-tool-9.4.2~dev21-7.9.1 openstack-neutron-infoblox-2.0.2-2.6.3 openstack-neutron-infoblox-doc-2.0.2-2.6.3 openstack-neutron-infoblox-ipam-agent-2.0.2-2.6.3 openstack-neutron-l3-agent-9.4.2~dev21-7.9.1 openstack-neutron-lbaas-9.2.2~dev11-4.3.3 openstack-neutron-lbaas-agent-9.2.2~dev11-4.3.3 openstack-neutron-lbaas-doc-9.2.2~dev11-4.3.3 openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.9.1 openstack-neutron-macvtap-agent-9.4.2~dev21-7.9.1 openstack-neutron-metadata-agent-9.4.2~dev21-7.9.1 openstack-neutron-metering-agent-9.4.2~dev21-7.9.1 openstack-neutron-openvswitch-agent-9.4.2~dev21-7.9.1 openstack-neutron-server-9.4.2~dev21-7.9.1 python-aodh-3.0.5~dev2-2.6.1 python-ceilometer-7.1.1~dev4-4.9.1 python-glance-13.0.1~dev6-4.6.1 python-heat-7.0.7~dev10-5.9.1 python-keystone-10.0.3~dev9-7.6.1 python-manila-3.0.1~dev30-4.6.1 python-neutron-9.4.2~dev21-7.9.1 python-neutron-lbaas-9.2.2~dev11-4.3.3 References: https://bugzilla.suse.com/1056473 https://bugzilla.suse.com/1057556 https://bugzilla.suse.com/1058267 https://bugzilla.suse.com/1061818 From sle-updates at lists.suse.com Fri Nov 24 13:19:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:19:59 +0100 (CET) Subject: SUSE-RU-2017:3088-1: Recommended update for release-notes-suse-openstack-cloud Message-ID: <20171124201959.E9C65FCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3088-1 Rating: low References: #1064838 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Release Notes of SUSE OpenStack Cloud 7 were updated to document: - Add MariaDB as a database Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1912=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): release-notes-suse-openstack-cloud-7.20170919-3.6.1 References: https://bugzilla.suse.com/1064838 From sle-updates at lists.suse.com Fri Nov 24 13:20:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:20:24 +0100 (CET) Subject: SUSE-RU-2017:3089-1: Recommended update for couchdb Message-ID: <20171124202024.121AEFCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for couchdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3089-1 Rating: low References: #1025403 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for couchdb provides the following fix: - Improve init script to start reliably (bsc#1025403) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1913=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1913=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): couchdb-1.6.1-2.3.1 couchdb-debuginfo-1.6.1-2.3.1 couchdb-debugsource-1.6.1-2.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): couchdb-1.6.1-2.3.1 couchdb-debuginfo-1.6.1-2.3.1 couchdb-debugsource-1.6.1-2.3.1 References: https://bugzilla.suse.com/1025403 From sle-updates at lists.suse.com Fri Nov 24 13:20:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:20:44 +0100 (CET) Subject: SUSE-SU-2017:3090-1: moderate: Recommended update for tboot Message-ID: <20171124202044.56DD2FCE5@maintenance.suse.de> SUSE Security Update: Recommended update for tboot ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3090-1 Rating: moderate References: #1057555 #1068390 Cross-References: CVE-2017-16837 Affected Products: SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tboot fixes the following issues: Security issue fixed: - CVE-2017-16837: Certain function pointers in Trusted Boot (tboot) through 1.9.6 are notvalidated and can cause arbitrary code execution, which allows local users tooverwrite dynamic PCRs of Trusted Platform Module (TPM) by h (bsc#1068390) Bug fixes: - Fixed failed trusted boot on some systems like Intel Xeon "Purley 8s" processors. The following error message showed: "TBOOT: wait-for-sipi loop timed-out". Booting continued but "TXT measured launch" was wrongly reported as FALSE. (bsc#1057555) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1901=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1901=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP3 (x86_64): tboot-20160518_1.9.4-7.5.1 tboot-debuginfo-20160518_1.9.4-7.5.1 tboot-debugsource-20160518_1.9.4-7.5.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): tboot-20160518_1.9.4-7.5.1 tboot-debuginfo-20160518_1.9.4-7.5.1 tboot-debugsource-20160518_1.9.4-7.5.1 References: https://www.suse.com/security/cve/CVE-2017-16837.html https://bugzilla.suse.com/1057555 https://bugzilla.suse.com/1068390 From sle-updates at lists.suse.com Fri Nov 24 13:21:16 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:21:16 +0100 (CET) Subject: SUSE-RU-2017:3091-1: moderate: Recommended update for supportutils-plugin-suse-openstack-cloud Message-ID: <20171124202116.C1740FCE5@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3091-1 Rating: moderate References: #1064838 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-suse-openstack-cloud fixes the following issues: - Add monasca-installer.log - Capture MariaDB logs, variables and status Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2017-1910=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2017-1910=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 7 (noarch): supportutils-plugin-suse-openstack-cloud-7.0.1507736091.7514a83-4.6.1 - SUSE Enterprise Storage 4 (noarch): supportutils-plugin-suse-openstack-cloud-7.0.1507736091.7514a83-4.6.1 References: https://bugzilla.suse.com/1064838 From sle-updates at lists.suse.com Fri Nov 24 13:21:41 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Nov 2017 21:21:41 +0100 (CET) Subject: SUSE-SU-2017:3092-1: moderate: Security update for perl Message-ID: <20171124202141.BE8ABFCE5@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3092-1 Rating: moderate References: #1047178 #1057721 #1057724 #999735 Cross-References: CVE-2017-12837 CVE-2017-12883 CVE-2017-6512 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for perl fixes the following issues: Security issues fixed: - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. (bnc#1057724) - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. (bnc#1057721) - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes: - backport set_capture_string changes from upstream (bsc#999735) - reformat baselibs.conf as source validator workaround Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1903=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1903=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1903=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1903=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1903=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1903=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1903=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): perl-5.18.2-12.3.1 perl-base-5.18.2-12.3.1 perl-base-debuginfo-5.18.2-12.3.1 perl-debuginfo-5.18.2-12.3.1 perl-debugsource-5.18.2-12.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): perl-doc-5.18.2-12.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): perl-5.18.2-12.3.1 perl-base-5.18.2-12.3.1 perl-base-debuginfo-5.18.2-12.3.1 perl-debuginfo-5.18.2-12.3.1 perl-debugsource-5.18.2-12.3.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): perl-32bit-5.18.2-12.3.1 perl-debuginfo-32bit-5.18.2-12.3.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): perl-doc-5.18.2-12.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): perl-5.18.2-12.3.1 perl-base-5.18.2-12.3.1 perl-base-debuginfo-5.18.2-12.3.1 perl-debuginfo-5.18.2-12.3.1 perl-debugsource-5.18.2-12.3.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): perl-32bit-5.18.2-12.3.1 perl-debuginfo-32bit-5.18.2-12.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): perl-doc-5.18.2-12.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): perl-doc-5.18.2-12.3.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): perl-32bit-5.18.2-12.3.1 perl-5.18.2-12.3.1 perl-base-5.18.2-12.3.1 perl-base-debuginfo-5.18.2-12.3.1 perl-debuginfo-32bit-5.18.2-12.3.1 perl-debuginfo-5.18.2-12.3.1 perl-debugsource-5.18.2-12.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): perl-doc-5.18.2-12.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): perl-32bit-5.18.2-12.3.1 perl-5.18.2-12.3.1 perl-base-5.18.2-12.3.1 perl-base-debuginfo-5.18.2-12.3.1 perl-debuginfo-32bit-5.18.2-12.3.1 perl-debuginfo-5.18.2-12.3.1 perl-debugsource-5.18.2-12.3.1 - SUSE Container as a Service Platform ALL (x86_64): perl-5.18.2-12.3.1 perl-base-5.18.2-12.3.1 perl-base-debuginfo-5.18.2-12.3.1 perl-debuginfo-5.18.2-12.3.1 perl-debugsource-5.18.2-12.3.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): perl-5.18.2-12.3.1 perl-base-5.18.2-12.3.1 perl-base-debuginfo-5.18.2-12.3.1 perl-debuginfo-5.18.2-12.3.1 perl-debugsource-5.18.2-12.3.1 References: https://www.suse.com/security/cve/CVE-2017-12837.html https://www.suse.com/security/cve/CVE-2017-12883.html https://www.suse.com/security/cve/CVE-2017-6512.html https://bugzilla.suse.com/1047178 https://bugzilla.suse.com/1057721 https://bugzilla.suse.com/1057724 https://bugzilla.suse.com/999735 From sle-updates at lists.suse.com Fri Nov 24 16:07:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Nov 2017 00:07:26 +0100 (CET) Subject: SUSE-RU-2017:3093-1: important: Recommended update for libgcrypt Message-ID: <20171124230726.C0F3AFCD2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3093-1 Rating: important References: #1043333 #1059723 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libgcrypt provides the following fix: - Fix a regression in a previous update which caused libgcrypt to leak file descriptors causing failures when starting rtkit-daemon. (bsc#1059723) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1916=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1916=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1916=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1916=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1916=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1916=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1916=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1916=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1916=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.48.1 libgcrypt-devel-1.6.1-16.48.1 libgcrypt-devel-debuginfo-1.6.1-16.48.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.48.1 libgcrypt-devel-1.6.1-16.48.1 libgcrypt-devel-debuginfo-1.6.1-16.48.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libgcrypt-debugsource-1.6.1-16.48.1 libgcrypt20-1.6.1-16.48.1 libgcrypt20-debuginfo-1.6.1-16.48.1 libgcrypt20-hmac-1.6.1-16.48.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.48.1 libgcrypt20-1.6.1-16.48.1 libgcrypt20-debuginfo-1.6.1-16.48.1 libgcrypt20-hmac-1.6.1-16.48.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libgcrypt20-32bit-1.6.1-16.48.1 libgcrypt20-debuginfo-32bit-1.6.1-16.48.1 libgcrypt20-hmac-32bit-1.6.1-16.48.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.48.1 libgcrypt20-1.6.1-16.48.1 libgcrypt20-debuginfo-1.6.1-16.48.1 libgcrypt20-hmac-1.6.1-16.48.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libgcrypt20-32bit-1.6.1-16.48.1 libgcrypt20-debuginfo-32bit-1.6.1-16.48.1 libgcrypt20-hmac-32bit-1.6.1-16.48.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libgcrypt-debugsource-1.6.1-16.48.1 libgcrypt20-1.6.1-16.48.1 libgcrypt20-32bit-1.6.1-16.48.1 libgcrypt20-debuginfo-1.6.1-16.48.1 libgcrypt20-debuginfo-32bit-1.6.1-16.48.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libgcrypt-debugsource-1.6.1-16.48.1 libgcrypt20-1.6.1-16.48.1 libgcrypt20-32bit-1.6.1-16.48.1 libgcrypt20-debuginfo-1.6.1-16.48.1 libgcrypt20-debuginfo-32bit-1.6.1-16.48.1 - SUSE Container as a Service Platform ALL (x86_64): libgcrypt-debugsource-1.6.1-16.48.1 libgcrypt20-1.6.1-16.48.1 libgcrypt20-debuginfo-1.6.1-16.48.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libgcrypt-debugsource-1.6.1-16.48.1 libgcrypt20-1.6.1-16.48.1 libgcrypt20-debuginfo-1.6.1-16.48.1 References: https://bugzilla.suse.com/1043333 https://bugzilla.suse.com/1059723 From sle-updates at lists.suse.com Mon Nov 27 10:09:30 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2017 18:09:30 +0100 (CET) Subject: SUSE-RU-2017:3102-1: Optional update for gcc7 Message-ID: <20171127170930.4D633FCD2@maintenance.suse.de> SUSE Recommended Update: Optional update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3102-1 Rating: low References: #1056437 #1062591 #1062592 Affected Products: SUSE OpenStack Cloud 6 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: The GNU Compiler GCC 7 is being added to the Toolchain Module by this update. New features: - Support for specific IBM Power9 processor instructions. - Support for specific IBM zSeries z14 processor instructions. - New packages cross-npvtx-gcc7 and nvptx-tools added to the Toolchain Module for specific NVIDIA Card offload support. The update also supplies gcc7 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the base products of SUSE Linux Enterprise 12. Various optimizers have been improved in GCC 7, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 7 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-7/changes.html Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6: zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1917=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1917=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1917=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1917=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1917=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1917=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1917=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1917=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1917=1 - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2017-1917=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1917=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1917=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1917=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1917=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 6 (x86_64): gcc7-debuginfo-7.2.1+r253435-2.4 gcc7-debugsource-7.2.1+r253435-2.4 libasan4-32bit-7.2.1+r253435-2.4 libasan4-32bit-debuginfo-7.2.1+r253435-2.4 libasan4-7.2.1+r253435-2.4 libasan4-debuginfo-7.2.1+r253435-2.4 libatomic1-32bit-7.2.1+r253435-2.4 libatomic1-32bit-debuginfo-7.2.1+r253435-2.4 libatomic1-7.2.1+r253435-2.4 libatomic1-debuginfo-7.2.1+r253435-2.4 libcilkrts5-32bit-7.2.1+r253435-2.4 libcilkrts5-32bit-debuginfo-7.2.1+r253435-2.4 libcilkrts5-7.2.1+r253435-2.4 libcilkrts5-debuginfo-7.2.1+r253435-2.4 libgcc_s1-32bit-7.2.1+r253435-2.4 libgcc_s1-32bit-debuginfo-7.2.1+r253435-2.4 libgcc_s1-7.2.1+r253435-2.4 libgcc_s1-debuginfo-7.2.1+r253435-2.4 libgfortran4-32bit-7.2.1+r253435-2.4 libgfortran4-32bit-debuginfo-7.2.1+r253435-2.4 libgfortran4-7.2.1+r253435-2.4 libgfortran4-debuginfo-7.2.1+r253435-2.4 libgomp1-32bit-7.2.1+r253435-2.4 libgomp1-32bit-debuginfo-7.2.1+r253435-2.4 libgomp1-7.2.1+r253435-2.4 libgomp1-debuginfo-7.2.1+r253435-2.4 libitm1-32bit-7.2.1+r253435-2.4 libitm1-32bit-debuginfo-7.2.1+r253435-2.4 libitm1-7.2.1+r253435-2.4 libitm1-debuginfo-7.2.1+r253435-2.4 liblsan0-7.2.1+r253435-2.4 liblsan0-debuginfo-7.2.1+r253435-2.4 libmpx2-32bit-7.2.1+r253435-2.4 libmpx2-32bit-debuginfo-7.2.1+r253435-2.4 libmpx2-7.2.1+r253435-2.4 libmpx2-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-32bit-7.2.1+r253435-2.4 libmpxwrappers2-32bit-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-7.2.1+r253435-2.4 libmpxwrappers2-debuginfo-7.2.1+r253435-2.4 libquadmath0-32bit-7.2.1+r253435-2.4 libquadmath0-32bit-debuginfo-7.2.1+r253435-2.4 libquadmath0-7.2.1+r253435-2.4 libquadmath0-debuginfo-7.2.1+r253435-2.4 libstdc++6-32bit-7.2.1+r253435-2.4 libstdc++6-32bit-debuginfo-7.2.1+r253435-2.4 libstdc++6-7.2.1+r253435-2.4 libstdc++6-debuginfo-7.2.1+r253435-2.4 libstdc++6-locale-7.2.1+r253435-2.4 libtsan0-7.2.1+r253435-2.4 libtsan0-debuginfo-7.2.1+r253435-2.4 libubsan0-32bit-7.2.1+r253435-2.4 libubsan0-32bit-debuginfo-7.2.1+r253435-2.4 libubsan0-7.2.1+r253435-2.4 libubsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Software Development Kit 12-SP3 (s390x x86_64): gcc7-debugsource-7.2.1+r253435-2.4 libgfortran4-32bit-7.2.1+r253435-2.4 - SUSE Linux Enterprise Software Development Kit 12-SP2 (s390x x86_64): gcc7-debugsource-7.2.1+r253435-2.4 libgfortran4-32bit-7.2.1+r253435-2.4 - SUSE Linux Enterprise Software Development Kit 12-SP2 (s390x): gcc7-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): gcc7-debuginfo-7.2.1+r253435-2.4 gcc7-debugsource-7.2.1+r253435-2.4 libasan4-7.2.1+r253435-2.4 libasan4-debuginfo-7.2.1+r253435-2.4 libatomic1-7.2.1+r253435-2.4 libatomic1-debuginfo-7.2.1+r253435-2.4 libgcc_s1-7.2.1+r253435-2.4 libgcc_s1-debuginfo-7.2.1+r253435-2.4 libgfortran4-7.2.1+r253435-2.4 libgfortran4-debuginfo-7.2.1+r253435-2.4 libgomp1-7.2.1+r253435-2.4 libgomp1-debuginfo-7.2.1+r253435-2.4 libitm1-7.2.1+r253435-2.4 libitm1-debuginfo-7.2.1+r253435-2.4 liblsan0-7.2.1+r253435-2.4 liblsan0-debuginfo-7.2.1+r253435-2.4 libstdc++6-7.2.1+r253435-2.4 libstdc++6-debuginfo-7.2.1+r253435-2.4 libstdc++6-locale-7.2.1+r253435-2.4 libtsan0-7.2.1+r253435-2.4 libtsan0-debuginfo-7.2.1+r253435-2.4 libubsan0-7.2.1+r253435-2.4 libubsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libasan4-32bit-7.2.1+r253435-2.4 libasan4-32bit-debuginfo-7.2.1+r253435-2.4 libatomic1-32bit-7.2.1+r253435-2.4 libatomic1-32bit-debuginfo-7.2.1+r253435-2.4 libcilkrts5-32bit-7.2.1+r253435-2.4 libcilkrts5-32bit-debuginfo-7.2.1+r253435-2.4 libcilkrts5-7.2.1+r253435-2.4 libcilkrts5-debuginfo-7.2.1+r253435-2.4 libgcc_s1-32bit-7.2.1+r253435-2.4 libgcc_s1-32bit-debuginfo-7.2.1+r253435-2.4 libgfortran4-32bit-7.2.1+r253435-2.4 libgfortran4-32bit-debuginfo-7.2.1+r253435-2.4 libgomp1-32bit-7.2.1+r253435-2.4 libgomp1-32bit-debuginfo-7.2.1+r253435-2.4 libitm1-32bit-7.2.1+r253435-2.4 libitm1-32bit-debuginfo-7.2.1+r253435-2.4 libmpx2-32bit-7.2.1+r253435-2.4 libmpx2-32bit-debuginfo-7.2.1+r253435-2.4 libmpx2-7.2.1+r253435-2.4 libmpx2-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-32bit-7.2.1+r253435-2.4 libmpxwrappers2-32bit-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-7.2.1+r253435-2.4 libmpxwrappers2-debuginfo-7.2.1+r253435-2.4 libquadmath0-32bit-7.2.1+r253435-2.4 libquadmath0-32bit-debuginfo-7.2.1+r253435-2.4 libquadmath0-7.2.1+r253435-2.4 libquadmath0-debuginfo-7.2.1+r253435-2.4 libstdc++6-32bit-7.2.1+r253435-2.4 libstdc++6-32bit-debuginfo-7.2.1+r253435-2.4 libubsan0-32bit-7.2.1+r253435-2.4 libubsan0-32bit-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): gcc7-debuginfo-7.2.1+r253435-2.4 gcc7-debugsource-7.2.1+r253435-2.4 libasan4-7.2.1+r253435-2.4 libasan4-debuginfo-7.2.1+r253435-2.4 libatomic1-7.2.1+r253435-2.4 libatomic1-debuginfo-7.2.1+r253435-2.4 libgcc_s1-7.2.1+r253435-2.4 libgcc_s1-debuginfo-7.2.1+r253435-2.4 libgfortran4-7.2.1+r253435-2.4 libgfortran4-debuginfo-7.2.1+r253435-2.4 libgomp1-7.2.1+r253435-2.4 libgomp1-debuginfo-7.2.1+r253435-2.4 libitm1-7.2.1+r253435-2.4 libitm1-debuginfo-7.2.1+r253435-2.4 liblsan0-7.2.1+r253435-2.4 liblsan0-debuginfo-7.2.1+r253435-2.4 libstdc++6-7.2.1+r253435-2.4 libstdc++6-debuginfo-7.2.1+r253435-2.4 libstdc++6-locale-7.2.1+r253435-2.4 libtsan0-7.2.1+r253435-2.4 libtsan0-debuginfo-7.2.1+r253435-2.4 libubsan0-7.2.1+r253435-2.4 libubsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): gcc7-debuginfo-7.2.1+r253435-2.4 gcc7-debugsource-7.2.1+r253435-2.4 libasan4-7.2.1+r253435-2.4 libasan4-debuginfo-7.2.1+r253435-2.4 libatomic1-7.2.1+r253435-2.4 libatomic1-debuginfo-7.2.1+r253435-2.4 libgcc_s1-7.2.1+r253435-2.4 libgcc_s1-debuginfo-7.2.1+r253435-2.4 libgfortran4-7.2.1+r253435-2.4 libgfortran4-debuginfo-7.2.1+r253435-2.4 libgomp1-7.2.1+r253435-2.4 libgomp1-debuginfo-7.2.1+r253435-2.4 libitm1-7.2.1+r253435-2.4 libitm1-debuginfo-7.2.1+r253435-2.4 libstdc++6-7.2.1+r253435-2.4 libstdc++6-debuginfo-7.2.1+r253435-2.4 libstdc++6-locale-7.2.1+r253435-2.4 libubsan0-7.2.1+r253435-2.4 libubsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le x86_64): liblsan0-7.2.1+r253435-2.4 liblsan0-debuginfo-7.2.1+r253435-2.4 libtsan0-7.2.1+r253435-2.4 libtsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libasan4-32bit-7.2.1+r253435-2.4 libatomic1-32bit-7.2.1+r253435-2.4 libgcc_s1-32bit-7.2.1+r253435-2.4 libgfortran4-32bit-7.2.1+r253435-2.4 libgomp1-32bit-7.2.1+r253435-2.4 libitm1-32bit-7.2.1+r253435-2.4 libstdc++6-32bit-7.2.1+r253435-2.4 libubsan0-32bit-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP3 (x86_64): libcilkrts5-32bit-7.2.1+r253435-2.4 libcilkrts5-7.2.1+r253435-2.4 libcilkrts5-debuginfo-7.2.1+r253435-2.4 libmpx2-32bit-7.2.1+r253435-2.4 libmpx2-7.2.1+r253435-2.4 libmpx2-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-32bit-7.2.1+r253435-2.4 libmpxwrappers2-7.2.1+r253435-2.4 libmpxwrappers2-debuginfo-7.2.1+r253435-2.4 libquadmath0-32bit-7.2.1+r253435-2.4 libquadmath0-7.2.1+r253435-2.4 libquadmath0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP3 (s390x): libasan4-32bit-debuginfo-7.2.1+r253435-2.4 libubsan0-32bit-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): gcc7-debuginfo-7.2.1+r253435-2.4 gcc7-debugsource-7.2.1+r253435-2.4 libasan4-7.2.1+r253435-2.4 libasan4-debuginfo-7.2.1+r253435-2.4 libatomic1-7.2.1+r253435-2.4 libatomic1-debuginfo-7.2.1+r253435-2.4 libgcc_s1-7.2.1+r253435-2.4 libgcc_s1-debuginfo-7.2.1+r253435-2.4 libgfortran4-7.2.1+r253435-2.4 libgfortran4-debuginfo-7.2.1+r253435-2.4 libgomp1-7.2.1+r253435-2.4 libgomp1-debuginfo-7.2.1+r253435-2.4 libitm1-7.2.1+r253435-2.4 libitm1-debuginfo-7.2.1+r253435-2.4 libstdc++6-7.2.1+r253435-2.4 libstdc++6-debuginfo-7.2.1+r253435-2.4 libstdc++6-locale-7.2.1+r253435-2.4 libubsan0-7.2.1+r253435-2.4 libubsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): liblsan0-7.2.1+r253435-2.4 liblsan0-debuginfo-7.2.1+r253435-2.4 libtsan0-7.2.1+r253435-2.4 libtsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libasan4-32bit-7.2.1+r253435-2.4 libatomic1-32bit-7.2.1+r253435-2.4 libgcc_s1-32bit-7.2.1+r253435-2.4 libgfortran4-32bit-7.2.1+r253435-2.4 libgomp1-32bit-7.2.1+r253435-2.4 libitm1-32bit-7.2.1+r253435-2.4 libstdc++6-32bit-7.2.1+r253435-2.4 libubsan0-32bit-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libcilkrts5-32bit-7.2.1+r253435-2.4 libcilkrts5-7.2.1+r253435-2.4 libcilkrts5-debuginfo-7.2.1+r253435-2.4 libmpx2-32bit-7.2.1+r253435-2.4 libmpx2-7.2.1+r253435-2.4 libmpx2-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-32bit-7.2.1+r253435-2.4 libmpxwrappers2-7.2.1+r253435-2.4 libmpxwrappers2-debuginfo-7.2.1+r253435-2.4 libquadmath0-32bit-7.2.1+r253435-2.4 libquadmath0-7.2.1+r253435-2.4 libquadmath0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP2 (s390x): libasan4-32bit-debuginfo-7.2.1+r253435-2.4 libubsan0-32bit-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): gcc7-debuginfo-7.2.1+r253435-2.4 gcc7-debugsource-7.2.1+r253435-2.4 libasan4-7.2.1+r253435-2.4 libasan4-debuginfo-7.2.1+r253435-2.4 libatomic1-7.2.1+r253435-2.4 libatomic1-debuginfo-7.2.1+r253435-2.4 libgcc_s1-7.2.1+r253435-2.4 libgcc_s1-debuginfo-7.2.1+r253435-2.4 libgfortran4-7.2.1+r253435-2.4 libgfortran4-debuginfo-7.2.1+r253435-2.4 libgomp1-7.2.1+r253435-2.4 libgomp1-debuginfo-7.2.1+r253435-2.4 libitm1-7.2.1+r253435-2.4 libitm1-debuginfo-7.2.1+r253435-2.4 libstdc++6-7.2.1+r253435-2.4 libstdc++6-debuginfo-7.2.1+r253435-2.4 libstdc++6-locale-7.2.1+r253435-2.4 libubsan0-7.2.1+r253435-2.4 libubsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le x86_64): liblsan0-7.2.1+r253435-2.4 liblsan0-debuginfo-7.2.1+r253435-2.4 libtsan0-7.2.1+r253435-2.4 libtsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libasan4-32bit-7.2.1+r253435-2.4 libasan4-32bit-debuginfo-7.2.1+r253435-2.4 libatomic1-32bit-7.2.1+r253435-2.4 libatomic1-32bit-debuginfo-7.2.1+r253435-2.4 libgcc_s1-32bit-7.2.1+r253435-2.4 libgcc_s1-32bit-debuginfo-7.2.1+r253435-2.4 libgfortran4-32bit-7.2.1+r253435-2.4 libgfortran4-32bit-debuginfo-7.2.1+r253435-2.4 libgomp1-32bit-7.2.1+r253435-2.4 libgomp1-32bit-debuginfo-7.2.1+r253435-2.4 libitm1-32bit-7.2.1+r253435-2.4 libitm1-32bit-debuginfo-7.2.1+r253435-2.4 libstdc++6-32bit-7.2.1+r253435-2.4 libstdc++6-32bit-debuginfo-7.2.1+r253435-2.4 libubsan0-32bit-7.2.1+r253435-2.4 libubsan0-32bit-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): libcilkrts5-32bit-7.2.1+r253435-2.4 libcilkrts5-32bit-debuginfo-7.2.1+r253435-2.4 libcilkrts5-7.2.1+r253435-2.4 libcilkrts5-debuginfo-7.2.1+r253435-2.4 libmpx2-32bit-7.2.1+r253435-2.4 libmpx2-32bit-debuginfo-7.2.1+r253435-2.4 libmpx2-7.2.1+r253435-2.4 libmpx2-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-32bit-7.2.1+r253435-2.4 libmpxwrappers2-32bit-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-7.2.1+r253435-2.4 libmpxwrappers2-debuginfo-7.2.1+r253435-2.4 libquadmath0-32bit-7.2.1+r253435-2.4 libquadmath0-32bit-debuginfo-7.2.1+r253435-2.4 libquadmath0-7.2.1+r253435-2.4 libquadmath0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): gcc7-debugsource-7.2.1+r253435-2.4 libasan4-7.2.1+r253435-2.4 libasan4-debuginfo-7.2.1+r253435-2.4 libatomic1-7.2.1+r253435-2.4 libatomic1-debuginfo-7.2.1+r253435-2.4 libgcc_s1-7.2.1+r253435-2.4 libgcc_s1-debuginfo-7.2.1+r253435-2.4 libgfortran4-7.2.1+r253435-2.4 libgfortran4-debuginfo-7.2.1+r253435-2.4 libgomp1-7.2.1+r253435-2.4 libgomp1-debuginfo-7.2.1+r253435-2.4 libitm1-7.2.1+r253435-2.4 libitm1-debuginfo-7.2.1+r253435-2.4 libstdc++6-7.2.1+r253435-2.4 libstdc++6-debuginfo-7.2.1+r253435-2.4 libstdc++6-locale-7.2.1+r253435-2.4 libubsan0-7.2.1+r253435-2.4 libubsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-LTSS (ppc64le x86_64): liblsan0-7.2.1+r253435-2.4 liblsan0-debuginfo-7.2.1+r253435-2.4 libtsan0-7.2.1+r253435-2.4 libtsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libasan4-32bit-7.2.1+r253435-2.4 libasan4-32bit-debuginfo-7.2.1+r253435-2.4 libatomic1-32bit-7.2.1+r253435-2.4 libatomic1-32bit-debuginfo-7.2.1+r253435-2.4 libgcc_s1-32bit-7.2.1+r253435-2.4 libgcc_s1-32bit-debuginfo-7.2.1+r253435-2.4 libgfortran4-32bit-7.2.1+r253435-2.4 libgfortran4-32bit-debuginfo-7.2.1+r253435-2.4 libgomp1-32bit-7.2.1+r253435-2.4 libgomp1-32bit-debuginfo-7.2.1+r253435-2.4 libitm1-32bit-7.2.1+r253435-2.4 libitm1-32bit-debuginfo-7.2.1+r253435-2.4 libstdc++6-32bit-7.2.1+r253435-2.4 libstdc++6-32bit-debuginfo-7.2.1+r253435-2.4 libubsan0-32bit-7.2.1+r253435-2.4 libubsan0-32bit-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Server 12-LTSS (x86_64): libcilkrts5-32bit-7.2.1+r253435-2.4 libcilkrts5-32bit-debuginfo-7.2.1+r253435-2.4 libcilkrts5-7.2.1+r253435-2.4 libcilkrts5-debuginfo-7.2.1+r253435-2.4 libmpx2-32bit-7.2.1+r253435-2.4 libmpx2-32bit-debuginfo-7.2.1+r253435-2.4 libmpx2-7.2.1+r253435-2.4 libmpx2-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-32bit-7.2.1+r253435-2.4 libmpxwrappers2-32bit-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-7.2.1+r253435-2.4 libmpxwrappers2-debuginfo-7.2.1+r253435-2.4 libquadmath0-32bit-7.2.1+r253435-2.4 libquadmath0-32bit-debuginfo-7.2.1+r253435-2.4 libquadmath0-7.2.1+r253435-2.4 libquadmath0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Module for Toolchain 12 (aarch64 ppc64le s390x x86_64): cpp7-7.2.1+r253435-2.4 cpp7-debuginfo-7.2.1+r253435-2.4 gcc7-7.2.1+r253435-2.4 gcc7-c++-7.2.1+r253435-2.4 gcc7-c++-debuginfo-7.2.1+r253435-2.4 gcc7-debuginfo-7.2.1+r253435-2.4 gcc7-debugsource-7.2.1+r253435-2.4 gcc7-fortran-7.2.1+r253435-2.4 gcc7-fortran-debuginfo-7.2.1+r253435-2.4 gcc7-locale-7.2.1+r253435-2.4 libstdc++6-devel-gcc7-7.2.1+r253435-2.4 - SUSE Linux Enterprise Module for Toolchain 12 (s390x x86_64): gcc7-32bit-7.2.1+r253435-2.4 gcc7-c++-32bit-7.2.1+r253435-2.4 gcc7-fortran-32bit-7.2.1+r253435-2.4 libstdc++6-devel-gcc7-32bit-7.2.1+r253435-2.4 - SUSE Linux Enterprise Module for Toolchain 12 (x86_64): cross-nvptx-gcc7-7.2.1+r253435-2.1 gcc7-ada-32bit-7.2.1+r253435-2.4 gcc7-ada-7.2.1+r253435-2.4 gcc7-ada-debuginfo-7.2.1+r253435-2.4 libada7-32bit-7.2.1+r253435-2.4 libada7-32bit-debuginfo-7.2.1+r253435-2.4 libada7-7.2.1+r253435-2.4 libada7-debuginfo-7.2.1+r253435-2.4 nvptx-tools-1.0-2.3 - SUSE Linux Enterprise Module for Toolchain 12 (noarch): gcc7-info-7.2.1+r253435-2.4 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): gcc7-debuginfo-7.2.1+r253435-2.4 gcc7-debugsource-7.2.1+r253435-2.4 libasan4-32bit-7.2.1+r253435-2.4 libasan4-7.2.1+r253435-2.4 libasan4-debuginfo-7.2.1+r253435-2.4 libatomic1-32bit-7.2.1+r253435-2.4 libatomic1-7.2.1+r253435-2.4 libatomic1-debuginfo-7.2.1+r253435-2.4 libcilkrts5-32bit-7.2.1+r253435-2.4 libcilkrts5-7.2.1+r253435-2.4 libcilkrts5-debuginfo-7.2.1+r253435-2.4 libgcc_s1-32bit-7.2.1+r253435-2.4 libgcc_s1-7.2.1+r253435-2.4 libgcc_s1-debuginfo-7.2.1+r253435-2.4 libgfortran4-32bit-7.2.1+r253435-2.4 libgfortran4-7.2.1+r253435-2.4 libgfortran4-debuginfo-7.2.1+r253435-2.4 libgomp1-32bit-7.2.1+r253435-2.4 libgomp1-7.2.1+r253435-2.4 libgomp1-debuginfo-7.2.1+r253435-2.4 libitm1-32bit-7.2.1+r253435-2.4 libitm1-7.2.1+r253435-2.4 libitm1-debuginfo-7.2.1+r253435-2.4 liblsan0-7.2.1+r253435-2.4 liblsan0-debuginfo-7.2.1+r253435-2.4 libmpx2-32bit-7.2.1+r253435-2.4 libmpx2-7.2.1+r253435-2.4 libmpx2-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-32bit-7.2.1+r253435-2.4 libmpxwrappers2-7.2.1+r253435-2.4 libmpxwrappers2-debuginfo-7.2.1+r253435-2.4 libquadmath0-32bit-7.2.1+r253435-2.4 libquadmath0-7.2.1+r253435-2.4 libquadmath0-debuginfo-7.2.1+r253435-2.4 libstdc++6-32bit-7.2.1+r253435-2.4 libstdc++6-7.2.1+r253435-2.4 libstdc++6-debuginfo-7.2.1+r253435-2.4 libstdc++6-locale-7.2.1+r253435-2.4 libtsan0-7.2.1+r253435-2.4 libtsan0-debuginfo-7.2.1+r253435-2.4 libubsan0-32bit-7.2.1+r253435-2.4 libubsan0-7.2.1+r253435-2.4 libubsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): gcc7-debuginfo-7.2.1+r253435-2.4 gcc7-debugsource-7.2.1+r253435-2.4 libasan4-32bit-7.2.1+r253435-2.4 libasan4-7.2.1+r253435-2.4 libasan4-debuginfo-7.2.1+r253435-2.4 libatomic1-32bit-7.2.1+r253435-2.4 libatomic1-7.2.1+r253435-2.4 libatomic1-debuginfo-7.2.1+r253435-2.4 libcilkrts5-32bit-7.2.1+r253435-2.4 libcilkrts5-7.2.1+r253435-2.4 libcilkrts5-debuginfo-7.2.1+r253435-2.4 libgcc_s1-32bit-7.2.1+r253435-2.4 libgcc_s1-7.2.1+r253435-2.4 libgcc_s1-debuginfo-7.2.1+r253435-2.4 libgfortran4-32bit-7.2.1+r253435-2.4 libgfortran4-7.2.1+r253435-2.4 libgfortran4-debuginfo-7.2.1+r253435-2.4 libgomp1-32bit-7.2.1+r253435-2.4 libgomp1-7.2.1+r253435-2.4 libgomp1-debuginfo-7.2.1+r253435-2.4 libitm1-32bit-7.2.1+r253435-2.4 libitm1-7.2.1+r253435-2.4 libitm1-debuginfo-7.2.1+r253435-2.4 liblsan0-7.2.1+r253435-2.4 liblsan0-debuginfo-7.2.1+r253435-2.4 libmpx2-32bit-7.2.1+r253435-2.4 libmpx2-7.2.1+r253435-2.4 libmpx2-debuginfo-7.2.1+r253435-2.4 libmpxwrappers2-32bit-7.2.1+r253435-2.4 libmpxwrappers2-7.2.1+r253435-2.4 libmpxwrappers2-debuginfo-7.2.1+r253435-2.4 libquadmath0-32bit-7.2.1+r253435-2.4 libquadmath0-7.2.1+r253435-2.4 libquadmath0-debuginfo-7.2.1+r253435-2.4 libstdc++6-32bit-7.2.1+r253435-2.4 libstdc++6-7.2.1+r253435-2.4 libstdc++6-debuginfo-7.2.1+r253435-2.4 libstdc++6-locale-7.2.1+r253435-2.4 libtsan0-7.2.1+r253435-2.4 libtsan0-debuginfo-7.2.1+r253435-2.4 libubsan0-32bit-7.2.1+r253435-2.4 libubsan0-7.2.1+r253435-2.4 libubsan0-debuginfo-7.2.1+r253435-2.4 - SUSE Container as a Service Platform ALL (x86_64): gcc7-debuginfo-7.2.1+r253435-2.4 gcc7-debugsource-7.2.1+r253435-2.4 libgcc_s1-7.2.1+r253435-2.4 libgcc_s1-debuginfo-7.2.1+r253435-2.4 libstdc++6-7.2.1+r253435-2.4 libstdc++6-debuginfo-7.2.1+r253435-2.4 - OpenStack Cloud Magnum Orchestration 7 (x86_64): gcc7-debuginfo-7.2.1+r253435-2.4 gcc7-debugsource-7.2.1+r253435-2.4 libgcc_s1-7.2.1+r253435-2.4 libgcc_s1-debuginfo-7.2.1+r253435-2.4 libstdc++6-7.2.1+r253435-2.4 libstdc++6-debuginfo-7.2.1+r253435-2.4 References: https://bugzilla.suse.com/1056437 https://bugzilla.suse.com/1062591 https://bugzilla.suse.com/1062592 From sle-updates at lists.suse.com Mon Nov 27 14:14:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2017 22:14:27 +0100 (CET) Subject: SUSE-SU-2017:3103-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12) Message-ID: <20171127211427.C3AE1FD08@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3103-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.61-52_80 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1921=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_80-default-5-2.1 kgraft-patch-3_12_61-52_80-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Mon Nov 27 14:16:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2017 22:16:48 +0100 (CET) Subject: SUSE-SU-2017:3104-1: important: Security update for samba Message-ID: <20171127211648.BD711FD08@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3104-1 Rating: important References: #1027593 #1060427 #1063008 Cross-References: CVE-2017-14746 CVE-2017-15275 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise High Availability 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2017-14746: Use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Server heap memory information leak (bsc#1063008). Bug fixes: - Update 'winbind expand groups' doc in smb.conf man page (bsc#1027593). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1919=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1919=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1919=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1919=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1919=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsmbclient-devel-4.4.2-38.14.1 libwbclient-devel-4.4.2-38.14.1 samba-debuginfo-4.4.2-38.14.1 samba-debugsource-4.4.2-38.14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libdcerpc-binding0-4.4.2-38.14.1 libdcerpc-binding0-debuginfo-4.4.2-38.14.1 libdcerpc0-4.4.2-38.14.1 libdcerpc0-debuginfo-4.4.2-38.14.1 libndr-krb5pac0-4.4.2-38.14.1 libndr-krb5pac0-debuginfo-4.4.2-38.14.1 libndr-nbt0-4.4.2-38.14.1 libndr-nbt0-debuginfo-4.4.2-38.14.1 libndr-standard0-4.4.2-38.14.1 libndr-standard0-debuginfo-4.4.2-38.14.1 libndr0-4.4.2-38.14.1 libndr0-debuginfo-4.4.2-38.14.1 libnetapi0-4.4.2-38.14.1 libnetapi0-debuginfo-4.4.2-38.14.1 libsamba-credentials0-4.4.2-38.14.1 libsamba-credentials0-debuginfo-4.4.2-38.14.1 libsamba-errors0-4.4.2-38.14.1 libsamba-errors0-debuginfo-4.4.2-38.14.1 libsamba-hostconfig0-4.4.2-38.14.1 libsamba-hostconfig0-debuginfo-4.4.2-38.14.1 libsamba-passdb0-4.4.2-38.14.1 libsamba-passdb0-debuginfo-4.4.2-38.14.1 libsamba-util0-4.4.2-38.14.1 libsamba-util0-debuginfo-4.4.2-38.14.1 libsamdb0-4.4.2-38.14.1 libsamdb0-debuginfo-4.4.2-38.14.1 libsmbclient0-4.4.2-38.14.1 libsmbclient0-debuginfo-4.4.2-38.14.1 libsmbconf0-4.4.2-38.14.1 libsmbconf0-debuginfo-4.4.2-38.14.1 libsmbldap0-4.4.2-38.14.1 libsmbldap0-debuginfo-4.4.2-38.14.1 libtevent-util0-4.4.2-38.14.1 libtevent-util0-debuginfo-4.4.2-38.14.1 libwbclient0-4.4.2-38.14.1 libwbclient0-debuginfo-4.4.2-38.14.1 samba-4.4.2-38.14.1 samba-client-4.4.2-38.14.1 samba-client-debuginfo-4.4.2-38.14.1 samba-debuginfo-4.4.2-38.14.1 samba-debugsource-4.4.2-38.14.1 samba-libs-4.4.2-38.14.1 samba-libs-debuginfo-4.4.2-38.14.1 samba-winbind-4.4.2-38.14.1 samba-winbind-debuginfo-4.4.2-38.14.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): samba-doc-4.4.2-38.14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.4.2-38.14.1 libdcerpc-binding0-debuginfo-4.4.2-38.14.1 libdcerpc0-4.4.2-38.14.1 libdcerpc0-debuginfo-4.4.2-38.14.1 libndr-krb5pac0-4.4.2-38.14.1 libndr-krb5pac0-debuginfo-4.4.2-38.14.1 libndr-nbt0-4.4.2-38.14.1 libndr-nbt0-debuginfo-4.4.2-38.14.1 libndr-standard0-4.4.2-38.14.1 libndr-standard0-debuginfo-4.4.2-38.14.1 libndr0-4.4.2-38.14.1 libndr0-debuginfo-4.4.2-38.14.1 libnetapi0-4.4.2-38.14.1 libnetapi0-debuginfo-4.4.2-38.14.1 libsamba-credentials0-4.4.2-38.14.1 libsamba-credentials0-debuginfo-4.4.2-38.14.1 libsamba-errors0-4.4.2-38.14.1 libsamba-errors0-debuginfo-4.4.2-38.14.1 libsamba-hostconfig0-4.4.2-38.14.1 libsamba-hostconfig0-debuginfo-4.4.2-38.14.1 libsamba-passdb0-4.4.2-38.14.1 libsamba-passdb0-debuginfo-4.4.2-38.14.1 libsamba-util0-4.4.2-38.14.1 libsamba-util0-debuginfo-4.4.2-38.14.1 libsamdb0-4.4.2-38.14.1 libsamdb0-debuginfo-4.4.2-38.14.1 libsmbclient0-4.4.2-38.14.1 libsmbclient0-debuginfo-4.4.2-38.14.1 libsmbconf0-4.4.2-38.14.1 libsmbconf0-debuginfo-4.4.2-38.14.1 libsmbldap0-4.4.2-38.14.1 libsmbldap0-debuginfo-4.4.2-38.14.1 libtevent-util0-4.4.2-38.14.1 libtevent-util0-debuginfo-4.4.2-38.14.1 libwbclient0-4.4.2-38.14.1 libwbclient0-debuginfo-4.4.2-38.14.1 samba-4.4.2-38.14.1 samba-client-4.4.2-38.14.1 samba-client-debuginfo-4.4.2-38.14.1 samba-debuginfo-4.4.2-38.14.1 samba-debugsource-4.4.2-38.14.1 samba-libs-4.4.2-38.14.1 samba-libs-debuginfo-4.4.2-38.14.1 samba-winbind-4.4.2-38.14.1 samba-winbind-debuginfo-4.4.2-38.14.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.14.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.14.1 libdcerpc0-32bit-4.4.2-38.14.1 libdcerpc0-debuginfo-32bit-4.4.2-38.14.1 libndr-krb5pac0-32bit-4.4.2-38.14.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.14.1 libndr-nbt0-32bit-4.4.2-38.14.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.14.1 libndr-standard0-32bit-4.4.2-38.14.1 libndr-standard0-debuginfo-32bit-4.4.2-38.14.1 libndr0-32bit-4.4.2-38.14.1 libndr0-debuginfo-32bit-4.4.2-38.14.1 libnetapi0-32bit-4.4.2-38.14.1 libnetapi0-debuginfo-32bit-4.4.2-38.14.1 libsamba-credentials0-32bit-4.4.2-38.14.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.14.1 libsamba-errors0-32bit-4.4.2-38.14.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.14.1 libsamba-hostconfig0-32bit-4.4.2-38.14.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.14.1 libsamba-passdb0-32bit-4.4.2-38.14.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.14.1 libsamba-util0-32bit-4.4.2-38.14.1 libsamba-util0-debuginfo-32bit-4.4.2-38.14.1 libsamdb0-32bit-4.4.2-38.14.1 libsamdb0-debuginfo-32bit-4.4.2-38.14.1 libsmbclient0-32bit-4.4.2-38.14.1 libsmbclient0-debuginfo-32bit-4.4.2-38.14.1 libsmbconf0-32bit-4.4.2-38.14.1 libsmbconf0-debuginfo-32bit-4.4.2-38.14.1 libsmbldap0-32bit-4.4.2-38.14.1 libsmbldap0-debuginfo-32bit-4.4.2-38.14.1 libtevent-util0-32bit-4.4.2-38.14.1 libtevent-util0-debuginfo-32bit-4.4.2-38.14.1 libwbclient0-32bit-4.4.2-38.14.1 libwbclient0-debuginfo-32bit-4.4.2-38.14.1 samba-client-32bit-4.4.2-38.14.1 samba-client-debuginfo-32bit-4.4.2-38.14.1 samba-libs-32bit-4.4.2-38.14.1 samba-libs-debuginfo-32bit-4.4.2-38.14.1 samba-winbind-32bit-4.4.2-38.14.1 samba-winbind-debuginfo-32bit-4.4.2-38.14.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): samba-doc-4.4.2-38.14.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-38.14.1 ctdb-debuginfo-4.4.2-38.14.1 samba-debuginfo-4.4.2-38.14.1 samba-debugsource-4.4.2-38.14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.14.1 libdcerpc-binding0-4.4.2-38.14.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.14.1 libdcerpc-binding0-debuginfo-4.4.2-38.14.1 libdcerpc0-32bit-4.4.2-38.14.1 libdcerpc0-4.4.2-38.14.1 libdcerpc0-debuginfo-32bit-4.4.2-38.14.1 libdcerpc0-debuginfo-4.4.2-38.14.1 libndr-krb5pac0-32bit-4.4.2-38.14.1 libndr-krb5pac0-4.4.2-38.14.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.14.1 libndr-krb5pac0-debuginfo-4.4.2-38.14.1 libndr-nbt0-32bit-4.4.2-38.14.1 libndr-nbt0-4.4.2-38.14.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.14.1 libndr-nbt0-debuginfo-4.4.2-38.14.1 libndr-standard0-32bit-4.4.2-38.14.1 libndr-standard0-4.4.2-38.14.1 libndr-standard0-debuginfo-32bit-4.4.2-38.14.1 libndr-standard0-debuginfo-4.4.2-38.14.1 libndr0-32bit-4.4.2-38.14.1 libndr0-4.4.2-38.14.1 libndr0-debuginfo-32bit-4.4.2-38.14.1 libndr0-debuginfo-4.4.2-38.14.1 libnetapi0-32bit-4.4.2-38.14.1 libnetapi0-4.4.2-38.14.1 libnetapi0-debuginfo-32bit-4.4.2-38.14.1 libnetapi0-debuginfo-4.4.2-38.14.1 libsamba-credentials0-32bit-4.4.2-38.14.1 libsamba-credentials0-4.4.2-38.14.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.14.1 libsamba-credentials0-debuginfo-4.4.2-38.14.1 libsamba-errors0-32bit-4.4.2-38.14.1 libsamba-errors0-4.4.2-38.14.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.14.1 libsamba-errors0-debuginfo-4.4.2-38.14.1 libsamba-hostconfig0-32bit-4.4.2-38.14.1 libsamba-hostconfig0-4.4.2-38.14.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.14.1 libsamba-hostconfig0-debuginfo-4.4.2-38.14.1 libsamba-passdb0-32bit-4.4.2-38.14.1 libsamba-passdb0-4.4.2-38.14.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.14.1 libsamba-passdb0-debuginfo-4.4.2-38.14.1 libsamba-util0-32bit-4.4.2-38.14.1 libsamba-util0-4.4.2-38.14.1 libsamba-util0-debuginfo-32bit-4.4.2-38.14.1 libsamba-util0-debuginfo-4.4.2-38.14.1 libsamdb0-32bit-4.4.2-38.14.1 libsamdb0-4.4.2-38.14.1 libsamdb0-debuginfo-32bit-4.4.2-38.14.1 libsamdb0-debuginfo-4.4.2-38.14.1 libsmbclient0-32bit-4.4.2-38.14.1 libsmbclient0-4.4.2-38.14.1 libsmbclient0-debuginfo-32bit-4.4.2-38.14.1 libsmbclient0-debuginfo-4.4.2-38.14.1 libsmbconf0-32bit-4.4.2-38.14.1 libsmbconf0-4.4.2-38.14.1 libsmbconf0-debuginfo-32bit-4.4.2-38.14.1 libsmbconf0-debuginfo-4.4.2-38.14.1 libsmbldap0-32bit-4.4.2-38.14.1 libsmbldap0-4.4.2-38.14.1 libsmbldap0-debuginfo-32bit-4.4.2-38.14.1 libsmbldap0-debuginfo-4.4.2-38.14.1 libtevent-util0-32bit-4.4.2-38.14.1 libtevent-util0-4.4.2-38.14.1 libtevent-util0-debuginfo-32bit-4.4.2-38.14.1 libtevent-util0-debuginfo-4.4.2-38.14.1 libwbclient0-32bit-4.4.2-38.14.1 libwbclient0-4.4.2-38.14.1 libwbclient0-debuginfo-32bit-4.4.2-38.14.1 libwbclient0-debuginfo-4.4.2-38.14.1 samba-4.4.2-38.14.1 samba-client-32bit-4.4.2-38.14.1 samba-client-4.4.2-38.14.1 samba-client-debuginfo-32bit-4.4.2-38.14.1 samba-client-debuginfo-4.4.2-38.14.1 samba-debuginfo-4.4.2-38.14.1 samba-debugsource-4.4.2-38.14.1 samba-libs-32bit-4.4.2-38.14.1 samba-libs-4.4.2-38.14.1 samba-libs-debuginfo-32bit-4.4.2-38.14.1 samba-libs-debuginfo-4.4.2-38.14.1 samba-winbind-32bit-4.4.2-38.14.1 samba-winbind-4.4.2-38.14.1 samba-winbind-debuginfo-32bit-4.4.2-38.14.1 samba-winbind-debuginfo-4.4.2-38.14.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): samba-doc-4.4.2-38.14.1 References: https://www.suse.com/security/cve/CVE-2017-14746.html https://www.suse.com/security/cve/CVE-2017-15275.html https://bugzilla.suse.com/1027593 https://bugzilla.suse.com/1060427 https://bugzilla.suse.com/1063008 From sle-updates at lists.suse.com Mon Nov 27 14:19:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2017 22:19:04 +0100 (CET) Subject: SUSE-SU-2017:3106-1: important: Security update for kernel-firmware Message-ID: <20171127211904.1E375FD06@maintenance.suse.de> SUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3106-1 Rating: important References: #1066295 Cross-References: CVE-2017-13080 CVE-2017-13081 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for kernel-firmware fixes the following issues: - Update Intel WiFi firmwares for the 3160, 7260 and 7265 adapters. Security issues fixed are part of the "KRACK" attacks affecting the firmware: - CVE-2017-13080: The reinstallation of the Group Temporal key could be used for replay attacks (bsc#1066295): - CVE-2017-13081: The reinstallation of the Integrity Group Temporal key could be used for replay attacks (bsc#1066295): Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1918=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1918=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1918=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1918=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1918=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1918=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): kernel-firmware-20170530-21.13.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): kernel-firmware-20170530-21.13.1 ucode-amd-20170530-21.13.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): kernel-firmware-20170530-21.13.1 ucode-amd-20170530-21.13.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): kernel-firmware-20170530-21.13.1 ucode-amd-20170530-21.13.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): kernel-firmware-20170530-21.13.1 ucode-amd-20170530-21.13.1 - SUSE Container as a Service Platform ALL (noarch): kernel-firmware-20170530-21.13.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-13081.html https://bugzilla.suse.com/1066295 From sle-updates at lists.suse.com Mon Nov 27 14:19:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 27 Nov 2017 22:19:50 +0100 (CET) Subject: SUSE-SU-2017:3107-1: moderate: Security update for postgresql-init Message-ID: <20171127211950.55527FD06@maintenance.suse.de> SUSE Security Update: Security update for postgresql-init ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3107-1 Rating: moderate References: #1062722 Cross-References: CVE-2017-14798 Affected Products: SUSE Linux Enterprise Server 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql-init fixes the following issues: - CVE-2017-14798: A race condition in the init script could be used by attackers able to access the postgresql account to escalate their privileges to root (bsc#1062722) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-postgresql-init-13352=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (noarch): postgresql-init-9.4-0.5.3.1 References: https://www.suse.com/security/cve/CVE-2017-14798.html https://bugzilla.suse.com/1062722 From sle-updates at lists.suse.com Tue Nov 28 16:52:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 00:52:29 +0100 (CET) Subject: SUSE-RU-2017:3112-1: Recommended update for sle-ha-manuals_en Message-ID: <20171128235229.4F8C3FD06@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-ha-manuals_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3112-1 Rating: low References: #933411 Affected Products: SUSE Linux Enterprise Server for SAP 11-SP4 SUSE Linux Enterprise High Availability Extension 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: The Administrator Guide for SUSE Linux Enterprise High Availability Extension 11-SP4 has been updated, including the following fixes and enhancements: - Updated "Troubleshooting" with two entries about where to find log files and and how to create a report of all cluster nodes Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 11-SP4: zypper in -t patch slesappsp4-sle-ha-manuals_en-13353=1 - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-sle-ha-manuals_en-13353=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 11-SP4 (noarch): sle-ha-guide_en-pdf-11.4-0.24.3.1 sle-ha-manuals_en-11.4-0.24.3.1 sle-ha-nfs-quick_en-pdf-11.4-0.24.3.1 - SUSE Linux Enterprise High Availability Extension 11-SP4 (noarch): sle-ha-guide_en-pdf-11.4-0.24.3.1 sle-ha-manuals_en-11.4-0.24.3.1 sle-ha-nfs-quick_en-pdf-11.4-0.24.3.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Nov 28 16:53:08 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 00:53:08 +0100 (CET) Subject: SUSE-RU-2017:3113-1: moderate: Recommended update for mdadm Message-ID: <20171128235308.76D0AFD06@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3113-1 Rating: moderate References: #1007154 #1007165 #1009954 #1032802 #1047314 #1059596 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for mdadm provides the following fixes: - Load md kernel module if needed when creating or assembling named arrays. (bsc#1059596) - Fix superblock's max_dev when adding a new disk in linear array. (bsc#1032802) - Fix a buffer overflow in super1.c. (bsc#1007154) - Make write_bitmap1 compatible with previous mdadm versions. (bsc#1007165) - Fix a race condition that was causing raid arrays to not be assembled correctly. (bsc#1047314) - Fix handling of MD arrays with devices that have been assigned very large minor numbers. This affects systems with more than 128 MD arrays. (bsc#1009954) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1923=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1923=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1923=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): mdadm-3.4-27.11.1 mdadm-debuginfo-3.4-27.11.1 mdadm-debugsource-3.4-27.11.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): mdadm-3.4-27.11.1 mdadm-debuginfo-3.4-27.11.1 mdadm-debugsource-3.4-27.11.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): mdadm-3.4-27.11.1 mdadm-debuginfo-3.4-27.11.1 mdadm-debugsource-3.4-27.11.1 References: https://bugzilla.suse.com/1007154 https://bugzilla.suse.com/1007165 https://bugzilla.suse.com/1009954 https://bugzilla.suse.com/1032802 https://bugzilla.suse.com/1047314 https://bugzilla.suse.com/1059596 From sle-updates at lists.suse.com Wed Nov 29 11:37:01 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 19:37:01 +0100 (CET) Subject: SUSE-SU-2017:3114-1: moderate: Recommended update for tboot Message-ID: <20171129183701.E684EFCC0@maintenance.suse.de> SUSE Security Update: Recommended update for tboot ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3114-1 Rating: moderate References: #1057555 #889339 Cross-References: CVE-2014-5118 Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tboot provides the following fix: Security issue fixed: - CVE-2014-5118: tboot: bypass of measured boot (bsc#889339) Bug fixes: - Fixed failed trusted boot on some systems like Intel Xeon "Purley 8s" processors. The following error message showed: "TBOOT: wait-for-sipi loop timed-out". Booting continued but "TXT measured launch" was wrongly reported as FALSE. (bsc#1057555) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-tboot-13354=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tboot-13354=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): tboot-20120115_1.7.0-0.5.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): tboot-debuginfo-20120115_1.7.0-0.5.5.1 tboot-debugsource-20120115_1.7.0-0.5.5.1 References: https://www.suse.com/security/cve/CVE-2014-5118.html https://bugzilla.suse.com/1057555 https://bugzilla.suse.com/889339 From sle-updates at lists.suse.com Wed Nov 29 11:37:55 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 19:37:55 +0100 (CET) Subject: SUSE-SU-2017:3115-1: important: Security update for xen Message-ID: <20171129183755.B46D1FCB8@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3115-1 Rating: important References: #1027519 #1055047 #1061075 #1063123 #1068187 #1068191 Cross-References: CVE-2017-15289 CVE-2017-15597 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for xen to version 4.9.1 (bsc#1027519) fixes several issues. This new feature was added: - Support migration of HVM domains larger than 1 TB These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123) - CVE-2017-15597: A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and information leaks (bsc#1061075). This non-security issue was fixed: - bsc#1055047: Fixed --initrd-inject option in virt-install Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1926=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1926=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1926=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1926=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 x86_64): xen-debugsource-4.9.1_02-3.21.1 xen-devel-4.9.1_02-3.21.1 - SUSE Linux Enterprise Server 12-SP3 (x86_64): xen-4.9.1_02-3.21.1 xen-debugsource-4.9.1_02-3.21.1 xen-doc-html-4.9.1_02-3.21.1 xen-libs-32bit-4.9.1_02-3.21.1 xen-libs-4.9.1_02-3.21.1 xen-libs-debuginfo-32bit-4.9.1_02-3.21.1 xen-libs-debuginfo-4.9.1_02-3.21.1 xen-tools-4.9.1_02-3.21.1 xen-tools-debuginfo-4.9.1_02-3.21.1 xen-tools-domU-4.9.1_02-3.21.1 xen-tools-domU-debuginfo-4.9.1_02-3.21.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): xen-4.9.1_02-3.21.1 xen-debugsource-4.9.1_02-3.21.1 xen-libs-32bit-4.9.1_02-3.21.1 xen-libs-4.9.1_02-3.21.1 xen-libs-debuginfo-32bit-4.9.1_02-3.21.1 xen-libs-debuginfo-4.9.1_02-3.21.1 - SUSE Container as a Service Platform ALL (x86_64): xen-debugsource-4.9.1_02-3.21.1 xen-libs-4.9.1_02-3.21.1 xen-libs-debuginfo-4.9.1_02-3.21.1 xen-tools-domU-4.9.1_02-3.21.1 xen-tools-domU-debuginfo-4.9.1_02-3.21.1 References: https://www.suse.com/security/cve/CVE-2017-15289.html https://www.suse.com/security/cve/CVE-2017-15597.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1055047 https://bugzilla.suse.com/1061075 https://bugzilla.suse.com/1063123 https://bugzilla.suse.com/1068187 https://bugzilla.suse.com/1068191 From sle-updates at lists.suse.com Wed Nov 29 13:41:42 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:41:42 +0100 (CET) Subject: SUSE-SU-2017:3116-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) Message-ID: <20171129204142.C43BFFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3116-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.59-92_24 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1931=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_24-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:42:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:42:39 +0100 (CET) Subject: SUSE-SU-2017:3117-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12) Message-ID: <20171129204239.105C8FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3117-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.60-52_60 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1943=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_60-default-10-2.1 kgraft-patch-3_12_60-52_60-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:43:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:43:34 +0100 (CET) Subject: SUSE-SU-2017:3118-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP1) Message-ID: <20171129204334.F2C2BFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3118-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.69-60_64_32 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1935=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1935=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_69-60_64_32-default-8-2.1 kgraft-patch-3_12_69-60_64_32-xen-8-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_69-60_64_32-default-8-2.1 kgraft-patch-3_12_69-60_64_32-xen-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:44:26 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:44:26 +0100 (CET) Subject: SUSE-SU-2017:3119-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12) Message-ID: <20171129204426.E17C0FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3119-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.61-52_89 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1940=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_89-default-4-2.1 kgraft-patch-3_12_61-52_89-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:45:15 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:45:15 +0100 (CET) Subject: SUSE-SU-2017:3120-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) Message-ID: <20171129204515.EBDFDFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3120-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1927=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_74-92_38-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:46:07 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:46:07 +0100 (CET) Subject: SUSE-SU-2017:3121-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2) Message-ID: <20171129204607.AF349FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3121-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.59-92_20 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1932=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_20-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:46:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:46:59 +0100 (CET) Subject: SUSE-SU-2017:3122-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) Message-ID: <20171129204659.71C54FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3122-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1929=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_74-92_32-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:47:56 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:47:56 +0100 (CET) Subject: SUSE-SU-2017:3123-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 12) Message-ID: <20171129204756.C82B8FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3123-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.61-52_83 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1942=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_83-default-4-2.1 kgraft-patch-3_12_61-52_83-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:48:48 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:48:48 +0100 (CET) Subject: SUSE-SU-2017:3124-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP1) Message-ID: <20171129204848.63A92FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3124-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1937=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1937=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_67-60_64_21-default-11-2.1 kgraft-patch-3_12_67-60_64_21-xen-11-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_67-60_64_21-default-11-2.1 kgraft-patch-3_12_67-60_64_21-xen-11-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:49:34 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:49:34 +0100 (CET) Subject: SUSE-SU-2017:3125-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12) Message-ID: <20171129204934.93464FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3125-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.61-52_86 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1941=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_86-default-4-2.1 kgraft-patch-3_12_61-52_86-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:50:27 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:50:27 +0100 (CET) Subject: SUSE-SU-2017:3126-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) Message-ID: <20171129205027.48491FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3126-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1930=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_74-92_29-default-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:51:20 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:51:20 +0100 (CET) Subject: SUSE-SU-2017:3127-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP1) Message-ID: <20171129205120.D1BB3FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3127-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.69-60_64_35 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1934=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1934=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_69-60_64_35-default-7-2.1 kgraft-patch-3_12_69-60_64_35-xen-7-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_69-60_64_35-default-7-2.1 kgraft-patch-3_12_69-60_64_35-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:52:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:52:11 +0100 (CET) Subject: SUSE-SU-2017:3128-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) Message-ID: <20171129205211.2B0AFFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3128-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1928=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_74-92_35-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:52:58 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:52:58 +0100 (CET) Subject: SUSE-SU-2017:3129-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2) Message-ID: <20171129205258.CB356FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3129-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.59-92_17 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1933=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_59-92_17-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:53:54 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:53:54 +0100 (CET) Subject: SUSE-SU-2017:3130-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP1) Message-ID: <20171129205354.7940AFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3130-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.67-60_64_18 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1938=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1938=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_67-60_64_18-default-12-2.1 kgraft-patch-3_12_67-60_64_18-xen-12-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_67-60_64_18-default-12-2.1 kgraft-patch-3_12_67-60_64_18-xen-12-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:54:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:54:47 +0100 (CET) Subject: SUSE-SU-2017:3131-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP1) Message-ID: <20171129205447.7783EFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3131-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.69-60_64_29 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1936=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1936=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_69-60_64_29-default-9-2.1 kgraft-patch-3_12_69-60_64_29-xen-9-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_69-60_64_29-default-9-2.1 kgraft-patch-3_12_69-60_64_29-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 13:55:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 29 Nov 2017 21:55:37 +0100 (CET) Subject: SUSE-SU-2017:3132-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12) Message-ID: <20171129205537.D4C04FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3132-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1939=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_92-default-3-2.1 kgraft-patch-3_12_61-52_92-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 16:55:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 00:55:11 +0100 (CET) Subject: SUSE-RU-2017:3133-1: Recommended update for release-notes-ses Message-ID: <20171129235511.49860FCA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3133-1 Rating: low References: #1066960 #1069459 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-ses provides the following changes: - CephFS Multi Active/Active MDS is supported. (bsc#1066960) - Added upgrade compatibility notes for Ceph. (bsc#1069459) - Switched license to CC-BY-SA to allow including content from upstream. - Updated release notes from FATE. Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2017-1944=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Enterprise Storage 5 (noarch): release-notes-ses-5.0.20171122-4.3.1 References: https://bugzilla.suse.com/1066960 https://bugzilla.suse.com/1069459 From sle-updates at lists.suse.com Wed Nov 29 19:07:21 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 03:07:21 +0100 (CET) Subject: SUSE-SU-2017:3134-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP2) Message-ID: <20171130020721.8CB42FCA8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3134-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.38-93 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1946=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_38-93-default-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 19:09:14 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 03:09:14 +0100 (CET) Subject: SUSE-SU-2017:3136-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP2) Message-ID: <20171130020914.158B5FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3136-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.21-90 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1947=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-90-default-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Wed Nov 29 19:10:39 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 03:10:39 +0100 (CET) Subject: SUSE-SU-2017:3139-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP2) Message-ID: <20171130021039.22A6BFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3139-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.49-92_14 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1945=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_49-92_14-default-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:10:19 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:10:19 +0100 (CET) Subject: SUSE-SU-2017:3145-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP1) Message-ID: <20171130111019.8640AFCC0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3145-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1956=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1956=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_40-default-6-2.1 kgraft-patch-3_12_74-60_64_40-xen-6-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_40-default-6-2.1 kgraft-patch-3_12_74-60_64_40-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:11:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:11:13 +0100 (CET) Subject: SUSE-SU-2017:3146-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12) Message-ID: <20171130111113.21F7BFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3146-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.61-52_77 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1958=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_77-default-6-2.1 kgraft-patch-3_12_61-52_77-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:12:04 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:12:04 +0100 (CET) Subject: SUSE-SU-2017:3147-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP1) Message-ID: <20171130111204.65468FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3147-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.67-60_64_24 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1957=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1957=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_67-60_64_24-default-10-2.1 kgraft-patch-3_12_67-60_64_24-xen-10-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_67-60_64_24-default-10-2.1 kgraft-patch-3_12_67-60_64_24-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:13:00 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:13:00 +0100 (CET) Subject: SUSE-SU-2017:3148-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) Message-ID: <20171130111300.54629FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3148-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1951=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1951=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_57-default-4-2.1 kgraft-patch-3_12_74-60_64_57-xen-4-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_57-default-4-2.1 kgraft-patch-3_12_74-60_64_57-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:13:52 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:13:52 +0100 (CET) Subject: SUSE-SU-2017:3149-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12) Message-ID: <20171130111352.C3997FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3149-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.61-52_72 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1959=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_72-default-6-2.1 kgraft-patch-3_12_61-52_72-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:14:47 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:14:47 +0100 (CET) Subject: SUSE-SU-2017:3150-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP1) Message-ID: <20171130111447.B6339FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3150-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1954=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1954=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_48-default-5-2.1 kgraft-patch-3_12_74-60_64_48-xen-5-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_48-default-5-2.1 kgraft-patch-3_12_74-60_64_48-xen-5-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:15:50 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:15:50 +0100 (CET) Subject: SUSE-SU-2017:3151-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 12) Message-ID: <20171130111550.CD836FCC0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3151-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.60-52_63 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1962=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_60-52_63-default-10-2.1 kgraft-patch-3_12_60-52_63-xen-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:16:44 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:16:44 +0100 (CET) Subject: SUSE-SU-2017:3152-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1) Message-ID: <20171130111644.861B3FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3152-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1953=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1953=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_51-default-4-2.1 kgraft-patch-3_12_74-60_64_51-xen-4-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_51-default-4-2.1 kgraft-patch-3_12_74-60_64_51-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:17:35 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:17:35 +0100 (CET) Subject: SUSE-SU-2017:3153-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1) Message-ID: <20171130111735.B7005FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3153-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1955=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1955=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_45-default-6-2.1 kgraft-patch-3_12_74-60_64_45-xen-6-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_45-default-6-2.1 kgraft-patch-3_12_74-60_64_45-xen-6-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:18:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:18:28 +0100 (CET) Subject: SUSE-SU-2017:3154-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12) Message-ID: <20171130111828.C0554FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3154-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.61-52_66 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1961=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_66-default-9-2.1 kgraft-patch-3_12_61-52_66-xen-9-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:19:22 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:19:22 +0100 (CET) Subject: SUSE-SU-2017:3155-1: moderate: Security update for samba Message-ID: <20171130111922.92F1CFCB8@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3155-1 Rating: moderate References: #1058565 #1058622 #1058624 #1060427 #1063008 #1065066 Cross-References: CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 CVE-2017-14746 CVE-2017-15275 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for samba fixes the following issues: Security issues fixed: - CVE-2017-14746: Use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Server heap memory information leak (bsc#1063008). - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file (bsc#1058624). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565). - CVE-2017-12150: Some code path don't enforce smb signing when they should (bsc#1058565). Bug fixes: - Samba was updated to 4.6.9 (bsc#1065066) see release notes for details. * https://www.samba.org/samba/history/samba-4.6.9.html Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1963=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1963=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1963=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1963=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2017-1963=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsmbclient-devel-4.6.9+git.59.c2cff9cea4c-3.17.1 libwbclient-devel-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-debugsource-4.6.9+git.59.c2cff9cea4c-3.17.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc-binding0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc0-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-krb5pac0-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-krb5pac0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-nbt0-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-nbt0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-standard0-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-standard0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr0-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libnetapi0-4.6.9+git.59.c2cff9cea4c-3.17.1 libnetapi0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-credentials0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-credentials0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-errors0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-errors0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-hostconfig0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-hostconfig0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-passdb0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-passdb0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-util0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-util0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamdb0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamdb0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbclient0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbclient0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbconf0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbconf0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbldap0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbldap0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libtevent-util0-4.6.9+git.59.c2cff9cea4c-3.17.1 libtevent-util0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libwbclient0-4.6.9+git.59.c2cff9cea4c-3.17.1 libwbclient0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-client-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-client-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-debugsource-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-libs-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-libs-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-winbind-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-winbind-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libdcerpc-binding0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc-binding0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-krb5pac0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-krb5pac0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-nbt0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-nbt0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-standard0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-standard0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libnetapi0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libnetapi0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-credentials0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-credentials0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-errors0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-errors0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-hostconfig0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-hostconfig0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-passdb0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-passdb0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-util0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-util0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamdb0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamdb0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbclient0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbclient0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbconf0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbconf0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbldap0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbldap0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libtevent-util0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libtevent-util0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libwbclient0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libwbclient0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-client-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-client-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-libs-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-libs-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-winbind-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-winbind-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): samba-doc-4.6.9+git.59.c2cff9cea4c-3.17.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.9+git.59.c2cff9cea4c-3.17.1 ctdb-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-debugsource-4.6.9+git.59.c2cff9cea4c-3.17.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc-binding0-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc-binding0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc-binding0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc0-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libdcerpc0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-krb5pac0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-krb5pac0-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-krb5pac0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-krb5pac0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-nbt0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-nbt0-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-nbt0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-nbt0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-standard0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-standard0-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-standard0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr-standard0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr0-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libndr0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libnetapi0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libnetapi0-4.6.9+git.59.c2cff9cea4c-3.17.1 libnetapi0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libnetapi0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-credentials0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-credentials0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-credentials0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-credentials0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-errors0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-errors0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-errors0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-errors0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-hostconfig0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-hostconfig0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-hostconfig0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-hostconfig0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-passdb0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-passdb0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-passdb0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-passdb0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-util0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-util0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-util0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamba-util0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamdb0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamdb0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamdb0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsamdb0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbclient0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbclient0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbclient0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbclient0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbconf0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbconf0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbconf0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbconf0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbldap0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbldap0-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbldap0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libsmbldap0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libtevent-util0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libtevent-util0-4.6.9+git.59.c2cff9cea4c-3.17.1 libtevent-util0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libtevent-util0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 libwbclient0-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libwbclient0-4.6.9+git.59.c2cff9cea4c-3.17.1 libwbclient0-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 libwbclient0-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-client-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-client-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-client-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-client-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-debugsource-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-libs-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-libs-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-libs-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-libs-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-winbind-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-winbind-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-winbind-debuginfo-32bit-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-winbind-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): samba-doc-4.6.9+git.59.c2cff9cea4c-3.17.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.9+git.59.c2cff9cea4c-3.17.1 ctdb-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-ceph-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-ceph-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-debuginfo-4.6.9+git.59.c2cff9cea4c-3.17.1 samba-debugsource-4.6.9+git.59.c2cff9cea4c-3.17.1 References: https://www.suse.com/security/cve/CVE-2017-12150.html https://www.suse.com/security/cve/CVE-2017-12151.html https://www.suse.com/security/cve/CVE-2017-12163.html https://www.suse.com/security/cve/CVE-2017-14746.html https://www.suse.com/security/cve/CVE-2017-15275.html https://bugzilla.suse.com/1058565 https://bugzilla.suse.com/1058622 https://bugzilla.suse.com/1058624 https://bugzilla.suse.com/1060427 https://bugzilla.suse.com/1063008 https://bugzilla.suse.com/1065066 From sle-updates at lists.suse.com Thu Nov 30 04:20:36 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:20:36 +0100 (CET) Subject: SUSE-SU-2017:3156-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP2) Message-ID: <20171130112036.7B90CFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3156-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.21-84 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1949=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-84-default-10-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:21:37 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:21:37 +0100 (CET) Subject: SUSE-SU-2017:3157-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) Message-ID: <20171130112137.BCA2CFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3157-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1952=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1952=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_54-default-4-2.1 kgraft-patch-3_12_74-60_64_54-xen-4-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_54-default-4-2.1 kgraft-patch-3_12_74-60_64_54-xen-4-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:22:28 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:22:28 +0100 (CET) Subject: SUSE-SU-2017:3158-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) Message-ID: <20171130112228.13F52FCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3158-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1950=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1950=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kgraft-patch-3_12_74-60_64_60-default-3-2.1 kgraft-patch-3_12_74-60_64_60-xen-3-2.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kgraft-patch-3_12_74-60_64_60-default-3-2.1 kgraft-patch-3_12_74-60_64_60-xen-3-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:23:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:23:24 +0100 (CET) Subject: SUSE-SU-2017:3159-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP2) Message-ID: <20171130112324.CC80DFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3159-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 4.4.49-92_11 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1948=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_49-92_11-default-8-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 04:24:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 12:24:11 +0100 (CET) Subject: SUSE-SU-2017:3160-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12) Message-ID: <20171130112411.2752CFCB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3160-1 Rating: important References: #1063671 #1064392 #1066471 #1066472 Cross-References: CVE-2017-13080 CVE-2017-15649 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for the Linux Kernel 3.12.61-52_69 fixes several issues. The following security issues were fixed: - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bsc#1064392) - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bsc#1063671, bsc#1066472, bsc#1066471) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-1960=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_69-default-7-2.1 kgraft-patch-3_12_61-52_69-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-15649.html https://bugzilla.suse.com/1063671 https://bugzilla.suse.com/1064392 https://bugzilla.suse.com/1066471 https://bugzilla.suse.com/1066472 From sle-updates at lists.suse.com Thu Nov 30 07:08:24 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 15:08:24 +0100 (CET) Subject: SUSE-RU-2017:3161-1: Recommended update for openvswitch Message-ID: <20171130140824.3C84FFCA4@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3161-1 Rating: low References: #1002734 #1009682 #1050896 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openvswitch provides the following fixes: - Strip off encapsulation offload indications when packets are decapsulated. (bsc#1009682) - Do not restart the openvswitch service after a package update. Restarting it may interrupt connectivity so let the user decide when is the best time for such action. (bsc#1002734) - Do not stop the systemd service on package removals as this can break networking. Moreover, this allows easier updates to more recent openvswitch releases without connectivity problems. (bsc#1050896) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1964=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1964=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openvswitch-2.5.1-25.9.11 openvswitch-debuginfo-2.5.1-25.9.11 openvswitch-debugsource-2.5.1-25.9.11 openvswitch-switch-2.5.1-25.9.11 openvswitch-switch-debuginfo-2.5.1-25.9.11 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): openvswitch-2.5.1-25.9.11 openvswitch-debuginfo-2.5.1-25.9.11 openvswitch-debugsource-2.5.1-25.9.11 openvswitch-switch-2.5.1-25.9.11 openvswitch-switch-debuginfo-2.5.1-25.9.11 - SUSE Linux Enterprise Server 12-SP2 (x86_64): openvswitch-dpdk-2.5.1-25.9.11 openvswitch-dpdk-debuginfo-2.5.1-25.9.11 openvswitch-dpdk-debugsource-2.5.1-25.9.11 openvswitch-dpdk-switch-2.5.1-25.9.11 openvswitch-dpdk-switch-debuginfo-2.5.1-25.9.11 References: https://bugzilla.suse.com/1002734 https://bugzilla.suse.com/1009682 https://bugzilla.suse.com/1050896 From sle-updates at lists.suse.com Thu Nov 30 10:09:29 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 18:09:29 +0100 (CET) Subject: SUSE-RU-2017:3163-1: moderate: Recommended update for systemd Message-ID: <20171130170929.07E5AFCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3163-1 Rating: moderate References: #1004995 #1035386 #1039099 #1040800 #1045472 #1048605 #1050152 #1053137 #1053595 #1055641 #1063249 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - unit: When JobTimeoutSec= is turned off, implicitly turn off JobRunningTimeoutSec= too. (bsc#1048605, bsc#1004995) - compat-rules: Generate compat by-id symlinks with 'nvme' prefix missing and warn users that have broken symlinks. (bsc#1063249) - compat-rules: Allow to specify the generation number through the kernel command line. - scsi_id: Fixup prefix for pre-SPC inquiry reply. (bsc#1039099) - tmpfiles: Remove old ICE and X11 sockets at boot. - tmpfiles: Silently ignore any path that passes through autofs. (bsc#1045472) - pam_logind: Skip leading /dev/ from PAM_TTY field before passing it on. - shared/machine-pool: Fix another mkfs.btrfs checking. (bsc#1053595) - shutdown: Fix incorrect fscanf() result check. - shutdown: Don't remount,ro network filesystems. (bsc#1035386) - shutdown: Don't be fooled when detaching DM devices with BTRFS. (bsc#1055641) - bash-completion: Add support for --now. (bsc#1053137) - Add convert-lib-udev-path.sh script to convert /lib/udev directory into a symlink pointing to /usr/lib/udev when upgrading from SLE11. (bsc#1050152) - Add a rule to teach hotplug to offline containers transparently. (bsc#1040800) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1966=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1966=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1966=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1966=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1966=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1966=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1966=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1966=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1966=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.22.1 systemd-debuginfo-228-150.22.1 systemd-debugsource-228-150.22.1 systemd-devel-228-150.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.22.1 systemd-debuginfo-228-150.22.1 systemd-debugsource-228-150.22.1 systemd-devel-228-150.22.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsystemd0-228-150.22.1 libsystemd0-debuginfo-228-150.22.1 libudev1-228-150.22.1 libudev1-debuginfo-228-150.22.1 systemd-228-150.22.1 systemd-debuginfo-228-150.22.1 systemd-debugsource-228-150.22.1 systemd-sysvinit-228-150.22.1 udev-228-150.22.1 udev-debuginfo-228-150.22.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): systemd-bash-completion-228-150.22.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.22.1 libsystemd0-debuginfo-228-150.22.1 libudev1-228-150.22.1 libudev1-debuginfo-228-150.22.1 systemd-228-150.22.1 systemd-debuginfo-228-150.22.1 systemd-debugsource-228-150.22.1 systemd-sysvinit-228-150.22.1 udev-228-150.22.1 udev-debuginfo-228-150.22.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libsystemd0-32bit-228-150.22.1 libsystemd0-debuginfo-32bit-228-150.22.1 libudev1-32bit-228-150.22.1 libudev1-debuginfo-32bit-228-150.22.1 systemd-32bit-228-150.22.1 systemd-debuginfo-32bit-228-150.22.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): systemd-bash-completion-228-150.22.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.22.1 libsystemd0-debuginfo-228-150.22.1 libudev1-228-150.22.1 libudev1-debuginfo-228-150.22.1 systemd-228-150.22.1 systemd-debuginfo-228-150.22.1 systemd-debugsource-228-150.22.1 systemd-sysvinit-228-150.22.1 udev-228-150.22.1 udev-debuginfo-228-150.22.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libsystemd0-32bit-228-150.22.1 libsystemd0-debuginfo-32bit-228-150.22.1 libudev1-32bit-228-150.22.1 libudev1-debuginfo-32bit-228-150.22.1 systemd-32bit-228-150.22.1 systemd-debuginfo-32bit-228-150.22.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): systemd-bash-completion-228-150.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): systemd-bash-completion-228-150.22.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsystemd0-228-150.22.1 libsystemd0-32bit-228-150.22.1 libsystemd0-debuginfo-228-150.22.1 libsystemd0-debuginfo-32bit-228-150.22.1 libudev1-228-150.22.1 libudev1-32bit-228-150.22.1 libudev1-debuginfo-228-150.22.1 libudev1-debuginfo-32bit-228-150.22.1 systemd-228-150.22.1 systemd-32bit-228-150.22.1 systemd-debuginfo-228-150.22.1 systemd-debuginfo-32bit-228-150.22.1 systemd-debugsource-228-150.22.1 systemd-sysvinit-228-150.22.1 udev-228-150.22.1 udev-debuginfo-228-150.22.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libsystemd0-228-150.22.1 libsystemd0-32bit-228-150.22.1 libsystemd0-debuginfo-228-150.22.1 libsystemd0-debuginfo-32bit-228-150.22.1 libudev1-228-150.22.1 libudev1-32bit-228-150.22.1 libudev1-debuginfo-228-150.22.1 libudev1-debuginfo-32bit-228-150.22.1 systemd-228-150.22.1 systemd-32bit-228-150.22.1 systemd-debuginfo-228-150.22.1 systemd-debuginfo-32bit-228-150.22.1 systemd-debugsource-228-150.22.1 systemd-sysvinit-228-150.22.1 udev-228-150.22.1 udev-debuginfo-228-150.22.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): systemd-bash-completion-228-150.22.1 - SUSE Container as a Service Platform ALL (x86_64): libsystemd0-228-150.22.1 libsystemd0-debuginfo-228-150.22.1 libudev1-228-150.22.1 libudev1-debuginfo-228-150.22.1 systemd-228-150.22.1 systemd-debuginfo-228-150.22.1 systemd-debugsource-228-150.22.1 systemd-sysvinit-228-150.22.1 udev-228-150.22.1 udev-debuginfo-228-150.22.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libsystemd0-228-150.22.1 libsystemd0-debuginfo-228-150.22.1 libudev1-228-150.22.1 libudev1-debuginfo-228-150.22.1 systemd-228-150.22.1 systemd-debuginfo-228-150.22.1 systemd-debugsource-228-150.22.1 systemd-sysvinit-228-150.22.1 udev-228-150.22.1 udev-debuginfo-228-150.22.1 References: https://bugzilla.suse.com/1004995 https://bugzilla.suse.com/1035386 https://bugzilla.suse.com/1039099 https://bugzilla.suse.com/1040800 https://bugzilla.suse.com/1045472 https://bugzilla.suse.com/1048605 https://bugzilla.suse.com/1050152 https://bugzilla.suse.com/1053137 https://bugzilla.suse.com/1053595 https://bugzilla.suse.com/1055641 https://bugzilla.suse.com/1063249 From sle-updates at lists.suse.com Thu Nov 30 10:12:13 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 18:12:13 +0100 (CET) Subject: SUSE-RU-2017:3164-1: moderate: Recommended update for libsolv, libzypp, zypper Message-ID: <20171130171213.58C15FCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3164-1 Rating: moderate References: #1047233 #1053671 #1057188 #1057634 #1058695 #1058783 #1059065 #1061384 #1062561 #1064999 #661410 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE Container as a Service Platform ALL ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: The Software Update Stack was updated to receive fixes and enhancements. libsolv: - Many fixes and improvements for cleandeps. - Always create dup rules for "distupgrade" jobs. - Use recommends also for ordering packages. - Fix splitprovides handling with addalreadyrecommended turned off. (bsc#1059065) - Expose solver_get_recommendations() in bindings. - Fix bug in solver_prune_to_highest_prio_per_name resulting in bad output from solver_get_recommendations(). - Support 'without' and 'unless' dependencies. - Use same heuristic as upstream to determine source RPMs. - Fix memory leak in bindings. - Add pool_best_solvables() function. - Fix 64bit integer parsing from RPM headers. - Enable bzip2 and xz/lzma compression support. - Enable complex/rich dependencies on distributions with RPM 4.13+. libzypp: - Fix media handling in presence of a repo path prefix. (bsc#1062561) - Fix RepoProvideFile ignoring a repo path prefix. (bsc#1062561) - Remove unused legacy notify-message script. (bsc#1058783) - Support multiple product licenses in repomd. (fate#322276) - Propagate 'rpm --import' errors. (bsc#1057188) - Fix typos in zypp.conf. zypper: - Locale: Fix possible segmentation fault. (bsc#1064999) - Add summary hint if product is better updated by a different command. This is mainly used by rolling distributions like openSUSE Tumbleweed to remind their users to use 'zypper dup' to update (not zypper up or patch). (bsc#1061384) - Unify '(add|modify)(repo|service)' property related arguments. - Fixed 'add' commands supporting to set only a subset of properties. - Introduced '-f/-F' as preferred short option for --[no-]refresh in all four commands. (bsc#661410, bsc#1053671) - Fix missing package names in installation report. (bsc#1058695) - Differ between unsupported and packages with unknown support status. (bsc#1057634) - Return error code '107' if an RPM's %post configuration script fails, but only if ZYPPER_ON_CODE12_RETURN_107=1 is set in the environment. (bsc#1047233) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1965=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1965=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1965=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1965=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.30-2.5.2 libsolv-devel-0.6.30-2.5.2 libsolv-devel-debuginfo-0.6.30-2.5.2 libzypp-debuginfo-16.17.4-2.15.2 libzypp-debugsource-16.17.4-2.15.2 libzypp-devel-16.17.4-2.15.2 libzypp-devel-doc-16.17.4-2.15.2 perl-solv-0.6.30-2.5.2 perl-solv-debuginfo-0.6.30-2.5.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.30-2.5.2 libsolv-tools-0.6.30-2.5.2 libsolv-tools-debuginfo-0.6.30-2.5.2 libzypp-16.17.4-2.15.2 libzypp-debuginfo-16.17.4-2.15.2 libzypp-debugsource-16.17.4-2.15.2 perl-solv-0.6.30-2.5.2 perl-solv-debuginfo-0.6.30-2.5.2 python-solv-0.6.30-2.5.2 python-solv-debuginfo-0.6.30-2.5.2 zypper-1.13.38-21.10.3 zypper-debuginfo-1.13.38-21.10.3 zypper-debugsource-1.13.38-21.10.3 - SUSE Linux Enterprise Server 12-SP3 (noarch): zypper-log-1.13.38-21.10.3 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): zypper-log-1.13.38-21.10.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libsolv-debugsource-0.6.30-2.5.2 libsolv-tools-0.6.30-2.5.2 libsolv-tools-debuginfo-0.6.30-2.5.2 libzypp-16.17.4-2.15.2 libzypp-debuginfo-16.17.4-2.15.2 libzypp-debugsource-16.17.4-2.15.2 python-solv-0.6.30-2.5.2 python-solv-debuginfo-0.6.30-2.5.2 zypper-1.13.38-21.10.3 zypper-debuginfo-1.13.38-21.10.3 zypper-debugsource-1.13.38-21.10.3 - SUSE Container as a Service Platform ALL (x86_64): libsolv-debugsource-0.6.30-2.5.2 libsolv-tools-0.6.30-2.5.2 libsolv-tools-debuginfo-0.6.30-2.5.2 libzypp-16.17.4-2.15.2 libzypp-debuginfo-16.17.4-2.15.2 libzypp-debugsource-16.17.4-2.15.2 zypper-1.13.38-21.10.3 zypper-debuginfo-1.13.38-21.10.3 zypper-debugsource-1.13.38-21.10.3 References: https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1053671 https://bugzilla.suse.com/1057188 https://bugzilla.suse.com/1057634 https://bugzilla.suse.com/1058695 https://bugzilla.suse.com/1058783 https://bugzilla.suse.com/1059065 https://bugzilla.suse.com/1061384 https://bugzilla.suse.com/1062561 https://bugzilla.suse.com/1064999 https://bugzilla.suse.com/661410 From sle-updates at lists.suse.com Thu Nov 30 13:08:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 30 Nov 2017 21:08:11 +0100 (CET) Subject: SUSE-SU-2017:3165-1: important: Security update for the Linux Kernel Message-ID: <20171130200811.86A3DFCC0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3165-1 Rating: important References: #1022967 #1036286 #1044228 #1045327 #1052593 #1053317 #1056230 #1056504 #1057796 #1059051 #1059525 #1060245 #1060665 #1061017 #1061180 #1062520 #1062842 #1063301 #1063544 #1063667 #909484 #996376 Cross-References: CVE-2017-1000253 CVE-2017-13080 CVE-2017-14489 CVE-2017-15265 CVE-2017-15274 Affected Products: SUSE Linux Enterprise Real Time Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 17 fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-1000253: Setuid root PIE binaries could still be exploited to gain local root access due missing overlapping memory checking in the ELF loader in the Linux Kernel. (bnc#1059525). The following non-security bugs were fixed: - blacklist.conf: blacklist bfedb589252c ("mm: Add a user_ns owner to mm_struct and fix ptrace permission checks") (bnc#1044228) - bnx2x: prevent crash when accessing PTP with interface down (bsc#1060665). - drm/mgag200: Fixes for G200eH3. (bnc#1062842) - fs/binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (bnc#1059525). - getcwd: Close race with d_move called by lustre (bsc#1052593). - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#909484 FATE#317397). - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously (bsc#1061017). - kvm: SVM: Add a missing 'break' statement (bsc#1061017). - lustre: Fix "getcwd: Close race with d_move called by lustre" for -rt Convert added spin_lock/unlock() of ->d_lock to seqlock variants. - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061180). - netback: coalesce (guest) RX SKBs as needed (bsc#1056504). - nfs: Remove asserts from the NFS XDR code (bsc#1063544). - powerpc: Fix the corrupt r3 error during MCE handling (bnc#1056230). - powerpc: Make sure IPI handlers see data written by IPI senders (bnc#1056230). - powerpc/xics: Harden xics hypervisor backend (bnc#1056230). - s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060245, LTC#159112). - s390/qdio: avoid reschedule of outbound tasklet once killed (bnc#1063301, LTC#159885). - s390/topology: alternative topology for topology-less machines (bnc#1060245, LTC#159177). - s390/topology: enable / disable topology dynamically (bnc#1060245, LTC#159177). - scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317). - scsi: reset wait for IO completion (bsc#996376). - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1060245, LTC#158494). - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1060245, LTC#158494). - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1060245, LTC#158494). - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1060245, LTC#158494). - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1060245, LTC#158493). - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1060245, LTC#158494). - Update config files. (bsc#1057796) The CONFIG_MODULE_SIG_UEFI should be enabled on x86_64/xen architecture because xen can work with shim on x86_64. Enabling the following kernel config to load certificate from db/mok: +CONFIG_MODULE_SIG_BLACKLIST=y +CONFIG_MODULE_SIG_UEFI=y - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding spinlock (bsc#1036286). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 11-SP4: zypper in -t patch slertesp4-kernel-rt-201711-13355=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-rt-201711-13355=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64): kernel-rt-3.0.101.rt130-69.11.1 kernel-rt-base-3.0.101.rt130-69.11.1 kernel-rt-devel-3.0.101.rt130-69.11.1 kernel-rt_trace-3.0.101.rt130-69.11.1 kernel-rt_trace-base-3.0.101.rt130-69.11.1 kernel-rt_trace-devel-3.0.101.rt130-69.11.1 kernel-source-rt-3.0.101.rt130-69.11.1 kernel-syms-rt-3.0.101.rt130-69.11.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): kernel-rt-debuginfo-3.0.101.rt130-69.11.1 kernel-rt-debugsource-3.0.101.rt130-69.11.1 kernel-rt_debug-debuginfo-3.0.101.rt130-69.11.1 kernel-rt_debug-debugsource-3.0.101.rt130-69.11.1 kernel-rt_trace-debuginfo-3.0.101.rt130-69.11.1 kernel-rt_trace-debugsource-3.0.101.rt130-69.11.1 References: https://www.suse.com/security/cve/CVE-2017-1000253.html https://www.suse.com/security/cve/CVE-2017-13080.html https://www.suse.com/security/cve/CVE-2017-14489.html https://www.suse.com/security/cve/CVE-2017-15265.html https://www.suse.com/security/cve/CVE-2017-15274.html https://bugzilla.suse.com/1022967 https://bugzilla.suse.com/1036286 https://bugzilla.suse.com/1044228 https://bugzilla.suse.com/1045327 https://bugzilla.suse.com/1052593 https://bugzilla.suse.com/1053317 https://bugzilla.suse.com/1056230 https://bugzilla.suse.com/1056504 https://bugzilla.suse.com/1057796 https://bugzilla.suse.com/1059051 https://bugzilla.suse.com/1059525 https://bugzilla.suse.com/1060245 https://bugzilla.suse.com/1060665 https://bugzilla.suse.com/1061017 https://bugzilla.suse.com/1061180 https://bugzilla.suse.com/1062520 https://bugzilla.suse.com/1062842 https://bugzilla.suse.com/1063301 https://bugzilla.suse.com/1063544 https://bugzilla.suse.com/1063667 https://bugzilla.suse.com/909484 https://bugzilla.suse.com/996376 From sle-updates at lists.suse.com Thu Nov 30 16:07:57 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Dec 2017 00:07:57 +0100 (CET) Subject: SUSE-RU-2017:3166-1: Recommended update for libtool Message-ID: <20171130230757.252F9FCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtool ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3166-1 Rating: low References: #1056381 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtool provides the following fix: - Add missing dependencies and provides to baselibs.conf to make sure libltdl libraries are properly installed. (bsc#1056381) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1969=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1969=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1969=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1969=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1969=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1969=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1969=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libtool-2.4.2-17.4.1 libtool-debugsource-2.4.2-17.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libtool-2.4.2-17.4.1 libtool-debugsource-2.4.2-17.4.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libltdl7-2.4.2-17.4.1 libltdl7-debuginfo-2.4.2-17.4.1 libtool-2.4.2-17.4.1 libtool-debugsource-2.4.2-17.4.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libltdl7-2.4.2-17.4.1 libltdl7-debuginfo-2.4.2-17.4.1 libtool-2.4.2-17.4.1 libtool-debugsource-2.4.2-17.4.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libltdl7-32bit-2.4.2-17.4.1 libltdl7-debuginfo-32bit-2.4.2-17.4.1 libtool-32bit-2.4.2-17.4.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libltdl7-2.4.2-17.4.1 libltdl7-debuginfo-2.4.2-17.4.1 libtool-2.4.2-17.4.1 libtool-debugsource-2.4.2-17.4.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libltdl7-32bit-2.4.2-17.4.1 libltdl7-debuginfo-32bit-2.4.2-17.4.1 libtool-32bit-2.4.2-17.4.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libltdl7-2.4.2-17.4.1 libltdl7-32bit-2.4.2-17.4.1 libltdl7-debuginfo-2.4.2-17.4.1 libltdl7-debuginfo-32bit-2.4.2-17.4.1 libtool-debugsource-2.4.2-17.4.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libltdl7-2.4.2-17.4.1 libltdl7-32bit-2.4.2-17.4.1 libltdl7-debuginfo-2.4.2-17.4.1 libltdl7-debuginfo-32bit-2.4.2-17.4.1 libtool-debugsource-2.4.2-17.4.1 References: https://bugzilla.suse.com/1056381 From sle-updates at lists.suse.com Thu Nov 30 16:08:25 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Dec 2017 00:08:25 +0100 (CET) Subject: SUSE-RU-2017:3167-1: Recommended update for coreutils Message-ID: <20171130230825.F2F02FCC0@maintenance.suse.de> SUSE Recommended Update: Recommended update for coreutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2017:3167-1 Rating: low References: #1026567 #1043059 #965780 Affected Products: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for coreutils provides the following fixes: - Fix df(1) to no longer interact with excluded file system types, so for example specifying -x nfs no longer hangs with problematic nfs mounts. (bsc#1026567) - Ensure df -l no longer interacts with dummy file system types, so for example no longer hangs with problematic NFS mounted via system.automount(5). (bsc#1043059) - Significantly speed up df(1) for huge mount lists. (bsc#965780) Patch Instructions: To install this SUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1968=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1968=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1968=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1968=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1968=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1968=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1968=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): coreutils-8.25-13.7.1 coreutils-debuginfo-8.25-13.7.1 coreutils-debugsource-8.25-13.7.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): coreutils-lang-8.25-13.7.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): coreutils-8.25-13.7.1 coreutils-debuginfo-8.25-13.7.1 coreutils-debugsource-8.25-13.7.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): coreutils-lang-8.25-13.7.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): coreutils-8.25-13.7.1 coreutils-debuginfo-8.25-13.7.1 coreutils-debugsource-8.25-13.7.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): coreutils-lang-8.25-13.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): coreutils-8.25-13.7.1 coreutils-debuginfo-8.25-13.7.1 coreutils-debugsource-8.25-13.7.1 - SUSE Linux Enterprise Desktop 12-SP3 (noarch): coreutils-lang-8.25-13.7.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): coreutils-8.25-13.7.1 coreutils-debuginfo-8.25-13.7.1 coreutils-debugsource-8.25-13.7.1 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): coreutils-lang-8.25-13.7.1 - SUSE Container as a Service Platform ALL (x86_64): coreutils-8.25-13.7.1 coreutils-debuginfo-8.25-13.7.1 coreutils-debugsource-8.25-13.7.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): coreutils-8.25-13.7.1 coreutils-debuginfo-8.25-13.7.1 coreutils-debugsource-8.25-13.7.1 References: https://bugzilla.suse.com/1026567 https://bugzilla.suse.com/1043059 https://bugzilla.suse.com/965780 From sle-updates at lists.suse.com Thu Nov 30 19:07:11 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Dec 2017 03:07:11 +0100 (CET) Subject: SUSE-SU-2017:3168-1: moderate: Security update for ImageMagick Message-ID: <20171201020711.2DCEDFCC0@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3168-1 Rating: moderate References: #1050135 #1055219 #1055430 #1061873 Cross-References: CVE-2017-11534 CVE-2017-13133 CVE-2017-13139 CVE-2017-15033 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-11534: Processing a crafted file in convert could have lead to a Memory Leak in the lite_font_map() function in coders/wmf.c (bsc#1050135). - CVE-2017-13133: The load_level function in coders/xcf.c lacked offset validation, which allowed attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file (bsc#1055219). - CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk (bsc#1055430). - CVE-2017-15033: Fixed a memory leak in ReadYUVImage in coders/yuv.c (bsc#1061873). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-ImageMagick-13356=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-ImageMagick-13356=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-13356=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-6.4.3.6-7.78.8.1 ImageMagick-devel-6.4.3.6-7.78.8.1 libMagick++-devel-6.4.3.6-7.78.8.1 libMagick++1-6.4.3.6-7.78.8.1 libMagickWand1-6.4.3.6-7.78.8.1 perl-PerlMagick-6.4.3.6-7.78.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64): libMagickWand1-32bit-6.4.3.6-7.78.8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-7.78.8.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-7.78.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-7.78.8.1 ImageMagick-debugsource-6.4.3.6-7.78.8.1 References: https://www.suse.com/security/cve/CVE-2017-11534.html https://www.suse.com/security/cve/CVE-2017-13133.html https://www.suse.com/security/cve/CVE-2017-13139.html https://www.suse.com/security/cve/CVE-2017-15033.html https://bugzilla.suse.com/1050135 https://bugzilla.suse.com/1055219 https://bugzilla.suse.com/1055430 https://bugzilla.suse.com/1061873 From sle-updates at lists.suse.com Thu Nov 30 19:08:05 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Dec 2017 03:08:05 +0100 (CET) Subject: SUSE-SU-2017:3169-1: moderate: Security update for openssl Message-ID: <20171201020805.C7EBCFCB8@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3169-1 Rating: moderate References: #1055825 #1056058 #1065363 #1066242 Cross-References: CVE-2017-3735 CVE-2017-3736 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 SUSE Container as a Service Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for openssl fixes the following issues: Security issues fixed: - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) - Out of bounds read+crash in DES_fcrypt (bsc#1065363) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1970=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1970=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1970=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1970=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1970=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1970=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1970=1 - SUSE Container as a Service Platform ALL: zypper in -t patch SUSE-CAASP-ALL-2017-1970=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1970=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.16.1 openssl-debuginfo-1.0.2j-60.16.1 openssl-debugsource-1.0.2j-60.16.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.16.1 openssl-debuginfo-1.0.2j-60.16.1 openssl-debugsource-1.0.2j-60.16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libopenssl-devel-1.0.2j-60.16.1 libopenssl1_0_0-1.0.2j-60.16.1 libopenssl1_0_0-debuginfo-1.0.2j-60.16.1 libopenssl1_0_0-hmac-1.0.2j-60.16.1 openssl-1.0.2j-60.16.1 openssl-debuginfo-1.0.2j-60.16.1 openssl-debugsource-1.0.2j-60.16.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): openssl-doc-1.0.2j-60.16.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.16.1 libopenssl1_0_0-1.0.2j-60.16.1 libopenssl1_0_0-debuginfo-1.0.2j-60.16.1 libopenssl1_0_0-hmac-1.0.2j-60.16.1 openssl-1.0.2j-60.16.1 openssl-debuginfo-1.0.2j-60.16.1 openssl-debugsource-1.0.2j-60.16.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.16.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.16.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.16.1 - SUSE Linux Enterprise Server 12-SP3 (noarch): openssl-doc-1.0.2j-60.16.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.16.1 libopenssl1_0_0-1.0.2j-60.16.1 libopenssl1_0_0-debuginfo-1.0.2j-60.16.1 libopenssl1_0_0-hmac-1.0.2j-60.16.1 openssl-1.0.2j-60.16.1 openssl-debuginfo-1.0.2j-60.16.1 openssl-debugsource-1.0.2j-60.16.1 - SUSE Linux Enterprise Server 12-SP2 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.16.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.16.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.16.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): openssl-doc-1.0.2j-60.16.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libopenssl-devel-1.0.2j-60.16.1 libopenssl1_0_0-1.0.2j-60.16.1 libopenssl1_0_0-32bit-1.0.2j-60.16.1 libopenssl1_0_0-debuginfo-1.0.2j-60.16.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.16.1 openssl-1.0.2j-60.16.1 openssl-debuginfo-1.0.2j-60.16.1 openssl-debugsource-1.0.2j-60.16.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libopenssl-devel-1.0.2j-60.16.1 libopenssl1_0_0-1.0.2j-60.16.1 libopenssl1_0_0-32bit-1.0.2j-60.16.1 libopenssl1_0_0-debuginfo-1.0.2j-60.16.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.16.1 openssl-1.0.2j-60.16.1 openssl-debuginfo-1.0.2j-60.16.1 openssl-debugsource-1.0.2j-60.16.1 - SUSE Container as a Service Platform ALL (x86_64): libopenssl1_0_0-1.0.2j-60.16.1 libopenssl1_0_0-debuginfo-1.0.2j-60.16.1 openssl-1.0.2j-60.16.1 openssl-debuginfo-1.0.2j-60.16.1 openssl-debugsource-1.0.2j-60.16.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): libopenssl1_0_0-1.0.2j-60.16.1 libopenssl1_0_0-debuginfo-1.0.2j-60.16.1 openssl-1.0.2j-60.16.1 openssl-debuginfo-1.0.2j-60.16.1 openssl-debugsource-1.0.2j-60.16.1 References: https://www.suse.com/security/cve/CVE-2017-3735.html https://www.suse.com/security/cve/CVE-2017-3736.html https://bugzilla.suse.com/1055825 https://bugzilla.suse.com/1056058 https://bugzilla.suse.com/1065363 https://bugzilla.suse.com/1066242 From sle-updates at lists.suse.com Thu Nov 30 19:08:59 2017 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Dec 2017 03:08:59 +0100 (CET) Subject: SUSE-SU-2017:3170-1: moderate: Security update for binutils Message-ID: <20171201020859.A7CEAFCB8@maintenance.suse.de> SUSE Security Update: Security update for binutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3170-1 Rating: moderate References: #1003846 #1025282 #1029907 #1029908 #1029909 #1029995 #1030296 #1030297 #1030298 #1030583 #1030584 #1030585 #1030588 #1030589 #1031590 #1031593 #1031595 #1031638 #1031644 #1031656 #1033122 #1037052 #1037057 #1037061 #1037062 #1037066 #1037070 #1037072 #1037273 #1038874 #1038875 #1038876 #1038877 #1038878 #1038880 #1038881 #1044891 #1044897 #1044901 #1044909 #1044925 #1044927 #1046094 #1052061 #1052496 #1052503 #1052507 #1052509 #1052511 #1052514 #1052518 #1053347 #1056312 #1056437 #1057139 #1057144 #1057149 #1058480 #1059050 #1060599 #1060621 #1061241 #437293 #445037 #546106 #561142 #578249 #590820 #691290 #698346 #713504 #776968 #863764 #938658 #970239 Cross-References: CVE-2014-9939 CVE-2017-12448 CVE-2017-12450 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12456 CVE-2017-12799 CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14974 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7227 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-7614 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8395 CVE-2017-8396 CVE-2017-8397 CVE-2017-8398 CVE-2017-8421 CVE-2017-9038 CVE-2017-9039 CVE-2017-9040 CVE-2017-9041 CVE-2017-9042 CVE-2017-9043 CVE-2017-9044 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2017-9954 CVE-2017-9955 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP3 SUSE Linux Enterprise Desktop 12-SP2 OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that solves 57 vulnerabilities and has 18 fixes is now available. Description: GNU binutil was updated to the 2.29.1 release, bringing various new features, fixing a lot of bugs and security issues. Following security issues are being addressed by this release: * 18750 bsc#1030296 CVE-2014-9939 * 20891 bsc#1030585 CVE-2017-7225 * 20892 bsc#1030588 CVE-2017-7224 * 20898 bsc#1030589 CVE-2017-7223 * 20905 bsc#1030584 CVE-2017-7226 * 20908 bsc#1031644 CVE-2017-7299 * 20909 bsc#1031656 CVE-2017-7300 * 20921 bsc#1031595 CVE-2017-7302 * 20922 bsc#1031593 CVE-2017-7303 * 20924 bsc#1031638 CVE-2017-7301 * 20931 bsc#1031590 CVE-2017-7304 * 21135 bsc#1030298 CVE-2017-7209 * 21137 bsc#1029909 CVE-2017-6965 * 21139 bsc#1029908 CVE-2017-6966 * 21156 bsc#1029907 CVE-2017-6969 * 21157 bsc#1030297 CVE-2017-7210 * 21409 bsc#1037052 CVE-2017-8392 * 21412 bsc#1037057 CVE-2017-8393 * 21414 bsc#1037061 CVE-2017-8394 * 21432 bsc#1037066 CVE-2017-8396 * 21440 bsc#1037273 CVE-2017-8421 * 21580 bsc#1044891 CVE-2017-9746 * 21581 bsc#1044897 CVE-2017-9747 * 21582 bsc#1044901 CVE-2017-9748 * 21587 bsc#1044909 CVE-2017-9750 * 21594 bsc#1044925 CVE-2017-9755 * 21595 bsc#1044927 CVE-2017-9756 * 21787 bsc#1052518 CVE-2017-12448 * 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 * 21933 bsc#1053347 CVE-2017-12799 * 21990 bsc#1058480 CVE-2017-14333 * 22018 bsc#1056312 CVE-2017-13757 * 22047 bsc#1057144 CVE-2017-14129 * 22058 bsc#1057149 CVE-2017-14130 * 22059 bsc#1057139 CVE-2017-14128 * 22113 bsc#1059050 CVE-2017-14529 * 22148 bsc#1060599 CVE-2017-14745 * 22163 bsc#1061241 CVE-2017-14974 * 22170 bsc#1060621 CVE-2017-14729 Update to binutils 2.29. [fate#321454, fate#321494, fate#323293]: * The MIPS port now supports microMIPS eXtended Physical Addressing (XPA) instructions for assembly and disassembly. * The MIPS port now supports the microMIPS Release 5 ISA for assembly and disassembly. * The MIPS port now supports the Imagination interAptiv MR2 processor, which implements the MIPS32r3 ISA, the MIPS16e2 ASE as well as a couple of implementation-specific regular MIPS and MIPS16e2 ASE instructions. * The SPARC port now supports the SPARC M8 processor, which implements the Oracle SPARC Architecture 2017. * The MIPS port now supports the MIPS16e2 ASE for assembly and disassembly. * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX. * Add support for the wasm32 ELF conversion of the WebAssembly file format. * Add --inlines option to objdump, which extends the --line-numbers option so that inlined functions will display their nesting information. * Add --merge-notes options to objcopy to reduce the size of notes in a binary file by merging and deleting redundant notes. * Add support for locating separate debug info files using the build-id method, where the separate file has a name based upon the build-id of the original file. - GAS specific: * Add support for ELF SHF_GNU_MBIND. * Add support for the WebAssembly file format and wasm32 ELF conversion. * PowerPC gas now checks that the correct register class is used in instructions. For instance, "addi %f4,%cr3,%r31" warns three times that the registers are invalid. * Add support for the Texas Instruments PRU processor. * Support for the ARMv8-R architecture and Cortex-R52 processor has been added to the ARM port. - GNU ld specific: * Support for -z shstk in the x86 ELF linker to generate GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties. * Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties in the x86 ELF linker. * Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program properties in the x86 ELF linker. * Support for -z ibtplt in the x86 ELF linker to generate IBT-enabled PLT. * Support for -z ibt in the x86 ELF linker to generate IBT-enabled PLT as well as GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program properties. * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX. * Add support for ELF GNU program properties. * Add support for the Texas Instruments PRU processor. * When configuring for arc*-*-linux* targets the default linker emulation will change if --with-cpu=nps400 is used at configure time. * Improve assignment of LMAs to orphan sections in some edge cases where a mixture of both AT>LMA_REGION and AT(LMA) are used. * Orphan sections placed after an empty section that has an AT(LMA) will now take an load memory address starting from LMA. * Section groups can now be resolved (the group deleted and the group members placed like normal sections) at partial link time either using the new linker option --force-group-allocation or by placing FORCE_GROUP_ALLOCATION into the linker script. - Add riscv64 target, tested with gcc7 and downstream newlib 2.4.0 - Prepare riscv32 target (gh#riscv/riscv-newlib#8) - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] Minor security bugs fixed: PR 21147, PR 21148, PR 21149, PR 21150, PR 21151, PR 21155, PR 21158, PR 21159 - Update to binutils 2.28. * Add support for locating separate debug info files using the build-id method, where the separate file has a name based upon the build-id of the original file. * This version of binutils fixes a problem with PowerPC VLE 16A and 16D relocations which were functionally swapped, for example, R_PPC_VLE_HA16A performed like R_PPC_VLE_HA16D while R_PPC_VLE_HA16D performed like R_PPC_VLE_HA16A. This could have been fixed by renumbering relocations, which would keep object files created by an older version of gas compatible with a newer ld. However, that would require an ABI update, affecting other assemblers and linkers that create and process the relocations correctly. It is recommended that all VLE object files be recompiled, but ld can modify the relocations if --vle-reloc-fixup is passed to ld. If the new ld command line option is not used, ld will ld warn on finding relocations inconsistent with the instructions being relocated. * The nm program has a new command line option (--with-version-strings) which will display a symbol's version information, if any, after the symbol's name. * The ARC port of objdump now accepts a -M option to specify the extra instruction class(es) that should be disassembled. * The --remove-section option for objcopy and strip now accepts section patterns starting with an exclamation point to indicate a non-matching section. A non-matching section is removed from the set of sections matched by an earlier --remove-section pattern. * The --only-section option for objcopy now accepts section patterns starting with an exclamation point to indicate a non-matching section. A non-matching section is removed from the set of sections matched by an earlier --only-section pattern. * New --remove-relocations=SECTIONPATTERN option for objcopy and strip. This option can be used to remove sections containing relocations. The SECTIONPATTERN is the section to which the relocations apply, not the relocation section itself. - GAS specific: * Add support for the RISC-V architecture. * Add support for the ARM Cortex-M23 and Cortex-M33 processors. - GNU ld specific: * The EXCLUDE_FILE linker script construct can now be applied outside of the section list in order for the exclusions to apply over all input sections in the list. * Add support for the RISC-V architecture. * The command line option --no-eh-frame-hdr can now be used in ELF based linkers to disable the automatic generation of .eh_frame_hdr sections. * Add --in-implib= to the ARM linker to enable specifying a set of Secure Gateway veneers that must exist in the output import library specified by --out-implib= and the address they must have. As such, --in-implib is only supported in combination with --cmse-implib. * Extended the --out-implib= option, previously restricted to x86 PE targets, to any ELF based target. This allows the generation of an import library for an ELF executable, which can then be used by another application to link against the executable. - GOLD specific: * Add -z bndplt option (x86-64 only) to support Intel MPX. * Add --orphan-handling option. * Add --stub-group-multi option (PowerPC only). * Add --target1-rel, --target1-abs, --target2 options (Arm only). * Add -z stack-size option. * Add --be8 option (Arm only). * Add HIDDEN support in linker scripts. * Add SORT_BY_INIT_PRIORITY support in linker scripts. - Other fixes: * Fix section alignment on .gnu_debuglink. [bso#21193] * Add s390x to gold_archs. * Fix alignment frags for aarch64 (bsc#1003846) * Call ldconfig for libbfd * Fix an assembler problem with clang on ARM. * Restore monotonically increasing section offsets. - Update to binutils 2.27. * Add a configure option, --enable-64-bit-archive, to force use of a 64-bit format when creating an archive symbol index. * Add --elf-stt-common= option to objcopy for ELF targets to control whether to convert common symbols to the STT_COMMON type. - GAS specific: * Default to --enable-compressed-debug-sections=gas for Linux/x86 targets. * Add --no-pad-sections to stop the assembler from padding the end of output sections up to their alignment boundary. * Support for the ARMv8-M architecture has been added to the ARM port. Support for the ARMv8-M Security and DSP Extensions has also been added to the ARM port. * ARC backend accepts .extInstruction, .extCondCode, .extAuxRegister, and .extCoreRegister pseudo-ops that allow an user to define custom instructions, conditional codes, auxiliary and core registers. * Add a configure option --enable-elf-stt-common to decide whether ELF assembler should generate common symbols with the STT_COMMON type by default. Default to no. * New command line option --elf-stt-common= for ELF targets to control whether to generate common symbols with the STT_COMMON type. * Add ability to set section flags and types via numeric values for ELF based targets. * Add a configure option --enable-x86-relax-relocations to decide whether x86 assembler should generate relax relocations by default. Default to yes, except for x86 Solaris targets older than Solaris 12. * New command line option -mrelax-relocations= for x86 target to control whether to generate relax relocations. * New command line option -mfence-as-lock-add=yes for x86 target to encode lfence, mfence and sfence as "lock addl $0x0, (%[re]sp)". * Add assembly-time relaxation option for ARC cpus. * Add --with-cpu=TYPE configure option for ARC gas. This allows the default cpu type to be adjusted at configure time. - GOLD specific: * Add a configure option --enable-relro to decide whether -z relro should be enabled by default. Default to yes. * Add support for s390, MIPS, AArch64, and TILE-Gx architectures. * Add support for STT_GNU_IFUNC symbols. * Add support for incremental linking (--incremental). - GNU ld specific: * Add a configure option --enable-relro to decide whether -z relro should be enabled in ELF linker by default. Default to yes for all Linux targets except FRV, HPPA, IA64 and MIPS. * Support for -z noreloc-overflow in the x86-64 ELF linker to disable relocation overflow check. * Add -z common/-z nocommon options for ELF targets to control whether to convert common symbols to the STT_COMMON type during a relocatable link. * Support for -z nodynamic-undefined-weak in the x86 ELF linker, which avoids dynamic relocations against undefined weak symbols in executable. * The NOCROSSREFSTO command was added to the linker script language. * Add --no-apply-dynamic-relocs to the AArch64 linker to do not apply link-time values for dynamic relocations. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1971=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1971=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1971=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1971=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1971=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1971=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1971=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1971=1 - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1971=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.29.1-9.20.2 binutils-debugsource-2.29.1-9.20.2 binutils-devel-2.29.1-9.20.2 cross-ppc-binutils-2.29.1-9.20.2 cross-ppc-binutils-debuginfo-2.29.1-9.20.2 cross-ppc-binutils-debugsource-2.29.1-9.20.2 cross-spu-binutils-2.29.1-9.20.2 cross-spu-binutils-debuginfo-2.29.1-9.20.2 cross-spu-binutils-debugsource-2.29.1-9.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le x86_64): binutils-gold-2.29.1-9.20.2 binutils-gold-debuginfo-2.29.1-9.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.29.1-9.20.2 binutils-debugsource-2.29.1-9.20.2 binutils-devel-2.29.1-9.20.2 cross-ppc-binutils-2.29.1-9.20.2 cross-ppc-binutils-debuginfo-2.29.1-9.20.2 cross-ppc-binutils-debugsource-2.29.1-9.20.2 cross-spu-binutils-2.29.1-9.20.2 cross-spu-binutils-debuginfo-2.29.1-9.20.2 cross-spu-binutils-debugsource-2.29.1-9.20.2 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le x86_64): binutils-gold-2.29.1-9.20.2 binutils-gold-debuginfo-2.29.1-9.20.2 - SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64): binutils-2.29.1-9.20.2 binutils-debuginfo-2.29.1-9.20.2 binutils-debugsource-2.29.1-9.20.2 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): binutils-2.29.1-9.20.2 binutils-debuginfo-2.29.1-9.20.2 binutils-debugsource-2.29.1-9.20.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): binutils-2.29.1-9.20.2 binutils-debuginfo-2.29.1-9.20.2 binutils-debugsource-2.29.1-9.20.2 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): binutils-2.29.1-9.20.2 binutils-debuginfo-2.29.1-9.20.2 binutils-debugsource-2.29.1-9.20.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): binutils-2.29.1-9.20.2 binutils-debuginfo-2.29.1-9.20.2 binutils-debugsource-2.29.1-9.20.2 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): binutils-2.29.1-9.20.2 binutils-debuginfo-2.29.1-9.20.2 binutils-debugsource-2.29.1-9.20.2 - OpenStack Cloud Magnum Orchestration 7 (x86_64): binutils-2.29.1-9.20.2 binutils-debuginfo-2.29.1-9.20.2 binutils-debugsource-2.29.1-9.20.2 References: https://www.suse.com/security/cve/CVE-2014-9939.html https://www.suse.com/security/cve/CVE-2017-12448.html https://www.suse.com/security/cve/CVE-2017-12450.html https://www.suse.com/security/cve/CVE-2017-12452.html https://www.suse.com/security/cve/CVE-2017-12453.html https://www.suse.com/security/cve/CVE-2017-12454.html https://www.suse.com/security/cve/CVE-2017-12456.html https://www.suse.com/security/cve/CVE-2017-12799.html https://www.suse.com/security/cve/CVE-2017-13757.html https://www.suse.com/security/cve/CVE-2017-14128.html https://www.suse.com/security/cve/CVE-2017-14129.html https://www.suse.com/security/cve/CVE-2017-14130.html https://www.suse.com/security/cve/CVE-2017-14333.html https://www.suse.com/security/cve/CVE-2017-14529.html https://www.suse.com/security/cve/CVE-2017-14729.html https://www.suse.com/security/cve/CVE-2017-14745.html https://www.suse.com/security/cve/CVE-2017-14974.html https://www.suse.com/security/cve/CVE-2017-6965.html https://www.suse.com/security/cve/CVE-2017-6966.html https://www.suse.com/security/cve/CVE-2017-6969.html https://www.suse.com/security/cve/CVE-2017-7209.html https://www.suse.com/security/cve/CVE-2017-7210.html https://www.suse.com/security/cve/CVE-2017-7223.html https://www.suse.com/security/cve/CVE-2017-7224.html https://www.suse.com/security/cve/CVE-2017-7225.html https://www.suse.com/security/cve/CVE-2017-7226.html https://www.suse.com/security/cve/CVE-2017-7227.html https://www.suse.com/security/cve/CVE-2017-7299.html https://www.suse.com/security/cve/CVE-2017-7300.html https://www.suse.com/security/cve/CVE-2017-7301.html https://www.suse.com/security/cve/CVE-2017-7302.html https://www.suse.com/security/cve/CVE-2017-7303.html https://www.suse.com/security/cve/CVE-2017-7304.html https://www.suse.com/security/cve/CVE-2017-7614.html https://www.suse.com/security/cve/CVE-2017-8392.html https://www.suse.com/security/cve/CVE-2017-8393.html https://www.suse.com/security/cve/CVE-2017-8394.html https://www.suse.com/security/cve/CVE-2017-8395.html https://www.suse.com/security/cve/CVE-2017-8396.html https://www.suse.com/security/cve/CVE-2017-8397.html https://www.suse.com/security/cve/CVE-2017-8398.html https://www.suse.com/security/cve/CVE-2017-8421.html https://www.suse.com/security/cve/CVE-2017-9038.html https://www.suse.com/security/cve/CVE-2017-9039.html https://www.suse.com/security/cve/CVE-2017-9040.html https://www.suse.com/security/cve/CVE-2017-9041.html https://www.suse.com/security/cve/CVE-2017-9042.html https://www.suse.com/security/cve/CVE-2017-9043.html https://www.suse.com/security/cve/CVE-2017-9044.html https://www.suse.com/security/cve/CVE-2017-9746.html https://www.suse.com/security/cve/CVE-2017-9747.html https://www.suse.com/security/cve/CVE-2017-9748.html https://www.suse.com/security/cve/CVE-2017-9750.html https://www.suse.com/security/cve/CVE-2017-9755.html https://www.suse.com/security/cve/CVE-2017-9756.html https://www.suse.com/security/cve/CVE-2017-9954.html https://www.suse.com/security/cve/CVE-2017-9955.html https://bugzilla.suse.com/1003846 https://bugzilla.suse.com/1025282 https://bugzilla.suse.com/1029907 https://bugzilla.suse.com/1029908 https://bugzilla.suse.com/1029909 https://bugzilla.suse.com/1029995 https://bugzilla.suse.com/1030296 https://bugzilla.suse.com/1030297 https://bugzilla.suse.com/1030298 https://bugzilla.suse.com/1030583 https://bugzilla.suse.com/1030584 https://bugzilla.suse.com/1030585 https://bugzilla.suse.com/1030588 https://bugzilla.suse.com/1030589 https://bugzilla.suse.com/1031590 https://bugzilla.suse.com/1031593 https://bugzilla.suse.com/1031595 https://bugzilla.suse.com/1031638 https://bugzilla.suse.com/1031644 https://bugzilla.suse.com/1031656 https://bugzilla.suse.com/1033122 https://bugzilla.suse.com/1037052 https://bugzilla.suse.com/1037057 https://bugzilla.suse.com/1037061 https://bugzilla.suse.com/1037062 https://bugzilla.suse.com/1037066 https://bugzilla.suse.com/1037070 https://bugzilla.suse.com/1037072 https://bugzilla.suse.com/1037273 https://bugzilla.suse.com/1038874 https://bugzilla.suse.com/1038875 https://bugzilla.suse.com/1038876 https://bugzilla.suse.com/1038877 https://bugzilla.suse.com/1038878 https://bugzilla.suse.com/1038880 https://bugzilla.suse.com/1038881 https://bugzilla.suse.com/1044891 https://bugzilla.suse.com/1044897 https://bugzilla.suse.com/1044901 https://bugzilla.suse.com/1044909 https://bugzilla.suse.com/1044925 https://bugzilla.suse.com/1044927 https://bugzilla.suse.com/1046094 https://bugzilla.suse.com/1052061 https://bugzilla.suse.com/1052496 https://bugzilla.suse.com/1052503 https://bugzilla.suse.com/1052507 https://bugzilla.suse.com/1052509 https://bugzilla.suse.com/1052511 https://bugzilla.suse.com/1052514 https://bugzilla.suse.com/1052518 https://bugzilla.suse.com/1053347 https://bugzilla.suse.com/1056312 https://bugzilla.suse.com/1056437 https://bugzilla.suse.com/1057139 https://bugzilla.suse.com/1057144 https://bugzilla.suse.com/1057149 https://bugzilla.suse.com/1058480 https://bugzilla.suse.com/1059050 https://bugzilla.suse.com/1060599 https://bugzilla.suse.com/1060621 https://bugzilla.suse.com/1061241 https://bugzilla.suse.com/437293 https://bugzilla.suse.com/445037 https://bugzilla.suse.com/546106 https://bugzilla.suse.com/561142 https://bugzilla.suse.com/578249 https://bugzilla.suse.com/590820 https://bugzilla.suse.com/691290 https://bugzilla.suse.com/698346 https://bugzilla.suse.com/713504 https://bugzilla.suse.com/776968 https://bugzilla.suse.com/863764 https://bugzilla.suse.com/938658 https://bugzilla.suse.com/970239